2017 - Page 186 of 223

March 3, 2017 2 Comments

Malware Round-up For The Week of Feb 27 – Mar 3

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed over the past week. Unlike our other posts, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteristics, indicators of compromise, and how our customers are automatically protected from these threats.

As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of date of publication. Detection and coverage for the following threats is subject to updates pending additional threat or vulnerability analysis. For the most current information, please refer to your FireSIGHT Management Center, Snort.org, or ClamAV.net.

Talos Group

Talos Security Intelligence & Research Group

8 Comments

It’s a Complicated World Out There – Thoughts on the Amazon S3 Outage

Kip Compton

It’s a complicated world out there, especially when it comes to cloud. Customers are trying to figure out the right cloud strategy, and it isn’t easy. The Amazon S3 outage is an example of just how complex the situation is. While that interruption only lasted four hours, the impacts were felt far and wide.

So is public cloud still a viable option? Or course it is. Amazon Web Services published their post-mortem and the issue was human error and fully correctable. Despite this, there is no disputing the reliability of S3 which is on-par or even better than most enterprise storage options. It’s just that since AWS is so large and so pervasive, it makes the news when it fails and when that failure happens, we see multiple systems that all rely on S3 failing at once.

After I heard about it, my first thought was that this is a perfect example of why it is so important for customers to think through all aspects of their cloud strategy. While there are immense benefits to having public cloud as part of your strategy, there are also challenges that need to be identified, planned for, and managed.

Today, we’re talking about Amazon S3. But that is just one of the multiple clouds organizations are working with today. In fact, according to IDC, 84% of the leading cloud adopters expect to use multiple clouds from multiple cloud providers.[1] This is why I’ve been talking a lot about how customers need a strategy for a multicloud world. Working with multiple clouds helps customers take advantage of the unique capabilities of each cloud, making it possible to accelerate your business, enable digitization, and provide developer productivity. An additional benefit is that when you leverage multiple cloud providers, you build some diversity into your infrastructure which means fewer correlated failures.

The benefits of a multicloud strategy are clear and despite this week’s incident, public cloud provides important benefits and needs to be part of the mix. But this shines a light on the importance of balancing agility and performance with cost and risk both on and off premise. In other words, what levels of risk and cost are acceptable for your desired agility and performance when it comes to cloud services? All cloud services come with some degree of risk, even Amazon S3, and we accept it because the alternative is often impractical or not financially viable. As Lydia Leong, cloud analyst at Gartner, put it, “Only the most paranoid, and very large companies, distribute their files across not just AWS but also Microsoft and Google, and replicate them geographically across regions — but that’s very, very expensive.” (Source: USA Today)

So, what to do? Whether or not customers could’ve limited the impact of the human error at the root of this particular incident, you shouldn’t stop from planning for the situations you can influence and even manage, both on and off premise. Let me give you some examples:

Use application management and orchestration to help you rapidly redeploy applications when your code or cloud platform is encountering issues
Use a multicloud security approach to help address the exponential expansion of the attack surface and minimize the impact of incidents like the DDoS attack against Dyn DNS last October
Use both infrastructure and application analytics to help you with telemetry, segmentation, and insights to proactively protect applications and the customer experience
Use virtualization technologies in networking for the cloud to reduce the cost of accessing public cloud resources and increase your agility with rapid deployment of new services, without costly upgrades

At Cisco, we think the right answer is have this level of cloud intelligence across your entire multicloud environment (both on AND off premise) to strike the right balance for your organization between control and innovation.

So, tell us how the Amazon S3 outage impacts how you think about your own cloud strategy?

[1] IDC InfoBrief, sponsored by Cisco, Cloud Going Mainstream. All Are Trying, Some Are Benefiting; Few Are Maximizing Value. September 2016.

Authors

Kip Compton

No longer with Cisco

2 Comments

Cisco RV340 Series Contest Update – First Week’s Winner

Marc Nagao

Hello Friends,

I would like to announce the first week’s winner is Nathan Parker of Mallard Computer in Arkansas! Nathan (@mallardnathan) will be receiving his “care package” in a couple of weeks. Congratulations to you!

Please stay tuned here for updates, and please continue to enter the contest. You can enter from the previous blog post:

http://blogs.cisco.com/smallbusiness/new-cisco-rv-series-vpn-routers

Product Pages:

Cisco RV340 Series including the RV340, RV345P and RV340W.

Cisco RV340 Dual WAN VPN Router

Cisco RV345 Dual WAN VPN Router

From our team to yours,

Enjoy the weekend.

Marc

Authors

Marc Nagao

Product Manager

Small Business RV Series Routers

9 Comments

California CIO Academy Conference – Transformation Using IoT

Stephanie Gaspar

Guest Blogger: Shilpa Kholhatkar, Senior Business Development Manager, IoT Systems Group

Shilpa is responsible for driving the growth of Cisco’s IoT products across major verticals such as Manufacturing, Energy, Transportation and Public Sector. She has a unique profile that spans product and solution development, business operations and business development. She is a technologist at heart, and as a working-mother, passionate about building and using technology to achieve work-life integration. In her previous role, Shilpa was Manager of the Collaboration Alpha and Field Trials team. Subsequently, Business Development Manager responsible for developing several programs to accelerate Collaboration adoption. She believes diversity is key for innovation, and has led several programs within and outside Cisco to support this cause. Shilpa earned a B.S in Computer Science, and an M.B.A. from SJSU. She loves to teach, and in her spare time is a yoga instructor, enjoys music and hiking.

It was wonderful to see the excitement at the California Public Sector CIO Conference in Sacramento on March 1st. The purpose of this invitation-only event was to foster discussion and dialogue on what it means to be a successful CIO in the public sector and how executives and policy makers can use technology to transform Local and State Government. Goes without saying that Internet of Things was top of mind for everyone in attendance. I was invited to be on one of the sessions, to talk about using IoT to help governments reduce costs, improve use of resources, and accelerate economic development. At the conference, I heard from City and State Officials including the Deputy Director and CIO of California Department of Transportation (Caltrans), CIO of California Department of Education, and Chief Analyst of CalPERS. They spoke about current challenges, areas where transformation is required and where investments will be made, in order to provide a robust and future-proof statewide infrastructure. They are excited about transformation through IoT and Digitization, while highlighting security, privacy, regulations and standardization as top priorities.

Consider some of the basic services: clean water, roads, schools, firefighters and police, that we take for granted. Yet, at some point or another, we have faced issues with traffic congestion or water situations extremes- either a drought or flooding (here in CA!). IoT and a sensor network across public infrastructure will help governments improve efficiencies, as well as improve citizen experiences. That is to say, IoT will help improve our daily lives, and at the same time have a greater impact on how government delivers services and becomes more efficient.

Why is government taking this opportunity seriously? A recent report from Navigant research suggests that Smart city revenue from services is expected to grow from $36.8 billion in 2016 to $88.7 billion by 2025! What is a Smart City and what kind of services are we talking about? You can define Smart City as a safe, eco-friendly and innovative city with an infrastructure that uses sensor data, that then gets used to create actions for the best use of resources (water, power, roads, parking spaces, lighting). For example, Cisco’s smart parking solution alleviates traffic congestion by showing drivers location of open spots, thus, decreasing the amount of time wasted circling blocks. The ultimate goals of smart cities are power management, pollution and waste management, public safety and offering improved services to residents.

Government can play a crucial role by not only embracing IoT, but also promoting IoT, and making rules and policies that will accelerate adoption, while addressing privacy and security concerns.

To read more about the conference, please checkout the event coverage at http://www.govtech.com/The-Internet-of-Things-Needs-Standardization-Heres-Why.html?flipboard=yes&

Authors

Stephanie Gaspar

No Longer with Cisco

2 Comments

The IoT(s): One Size Does Not Fit All

Munawar Hossain

Today let’s talk about IoT as a plurality. I suspect that you may have recently heard the phrase that “words matter,” and when talking about something as broad and diverse as “IoT” it really does indeed matter. It matters because correctly defining what you are speaking about, and to whom, will help to drive towards the right area of focus when describing IoT security. So let’s jump in.

We view the IoT as consisting of three major pieces: IT, OT, and CT. IT is what you think it is: data center, cloud, the enterprise network (and its connected devices), mobile devices and so on. OT refers to operational technology or industrial networks. You’ll hear terms like ICS (industrial control systems), SCADA (which is actually a subset of ICS), IIoT (Industrial Internet of Things). For our purposes here, they all refer to the same thing. Think manufacturing plants, power substations, oil rigs, and so on. Lastly, CT refers to consumer technology, which would consist of things like wearables and the connected home.

In this column we will be focusing on the OT and a bit on IT, particularly healthcare. We won’t spend time on CT devices we see at home like Alexa or Google Home in this post.

There are industries whose “things” are not applied to a frequently repeatable process. While engines in an automobile assembly plant are always placed within a chassis, not every hospital patient gets an MRI. Your electrical utility won’t alter its voltage or frequency at your home based on specific appliances but you can avoid waiting in line at Starbucks for your cold pressed coffee.

Now let’s break down OT even further and propose some typical attributes that drive specific security use cases.

If you work in a mature discrete unit-manufacturing environment, say an auto manufacturer, your plant floor may have been built out by a set of specialized integrators. Your company specified the need for a means of painting auto parts. Paint Part Inc. responded, brought in its own assembly line. They put it together and showed you where you could plug it into the rest of the plant. From a networking perspective somebody just dropped in a huge subnet with little to no documentation as to what is within. By the way, if there are multiple of those I’ll bet they looked identical from a network perspective. NAT away and get back to re-integrating later perhaps?

What powers that auto plant however looks rather different. Your electricity likely comes from a couple of diverse sources – coal or gas-fired generators or maybe hydropower? Those might look like fairly simple manufacturing plants. Getting the power to you however is relatively simple, well-controlled, and understood. Utilities have been doing “WAN”s for many decades. On the other hand they attract a good amount of regulatory attention and there are all kinds of helpful guidelines to tell you how to do things. Once you get past the squirrels, security needs are fairly well defined.

The medical field has its own unique challenges. From a network and security perspective it could be the closest to what you may have experienced in the IT side. Most everything is talking TCP/IP. Lots of PCs and tablets. Wireless all over. Personal ID concerns, credit card PCI needs, and highly mobile, life-critical equipment going up the elevator, out the door and coming in another door from that remote clinic via an ambulance. Dynamic like nothing else you’ve seen. Sounds exciting!

There is so much more for each of these different environments that describe their needs from a security context, and so many other environments we did not discuss. So much more related to their networks, the people who work there, the *things* at play, and how it all comes together. The point is that in these worlds, again purposely plural, the IoT is highly variable and so it will help greatly to recognize that we are charged with securing it all.

*What’s the most unique IoT scenario you’ve seen? We’d love to hear about it in the comments.

Authors

Munawar Hossain

Director of Product Management

Security Business Group

Cisco DNA Makes Wales Hospital System Faster and Safer

Bill Rubino

It doesn’t matter what industry you’re in, the most important resource that an organization possesses is time. When you save time, you’re saving more than just money and nowhere is that more evident than at a hospital.

The Abertawe Bro Morgannwg University (ABMU) Health Board in Wales is using Cisco’s Digital Network Architecture (DNA) to improve workforce, patient and visitor experience. No longer do doctors and nurses need to fill out forms and write notes and the staff is much more mobile. Both of these measures have allowed staff additional time which they have allotted to better care at the bedside and out in the community.

ABMU is not a small organization, there are 16,000 people on staff and the hospital group cares for 500,000 citizens of south west Wales and south west England. Making sure that the new IT strategy is up and running quickly and correctly was important.

The infrastructure is made up of Cisco products such as: Cisco Aironet 3700 Series Access Points, Cisco 5500 Series Wireless Controllers, Cisco Catalyst 2960-X Series Switches and the Cisco Catalyst 3850 and 6500 Series Switches. This infrastructure connects the Neath Port Talbot, Morriston, Singleton and Prince of Wales hospitals in the ABMU network. By being connected, clinical applications and large data files flow quickly and safely.

Speaking of safely, the entire network is secured by Cisco Identity Service Engine (ISE). ABMU easily establishes the firewalls and sets the security policies with ISE.

“Hospitals must have robust safety processes in places,” said Gareth Siddell, ABMU Network Manager. “With Cisco ISE, only authorized personnel can use mobile devices to access a drug cabinet. Additionally, the pharmacy inventory tracking is automated by stock level and by prescriber.”

Getting this project up and running didn’t take very long either. Normally a six-month process, the ABMU IT team was able to deploy this network within two weeks.

The hospital group has been so pleased that they want to continue to build out the DNA platform by adding such functions as wayfinding and location-based services.

To read the complete case study, click here.

Authors

Bill Rubino

Product Marketing Manager

Enterprise Networking and Cloud Marketing

Happy Employee Appreciation Day Cisconians!

Carmen Shirkey Collins

The calendar is filled with “fun” holidays, Cookie Day, Chocolate Cake Day (mmm, I’m hungry now,) Talk Like a Pirate Day and more.

However, Friday, March 3^rd might be the bestest holiday EVAH!

Why? Because it’s Employee Appreciation Day!

This isn’t just a Cisco holiday, it’s an “everywhere” holiday. But it’s an opportunity to highlight Cisco employees for sure, and talk about how amazing they are (in case you didn’t know already.)

It also happens to be the last day of the #WeAreCisco #LoveWhereYouWork employee social media contest, because what better way to end a contest that tells why you love where you work than talking about the people you work with?

I’m going to kick us off, because I have THE best job in the world. My job at Cisco is to use social media to attract new employees to work here, but I do this by amplifying what EXISTING employees already say about the company. I don’t have to make things up, or get all “marketing-y” to make employees look good, they ARE AWESOME, and all I have to do is help them tell their stories.

There is one group in particular, the wonderful set of employees that take over the WeAreCisco Snapchat account each day. This group is named the “Rainbow Kitten Unicorns” (everything that’s great about the Internet) and we have the best time together. We have a Spark room where we share fun ideas, we have Webex meetings and we even text each other Bitmojis and gifs from time to time. I feel like they are my “peeps” in every sense.

You know who else I appreciate? My direct team. Shout out to the Talent Brand team here at Cisco, for just being an example of what a great job at a great company with great people looks like.

You may say – “but this is your job, you HAVE to say these things.” Believe me, I’ve had a varied career at some big-name companies, and this is the first one I would say ANY of these things about. But it’s not just me.

Head on over to the WeAreCisco Instagram account today and watch the Instagram Stories to hear even more about this. Or just keep reading.

Jill Larsen, Senior Vice President of HR:

“One of the best things about my team is that we have a ton of fun together! While our day job is serious – finding the best talent for Cisco, we are a competitive bunch who can throw on our Smurf or Nemo costumes and do our best dance to try to win a silly HR costume contest.”

Brian Murray Engineering Manager

“Pride in their work. That’s what I love about the Galway (Ireland) team. They’re always ready to step up, no matter what the challenge that’s put to them.”

Shane Sherman, Director of Technical Support

I love our employees because they are very generous in life. Whether there’s a new baby or a family sickness, we have each other’s back. I’m proud to work at Cisco!

Even the Big Guy himself, CEO Chuck Robbins, told the Cisco employees in Israel during a recent visit:

“Everyone has so much respect for you and what you do and what you represent, and for that, I am incredibly grateful. You make it so much fun for me to show up as the leader and get all the accolades that you earn every day here. So thank you for that.”

To every Cisconian, a big thanks for all you do. Want to work for Cisco? Apply here.

Authors

Carmen Shirkey Collins

Social Media Manager

Talent Brand and Enablement Team, HR

March 2, 2017 1 Comment

Students Collaborate Using Cisco Spark During Hackathon

Tom Goerke

Our Innovation Centre in Australia, Perth, recently had the opportunity to host a hackathon, exploring safety and productivity solutions for heavy vehicles.

Launched in December by the state’s Transport and Innovation Minister, Bill Marmion, the hackathon was held as part of the government’s commitment to innovation, aligning with objectives in the Western Australian Innovation Strategy released in November last year.

It ran for three weeks and included nine teams from four Western Australian universities–Curtin University, Edith Cowan University, Murdoch University and the University of Western Australia. The challenge was to design smart license plates for heavy vehicles, with a prize of $10,000 up for grabs.

With the need to constantly communicate throughout the hackathon, our centre selected Cisco Spark as the tool for collaboration. Weeks before the event, specific rooms were set up for the organising committee, participants and partners.

While everyone was very impressed with the functionalities of Cisco Spark, we decided to take things up a notch and coded a bot to help with the event. The bot created new rooms on demand, such as putting teams in touch with their mentor for a group conversation.

The bot also facilitated submissions, placed a participant in contact with the organising committee, sent reminders about upcoming deadlines, provided the hackathon information pack, gave details on government agencies, information on Cisco Spark, and pointers to useful resources. And it did all of this as if it were human.

This was made possible by powering it with natural language understanding (NLU) capabilities. We even built a mechanism to collect feedback over a phone call. This piece of magic was carried out by integrating with Tropo’s cloud API for voice and message exchange.

Though the bot was built specifically for the hackathon, we plan to use for similar events in the future.

It’s exciting that Cisco Spark has the flexibility to integrate with other tools such Box and Google Drive, so we can add new features, or automate file transfers or send notifications on mail, or even to throw up funny cat photos–we have a suitable framework in place.

At the end of the hackathon, each of the teams submitted their plate concepts and presented it to a judging panel of industry and subject matter experts. This was followed by an awards night at the centre, where:

Murdoch University Team 1 (Robert Pezzaniti, Josephine Brain, Andrew Forbes and Radek Sebesta) was awarded the $10,000 first prize
Curtin University Team 2 (Amir Rajabifar, Bryan Kwok, Joshua Morley, Christian Brunette and Jordan Truswell) received a commendation

The smart plate designs are being reviewed by Main Roads Western Australia to assess opportunities for a prototype.

Email: tgoerke@cisco.com

Twitter: @tomgoerke

LinkedIn: https://au.linkedin.com/in/tom-goerke-269204

Authors

Tom Goerke

Director, Innovation Centers Australia

4 Comments

How Digital Skills Create Opportunities for People With Disabilities

Tae Yoo

Technology and innovation create opportunities, and not just for businesses and governments, but for the world.

Today we are experiencing a digital revolution with the power to accelerate global problem solving, enabling people and societies to thrive.

We are bringing that philosophy to life today, by announcing our commitment to expand the Cisco Networking Academy for diverse abilities. Over the past decade, more than 3,000 students with disabilities have benefited from Networking Academy courses, delivered in partnership with organizations helping students with vision, hearing, and selected physical disabilities. We now commit to accelerating the impact of this program and empowering 10,000 students with disabilities within five years, in countries such as Italy, France, Kenya, Mexico, Peru, the United Kingdom, and the United States.

We live in a world where we can empower anyone to be a global problem solver — to innovate as a technologist, think as an entrepreneur, and act as a social change agent – and more effectively address critical issues like hunger, poverty, climate change, and gender inequality.

It is our job as business leaders to ensure that this digital revolution is inclusive. When the Industrial Revolution transformed manufacturing, transportation, and communication in the late 18th and early 19th centuries, only a select few with enough resources could take advantage of the opportunities for growth and prosperity.

But today, technology – and Internet connectivity in particular – is an equalizer. Connectivity enables people to access education, jobs, financial services, and healthcare. It gives anyone the ability to build the skills and resources needed to thrive, and the potential to become a global problem solver.

Inclusion for People with Disabilities

One group at risk of being left behind in the digital revolution, however, is people with disabilities, including physical, vision, and hearing impairments.

An estimated 15% of the world’s population, more than 1 billion people, lives with some form of disability . People with disabilities have poorer health outcomes, lower education achievements, less economic participation and higher rates of poverty than people without disabilities.

For example, unemployment among people with disabilities is as high as 80 percent in some countries. Many people with disabilities who are employed work in part-time positions or nontraditional, low-paying jobs with poor job security. In India, for instance, 87 percent of people with disabilities who work do so in the informal sector .

We believe technology – and the acquisition of digital skills in particular – can level the playing field for people with disabilities. For example, the European Commission reports that in the near future, 90 percent of jobs will require some level of digital skills. And in 10 Latin American countries, research from IDC predicts a shortage of nearly 450,000 networking technology professionals by 2019.

Helping people with disabilities develop the skills needed to fill these jobs can create new opportunities for them while enabling businesses to meet their staffing needs.

Digital Skills Foster Inclusion and Create Opportunity

We have been fostering inclusiveness and creating opportunity for nearly 20 years through the Cisco Networking Academy program – an IT and career skills building program that has helped more than 6.7 million students in 170 countries prepare for IT careers.

In particular, we have developed programs for people with vision, hearing, and physical disabilities though partnerships with educational institutions and non-governmental organizations in several countries around the world.

For Networking Academy, accessibility means providing access to our curricula for people with disabilities, either by design or through compatible use with assistive technology.

In Kenya, for example, we have offered Networking Academy courses to nearly 400 people with hearing impairments since 2012 through partnerships with Deaf Aid and Karen Technical Training Institute for the Deaf. Sixty-five percent of participants are employed or conducting internships, and the hiring managers often report that these workers are loyal, conscientious, and focused.

One of these people is Wilson Nyabera, who grew up in Kibera, Kenya’s largest slum, with three siblings. Wilson earned his Cisco CCNA certification after taking Cisco Networking Academy courses and now works as a network engineer for Copy Cat, an office automation and information technology company. Since entering the IT workforce, he has moved to Uthiru, a better part of Nairobi and enrolled at St. Paul’s University to pursue a bachelor’s degree in business and information technology. With his salary, he is able to pay his mother’s rent and pay his younger sister’s school fees.

https://youtu.be/pCjpiLq7bnY

Over the past decade, more than 3,000 students with disabilities have benefited from Networking Academy courses. Now, we are making a commitment to more than triple that number to reach an additional 10,000 people with disabilities within five years.

We believe that helping people with disabilities develop technical skills is a win-win. It enables them to get jobs, build careers, gain personal independence, and overcome cultural stereotypes. And, it can also build the pipeline of IT talent that organizations need to take advantage of the digital revolution and accelerate global problem solving.

Cisco Networking Academy is one way we are harnessing the power of the digital revolution to accelerate global problem solving, enabling people and societies to thrive in the digital economy. Our goal is to positively impact 1 billion people by 2025. Stay updated on our progress: subscribe to receive our email updates