Year: 2017

February 28, 2017 1 Comment
Avatar

Cisco and Samsung Are Redefining Secure Mobility

Turn mobile security on its head. Cisco and Samsung have collaborated to develop the secure mobility solution that addresses the enterprise market realities of today and well into the future.  Cisco’s AnyConnect solution and Samsung Knox architecture will soon force visibility into malicious activity from enterprise mobile endpoints.  This joint solution will empower enterprises with the operational knowledge and confidence they need to fully embrace mobile.

Ask anyone in security and they will tell you that there is no one turn-key solution.  Security is all about having the “right” visibility.  Due to robust security and policy tools, visibility and network controls have long been available to enterprise customers for desktops or laptops.  This in-depth visibility has allowed IT to mitigate threats in a matter of hours.  But new trends around mobility introduce new vulnerabilities and risks for the corporate environment.  And because enterprises do not have the same tools for mobile they are left stranded.

More and more, employees want to work on their mobile devices. Yet mobile devices with unfettered access to the enterprise network could potentially access sensitive information. These same devices can also consume shadow IT applications or even exhibit suspicious behavior without knowledge of IT administrators.  This is why most enterprises treat mobile endpoints as untrusted or just provide guest access.

Samsung and Cisco have come together to empower enterprise mobility with unmatched trust through Samsung Knox, visibility through Cisco AnyConnect, and intelligence with Cisco Stealthwatch.

 

“With this new offering, we are marking another milestone in our security software on Android mobile phones,” said Injong Rhee, CTO of the Mobile Communications Business at Samsung Electronics. 

“Together with Cisco we are providing our customers with the best security technologies and insightful data analytics to protect sensitive information and vital business applications.”

 

  • One of the world’s largest mobile market leaders and world’s leading security solution provider join forces to deliver unmatched mobile security.
  • Deliver trust through the defense-grade Samsung Knox platform ensuring device integrity.
  • See in-depth user and device behavior to mitigate threats originating from mobile devices.
  • Ensure that only authenticated users on trusted devices are making use of appropriate enterprise IT services.

The competition only offers partial fixes or a closed ecosystem. With Cisco and Samsung providing trust, visibility, and intelligence into the mobile device, threats to your network that could take 100 to 200 days to detect can be identified in hours.  When an average data breach can cost $4 million, it is imperative that you have the most advanced security solution for mobile.

At Mobile World Congress, Cisco, the world’s leading cyber security solution provider, and Samsung, one of the world’s largest mobile market leaders, are building on a long standing relationship which started with Cisco AnyConnect VPN integration with Samsung Knox. Building upon this relationship, Cisco and Samsung are now focused on providing enterprises and service providers with extended visibility and device level protection. With Cisco’s and Samsung’s joint solutions, enterprises and service providers will be able to use increased visibility and control to prevent unauthorized access and quickly respond to malicious behavior. Samsung Knox, the award-winning defense-grade mobile security platform, together with Cisco AnyConnect will offer unparalleled endpoint trust, visibility, and intelligence delivering the most secure enterprise mobile security solution available.

 

Authors

Avatar

Thomas Licisyn

Product Marketing Manager

Security Marketing Group

February 27, 2017 8 Comments
Avatar

Cisco @MWC: Innovation and Customer Momentum Announcements

At MWC, we are making a dozen innovation and customer momentum announcements including 5G Trials with Verizon.  Last week, Verizon announced it will deliver 5G service to pilot customers in 11 markets across the U.S. by mid-2017, and today we announced that we will be a key technology supplier for those trials. We are delivering cloud-based packet core technology and mobile backhaul infrastructure, and we are excited to be able to show off some of the collaboration applications that can push the 5G bandwidth needs.

Other highlights include news with Reliance Jio, which is driving the national agenda of Digital India with an all-IP, multi-Terabit network for broadband, mobile video, VoLTE and VoWiFi services to 18,000 cities across India. It’s a huge deal and we couldn’t be more excited about the 100 Million 4G customers we’ve already helped Jio to onboard — in just six months! I am so impressed at the pace with which Jio has grown.

Our Ericsson partnership is going strong and we are proud to announce our joint Collaboration Mobile Convergence solution designed for service providers to sell to enterprises. This super cool offering features Cisco’s enterprise collaboration service platform, including Cisco Spark Board, with Ericsson’s leading VoLTE communication solutions. Just one more way that together, we are helping to evolve the mobile phone into an unstoppable, multi-tasking business tool.

On the security front we introduced our Security Architecture for Mobile Service Providers, offering solutions for multi-layered protection across the network, the endpoint (device) and the cloud, securing customer networks across the globe including Deutsche Telecom and Vodafone Hutchinson Australia. We also announced new co-developments with Samsung to deliver endpoint visibility and data intelligence to business customers with our combined technologies.

Let’s not forget NFV! We continue to strengthen our relationship with Altice Group to transform Altice’s business operations with new network architectures to help grow revenue, lower costs and improve customer retention. We just announced how we are collaborating on a long-term project with Red Hat to build a holistic NFV platform to help Altice speed time to market for new services across its global footprint.

We also announced how customers like NTT DOCOMO, Telstra and others are using our Network Services Orchestrator (NSO), to simplify their network operations and lower their total cost of ownership. What could be better?

For video, consumers in Germany are also the beneficiaries of an advanced video upgrade. Vodafone launched its GigaTV service in Germany, designed for a seamless mobile experience, personalized recommendations, and both 4K and UHD content. The service includes linear and on-demand content, playable on TVs, smartphones, and tablets. It’s all powered by our Infinite Video Platform. Go Vodafone!

Also exciting is what’s been going on with Cisco Jasper, which has seen enormous growth since the acquisition last year — especially on its Control Center, to automate IoT connectivity management for customers across the globe. Great things are happening with customers this week including Honda launching Connected Car services in all Euro countries with Cisco Jasper. Korea Telecom and Cisco Jasper have teamed to provide KT customers with a full line of IoT solutions and services. Plenty more happening with Cisco Jasper so ‘stay connected’ with us to read all related IoT news from the show.

That’s a short overview of a whole lot of things that will happen at MWC. We’re in Hall 3, Zone 8 Booth #3 E30. See you there!

Authors

Avatar

Yvette Kanouff

Senior Vice President/General Manager

Service Provider Business

Leave a Comment
Avatar

Cisco PSIRT – Mitigating and Detecting Potential Abuse of Cisco Smart Install Feature

Cisco PSIRT has become aware of attackers potentially abusing the Smart Install (SMI) feature in Cisco IOS and IOS XE Software. While this is not considered a vulnerability, PSIRT published a Cisco Security Response on February 14, 2017 to inform customers about possible abuse of the Smart Install feature if it remains enabled after device installation. The Security Response also provides guidance on actions customers should consider to protect their networks against abuse of this setup feature.

New tools: The Cisco Talos group has developed a tool that customers can use to scan for devices that have the Smart Install feature enabled in their environment. Just scanning for TCP port 4786 being open is not sufficient as this port is used by other protocols as well and this might thus result in false positive. For more information, see Cisco Coverage for Smart Install Client Protocol Abuse.

Cisco has also published a new IPS signature and new Snort rules that help detect the use of Smart Install protocol messages in customer networks.

Mitigation: If customers find devices in their network that continue to have the Smart Install feature enabled, Cisco strongly recommends that they disable the Smart Install feature with the no vstack configuration command.

Otherwise, customers should apply the appropriate security controls for the Smart Install feature and their environment. The recommendations noted below and in the Security response will avoid the risk of attackers abusing this feature.

Details

Cisco Smart Install is a legacy feature that provides zero-touch deployment for new switches, typically access layer switches. The feature has been designed for use within the local customer network and should not be exposed to un-trusted networks. Newer technology, such as  the Cisco Network Plug and Play feature are recommended for more secure setup of new switches, though the Smart Install feature remains an option for platforms that do not currently support the Cisco Network Plug and Play feature.

A Smart Install network consists of one Smart Install director switch or router, also known as the integrated branch director (IBD), and one or more Smart Install client switches, also known as integrated branch clients (IBCs). Only Smart Install client switches are affected by the abuse described in this document.

The Smart Install feature is enabled by default on client switches. No configuration is needed on Smart Install client switches.

The following example shows the output of the show vstack config command in a Cisco Catalyst switch with the Smart Install client feature enabled; this is the only output that indicates that the Smart Install client feature is enabled:

switch#show vstack config | inc Role
 Role: Client (SmartInstall enabled)

If left enabled on IBCs, the absence of an authorization or authentication mechanism in the Smart Install (SMI) protocol used by Smart Install clients and a Smart Install director could allow an attacker to send crafted SMI protocol messages as if those messages were sent from the Smart Install director. This could allow the attacker to perform any of the following actions on a targeted system:

  • Change the TFTP server address on an IBC.
  • Copy arbitrary1 files from the IBC to an attacker-controlled TFTP server.
  • Substitute a client’s startup-config file with a file that the attacker prepared, and force a reload of that IBC after a defined time interval.
  • Load an attacker-supplied IOS Software image onto an IBC.
  • Execute high-privilege configuration mode CLI commands on an IBC, including “do-exec” CLI commands. Any output of or prompt resulting from the command(s) run will appear on the IBC’s local console. This is possible only in Cisco IOS Software releases 15.2(2)E and later, and Cisco IOS XE Software releases 3.6.0E and later.

If the management IP address of a client switch is exposed to the Internet, an attacker could abuse Smart Install features remotely.

1 Any file from any file system that can be accessed via the regular copy command on the IOS or IOS XE CLI

Recommendations

To mitigate the risk of abuse, Cisco recommends that customers implement the security best practices discussed in the following documents:

 

Warning Indicators

There are no indicators of an attacker changing the TFTP server address or of an attacker copying files off the device using Smart Install capabilities. Cisco recommends that customers look for access from external IP addresses.

If write operations are induced via the Smart Install feature and the logging level is set to 6 (informational) or higher, messages will appear in the logs.

If the startup-config is replaced the following messages are typically seen in the logs from the affected device:

%SMI-6-UPGRD_STARTED: Device (IP address: 0.0.0.0) startup-config upgrade has started
%SYS-5-CONFIG_NV_I: Nonvolatile storage configured from tftp://<ip-address>/my.conf by <username> on console
%SMI-6-UPGRD_SUCCESS: Device (IP address: 0.0.0.0) startup-config has upgraded successfully

The execution of high-privileged commands in configuration mode via the Smart Install feature typically results in the following messages in the logs from the affected device:

%SMI-6-DWNLD_STARTED: Device (IP address: 0.0.0.0) post install file download has started
%SMI-6-DWNLD_SUCCESS: Device (IP address: 0.0.0.0) post install file has downloaded successfully
[...]
%SMI-6-UPGRD_STARTED: Device (IP address: 0.0.0.0) startup-config upgrade has started

If a reload is induced via the Smart install feature and the logging level is set to 5 (notifications) or higher, one of the following messages will appear in the logs:

%SYS-5-RELOAD: Reload requested by SMI IBC Download Process. Reload reason: Switch upgraded through Smart Install
%SYS-5-RELOAD: Reload requested by Delayed Reload. Reload reason: HULC SMI Scheduled Reload after Config Download
%SYS-5-RELOAD: Reload requested by Delayed Reload. Reload reason: HULC SMI Scheduled Reload

In addition to local logs on client switches and logs that a client switch sends to a syslog server, customers should also look into firewall logs and NetFlow data.

Cisco has published Intrusion Prevention System (IPS) signature ID 7856-0 as well as Snort rules 41722-41725 to help detect the use of Smart Install protocol messages in customer networks. Please see the Talos blog post referenced under New Tools: above for details on the Snort rules.

To avoid false positives this signature and Snort rules should be enabled only in networks not using the Smart Install feature or at places in the network where Smart Install protocol messages are not expected to be seen.

The following best practices should also be used to provide more visibility into possible anomalies in an environment:

  • Implement supplemental instrumentation focused on high-value network segments, devices, and individuals. This provides oversight of network devices and enables traffic monitoring. For more information, see Telemetry-Based Infrastructure Device Integrity Monitoring.
  • Implement Cisco IOS NetFlow to gain visibility into traffic flows that emanate from each portion of the network and to evaluate actual traffic against expected traffic.
  • Monitor network device event logging to identify unexpected network device-level activity.

For additional best practices, see the Cisco Guide to Harden Cisco IOS Devices and the Cisco IOS Image Verification white paper.

 

 

Authors

Avatar

Michael Schueler

Incident Manager

Cisco Product Security Incident Response Team (PSIRT)

Leave a Comment
Avatar

Cisco Coverage for Smart Install Client Protocol Abuse

Summary

Talos has become aware of active scanning against customer infrastructure with the intent of finding Cisco Smart Install clients. Cisco Smart Install is one component of the Cisco Smart Operations solution that facilitates the management of LAN switches. Research has indicated that malicious actors may be leveraging detailed knowledge of the Smart Install Protocol to obtain copies of customer configurations from affected devices. The attack leverages a known issue with the Smart Install protocol. Cisco PSIRT has published a security response to this activity. Abuse of the Smart Install protocol can lead to modification of the TFTP server setting, exfiltration of configuration files via TFTP, replacement of IOS image and potentially execution of IOS commands.

We are aware that a tool to scan for affected systems, called the Smart Install Exploitation Tool (SIET), has been publicly released and is available here. This tool may be being used in these attacks.

Read More>>

Authors

Avatar

Talos Group

Talos Security Intelligence & Research Group

Leave a Comment
Avatar

Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Iceni Argus PDF Content Extraction affect Mar …

Overview

Talos has discovered multiple vulnerabilities in Iceni Argus PDF content extraction product. Exploiting these vulnerabilities can allow an attacker to gain full control over the victim’s machine. Although the main product is deprecated by Iceni, the library is still supported. Iceni has released a patched version that addresses these vulnerabilities. Nevertheless, the library is widely used; MarkLogic is an example of a product that uses Iceni Argus for PDF document conversion as part of their web based document search and rendering.

<<Read more>>

Authors

Avatar

Talos Group

Talos Security Intelligence & Research Group

36 Comments
Avatar

An IPv6 Campus of the Future

IPv6 as a protocol has been known for a while, but enterprises are beginning to understand the ways in which it can help them achieve their goals, improve efficiency and gain functionality that were hitherto unavailable.

When the IPv4 to IPv6 transition first took place, some Internet-scale companies enthusiastically adopted the technology. They built out their data centers as IPv6-only networks understanding the impending exhaustion of IPv4 addresses. Most other companies attempted to manage the transition by simply migrating from native IPv4 to a dual stack network for IPv6 compatibility. This, however, neither saved IPv4 addresses nor improved features and applications over IPv6.  The logical next step for those companies and indeed the industry, in general, is to implement entire campuses as IPv6-only networks. The advantages include avoiding the maintenance of two protocol stacks, reduced OPEX, and, chiefly, no more dependency on IPv4 address. The IPv6 network is cleaner, faster and more secure thanks to a protocol redesigned to embrace encryption, favor targeted multicast over expensive broadcast communication and remove variable length subnets from routing.

Cisco has been one of the early pioneers in this space. From an implementation and adoption standpoint, we have taken it upon ourselves to start building an IPv6-only campus to demonstrate to our customers not just the criticality of this technology but also how exactly to manage the transition seamlessly.

The Cisco Enterprise Network Engineering team, in collaboration with the Cisco IT team, took the lead in converting Building 23 (known internally as “The v6 Island”) in San Jose, California to an IPv6-only network. The building, serving over 500 employees with at least two devices per person, over 120 access points and 20 network devices, accessing nearly 20 IPv6 applications and three collaboration endpoints per device, went live with the transition shortly after the new year began. As committed as we are to innovation, we also sympathize with early adopters of emerging technologies. As a consequence, we turned lab rats, as it were, in building an IPv6 campus. The goal was to demonstrate how to navigate the growth pains of such a revolutionary transition with a clear and near upside.

This transition has been one of our coolest projects, and it is very exciting to have the opportunity to roll out the first-ever true IPv6-only building in the industry servicing the typical daily business traffic of a large enterprise. Despite this excitement, the changeover to a pure IPv6 facility has been herculean in terms of ensuring non-disruption of critical services. Cisco users interact daily with diverse Enterprise applications – many designed without IPv6 in mind – and they expect to get their jobs done from any platform, anywhere.  This meant network plumbing – writing a translator for domains that are still running on v4, customer-centric practices like engaging with multiple users and being proactive to enable a wide range of devices (we are proud proponents of BYOD). Despite these challenges the project was all wrapped up in three months and the results speak for themselves. The IPv6 user count has consistently been at 450+ users daily with traffic throughput measuring an average of 400 mbps.

Adoption of a new technology is difficult and most technologists wax eloquent about initial reluctance. As we strive to be adopters and advocates for IPv6 as the way of the future, we have successfully implemented our own solution to demonstrate what an IPv6-only building is capable of. As we gain momentum towards v6 enabled collaboration and mobile-based adoption, it is our hope that our v6 implementation acts as a lighthouse and guides you on your v6 journey.  Learn more about our IPv6 journey in this video. https://youtu.be/BRunKoc2hnc

Would love to hear about your IPv6 stories @aoswal1234.

Authors

Avatar

Anand Oswal

No Longer with Cisco

1 Comment
Avatar

Be the First to Deliver a Secure Network

Written by Monika Gupta, Cloud Security Products team at Cisco

We’ve all seen the proliferation of threats across organizations of all sizes. Cyber attacks continue to become more sophisticated and severe, impacting intellectual property, finances, and organizational reputations.  Security is a concern companies face every single day. In theory, service providers can help. Security and connectivity are a natural fit, and delivering a secure connection is a logical way to help customers address a key challenge. However, traditionally it hasn’t been easy to deliver security with connectivity. Complex solutions make it difficult to deliver a secure network at scale in a cost effective manner.

Times have changed. And the cloud has changed things.

With cloud-delivered security, service providers can deliver a value-added service to their customers — not just a connection, but a secure connection. An easy way to do that is by using the domain name system (DNS). DNS is the first step that happens when connecting to the internet — it maps the domain names that users request to the IP addresses that enable the connections. It is protocol and port agnostic and is used by every device — mobile, laptops, and Internet of Things (IoT) devices to name a few. We can stop thinking of complexity, customer workarounds, shipping and configuring equipment, and instead begin to think of simple, fast, and comprehensive security that can be available worldwide in minutes.

Cisco Umbrella for Service Providers (SPs) is a new cloud-delivered security service. It helps service providers address a critical need of their customers while creating a new revenue opportunity for their business.  It is easy to provision, deploy, and manage, making it simple to stop threats before they reach their customers’ network and endpoints. Cisco Umbrella for SPs is designed for scale and delivered across geographically distributed data centers that provide the fastest, most reliable DNS resolution (100% availability since 2006) for 85 million active users in over 160 countries daily. With Cisco Umbrella, SPs can now offer a clean pipe service all the way to a full MSSP offer across a multi-tenant platform.

From small/midsize customers to large enterprise customers, SPs can now come to market with a diverse range of offers that are cost effective with minimum upfront investment. With Cisco Umbrella, SPs have the ability to easily grow as business scope grows.

With competitive pressure across the board, reduction in total cost of ownership requires a new approach. Cisco Umbrella cloud security is that new approach – it meets the needs of an SP business, increases the value of the offer, and drives new revenue streams while optimizing investments.

Think cloud. Think secure. Think now.

 

Authors

Avatar

Sam Rastogi

Senior Product & Solutions Marketing Manager

Leave a Comment
Avatar

Secure Agile Exchange Revealed

Cisco launched Secure Agile Exchange (SAE) last week in Berlin, Germany, as part of Cisco Live Europe.  It was part of our  DNA Virtualization announcement  – so subtle you might have even missed it.  We’ve been working on Secure Agile Exchange (SAE) for the last 3 years.  We have a few customers going into production now with at least another 2 dozen in the pipeline. It is not a single product or SKU, but a comprehensive solution.  SAE was derived from concrete challenges and problems we’ve heard from an endless number of customers.  Economists often say that innovation comes from small firms and most of the time they are right – not this time.

What is SAE?

SAE securely connects users – employees, customers and partners to applications across private data centers, public IaaS clouds and/or public SaaS clouds.

SAE enables enterprise hybrid cloud, reduces circuit costs, offers carrier/cloud independence, enforces consistent security, simplifies Moves/Adds/Changes, optimizes traffic flows, and reduces infrastructure. SAE is an open orchestrated NFV platform that doesn’t require the operational complexity of OpenStack or software switching overlays yet delivers on the benefits of virtualization at scale. SAE lives up to its name by securely connecting enterprise application consumers to providers leveraging x86 based hardware when possible and purpose built hardware when necessary.

The foundational components of SAE are the following:

  • High-performance NFV platform: Cloud Services Platform (CSP) 2100
  • Network services: Cisco VNFs such as CSR 1000V, ASAv, NGFWv, as well as 3rd party services such as the Avi Networks loadbalancer
  • Switching fabric: Nexus 9000 Series
  • Customer services: Advisory & implementation services; and optional Cisco Managed Services

What are the principles of SAE?

  • Virtualize, Orchestrate and Automate
  • Virtualize, Orchestrate and Automate
  • Virtualize, Orchestrate and Automate

Virtualize

Virtualization is foundational to orchestration and automation.  In networking, VLANs were instrumental in reducing the number of switches required to provide the desired network segmentation.  A single switch could be securely shared through re-programming.  The same holds true for Virtual Network Functions (VNFs) which can be created, retrieved, updated, and deleted (CRUD) through programmatic interfaces (CLI, Rest API, GUI, Netconf/Yang).

You can simplify and dramatically speed up your operations by making the leap to NFV.  There are very few use cases today in which you need a purpose-built physical appliance for L4-7 services.  SAE is built on a cluster of Cloud Services Platform (CSP) 2100s, an x86 hardware and software platform for data center NFV.  Scaling up and down and adding new services can all be done remotely and can be automated.  The CSP 2100 negates the need to order, cable, rack-and-stack dedicated hardware appliances every time capacity needs to be increased or changes are required.  Rolling in new purpose-built hardware appliances to increase capacity is not agile.  A pool of NFV compute resources based on the CSP 2100 is agile.  Also, we are seeing the trend to have a virtual firewall and virtual router per tenant so updates and problems do not affect other tenants (something not possible in the physical world).

Orchestrate

Orchestration is the non-real time configuration across many components within the SAE fabric to create a consumable end user service chain.  Within a single SAE location, application consumers and providers meet at an orchestrated cross connect built upon intelligent high speed switching, virtualized network services hosted on x86 compute, patterned and orchestrated for service catalog based operations.

Orchestration can be manual or automated.  If the end user service will be implemented frequently, then the orchestrator used within SAE is Cisco’s own Network Services Orchestrator (NSO).  The power of NSO lies in its model-to-model mapping principles. It is able to describe complex services at the Service Layer and map those services to device models, which represent different devices from different vendors. This way, complex services can be described and implemented in a simple way and pushed to the devices without having to worry about device vendor, configuration semantics, configuration interfaces, etc.

Automate

Automation is the workflow of collecting parameters and approvals to feed orchestration in support of creating end user services.  Automation originates with business policy that is collected through a workflow based portal.  The automated workflow may be retained in a service catalog and reused through an abbreviated workflow.

Automation is targeted at those zones that have frequent and complex Moves, Adds and Changes (MAC).  Extranet zones and application hosting zones are places where MACs usually occur frequently.  Even though MACs of applications and partners occur frequently, the basic connectivity and service chains in these zones will not change that often.  As a result, the automation focus is on the application specific policies that change often.

 

For additional details, please see our SAE Solution Overview.  If you have questions/comments, please email us at csp-2100@cisco.com.

 

Authors

Avatar

Gunnar Anderson

Product Manager

CNSG Product Management

15 Comments
Avatar

Your New Cisco Careers Website Has Arrived!

When I started out at Cisco five years ago as an Intern, I could never have imagined myself leading the redesign of the new Cisco Careers website. My teammates knew it would be a big job, and offered to help me with sanity checks (they did), but it turns out that it was a project that I ended up really liking, despite all the crazy stuff that comes with a big website launch.

The biggest reason is that the site is really about my teammates. It’s about my Cisco friends. It’s about colleagues around the world, and it’s about YOU. (Yes, you.)

For the last year, the Talent Brand team (my team) has been redefining how Cisco talks about what it’s like to work here. From using employee takeovers on WeAreCisco Snapchat to featuring employee videos and photos on WeAreCisco Instagram  and Twitter to the Life at Cisco blog. It’s really about you – what would make you want to come work with us, not what Cisco “the company” thinks we should tell you.

Even our friends over at LinkedIn shared with us that the first thing that most people do, and the last thing most people do before applying for and taking a job is that they talk with an employee of the company. That’s why the Talent Brand team works so hard to share employee stories, and now you can see them on the Cisco Careers website.

We’re going to let the photos on the Careers Website do the talking (along with the wonderfully written copy, of course) when you start “asking” around the site. You see, Every. Single. Photo. on our Careers site is either a photo OF an employee, or a photo taken BY an employee.

Careers

Let’s start with the photos OF employees. The people in the photos may look like models, but they’re real people, in real situations. (Yes, Cisconians look THAT good!) My own face (despite my protests) even made it onto the website. Who better to tell the story of Cisco through photos than real Cisconians?

Then there are the photos BY employees. There are fun pictures of employee desks, views from their windows (there are some great views around the globe) and even an office sunset or two.

Some of the photos are both BY and OF employees. Cisco has some amazingly talented technology-driven people who are also amazingly creative writers, photographers, artists and more. So, we asked some of those employee photographers to help us get shots of their offices and colleagues and desks and views. The WeAreCisco social media team also works with employees to get great photos for the social media channels, and we were able to use some of those as well.

Go take a look at them!

Even the text on the home page of the site – Be you, with us. #WeAreCisco. It’s all about YOU. As you can see from the images, pink hair tattoos, short, tall, male, female, and all ethnicities and viewpoints, Cisco wants your uniqueness. When you bring your authentic self and skills here, and then join with other unique people as a team, then #WeAreCisco, and the possibilities are limitless.

I guess what I’m trying to say is that everything about this project represents everything about what it’s like to work at Cisco. You get to be yourself. You’re stretched to do things to grow your career, you’re enabled to step outside of your comfort zone, you have great teammates with you every step of the way, and you work with some of the most amazing people around the globe. Yep, #WeAreCisco.

We hope all that is evident as you visit our new Careers site – don’t you want to just go ahead and apply now?

 

Authors

Avatar

Raymond Leung

Talent Brand Manager

Global Talent Brand