Year: 2016

June 14, 2016 Leave a Comment
Avatar

BCE Parting Shots

May was a busy month for trade shows and industry events. So much so, that keynote after keynote, session after session began to blur together. Given the event filled month, I find myself thinking about some events more than others. In particular, I want to take the opportunity to take another look at the Big Communications Event (BCE). It may be a little bit of armchair quarterbacking on my part, but time often adds clarity. There are a few moments from BCE that definitely deserve another look.

The Big Communications Event was a much more intimate event than the likes of Mobile World Congress or the Consumer Electronic Show (The Heavy Reading staff tells us that around 1,100 people attended BCE at the Austin Convention Center this year). Nevertheless, I thought the show’s agenda was very well thought-out, peppered with interesting topics and speakers. In addition, there was an industry awards ceremony and a very relevant NFV Interop demo on display. The venue was nicely suited for the audience and conducive to walking between hotels, restaurants and the convention itself. Cisco had a total of seven speakers in attendance, ranging from keynotes to panelists, including yours truly. But this isn’t about me. I want to point out two other panels that really stood out!feature image

One of these panelist sessions included my colleague Lauren Cooney; “Data Centers and Cloud Services: Using Open Source: A Reality Check.” And with a title like that my initial expectations were set pretty low. Much to my chagrin, the panel turned out to be much better than the title, I’d even go as far as to say that this panel should have been a keynote. Attending this one session was worth the price of admission alone. The panel was comprised of key members from the open source community, including Mark Collier, COO of the Openstack Foundation, Heather Kirksey, Director OPNFV, and Dan Pitt, Executive Director of the Open Networking Foundation (ONF) offered perspectives on how these three organizations have worked together on projects of differing sizes and scopes. Randy Nicklas, EVP of Windstream provided insight into how service providers are approaching the challenges and opportunities of using Open Source in real world applications. And Lauren Cooney discussed implementing Open Source from a vendor perspective.

Some of the takeaways from the Open Source panel were predictable – like the notion that service providers may not be as well positioned to write software, as compared to other groups like web providers. Larger telcos seem to have a bigger appetite to take on an Open Source project than smaller players with fewer software resources.

What the Open Source panel did offer me was insight into how Open Source network software is being developed. For instance, I wasn’t as familiar with the linkages between Open Source, OPNFV, and ONF. I didn’t realize that Open Source software projects are run as a meritocracy with the largest contributors having the greatest influence over the project outcomes. Several examples about how projects with highly diverse teams and common goals generally have the greatest impact. For more perspective on the panel, Mitch Wagner of LightReading put out a good article based on some of the panel discussion titled, “Cisco looks to Open Source for Badder Ass Internet” (the title alone makes you want to read it).

The other highlight of BCE that sticks out in my mind is the NFV Interop conducted by the New IP Agency (NIA). This one requires less description. NFV isn’t new, however many operators are still in trials and early implementations of NFV. Determining what works, what works well, and what simply does not work as promised is a continuous challenge for service providers looking to modernize their operations. To help navigate emerging NFV technologies the NIA has taken a leadership role in interop testing of NFV as stated in Iain Moriss article “NIA Replacing ‘Old Standards Bodies,’ Says Cisco.” – and in reality it’s more than just Cisco saying this. With every big change comes concern. This is one to keep an eye on. I also want to thank Babu Peddu who came to BCE to setup the Cisco NFV demo in the NIA interop space. Interop testing always holds a few surprises!

Open Source software and NFV Interop are two items that may have run a little under your radar. I hope this blog brings those two topics back to the surface.

Authors

Avatar

Greg Nehib

Senior Marketing Manager

SP Infrastructure

Leave a Comment
Avatar

Microsoft Patch Tuesday – June 2016

This post was authored by Warren Mercer.

Patch Tuesday for June 2016 has arrived where Microsoft releases their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 16 bulletins addressing 44 vulnerabilities. Five bulletins resolve critical vulnerabilities found in MS DNS Server, Edge, Internet Explorer, JScript/VBScript, and Office. The remaining bulletins are rated important and address vulnerabilities in Active Directory, Exchange Server, Group Policy, SMB Server, Netlogon, Windows Graphics component, Windows Kernel-mode Drivers, Windows PDF, Window Search Component, and WPAD.

Bulletins Rated Critical

Microsoft bulletins MS16-063 and MS16-068 through MS16-071 are rated as critical in this release.

MS16-063 and MS16-068 are this month’s bulletins for Microsoft Internet Explorer and Edge browsers. The IE security bulletin addresses vulnerabilities in Internet Explorer versions 9, 10, & 11. The IE bulletin covers 10 vulnerabilities in total and resolves eight memory corruption bugs, seven of which are critical, a XSS filter vulnerability, and a WPAD vulnerability. The Edge bulletin addresses eight vulnerabilities, consisting of four memory corruption bugs, two information disclosure, one security feature bypass and a PDF remote code execution vulnerability.

Read More >>

Authors

Avatar

Talos Group

Talos Security Intelligence & Research Group

Leave a Comment
Avatar

#CiscoChampion Radio, S3|Ep. 16: Acano

#CiscoChampion Radio is a podcast series by Cisco Champions as technologists. Today we’re discussing Acano.

Cisco Champion 2016Get the Podcast

  • Listen to this episode
  • Download this episode (right-click on the episode’s download button)
  • View this episode in iTunes

Cisco Guests
Angela Murphy (@angelaangemurp), Acano Marketing
Jennifer Kang (@jenkang9), Acano Marketing
Albert Amparan, Acano Technical Marketing Engineer

Cisco Champion Hosts
Josh Warcop (@Warcop), Senior Consultant
Sebastian Leuser (@sleuser), System Engineer
Bernhard Aalbler (@FRINK_AS), Collaboration Engineer

Moderator
Brandon Prebynski (@prebynski)

Continue reading “#CiscoChampion Radio, S3|Ep. 16: Acano”

Authors

Avatar

Brandon Prebynski

Leave a Comment
Avatar

Statement of Cisco’s VP of Government Affairs Jeff Campbell on DC Circuit’s Net Neutrality Ruling

“Cisco is disappointed in the DC Circuit’s decision to uphold the FCC’s open Internet rules.

We believe in an open Internet and that balanced rules to protect consumers and prevent anti-competitive behavior are necessary and appropriate.  But uncertain regulation under Title II, as provided for by the FCC and upheld by this court, diminishes the enthusiasm for new investments in broadband networks and limits new innovation and business models.

This is particularly true at a time when the Internet continues to evolve and innovative new services are coming to market every day, including Internet of Things technologies, telemedicine, distance learning, emergency services, and mobile 5G.

One bright spot. The FCC rules do recognize that the open internet rules are not appropriate for enterprise networks and specialized services. This will enable new services to obtain the quality of service needed to foster innovation in these areas, and we anticipate that entrepreneurs will explore both of these options going forward.

The discussion over these issues is not going away because the Internet ecosystem continues to evolve at an unprecedented pace. Policymakers need to remain focused on ensuring that these rules support the development of new technologies and business models.”

Authors

Avatar

Jeff Campbell

Senior Vice President & Chief Government Strategy Officer

Government Affairs and Public Policy

Leave a Comment
Avatar

Advanced Malware Evasion Techniques HTTP-Evader

Malware doesn’t play by the rules, so today’s IT infrastructure needs to provide several layers of defense for end-users.  Some of the more common devices used to protect modern networks are Intrusion Prevention systems (IPS) and Firewalls. In recent years, there has been a lot of research on how evasion techniques bypass Intrusion Prevention systems (IPS) and firewall protections. It is important to understand the effects these evasion techniques have on the security posture of an organization and the layers required to continuously protect against them.

One common evasion technique happens when firewalls do not extract payload types from HTTP connections. When this occurs, malware goes undetected and passes directly to the end-user leaving no trace and making it difficult for the security staff to detect. This is a dangerous situation and has been demonstrated in research by Steffen Ullrich of HTTP-Evader – http://noxxi.de/research/http-evader.html.

Motivated cyber attackers use another evasion technique such as splitting malicious payloads into smaller packets or hide within legitimate applications. After the fragmented traffic bypasses the security detection system, the malware is reassembled and may begin sending sensitive data out of the network. These techniques are often referred to as fragmentation and obfuscation techniques, which may bypass firewall and IPS devices by delivering them across multiple or obscure protocols.

As Malware defense measures evolve, so will malware circumvention. Malware detection techniques need constant attention to control and mitigate potential attacks. A multi-layered security infrastructure is the best approach to guard against such attacks. Security control programs that evolve, learn and adapt to new attacks and techniques will be essential to remain ahead of these cyber-security threats. One such offering is the Cisco Advanced Malware Protection solution, http://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/advanced-malware-protection/solution-overview-c22-734228.html

Cisco PSIRT continuously works with product teams and the wider industry to analyze the impact security threats have on our entire security suite of products and we release security information in accordance with our Security Vulnerability Policy, available at: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html

Authors

Avatar

John Klimarchuk

PSIRT Incident Manager

Security Research and Operations

2 Comments
Avatar

Petals of Data Can Move a Country

Recently I talked about the dance of the decade for IT and broader industries, in which we use a value-chain approach to sense and act on data in order to turn insights into transformative value for your business.

If businesses can create value that way, would it be a stretch for governments to make data dance for their citizens? Can we use data to move a country in a positive direction? To do that, the choreographed steps are the same whether for enterprises or for governments: access and analyze data anywhere, orchestrate action by connecting applications and business processes to act on data, and use those insights to engage people with interactive experiences.

The Power to Move a Country

Cisco has been working with countries and governments for many years to help them bring value from connecting people, data and things and accelerate country digitization. Recently, Cisco announced a $500 million investment over the next three years to accelerate digitization in Germany, a country with a $4 trillion Gross Domestic Product and six percent of the Gross World Product.

Can data move Germany? Can Germany make data dance to its tune? Big Data is powerful enough to move a country even that size. We can use data to quantify Germany’s well-being, as seen from the Organisation for Economic Co‑operation and Development (OECD) data that quantifies the country on several well-being attributes such as housing, jobs, education, health, environment and civic engagement. This powerful visualization of the data lets you decide the direction you want to move that attribute, and start a plan to achieve the outcomes you want.

Depicted below is Germany’s well-being in living color as a flower chart, with each petal depicting one of the well-being attributes.HARI Image 1

Using Data to Quantify a Country’s Well-Being

 

We can pinpoint the data for specific cities: For example, consider Berlin, recently announced to become a “Smart City” in partnership with Cisco. We look at what’s scoring high in Berlin, and what isn’t. We also note what’s correlated (such as jobs and income), and plan how to take action based on this.

In addition to correlating the petals for Berlin and deriving insights, we can compare Berlin to other cities to help us learn more. Maybe a different city is achieving similar results at half the cost. So we could consider what actions they are taking to get to the same outcome more efficiently.

Hari Image 2

Comparing Outcomes Among Cities to Gain Insights

From Cisco’s experience working with cities and countries, we’ve seen governments benefit by focusing on two areas to take action from data:

  • Government operations: Is the city doing its job with operations that are running effectively?
  • Citizen services: Are the citizens engaged? Can the government provide them with better services?

When you marry the two together – optimized government operations, and improved citizen services – you get a winning combination that screams digital cities.

This looks so good and easy to achieve on paper. So why is it so hard to do? The challenge is the nature of city departments to work in silos as they run the city. Everything from parking and traffic management to garbage collection to public safety and city lighting run independently of each other with minimal linkages.

Hari Image 3

City Departments in Silos Don’t Share Data and Insights

Breaking Down Silos

The by-products of departments not sharing information are inefficiency, ineffectiveness and cost. The solution is to break down the silos by using a data value chain approach shown below as a virtual, unifying framework, so departments share information with each other and act on the insights they learn.

Hari Image 4

Data Value Chain: Access Data from Everywhere, Analyze and Act Anywhere

For example, when public safety and city lighting departments share data, you can analyze whether crime is correlated with lack of lighting, and use that insight to take relevant action.

Integrating data and applications to connect and orchestrate processes among the different city departments is part of the data value chain that can open up new possibilities for cities to improve their services.

Hari Imaage 5

 

Break Down Boundaries with Data Value Chains: Access, Analyze, Orchestrate, and Engage

Individual departments can unlock value from hyper-distributed data and produce benefits that extend beyond their own departmental boundaries. Let’s look at waste management in particular.

Taking Out the Garbage

As cities and countries introduce more types of recycling, the complexity of waste management grows. A data value chain combined with the Internet of Things can reduce the expense and complexity of waste management. A wireless M2M sensor in the trash can lid measures how full the container is, and transmits the data to an application that plans waste pick-up routes and frequency.  In fact, a compelling reason we connect things to make an Internet of Things is to create data value chains!

In Barcelona alone, more than $4 billion in savings is expected in the next 10 years, due to the adoption of IoT-aided waste management technology. More benefits result, as fewer trips by garbage trucks also mean less traffic congestion and fewer pollutants released into the air. Digital engagement through a citizen service portal can allow residents to make requests and provide feedback to ultimately improve the service experience.

Don’t let today’s avalanche of data intimidate you. Using powerful visualization approaches like the flower chart, you can move your country by starting with just one petal. Once you decide on how that petal needs to transform, you turn the big data into small data by applying the data value chain approach and turning that data into action and collaborative processes.

Data can move a country after all.

Learn more about data value chains by listening to my recorded session from Cisco Live Berlin. https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=89470&backBtn=true#.VtiOmueOKyI.gmail

Learn more about Cisco’s Analytics and Automation Software Portfolio:

http://www.cisco.com/go/analytics-automation-software

Authors

Avatar

Hari Harikrishnan

Vice President

Application Platforms Group

3 Comments
Avatar

Planes, trains, and automobiles – if it’s on your network, Cisco ISE can see it

Planes, trains, and automobiles – if it’s on your network, Cisco ISE can see it in minutes and control its access dynamically at scale.

Networks are increasingly distributed and more devices are connecting to your network every day. Research finds that 300 billion devices will be connected to the Internet by 2030, up from 50 billion in 2020. IoT devices will account for the vast majority, while traditional computing devices – smartphones, tablets, smartwatches – many of which are employee-owned, will comprise the minority.

Organizations are adding one-point solution after another to protect a dynamic environment. Meanwhile, attackers are trading on an expanding attack surface and mounting complexity to make a quick profit.

Cisco is committed to helping organizations cut through this complexity and regain the upper hand against advanced attacks with security that’s effective and simple. Cisco Identity Services Engine (ISE) 2.1 allows you to control all access throughout the network from one place, see and share rich user and device details, and stop threats from getting in or spreading.

Announcing Cisco ISE 2.1

Cisco ISE simplifies secure access, increases visibility, reduces risk, and contains threats.

A Single Source of Control for All Access Across the Network

Easy Connect. Simplify network access authorization from any endpoint – wired or wireless – whether or not the device supports 802.1x. This quick, easy, and flexible method is particularly important in wired connections where authentication using 802.1x may not be an option or easy to deploy on every device. When users disconnect they can easily reconnect with the same IP address without having to login again.

See and Share Rich User and Device Detailsise-Picture1

Streamlined Visibility. Quickly and easily learn about every device and user connected to your network in just a few hours. A streamlined visibility wizard provides you with everything you need to know about corporate, BYOD and guest devices in just a few clicks. A simple, flexible, and intuitive dashboard delivers detailed visibility and context – more than 50 different attributes, on up to 1.5 million endpoints – to determine policy violations and threats.

Stop Threats from Getting in and Spreading

Rapid Threat Containment. Firepower Management Center (FMC) 6.1 is now integrated with ISE 2.1 allowing you to automatically and dynamically contain and prevent threats from spreading further into the network using your existing investments. When a threat does infiltrate the network you can combine the power of advanced malware detection and enforcement with ISE 2.1 to reduce risk – stopping attackers from accomplishing their mission.

ise-Picture2

Threat-Centric NAC. As another component of the Cisco Rapid Threat Containment solution, ISE now automatically assesses the security posture of every endpoint as it connects to the network based on real-time threat scores. Quarantine or provide limited network access for endpoints based on thresholds you set. Dynamically update policy and change network privileges if an endpoint becomes non-compliant or its threat score changes. Let’s say for example an employee downloads a malicious file when off the corporate network and tries to re-enter that network. Now instead of just analyzing whether the endpoint is compliant with the necessary anti-virus and patched operating systems, ISE dynamically receives information from products like Cisco AMP that inform ISE that this endpoint has downloaded a malicious file and indicates to ISE that this endpoint should NOT be given its normal level of access. This is yet another example of how Cisco is enabling an integrated, automated security architectures.

To learn more about how ISE can simplify secure access and reduce risk for your organization, visit cisco.com/go/ise.

Authors

Avatar

Dan Stotts

Former Product Marketing Manager, Cisco

Security Product Marketing Organization

Leave a Comment
Avatar

Not Everything Stays in Vegas!

It is nearly impossible to miss the business transformation taking place in every organization.  Multiple industry trends are combining to create a perfect storm where IT organizations need to manage almost constantly changing diversity and explosion of applications, workload locations and users.   Traditional IT departments used to residing safely behind their technology silos simply can’t keep up.   There is really no discussion anymore — it is clear that organizations need to evolve towards an as-a-service model.

I believe you would agree, there is a lot of confusing messaging out there so where do you begin?

Glad you asked!

CiscoLive is just around the corner and it is a perfect opportunity for you to come to sessions on a wide range of topics and see solutions live.   At this event, there are diverse opportunities to understand how to transform your business as well as deliver agility to IT through solutions such as analytics, automation, cloud and collaboration.   Here is just a sampling of sessions you could attend:

  •  mandalay-bay-convention-centerBuilding out your Data Center & Cloud Strategy
  •  Cloud agnostic applications with Cisco CloudCenter (CliQr)
  •  Automate your Data Center with UCS Director
  •  Security in the Hybrid Cloud

Looking into the future:

  • Next Generation Data Center – Automation, Analytics & Orchestration
  • Next Generation Data Center – Path to Cloud

Join us in Vegas.    The good news is that the intelligence you gain can go back to the office with you to begin the transformation process in your organization.

To browse the session offerings, click here.

Authors

Avatar

Joann Starke

No Longer with Cisco

71 Comments
Avatar

Closing the talent gap to secure the future: Cisco rolls out $10 million cybersecurity scholarship

Finding – and keeping – the cybersecurity talent required for today’s digital economy is a serious challenge. And it’s getting worse. Here at Cisco, we’re perpetually hearing from employers and hiring managers about their struggles with the growing cybersecurity skills gap. How bad is it? Well, the RSA Conference and ISACA’s State of Cybersecurity: Implications for 2015 report found that more than half of the global professionals surveyed said that fewer than 25 percent of cybersecurity applicants were qualified to perform the tasks necessary for the job.

Any entity with an online presence is faced with a two-fold problem: Cyber criminals are rapidly proliferating and their tactics are evolving, but businesses don’t have the skilled individuals they need to anticipate vulnerabilities and lock down security. To make matters worse, technology changes rapidly, often leaving IT professionals without the advanced skills necessary to protect their companies. Imagine what those vulnerabilities can do to undermine not only businesses, but also municipalities, military installations, government agencies, and other entities.

This conundrum weighs heavily on chief information security officers and other IT executives. But isn’t it time to stop thinking of cybersecurity as just an IT issue? In fact, it’s an issue that directly affects every part of the enterprise. Every organization today needs trained security operations professionals who can monitor, identify, isolate, and proactively mitigate threats in real time. But finding the qualified talent for such a critical role can quickly become a full-time job itself.

Cybersecurity Is a Business Issue

We hear about these growing concerns from our customers all the time. And news stories tell us about the growing number of data breaches almost every day, leaving companies and their customers at the mercy of criminals. Often, it can seem like these criminals are winning the cybersecurity war.

But we have a way to outsmart them. Cisco is introducing a new Global Cybersecurity Scholarship program and enhancing its security certification portfolio. Cisco will invest  $10 million over a two-year period, to establish a scholarship program with the specific goal of increasing the cybersecurity talent pool. Through the program, Cisco will offer training, mentoring, and certification aligned with the Security Operations Center Analyst role.

Additionally, Cisco will be working with a comprehensive variety of organizations to leverage this scholarship as a platform to spur career interest and jump-start their employees’ careers in cybersecurity. This includes diversity organizations, veterans’ groups, and early-in-career audiences.

Updates to the Certification Portfolio: Good for Business, Good for Employees

Coupled with the scholarship launch is the introduction of the new Cisco Certified Network Associate (CCNA) Cyber Ops certification. It assesses individuals on the skills needed to assist with monitoring IT security systems, detecting cyber-attacks, gathering and analyzing evidence, correlating information, and coordinating responses to cyber incidents.

Through this program, learners entering the tech field will acquire a skill set that’s in extraordinarily high demand from companies in every industry. This is a boon to both individual learners as well as organizations.

Additionally, we’re introducing a revision to our existing Cisco Certified Internetwork Expert (CCIE) Security certification. The updates address the new skills and education IT professionals at the expert level require to successfully address emerging and evolving technologies. For example, the updated curriculum includes assessments on the latest security technologies, including Advanced Threat Protection, Advanced Malware Protection, Next-Generation IPS, Virtualization, Automation, and Information Exchange. It also includes a new assessment approach to help ensure that candidates demonstrate knowledge and skills with Network Programmability, Cloud, and Internet of Things (IoT).

For their part, companies can hire from this fresh talent pool while also electing to reskill existing IT employees, conferring significantly enhanced value on workers who already know a company’s culture, infrastructure, and IT landscape.

Looking Ahead

Online users are generating massive quantities of data at a staggering pace, and an exponential number of connected devices are being added every day. We’re dealing with more complexity as well. In fact, in the IoT, devices are automatically creating 277 times more data than individuals are creating. Where we used to talk in terms of megabytes and gigabytes, the industry is now managing petabytes and zettabytes – orders of magnitude greater than anything we’ve managed before. And it’s still growing!

As we think about this new world and the continuous creation of interwoven systems, we are realizing that a new level of trust is required.

We must trust the systems that manage and process the data, the people and partners who access the data, and the systems, controls, fundamental technologies, and processes that protect the data. It’s increasingly clear that the entire online industry must do its part to train workers, helping them acquire the critical skills necessary to secure the Internet of Things.

By launching this new scholarship program, Cisco is playing a significant leadership role, helping the industry meet the current and future challenges of network security. In fact, Cisco is offering a practical and valuable solution to address the global shortage of highly-trained IT security experts.

For additional insights about the Global Cybersecurity Scholarship, check out the video below, where David Goeckeler — Senior Vice President and General Manager of Cisco’s Networking and Security Business Group — and Jeanne Beliveau-Dunn, Vice President and General Manager, Cisco Services discuss the scholarship.

 

https://www.youtube.com/watch?v=L2iCDFfKce0

 

For more information about the scholarship program, go to:

For more information about Cisco’s security certifications, go to:

 

Authors

Avatar

Tejas R Vashi

Senior Director, Product Strategy & Marketing

Learning@Cisco, Cisco Services