Year: 2016

November 16, 2016 Leave a Comment
Avatar

Improving Public Safety through Digital Transformation

Today, cities are experiencing population growth and socioeconomic and political shifts that change the requirements necessary for protecting residents, physical infrastructure and city data. Public safety is a highly visible metric for which city officials are judged on quality of leadership and as a platform for reelection. But the ability to protect and serve the community also contributes to attracting trade, investment, commerce and talent, which are all vital to quality of life. Now, more so than ever, city and community leaders are looking for innovative ways to address ever-evolving challenges, while keeping people safe and maintaining sustainable, successful growth.

There are many factors and stakeholders to consider when transforming public safety and security. Different agencies, departments, critical infrastructure elements, businesses and people are greatly affected by changes in attempts to improve public safety. And from a technology perspective, the matter can be further complicated. A comprehensive approach to a public safety solution is necessary for proactive management and effective response.

We recently announced the Smart+Connected Digital Platform, a unifying, cloud-based tool that provides a centralized mechanism for addressing the need to manage streams of data in a reliable, secure and effective way. This allows cities to capture, analyze and share data across various organizations, across sectors and with residents, visitors and businesses—opening up new possibilities to enable each city’s unique digital transformation vision.

https://www.youtube.com/watch?v=BN-NfmC_BuQ&list=PLEE1CB50148EBA975&index=1

With the Smart+Connected Digital Platform, Cisco and its partners are changing the game. The collaboration with the certified public safety ecosystem partners brings new and improved capabilities to be integrated into the platform for both unique and cross-domain analysis. The platform ecosystem is robust and growing. Deployments from around the world are including global and local partners per the call of and catered to the particular goals of each city.

The platform integrates smart video surveillance, enables automated alerting and connects agencies for faster and more effective emergency response. This helps to reduce crime, optimize resources and allows public safety officials to proactively manage threats and better coordinate in wake of disaster. Predictive, cross-correlated analytics help to better plan, heighten situational awareness and enhance collaboration in a traditionally fragmented market. Safer streets and neighborhoods mean residents, local businesses and visitors all have an improved community experience that contributes to the overall attractiveness and well-being of the city. For example in India, Jaipur Development Authority (JDA) is transforming its public safety apparatus to move further toward its smart, digital city vision.

Already, the feedback from customers and partners is powerful. Not only do these innovations make it easier and more affordable for cities to approach innovative change, but the true and lasting positive impact to people and communities is what makes it all worthwhile.

Authors

Avatar

Cecile Willems

Director, Global Public Sector

Global Sales Organization

2 Comments
Avatar

The Case for Next-Gen Intrusion Prevention to Protect Digital Business

Today’s digital economy is growing at a phenomenal rate. All modes of commerce from entertainment to finance and retail have moved on-line. You name it; there is an on-line business for it. Not only does selling occur on-line, businesses run their operations online and virtually with cloud-based providers such as Microsoft Azure, Amazon Web Services, and others. With so much mission critical infrastructure outside of your network, how can you ensure that your business is secure?

We see in the press daily that global cyber crime is skyrocketing. A massive DDoS cyber attack on October 21st affected 6% of Fortune 500 companies proving how fragile the digital economy is.  Political hacktivism played a major role in this year’s presidential election. Ransomware is now a top concern for business of all types and sizes.  It’s no secret that cyber criminals have the resources, expertise, and persistence to infiltrate and disrupt our businesses at any time. As attackers become more sophisticated, they exploit new attack vectors where traditional defenses are no longer effective.

So what can you do?

Today’s complex networks demand a robust threat detection and containment approach. Safeguarding your network assets and data from today’s threats requires detailed visibility into all your network layers, content and resources no matter where they are deployed. It requires comprehensive and up-to-date security intelligence at the ready – combined with a dynamic approach that uses automation to quickly adapt to new threats, new vulnerabilities, and everyday network changes.

Prevailing Wisdom:

Security and IT professionals alike often unknowingly accept that with the widespread availability of next-generation firewalls, dedicated intrusion prevention systems are no longer necessary. The inclusion of IPS functionality in NGFWs has made them the simpler, go-to choice for many small to medium-sized organizations. But for more sophisticated organizations, the decision is not so clear-cut.

IPS functionality embedded in many firewalls and UTMs is not as comprehensive as best-of-breed IDS/IPS solutions. Instead, some firewalls incorporate a subset of capabilities lacking in efficacy, functionality and performance available with dedicated NGIPS solutions. Many organizations with stringent security requirements may find they are best served by deploying both a firewall and an NGIPS to meet their needs. We’ll explore these use cases in a future post, but first let’s learn more about what an NGIPS is and how it differs from typical NGFW capabilities.

The Solution: Dedicated NGIPS

There are a number of reasons to add a physical or virtual NGIPS appliance to your security architecture.

  • Performance; First and foremost, enabling IPS functions can impose considerable performance degradation on edge-deployed firewalls. This impact can be significant – as high as 90% – which likely is unacceptable to the business. An NGIPS is architected for deep packet inspection without disrupting traffic. An NGIPS can also typically sustain higher inspection throughput rates – what good is threat protection if it conks out when network demand is highest?
  • Placement: A well-designed NGIPS can provide visibility, threat detection and response, and malware discovery in areas of your network that remain unavailable to firewall inspection and controls. An NGIPS can be deployed easily throughout the network core, within virtualized data centers, and at the cloud. The more points of presence, the better the visibility and the earlier threats can be detected and stopped.
  • Organization: the team managing the firewall is often not responsible for the enterprise infrastructure that benefits most from NGIPS protection. And when organizations outsource firewall management or security event handling/triage to MSSPs, having a dedicated NGIPS provides a clean path to see threats and harden defenses.
  • Compliance: best practice and many regulations require network segmentation. This can often be done more easily and effectively with an NGIPS – without cumbersome ACL management that accompanies firewall deployment. An NGIPS can be set to fail open – so traffic will always flow. Business is not impacted by NGIPS failure – as it would be by firewall failure or misconfiguration.
  • Response Speed: Attackers move rapidly to exploit new unpatched vulnerabilities.  An NGIPS can provide a stop-gap for unpatched or un-patchable systems – since it is easy to automatically deploy a rule that detects exploits targeting a new vulnerability.  For threats that get in, quick detection is key – having file trajectory information can help rapidly assess the impacted host and determine root cause.

Cisco Firepower®NGIPS

The Cisco Firepower Intrusion Prevention System (NGIPS) threat appliance provides industry-leading visibility and threat efficacy against both known and unknown threats.  Threats are stopped by:

  • Over 30,000 IPS rules that identify and block network traffic attempting to exploit a vulnerability in your network
  • Vulnerability and anomaly-based inspection methods (built on the core open technology of Snort) to accurately alert you to malicious hosts, network malware attacks, file movement, and zero-day threats.
  • Reputation-based IP, URL and DNS security intelligence that can shrink your attack surface by identifying known malicious sites
  • Automatic updates from the Cisco Talos threat intelligence platform
  • A tightly integrated defense against network-based advanced malware attacks
  • Early detection into evasive and emerging malware threats, delivering industry-leading < 13 hour median time-to-detection (Source: Cisco Annual Security Report – Jan. 2016).
  • An integrated sandboxing technology that uses hundreds of behavioral indicators to identify zero-day attacks
  • Indications of Compromise (IoC) that correlate events from multiple sources to identify possibly compromised hosts

A range of purpose-built appliances provides the right throughput, flexibility, and scalability, so that organizations of all types and sizes achieve consistent security effectiveness while maintaining network performance. These appliances incorporate a low-latency, single-pass design and include configurable bypass (fail-to-wire) interfaces.

In today’s fast-moving digital economy, now is not the time to take shortcuts with your security architecture. Cyber criminals are working overtime to take down the digital infrastructure for profit, fame or political gain. It is time to double down and stop them in their tracks with Cisco best-of-breed security solutions. Learn more about protecting your organization with NGIPS in our webinar.

 

Authors

Avatar

David C. Stuart

Director, Network Security Product Marketing

Security Business Group

November 15, 2016 1 Comment
Avatar

Security + Performance = Key Trends at Automation Fair

A trip to Automation Fair in the “Big Peach” (Atlanta) was time well spent! I ended up learning a lot about where manufacturers are headed through trade show floor conversations, questions during my presentations, and even evenings with customers over a few frosty beverages. They all made it clear there’s never been a better time to embrace the Industrial Internet of Things (IIoT), or Industrie 4.0, than now – all while confidently extending security throughout your plant. Continue reading “Security + Performance = Key Trends at Automation Fair”

Authors

Avatar

Scot Wlodarczak

No Longer with Cisco

1 Comment
Avatar

“P” is for Performance… The new Cisco UCS S3260 has plenty of it!

S Series

Earlier this month we introduced our new Cisco UCS S-Series Storage Servers, with the S3260 being first in market. The S Series is a new storage-optimized server category in the Cisco Unified Computing System™ (UCS) portfolio designed specifically to address the needs of data intensive workloads such as Big Data, and for deploying software-defined storage, object storage, and data protection solutions.  It can handle the rapid growth of unstructured data created by the Internet of Things, video, mobility, collaboration and analytics so that businesses can access and analyze data quickly to generate insights in real time. In addition our modular UCS architecture, of which the S Series is part of, lets you right-size infrastructure for the workload and operate with the efficiency and predictable TCO you need.   Continue reading ““P” is for Performance… The new Cisco UCS S3260 has plenty of it!”

Authors

Avatar

Rex Backman

Senior Marketing Manager, Big Data Solutions

Data Center and Cloud

12 Comments
Avatar

Ride the Hybrid Cloud Wave: next-generation Cisco ONE Enterprise Cloud Suite

Change is everywhere and it is happening faster than ever. Data centers have become user-centric rather than IT-centric. Developers, on behalf of the business, demand self-service access to technology. And when they don’t get it, they claim it themselves. These teams want access to public cloud like resources. Your business needs to grow and capture new market opportunities. And IT needs to keep the costs down, while moving faster than ever.

And in the midst of all this stands the all-important question “How do I do all these things and keep the business safe and compliant?” This is the stuff that makes or breaks CIOs.

Most enterprises are turning to hybrid cloud to answer these needs—a recent IDC study indicates that 73% of organizations are evaluating or starting to deploy hybrid cloud. There are many benefits. There are also challenges. For example, every company is different. Cookie cutter approaches to hybrid cloud slow down implementation. Increase risk. Make you spend budget dollars on capabilities you don’t need for years.

Cisco has released the next generation of hybrid cloud management. Cisco ONE Enterprise Cloud Suite delivers a flexible approach to hybrid cloud. Composed of four offers, this solution simplifies your data center as well as the journey to hybrid cloud. You can now take your journey to hybrid cloud with these offers:

  • Infrastructure Automation increases data center efficiency through consistent automation across physical and virtual infrastructure
  • Cloud Management allows freedom for developers to work across multiple private or public clouds
  • Service Management empowers customers through a self-service catalog to order and manage services
  • Big Data Automation makes it easy to deploy & consume Hadoop and Splunk environments

We didn’t stop there. Cisco has also introduced subscription licensing. This approach delivers the flexible consumption model our customers need, providing lower entry costs compared to perpetual licenses, and ongoing innovation with multiple support options ranging from simple break-fix all the way to 3rd party integration.

Combined together, your business can begin its hybrid cloud journey. Invest in the automation you need today. Then scale.

For example, start with a 1-year term for infrastructure automation. Pay less than a perpetual license. Then move to cloud management. Or add a self-service catalog.   You can start small, reducing your risk. There are no sunk costs, no trade-off between business innovation and software purchases. You’re on your way.

Enterprise Cloud Suite is a member of Cisco ONE.   Cisco ONE delivers a flexible alternative to purchasing data center, WAN and access solutions. Join the 14,000+ customers who take advantage of this flexible packaging solution, including 91% of the Fortune 100.

Business transformation is happening. It’s all about stepping up organizational performance. Years of managing data and accelerating business has taught Cisco exactly what is needed to bring speed and simplicity to your business.

Take the next step. Read the solution overview or visit us to learn more about the next generation of hybrid cloud.

 

Authors

Avatar

Frank Palumbo

Senior Vice President

Global Data Center Sales

Leave a Comment
Avatar

5G is coming! Are your migration plans ready?

Download our new 5G ebook, Three Keys to Success Preparing Your Mobile Network for 5G

5G is coming, 5G is coming!!! That’s what our technology Paul Reveres are calling as they ride through our industry journals. And they are right, 5G is coming and it’s coming fast. Oh what to do, and what to do first? Indeed, 5G migration really does require a strategy to prepare your network and your operations to derive the greatest benefits for your business.

1

Much of the 5G conversation has been about the new radios, but the most powerful hi-tech radio does nothing special without an infrastructure that can accommodate the new connections, special requirements and increased traffic load. Additionally, 5G is really what your network and what your business will be between the years 2020 and 2030. When we examine 5G through that prism, we understand there are many aspects that must be considered. Consider for a moment that, unlike previous mobility generations, 5G is not meant to replace 4G/LTE, but rather to augment it. 5G done right will be a convergence generation or licensed, unlicensed (and lightly licensed), macro, small cells, and so on. So the well-designed 5G network needs to be heterogeneous (HetNet); this also has implications on the transport and the core.

This eBook is in three sections and looks at HetNet, Mobile Core and xHaul (Fronthaul and Backhaul).

HetNet

On HetNet we will cover what and how you will create a seamless experience for your customers and maximize efficiency via new network intelligence like advanced self-organizing (optimizing, orchestrating) networks (SON). We also look at new business opportunities as well as potential challenges and pain points to be addressed.

Mobile Core

The section on mobile core examines the evolution of this very key area of the network (has often been referred to as the anchor). The 5G mobile core is a matured virtualized solution. You will read about the benefits of a core that not only supports control, user plane separation (CUPS) but uses that function to enable a true distributed architecture. A study by IDC in June 2016 compared the benefits of a virtualized mobile core to a truly distributed virtualized core.

IDC’s study concluded that by virtualizing all mobile core functions the operator would achieve improved functional utilization of up to 87%; resulting in improved cost efficiencies of up to 25%. The study went on to show that a distributed virtualized mobile core can result in potential opex cost savings in the range of 20– 40% over a five-year period.

This distributed virtualized network enables network slicing – the software based network constructs delivering custom networks for specific use cases and customers. But to make this an enablement platform to quickly create new services requires automation and orchestration.

xHaul

The third section is about xHaul, meaning both Fronthaul and Backhaul IP transport. Mobile backhaul networks are well known, but the notion of the fronthaul network relatively new. They became necessary with the buildout of small cell networks. 5G will heavily use small cells to eliminate “drop spots” in mobile networks. Fronthaul is also very important to delivering on one of the most talked about 5G requirements – ultra low latency.

xHaul is a unified approach to transport supporting key timing issues, like phase and frequency, as well as huge increases in scale, via IPv6 segment routing. As the number of connections greatly increases (over 12 billion IoT connections by 2020) and traffic load increase (80% of mobile traffic will be video), you will need SDN controllers to provide the intelligence to route a d switch traffic accordingly. This is called application engineered routing and segment routing and is invaluable for networks coping with high traffic demands.

Conclusion

Each of these elements requires a tight approach to technological implementation and business integration. Yet across all of these three areas, one message rings true with consistency – 5G is about creating a new enablement platform for the delivery of business-ready services.

Enterprises and service providers – be they traditional, web-based or newcomers to the market – will see 5G as a way to launch new services quickly and easily on behalf of their customers. That can only happen if you start thinking about the key elements of your mobile networks now.

As we will see in this eBook, providers that focus on HetNet, Mobile Core and xHaul will be able to use 5G as an agile platform from which to deliver new business services quickly and easily.

There has never been a better time to read this eBook on 5G.

2

Save

Authors

Avatar

Dan Kurschner

Marketing Manager, Product/Systems

Leave a Comment
Avatar

Crashing Stacks Without Squishing Bugs: Advanced Vulnerability Analysis

Overview

Crash triaging can be a long and complicated process; by using proper tools and having an optimal approach, we can make this a bit easier and less time consuming. In this post we describe a triaging strategy and toolset based on two examples of vulnerability classes:

  • Stack based buffer overflow
  • Heap based buffer overflow / Heap corruption

<<Read more>>

Authors

Avatar

Talos Group

Talos Security Intelligence & Research Group

9 Comments
Avatar

How One Company Saw the Light on Digital Marketing

Disrupt or be disrupted. Implementing digital marketing will change the way your customers see you. Read what guest blogger Susan Andersen, Director of Marketing, ShoreGroup did to change the winds of success to their favor.

 

sandersen25@hotmail.com
Susan Andersen, Director of Marketing, Shoregroup

Three years ago, our company realized we needed a change.

ShoreGroup is a managed services company headquartered in New York City.  We deliver solutions to customers in multiple sectors, from financial services to manufacturing to healthcare. Since our founding in 1999, we’ve seen truly remarkable success.  But we’re operating in the most competitive market in the world, and that can be tough.  Three years ago, the company realized that if we wanted to keep growing, we needed to take a new approach to marketing.

That’s when I started here. One of the biggest things I set out to do was to build up our digital marketing practice.  Today, on all the measurements that matter—from click-throughs and website visits to lead generation and brand awareness—that practice is thriving. As a result, our digital marketing efforts are now pretty highly valued by the entire company.

But looking back just three years, a lot of people in our organization didn’t really see the point.

Which isn’t so unusual, actually.

Like many companies, ShoreGroup at the time did not treat marketing as an integral or important part of the organization. Yes, there were newsletters. There were data sheets. Above all, there were events—here in New York City and also in other parts of the country where we have sales offices.

Now, here’s the thing about events.  Events can be great.  We still do events—just not as many. Because what was becoming clear, to everyone involved, was that events just weren’t the best way to reach our customers anymore. Here we were trying to persuade prospects to get in their cars or get on the subway and come to a specific place at a specific time—and they weren’t showing up.

Instead, where were they? They were online, doing their own research on their own time.

And when they went online, they weren’t finding us there.

So what we set out to do is meet them there. Online. It was a big step, and it took a pretty big re-orientation as a company. But it was the right thing to do—and it paid off.  You can get a good idea of what we were trying to do from this short video.

https://www.youtube.com/watch?v=xVt1y0365mI

The challenge, initially, was that a lot of people in the organization were skeptical that digital marketing could deliver real value. What difference would click-throughs make for actual sales? Who cares if we show up on social? So while we were given a green light to start down the digital road, it’s not like the whole company was rallying behind us with baited breath and throwing us marketing funds.  The sales team especially was not convinced. And I understand that.  We needed to prove ourselves first.

But we didn’t have a whole lot of resources to do it. That’s where Cisco made a big difference. With Partner Marketing Central, I discovered that we had access to an array of very rich digital marketing programs that were just waiting for us to take advantage of them.  Pay-per-click ads especially, at the beginning—but there was lots more there, and we took advantage of it. And what happened, as we carried out these initiatives, is that gradually we were able to rack up the metrics that got past the skepticism. We were filling the pipeline. Our email campaigns were generating good leads, qualified leads, and the sales people saw that. They started looking at us differently.

Now, three years in, a lot has changed. The sales team sees us as a necessary part of the company. We’re in this together, side-by-side, working on a common strategy, fully aligned on which customers to target, which industries, with what focus. Pipeline is up. Sales are up. And everyone understands, digital marketing is a big part of that. Digital marketing is fundamental to how we reach our customers—and how they find us.

 

******************

About Susan Andersen

Susan Andersen is Director of Marketing at Shoregroup.   With more than 25 years of marketing and business experience, including as co-founder of Vitel Software, Product and Channel Marketing at CA and Empirix, she brings an enthusiastic and creative approach to marketing challenges.

Authors

Avatar

Michelle Chiantera

Leave a Comment
Avatar

Designing CCAP for DOCSIS 3.1 and Beyond

Written By Daniel Etman, Director Product Marketing CABU

KO47056We often get asked what we mean by claiming that the Cisco cBR8 is designed from the ground up for DOCSIS 3.1 and beyond. In fact, there is a lot of confusion out there with regard to different hardware architectures in use by the various CCAP vendors. Cisco’s cBR8, introduced in 2015, was designed in-house, based on our decades of expertise in architecting carrier class platforms with 10 or more year lifespans.

This in-house development includes every component including the chassis, backplane, supervisor, line-cards, fans and power supplies. None of it is “off the shelf”. In fact, we had to get the backplane connectors custom built as these high performance connectors did not exist on the market. Keep that in mind as you look at the claims of other solutions out there.

Looking at per slot specifications, we offer 200 G/bps per slot full duplex (200 in and 200 out to a single SUP) which is a bit of a different claim than other vendors that claim either half duplex and/or dual homing to two supervisors. One would have to question the latter as that would have the disastrous impact of losing 50% of the total capacity if you lose a supervisor, removing any high availability capability in the system. With eight slots, that means we have a 1.6 T/bps full duplex capability on the backplane, however, the backplane is engineered to drive a total switching capacity of 3.2 T/bps.

I still remember the early days of the design when we had to increase the size of the chassis from 10RU to 13RU in order to accommodate full DOCSIS 3.1 scalability (and beyond). The reasons for that were both heat dissipation and power. If you run 64 service groups at full DOCSIS 3.1 spec you will be requiring a lot of power and you would need to get the heat out of the system. It’s a fair question how platforms designed years and years ago for DOCSIS 3.0 would be able to sustain full DOCSIS 3.1 capacity.

Looking ahead at the long-term requirements for the cable industry, we went with a custom design, as opposed to other “commercial off the shelf” solutions because it offered us a system which scaled well beyond anything available on the market. Now, what do I mean with “off the shelf” hardware? One such system is called Advanced Telecom Computing Architecture (AdvancedTCA). Vendors can buy chassis, backplanes, and supervisors off the shelf from commercial vendors allowing for a somewhat faster time to market yet obviously with less differentiation and less future readiness.

Getting a little into some technical details here but stay with me. From a capacity perspective, standard ATCA started out with “ZD” connectors allowing 10G/bps per slot. Shipping now, the ATCA design provides the ability to offer maximum 40 G/bps per slot utilizing 4 lanes of 10 G/bps with the mandatory “ZD-plus” connectors available as of 2012. Any line-card with an older “ZD” connector would bring all of the slots down to 10 G/bps, that means any line-cards shipped before the 2013 timeframe. Last year, mid 2015, we have seen the first 100 G/bps ATCA chassis being announced by the COTS vendors utilizing a new “ZD pro” connector that performed better than the “ZD plus” connector, yet this is still only 50% of the cBR8 per slot capacity. I think that it is in fact appropriate to state that you will need at least 40 G/bps per slot if you want to be running DOCSIS 3.1 on all service groups in case of an 8 (or larger) service group line-card, that means any ATCA line-card or chassis before 2013 simply cannot run full DOCSIS 3.1, something the cBR8 will be able to do without any problem, investment protection by design.

The above needs to be taken into account when looking at the different CCAP’s available and their ability to grow with the services in the future. The cBR8 is uniquely architected to grow with the service requirements to a complete DOCSIS 3.1 implementation –all while providing incremental investment protection for our customers and ensuring that cBR8 deployments stay in operation for a long time.

Click on this link to find out more about the cBR-8, the only evolved CCAP.

 

Save

Save

Save

Save

Save

Authors

Avatar

Greg Smith

Sr. Manager, Marketing

Cisco Solutions Marketing