Year: 2017

June 5, 2017 2 Comments
Avatar

Taking certificate enrollment to the next level

Bouncy Castle adds support for EST

Note: We would especially like to thank the Crypto Workshop team for their contributions to this post and the fruitful collaboration.

Recently Crypto Workshop has been working on adding support for the EST protocol in Bouncy Castle (BC) Cryptography APIs. Bouncy Castle (BC) is a prominent library that provides cryptography for Java applications.

Enrollment over Secure Transport (EST) is a standard (RFC7030) designed to improve the provisioning of digital certificates. At Cisco, we believe in a more secure and flexible certificate enrollment protocol like EST. We have blogged about it before and have written about how EST compares with SCEP and other certificate management protocols, and why the industry has started to shift to it. EST is adopted in standards like IEC 62351-9 and IETF BRSKI. Some of our products already support EST for digital certificates (e.g., Cisco IOS and IOS-XE), but EST endpoints don’t just operate by themselves. EST involves a certificate consumer and a certificate provider, usually called a Certificate Authority (CA). We need to ensure that our EST solutions are compatible with third parties such as CAs, authentication servers, and endpoints.

For that reason, we worked with the Bouncy Castle team to ensure interoperability of BC’s implementation with EST implementations (libEST and more) used in Cisco products. The EST operations we tested initially were /cacerts, /csrattrs, /simpleenroll and /simplereenroll. After concluding our testing, we have confirmed that:

  • Cisco products that offer Registration Authority (RA) functionality can successfully allow Cisco IOS an IOS-XE products to communicate with BC’s implementation.
  • libEST fully interoperates with BC’s implementation. The same holds for Cisco EST libraries.

The following are some things we learned in our collaboration:

  • Language used in standards is sometimes open to interpretation. Implementers should try to stay close to the standard definition and standards’ authors should be as explicit and clear as possible when defining the protocol and provide examples that provide good coverage of the protocol.
  • Implementer’s choices about details not defined in the standard should be well-thought and communicated in order to avoid incompatibilities.
  • It is important to properly log protocol failures in order to trace back interoperability issues.
  • Using a well-defined testing strategy can help in identifying implementation holes.

BC announced EST support in Release 1.57 on May 11, 2017. As recently various CAs have been working on supporting EST we are expecting Bouncy Castle’s EST support to further enable and promote the adoption of a more secure and flexible PKI for the future. Due to its high adoption rate, we expect the support of EST to benefit CAs and endpoint vendors that take advantage of BC APIs for their crypto.

Authors

Avatar

Panos Kampanakis

Product Manager

Security & Trust Organization

1 Comment
Avatar

New Frontiers: Network Analytics in Real Time

Episode 2: Don’t Fly Blind – Network Analytics in Real Time

The phrase “flying blind” was first used in World War II when, during nighttime or bad weather, pilots were forced to fly only using the limited instruments they had available.

For IT professionals, visibility is a tricky thing.  There is extensive data produced by a variety of disparate systems and sources in modern networks. For many IT administrators this becomes like trying to watch 50 different television channels in 50 different languages all at once.

Nowhere is this more relevant then in security.  Attacks are unfolding in real time with damaging often done in minutes if not seconds, meanwhile for most IT/security teams it takes them months (100 days is the mean time) to detect that a new threat is inside their network. One of the most effective steps enterprises can do to compress this time to detection is to monitor and analyze data from the interior of the network at every hop in the network.   Attackers utilize the network just like users and devices do.  When they do, they can be spotted, but only if you have the proper visibility in place to produce and properly interpret what the network is telling you.

Cisco’s approach to security leverages the network as a giant sensor to provide pervasive detection everywhere there is a network device (a switch, router, or access point).   Cisco’s Digital Network Architecture provides a framework for transforming the network to enable IT administrators to leverage the power of the network for better visibility and understanding of what is happening in their network. Episode two of Cisco’s five-part innovation series, “New Frontiers: IT Innovations in 5 minutes,” explores data and analytics and its intersection with operating and securing the network. In this episode, you will meet Simoné, an engineer who explains how Cisco’s analytics has transformed the way IT professionals engage with their network, and how this evolved relationship has enabled greater flexibility and insights for enterprises around the world.

 

Authors

Avatar

Scott Harrell

Senior Vice President and General Manager

Enterprise Networking Business

Leave a Comment
Avatar

IT Roadblocks: A Shared Pain

Quick, tell me three top reasons why U.S. Federal Agencies can’t adopt advanced technologies faster.

If you said leadership, legacy and workforce, you win! Your prize is … um … well, you win the satisfaction of being right.

In a recent survey by Accenture, focused mainly on the adoption of intelligent technologies in the public sector, the three top hindrances were:

  • Legacy systems;
  • Lack of leadership support or understanding of potential;
  • Lack of internal skills or the ability to hire.

It should come as no surprise to anyone that the U.S. Federal Government regards these as key obstacles. They have been for years. What is more enlightening in the report is the finding that these are actually global problems.

Download the report

Accenture’s research included nine countries: Australia, Finland, France, Germany, Japan, Norway, Singapore, the U.S. and the United Kingdom, and a total of 774 respondents. All of them reported similar hurdles, even while they are also all making progress.

Floppy discs
Supporting legacy technologies keeps agencies from modernizing faster.

The survey specifies six categories of intelligent technology, including advanced analytics/predictive modeling, biometrics/identity analytics and intelligent process automation.  In the U.S., that first category is the one most widely already implemented, reported by 70 percent of the U.S. respondents.

Digital transformation is a huge undertaking, and factors such as the need to work around legacy systems, or to convince leaders who don’t understand the potential benefits of bringing in new technologies, only make it harder.

The right technologies provided by the right industry partners can help ease the burden. Don’t despair of the complexities though — the rest of the world is right there with you.

 

Authors

Avatar

Michael Hardy

US Federal SME

Cisco Americas Public Sector

June 2, 2017 1 Comment
Avatar

Cisco Spark Board on Demand

I pay for Netflix every month, along with almost 100 million other binge-watchers. I also pay monthly for Spotify, Amazon Prime, Dropbox, iCloud, and Google Drive. My life-as-a-service is incredibly convenient, and that’s just for cloud-based services. I have friends that pay monthly for their iPhones, including the hardware. And a couple of them have traded the hassle of car ownership for a monthly ZipCar fee that includes miles, gas, insurance, and parking.

In business, SMBs are way ahead of the curve paying for monthly cloud services. One of the vendors I work with uses more than a dozen as-a-service tools, from cyber security to video production to accounting software. The benefits of this new way of working are clear: You can start using these tools immediately without tying up cash. Speed is a competitive advantage.

We had speed in mind when we were designing the Cisco Spark Board, but we were thinking about productivity, not purchasing. We designed it to help teams get more done, faster. I like the way the team at Signa Group in Austria talks about Cisco Spark and the Cisco Spark Board:

“We’re getting much more competitive because we’re faster than the email writers. That’s it!”

-Ulrike Morak-Kohl
Employee Training and Coaching, Signa Group

Now we’re going all-in on making the Cisco Spark Board easy to get. We’re adding the Cisco Spark Board Access Plan, which has a single monthly payment and no up-front hardware costs. Like the ZipCar plan with included gas, insurance, and parking, the Access Plan takes care of everything for you.

With the Access Plan you receive:

  • The Cisco Spark Board hardware
  • Software subscription with automatic updates through the cloud
  • Maintenance and Cisco TAC support
  • Hardware RMA for next-day replacement service.

The plan MSRP is just US$380 per month for the 55-inch version, and US$575 per month for the 70-inch.

Contact your partner or Cisco account manager about the Cisco Spark Board Access Plan. For the new season of House of Cards, you know where to go.

.
Experience Cisco Spark Board for yourself. Join us at
InfoComm in Orlando June 14-16
Cisco Live US in Las Vegas June 25-29

 

For more from Signa Real Estate, watch the video:

https://www.youtube.com/watch?v=klCodT6EM2E&index=4&list=PL9DD5D64E0603C96C

 

Authors

Avatar

Tormod Ree

Senior Director and General Manager

2 Comments
Avatar

Less is More – Fewer Cybersecurity Vendors Yield More Effective Security

As I’ve talked about before, many organizations have traditionally relied on a tactical approach to security: encounter a new threat, buy another box. This happened time and time again, resulting in a complex security “frankenstructure” of products.

But new independent research from ESG shows that 62% of companies are now rethinking the way they purchase and deploy security technology. They’re actively consolidating their cybersecurity vendors and looking for enterprise class providers. Why? The top two reasons are:

  1. Greater operational efficiencies: security and IT teams gain greater operational efficiencies when products are designed to work together, and;
  2. More effective against new threats: Fewer, yet stronger vendor partners have the wherewithal to bring more innovative products that better address evolving threats.

The vast majority of companies use an architectural approach to guide their consolidation – one that integrates products so that they work together to secure the network, endpoints, applications, and the cloud.

The ESG findings underscore what we have been hearing from customers for some time – disparate point products can drive up cost, operational complexity, and management headaches. It is for this very reason we place considerable time and effort into building products that are simple, open, and automated – to get to an architectural approach that spans:

  • Network – using your networks for security and segmentation, stopping threats at the edge, and preventing lateral movement.
  • Endpoints – encompassing productivity so employees can work securely from any device, at any time from any location; compliance to ensure that every device that connects to the network meets your security policies; and also security to protect roaming users and defend against advanced malware protection on the device itself.
  • Cloud – using cloud-delivered security that protects users on and off network, over all ports and protocols; discovers and controls cloud apps; and protects data and workloads in the cloud while allowing employees to get their work done and securely collaborate.

We’ve made significant investments to deliver products that fit together for simpler security that delivers automation to yield a force-multiplier of effectiveness.

The ESG research goes on to explore what companies look for when selecting an enterprise-class cybersecurity vendor. Four key attributes rise to the top.

  1. Industry expertise
  2. Alignment of security with strategic IT initiatives
  3. Reduced complexity and a lower TCO
  4. Products designed to scale and integrate

Cisco came out on top, embodying all of these.

  1. Our team of more than 5,000 brings a diverse set of industry experience while our security services team has expertise in most if not all verticals/industries. We’ve helped:
  2. Cisco, as a company, considers how to integrate security into IT/networking – in order to provide as much value as possible to all of enterprise IT.Our products leverage the Cisco network to fit into your larger IT initiatives while streamlining operations with cloud-delivered security and management. We incorporate automation across IT infrastructure to quarantine devices, and can even allow you to clean up malware in a couple of clicks.
  3. I have spoken before about gaps in security resulting from a patchwork of point products and how we aim for better outcomes with greater simplicity through our architectural approach. This approach also delivers approximately 40% TCO savings over deploying point products, based on research from Forrester.
  4. As for scale and integration – few do this better than we do. With products built with openness in mind, we streamline the process for scaling security to protect mobile users or new branch offices coming online by activating additional security capabilities into your existing routers, endpoint security or other devices.

And finally, when asked about which vendors deliver the best cybersecurity intelligence (considering quality and efficacy) – once again Cisco Security comes out on top with Cisco Talos, our threat research organization. Why is Talos the strongest? Because it possesses the best global visibility into the threat landscape and leverages the industry’s most robust research capabilities including an unprecedented diversity of data sources, to deliver advanced threat intelligence that reduce the operational surface for attackers.

When we say diversity of data sources – we see a ton: threats and malware, web traffic, email, DNS, network intrusions, and endpoint intelligence – even insights about attacker infrastructure. Talos translates that data into intelligence and coordinates our response to stop more threats. Once a threat is detected, Talos immediately coordinates protections across products, from web and email security to endpoint and network security, for a fast, synchronized response across our entire portfolio, with no effort needed by the end user. Cisco Security, with Talos, keeps organizations safer.

Operational efficiencies, innovative solutions, and stopping advanced threats. This is what more effective security postures boil down to and this is why more enterprises are looking to consolidation and looking to Cisco.

Third-party validation is critical as you make IT and security decisions. I encourage you to learn more about ESG’s findings.

Authors

Avatar

Jason Lamar

Senior Director

Security Product Management Group

Leave a Comment
Avatar

Cisco Coups 2017 Small Cell Forum Awards

Cisco receives Judges Choice Award for open-nFAPI and 10 year individual contributor award to Cisco’s Distinguished Engineer Mark Grayson

The Small Cells World Summit is an annual event that brings together so many players in the small cell sector where they exchange experiences and show off the latest innovations. This year was particularly significant as the Small Cell Forum was celebrating its tenth anniversary, and last week the 2017 Small Cells World Summit was held on Tuesday May 23rd in London.

The summit is open to the whole industry with awards given and judged by an independent panel of industry experts. The great news is that Cisco came out top in two of the award categories.

Cisco’s Mark Grayson receives his award from the  the Small Cell Industry for “Outstanding Contribution to the Small Cell Industry”.

First, Cisco’s open-nFAPI open source project was awarded the judges’ choice award for its innovative approach aimed at driving adoption of the SCF’s virtualized small cell architecture.

Meanwhile, Cisco’s own Mark Grayson was recognized by the forum for outstanding contribution to the small cell industry. The forum’s chairman, AT&T’s David Orloff, praised the invaluable support to many of the Forum’s most important initiatives:

Without Mark’s hard work, technical brilliance, attention to detail and spirit of cooperation, small cells would have had a harder path to move out of their residential roots and into the cutting edge of hyper-density and the cloud

Congratulations to Mark Grayson a true industry leader and innovator, and to the Small Cell Forum for all of the great work they help lead.

Authors

Avatar

Jim O'Leary

Sr. Manager Mobile Solutions Marketing

13 Comments
Avatar

DevNet Create – Just Like Christmas!

So, It’s Thursday May 25th, the day after DevNet Create, Cisco DevNet’s very first developer conference. It’s kind of like the day after Christmas. What I mean by that is, that there is a tiny feeling of melancholy. You know what I mean? All the work and anticipation and then it’s over and you’re a little sad but still happy and ever so slightly you are looking forward to the next time. At least that is what I am experiencing, perhaps if I relive a little bit of DevNet Create I can shake off the blues.

Since I’m a DevNet insider I can start my retelling a little bit before the initial day…

Continue reading “DevNet Create – Just Like Christmas!”

Authors

Avatar

John McDonough

Developer Advocate

DevNet

Leave a Comment
Avatar

Supporting the broadcasting of the future

Media companies can use a cloud-based video infrastructure to support flexible and innovative ways of providing content.

The way we watch TV and video is changing rapidly. People are consuming more content online, on a growing number of different devices inside and outside the home.

And this is happening fast. Cisco research predicts that by 2020, video will account for over 80% of internet traffic. And that it will be accessed using over 11 billion connected devices.

The way that content is produced is changing, too. Media companies no longer simply rely on traditional distribution channels, and are making increasing use of IP video. They’re streaming shows online to meet these changing viewing habits, as well as developing innovative formats that their audiences may have never imagined before.

NBC Sports Digital streamed 3.3 billion minutes of content from the 2016 Rio Olympics. And during the same event, the BBC and NBC provided 100 hours of virtual reality programming. Media companies look set to carry on developing these kinds of service. Which is why Disney recently bought a 33% stake in Major League Baseball’s BAMTech streaming company.

These developments look set to continue, but only if media companies have the technology to make it happen. This is where Cisco can help, by providing a cloud infrastructure to support efficient, agile and innovative broadcasting.

Scaling up capacity

 One advantage of the cloud is that it allows companies to increase their network capacity within minutes, rather than going through a convoluted, days-long process. This can be especially useful when streaming major events to huge audiences. NBC Universal used Cisco technology to support broadcasting the Rio Olympics to millions of viewers via many different devices.

“Cloud and virtualisation has given us a huge opportunity in terms of scalability – the ability to adapt quickly and exponentially, to scale up almost immediately, without having to build out a lot of infrastructure,” says Craig Lau, the VP for information technology at NBC Olympics.

Powering new services

It isn’t just about one-off events, though. All of TV production is becoming more digitised. Cisco’s cloud video infrastructure can help media companies work more efficiently in this new environment, cutting down on cost and complexity. Our Virtualised Video Processing (V2P) technology allows companies to use one production line for all their video workflows. This makes it quicker and easier to supply content to many devices.

Brazil’s Globo is one media company that has used V2P to power a new service. The Globo Play app lets viewers access the broadcaster’s content any time on devices including smartphones, tablets, computers and connected TVs. It’s the first time a broadcaster in the country has made its daily content available in real time across multiple platforms.

“The V2P solution streamlines the delivery process. Now, we are able to deliver content through the application within minutes after broadcasting it on TV,” says Marcus Luz, the director of enterprise at Cisco Brazil.

An infrastructure you can trust

We understand that video production involves large volumes of data travelling at fast speeds, requiring high bandwidth and low latency. This needs to be supported by an infrastructure you can really trust. And the growth of ultra high definition video and multiscreen viewing habits makes even more important.

Our services are specially designed to meet the needs of media companies, and we’ve helped lots of them move successfully into the new world of online video. With our support, you can provide the services that customers want now – and respond to even more radical developments in future.

Find out how a cloud video infrastructure can help you create the TV services of the future. Read more about the Cisco video solutions for media.

Authors

Avatar

Adam Davies

Technical Leader, Engineering

Service Provider, Video Solutions