When I think about my old days at school, I remember my enthusiasm of learning new “cool” things such as thermodynamics, electronics devices and circuits and digital signal processing. Then, during my first 2 years working as an engineer, it was awesome to learn about ATM, Frame Relay, ISDN and the evolution to ADSL. Four years of engineering and +10 years working don’t compare to what I’ve learned during this past 3 days at Cisco Live online #CLUS. I’ll focus on one topic: The Cloud.
It is not “The Cloud,” it is a multicloud world composed of many providers and vendors of multiple solutions to specific use cases. According to IDC 84% of organizations will use multiple clouds.
It is not only public cloud that you need. It’s a strategy that needs your top management teams setting business goals and cloud being one enabler. Again, according to IDC 73% of organizations have a hybrid cloud strategy.
It’s a trend that has been around for some time now. It faced skepticism first and now it’s evolving very quickly being one of the most important disruptors in the IT Industry. We are just at the beginning.
It’s a solution but also an evolution to your current and future IT and business needs.
It requires new skillsets beyond the ones mentioned above.
Requires cultural changes to support old and new applications working with IT staff and Devops engineers (the order of appearance is pure coincidence).
Requires security beyond what is known. HW, SW & human behavior.
It can jeopardize your most precious asset: Information.
It will provide you a mean for your organization success, regardless of your Industry.
Requires high automation, visibility and manageability in your own infrastructure regardless of “The Cloud.”
These are my initial thoughts after watching some sessions at Cisco Live and taking some insights from a poll on Twitter.
It is not “The Cloud.” You need a holistic approach. If you want to learn more about how Cisco can help you in your journey, go here.
We’ve all heard the saying: You can’t teach an old dog new tricks. But have you ever tried?
I know, I know, you didn’t come here for canine training tips. Stay with me, there’s a point to all this. Anyways, it’s super hard. I tried, and all the dog wanted to do was sleep. Your best bet? You guessed it — getting a new dog.
The same thing was happening in security. New problems were arising — more roaming workers, apps and infrastructure moving to the cloud, and branch offices connecting directly to the internet — and the old tricks weren’t cutting it.
Enter new dog
Cisco Umbrella is the industry’s first Secure Internet Gateway (SIG) in the cloud. What is a SIG, you ask? Good question. A SIG provides safe access to the internet anywhere users go, even when they are off the VPN. Before you connect to any destination, a SIG acts as your secure onramp to the internet and provides the first line of defense and inspection. Regardless of where users are located or what they’re trying to connect to, traffic goes through the SIG first. Once the traffic gets to the SIG cloud platform, there are different types of inspection and policy enforcement that can happen.
You’re probably thinking “Hey! that sounds like the stuff you guys have been doing for years!” and you’re not entirely wrong. We’ve taken the functionality and proven platform from OpenDNS and used it as the starting point for designing our SIG. But here’s where things get taken to a new level. We’ve taken other technology from across the Cisco portfolio and reimagined how it could be integrated together in order to deliver an even broader range of coverage of malicious destinations and files and better intelligence, while maintaining and improving our openness and simplicity.
Stop more threats
To prevent more threats, we’ve added the ability to inspect files. Using a combination of AV engines and Cisco Advanced Malware Protection (AMP), Umbrella now inspects files that are attempted to be downloaded from risky domains — providing additional protection for your organization. Our intelligent proxy was also re-architected using microservices to automatically scale for even better performance.
Making our intelligence more intelligent
We know the bad guys will try new methods, so we are constantly tuning and developing new statistical models to help uncover attacks before they launch. We’ve added two more, including one that predicts domains that will be used in future spam campaigns, and one that automates the reverse engineering of domain generation algorithms (DGAs) to predict thousands of future malicious domains. We’ve created additional security categories to give organizations the flexibility to block potential threats sooner. And you can now create custom URL blacklists based on your local intelligence for more granular control and the ability to extend protection beyond your perimeter.
Keep it simple, keep it open
We want every interaction between you and our technology to be intuitive, meaningful, and ultimately, a delight. We know some of your biggest needs in the Umbrella dashboard revolve around setting up policies, finding infected devices, and identifying security trends within your organization. We’re revamping our user interface to improve policy configuration and provide more extensive reporting options. We’re introducing a new policy wizard that dynamically updates depending on what type of policy you want to create or change.
When you’re creating new policies, not only does it walk you through every step of the policy configuration with a simple question-based flow, but you can also use our policy tester before implementing to ensure it will be applied as you intended. For reporting, we’ve revamped the design to help you find key information faster and make reports easier to share. Now, it’s even easier to know what to focus on.
Since day one, we’ve built Umbrella to be a product that integrates and works closely with all types of technologies and platforms — including security appliances, intelligence platforms or feeds, and custom, in-house tools. Now, Umbrella integrates with Cisco Wireless LAN Controllers to gain broad visibility and protection across your wireless environment. Additionally, Umbrella together with CloudLock offers discovery and control for use of SaaS apps.
If you’ve been with us awhile, we’re excited for you to experience all the new features and functionality we’re adding to Umbrella. If you’re new (welcome!), we encourage you to try Umbrella, and see first-hand the power of simple and effective cloud security.
I may be on the collaboration team, but the security stuff always fascinates me. The stats around cyber crime are mind melting. Today’s keynote focused on security, which is always a timely topic, but even more so today.
A few stats from our chief security officer, John Stewart:
Almost 2 of every 5 executives Cisco interviewed has stopped a project because of security. Some projects are restarted after a delay, others are abandoned.
Cisco analyzes and reanalyzes 10 terabytes a day on a 3 petabyte data array — way more than I can count on my fingers.
Cisco finds and protects against 2 million pieces of malware per day and blocks 20 billion problems each day — about three for every single person on earth.
“It is exceedingly clear that digital, IoT, and everything about business transformation has happened right now as we have lived, in our careers,” Stewart said. “It’s no longer about technology being fascinating or interesting, it’s about technology being everything we need to keep going through life.
Narrowing the security world to Cisco Live, the team’s analysis shows that malware and phishing are the biggest issues here at the conference. And as of this morning, 46 terabytes of traffic had crossed the network since Cisco Live started four days ago.
In 2002, it took businesses an average of 145 days to realize they’d been hit by a cyber attack. In 2017, it still takes most businesses 100 days to realize they’ve been hit. Cisco can now do it in three and a half hours. As Stewart says, that’s still too long. The target is one hour, but it gets harder every day as attacks get more sophisticated.
“We’ve come to the point where we rely on technology. That’s why we have to get security right — so we can keep doing it.”
John Stewart, CSO, Cisco
Stewart interviewed Theresa Payton, former CIO of the White House, now CEO of Fortalice Solutions, on stage. A lot of her message centered around thinking about security differently. In fact, assume it will fail.
“I don’t care how good they are,” she says. “If you assume they all fail you, then you behave differently about how you store your data.”
She went through the example of when you go on vacation: park a car in the driveway, hold the mail and newspapers, put lights on timers. But what about your valuables? If you assume your security will fail, you’ll take precautions like hiding things throughout the house or in safes. Or, she says, “you can choose to leave it right by the front door — because you’re safe.”
“Why do we do that with our data?” she asked. “Just assume that everything will fail you. Even the best and brightest security teams will accidentally fail you. So if you do that, when that breach happens, they won’t be able to move laterally across your network. They’re not going to get it all.”
3:00p PT: Celebrity Keynote, Bryan Cranston, live broadcast on cisco.comFour time Emmy Award winner, Bryan Cranston takes the stage for an engaging discussion to wrap up Cisco Live 2017
Visit CiscoLive.com/us to view the full broadcast schedule and for more conference information.
Mystery solved
If you’ve ever wondered what I look like on a Cisco Spark Board, now you know. (I’m the one on the left with the scribbly hair.)
Customer Appreciation Party Who needs words when you have photos, right? We did our best to fill the T-Mobile arena to have all sorts of fun and leave most of the week’s acronyms behind for a few hours. The hats were blinky and Bruno Mars kept the energy up, up, up.
Catch up with what happened during Day 1 and Day 2 of the show.
Collaboration case study: The Steadman Clinic
And for your viewing enjoyment, a video about how Colorado’s Steadman Clinic is using Cisco Spark to change the way its doctors communicate with each other and with patients.
On the heels of last month’s WannaCry cyberattack, a new ransomware attack shut down systems across Europe this week. The main focus of the attack appears to be in the Ukraine (including banks, telecom, electrical systems, the main city metros, and the airport), but it has now appeared in 65 countries around the world.
What is Nyetya?
Ransomware is a rapidly emerging malware that locks up systems and data until attacker demands are met. The attackers may also threaten to destroy the data altogether. This attack is called Nyetya (a variant of Petya). It encrypts the master boot record, and may spread through the network. Like WannaCry, Nyetya leveraged the known EternalBlue vulnerability. Its origins are possibly associated with a tax accounting software package.
So far, retail has luckily been one of the less affected industries in the recent ransomware attacks. The industry is protected to some degree by demanding compliance standards (such as PCI DSS). Cardholder data is usually attacked at the point of sale or in sales systems, while ransomware is a completely different type of attack. However, it’s probably just a matter of time before cardholder data is locked up the same way.
As a retailer, you need to be thinking about assuring good security that warns of attempts being made to access the system, supported by a solid backup protocol that allows you to not pay, shut down, install the patches, and reload your data. Cisco recommends a set of ransomware defense products that calls on layers of protection from DNS security to endpoint security to email to network security. You can also learn more about Nyetya and solutions to protect your business here. For more on ransomware and retail, see my recent post about securing your retail store with the SAFE methodology.
Join our webinar hosted by Martin Lee, technical lead on Cisco’s Talos threat research team, to understand the latest on Nyetya. This session will take place on Friday, June 30, 2017 at 7 am PDT / 3 pm BST / 4 pm CEST. Hear the latest on the attack and steps you can take to strengthen your security.
What are IoT devices in healthcare? In my experience talking with customers, I don’t believe I’ve ever received the same answer twice. Most often, they call out patient home monitoring devices and consumer-grade fitness trackers. But to me, an IoT device is anything that you connect to the network. And in healthcare, we are certainly connecting more and more devices to the network, adding more virtually everyday.
If you agree on a definition of IoT, the question then becomes, how do you secure those devices against the ever-growing threat landscape? And not only secure them from improper external access, but also contain the damage and control lateral movement if the device is indeed compromised? Well, since most IoT healthcare devices have very limited out-of-the-box protection, an additional security solution is needed.
Enter IoT Threat Defense.
https://youtu.be/Bfsm2_qx9gg
This week at Cisco Live US, we officially launched Cisco IoT Threat Defense. Cisco IoT Threat Defense does many things to enhance your IoT medical device security. First, the secure and automatic policy based segmentation provides an adaptable, extensible means of protecting vital services at IoT scale. Segmentation helps to control inbound access and outbound permissions for these devices and also prevents these devices, if compromised, from being used as pivot points for attackers to move laterally through the network.
But before you can properly segment your network, you need to know the existing traffic flow and you need to identify connected devices automatically based on their traffic pattern. You also need to identify the end users and then their user profile which includes location of access, time of access, what the user is trying to access, and from what type of device they are accessing it from. As I’m sure you know, this is quite an intricate undertaking, especially when you’re a healthcare provider with countless medical devices and clinicians. IoT Threat Defense addresses this complex profiling challenge with a combination of ISE, Medical NAC, and Stealthwatch.
And to further complicate things, you also have dozens of device vendors continually accessing their equipment remotely. They provide ongoing maintenance and monitoring the proper operation of these devices to ensure optimized patient care. Since you need to provide secure access with integrated profiling and malware prevention, we have included Cisco AnyConnect in Cisco IoT Threat Defense.
We know this IoT security an exponentially complex challenge, and to assist with this, Cisco Advanced Services programs are available. Our experts can help your organization prepare, plan, design, and optimize your network and IoT security.
IoT is a very hot topic and many enterprises have started their IoT journey. But a majority of those initiatives never make it past the proof of concept stage. In a recent survey of 1,845 business leaders, Cisco found that 60 percent of IoT projects stall out at proof of concept and are never deployed.
Why? Because doing IoT right is hard. Customers have to deal with a plethora of issues from how to connect devices to the network, how to deal with the massive amounts of data coming from these devices, how to secure the both devices and data, how to automate the management of devices, how to drive actionable business insights from their data, how to scale and grow with their business, and most importantly – how to realize business value from their IoT investments.
Here at Cisco Jasper, we’ve been working for over a decade to enable IoT success for our 11,000 customers. And one of the biggest lessons we’ve learned is that enabling IoT success takes a village.
Successful IoT projects usually require the technology and expertise of more than one vendor. Which is why Cisco and IBM brought our respective experiences together in an IoT partnership that was announced last June. Today, the two parties are expanding that partnership to meet the next wave of customer engagements in a variety of use cases.
This is great news for customers. When tackling the myriad of challenges facing a nascent IoT project, having two of the most experienced IoT vendors working together with the stakeholders inside these businesses to solve their unique problems helps accelerate the success of these projects. Cisco and IBM are making it easier to develop, deploy and manage both the pilot phase of the project as well as the eventual production deployment. Cisco’s IoT operations platform, Cisco Kinetic, together with the IBM Watson IoT Platform, provides customers with the ability to quickly get up and running with device connectivity, device provisioning, secure data transmission, data cleansing, data analytics, machine learning, model training and the full lifecycle management of applications. Add on to this IBM’s industry specific analytics solutions that compliment Cisco’s fog infrastructure and customers will have an edge to cloud IoT solution. Together with Cisco and IBM’s professional services and world class hardware and software support, customers are able to trust their projects to a best of breed partnership that creates the foundation of success for their projects.
With this increasing depth of experience and rock solid technology platforms, Cisco and IBM are pursuing projects with customers in a variety of IoT markets like Manufacturing, Retail, and – most recently – Smart Cities. Building on successes like the Port of Cartagena, Cisco and IBM have begun exploring how to help cities and municipal governments around the world implement Smart City technologies that can leverage the Cisco Connected Digital Platform and the IBM Watson IoT portfolio and Smarter Cities product suite to accelerate the connection of parking systems, traffic management, street lighting and a host of other services to a powerful cognitive computing solution like Watson IoT. The complementary nature of Cisco’s Fog computing software and IBM’s Watson Cognitive Computing platform gives a complete end-to-end solution for cities around the world and builds a total package that is greater than the sum of its parts.
So if your IoT project is stalled, or if you’re looking for a partner ecosystem that can accelerate your IoT success, you’ve come to the right place.
“Today knowledge has power. It controls access to opportunity and advancement.”
Over fifty years later, this insight from the famed father of modern management, Peter Drucker, still rings true. In fact, more so than ever in our increasingly technology-driven era.
Opportunity Knocks!
With so much information about technology at our fingertips, how can business and IT professionals efficiently develop the knowledge they need to expand their opportunities and advance their careers apace?
How Can You Take Advantage?
We recently explored data virtualization’s value in general, and how Cisco itself uses this agile data integration approach to drive significant benefits. So, with Peter Drucker’s advice and your career in mind, what it the best way for you to gain knowledge about data virtualization, so you can take advantage?
You are in luck. We’ve made it easy for you.
Announcing the Cisco Data Virtualization Knowledgebase
The knowledge base contains a range of useful content, including business and technical white papers, tutorials, tech tips, and Cisco Information Server product documentation, as well as links to myriad additional resources, Cisco training, Cisco support, and more.
Role-based Content Accelerates Your Learning
The knowledgebase is designed to support multiple roles, including:
Evaluators who need to assess Cisco Information Server business and technical capabilities
Installers who must deploy Cisco Information Server instances
New developers who need to gain a basic understanding of the Cisco Information Server development process
Experienced developers who need to master Cisco Information Server’s more advanced functionality
Business analysts who want to find and use Cisco Information Server data sets
Analytics and business intelligence developers who want to integrate Cisco Information Server data sets into their solutions
System administrators who must manage and monitor their Cisco Information Server environments
Executives who need to accelerate revenue, lower costs, reduce risk, and improve compliance using Cisco data virtualization products and services
The knowledgebase’s Learning Map organizes content by role to accelerate both initial learning and ongoing use.
Getting Started is Easy
If a picture is worth a thousand words, then a video must be worth a million. Watch this short one for a quick overview of the content and how it’s organized. Then quickly “power up” your career with the knowledge you require.
These are certainly not easy times to be a retailer. Recently, our colleagues in Europe started to think about how to address many of today’s issues with “programmable retail,” the ability to write intentions and read the status of your business from the network. The weather, what a celebrity wore, a winning recipe from a cookery show, an on-trend brand opening a flagship store nearby, long-term road or building works, a major sporting event, a national holiday, a presidential election: All these are factors that can drive a spike or a slump in retail footfall and sales.
We see this around the world. For example, in the U.S., a post-election dip impacted on in-store spending by up to 20.3% in November 2016 (source: RetailNext), while heavy snowfall causing New York stores to close for a single day has been estimated to represent $152 million in lost sales (source: IHS Global Insight).
Some of these factors are (relatively) easy to predict and build into demand planning and forecasting, some distinctly less so and of course the impact varies greatly. Yet the Internet of Things (IoT) is opening up the possibilities for accurately anticipating shopper behavior in real-time at a micro level, and directing in-store activity accordingly – with no crystal ball required!
Enter the world of programmable retail. This blog series, authored by Cisco’s Edward Westenberg, explores how predicting and acting on shopper intentions, or interpreting and acting on shopper or associate activity, can deliver a seamless customer journey and optimize scarce resources:
[Editor’s note] Join us for a webinar hosted by Martin Lee, technical lead on Cisco’s Talos threat research team, to understand the latest in the new malware variant, Nyetya. Webinar will be on Friday, June 30, 2017 at 7 am PDT / 3 pm BST / 4 pm CEST. Hear the latest on the attack and steps you can take to strengthen your security.
Manufacturers are still just getting their hands around WannaCry, with one major automaker having to shut down its operations just last week from the virus. Today news has hit that another virus, currently being dubbed “Nyetya,” is waging a campaign against a variety of computer systems.
This time around we see a similar attack to WannaCry that seems to have started in Europe and has taken out systems supporting banks, shipping, and oil operations. It has also spread to U.S. companies, with a pharmaceutical company confirming they have been affected.
Here’s what we know from our Cisco team over at Talos, which monitors global security threats:
“Today a new malware variant has surfaced that is distinct enough from Petya that people have referred to it by various names such as Petrwrap and GoldenEye. Talos is identifying this new malware variant as Nyetya. Our current research leads us to believe that the sample leverages EternalBlue and WMI for lateral movement inside an affected network. This behavior is unlike WannaCry, as there does not appear to be an external scanning component. Additionally, there may also be a psexec vector that is also used to spread internally.
The identification of the initial vector has proven more challenging. Early reports of an email vector can not be confirmed. Based on observed in-the-wild behaviors, the lack of a known, viable external spreading mechanism and other research we believe it is possible that some infections may be associated with software update systems for a Ukrainian tax accounting package called MeDoc. Talos continues to research the initial vector of this malware..”
Updates to this article will happen as more information comes through. I highly recommend checking back for information.
How to reduce risk in your factory
In my blog about WannaCry, I laid out five ways to reduce risk. These same concepts apply when dealing with ransomware and are outlined here. Also, we have valuable information on Nyetya and how to protect yourself from ransomware here.
