Year: 2017

May 19, 2017 3 Comments
Avatar

Seamless viewing in a world of multiple screens

The Cisco Infinite Video Platform can enable service providers and OTT video businesses to cater for the complex multi-screen habits of today’s viewers

The way we watch video is changing. Yes, people still sit down in front of the TV to watch live programmes – but increasingly, this is only one part of a much bigger picture.

Maybe someone wants to pause watching a film on TV and pick it up at the same point on their phone a few hours later – perhaps in a different location. Perhaps they’d like to record a live sports broadcast on their set top box while also streaming it to their desktop computer at work. Or they want to be able to set which content their kids can view, whether on the TV, games console or tablet.

Figures from the Global Web Index show that millennials own an average of 3.45 video devices. And with Cisco research predicting that there will be 11 billion connected devices by 2020  , things are only going to get more complex – to include screens in cars and planes, for example.

This kind of behavior causes problems for service providers, whose legacy systems are already struggling to cope with the growth and huge variety of demand for online video.

Offering video services limited by device isn’t enough anymore. Service providers now need to offer bespoke, flexible services on any device – whether provided as part of the contract or already owned by the customer – and across any network.

Integrated solutions

Cisco’s next generation video solutions can help service providers succeed in this new future. They use an integrated, cloud-based platform for online video that makes it easy for providers to create, deploy and refine new services, regardless of which device or network they’re using.

At the moment, service providers are still delivering video using an inefficient, fragmented infrastructure, with broadcast, on demand and over the top video content each distributed along separate pathways. This is inefficient, and as demand becomes more complex, it’s going to become more and more tricky.

This is where the Infinite Video Platform comes in. It brings together these different platforms, making it easy for providers to distribute content wherever they like – including on devices and networks that they don’t manage. This saves operational costs, enabling providers to meet the challenges of the future.

One business that has used Cisco technology to transform its entertainment offer is D-Smart, the Turkish satellite television provider. The company needed a cloud solution that could enable it to quickly expand the variety of services it provided for its customers across multiple screens. It also wanted to create a new user guide that could easily blend multiple sources of content.

D-Smart found that Cisco’s Infinite Broadcast Solution would support it in creating these new customer services . Summarising the appeal of the technology Erdogan Simsek, the chief technology officer of D-Smart, said: “Cisco offered us a flexible cloud software solution to easily merge the worlds of online video and live broadcast TV.”

Scale workflows easily with Virtualised Video Processing

The IVP also includes Virtualised Video Processing technology, which allows users to operate a single production line for all video workflows. It intelligently orchestrates different functions such as encoding, recording and delivery.

This means that both service providers and media companies can easily scale workflows to support the video services required for distributing content to many different screens.

A world of opportunity

For example, a family could all sit around the TV watching a major show, but each person could also view content of particular interest to them on their own personal device. So they could each be reading about the actors, past episodes or filming locations on an app while watching the programme.

And this is just one example of the vast range of functions that are possible with the IVP. It enables existing service providers to meet the challenges of the future, while also making it possible for new businesses to enter the market and grow in a way that suits them.

The massive growth of online video offers huge rewards for those that get it right, but providers will need to be prepared. Why not work with Cisco to create the agile services of the future?

Do you want to seize new revenue opportunities by supplying content across all devices?

Get more resources here

Authors

Avatar

Yves Padrines

Vice President, EMEAR Sales

Global Service Provider

1 Comment
Avatar

How to Protect Your Data Center – Before, During and After a Cyber Attack

Business costs from the recent WannaCry ransomware attack are still being tallied and data center managers are quickly assessing their vulnerabilities within their data center infrastructure.

There are two immediate questions to think about when evaluating your operating environment and the applications that run on these systems:

  1. Are they running on current software releases?
  2. Is the underlying infrastructure of switches, routers and servers updated to their latest firmware releases?

There are other methods data center managers can deploy to detect ransomware and cyber attacks before they spread and do their damage. Consider using newer tools like Cisco Tetration Analytics that search and explore tens of billions of flow records, and by leveraging machine learning, provide actionable insight in less than a second.

Three Immediate Benefits to Having Pervasive Visibility and Control in Your Data Center in Real-Time: 

1. Ability to create policies around all your information which enforces tighter security between applications running across data centers, segments applications between various business entities, and applies an overall white-list model to the entire data center.

2. Automatically enforce a dynamically created policy in the hosts, no matter where they’re deployed – on premise, in the cloud, or a combination of the two.

3. Monitor the system to make sure the policies that are in place are, in fact, enforced and more important, see who is trying to work around those policies to create security breaches within your data center.

Are you ready?  Learn how Cisco Tetration Analytics can help your data center be prepared for the next cyber attack. http://www.cisco.com/go/tetration

 

Authors

Avatar

Adam Ozkan

Hybrid Cloud Infrastructure

1 Comment
Avatar

Securing OpenStack Networking

Cloud Security is currently top of mind for IT. In this blog post, I will provide a 10 point checklist to help you secure your OpenStack Neutron networking service. Ensure that you use “Defense in depth” as the primary security strategy and deploy a series of defensive mechanisms, as no single method exists for successfully protecting your entire service. This strategy ensures that even if one mechanism is compromised, another will be there to defend against the attack. Design network security in layers. So, instead of creating a single layer of network security protection at the perimeter, apply network security to every layer of the network, every component of the networking service and the communication channel.

Here’s the security checklist. Do keep in mind that this is not a complete list of every possible defensive mechanism that you could employ. The purpose is to provide some key security checks that you could use.

  1. Are all interactions with the networking service isolated into security domains with proper network segmentation?
  2. Does your ML2 mechanism driver mitigate ARP spoofing?
  3. Have you considered the pros and cons of supporting various tenant network types such as Flat, VLAN, VXLAN etc.?
  4. Have you hardened the Host OS, vSwitch, Message Queue and SQL Database?
  5. Have you patched all reported neutron security vulnerabilities?
  6. Are you using neutron security-groups and enabled port-security?
  7. Are all communications using SSL encryption?
  8. Has API access been secured using role-based access control (RBAC) by using the concept of least privilege?
  9. Have you investigated the maturity and security features of the various pluggable neutron components used?
  10. Are you using quotas to limit project resources?

For more information you can listen to my talk given on this topic at the recently concluded Boston OpenStack Summit.

It can be found here.

I value your feedback. Feel free to comment and share your thoughts on this topic.

Authors

Avatar

Naveen Joy

Technical Leader, Engineering

Chief Technology and Architecture Office

May 18, 2017 Leave a Comment
Avatar

Enough is Enough – Change Must Begin Now

Beginning last week, many organizations around the globe found themselves responding to infected computers in their environments that were hit with new malicious ransomware called “WannaCry.” Most other organizations reacted quickly to protect their network-critical files from being taken hostage by cyber criminals and held for ransom. And we are now seeing new variants of the exploits.

While experts continue to investigate the technical details, the most urgent need is to identify and ignite change that aims to lower the chances that this will happen again. This incident should prompt a broader discussion about the crucial role that all involved parties play, including those who find vulnerabilities, technology vendors who fix them in products and services, and customers who operationalize technology and rely upon it in this digital age. The approach for each group to contribute to the end result is very different.

A Way To Think About This Event

The current event brings into focus the issues that need to be discussed and thought through when a/an:

  • vulnerability is found,
  • exploit is created and/or used to leverage the vulnerability,
  • technology vendor learns of the vulnerability and issues a fix (or is not aware of an issue),
  • technology operator must update (ex: a customer’s IT department).

Those Who Find Vulnerabilities

This past week’s events are a call-to-action regarding policy changes that put defense and resiliency first. We at Cisco plan to amplify the demand for clear policies related to governments around the world disclosing vulnerabilities. Confidence in the global internet is being undermined by allegations that some governments stockpile and exploit security vulnerabilities in products, rather than reporting them to those who can fix them. Vulnerabilities should be disclosed immediately when found, apart from short-term exceptions by court order when an effort to save lives is directly involved.  As last weekend’s shutdown of hospitals in the UK shows, lives are also put at risk when critical infrastructure in endangered because of undisclosed vulnerabilities.

The event underscores the importance of having transparent processes, subject to meaningful oversight, for how governments handle and disclose vulnerabilities. Cisco is, therefore, encouraged to see new bipartisan legislation introduced in the United States Senate on this topic. We look forward to working with the proponents of this legislation, and with governments around the world to establish new rules of the road. Rules that are designed to quickly route information about vulnerabilities to organizations capable of acting upon it to protect security in a timely manner.

Increased transparency about the process and how it works will build more trust, and will mitigate the risks of undisclosed vulnerabilities. It should not be a matter of “if” governments are required notify vendors, but “how long” until governments must notify them.  Recent experience demonstrates that we must assume secrets will eventually fall into the hands of those who can exploit them. Therefore, we have to act quickly to ensure vendors have a reasonable opportunity to defend their customers and users before those disclosures occur.

Those Who Exploit Vulnerabilities

To be clear, those affected by this incident are victims of a criminal attack. The perpetrators are at fault here. And the affected individuals and organizations deserve a thorough investigation to find the bad actors, and to seek justice as well as peace of mind. To that end, Cisco will redouble our efforts to aid law enforcement agencies in identifying the bad actors behind these types of incidents.

Those Who Can Fix Vulnerabilities

We must acknowledge and (frustratingly) accept that software, hardware, and services vulnerabilities exist today and will continue to be discovered, no matter how hard we all work to avoid them. With millions of lines of code plus thousands of configuration options, and the ability for a single wrong keystroke to be able to result in a bug that isn’t detected, complexity is quite possibly the single biggest contributing factor.  That said, technology vendors don’t get a “pass” here.

When it comes to managing vulnerabilities and bugs, technology companies’ interests and those of our customers need to be 100 percent aligned.  Cisco recognizes the technology vendor’s role in protecting our customers, and we won’t shy away from our responsibility to constantly strive to do better. For a decade, we’ve aimed to reduce the security vulnerabilities and risks associated with our products through industry-leading efforts such as Trustworthy Systems initiatives, Cisco Secure Development Lifecycle, Cisco Common Crypto models, and Product Security Incident Response Team (PSIRT) and Vulnerability Disclosure policies. Is it perfect? No. Are we ever satisfied? No.  Are we striving to do better? Resoundingly, yes!

Those that Need to Deploy the Fixes to Vulnerabilities

If you accept the premise that there will be vulnerabilities despite all attempts to avoid them, then once the security update is available, oftentimes it falls to the users or administrators of that technology to deploy it.

Good technology operational hygiene is essential, and organizations need a measureable operational model to understand and manage security updates. This includes having an emergency response process to handle real-time threats like this recent one we saw. In terms of establishing what is possible, organizations can take into account things like Vulnerability Dwell Times, and the acceptable level of risk within the network – all of which should be understood and agreed to by senior leaders.

Network defense continues to require an ongoing “protect, detect, and remediate” strategy, and the best way to secure a network is through a multi-layered, end-to-end approach. This means: prevent as many threats as possible from getting in, have tools in place that identify those that do, and others that will contain and fix the issue.

Delivering trust and security in technology is a multi-party responsibility. Cisco remains committed to our holistic security approach beginning when a Cisco product is conceived, through its development, manufacture, and deployment. We will continue to provide the resources necessary so our customers know what they need to do to safeguard against cyber criminals. And we will also continue to advocate and engage the necessary stakeholders to ensure that policies evolve to maintain confidence in the global Internet.

Authors

Avatar

Mark Chandler

Retired | Executive Vice President

Chief Legal and Compliance Officer

2 Comments
Avatar

It’s A Bot Time – and Money

Walk into a party early and suddenly realize that it’s only you and Bill Gates in the room. Congratulations – on average, you are a billionaire!

This logical twist underscores how averages can be misleading indicators – how using averages can lead to some poor conclusions.

However, Bill Gates and you do have the same amount of one thing: Time. You’re both constrained by 24 hour days, 7 day weeks, and 365 day years. With all his wealth, Bill still hasn’t found a way to bend the space-time continuum. (Although he has made some great charitable contributions.)

Time is the most critical consideration in any undertaking.

Time is the most critical consideration in any undertaking. A process may produce wonderful results – but if it takes too long to get there – people may never exhibit the patience to take the journey.

Similarly, time is the most critical element in any customer care scenario. Almost every innovation in contact centers technology in the last 40 years was designed to attack the issue of time savings. Computer-Telephony Integration, Interactive Voice Response, advanced routing – you name it.  Time and its cousin cost – were the two primary motivating factors.

The next wave of innovations is well underway. This time, the means to the end is an exciting new array of capabilities lumped into a category called “bots, AI, and machine learning.” These are critical set of enablers that deliver a true “next generation” customer experience.

Here’s how they fit in the customer-care equation:

  • Bots: A broad set of capabilities that automate and assist with routine tasks for search, discovery, and interaction. They save time for customers and lower costs of operations.
  • AI: A set of capabilities that emulates cognitive functions in humans. AI will be embedded into bots to make interactions natural.
  • Machine Learning: The ability for software to adapt without outside programming. This will speed improvements in customer-facing applications.

Earlier this month, Cisco announced its intent to acquire AI startup MindMeld, which “helps businesses to build conversational interfaces with cloud-based service.”

The most powerful question a person can ask another is “How may I help you?” It’s a “bot” time customer care started by asking that question also! (Stay tuned.)

Read more about Cisco’s acquisition of MindMeld in Rowan Trollope’s recent post.

Authors

Avatar

Zack Taylor

Director

Cisco Global Collaboration

1 Comment
Avatar

Spring PONC -Three Game Changers!

I’m guilty of missing the past few Cisco Packet Optical Networking Conferences (PONC), but I’m very pleased that I was able to attend the most recent one in Richardson, Texas.  More than 150 customers, partners and industry analysts were present and several contributed to the event presentations. In addition to that, product experts from Cisco talked about disaggregation, network modernization and programmable, scalable DWDM networks. The focus this year was about simplifying the network, enabling automation and demonstrating these software innovations in the optical layer.

Optical networking hardware is expanding to higher bit rates, increased modular variations and increased spectral efficiency with flexible grid technologies. These features were demonstrated on the second day of the event and one customer chimed in saying “Wow, this is really awesome!”

I saw three key presentations at PONC that represented to me, a seismic shift in optical networking:

  • Data Center Interconnect presented by Google
  • Transport Modernization presented by Verizon
  • The Role of Disaggregation in the Future of Optical Networks

Data Center Interconnect (DCI)

Per Vijay Vusirikala of Google, increased line rates are difficult to engineer and optimize but the operational efficiencies that you can achieve by automating Layers 1/2/3 are much more obtainable.  Focus on embracing network change through enhanced data models and streaming telemetry was Vijay’s message here.  This business minded approach to DCI was an eye opener for me.  Suffice it to say that Cisco is way ahead in the development of enhanced data models and streaming telemetry for Layer 1/2/3.  Since Cisco’s DCI solution, the NCS 1000 family, runs on IOS XR, NETCONF/YANG and streaming telemetry are built-in.  With model-driven telemetry, software based automation solutions can analyze and adjust the network to take full advantage of all the changes that arise in near real-time. 

Transport Modernization

Glenn Wellbrock of Verizon gave a very concise accounting of how they could utilize large scale Circuit Emulation (CEM) to transform central offices and decommission the circuit based Digital Cross Connects, SONET ADMs, and M13 Multiplexers without impacting customers. This is a major undertaking, but one that will save this provider billions of dollars.  Many, including myself, thought that as the old circuit based TDM equipment failed and replacement parts were no longer available, providers would transition their customers directly to a routed network delivering only Ethernet services.  This change from TDM service offerings to an Ethernet-only service would have trickled down to millions of end users and created a monster transition. Verizon decided there was a better way and that they could get most of the benefit of the routed network without changing every piece of customer premise equipment (CPE) through CEM.  Standby for more news on Transport Modernization.  Cisco is leading the way on the CEM hardware, with the NCS 4200 family, and more importantly Cisco is leading with the software tools to affect this change.

The Role of Disaggregation in the Future of Optical Networks

A very topical discussion, Ron Johnson from Cisco spoke about the emerging disaggregation market, and the benefits it might provide for service providers.  Ron emphasized that disaggregation does not mean commodity. Disaggregation can, in fact, lend itself to a stronger and more “best of breed” approach than an aggregated solution. Disaggregation can offer more flexibility, and less customization of hardware. It’s also clear that there are many more opportunities to add value with software and focus on applications. Cisco is committed to delivering the disaggregation the market wants, in addition to providing the traditional solutions of fully integrated hardware and software for the optical networking market.

Vijay probably said it best when he said to expect change.  Change is no longer the exception in optical networking.  Those changes are best leveraged through innovation in software. Likewise, Transport Modernization involves some new hardware, but the software tools to orchestrate a seamless transition are really the big story. In this era of Optical Networking, maybe time changes both hardware and software?

Look for more announcements in this area, and please plan to join us November 15th and 16th for our PONC Rome event.

Authors

Avatar

Greg Nehib

Senior Marketing Manager

SP Infrastructure

1 Comment
Avatar

The Network’s Role in Securing the IoT

Over the past few weeks, I’ve blogged about the importance of having a holistic security strategy for the Internet of Things (IoT). Now is the time to really amp up security and privacy by design at the endpoint device level. Everyone has a role to play.

We know that enterprises are struggling to secure their networks. Immediately, the network can provide device segmentation and isolation to help customers manage the risk of vulnerability, whether it be in IoT or traditional IT. But in addition to what we can do now, we must embark upon a holistic approach to this problem. Customers must demand more of their technology vendors. Manufacturers should establish and adhere to baseline security requirements. Developers should be trained to design with security and privacy in mind. Even venture capitalists should play a role by asking hard questions about security, privacy and data protection before funding start up projects. As an industry, we need to form a common vocabulary that will enable buyers to compare products side-by-side from a security point of view. Similarly to nutritional labels for food, without common terms, comparisons are extremely difficult.

Cisco has a role to play too. We are working on standards that will enable manufacturers to describe communications an IoT device is supposed to have. We are also working on standards to improve how a device can be brought online through a secure zero-touch approach. These are both examples that focus on scale,  as a core problem of securely managing a network full of IoT devices, while acknowledging that the ‘things’ themselves will never completely protect themselves. It is this balance – where the network enables secure, efficient IoT adoption – is where Cisco is focused.

This is how we need to view the world of IoT moving forward.

But what about IoT devices already deployed? According to Gartner, 8.4 billion connected “things” will be in use this year, a 31% increase from last year. Even if we dramatically upgrade the security capabilities of future devices moving forward, that does not help the billions of devices currently on the market protect themselves against attack or against being used as a vector of attack. How do we protect ourselves? To help compensate for the lack of device security, we can leverage the network as a sensor and a tool to identify malicious traffic and enforce access policy.

It all starts with awareness. Network visibility – or telemetry – helps us understand the day-to-day behavior of the network. It’s crucial to have an understanding of the baseline traffic on your network to help pinpoint when traffic is out of the ordinary. And, when things are out of the ordinary, the network can enforce security policies to allow the right users and devices to get the right access, as well as containing the impact of a potential attack.

This is why it’s important to keep your infrastructure up to date against the current level of cyber risk and upgrade when it no longer has the capabilities needed to be resilient. Outdated components and software provide an opportunity for attackers to breach networks – such as the recent WannaCry ransomware example, increasing risks for unpatched machines as well as some legacy operating systems that are at end of support. The costs of ignoring the problem of aging infrastructure can be devastating – potentially, in the form of a lost data, revenue, customers and their trust.

Some view security as a hindrance to the IoT. This is simply not true. It’s more than risk mitigation, it is actually a growth enabler. It’s about giving your business the agility to go where it needs to, quickly, because you are comfortable with the level of security.

More to come regarding the standards we are working on to help secure the IoT….be sure to watch this space for details. Until then, be sure to visit the Trust Center for the latest news and resources.

Authors

Avatar

Anthony Grieco

SVP & Chief Security & Trust Officer

Security and Trust Organization

Leave a Comment
Avatar

Terror Evolved: Exploit Kit Matures

Talos is monitoring the major Exploit Kits(EK) on an ongoing basis. While investigating the changes we recently observed in the RIG EK campaigns, we identified another well known candidate: Terror Exploit Kit.

Terror EK is one of the new players who showed up after the big Exploit Kit market consolidation last year. When Angler and friends disappeared new EKs started to try their luck. Many of them were far from Angler’s quality. One of these was Terror EK which appeared end of last year. It started with a very simple version,carpet bombing the victims with many exploits at the same time, no matter if the exploit matched the victim’s browser environment or not. Unfortunately, they improved the kit step by step and we saw a fast evolution up to the latest version analysed in this report.

We identified a potentially compromised legitimate web site acting as a malware gate, redirecting visitors initially to a RIG exploit kit landing page, then switching to Terror exploit kit one day later.

This may indicate how these campaigns collaborate and share resources, or possibly one campaign pirating another. Terror seems to constantly evolving. In this campaign it has added further exploits and no longer carpet bombs the victim. Instead it evaluates data regarding the victim’s environment and then picks potentially successful exploits depending on the victim’s operating system, patch level, browser version and installed plugins. This makes it harder for an investigator to fully uncover which exploits they have.

It is interesting to note that the adversaries are using an URL parameter in cleartext for the vulnerability they are going to exploit, e.g. cve2013-2551 = cve20132551 in the URL.

READ MORE>>

Authors

Avatar

Talos Group

Talos Security Intelligence & Research Group

2 Comments
Avatar

We’re Listening Blog Series: Making Lemonade – Turning Negative Customer Feedback into a Positive

Our hyper-connected world allows for an open market and on-demand access to products and services 24/7. This puts customers in the driver’s seat and when competing products are equal, customer experience becomes a deciding factor.

Listening to the voice of our customers is key to understanding what’s working, what’s not, and what’s missing from the experience. We all like positive customer comments because it’s validation we’re doing something right, but we shouldn’t fear the negative! It’s the negative feedback that provides the real insights to customer pain points and challenges, putting a spotlight on areas needing special attention or change.

For example, several years ago customers were aggravated about our packaging and shipping standards for some of our spare parts, cables, and adapters. Complaints were mainly about over and under packing. We were stuffing boxes too full with multiple parts making it difficult to determine content and quantity, or shipping some items individually resulting in excess packaging, environmental waste, and increased cost.

We listened to this negative feedback and our sustainability team looked at options for a more consistent global fulfillment model with decreased packaging waste and lowered operational costs. They gathered input from customers, partners, and distributors via surveys and interviews. We found a better way and now have an eco-friendly, multi-pack fulfillment and packaging strategy. Customers can order set quantities of parts and we ship with minimal packaging and clear labeling on the carton that includes product name, serial numbers, and quantity.

We know that if you, as our customer, take the time to communicate with Cisco about a bad experience, you’re probably angry, frustrated, and definitely have something to say. So, please give it to us straight. If there’s a breakdown, tell us so we can dig in, uncover the root cause behind your complaint, and identify what needs fixing or changing.

Your negative feedback is extremely valuable to Cisco. While we still have work to do to make sure all of your customer issues have been resolved, it’s our promise to stay on it until they are and then use the learnings to make internal improvements, much like we did with our packaging and shipping. We continue our commitment to give you the best customer experience in the industry.

Lemons, meet lemonade.

 

Authors

Avatar

Curt Hill

Senior Vice President

Customer Assurance