We live in a business era of rapid digital transformation that continues to evolve. From manufacturer to consumer, procurement to finance, software applications designed to improve and enable productivity, business efficiency, network security, systems operations, mobility, and more touch nearly every part of business. But with so much of the business dependent on properly functioning software, what happens when something goes wrong? How do companies manage the effects of outages and downtime? Are software support services worth the extra money?
If you find yourself asking these questions, then join us for our upcoming #CiscoChat, Transforming Business:The Pros and Cons of Software Support, on Wednesday, November 16, 11am PST (2pm EST). During this chat, Cisco’s Susan Gibson (@susu1123), Alejandro Alvarado (@alexalvarado01), and Aamir Waheed (@aamirjee) will team with Zeus Kerravala (@zkerravala) of ZK Research, to discuss the pluses and minuses of enlisting software support and how it can help ensure business continuity.
To participate in the chat:
Make sure you’re logged into your Twitter account.
Search for the #CiscoChat hashtag and click on the Live tab.
The chat will be moderated by the Cisco Services channel (@CiscoServices) on Twitter. Be sure to follow the account to participate. They will begin welcoming guests at 11am PT (2pm ET) and posting questions for discussion.
For @ replies to specific participants in the discussion, please use a “.” at the beginning of the tweet so your question or comment appears in your public Twitter feed.
If you need multiple tweets to answer a question, please preface each tweet with “1A, 2A,” etc., in order to make it easier for others to follow along with the conversation.
Be sure to use the #CiscoChat hashtag at the end of each tweet so others can find your contributions to the discussion.
We look forward to a lively discussion and encourage you to bring your own questions to the conversation! We’ll see you soon!
Talos is monitoring the big notorious Exploit Kits(EK) on an ongoing basis. Since Angler disappeared a few month ago, RIG is one EK which seems to be trying to fill the gap Angler has left. We see an ongoing development on RIG. This report gives more details about the complex infection process the adversaries behind RIG are using to infect their victims and how they attempt to bypass security software and devices.
The adversaries are leveraging Gates (e.g. EITest) to redirect the users to their Landing Page. This leads to a chain of redirects, before the victim finally gets on the landing page of the exploit kit. They are using different methods and stages to deliver the malware files. The same malware file often gets written and executed multiple times on the victim’s PC. If one method doesn’t work or is blocked by an Anti-Malware solution, they have a couple of backup methods. All stages and methods are obfuscated, some more, some less.
For any sales engineer who’s ever known the late nights, long hours, and frustrating hiccups of attempting to demo products for customers using PowerPoint or other slide deck platforms, Cisco dCloud is a game changer. dCloud is a cloud-based, self-service platform that hosts premade demos and lab content, readily available so sales engineers can provide Customers and Partners with demos, training, and sandboxes — all at the drop of a hat.
The upshot of dCloud is significant: time and cost savings, sales acceleration, and happier Customers, Partners, and Employees.
During our most recent #CiscoChat “Innovative Ways Systems Engineers Are Winning with Cisco dCloud”, we were joined by Cisco leaders
Doug Good (@dgood68), VP Americas Systems Engineering,
Ben Martin (@benmarti35), Systems Engineering Manager,
Michael Lipsey (@ccie42683), Consulting Systems Engineer, and
Fareed Fakoor (@cciepending), Systems Engineer.
Andrea O’Connell was a Cisco Intern over the Summer of 2016. She shared the post with us prior to returning to school where we wish her lots of luck and success. 😊
Can I be honest? Before I started working at Cisco I wasn’t sure if this company would be the right fit. My past internship experiences had me accustomed to working with very small, close-knit companies and groups of people. To be frank, I thought there was no way that a company of over70,000 human beings could match that intimate feeling I had previously experienced.
I was wrong. So very wrong.
Trying to describe the culture at Cisco is very hard to put into words because it’s more of a feeling. You just feel like everyone around you is excited about what they’re doing, you feel like everyone is supportive of you and glad to have you there, you feel like you’re working for a company that is passionate about making a difference.
This was evident both inside and outside of the office.
Inside the Cisco Office: Imagine walking into a completely new environment, and having people already there looking out for you. That’s what it felt like for me because of the two “buddies” I was assigned. Their role was to welcome me to Cisco, and answer any questions that I had. By aligning with the company culture, they did so much more than that.
My “buddies” met with me about once a week to talk about whatever was on my mind, whether it was work related or more personal. I was given so many opportunities to grow through my meetings with them because of the various challenges they set forth for me and the advice they gave from just having been in my shoes previously.
Another influential role at Cisco was my manager. As I worked my way through my internship, I started to gain an increasing amount of respect for her through the things I was noticing and putting together about what make her a great leader. So let me highlight a few for you:
The Welcome – From the moment that my manager and I first “virtually” met, she was excited to have me at Cisco and fully integrated me into the team.
The Talks – We met 1:1 religiously, however it was clear that it was an open door policy, and any time I needed an extra minute to talk, it was always accepted.
The Thought – Over time, I began to understand just how much thought was put into the projects I was assigned to work on. I knew the subject was carefully crafted because it combined my experience with a new area that I was very interested in discovering. But, what I didn’t realize was how strategic the projects were in helping me learn how to tackle situations that I will inevitably continue to encounter throughout my career.
How great do these people sound? I know, I was really lucky. And the rest of the team that I worked with fostered this supportive and cultivating environment. I was just waiting to run into someone that wasn’t so great – but, that just never happened!
From top-down, everyone within my organization cultivated risk, and was never okay with doing something just because “that’s how it’s always been done.” This attitude was also implemented in our weekly “Lunch with a Leader” sessions, and carried throughout our daily interactions as a team. As a Cisco Intern you’re really shattering the stereotype of what an intern does – be ready to run and help innovate because the teams at Cisco are going to set you up for challenges, growth, and many awesome opportunities! What a great and inspiring culture to work in!
Outside the Cisco Office: At Cisco, they not only encourage you to volunteer, but they give back to the organization for each hour that you participate. Think that’s cool? Well they also have programs in place where you can take a sabbatical and focus all your efforts into a cause that you are particularly passionate about, and they offer employees five give back days so they can go out into their communities to volunteer at causes they are passionate about. Now that’s awesome!
Cisco also has many behind the scenes efforts in place to help out different communities and people around the world. I recently learned about all the work that Cisco is doing to help refugees stay in contact with their families, and how they provide women and children who have limited access to education with the tools and trainings they need to jumpstart their careers.
There is no quota, and these efforts aren’t revenue driven. Why? Because Cisco is one of those rare companies that is truly passionate about making the world a better place.
To sum it up,
The people are awesome
The work is passion-driven
The culture is risk-encouraging
The company cares about the community
So why would you not want to work here? I’m sorry, I just can’t answer that one.
Ready to take Andrea’s advice? We’re hiring – Join us!
To read Andrea’s post in it’s entirety, check out her LinkedIn post.
For the past couple of weeks, security and the Internet of Things (IoT) have been in the news like never before. During the first few days after the massive distributed denial of service (DDoS) attack on domain name service Dyn, I almost couldn’t look at a news outlet without seeing or hearing a discussion highlighting the security vulnerabilities of IoT.
As it turned out, this DDoS attack could have been prevented simply by requiring users to reset the default passwords on Internet-connected cameras during the setup process. This proves once again that most security breaches take advantage of well-known vulnerabilities that haven’t been addressed, despite ample alerts.
And while the attack caused a great deal of inconvenience to users of Twitter, Netflix, Spotify, and the like, it did have its upside, shining a bright light on the need for a comprehensive approach to security in IoT deployments. Bottom line: IoT security is everybody’s responsibility: Users, manufacturers, integrators, security vendors, technology vendors, IT teams, Operational Technology teams, employees—all of us have a role to play.
In an upcoming blog, I’ll talk more about security as a key ingredient in my recipe for IoT success. But for now, I’ll highlight some basic principles and best practices.
The first thing to realize is that there is no such thing as foolproof IoT security if you want to enjoy the benefits of connected systems. Even physical isolation doesn’t work—as demonstrated by the Stuxnet virus, which made its way into industrial operations via a thumb drive. But you can make informed risk vs. cost decisions by applying a few principles:
Use risk assessments to determine how much risk you can tolerate for each system and business process. Then use policies, analytics, and automation to enable your systems to prioritize, contain, and defeat attacks based on these assessments. Engage top management in this process, since enterprise security issues already put their jobs on the line.
Take an architectural approach, break down current silos, create a unified enterprise policy-based security architecture, and design security into everything, right from the start. Don’t just bolt-on security at the end.
Minimize “Shadow IT.” Work with your IT and security teams to “bring into the fold” the teams and departments implementing their own tools, devices, and connections—and compromising enterprise security in the process.
A Comprehensive Approach to IoT Security
Adopt a comprehensive before/during/after approach. Implement strategies before an attack to prevent unauthorized access (from both external and internal players). During an attack, quickly identify the breach and shut it down. Then, after the attack, assess and minimize the damage—and adjust security practices based on lessons learned.
Integrate physical security and digital security. Many IoT security attacks originate inside the organization. Thus, implementing security best practices that include both physical security (including tailgating prevention policies and use of biometrics to control access) and digital security (role-based access, etc.) is essential.
Adopt industry-supported standards. Proprietary approaches will cripple your security efforts down the road.
Automate and monitor IoT security end-to-end. Build in intelligence and predictive analytics. Manual efforts will quickly be swamped by the volume of IoT activity, even in small organizations.
Segment traffic and use a multitenant network infrastructure to isolate problems. It’s one thing to have a DDoS attack that shuts down employee access to the HR system for a few hours—and quite a different thing to have a breach that crashes your production line. So keep interface components separate from critical infrastructure.
Finally, educate everyone about security practices and policies. This includes employees, partners, vendors—everyone in your business ecosystem.
It is true that IoT security is in many ways unique: it is more distributed, more heterogeneous, and more dynamic than traditional IT security environments. It also introduces new scenarios that require brand new approaches to security (think connected cars, sensor swarms and consumer-class devices in the workplace).
For most organizations, the logical first step on their IoT security journey is to leverage 30+ years of experience and best practices that IT security systems give us. So let’s not reinvent the wheel. Let’s take a comprehensive, strategic, policy-based architectural approach by extending and enhancing current IT security architectures to cover IoT devices, infrastructure, solutions, and use-cases.
Yes, we are dealing with an active adversary. But it doesn’t mean that security should be something we fear or demonize. The right answer is to develop an informed risk assessment and monitoring strategy, accompanied by an appropriate and proportional security response that accounts for the particular threat level and the amount of value at risk. And because securing your IoT deployment is not a one-time event, let’s implement it as an ongoing process, like IoT journey itself.
Strategic innovation in the digital age is powered by people connected to the Internet of Things (IoT). Maciej Kranz has written a definitive guide on how to implement and capture the unprecedented value of IoT. The first of its kind, Building the Internet of Things,” gets past the hype to guide organizations across industries through the IoT journey. His book is available online at major retailers.
It seems almost counterintuitive. How can a solution that improves the campus experience for students and staff also save the university hundreds of thousands of dollars annually? Better and cheaper rarely co-exist in the same idea. But with Cisco CMX, they do.
The University of British Columbia has always been a forward-looking institution, looking for ways to make the educational experience better. That’s one of the reasons they’ve been long-time Cisco customers. They saw the value of a robust wireless solution.
But they also care about their impact on the environment. So they asked themselves, “how can we use the wireless infrastructure we already have to reduce our carbon footprint?”
The university already had CMX deployed and understood the solution’s ability to provide insights into the number of students in a space and their dwell times. Working with Sensible Building Science, the school developed a connection between CMX location analytics and the university HVAC system. Essentially, the wireless network acts as a sensor for the campus’ air conditioning and heating. When no one is in a lecture hall, classroom, office, or other common space, CMX alerts the HVAC system and the room is neither heated or cooled. However, as people arrive and occupancy reaches a pre-determined threshold, CMX pushes that information to the building control system and heats or cools the room to the desired temperature.
In facilities management, savings are typically small and any solution that returns its investment in five years is considered good. CMX far exceeded this benchmark. For older buildings with older HVAC systems, the CMX and Sensible Building Science solution delivered savings of 5% and is expected to return its investment in under three years. As the solution migrates to buildings with modern variable speed fans and other more efficient systems, the savings is expected to rise above 10%.
CloudNOW, the executive consortium for the leading women in cloud and converging technologies, just announced the winners of their 5th annual ‘Top Women in Cloud Innovations’. Cisco’s very own Monique Morrow has been recognized among these cloud influencers.
“Monique is one of Cisco’s cloud thought leaders and a strong advocate for women in technology. She is pioneering the industry and leveling the playing field for future generations,” said Jocelyn DeGance Graham, founder of CloudNOW. “We recognize Monique’s dedication and passion for tech, and thank her for her continued contributions.”
In her current role Monique is responsible for the strategy around defining mechanisms and marketplace scenarios for cloud federation constructs to include security. Her work also explores the humanitarian use of technology and the use of artificial intelligence and virtual reality to create a people neutral system that is both experiential and ethical without losing the beauty of randomness in our human behavior.
As part of the annual United Nations Summit, she attended the inaugural ID2020 Summit at the UN Headquarters in New York. Over 250 delegates from more than 50 technology businesses, NGOs, advisory firms came together to tackle one of the biggest challenges facing humanity today: proof of legal identity.
Monique and her team presented the idea of building a humanized internet with what she calls “Freedom-As-A-Service” (FaaS) at the core. This idea is a model which is self-organizing and allows for people to take control of their own destiny by empowering a new era of personal innovation, and creativity and free-thinking lifestyles.
All 12 of this year’s Top Women in Cloud Award recipients are listed on the CloudNOW website.
CloudNOW is a non-profit consortium of the leading women in cloud computing, providing a forum for networking, knowledge sharing, mentoring, and economic growth.
Join us in congratulating Monique and the other award recipients.
Pack Expo is just around the corner (November 6-9) and you will see first hand the dynamic world of packaging that is accelerating to places we cannot even imagine! It wasn’t very long ago that the packaging of your products was a simple way of telling your customers who you are and what the product is.
Times started to change and cereal companies started to put children’s favorite cartoon characters on the boxes to draw the customer to buy more. Today packaging is your competitive differentiator and in many cases your brand equity can win or lose on the store aisles.
One simple examples is the new Coca-Cola Life product which uses a natural sweetener instead of sugar. Instead of the traditional red, they chose green because it insinuates (does not guarantee) natural ingredients/products.
This was a paradigm shift that draws attention to what’s inside. If Coke had kept the red cans and simply printed on them “natural sugar or sweetener,” the results would not be the same.
So let’s go beyond the packaging and talk about the technology that makes it happen.
Budweiser is selling beer with your favorite NFL team printed on the can. While this can be a relatively straightforward marketing decision, the technology behind this is not so simple.
You need to make sure that:
The right teams are printed on the right cans
The right cans are delivered to the right cities
They arrive in time for the games!
The includes a digitization strategy that includes order processing, flexible packing and printing, logistics, and making sure the right cans end up in the right markets before Sunday’s game!
A more complex example is a packaging solution aimed straight at the customer experience. Purina now has a brand of dog food called “Just Right” and it is a customer oriented product that ensures you get the right food at the right time for your dog without question.
You enter information about your dog (go ahead and take a look at the Purina website) and upload a picture to the site. One of the main areas is whether or not your dog has an allergy because if so, Purina cannot miss this. Imagine the technology that is behind website portals and information enabled factories to align orders – and even a photo of your dog one bag at a time….every time!
Cisco is the digitization engine that is driving these (and many more) manufacturers into the future. Visit the show to better understand what is happening but more importantly what’s next!
Check out our website to see more digital stories:
Talos is releasing an advisory for a remote denial of service attack vulnerability in Microsoft Windows 10 AHCACHE.SYS.
An attacker can craft a malicious portable executable file, which if accessed causes AHCACHE.SYS to attempt to access out of scope memory. This triggers a bugcheck in the Windows kernel causing the system to crash, denying service to the user. Although AHCACHE.SYS is the driver that handles local cache compatibility information, if the vulnerability is exploited the attacker is unable to execute code or elevate user privileges.
marketplace scenarios for cloud federation constructs to include security. Her work also explores the humanitarian use of technology and the use of artificial intelligence and virtual reality to create a people neutral system that is both experiential and ethical without losing the beauty of randomness in our human behavior.
