Over the last several years, the manufacturing industry has consistently fallen victim to the attacks of increasingly sophisticated cybercriminals. Recent reports indicate that:
In order for manufacturers to stay economically viable and protect brand reputation and worker safety, it’s critical that cybersecurity remain a top priority.
In our most recent #CiscoChat, I joined Marc Blackmer (@marcblackmer), Eric Ehlers (@egehlers), and Gregory Wilcox (@gswilcox_ohio) of Rockwell Automation to discuss security risks and data protection in the manufacturing industry. We’ve aggregated some of their thoughts below and the full chat is available here.
Attacks aimed at the manufacturing industry have been on the rise in recent years:
That prompted us to set up a poll to see how security-saavy our audience was:
The correct answer was 91. Then we asked:
Where should manufacturing companies place their security investments?
A lively discussion was sparked when we asked:
What data do you think is most critical to protect?
We asked a few questions about standards organizations like ISA before our final question:
What are the risks of industrial PCs that require security patches & system updates?
To our participants, thank you for making this chat fun and informative! For more information on increasing security in the manufacturing industry, check out our:
Microsoft Ignite is just around the corner. It takes place this year in Atlanta from September 26–30at the Georgia World Congress Center. The event will include all the latest solutions that Microsoft has to offer.
In April of this year, Microsoft announced the End of Support for Microsoft SQL Server 2005. Support for that product now lies with the internal support groups within that organization. In response to the End of Support, Microsoft released its long awaited SQL Server 2016. The product is a robust version of the product and a very good choice for those wishing to migrate to this version. Microsoft also announced Windows Server 2016. Again a very good upgrade for those wishing to move to the latest technology.
From a software standpoint, this was good news for customers, however, from a hardware and server platform standpoint, some decisions will have to be made. The latest version of these two product require additional compute power in order to handle the advanced features that these products contain. That means the customer must decide to remain with their current platform, or seek a platform that will provide the latest and greatest technology as well as provide the costs savings that Data Center managers demand.
Enter the Cisco Unified Computing System (UCS) Server Platform. UCS uses the latest Intel chip set to provide the speed and scalability that is required for mission-critical application servers. In addition, in a recent IDC study, UCS provided employee costs savings of as much at 13 million dollars per year in data centers where these servers were installed.
You can talk to our Subject Matter Experts in booth number 1110 at Microsoft Ignite to find out for yourself how this innovative server platform can transform your Data Center and allow you to have the same savings as those customers interviewed by IDC.
Cisco will also be giving two very important breakout sessions. The first is on Cisco Tetration Analytics which allows any Data Center manager the ability to track data packets from beginning to end, looking for collisions and bottlenecks. You have never been able to track this data like this in the past. It will provide application insights, and implement zero-trust models detect policy deviations, and facilitate efficient data center operations.
The second breakout session will provide a historical perspective on Application architecture and how it has evolved to meet market demands.
Have you seen Supermarket Sweep on TV? If so, you know it’s a hectic mad-dash of a competition. Cisco’s Employee Financial Services IT Group, however, took speed-shopping to a whole new level, all while giving back to our local community!
My team is spread across the globe from North Carolina to California, and Japan, London, and India, but we don’t let our distance prevent us from giving back. We have made a consistent effort to give back to our communities and rely on each other to accomplish those goals.
Recently, I flew from San Jose, California to Raleigh, North Carolina to receive technical IT Analyst training as well as meet some of my team members. As a part of my team’s bonding activity, we decided it would be a fun way to get to know each other by… grocery shopping!
We set out to shop for lunch items at the nearby grocery store to pack lunches for women and children who reside in the emergency shelter in downtown Raleigh. To make it even more challenging and fun, we decided to split up in teams with a clear mission: whoever finishes checking out all the necessary lunch items the fastest – wins.
I don’t think there is a better way to get to know someone than by racing around a grocery store piling food in your cart. Chaotic doesn’t even begin to explain the level of franticness and thrill we faced, but we also had to build a strategy, communicate, and implement our plan to succeed. In case you were wondering, my partner and I came in last after we got lost trying to find the aisle that the fruit bowls were in. Very disappointing, to say the least.
Even with coming in last, we all felt the challenge added a whole new element to giving back.
After we congratulated the winners, we went back to the Cisco cafeteria and started making our lunches in an assembly-line fashion: everyone worked together, everyone was important. Some of my teammates were sorting snacks for the diabetic women and children while some were packing the sandwiches. The strength of our team really relied on the strength of each individual team member.
It’s an important lesson that I now carry through to my daily work.
As an IT Analyst for Cisco IT, my role supports the development of software and programs of Cisco Payroll & Stock. In all the days I’ve spent at Cisco thus far, I’ve truly learned that my team members are there to support and guide me, and I can rely on them for any of the struggles that come my way.
As a recent graduate of Rensselaer Polytechnic Institute, selecting a company post-graduation that had values in both social responsibility and strong teamwork was important to me. I’m so fortunate to have selected Cisco, a company that not only supports employees in their efforts in volunteering and giving back, but encourages them to do so together.
I have found so much support here at Cisco, on all levels, and my colleagues are consistently encouraging each other to invest time and efforts in to giving back. So when people ask me if I like where I work, I have to correct them because I love where I work!
Cisco’s Application Centric Infrastructure (ACI) was designed from the very beginning with a foundation of openness, extensibility and programmability.
Building on this foundation, we are very excited to introduce the Cisco ACI App Center. With this new ACI capability, customers, developers, and partners will be able to build apps to simplify, enhance, and better visualize their use cases – similar to what is done in mobile world apps today.
We would like to invite all of you to develop and share your applications with the ACI community. These apps will be hosted and shared at the “Cisco ACI App Center” and will be downloaded and installed in the APIC controller.
Azeem Suleman, Cisco Principal Architect, states, “Originally your smartphone performed phone functions like voice calling and text messaging. Now with third party applications (Apps), your smartphone becomes a part of your life with apps like collaboration, health, stocks, maps, etc. Think of mobile as an infra, and apps are enabling smartness.”
I’m sure, I just left you thinking, what apps could there be in networking? I can’t execute a stocks app in networking, right? Well, here are some thoughts to guide you in that direction:
Security compliance reporting as always requested by Security Auditors
Visualization of security policies (contracts) and traffic maps across tiers
How many virtualized and non-virtualized hosts are in the infrastructure and where are they spread?
Traffic hot spots in the fabric.
And the list goes on …
If a picture is worth a thousand words, a video must be worth more than a hundred thousand.
Introducing Cisco ACI App Center Video
The APIC will provide a local App repository under the new “App” tab where APIC admins can pick and choose which App is to be installed onto their fabric. These apps can have a GUI front-end, back-end processes with retained state, and their own APIs. The APIC infrastructure will provide support for High Availability, replicated state, Role-Based Access and Control (RBAC), and Single Sign-On for the Apps it runs. Further, the APIC will have a reservation policy to control the amount of CPU/memory/storage these apps can consume to ensure smooth running of fundamental ACI operations.
Our App Center portal will provide an automated process to allow you to register yourself, upload your application for approval and digital signing, and to distribute the approved apps. Users will be able to view available apps along with their ratings, reviews and comments. Support for the apps themselves will come from each of the App developers. The initial release – targeted for early calendar Q1 2017 – will not provide monetization capability on the App Center itself, but it won’t prevent you from charging directly if you desire to attach a fee for licensing your app.
Cisco ACI App Center GUI
For our customers who develop their apps for their own local consumption, they will be able to install their apps directly on their APIC local App repository without needing to go through the ACI App Center and signing process.
Below are some of our Cisco reseller partners that have built custom value added applications (Figure 5a-5d) or have tested and validated them as part of our registration and approval process (Figure 5e).
GDT App Profile Browser
The application displays a graphical representation of all the tenants and associated application profiles and EPGs contained within the APIC.
Provides a zoomable interface delivering a unique user experience when interacting with ACI components.
Figure 5a
GIT integration for ACI
Manage tenant profiles as code
Sync ACI tenant profiles with GIT
Integrating ACI into Agile / DevOps release management workflow
Figure 5b
Security Reporter
Detailed Reports on Tenants, VRFs, Service Graphs, Contracts, etc.
Provides a centralized dashboard for auditors and compliance reporting
Figure 5c
Automated Security Management
ACI Integration With Phantom
Execute Playbooks Against Security Incidents
Figure 5d
Testing & Validation
ACI App installation testing and validation
Figure 5e
We want to thank our partners GDT, Dimension Data, Kovarus, WWT, and Netnuvem for their contributions.
We look forward to hearing from more of our partners and customers for ACI app ideas to enhance your ACI experience. For additional information, please send your inquiries by email to APIC-App-Center@cisco.com until the official App Center is launched. We would also love to hear ideas of possible apps to enhance your ACI deployments.
Stay tuned for an upcoming announcement for general availability of the ACI App Center in the near future and join the ACI revolution.
Think your meetings are havens of productivity, team engagement, and collaboration? Consider this: 70% of employees admit to multitasking during meetings, according to Interaction Associates. We’d like to think that our meetings succeed in moving our projects, and our business, forward. But unfocused, stressful, and ineffective meetings are all too common.
In reality, meetings typically start late. Technology glitches can create hurdles for dispersed teams, slowing productivity. And with the swift pace of change in business, many leaders wonder if meetings are spurring collaboration and innovation. Or whether they’re just creating a big tech headache. If you’re unsure about how “collaboration-friendly” your meetings are, you’re not alone.
Our handy infographic lists five warning signs that your collaboration technology could be holding back your business. Learn some easy tips for better meetings. See how reliable tools like Cisco meeting solutions can simplify everything about the way you work.
Who knows? It might even bring a bit of Zen to your workday.
Peanut butter and jelly. Sonny and Cher. Han Solo and Princess Leia. Just a few examples of life’s greatest love stories. Sure, each one as a standalone is great, but the two together? It’s a perfect match.
With today’s digital consumers, providing Wi-Fi in your business is a necessity rather than simply a luxury. And mobility services that complement Wi-Fi is a key differentiator for any organization looking to add value and drive revenue through personalizing customer engagement and improving operations. This sounds great if you’ve got the budget and the resources, but what if you’re a small to medium sized organization with a lean or nonexistent IT department? How will you keep pace with your competitors to successfully deploy and manage it all?
Enter Mobility Express and CMX Cloud. Limited budget? No problem. IT team of one? That’s ok. With these integrated solutions, it’s simpler than ever to quickly deploy 1) an on-premise wireless network with a built-in virtual controller, along with 2) cloud-delivered guest access captive portal to onboard customers and generating analytics for customer insights. And it’s done without compromising on enterprise-class performance and reliability.
How can Mobility Express and CMX Cloud be used in your industry? Just a few examples below:
Retail and Hospitality: Provide your customers and guests with free Wi-Fi access while A/B testing relevant promotions in the captive portal.
K-12 Education: Quickly get your campus Wi-Fi up and running, and generate analytics to understand how the campus space is being utilized.
Small-medium office buildings: Easily authenticate corporate guests onboarding to Wi-Fi via voucher generation or sponsor emails.
Future-proof your investment as your organization grows, since there is no need to rip and replace APs to expand your network. You’re also able to easily upgrade CMX licenses, whether from one CMX Cloud license to another, or from CMX Cloud to on-premises CMX.
So you want to deploy your database tier in the data center with an ACI managed network, and app server and web tiers in the public IaaS cloud? No problem.
As applications are getting more complex, IT is getting more savvy about where individual tiers are deployed. With Cisco CloudCenter, you can automate application deployment and control exactly where each application tier is placed.
You probably know that with CloudCenter patented technology, users can create a cloud agnostic blueprint called the Application Profile, that describes everything needed to deploy an application. The CloudCenter orchestrator abstracts each cloud API, and deploys the application in any of 20 different data center, private and public cloud environments. When users click “Deploy” they have freedom to choose which cloud the application is deployed to.
But you may not know that when users deploy an application, they can also choose “Hybrid” and then select the deployment environment for each application tier individually.
Consequently, both legacy enterprise applications and cloud native architectures can be deployed with its services, Docker containers, configuration recipes across any combination of data center and cloud.
Stretched Application Topology
The application profile doesn’t change. The application doesn’t have to be refactored. IT doesn’t have to version control and edit scripts or workflows that hardwire specific tiers to a single target environment. That is the simplicity and power of CloudCenter!
For a traditional 3-tiered application like Magento that requires PCI compliance on its credit-card-holding database, the stretched topology features allow the database to be hosted within a company’s secure data center while the application and web tiers are hosted when needed on a public IaaS cloud.
Benefits of Stretched
There are three primary reasons that you might choose to stretch an application:
Cost: Not everything belongs in the cloud. Deploying long running stable applications tiers in your virtualized datacenter can reduce your monthly cloud bill. But variable usage tiers that require more resources during periods of heavy usage can benefit from cloud pay-per-use economics.
Security: Stretched application topologies can increase security by letting users consume Software Defined Networking (SDN) through Cisco ACI. Customer data, patient data, trade secrets may best be deployed back in your data center. Cisco ACI and CloudCenter together offer unparalled application security via micro segmentation, zero trust, white list communication between specific application tiers. The application profile doesn’t change with ACI. Users don’t have to know anything about networking to get the power of ACI for their deployment.
HA/DR: An application profile can describe a high availability or disaster recovery architecture with master and slave nodes stretched across availability zones within a cloud region. This makes it easy for a developer or production engineer to deploy and test an HA/DR configuration. Then use the same version controlled automation to deploy in production as well.
Just three steps
All a user has to do is deploy an application profile like they normally would, but when asked which cloud to deploy to:
Select Hybrid. to activate cloud fields for each tier.
Select the appropriate execution venue for each application tier.
One-click deploy. That’s it!
CloudCenter does the rest. The user doesn’t have to know the nuances of each cloud API. Or, change any orchestration flow. Or, change any deployment script or automation artifact that is hard coded to a specific environment.
Of course CloudCenter’s simple tag based governance applies to each tier as well, simplifying placement, deployment, and run time decisions for users.
Being the first application deployment tool to have the ability to stretch deployments across any cloud from the same model is a giant leap forward in harnessing the power of the cloud while whittling the cost to pay for only what you need. It’s just another example of how Cisco is pushing boundaries and adding value across the hybrid IT landscape.
Watch this on demand webinar to see how Cisco ACI and Cisco CloudCenter support various stretch application topologies.
A common question I receive in my role as chief digital officer (CDO) is, “Where do I begin my digitization journey?” This is key—both because it is hard to know where to start among a sea of potential areas to transform and because setting out in the wrong direction can hurt your competitive position, waste time, and be a strategic distraction.
Given the wide-ranging scope of digital business transformation, it may seem incongruous to use “simple” and “digitization” in the same sentence. Most CDOs I know like to build and fix things. While this trait is vital for success, CDOs must be careful not to over-engineer things. In fact, successful digitization requires that CDOs simplify how work gets done in their companies as they reimagine how to create new value for their customers.
Most companies have a complex web of business processes that developed over time. This complexity can be an artifact of past success, including autonomy in innovative business units or manual processes that were quickly set up to launch a new product, but were never digitized. While these processes may have contributed to success in the past, they constrain future growth and competitiveness.
CDOs only make matters worse if they digitize this complexity, or build new processes on top of it. Even a great architect can’t succeed by building on a shaky foundation. And in a world where digital disruptors could displace 40 percent of market leaders in the next three years, companies can’t afford self-inflicted wounds.
I spent the first four months as Cisco’s CDO examining every aspect of our business model and the processes that enable it. Even at a company like Cisco, which has been extremely successful, there were many processes that required simplification, especially as the company continues to evolve from selling discrete products to providing integrated offerings comprised of hardware, software, and services.
Working with Cisco’s leadership team, we are eliminating unnecessary complexity and driving digitization based on a simplified blueprint that supports our newly established business model. One year in to my role, this work is already having a big impact.
Until recently, Cisco had an astonishing 70+ ways of selling and delivering products and services to customers. We have now reduced this number by more than ten fold to just seven core customer-facing models. This makes it easier for companies to buy Cisco’s offerings across our entire portfolio, while simultaneously reducing internal operating costs. This clarity creates the conditions to improve quality and accelerate execution across every function required to drive Cisco’s market-leading position.
When it comes to successful digitization, hold back your inclination to over-engineer. Even with an eye on the future, and potentially building a new business, remember that simplification must precede automation. With this approach you will be on the path to successfully transforming your company into a digital business.
How are you dealing with complexity as you confront the digitization challenge?
In my next blog, I will touch on the other most frequent question I am asked, “How do we change our culture to enable and embrace digitization?”
By Timothy D. Harmon, M.S., CCNA R&S, Security+CE, Cisco Champion
Cyber security is a high priority of companies, small and big, as cyber attacks have been on the rise in recent years. In response to these attacks, security professionals and college students have been through rigorous training as how hackers are able to get into the companies and how to defend against them. One way of cyber security training is through a cyber security capture the flag (CTF) event. A cyber security CTF is a competition between security professionals and/or students learning about cyber security. This competition is used as a learning tool for everyone that is interested in cyber security and it can help sharpen the tools they have learned during their training.
The very first cyber security CTF developed and hosted was in 1996 at DEFCON in Las Vegas, Nevada. DEFCON is the largest cyber security conference in the United States and it was officially started in 1993 by Jeff Moss. DEFCON had become a platform for a skills competition and as the Internet grew, both DEFCON and the CTF competitions did as well. CTF competitions have become global as they did not have any borders and can be done via the Internet. International teams were competing for different types of prizes and bragging rights. There are two formats of the cyber security CTF: attack-defend and Jeopardy-style.
The attack-defend CTF is where each team attacks the other team’s system, as well as defend their own system. Usually, there are two rounds of game play in which one team is the attacking team and the other team is the defending team in the first round and then they switch for the second round. There are flags (text files, folders, images, etc.) in the defending machines that the attacking team attempts to find as they compromise the machines. The attacking team is able to use different hacking tools in order to compromise the defending machines but there are rules in place to ensure that the teams are not at an advantage over the other. The defending team can do anything within the rules to defend their machines against the attacking team. They are not allowed to disable any network connections or turn off the machines. If there is any rule violation, the team will incur a penalty or be disqualified.
The Jeopardy-style CTF is similar to the actual Jeopardy game as the scoreboard looks like a Jeopardy board with different categories and point values. There can be more than two teams as the teams are not trying to attack each other. Some of the categories can include Cryptography, Steganography, Physical Security and Scanning. There are several other categories that can be used. Some of the challenges can be done against a main server that was developed for the CTF and the flag is inputted into the CTF scoreboard to get points for the team. A timer is used to start and stop the CTF and once the timer finishes, the game is over. The team with the most points at the end wins.
As mentioned before, CTFs are now global and can be online or in the same geographical area. Open Web Application Security Project (OWASP) San Diego would usually do a Jeopardy-style CTF once a year that participants are able to learn how to pick locks and use other tools to complete the CTF competition. The National Cyber League (NCL) is another CTF that is for students and faculty of universities and the NCL can be used as a curriculum in order to teach the students about cyber security. There are several other CTFs that are available and can be found on the CTFTime website.
I have participated in the 2015 OWASP San Diego CTF and the 2015 National Cyber League’s Fall Season. Both of these CTFs have given me more insight and practice with the tools associated with the cyber security field. I have also participated in two CTFs at National University as the cohort before and the cohort after mine had developed a cyber security CTF for their capstone project. The first CTF was the attack-defend style as the second one was the Jeopardy-style. The first CTF at National University gave me the idea to develop and host a CTF for my capstone project for my Masters in Cyber Security and Information Assurance (MSCSIA) program at National University and the OWASP San Diego CTF helped me to develop challenges for my capstone project.
My capstone project for the MSCSIA became a cyber security CTF in which it is a training tool for school and businesses to ensure cyber security awareness among students and employees. My group consisted of three people from my cohort, including myself. My team had a big challenge trying to find information on cyber security CTFs as there was not a single book out there that talks about the CTFs, let alone how to develop one. We found information via the Internet and got experience with one at the OWASP San Diego CTF held a few weeks before ours. We learned a lot from hosting the CTF as it was successful but there were things that went wrong.
The original plan was to have two teams and do a hybrid attack-defend and Jeopardy-style CTF. However, as the competition day drew closer, we had a lot of problems and had to go through the IT department due to us using Coleman University’s campus and equipment. Since we ran into these problems, we decided to just do a Jeopardy-style CTF and had to quickly develop challenges. Each of us divided up the categories and developed the challenges for those categories. The categories included: Reconnaissance, Cryptography, Steganography/Hashing, Scanning, Trivia and Best Practices. The teams went from two to four and it worked out as there were 11 participants for the CTF.
I had received some free stuff from Cisco Live 2015 San Diego to give away to the teams as prizes for the CTF. Everyone who participated received a Certificate of Participation and the professors that helped us out received a Certificate of Appreciation. Overall, all of the participants had learned a lot from the CTF and the judges of our Capstone Project presentation were impressed. Cyber Security CTF competitions are a way to help maintain awareness and for employees and students to gain more knowledge regarding cyber security.
If you are interested in participating in a cyber security CTF, please check out CTFTime.org, UCSB’s iCTF, and search the Internet for other CTFs that may be in your area. The NCL is accepting registration for its 2016 Fall Season until October 3rd for the Regular Season and it costs $25 per person. The need for more qualified security professionals is extremely high and participating in these CTFs will help reduce the skills gap.
