Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed over the past week. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteristics, indicators of compromise, and how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of date of publication. Detection and coverage for the following threats is subject to updates pending additional threat or vulnerability analysis. For the most current information, please refer to your FireSIGHT Management Center, Snort.org, or ClamAV.net.
As we enter the second week of the 2017 Men’s NCAA tournament, it may surprise you that my bracket is still holding strong. Even with #1 Villanova and two #2 seeds Duke and Louisville cracking under the pressure. I will concede I didn’t see #3 seed FSU decide to lay a complete 66-point egg in their second round game; FSU, you did know you had to play twice right? “One and done” doesn’t mean you are crowned the champ after your first game!
How’s your bracket holding up?
According to Forbes you have a 1 in 9.2 quintillion chance of filling out the perfect bracket. A math professor at the university of DePaul suggests these odds could be as good as 1 in 128 billion. Either way, don’t hold your breath if that’s your expectation. I tend to look at a team’s foundation when I fill out mine, how’s their defense, how’s the ball movement, did this team evolve with the game or are they still trying to jam the middle with huge bodies? Yes, UC Davis, I’m talking about you! Just so you are aware the 3-point shot isn’t going away, maybe you should get some shooters and join the party!
A strong foundation is vital to the success of these teams. Yes, they can win a few quarters or even games and succeed momentarily with a single star player or a single innovative scheme, but to sustain a winning formula they need more than that. Truth be told, this is important in any aspect of life, sports or business. Financial Services is by no means an exception to this rule. Can we really look at a financial services firm the same way we look at NCAA basketball teams? Let’s adjust my questions above and see:
How’s their defense?
The Financial Services Industry is built on a very important concept; trust. It is estimated that cybercrime will cost financial institutions $1 Trillion, I was even recently told by a large international financial institution that they are experiencing over 19 billion threats per day. 19 BILLION! So just like ISU’s Deonte Burton driving from mid-court past all five Purdue defenders to dunk in their collective faces, where was your defense on that one Purdue?! If your financial institutions security is breached, it may cost far more than just money, it could cost trust, and that’s a hard one to overcome.
How’s the ball movement?
So maybe your financial institution isn’t out there dribbling a basketball, but speed, agility, and visibility are all needed by your institution. Over time the network has grown complex and financial institutions are spending 2-3 times more, which is unsustainable in a digital world with a growing number of devices, apps, users, threats and static IT budgets. You need to be able to get a branch up and running within days rather than months.
Let’s just tweak that last question a bit from the start:
Are they evolving and innovating?
Digital demands businesses to differentiate customer experience and re-define models quickly. Yet only 30% of digital projects will succeed [Cisco study]. This is partly because IT processes are slow and costly and new technologies are being developed faster than they can be adopted. Again Davis, shoot the darn three ball!
In today’s digital world, financial services firms are experiencing massive changes in customer expectations and a constant disruption from Fintechs and Insurtechs alike, all while having to continually manage risk and maintain regulatory compliance. You need to have a rock steady foundation to stay ahead of these constant transformational pressures. Cisco Digital Network Architecture is the core technology foundation for financial institutions that revolutionizes how you design, build, and manage your networks to accelerate and simplify your IT operations. Allowing you to focus on innovation. Innovation that drives business value and key networking automation, virtualization, analytics, and security. Innovation that helps streamline branch and corporate operations, manage risk and compliance, and personalize the customer experiences.
Transformation in financial services takes guts and ambition. Setting a transformational plan is hard enough, especially for financial services firms long used to the conservative approach of under promising and over delivering. However once the proverbial shot clock starts counting down that’s when the real work begins and plans many times go awry. The right foundation is often the separation between a great quarter or two and finding your institution winning the game.
To learn more about how Cisco can provide an exceptional foundation to your org/institution: Cisco DNA
Driven by a foundation of Openness, and extensibility of ACI, Cisco ACI App Center is gaining fast traction with Partners, customers and Developers. Several technology partners have already developed Apps and many more are in the process of on-boarding.
With the Cisco ACI App Center, we have enabled developers, partners and customers to build custom Apps on ACI infrastructure. At Cisco Live Berlin this year, I met several customers and partners with a keen interest in writing custom Apps and leveraging existing eco-system partner Apps, and many envision the App center as a market place for business Apps. I am writing this blog to take the reader on a journey of where the App center is today in terms of maturity, the availability of a wide choice of ecosystem partner and channel partner Apps, and where we are taking it from a roadmap standpoint. My emphasis will be on the ecosystem partner Apps, and before I deep-dive, a quick intro to the basics of ACI App Center.
What is the Cisco ACI App Center
Cisco ACI App Center builds on ACI’s foundation of openness, extensibility and programmability. It gives the ability to build both stateless and stateful applications, leveraging the open APIs, security and built-in redundancy functions.
ACI App Center Architecture
This is perhaps the only sentence I will sound geeky, The ACI App Center is a multi-threaded, distributed Clustered Fabric controller based architecture and supports Containers.
A broad and expanding ACI App Center technology partner ecosystem
I have seen the cisco ACI ecosystem grow meteorically in past three years to a 65+ strong community and several technology alliance partners from this ecosystem have also developed Apps for the ACI App Center. These apps deliver value added functions in areas such as monitoring, troubleshooting, security, cloud automation and orchestration etc. CiscoSplunkConnector, ServiceNowConnector, and InfobloxSync, Algosec ConnectivtiyCompliance, and SevOneACIMonitor Apps were showcased in recent CiscoLive Berlin.
CiscoSplunkConnector App:
The Splunk App enables customers achieve operational efficiency through its pro-active real-time monitoring, analytics, compliance capabilities. Data Center admins get better visibility to enterprise-wide data and correlate with ACI infrastructure, with a single click app download.
ServiceNowConnector App:
ServiceNowConnector App brings full governance, compliance and business service management capabilities to ACI customers. Automation, service awareness and governance features of ServiceNow integration help our ACI customers build very agile and responsive IT operations.
InfobloxSync App:
InfobloxSync App provides ACI customers enhanced security and visibility.
And that is not all. SevOne, a Cisco ACI ecosystem partner, announced support for Cisco ACI App center. The SevOneACIMonitor App allows users to quickly view and assess alert information for all monitored ACI components. Read PR brief here. Also, Algosec, announced a ConnectivityCompliance App for the App Center at cLive Berlin this year. Detailed PR can be found here. For detailed descriptions of the ACI Apps read whitepaper.
Our Motivation and Roadmap: The Cisco ACI App Center takes the concept of an open architecture to a new level by offering Cisco ecosystem partners and third-party developers and Channel Partners an opportunity to build and share applications that run directly on the APIC and extend the benefits Cisco ACI network offers.
We know that our partners and developers and millions of network engineers have a multitude of ideas, and Cisco ACI App Center is intended as a platform for unleashing this potential for the developer community. We want to connect our customers, partners, and developers through one platform and to offer the broadest array of possibilities of what they can do with their Cisco ACI network. To get you started, we would like to share a few related links:
Cloud products have a very different kind of buyer than traditional hardware gear. Sure, there’s some overlap between these two constituents but for Cisco, who has long been a trusted supplier of the IT organization we have a new group of people we’re getting to know: Developers in line of business teams. You can see our efforts there with our amazing Devnet team and in the acquisitions we’ve made like CloudLock, App Dynamics, and CliQr that all appeal to this same audience whose power and influence have grown.
I used to get beat up at my 1982 junior high for tracking my basketball team scoring averages with a program I wrote in BASIC on my TRS-80 and now developers influence major buying decisions for billion dollar multi-nationals. How has this happened?
Understanding this shift is important for anyone in this industry and it fundamentally comes down to how different parts of a company organizational structure work.
Org Structures Shape Cloud Buying
Think about how a company is typically organized and you’ll come up with a picture that looks like something this:
But not all organizations within this structure are created equal. On the left, functions like the product teams, sales, and marketing are profit and loss centers. They are responsible for bringing in revenue to the company and, by extension, they can spend money to make money. Their driving force is innovation so that they can capture market away from competitors and the easiest way to do that in the modern economy is with software.
Why? Because it’s soft.
Meaning, you can change software more quickly and easily than you can some physical thing. Speed of innovation is everything to the left side of this diagram and, increasingly, they do it through software.
But what about the right side? Those are all cost centers who can only spend money. Unfortunately for them, they don’t make any and typically are funded through fixed budgets that are part of a corporate tax. As such they optimize for efficiency, typically by controlling access to capitalized assets. So that original diagram turns into this:
The example I like to give here to show the difference in a concrete way has to do with expense reports. I worked in HP IT for 17 years and once I took 70 people to dinner at the Cheesecake Factory on University Avenue in Palo Alto. Despite having pre-approval to do so, my VP hauled me in for a tongue lashing when I submitted that $1400 receipt.
When I tell that story in front of an audience of Cisco or partner sales people, I poll the audience for what the largest meal expense they ever submitted was and usually somebody has done it for around $4000 or so. Then I ask them how much sales revenue that led to and whether or not anybody cared. The answers are always “millions” and “no.”
2006: A Dividing Line in Time
Before about 2006, whenever the people on the left side of this diagram needed something, say a change to the Customer Relationship Management (CRM) software so that sales could try something different, they only had one place they could go to get it: IT. And that meant putting in a change request that could take anywhere from 6 to 18 months to implement.
But after around 2006, and I choose that date somewhat arbitrarily but because it is when the AWS beta began, if someone in sales wanted a better CRM they could go use Salesforce.com or the people in Marketing could go use Marketo, and the line of business developers could go spin up virtual machines on public clouds.
And that’s why developers have the influence they do today. In 2017, every company is a software company and by virtue of working in a line of business team where they can spend money to make money, developers can go outside their traditional IT structures to go get IT services, quickly.
The New Normal
What has surfaced is a new normal that if you want to be a technology company you have to appeal to developers. But that doesn’t mean that our friends in IT disappear or that their needs are somehow less valuable. The Internet isn’t going anywhere and neither are the complexities of the internal networking required to get users access to it from a branch office or a data center or guests on Wi-Fi. Some IT departments are now offering pay-as-you-go services to their constituents so they can get funded through those profit and loss organizations instead of as a corporate tax with static budgets.
So, to be a modern technology company, you need both. You need to appeal to those influential developers, but also provide the products and services to that traditional IT buyer. That includes IT buyer ones trying to make the switch to the as-a-Service model as well as those who are content to be the bastions of cost controls. And if you look at our strategic announcements for about the last year plus, appealing to these different buyers, cloud and traditional IT alike, is exactly what Cisco is doing.
I recently took part in a webinar with my colleague Scot Wlodarczak about the convergence of operations technology (OT) and information technology (IT) in manufacturing. (If you were unable to attend, you can register for the replay here.)
We received a lot of good questions from webinar attendees. So many, in fact, that we couldn’t get to all of them in the time we had allocated. Here, we wanted to highlight some of the most interesting questions – and expand on the answers.
Q: For analytics & OEE, does Cisco recommend any off-the-shelf “comprehensive” platforms, or is it just as well to roll your own analytics targeting specific machines?
A: We’ve worked with several analytics vendors that have integrated their applications across Cisco platforms. Choosing a vendor really depends on the application and what you’re trying to measure.
However, I want to highlight a few case studies that showcase the combination of networking technology with analytics platforms. The first case integrated the Cisco Fog Computing platform with Mazak machinery and Memex around the concept of a “SmartBox.” The Memex application runs on Cisco’s Industrial Ethernet (IE) switch or Industrial Routers and pulls the manufacturing data from the Mazak machines to provide real-time visibility into what’s happening on the factory floor. (Read the full story here.)
Another case study to check out is the current work we’re doing with SAS to deliver an edge-to-enterprise IoT analytics platform across a validated architecture.
Q: I have not been able to convince my business that Cisco is the best vendor to use for their industrial network. I was hoping to get Cisco vs Siemens info in this webinar.
A: Automation vendors tend to standardize on their own series of protocols for industrial networks. Rockwell Automation standardizes on EtherNet/IP. Siemens utilizes PROFINET. Mitsubishi uses CC-LINK. Cisco networking equipment supports all these protocols, and the reality is that most manufacturers will have a mix of vendors on their factory floor that all need network connectivity. Additionally, with the trends toward convergence, a company that understands both the IT and OT sides of the house becomes critical for security, network management, and the deployment of new protocols like Time Sensitive Networking (TSN).
Q: What is the best strategy for IT/OT network segmentation (VLAN, Firewall, etc)?
A: We recommend starting with a Defense in Depth strategy that provides a layered approach to security. As a part of that strategy and in line with validated architectures, an industrial demilitarized zone (DMZ) should be implemented as part of the design. The DMZ perimeter is the buffer that enforces data security policies between the enterprise and the manufacturing zone via firewalls. Within the manufacturing zone we recommend logical segmentation at the cell levels for better organizational control. This can be accomplished using two mechanisms in the cell/area network:
Physical—Use of separate cabling and Layer 2 access switches to achieve segmentation
VLAN —Use of the VLAN protocol to achieve a VLAN that can be implemented on the same physical infrastructure
The following functional areas are good candidates for segmentation:
Industrial automation and control systems dedicated to particular functions in the factory floor (for example, a brewing control room)
Security and network administration applications
We also recommend implementing industrial firewalls at the cell level for increased protection of operations controls and visibility within the DMZ infrastructure.
Q: Is there a certain segment of industry that seems to be the early adopters of the Industrial IoT technology?
A: We’re seeing a lot of adoption in business segments where reduced downtime is critical. Unplanned downtime can cost upwards of $20,000 a minute in the case of the automotive industry, so some companies are using the information from the factory floor to support predictive maintenance and improve overall equipment effectiveness (OEE).
Additionally, machine builders such as FANUC and Mazak are integrating this technology to enable new business models and support better implementations of security and compute technologies in their machinery. Oil and Gas companies are using a connected architecture to manage their field operations and reduce risk around safety and security.
Q: Does Cisco have a solution for a secure remote third-party access to my factory floor?
A: Cisco has number of solutions, including the TrustSec architecture utilizing the Identity Services Engine (ISE) and AnyConnect, which can help provide access policy and secured communications. This architecture works with our network and security infrastructure to enforce and enable policy. Firepower ensures trust and verification and notes what’s allowed and not allowed on the network.
What’s Next?
Thanks to everyone who attended and submitted questions. If you’re interested in attending more webinars in the Factory of the Future series, please register here. Our next event is with MAPI and Deloitte on the topic of cyber risk within manufacturing. All webinars begin at 11 a.m. ET and will be available on demand. We’ll continue to add more topics throughout the year, so be on the lookout for additions to the series.
Cisco Live EMEA, which was held in Berlin in the last week of February, is the premier IT industry event hosted in Europe every year. This year’s event drew over 12,000 customers, partners, press and analysts from all over Europe, the Middle East and Africa, from a multitude of disciplines and industries.
Our top executives presented keynote and innovation talks which tackled topics like cloud, collaboration, data center, enterprise networks, Internet of Things (IoT), and security across all business and public sector segments including government, education, healthcare, public safety, and transportation. We showed customers and other Cisco enthusiasts firsthand how our technology and solutions work together to solve their challenges—and heard their feedback. For a quick overview check out some of the Cisco Live daily highlights.
In the Public Safety area of the Digital Industries booth in the World of Solutions (WoS) exhibition hall, we demonstrated several of our cutting edge solutions including ones addressing the Public Safety Architecture Foundation, Situational Awareness Dashboard, Wearables and Sensors, and Secure Mobile Communication.
This is the first event of this year’s global Cisco Live series. The next event will be held June 26 – 30, 2017 in Las Vegas. We look forward to seeing you there. In the meantime, get more information on our website.
When I started supporting enterprise application platforms at the turn of the century, the model was pretty simple: a single, huge server with expensive high-performance storage behind it. If you outgrew the storage, you could add more, and if you outgrew the server, you bought the next larger box. It was a very monolithic design, and if you’ve seen 2001: A Space Odyssey, you’d be forgiven for worrying about monoliths.
In the last couple of years, a lot of mindshare and a lot of actual production business-critical applications have moved toward what could be called “web-scale,” with Hadoop infrastructures being the poster child for these models. We’ve disaggregated performance and capacity, as well as compute from storage, but some applications are still too critical to migrate to take advantage of the new developments.
While a traditional Hadoop platform gives you the ability to spread your storage out over less costly, more granularly scalable devices, it has not traditionally been easy to access from pre-Hadoop-era applications. There are also performance and availability concerns when you work with HDFS, especially if your application doesn’t speak HDFS natively (and most don’t).
Enter MapR and the Converged Data Platform.
Visit my guest post on the MapR blog for more details, and to register for the webcast. We’ll talk about the unique joint solution between superpowers Cisco, MapR, and SAP, featuring the Cisco UCS 40 Gigabit Ethernet infrastructure. You’ll hear from experts from Cisco IT and MapR on why this design makes sense and how/why Cisco is using it internally. There may even be a mention of toaster pastries.
Less than two years ago, version 1 of Kubernetes was released. Today, there are over 1,100 contributors in the Kubernetes community. This number does not even include members who are active in Special Interest Groups (SIGs). The community has grown globally and outside of Google, so much so, that this year more than 60% of all contribution was made by people outside of Google.1
To generate such momentum and rapid growth is impressive but more impressive is the level of engagement from the community.
A quick BigQuery search on githubarchive database reveals that K8S community is the most engaged. I measured engagement by the number of comments/author in March 2017 for the repos that have greater than 500 authors.
The engagement is not even close when compared with other projects with public repositories. A quick search on the repositories that received the highest number of stars on GitHub results in Kubernetes in top 100 at #84. According to the last count, there are over 85M repositories on GitHub!
Network Effects
I reckon that the enthusiasm and adoption will grow even faster in future. Besides fabulous technology, the reason for Kubernetes growth lies in behavioural and management science in the positive externalities of two-sided network effects – Enterprises adopting Kubernetes and engineering talent pool available. Today, LinkedIn shows over 13 thousand individuals associated in some way with Kubernetes. It will increase by manyfold in the coming months.
Despite the success stories, challenges remain in mainstreaming container adoption. According to the latest CNCF survey, networking is the inhibitor cited by the most respondents, a bigger roadblock than security, lack of vendor support, complexity, logging and storage2
Contiv @ KubeCon
Cisco is a platinum sponsor of KubeCon EU, a premier Kubernetes and cloud-native event. Contiv team will embark on a mission, in the historic city of Berlin, to tell the cloud-native community and enthusiasts the need to make container networking production-grade. Contiv makes containers the first class citizen in the datacenter with cloud native, containerized workloads running alongside traditional ones on virtual machines or bare-metal. For a more background on Contiv, please refer to my earlier blog.
Demos and hands-on training
At KubeCon, we will be demoing everything container networking – various backends such as overlays over VXLANs, Layer 2 over VLANs on native Kubernetes as well as OpenShift, design considerations, benefits and how to choose the right approach. We will set you up with the easiest path to adopt Contiv in your existing Kubernetes deployments. If you are just starting with Kubernetes or Contiv, we got you covered with step-by-step hands-on tutorials and guides. Policy-based automation is the key for speed and scale requirements of containerized applications. We will demo how you can create, and manage policies such as segmentation, traffic isolation or bandwidth allocation in a portable fashion from dev/test to production.
Contiv swag
Don’t forget to load up on cool new Contiv swag. You never know when smartphone battery runs out while travelling and of course display your hip cloud-native cred with Contiv branded power bank!
Let’s explore beautiful Berlin while getting fit! I hope to see many of you at the 5K running tour. Led by professional guides who specialize in Berlin running tours, explore the attractions of Germany’s capital city from a new perspective. Sign up for this awesome CNCF sponsored activity here.
We are looking forward to engaging with all fellow Kubernauts. See you in Berlin, and in the meantime, please feel free to reach out.
We like to say that technology is all about bringing people together. That can sound trite until you’re in the ER or operating room, and then the technology that connects your doctor to you could be a matter of life or death.
A large metropolitan trauma center asked our partner Dimension Data to give them eyes and ears all over their facility. So, if an ambulance arrived in the car park, or life-flight chopper landed on the helipad, they could act fast.
Dimension Data says…
Across the sprawling campus, their CCTV was outdated. Their emergency management system
was incapable of automatically notifying key responders. Personnel were close to literally being in the dark as to changing conditions and they had no means to find out what was happening across their vast campus.
The challenge was to tie all of the life-safety technologies together into a single system and securely connect all of these locations, some of which even had public roads cutting through them.
Our answer was to work with Cisco to create a secure network for both wired and wireless solutions. A network and product portfolio that tied everything into a single system. It controls their video and communications, their power and security – and reaches every inch of the campus and even uses the power of the sun to keep key assets running.
It was a giant success. Now they can communicate much more efficiently and effectively. It has
worked so well that the hospital staff are excited about what else they can do with it. We’re in talks over here to tag all of their equipment so they know where everything is. All the time. Essential if you want to treat patients as quickly as possible.
Thanks, Dimension Data!
Watch this video to see how they connected the hospital so staff can get patients what they need fast.
