Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between April 14 and April 21. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteristics, indicators of compromise, and how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of date of publication. Detection and coverage for the following threats is subject to updates pending additional threat or vulnerability analysis. For the most current information, please refer to your FireSIGHT Management Center, Snort.org, or ClamAV.net. Read more »
ONUG is here again and next week I will be heading to San Francisco to participate in the Spring conference. This will be the fourth ONUG conference I am attending and it has been fascinating to see the event evolve from defining the SD-WAN business requirements, and expanding to Cloud, Security and Analytics – all new topics at the Spring event.
The key behind all of these technologies is digital transformation and I believe that this will continue to be the main driver for network innovation. Cloud applications, more mobile devices and IoT are challenging existing network designs and forcing organizations to think of the network more holistically while ensuring their users and data are secure.
So what does a digital-ready network look like? While SDN has been about a software driven approach to networking, it has also resulted in more automation capabilities that can help free up the time IT spends managing and operating their networks. More programmability allows organizations to tap into the intelligence within the network and create more business value. Lastly in order for networks to become more proactive and resolve issues before they occur, analytics will be key to making networks smarter.
I hope to see these topics and more discussed at the conference. If you are attending the ONUG spring conference, this is a quick overview of the activities Cisco will be participating in:
Day 1: Tuesday 25th April
12:20-1:20pm. The Lunch and Technology Showcase will give you an opportunity to see a demo of Cisco’s SD-WAN and Branch Virtualization solutions
2:05-2:50pm. Open SD-WAN OSE Exchange Update. Steve Wood, Cisco’s Principle Architect will give an update on the work he is doing to drive open standards into SD-WAN working group.
2:30pm. POC Theater. Kishan Ramaswamy, Cisco Senior Product Manager, will give an overview of Cisco’s Enterprise NFV solution with Intelligent WAN and how it will enable the branch for digital.
I spend most of my time educating channel partners, most of them Value-Added Resellers (VARs) on how Cisco CloudCenter can help them help their customers with a hybrid cloud strategy. What I’ve noticed in my first year at Cisco after being part of the CliQr acquisition is that selling cloud services is very different than the traditional VAR box sale.
Instead of a large influx of capital funds that a salesperson can use to retire quarterly quota, cloud selling is much more about planting seeds in multiple accounts, some of which will grow exponentially and continue to feed revenue streams in perpetuity. That lets a VAR build relationships with lots of different people within their accounts and there’s plenty of opportunity for hardware drag and services revenue in the short term, but it’s that long term relationship a VAR is really trying to build.
In a lot of ways, understanding the state of a customer is more important with cloud sales than traditional box approaches. A company at the beginning of its cloud journey has different perspective and is more in need of a trusted advisor like you than an organization that already has a sophisticated cloud operation and is looking to tweak its strategy to boost already substantial gains.
How do you tell these different customers apart? One set of predictors is easy to spot within the first five minutes you walk into that customer’s conference room by answering these two questions:
What kind of connectivity is there for the display monitor in the room?
How easy is it to get on their WiFi?
Those two items probably seem like they have nothing to do with cloud strategy, but what they reveal is how a particular customer views innovation adoption.
Rogers Innovation Adoption Curve
Made famous in Geoffrey Moore’s Crossing the Chasm the innovation adoption curve pioneered by Everett Rogers tells us a lot about how technology gets accepted (and rejected) by a particular market. Cloud computing has crossed the chasm between Early Adopters and Early Majority, but there are plenty of sales opportunities out there for the large number of customers in that Early Majority and the Late Majority to come.
Cloud adoption is a complex undertaking, far more complex than video set ups for conference rooms and guest access to WiFi, which is why where a customer stands with those two other, simpler technologies can be an early indicator of where they are on their cloud journey.
VGA + Guest WiFi Tickets = Shadow IT
When preparing to give your presentation to a prospect, as you go to plug your laptop into the video cable, if you see this:
remind yourself that Ronald Reagan was President of the United States when VGA first appeared on the IBM PS/2 and that this particular customer is likely not an Innovator or Early Adopter according to Rogers.
Similarly, if, in order to get on the customers WiFi someone has to go generate a ticket to get you a password, that tells you that they aren’t segmenting their access points according to where they are in the building and likely not managing their network with modern software tools that can easily separate guest packets from business-critical ones.
If it takes a ticket for something that occurs multiple times a day, every business day, what must it be like for a business team to get their hands on a new virtual machine? If the conference rooms have Cold War Era video connectivity, imagine how IT must feel about Internet of Things projects.
The good news is, should you experience either of these ancient ways it means that this customer is in one of the Majority categories according to Rogers, likely has plenty of Shadow IT, are much earlier on their cloud journey, so it’s a great opportunity for a VAR to have a lot more influence on the account as a trusted advisor.
For customers in this category, that likely means starting with a discovery phase given that Shadow IT is probably more rampant than they realize as business teams work around archaic ticketing processes. During that discovery, which would include careful analysis of network traffic to uncover unknown applications as well as scans of American Express accounts, many of those Shadow IT applications are not going to be compliant with existing security standards your customer has. Once all of the applications have been inventoried and the self-service, on demand provisioning needs of the business teams are well understood, a Cloud Management Platform (CMP) like CloudCenter can help bridge the gap between business and IT by providing IT the governance they want without interrupting the speed needs the business teams require.
And don’t forget about Cisco’s Business Cloud Advisor, an incredible tool that can show any customer more precisely where they compare to others on their cloud journey.
Apple TV or Cisco Proximity + One Click Wifi = Cloud Tweaking
If, however, you find upon opening your laptop that the guest WiFi has already been discovered and requires a single click to join it, which then allows you to synch with the Apple TV or Cisco Proximity service to connect to the video board in the room at 720p or better resolution, you’ve walked into a very different situation. You have now found yourself in the presence of an Innovator or Early Adopter and your conversation should go differently.
This audience is very savvy, likely already has an IT Service Management (ITSM) tool in place as a friendly front end for the business team constituents while the IT team controls things from behind the curtain of a CMP. They may need assistance figuring out when is the best time to move an application from a public cloud, back to a private cloud which is why benchmarking applications in CloudCenter is so important. Newer technologies like container clustering platforms could be of interest to customers like this and how to manage cutting edge applications built on microservices architectures alongside legacy client-server solutions.
Conclusion
Obviously, helping a particular customer with their cloud strategy is more involved than simply observing their conference room network and video connectivity, but those can be indicators of how their IT department sees technology innovations in general. Customers who are new to cloud and part of one of the Majorities on the Rogers Curve need help getting started. That starts with discovering what applications they already have, both sanctioned and Shadow IT, and inserting tools like CMPs and ITSMs so that IT can govern behavior, but without impacting the speed that the business teams demand.
Innovators and Early Adopters on the Rogers Curve have likely already have such tools in place, but need assistance determining when it is appropriate to move applications between public and private clouds. They are probably exploring microservices architectures based on container clustering technologies and may struggle to attend to those applications while keeping older ones up and running effectively. Regardless of where on the spectrum each individual customer may lie, there is plenty of runway left on this cloud journey we are on as an industry. By more quickly identifying where a customer is on that journey, you can demonstrate your understanding of their problems better and become that trusted advisor they depend upon for the long term.
This post comes from Trude Myhre, a forest conservation advisor for World Wildlife Fund – Norway. WWF-Norway is responsible for the implementation of a number of large and small projects, both in Norway and in our partner countries.
Part of what I love about my work is going out into the wild. I leave the city to travel for hours on backroads and dirt roads, seeking some of the most remote stretches of forest in Norway.
I’ve always wanted to do this kind of work. Growing up surrounded by forests formed my childhood and my desire to explore. While my university, training, and work required me to be near a city, I always looked forward to my next field visit.
But the reason for these trips isn’t to escape the hustle and bustle of the city. My work with World Wildlife Fund – Norway is to document the rapidly declining old-growth forests. These forests are unique, undisturbed ecosystems that are home to unique plants, animals, and microbes. These forests play an important role in cycling nutrients, absorbing carbon, and regulating our atmosphere.
When we’re able to collaborate effectively, we create something greater than the sum of its parts.
People often assume Norway is an untouched natural paradise. The reality is we have very few protected forests and we’re at risk of losing them. Once they’re gone, there’s no turning back. You can’t just replant an old growth forest: It took a millennium to form. My team must work tirelessly to document the loss and push for stronger protections.
https://youtu.be/kU2szYTiSi0
We do our fieldwork in very remote and rural areas. Whether collecting data or documenting evidence of logging, we need to communicate to our headquarters frequently. Previously, I’d collect data in the field but be unable to share with my colleagues until I was back in Oslo. It’s not only a matter of sharing files — they need the context that I’ve gathered.
Now, I’m using Cisco Spark to share information in real time. I post all the information in the app, where I can relay it to my team. We can connect right away, whether that’s through messaging, audio, video, or a whiteboarding session.
It’s not just me going out into the field. An entire group of people works behind the scenes on this effort. We’re under constraints to gather the best data in a short window of time. At the office in Oslo, they collect the information and map everything out on a Cisco Spark Board. This helps determine what actions are necessary to protect this area.
The timeline for protecting these forests is tight. We need to get data from the field to the policy team to affect the decisions that can protect this land.
When we’re able to collaborate effectively, we create something greater than the sum of its parts. The work is so much higher quality. It generates the impact that we need to help these forests survive.
Network Access Control (NAC) solutions have been around for some time and secure access has never been more important. The number of connected devices is exploding, IoT has certainly hit its stride, BYOD is here to stay, and accessing your work from anywhere is now an expectation. Visibility into all of these endpoints and devices is critical so they are managed and protected properly. That’s where ISE shines.
Among those attributes that made ISE stand out, SC Magazine recognized that Cisco ISE
Simplifies the complexity of secure network access.
Provides visibility into the users and devices accessing your network and the control to help ensure that only the right people from the right devices get the correct access to the enterprise services.
Controls all access throughout the network from one place, simplifying access delivery across wired, wireless, and VPN connections.
Provides, as a controller for Cisco TrustSec, a simple and scalable way to manage segmentation across the network.
Stops and contains threats by dynamically controlling network segmentation.
Earning this award is no small feat. Finalists and winners are chosen by two panels of judges comprised of a range of current and former CISOs, vendor-neutral consultants, analysts and educators from academic institutions.[2] I like to think of the SC Awards as the People’s Choice Awards for cybersecurity, which speaks all the more to ISE’s dominance in the Best NAC Solution award category.
It’s important to note two important points that make ISE standout:
ISE is way more than NAC, a term that traditionally refers to the means to implement policies for controlling device and user access to corporate networks[3]. Not only does ISE meet these criteria at unmatched scale, but it also provides deep user and device details that can be shared with other Cisco and 3rd-party technologies. This sharing is bi-directional, allowing ISE to receive threat intelligence and alerts for rapid threat containment. ISE takes policy enforcement to a whole new level with TrustSec and its software-defined approach to segmentation that provides role-based access to scale at the pace of your business. It’s for all these reasons that we’re more inclined to call ISE a “next-gen NAC” solution.
The amount of innovation that’s occurred in ISE within the past two years is staggering and aligned with Cisco’s quest for effective security that is simple, open and automated. Everything from supporting TACACS+ for device administration to a complete redesign of the user interface. We’re even making the deployment of 802.1x, BYOD, and Guest on Cisco Wireless LAN Controllers a simple, straightforward process that can take less than 5 minutes. And we have no plans to stop, with version 2.3 planned for release later in 2017.
When employees submitted entries into the #WeAreCisco #LoveWhereYouWork contest back in February, one of the themes that came through was that they loved that they felt like they could be themselves.
So the #WeAreCisco #LoveWhereYouWork contest is coming back, but this time with a #Maythe4th twist.
During a recent monthly all-employee meeting (the Cisco Beat), one employee bravely stood up during the “Ask the Execs Anything” sections, proudly proclaimed himself a Star Wars super-fan, and asked if Cisco would consider a company-wide #Maythe4th celebration. CEO Chuck Robbins said “absolutely” and thought that another Star Wars fan on the executive leadership team, Senior VP & GM, IoT and Applications, Rowan Trollope, would be the perfect “rebel” to lead the “alliance” to celebrate our geekery.
From April 25th (the next Cisco Beat) through May 4th, employees can post on Instagram and enter their photos that celebrate innovation and technology at Cisco (Come to the Spark Side!) or how women in tech at Cisco use their power for good (“You’re wrong, Leia. You have that power, too.”) Whatever Cisco Force employees want to post, it’ll be fun to see the entries! You can follow along using the three hashtags, #WeAreCisco #LoveWhereYouWork and #Maythe4th.
If you’re following the #WeAreCisco story on what it’s like to work at Cisco and the culture of the company, you’ll soon see it’s as great as dancing with Ewoks on Endor.
Because not only will the photos be on Instagram, but the #WeAreCisco team is partnering with the NASDAQ to highlight some of the best employee photos on the NASDAQ Tower in Times Square! You can watch the Tower live on May the 4th to see who gets featured.
PLUS, one lucky winner will get to talk Star Wars geekdom and any other topic thorugh a virtual coffee with Rowan Trollope!
Today, I attended the opening of Cisco’s new solar energy facility in Blythe, California. This facility, built by NRG Energy, Inc., will generate renewable power for use at our San Jose headquarters. Though we have already installed approximately 2.7 megawatts of solar at our sites in Texas, Massachusetts, and India over the past few years, this project is much larger (20 MW), is our first ever off-site power purchase agreement, and is our first-ever renewable energy project in the state of California.
Over its 20-year life, the system will help us achieve our goals of advancing environmentally sustainable growth in a connected world. It will produce approximately 60,000 megawatt-hours of clean, renewable solar power each year, which will reduce Cisco’s greenhouse gas emissions by nearly 18,000 metric tonnes! These energy savings will help reduce Scope 1 and Scope 2 greenhouse gas emissions by 40% while allowing Cisco to use renewable energy for at least 25% of our power needs year-over-year.
The project also reduces the number of renewable energy certificates we buy as a company, which brings more price certainty to our energy budget and will save us money over the life of the system. The additional 20 megawatts of renewable energy capacity also benefits the local community, bringing jobs and economic stimulus to Blythe.
As a whole, the project strengthens our reputation as a sustainability leader in the industry and shows our stakeholders that we are committed to advancing environmentally sustainable growth for ourselves, our partners, and our customers.
And as exciting as the Blythe II announcement is, our commitment to sustainability extends well beyond this project. At Cisco, we know that environmentally-friendly business practices can reduce business risk, improve reputation, and drive market opportunities. That’s why we implement projects and programs across our company that reduce our environmental footprint while making a positive impact on our bottom line. For example,
We are in the last year of our four-year EnergyOps program, which when completed later this summer will have implemented over 460 energy-efficiency projects across Cisco’s global real estate portfolio. These projects make our operations more energy efficient, lower our energy costs and also help us achieve our sustainability goals.
We are in the process of converting our office spaces to the Cisco Connected Workplace. These layouts can accommodate 30 percent more employees than a traditional office layout, reducing the amount of space and land we need, therefore reducing the environmental impact of our real estate portfolio. We expect to have reduced our facility footprint requirements by more than six million square feet by FY18.
To address our supply chain, we have worked with our suppliers over the years to help them report their energy use and greenhouse gas emissions to CDP. All of our key manufacturing partners and logistics providers, as well as 92 percent of key component suppliers, have now set goals and report to CDP.
Last year we also announced a new goal to avoid one million metric tonnes of GhG emissions from our supply chain operations by the year 2020.
We continue to improve power consumption in our products, from plug to port, for each new generation of Cisco’s products. We do this by optimizing input voltage, improving power conversion, and increasing the energy efficiency of key components.
Cisco has been a Global Partner of the Ellen MacArthur Foundation (EMF) circular economy program since 2011 and is developing a circular economy strategy with four main elements: product return, go-to-market models, IoT and cloud solutions, and product design.
We also offer many solutions that help our customers be more sustainable. Our EnergyWise and JouleX solutions help companies manage their energy in commercial and residential buildings. Our collaboration tools like Cisco TelePresence, WebEx, Jabber, and Spark make it easier work with teams all across the globe, significantly reducing business travel. We also have cloud and data center solutions such as Hosted Collaboration Solutions, Unified Computing System, and our Nexus products that improve data center network utilization and servers as well as minimize energy consumption.
These are just a few of the ways our sustainability program at Cisco extends into each part of our organization. This solar project is one more example of an innovative solution that will positively impact people, society and the planet. In the words of our CEO Chuck Robbins, we are committed to “making a difference in the lives of people around the world,” and this solar facility does just that.
Congratulations to the Cisco and NRG team that worked together to make this project happen. I look forward to working on and learning about different ways to reduce Cisco’s environmental footprint.
To read more about Cisco’s broader sustainability strategy, download our latest CSR report.
For the third year in a row, Cisco participated in the VXLAN BGP EVPN interoperability testing at the European Advanced Networking Test Center (EANTC).
The interoperability showcase and test results are featured in the EANTC white paper as a part of the MPLS + SDN + NFV World Congress. This year, a total of seven vendors participated in the VXLAN BGP EVPN interoperability testing, showing significant industry adoption year over year.
VXLAN BGP EVPN – 2 RFCs, 3 Drafts, 7 “Options”
As with many early-stage technologies, VXLAN BGP EVPN has seen many proposed implementation options and variations. The latest solution is comprised of many pieces of the standard bodies. For example, VXLAN data-plane itself is covered in RFC 7348 while the overarching definition of the BGP EVPN control-plane is covered in RFC 7432.
In order to define the operational models for VXLAN BGP EVPN in more detail, additional drafts have been issued. While the EVPN-overlay draft (draft-ietf-bess-evpn-overlay) specifies the control-plane for Layer-2 operation, the routing functions are separated into the first-hop routing (draft-ietf-bess-evpn-inter-subnet-forwarding) and the IP subnet routing (draft-ietf-bess-evpn-prefix-advertisement) drafts. This amounts to 2 RFCs and 3 IETF drafts.
IETF draft/RFCs
The various RFCs and drafts provide different implementation options. There are two to three options per draft, but paired with the amount of guiding documents, the permutation becomes quite large. In order to provide some additional context to the testing results, below explains the different implementation options and what they entail.
Layer-2 Service Interface
In “draft-ietf-bess-evpn-overlay”, there are two modes of operation describing how the EVPN Instances or EVIs are configured and how the associated information is carried over the BGP control-plane. EVPN Instance or EVI are Virtual Private Networks (VPNs) in the terminology of EVPN.
The first option, called “VLAN-based”, is described as “single broadcast domain per EVI”. The EVI is the equivalent of a VPN in EVPN terminology. In this option, the tenant VLAN is mapped to a single EVI where the entire routing-policy is applied (Route-Target in BGP terminology). In this 1:1 mapping approach, the single broadcast domain is represent with a VLAN or a VNI respectively. The VLAN/VNI is associated with an EVI which provides the most granular control for importing routes, specifically the MAC addresses.
The second option, termed “VLAN-aware,” is represented in the section “multiple broadcast domain per EVI”. For this option, multiple VLAN/VNI combinations are bundled into a single EVI. This bundling requires slightly less configuration, as multiple VLANs/VNI only require a single route-target. However, when automated configuration options are considered, this is no longer an advantage. In fact, the loss of granular control of importing and injecting routes on a per VNI basis now becomes a disadvantage. In both VLAN-based and VLAN-aware options, the data-plane is similarly populated where a single VNI identifies the local MAC-VRF. Similar as an IP-VRF for Layer-3 domains, the MAC-VRF defines the logical boundary but this time for Layer-2 domains.
Cisco has followed the VLAN-based approach. This approach, coupled with the auto-derivation of BGP EVPN Route-Targets and Route-Distinguishers, provides the most granular option to populate hardware tables appropriately.
Today, given the obvious advantages, all vendors participating in the EANTC interoperability testing have converged to the VLAN-based approach, allowing broad interoperability testing between vendors.
First-Hop Gateway (Integrated Route and Bridge or IRB)
With the goal of driving benefits from Layer-2 forwarding and inter-subnet forwarding with EVPN, a first-hop gateway option had to be defined based on the approach of Integrated Routing and Bridging (IRB). Just like Layer-2, there are different use-cases with Layer-3, and as a result two different modes of operation were defined in “draft-ietf-bess-evpn-inter-subnet-forwarding”, namely, Symmetric and Asymmetric IRB.
Symmetric IRB / Asymmetric IRB
Asymmetric IRB follows a more traditional approach, where the first-hop gateway for the End-Points performs the routing operation only at the ingress. This results in a bridge-route-bridge operation or a similar approach as employed for Inter-VLAN routing. With Inter-VLAN routing followed by bridging to the respective destination through the Layer-2 VNI (L2VNI), the device hosting the first-hop gateway function is required to have all possible destination MAC/IP binding information. This implies that the MAC-IP binding information of all local as well as remote End-points needs to be known at the first-hop gateway device which is inherently a scaling limitation.
Symmetric IRB uses a bridge-route-route-bridge approach. Whenever there is a routing operation done at the ingress, there is a symmetric routing operation performed at the egress. Routed traffic from ingress to egress is forwarded via a transit segment, defined on a per-VRF basis and termed the Layer-3 VNI or L3VNI. For all routed traffic that goes in any direction, the L3VNI is stamped in the VXLAN header. This is different from the Asymmetric IRB scenario where, depending on the destination, the routed traffic will carry the L2VNI associated with the destination subnet. The symmetry provided by Symmetric IRB ensures that only MAC/IP bindings associated with locally attached End-Points are required at the gateway, reducing both the required software and hardware state.
With the aim for a distributed first-hop gateway approach paired with optimal scale and no hair-pinning, Cisco implemented the Symmetric IRB approach. Symmetric IRB provides the most scalable approach by not creating a pollution of MAC/IP adjacency information across all the devices performing first-hop gateway function.
While there was initially a wide adoption of Asymmetric IRB among the original authoring vendors other than Cisco, most of the newer entrants have implemented the more scalable Symmetric IRB approach.
IP Subnet Routing (IP-VRF)
Most vendors agreed on how IP Subnet routing can be done using two primary options, along with a third combination of the two. In “draft-ietf-bess-evpn-prefix-advertisement”, all three options are defined with very creative names. The “interface-less” approach embeds the next-hop’s MAC address (RMAC) as part of the same BGP NLRI where the IP Subnet prefix is sent. With this approach, all information necessary for routing is embedded in a single BGP update.
This is different from the other two “interface-full” approaches, where for every next-hop, an additional BGP advertisement is created to provide the next-hop’s MAC address. The reason for this is in the primary implementation of the “interface-full” approach, the next-hop is numbered, and for each of these next-hop IP addresses, the respective IP-to-MAC mapping is required. In one flavor of the ‘interface-full’ approach, the next-hop is numbered and it is necessary to send IP-to-MAC mapping for each next-hop IP address. Even with the unnumbered option for “interface-full,” the additional BGP prefix is still required for serving the recursive look-up on the next-hop.
Cisco implemented the more natural way “interface-less” operates, with no additional MAC route advertisement required on top of the IP subnet route. Cisco also adopted the variation of the “interface-full” option based on the unnumbered making. Cisco is the only vendor with both unnumbered based approaches for IP subnet routing in BGP EVPN implemented and with the ability to host both options at the same time. Cisco can also route between “interface-less” and unnumbered “interface-full” based implementations.
Convergence to a Common Implementation
As you can see, the various VXLAN BGP EVPN options presented in the IETF drafts can result in quite a few permutations. This, together with the respective vendor decision regarding choice of implementation, made interoperability quite difficult in the early days.
Over the last year or so, there has been a convergence to a specific set of options. This convergence has reduced the complexity for users. The original co-authoring vendors along with the late-comers are fairly aligned with the following common set of options for EVPN:
For Layer-2 Service Interface: VLAN-based
For First-Hop Routing: Symmetric-IRB
For IP Subnet Routing: Interface-Less
The test results from the EANTC Interoperability Showcase of 2017 highlight the convergence to a common implementation set, mirroring the functionality Cisco currently supports and has been shipping for the last 2 years for VXLAN BGP EVPN.
Cisco continues to drive enhancements on top of its VXLAN BGP EVPN solution, always with industry standards and openness in mind. Together, the BGP EVPN control-plane and data-plane agnosticism has helped to drive new approaches and data-planes like Segment Routing. The single control-plane approach across multiple domains makes intra Data Center use-cases very attractive, while also enabling seamless elasticity to other domains.
Simply defined, “digital transformation” means using digital technology and business models to affect change to operations, revenue models, and even the core culture of your organization. It is not a new concept; it’s an ongoing need as organizations work to keep pace with technology, competitors, and stakeholder expectations, from clinicians to customers.
For life sciences organizations, significant market disruptors include:
Tech-savvy consumers
Shifting production requirements
Supply chain transformation
Accelerated product timelines
Security and regulatory requirements
To succeed in the face of these disruptions, life sciences organizations are focusing on specific digital capabilities to bring benefits across the continuum, from manufacturing to market.
Create loyal customers via differentiated experiences
Improve clinical trials and product time to market
Improve business operations, workflows, and the supply chain
Facility security and global regulatory compliance
Cisco empowers digital transformation for life sciences with solutions that enable improved customer engagement with clinical trials, factory optimization, faster time to market, enhanced operations, and end-to-end security to protect against threats like ransomware. The roadmap below details the main three stages of the life sciences production cycle. At each stage, we offer an innovative set of solutions that will enable digital transformation in your life sciences organization.
For more information on Cisco comprehensive solution set for life sciences organizations, please visit cisco.com/go/healthcare and connect with us on social media.
During a recent monthly all-employee meeting (the Cisco Beat), one employee bravely stood up during the “Ask the Execs Anything” sections, proudly proclaimed himself a Star Wars super-fan, and asked if Cisco would consider a company-wide #Maythe4th celebration. CEO Chuck Robbins said “absolutely” and thought that another Star Wars fan on the executive leadership team, Senior VP & GM, IoT and Applications, Rowan Trollope, would be the perfect “rebel” to lead the “alliance” to celebrate our geekery.
