2017 - Page 146 of 223

May 8, 2017 4 Comments

Secure the Branch by Securing the Business

Security in not simple and not all companies are the same. Different business needs, inter-connected applications, and compliance regulations are coupled with increasing demands of the network by employees, partners, customers and most recently, devices; the fragmentation of the attack surface is maddeningly complex, as thieves become better organized to take advantage of it.

However, when viewing the problem in its entirety, patterns begin to emerge. Regardless of what industry you work for, certain types of business methods at the branch are likely to be employed and consequently, exploited. I joke, for example, if security concerns around email keep growing, maybe it is time to stop using that form of communication. If the Internet connection in the branch is too dangerous to secure, then don’t use it. If you don’t want malware on your network; don’t have one.

Obviously, most businesses of today require those types of services. SAFE uses common business practices that require common security capabilities to provide a reference for end to end security.

The SAFE model provides a reference architecture that you can use to customize for your company’s specific business needs. The model uses several viewpoints to provide the right level of clarity for all audiences. The SAFE model includes

An 80/20 rule for common branch business use cases
Security capabilities mapped to the common threats within these use cases
Reference branch architectures that logically arrange the security capabilities for simplicity
Suggested designs that use the reference architectures for common branch deployment scenarios and solutions.
A method to customize the model for specific company security needs.

Securing the Branch starts with the Business

SAFE uses common business flows that expose risk to a company. Each flow has security capabilities that relate to those threats. By using the SAFE reference architecture, you can understand how to design for the majority of your business needs and let you focus on what is unique to your business. Let’s look deeper at the branch business and how that affects its architecture and design.

The Secure Branch business flows are:

INTERNAL flows are any business need that company employees have on the network.

THIRD PARTY flows are network connections to vendors, service providers or companies external to your company.

CUSTOMER flows are a variety of network services such as guess Internet, website portals and protected customer information.

Each of these types of flows have common uses in the branch. To simplify the common branch business risks, we color coded each use case and created an example that can be used for the architecture and design of a secure branch.

These flows have different attack surfaces that need security capabilities to protect them.

Secure Branch Architecture

Each of these flows go across many parts of the organization. In order to secure them, we must look at each flow and what Places in the Network (PINS) they connect to. SAFE provides guidance on each PIN and the common threats that exist there by using these flows to illustrate and simplify security. Here is an example of a small branch PIN using the business flows and security capabilities from above.

This business flow architecture ensures that each line of business has the appropriate controls. This allows a design to be created by selecting the vendor that can provide the product that has the requisite security capabilities. Here is an example design of that same small branch but with specific hardware chosen to meet the needs of securing the business.

This same mapping of business flows with corresponding security capabilities can be reused for different designs. For example, in contrast to the small branch, perhaps you need a more redundant and available network for your business. In this case, the large branch might be a better fit. It is important to note the same business flows and risks are being secured the same way. Here is an example of the large branch architecture.

This large branch uses the same controls but has more local compute services and redundancy. The vendor selection and configurations to make this architecture into a design is illustrated by the following large branch design.

By using the SAFE reference security architecture, you can get best practice security guidance that maps to today’s security challenges. This allows you to tailor it to your specific business needs or have your Cisco account representative schedule a SAFE workshop for your company.

Visit www.cisco.com/go/SAFE to download the new SAFE Secure Branch Architecture guide and other SAFE tools.

Authors

Christian Janoff

Enterprise Architect, Compliance

Security Technology Group

Vulnerability Spotlight: WolfSSL library X509 Certificate Text Parsing Code Execution Vulnerability

Talos Group

Discovered by Aleksandar Nikolic of Cisco Talos

Overview

Talos is disclosing TALOS-2017-0293 / CVE 2017-2800, a code execution vulnerability in WolfSSL. WolfSSL is a lightweight SSL/TLS library targeted specifically for embedded and RTOS (Real-Time Operating System) environments, due largely to its small size and performance. WolfSSL is used in a wide range of products including ICS and IoT devices.

This particular vulnerability is related to the use of x.509 certificates and the code that deals with string fields in DER certificates. Specifically the code responsible for parsing ‘commonName’, ‘countryName’, ‘localityName’, ‘stateName’, ‘orgName’, and ‘orgUnit’. A specially crafted x.509 certificate can cause a single out-of-bounds overwrite that could result in certificate validation issues, denial of service, or remote code execution. To trigger this vulnerability, the adversary needs to supply a malicious x.509 certificate to either the server or client application that is making use of this library. The full details surrounding the vulnerability are available here.

Authors

Talos Group

Talos Security Intelligence & Research Group

6 Comments

3 Pathways to NFV Success … or How to Tame the NFV / SDN Monster

Sidney Kriger

If you are a fan of Greek mythology, then you know that Cerberus was the three-headed dog that guarded the gates of Hades. This monster kept the dead from escaping. When you are on a journey to NFV transformation, sometimes you may feel you cannot escape from your own personal Hades. As my colleague Ben Bekele wrote recently, we sponsored research interviews with your service provider peers to understand some of the ways they have tamed the monstrous challenges faced on this journey.

What we found is that service providers most often chose one of three pathways for their transformation journeys. However, most had to manage elements from each of the three at some point, like dealing with Cerberus. I have listed the three pathways in the box below.

When choosing a path of technology evolution, you attempt to bound the problem by implementing NFV for a small set of functions or subsystems. This approach enables you to limit risks and is not typically dependent on broad organizational involvement or change. You can build a strong business case for this well-defined step toward NFV to address a specific need like virtual Evolved Packet Core, whether the move is part of a broader strategy or not. Such an approach can narrow your focus too much, though. You might ignore the ultimate need to engage more broadly across your organization to break down silos among teams as automation or software-based networking blurs boundaries. Also, measuring success may require you to develop new KPIs different from those from the world of physical appliance-based solutions.

You can approach NFV with a more strategic eye toward what your customers want from your service offerings. Service-led innovation allows your business opportunity to drive the requirements for the technology you employ. You focus on what it takes to build a new service to deliver the business outcomes your customers want. For example, businesses may be seeking simplicity, self-service, and lower costs from a managed service like SD-WAN. You select the functions, automation, and deployment model to deliver those outcomes and to meet your agility and business model needs. To drive market penetration, though, you may need to educate customers on how the new services are different and how they can take advantage of the benefits the services offer.

The third pathway starts with full-fledged organizational transformation. As the study shows, nearly half of the study participants started with a focus on organizational transformation. Moving more holistically to an NFV and SDN environment means changing organizational culture, up-skilling your talent pool, and operating more like a web company. Automation and dev/ops can bring agility, accelerate innovation, and open new opportunities, but only when your teams are set up for success. They need to understand how this change helps you compete, helps them develop and grow, and helps build a foundation for delivering future services. You need to bring them on the journey right from the start.

The research also revealed the top goals SPs have for NFV and SDN. First and foremost, service providers seek greater agility. They need this to compete more effectively and to respond more rapidly to customer needs and market opportunities. Second, they seek to achieve greater network efficiency. With this they can optimize how they deliver services. The interviews identify several other reasons SPs are building their futures on NFV and SDN, as well.

We will be sharing more highlights from this research in the coming weeks. We will delve into the challenges SPs face in greater detail – including the top ten they identified. We will also explore the many of the ways they overcame those challenges. In the meantime, you can download the report.

Authors

Sidney Kriger

Senior Manager of Business & Technology Architectures

Worldwide Service Provider Marketing

5 Comments

Marketing Velocity 2017 Event Recap: Become A Digital Believer.

Bryan Sherlock

Marketing is amazing. I mean those of us that do marketing for a living really do “live the dream.” Granted there are numerous meetings, funding challenges, deadlines, and the ever persistent stressors of moving targets and dates. But take a step back, and realize what’s happening.

A shift has occurred, a shift that is changing the way we talk to customers. We are witnessing a movement from the death grip of traditional marketing activities, to the growing approaches offered by digital marketing.

Michelle Chiantera, VP of Global Partner Marketing says it best, “Digital isn’t new, its NOW.” Throwing the gauntlet that to thrive in today’s marketplace you have to embrace digital. This was solidified with the event theme, “There’s Never Been a Better Time to Become a Digital Believer,” at this year’s Marketing Velocity 2017 event in Chicago.

Bringing It All Together

This year marked the 10^th anniversary of the event, and it did not disappoint.

https://youtu.be/wNwEWsBuqCA

Not only did attendees get to hear from marketing executives like Karen Walker, CMO and Michelle, but something new was offered this year. Cisco’s business and sales leaders were also on hand sharing the value of bringing sales and marketing together. Chris Dedicoat, EVP Worldwide Sales, and Wendy Bahr, SVP Worldwide Partner Organization honed this message on the power that sales and marketing could have when coming together.

Chad Reese, Director Partner Marketing, also gave an incredible demo of Partner Marketing Central. He captured the audience’s attention with the capabilities of PMC and sharing the power of the enablement side of ENGAGE.

As if that wasn’t enough, power house speakers Peter Hinssen, Martin Lindholm and David “Shingy” Shing shared amazing points. Sure they brought big thinking, but more importantly they connected with the audience making them think through incredible storytelling and brilliant imagery. Don’t take my word for it, check out the recordings posted here.

Just the Tip of the Iceberg

The event offered so much more than powerful keynotes. Attendees had the opportunity to select from three of six hands-on workshops. That offered insights into Omichannel, Social Selling, Driving Engagement, Increasing Conversions, Analytics and Storytelling.

https://www.youtube.com/watch?v=VgBTpqIbhWE&feature=youtu.be

I bet you wish you were there. Well, have no fear. These workshops will be offered as On-The-Air Webcast sessions later in the year, you should probably register.

So what was new? Thanks for asking!

The introduction of bringing marketing partners closer to our tech stack and to each other. This year included Tech 30 sessions that got attendees closer to Cisco solutions from Security, Lifecycle Management, Enterprise Networking and Data Center/Cloud with a marketing slant. The 30-minute, TED Talk style information session made the content tangible and actionable.

Taking a page from Partner Summit, Ecosystem Exchange meetings were brought marketing partners together. The pre-scheduled meetings continued conversations from the Summit event. The goal is to keep the conversations moving forward as the results could bring some amazing solutions in the future.

The event also brought partners and Cisco executives together through dedicated meetings. While we live in a digital world, there is just something powerful about bringing people together in the same room.

And the Winner Is…

What event would be complete without an award ceremony? This one capped the first day’s activities by presenting partners with the Marketing Innovator Award.

Winners were recognized for bringing digital capabilities into their marketing mix. These partners are embracing the power of digital marketing to engage, entice and educate their customers in new and exciting ways.

Thank you Chicago!

Amidst the parties, the meetings, the food, Blues Brothers and the hilarity there were clear directives. Michelle wanted attendees to embrace digital and take what they learned back to their organizations. Have an understanding of how business strategies come together and Cisco’s committed to their success. And one of the biggest points is she wanted partners to leave inspired, and to Become Digital Believers.

I can’t wait to see what happens next year! See you in Barcelona.

Authors

Bryan Sherlock

Marketing Manager

May 5, 2017 Leave a Comment

Vulnerability Spotlight: Power Software PowerISO ISO Code Execution Vulnerabilities

Talos Group

These vulnerabilities were discovered by Piotr Bania of Cisco Talos.

Today, Talos is releasing details of a new vulnerability discovered within the Power Software PowerISO disk imaging software. TALOS-2017-0318 and TALOS-2017-0324 may allow an attacker to execute arbitrary code remotely on the vulnerable system when a specially crafted ISO image is opened and parsed by the PowerISO software.

Overview

The vulnerabilities are present in the Power Software PowerISO disk imaging utility, used by Windows users to create, edit, mount and convert various popular disk image file formats. The software is commonly used by home users to mount ISO disk images since this capability is not included by default in Windows versions prior to version 8.

ISO (9660) disk image format is a file system within a single file. Essentially, it is a binary copy of the file system used by the standard software CD-ROM installation disks. Today, most of the installation disks for popular software and operating systems are distributed using the ISO file format.

Authors

Talos Group

Talos Security Intelligence & Research Group

A Major Shift is Underway in IT – See What is on the Horizon

Pankaj Gupta

Attend Cisco Sessions at Gartner IT Operations Summit

IT leaders from all over are traveling to Orlando, Florida to attend the Gartner IT Operations Solutions & Strategies Summit, May 8-10, 2017. The theme, “Beyond Business as Usual: Increase Relevance, Engage Change,” perfectly captures the technology acceleration and external pressures facing IT today. It’s clear that Digital Business has changed the rules, bringing new challenges and expectations for IT.

One thing is certain: to survive and thrive, your organization needs to evolve to:

Improve the customer experience
Enhance threat prevention
Optimize IT performance
Drive business performance.

Special for this Summit, Cisco designed two sessions aimed at helping ITOps elevate their value and role in the digital enterprise.

On Monday, Jonah Kowall, VP of newly acquired AppDynamics will moderate a panel of IT Operations Management to share lessons learned and answer your questions.

On Tuesday, Jonah and I will host a lunch and learn focused on taming the growing complexity that is prevalent in IT environments today.

This is an exciting time to be in IT. It’s time to re-imagine IT to enable new levels of agility, engagement and performance.

Stop by the solution showcase expo, booth #402, and attend our sessions to see what Cisco is doing to advance IT.

I hope to see you in Orlando.

Authors

Pankaj Gupta

Director, Market Management

Enterprise PSM - Portfolio, Software, and Campus Switching

2 Comments

Cisco joins Open Air Interface to accelerate open multi-vendor RAN splits

Mark Grayson

Back in February we announced the open-nfapi project, a set of libraries and simulators that implement the Small Cell Forum’s nFAPI MAC/PHY split base station architecture. We described the need for many of the verticals identified as targets for new 5G use cases to be able to serve all employees, contractors, partners and visitors, irrespective of their carrier affiliation. We went on to examine the current capabilities for active network sharing to deliver multi-operator solutions, and cautioned that those were ill equipped to accelerate the deployment of the wide range of indoor use cases. And we concluded that the Small Cell Forum’s multi-vendor nFAPI split architecture, together with its neutral host management model, offered a new approach to active sharing of an LTE RAN based on a multi-vendor CU-DU implementation.

Shortly afterwards, GSMA released its report on 5G, describing new models for infrastructure ownership and which reported the results of their survey of 750 operator CEOs. The results of that survey highlighted that the operator CEOs thought that the widespread adoption of network sharing, including active sharing, will be the most common structure for the mobile industry in the 5G era.

Now moving forward, even though Cisco has licensed the nFAPI libraries under the permissive Apache 2.0 license, enabling them to be integrated by the widest possible set of stakeholders, including closed source proprietary RAN products, we do not underestimate the real challenges in getting such capabilities implemented. With this in mind, we are pleased to announce that Cisco has joined the Open Air Interface (OAI) open source ecosystem. We will use our membership of OAI to demonstrate how to integrate the open-nFAPI libraries into an existing LTE RAN protocol stack; the integration between the lower nFAPI libraries and the PHY layer implemented on a Software Defined Radio platform as well as the integration between the upper nFAPI libraries and the MAC and RRC layers.

Like GSMA, we are convinced that 5G will need to focus on lowering the barriers for deploying active sharing in order to support multi-operator deployments. This naturally means addressing the thorny issue of multi-vendor interoperability of internal RAN interfaces. With a combination of SCF’s published nFAPI specification, together with open source libraries and simulators to test implementations already available in the open-nfapi project, Cisco is now working with OAI to reduce the risks and effort associated with realising an nFAPI based multi-vendor LTE solution derived from a pre-existing protocol and hardware platform. Cisco welcomes other OAI members, SCF members, 3^rd party developers, other open source ecosystems and researchers to help contribute to this effort.

Authors

Mark Grayson

Cisco Fellow

Cisco’s Emerging Technologies & Innovation Group

2 Comments

Look Who’s Virtualizing Architectural Design and Graphic Workstations at the GPU Technology Conference

Francoise Rees

Written by Mike Brennan – @CiscoVDIguy – Product Manager, Desktop Virtualization and Graphics

In my role at Cisco, I am fortunate to have the opportunity to meet our Customers who do absolutely amazing things with Cisco UCS and our partners’ technologies. One shining example is CannonDesign, who set out on a journey to implement their Single Firm Multiple Offices (SFMO) global collaboration strategy. “CannonDesign is an integrated global design firm that unifies a dynamic team of architects, engineers, strategists, futurists, researchers and industry specialists driven by a singular goal – to help solve our clients’ and society’s greatest challenges,” to borrow an excellent description of the firm right from their website. Here is an awesome sample rendering of the firm’s work:

CannonDesign will host two sessions at the GPU Technology Conference (GTC) this year:

S7174 – An Architectural Design Firm’s Journey through Virtual GPU Technology for Global Collaboration on Tuesday, May 9^th at 11:00am
S7173 – Concept to Production: An Architectural Design Firm’s Jump to Virtualization on Wednesday, May 10^th at 1:00 pm.

The sessions will be hosted by Andrew Schilling, VP and Chief Infrastructure Officer and Jimmy Rotella, Digital Practice Director. Andrew, who was there when the company made their first painful attempt at virtualizing their three key user groups on another platform and who ultimately drove the successful conversion of the physical workloads to a virtualized FlexPod architecture with Cisco UCS B200 M4 blade servers and NVIDIA GRID and Tesla M6 graphics processors, will share the journey. Jimmy, a two-year CannonDesign veteran who is an architect turned graphics virtualization ninja, utilized his skills in analysis and benchmarking to zero in on how to satisfy the experiential needs of the firm’s knowledge workers, designers and renderers.

If you thought it wasn’t possible to virtualize designer and renderer physical workstations, you have to come to these CannonDesign sessions at GTC!

See how Cisco Desktop Virtualization and Graphic Solutions, built on Cisco UCS Blade Servers, with our partners, NetApp and NVIDIA, provided the ideal platform to enable the CannonDesign SFMO global collaboration strategy.

Visit Cisco’s booth #311 at GTC 2017 to learn more.

Cisco Systems, providing the power of platform choice for Desktop Virtualization and Graphics solutions

Authors

Francoise Rees

Marketing Manager

Customer Solution Marketing, Cisco Intersight

May 4, 2017 Leave a Comment

Heading to New Orleans for VeeamON 2017 this year? So is Cisco at Expo booth #104!

Chalon Duncan

Heading to New Orleans for VeeamON 2017 this year? So is Cisco and we would love to talk to you about what we have been doing in the data protection space with Cisco Unified Computing!

This is our second time at VeeamON, we were a proud sponsor of Veeam’s inaugural customer event in 2015. Our own Siva Sivakumar, the man who makes data center solution magic happen at Cisco, kicked off a general session on Cisco’s Data Center vision and the joint partnership for certifying the Veeam Availability Suite on Cisco UCS. Veeam awarded Cisco it’s Veeam impact partner of the year award which we were thrilled to receive. This year we will be at VeeamON 2017 as a premier sponsor and have many new exciting developments to share with you.

This past year our companies came together to develop Cisco Validated Designs for Veeam compatibility certification for Cisco UCS and Cisco HyperFlex systems. Veeam also helped us launch our new Cisco UCS S-Series Storage Server at our Global Partner Summit which is a perfect solution for high capacity backups.

https://www.youtube.com/watch?v=dYMknAsXgH4&t=1s

We are seeing tremendous demand to challenge the status quo of high cost traditional storage systems. An open systems approach changes the game by bringing together best of breed software like the Veeam Availability Suite with industry leading systems like the Cisco Unified Computing System that deliver greater scalability and better value.

Together with Veeam, we released an eye opening 3rd party lab validation report! In this report, side by side testing against industry leading purpose built backup appliances also known as “PBBAs”, showed Veeam Availability Suite running on the Cisco UCS S3260 Storage Server delivered 28.9% better performance and 49% lower cost! BOOM! I wish I had a mic to drop here…

https://www.youtube.com/watch?v=5qyZnS2088g

And in more recent news we just released Cisco HyperFlex 2.5 where Veeam worked closely with our Cisco engineering team to develop the industry’s first data protection integration for hyperconverged infrastructure! The team developed native snapshot integration into our Cisco HyperFlex System for VMware ESXi environments!! This is hot!

We are proud of these many joint accomplishments and also applaud Veeam for being positioned by Gartner into the 2016 Leader Quadrant for Data Center Backup and Recovery Software. All in all, 2016 was a great year for us and now you know why we are excited to share these accomplishments. But don’t take my word for it, hear from Veeam’s Andy Vandeveld, VP of Global Alliances, on why Veeam and Cisco are right for your business.

https://www.youtube.com/watch?v=nsgo1vb3aTM

Come visit us!

If you are coming to VeeamON 2017 there will be a lot to learn about and celebrate. Come by our Cisco booth #104 in the Expo Hall located to the right of the main stage and meet our team of experts to learn why Veeam is better with Cisco UCS.

One of our Cisco Powered partners iLand will also be present located at booth #302. These guys are great as their business runs on Veeam and Cisco UCS! Check out this case study that shows we helped them store 2.2 times as much data as compared to a SAN solution but lowered their cost per gigabyte by 55%! Definitely stop by their booth and ask them what they think of Cisco UCS.

Swag, Swag, Swag!

The Expo is open Wednesday and Thursday where we are giving away PopSocket smart phone stands all day long. At the end of each day we are also hosting raffles where the lucky winner gets a Microsoft Surface Pro tablet. And if that isn’t enough, we are also giving away an Amazon Echo at the VeeamON Rafflethon so be sure to sign up! This is a lot of swag so come visit our booth!

Don’t miss any of our events!

While you are figuring out how to fit everything into your schedule. Be sure to attend Wednesday’s general session where our own Frank Palumbo will deliver a keynote to kick things off for the day.

We also have two technical breakout sessions, one on Wednesday covering the new HyperFlex Snapshot Integration, and another on Thursday that takes you through the Cisco Validated Design process for certifying the Veeam Availability Suite on Cisco UCS.

If you are interested in having a private one on one conversation, we have a number of folks ready to meet with you. Just email us with the following information or come by our booth #104 and we will set you up with an appointment.

In your meeting request, please be sure to include the following:

Name:
Position:
Company:
Day and time:
Attendees Requested:
Meeting Goals:

Request your meeting here: ciscoveeamonmeetings@cisco.com

If your meeting has been accepted you will receive an outlook invite with time and location

If there is one thing we want you to walk away with. Is that Cisco and Veeam are committed to simplifying the complexity of bringing multiple best of breed products together to increase time to value for your business.

Come party with us!

After your brain is filled with all the Cisco and Veeam goodness you can absorb. We are sponsoring a great party to absorb some frosty libations at Republic NOLA which is right across the street from the event. Our team will be at the door welcoming you in and floating around to meet as many of you as possible.

Just be sure to watch where you step on Bourbon Street, be safe and have fun! You are in NOLA, the party capital of the United States! See you at VeeamON 2017!

If you liked this blog please stay tuned for more on data center storage solutions at Cisco and be sure to follow me on Twitter.

Securing the Branch starts with the Business

Secure Branch Architecture

Authors

Enterprise Architect, Compliance

Security Technology Group

Overview

Authors

Talos Security Intelligence & Research Group

Authors

Senior Manager of Business & Technology Architectures

Worldwide Service Provider Marketing

Authors

Marketing Manager

Overview

Authors

Talos Security Intelligence & Research Group

Authors

Director, Market Management

Enterprise PSM - Portfolio, Software, and Campus Switching

Authors

Cisco Fellow

Cisco’s Emerging Technologies & Innovation Group

Authors

Marketing Manager

Customer Solution Marketing, Cisco Intersight

Authors

Partner Managed Service Offer Manager

Global Partner Organization