Year: 2017

February 21, 2017 Leave a Comment
Avatar

S’mores and Hybrid IT

S’mores by the campfire. Cocktail hour and sunsets. Your favorite meal cooked by mom. People, processes, and technology.

What do these all have in common?

Sometimes the classics are timeless because they just work. Resilient. Always a go-to. Beautiful in their simplicity.

As an ex-managing IT consultant, the classic IT framework of People, Processes, and Technology is simple yet profound. Faced with any IT “requirement,” use that framework and ask the question “Why?” five times. 95% of the time you realize the “requirement” is some bogus legacy need.

This axiom is more important than ever in today’s accelerating multicloud world. Yes, the cloud is a driving force behind most of the digital transformations organizations are undertaking. However, that’s just the technology. Scarily enough, that’s the easy part!

To optimize for success, IT can’t just transform the business with new technology. Instead, it needs to transform IT itself. IT must undertake a Hybrid IT transformation. And to succeed, yes you knew it was coming, IT need to manage change across people, processes, and technology holistically.

Hybrid Cloud vs. Hybrid IT

In today’s multicloud landscape, no one cloud fits all. Yes, you may be using AWS and/or an OpenStack Private Cloud. Leveraging SaaS heavily. Exploring containers and DevOps delivery. With a plethora of cloud solutions in every customer environment, we are in a Hybrid Cloud era.

According to Gartner, by 2018 96% of organizations using cloud services will also be using cloud services. However, ask 10 people and you will get 10 definitions for Hybrid cloud. To level set according to Gartner:

Hybrid Cloud: The coordinated use of two or more cloud services.
Hybrid IT: A trusted broker and provider for all IT services — cloud and non-cloud — from many different providers and styles.

And if this Hybrid Cloud definition is too simplified, it really includes these 5 Hybrid Infrastructure approaches:

Hybrid Management: Governance, operation and brokering across silos
Hybrid Infrastrucure: Integration of infrastructure hardware and utility components (only) between silos
Hybrid Orchestration: Composing a service across silos supporting coordinated workload provisioning and motion
Data Integration: Integrated data across applications and operating silos
Hybrid Applications: Integration of applications and application middleware across silos through APIs and service interfaces

So based on this, ‘what’s your Hybrid Cloud strategy’?  That’s a good question. However, a great question is ‘what’s your Hybrid IT strategy?’ How are you integrating and governing  all of this multicloud usage to simplify, secure, and transform your business?

The Cloud Gap
So even if you know where you want to go (aka your cloud strategy) that is only the beginning. According to research conducted by IDC with over 11,000 IT professionals, only 3% of organizations have optimized cloud strategies! Yes, 3%. And even more surprising (or shocking) 69% of organizations do not have mature cloud strategies in place.

This data reflects many of the challenges with today’s IT landscape. Managing both traditional and cloud applications. Automating the Data Center. Multicloud security. IT-as-a-Service. DevOps Environments. Application lifecycle management. The IT to do list is never ending.

And to tackle all these areas, IT must overcome skillsets gaps and a shortage of cloud talent. . . And ohh yea, you have less budget!

Where does one begin?

Meet your neutral Change Agent: Cisco Cloud Advisory Services 

Change is hard. Good luck trying to tackle org redesign and changing culture alone.

At Cisco, we have helped our customers adopt new technology with Professional Services for 30 years. However, we are seeing a huge growth in demand from our clients for Cloud Advisory Services. Our clients need a trusted partner in helping them manage the “Cloud Gap” across clouds.

Cisco Cloud Advisory Services is a primely positiond to be your trusted multicloud advisor since we are cloud neutral. We have no public cloud of our own to lock you into. Being cloud neutral we can leverage our integration, networking, and security roots to optimize your multicloud strategy and accelerate your Hybrid IT transformation. Our experts have designed and built some of the world’s largest clouds.

So if you are like our customers you may need help with a:

  • Hybrid Cloud Business Case
  • Cloud Transformation Strategy for DevOps or ITaaS
  • Application Migration Strategy
  • Cloud Skillset Blueprint
  • Multicloud Security Blueprint
  • Technology assessment

Yes we are technology nerds, but when analyzing your Hybrid IT strategy think about how people, processes, and technology will either make you or break you. And keep in mind Cisco Cloud Advisory Services is here simplify, secure, and transform your Hybrid IT!

To learn more: 

If you are at Cisco Live Berlin stop by the Cloud or Services booth to meet with our Cloud Experts.

Curious about a Cloud Strategy Workshop? Stop by the Cisco Business Cloud Advisor (BCA) booth to receive a personalized summary regarding your cloud environment and enter to win daily prizes!

 

Authors

Avatar

Jamie Alfieri

Product Marketing: Cisco Intercloud Services

2 Comments
Avatar

Start Navigating Your Digital Journey Today with Cisco DNA

How can you take advantage of new network virtualization and security innovations to help accelerate digital transformation in your organization?

As I flew from San Francisco to Berlin, Germany this week to attend our annual CiscoLive Europe (#CLEUR), I turned on my infotainment system to look at the navigation map. It was fascinating to watch my plane inch across the screen. Thinking about the pilot guiding our plane over an ocean where every direction looks exactly the same, I realized how important his navigational tools are. The value of these navigational aids can’t be underestimated, as they are the key to getting to your destination when the path isn’t always clear.

When Cisco launched its Digital Network Architecture a year ago, it provided IT leaders with a blueprint for building a digital ready network that would help accelerate digital transformation in your organizations. In just under 18 months we have seen over 1900 organizations deploy our SDN controller, APIC-EM, in their networks and start laying a foundation capable of enabling their digital transformation. With everything in enterprise networking changing so fast, having a clear vision and plan to build a digital ready network is more important—yet more challenging—than ever.

That’s why I am so bullish about today’s announcement of the Cisco DNA Advisor Program, together with the latest wave of Cisco Digital Network Architecture (DNA) innovations around virtualization and security. With these introductions, we’re helping you create your own unique plans for transforming your network, while providing you with some of the foundational technologies you will need to speed you on your journey.

Demystifying the Path

Let’s start with the DNA Advisor Program. This program, developed in collaboration with IDC Research, allows you to map your network’s journey towards a future state of your design. With IDC, we have built a 5-stage network readiness model across the 5 main digital network categories – architecture, automation, security, service assurance and analytics. For stage 5, we envisage a future state network that continuously and effortlessly aligns to all business needs. That means dynamically adjusting to meet all service level requirements, warding off security attacks and greatly simplifying network lifecycle management.

To learn more about how you can map your journey to a digital-ready network, read Scott Harrell’s blog here. Alternatively, you can just jump straight in and get started by doing your own network readiness self-assessment. This on-line tool and report allows you to compare your own network maturity with your peers, provides guidance on next steps and the potential business benefits of you moving to the next readiness stage. And don’t wait too long to give it a try, because 45% of organizations are already planning to have a digital-ready network within 2 years according to the recent IDC Digital Network Readiness Survey.

Latest Wave of DNA Innovations

But, it’s two different things to plan an ascent to Everest and to actually make the ascent. Likewise with your journey to a digital-ready network. The good news is that at Cisco we are continuing to execute on delivering the DNA technologies and capabilities you will need to make this journey as successful and risk free as possible. In this latest wave of DNA innovations, we are focusing our efforts on the critical DNA pillars of virtualization and security.

After years of virtualization making a huge impact on data center operations, we are seeing major strides forward in network virtualization for the enterprise too. Cisco was first to market with our virtualized solution for the branch, Enterprise NFV, and with the latest Cisco DNA virtualization enhancements we are extending our virtualization capabilities to the campus, colocation centers and public cloud. Organizations can now deploy virtualized network functions like the new virtual firewall, NGFWv, ISRv for SD-WAN, vWAAS for WAN Optimization and many more across a diverse set of places in their network. Digital ready platforms like the new Enterprise Network Compute System (ENCS) 5400 series, a purpose built platform for branch virtualization, and the CSP 2100 Series for colocation centers ensure optimal performance for virtual network functions. The end result is much greater flexibility and speed and choice of network consumption model. Learn more about these exciting new DNA virtualization developments in my colleague Allison Park’s blog here.

And then there is security. It’s no surprise that security continues to be the number one concern for network professionals. The latest DNA security innovations showcase Cisco’s security leadership and further enhance the unique ability of the network to act as a sensor to detect threats and an enforcer to block threats. 

First, in the latest 2.2 release of Cisco Identity Services Engine (ISE), security policy management is simplified making it possible to onboard guest users in minutes. ISE 2.2 offers much deeper visibility into applications on endpoints, including detection of anomalous behavior. It also offers more granular control with the ability to define “DEFCON” policy sets that allow customers to escalate their response to prolific threats. Secondly, Cisco TrustSec, delivers the industry’s first end-to-end software-defined segmentation with full visibility from the network edge all the way to the endpoint to the application in the data center or cloud. Speaking of the network edge, Umbrella WLAN is the industry’s first solution to deliver DNS level security to users at the edge of your network directly on the wireless access point. I urge you to learn more about these important DNA security enhancements from my colleague, Kevin Skahill here.

For those of you at CiscoLive in Berlin this week, don’t miss the sessions on Cisco DNA and these new introductions. For those of you that preferred to stay home, you can still catch some of the key sessions by registering virtually here.

As always, I’d love to hear from you on any of these new introductions and also on what else we can do to help you accelerate your network journey.

 

Authors

Avatar

Prashanth Shenoy

Vice President of Marketing

Enterprise Networking and Mobility

3 Comments
Avatar

How To Navigate Your Path to a Digital-Ready Network

As we face the biggest network disruption in 25 years, these tools can help light up the path ahead for IT leaders

“Digital transformation” often sounds like the latest buzz, but it’s not. Everything – and I mean “everything” – is being connected over the network: processes are connected across businesses and organizations, devices across industries, countries and cities; and workers, customers, citizens and partners across the globe.

Personally, I find it both exciting and awe-inspiring at the same time. In my role, leading the Enterprise Networking business for Cisco, I recognize that we have a huge responsibility. First and foremost, to help our customers transform their networks to gain a competitive edge in the mad rush to digitize. Second is a responsibility to ourselves at Cisco as we transition our core business from a traditional hardware-centric model to a software-centric model that allows us to quickly deliver new technology breakthroughs and streamline network consumption and lifecycle models..

By speaking to networking leaders, I know that the majority of you are experiencing the same excitement and moments of apprehension that I am. Many of you are asking yourselves:

  • How am I going to create a network roadmap that aligns to my organization’s cloud, mobility, IoT, big data and overall digitization roadmap?
  • How am I going to bring together all the new technology trends, such as software-defined networking, virtualization, cloud management, network-enabled analytics etc.? And how do make sure I sequence the rollout for success and simplicity?
  • How am I going to help protect my organization, intellectual property, workers, customers and partners with all these changes and new cyber threats?
  • And most commonly: How am I going to do all this with my current resources and budget? And, how to I help my business stakeholders understand the importance and business value of these investment?

There aren’t any magic solutions, but that doesn’t stop us from trying to create one. Over the last year, we have been working with industry experts, IDC Research, on a program designed to help you navigate your path to a next-generatiuon network.

The DNA Advisor Program consists of a framework and tools created to ease your transition to a “self-driving” network that is continuously aligned to the business. The best part is that you can learn a lot about your digital network readiness within just a few minutes, using the on-line self-assessment. Then, as you are ready, you can engage the right Cisco and partner resources to take the next steps.

Additionally, our Cisco Services team and partners can offer expertise and best practices along all parts of the plan, design and implement journey.  Want to learn more? Here are the highlights and how to get started.

 

  1. Cisco Digital Network Readiness Model – this 5-stage maturity model that maps the evolution across architecture, automation, security, service assurance and analytics towards a “self-driving” network constantly aligned to business needs.
  2. Benchmark for Network Readiness – IDC researched the current state of network readiness and where organizations are planning to be in 2 years, as well as the business value they are experiencing from more advanced networks. This extensive work is captured in two IDC whitepapers . The first discusses IT readiness to today’s organizations and the second covers business impact digital readiness provides to the organization.
  3. Self-Assessment Tool: To help you determine where your network stands in relation to your peers’ networks we offer a very simple on-line self-assessment tool, the Cisco DNA Readiness Advisor that delivers a short customized report. The report also provides basic guidance on next steps and potential business value of moving to the next phase. For more in-depth analysis and guidance, you should speak to Cisco and our partners about carrying out a guided Cisco DNA Readiness Planner .
  4. And finally, building on Cisco’s renowned networking practice, we are also introducing a new DNA Advisory Service, that delivers a strategic plan, readiness plan, business case and digital network roadmap.

Take a few minutes to get acquainted with all aspects of the Cisco DNA Advisor program. Check out the readiness model, read the IDC learnings, do the self-assessment and reach out to us and our partners to engage.

Altogether, or with each component independently, I believe we can help you navigate your own strategic journey towards a network required to streamline your organization’s path to digitization.

As always, feedback is incredibly important to us and I want to hear from you. How can this program help you, and what else would you like to see from us?

 

Authors

Avatar

Scott Harrell

Senior Vice President and General Manager

Enterprise Networking Business

3 Comments
Avatar

Mapping the Journey to Digital-Ready Networks

Over the next two years organizations will transform their network for the digital era in increasing numbers. In fact 45% of organizations1 are expecting to already have digital-ready networks in two years – triple the number today. And no wonder. Cloud, mobility, and IoT are placing unprecedented demands on the network. And that’s not even taking into account the threat landscape. Most IT leaders realize we need to change how we build, manage, and protect networks to keep up with the relentless pace of change.

But while the destination is appealing we know the journey doesn’t come with a built-in GPS. That’s why Cisco has teamed up with IDC to create the DNA Advisor Program – an initiative specifically designed to provide a predictable framework for customers on their journey to automated, secure, self-driving networks.

Starting with a five-stage digital network readiness model to help customers structure the journey, IDC then conducted a global research study to understand where customers are on the journey and where they plan to be over the next two years. This culminates in an online self-assessment or guided assessment that helps customers determine where they are on the journey and understand the potential business impact of embracing the recommended next steps to move up the maturity curve.

Create the blueprint for network transformation.

But we don’t stop there. Cisco is announcing a new Cisco DNA Advisory Service designed to help organizations build a cost-effective strategy to transform their network. The end result: A blueprint to achieve business objectives through technology while maintaining a stable, secure network during the transition.

Our experts help customers explore the right migration and transition options for their business.  We provide visibility into their existing technology so they can make informed decisions.

This strategic plan encompasses not just technology, but also their people and processes so customers can:

  • Reduce risk using proven methods to address gaps and identify dependencies
  • Lower OpEx by promoting consistency and standardization across their environment
  • Prioritize investments with total cost of ownership (TCO) estimates
  • Simplify and streamline existing processes

We work with customers to understand where they want to take their business. Then we build a roadmap with predictive steps to take them there.  The result is an end-to-end strategy that allows customers to move with confidence.

Build a foundation for extraordinary results.

The Cisco DNA Advisory Service uses our new framework—called DNA 8—which expands on the digital network readiness model to identify eight key areas to address during network transformation and why each area matters to an organization’s success.

Cisco DNA 8 Framework:

This approach simplifies planning discussions and enables customers to focus on the critical areas they need to address:

  • Where should they focus people, budget, and time?
  • How can they get the most out of the new technology and optimize what exists today?
  • What gaps should they address first? Why?

Built on over 30 years of expertise, our holistic approach equips customers to make better business decisions so they can prioritize investments and use their limited resources more wisely.

Realize the benefits of Enterprise NFV sooner.

As you’ve probably heard, Cisco® Enterprise Network Functions Virtualization (NFV) makes it easy to virtualize the branch.  To make the move from physical to virtual even easier, we developed two new services.

With the new Cisco Enterprise NFV Advise and Implement Service, our experts develop a comprehensive solution design and work with customers during implementation to ensure a smooth transition. This includes identifying dependencies and the effects of introducing the new capabilities into their environment.

We help customers:

  • Validate the new solution for their existing network and use case
  • Improve their results with a customized design tailored for their goals
  • Speed adoption by identifying and addressing technical and operational readiness
  • Reduce risk using our expertise, tools, and best practices

Our new Solution Support for Enterprise NFV centralizes support management across the products in the Cisco Enterprise NFV solution. So whether there is an issue with a Cisco or solution partner product, customers contact us. Our team of solution experts will be the primary point of contact and own the case from first call to resolution.

Combining solution-level support and our product support in one service, Cisco Solution Support resolves complex issues in solution environments on average 41 percent2 more quickly than product support alone—making it the right kind of support when deploying DNA solutions.

Start navigating your digital journey today.

Let’s build the foundation to achieve extraordinary results.  So you can spend less time making things work and more time innovating to drive your business forward.

Contact your Cisco representative and ask how our service experts can help achieve your business goals.  Learn more about our enterprise networking services at www.cisco.com/go/enservices.

1IDC White Paper, sponsored by Cisco, Is Your Network Ready for Digital Transformation, January 2017

22015 Cisco internal study

Authors

Avatar

Mary Hern

Marketing Manager

Cisco Services

Leave a Comment
Avatar

Make network virtualization a reality with Cisco DNA Virtualization

Last year Cisco laid out a blueprint for customers to build a digital ready network, Cisco Digital Network Architecture or DNA. Virtualization stood out as one of its key pillars and we announced Cisco Enterprise NFV,  a solution for virtualizing the branch, that enables our customers to deploy network services in minutes across their remote locations.  This year at CiscoLive Berlin (#CLEUR), we are announcing solutions that extend virtualization beyond the branch, across the entire enterprise network and to the cloud.

Introducing DNA Virtualization:

Wondering why anyone would want to virtualize their network? Well I’d like to introduce three customers who are using DNA Virtualization solutions to make their networks more flexible, faster and cost-effective.

Virtualization for the Branch

This retail bank is planning for their next generation branch that will deliver the best customer experience, and the IT team wants to make sure that the network is not a bottleneck to this new business initiative. The customer would like to consolidate all their physical network services in the branch onto a single virtualized platform. They selected the Cisco Enterprise NFV software solution and the new Enterprise Network Compute System (ENCS) 5400 Series hardware platform we are introducing a CiscoLive this week.

This specific customer has over 250 branches and before ENCS and ENFV, they had to travel to each branch every time a problem occurs just to install a sniffer.  Now the network engineer says he can simply spin up a new service, with a few clicks, from his office without having to leave his desk. Pretty cool.

ENCS is a robust, high-performance modular compute platform designed by Cisco specifically for hosting virtual network functions (VNF’s) in the branch.  For more details about Enterprise NFV and the new ENCS platform, please see the blog post from my colleague Matt Bolick here.  In addition to the ENCS, we are also announcing support for NGFWv, a virtual FirePower as we know security is top of mind for our customers. This adds to our existing portfolio of VNF’s, vASA (firewall), vISR (routing) with Umbrella Branch, vWAAS (WAN Optimization) and vWLC (wireless LAN controller).

Virtualization for Colocation Centers

 Digitization is challenging the network perimeter (DMZ). Employees are becoming more distributed, connecting remotely to get access to their email and other productivity apps. Ecommerce is changing how businesses engage with their customers and as supply chains evolve, business-to-business communications is growing. Much like the branch, the network perimeter is static and the digital era is demanding a more flexible and scalable network perimeter.

This particular customer is a financial institution is growing with more customers and business-to-business traffic.  The network perimeter needed flexibility and scalability as the user base grew and applications they need to access moved to the cloud.  They chose the Cisco Secure Agile Exchange solution to virtualize the network perimeter to dynamically connect users to applications.  For more scalability and better application experience, they are moving this virtualized network perimeter into Equinix colocation centers.

For more information on Secure Agile Exchange and the CSP 2100 virtualization platform, please visit this page.

Virtualization for the Public Cloud

This customer, like most of our other customers, are moving to the public cloud.  The public cloud allows them to scale in a pace that no other technology can.  Multiple business groups within the company have various accounts and deployments within this cloud provider throughout the world and in different regions.  They quickly figured out the need to connect these clouds together and Cisco’s cloud router CSR 1000V was the answer.

This week we are announcing a few enhancements to the CSR 1000V in the Amazon cloud.  In addition to scalable VPC deployments I just described, the  CSR 1000V can now scale up to 5 Gbps, you can purchase an annual license directly from Amazon and get Cisco support if and when you need it.  Read my colleague Cathy’s blog for more details on VPC deployments and how Adobe used CSR 1000V to help deliver rich digital experiences to their customers.

Meet us at Cisco Live Berlin (even if you’re not in Berlin)

If you are at Berlin this week and want to learn more about DNA Virtualization, check out these sessions and visit us at the World of Solutions to talk to the experts.  Even if you aren’t in Berlin, some of these sessions will be broadcasted live and will be available to view in a few weeks online.

Authors

Avatar

Allison Park

Product Marketing Manager

Enterprise Networks

3 Comments
Avatar

Enterprise Network Security: Is it in your DNA?

If you were driving a race car without brakes, chances are you’d keep your speed in check. How else could you manage the corners? Pushing the pedal-to-the-metal on the straightaways and actually reaching the car’s peak performance would only end poorly when the road turns. The same can be said for enterprise network security: only with proper security capabilities can you run your digital business at breakneck speed.

This breakneck speed is being fueled by the growth of mobility, IoT devices, and private and public clouds, all of which massively increase the attack surface for threat actors.  Meanwhile the top recommendation of the newly released Cisco 2017 Annual Cybersecurity Report is that “as the attack surface increases, defenders must focus on their most important goal: reducing their adversaries’ operational space.”

Fortunately, you can keep the pedal-to-the-metal while reducing your adversaries’ operational space by building security capabilities into the very fabric of your network. The network can provide deep visibility into network traffic patterns and rich threat intelligence. With Cisco DNA, the network can be used to quickly detect cybersecurity threats and then automatically take action to stop them.

Baked in, not bolted on

Cisco’s Identity Services Engine (ISE) and TrustSec can help turn the network into a sensor and enforcer. ISE provides visibility and control of users and devices on the network, while TrustSec provides software-defined segmentation to isolate attacks and restrict movement of threats in the network. Together they form a dynamic duo.

At Cisco Live Berlin, we’re announcing the latest Cisco DNA Security advancements, including the latest releases of ISE and TrustSec.

Deeper visibility, more granular control: Cisco ISE 2.2

ISE 2.2 offers much deeper visibility into applications on endpoints and more granular control. But the feature that really floats my boat is the ability to define “DEFCON” policy sets that allow customers to escalate their response to prolific threats.

Rapid threat containment is tremendously powerful in dealing with a handful of systems at a time.  But what if numerous systems are simultaneously getting “popped” and a threat is spreading in real time?  That’s where ISE DEFCON policy sets come in.

DEFCON powerfully enhances your incident response playbook with the ability to move to pre-defined responses to systemic attacks. Rather than changing the authorization of individual users and devices, or implementing policy changes manually, changing DEFCON state changes the TrustSec policies defining how users, devices, and systems can talk to others — essentially raising the “network drawbridges” to protect your critical data and maintaining essential services. For example, you could define DEFCON 4 to kick all guests off the network, DEFCON 3 to kick all BYOD users off the network, DEFCON 2 to restrict peer-to-peer traffic, and DEFCON 1 to severely limit access to your “crown jewels.”

ISE 2.2 also provides Streamlined workflows that include guest, secure access, and BYOD setup with Cisco Wireless LAN Controllers in as little as 10 minutes. This approach also extends to customers migrating from the Cisco Access Control System (ACS), which Cisco recently announced will go end-of-sale. An enhanced ISE migration tool now streamlines ACS replacement so you get all the same ACS benefits coupled with advanced secure access, profiling, and postures capabilities offered with ISE.

And it’s not just us. SC Magazine recently recognized Cisco ISE with their 2017 Best NAC Solution award. If you’re interested in learning more you can ready this technical blog.

Dynamic Segmentation: Cisco TrustSec 6.1

TrustSec Software-Defined Segmentation reduces risk and restricts the lateral movement of threats in a network, allowing for these segmentation policies to be enabled and changed without reconfiguring network devices. This proven technology can enable security policy changes 98% faster and with 80% less operational effort than the traditional VLAN-based segmentation.

TrustSec has now been extended to Cisco Access Points, WAN routers, Cloud Services Routers and Industrial Ethernet switches that now work seamlessly with the existing TrustSec-enabled Catalyst and Nexus switches. Coupled with new integration with Cisco ACI, TrustSec now enables dynamic segmentation anywhere on the network, from the edge of the network to the data center to the cloud.

Among the many use cases, Mondi is using TrustSec to rapidly integrate new acquisitions into their security architecture and dramatically simplify firewall policy management. We at Cisco are using TrustSec to segregate high-risk labs as well as simplify security during divestments. Banks are using TrustSec to meet regulator’s segmentation requirements and ensure that only authorized users have access to financially regulated applications. And security-minded agencies of governments are using TrustSec to restrict peer-to-peer communications that could cause lateral movement of threats.

With these new capabilities on ISE and TrustSec, Cisco is now the first in the industry to deliver software-defined segmentation across the entire network—from the network to the endpoint to the cloud – with complete application visibility.

This is important because you can only drive at digital speed if you have the right security. And by turning the network into a sensor and enforcer, Cisco is helping our customers accelerate their digital journey.

 

Authors

Avatar

Kevin Skahill

Senior Director for Security Policy & Access

Secure Access and Mobility Product Group

February 20, 2017 3 Comments
Avatar

Caffeine for the Tech Brain: TFDx at CLEUR this Wednesday

Tech Field Day Extra is back at Cisco Live Berlin this week – an exciting 2 full days of deep dives, white boarding, Q&A, and lots of fun, geeky, conversation. The Monday sessions will soon be online for playback while the Wednesday sessions of TFDx are some must-watch programming.

I personally love joining Tech Field Day to see the types of questions that get asked. Usually, the delegates in the room (i.e. kickass nerdy bloggers) will very gently ask searing questions of the speakers. We prepare the speakers by telling them they’re stepping into a ring with live tigers.   Additionally, remote folks viewing the livestream will often come up with their own questions, which they tweet at the Delegates (using #TFDx , naturally) and can add some great, unexpected insights.

Many of the topics are on newer solutions, released in the last 12-18 months, and have not been discussed at a Tech Field Day before now.

On Monday we covered ACI, Tetration, the recent Digital Building announcements, and Contiv.  On Wednesday we have HyperFlex, DNA, and a *few* discussions I can’t disclose yet.  But based on the rehearsals we’ve done – it should generate some great conversation.

How Can I Participate?

*Set aside time in your calendar for 9am Wednesday, (midnight PT)*

See it Live: Want to watch from home? Video will be livestreaming on our EN Customer Connection Program Cisco Live Berlin Page and on Tech Field Day’s CLEUR page.

On the Twitters? Use hashtag #TFDx (along with #CLEUR, naturally) and tweet comments & questions in general or ping one of the delegates. Their handles are below:

Or just follow along to see fun things like this:

https://www.instagram.com/p/BQunFWjDBLq/

Authors

Avatar

Lauren Friedman

Marketing Manager

Enterprise Networks

9 Comments
Avatar

Leadership and Diversity: Catalysts for Change

There’s never been a better time to do something amazing. Within Cisco’s Digitization office (CDO) we are living this every moment and embracing this mantra as part of everything we do. Cisco is in the midst of a significant transformation, from a traditional hardware business to selling our innovation through software deployed in the cloud with flexible consumption models. While we are changing internally, we are helping our customers navigate through this transition as well.

So where can we learn from other established companies who have made major transformations? The book, “Who Says Elephants Can’t Dance?” talks about IBM’s historic turnaround from large mainframes to solutions, one of the biggest transformations of the past decade. Cisco is in the midst of an equal, if not bigger transformation and we are making huge pivots in every direction. The CDO team is driving changes across product, customer adoption, sales & several other functions.

One of the key insights from IBM’s transformation story talks about addressing the corporate culture as an integral part to drive change. The Women of CDO is a group of high potential women leaders who are driving this cultural change within Cisco. Many of us recently attended the Watermark conference on February 1st, for a day of learning and inspiration. We participated in an immersive series of sessions on leadership development, business transformation, disruption, personal development, etc.

The conference featured many notable speakers like Sheryl Sandberg, Madeline Albright, and Condoleezza Rice. Each keynote ended with a standing ovation and left the audience with powerful quotes:

  • “Happiness is not equal to pleasure, it is the joy you feel when moving toward your potential.” (Shawn Arbor, The Happiness Advantage)
  • “We are living in a time when women need to be United”; Bureaucracy needs disruption, not destruction.” (Madeline Albright)
  • “As long as you’re living a life, you have a story. Your story can change the world.” Viola Davis
  • “What the caterpillar calls the end of the world, the master calls the butterfly.”  (Breakout, Fear of change)
  • “There’s no limit to what you can do when you let others take credit. Let go of needing credit.” (Breakout, Reclaiming Civility)

We split out as a team and attended a diverse set of breakout sessions to maximize learnings back to our teams. We learned the power of the Connection Quotient (CxQ), going beyond Emotional Quotient and Intelligence Quotient, which have been in our vocabulary for a long time. A recent HBR study shows that 1/3rd of value added collaboration comes from 3% of employees. This calls for a need to leverage connections strategically to solve business problems and that is where CxQ comes in handy, to identify the right connections. Quora is a great tool to solve problems through crowd sourcing https://www.quora.com/ to capitalize the Connection Quotient.

Another great insight related to driving change that many of us found fascinating was that change not only requires us to let go of past failures but also successes and find new, innovative ways to reclaim success.

We are spreading the richness of our experience from this fabulous event, to accelerate the transformation that will change the Way We Work, Live, Play, and Learn. Are you ready?

 

Authors

Avatar

Pooja J Kapoor

Product Management Leader

Digitization Office

2 Comments
Avatar

A Comparison of SOC Models for Today’s Need of Monitoring & Detecting the Latest Cyber Threats

At Cisco, we are often asked to take a vendor agnostic approach when developing a Security Operations Center (SOC) strategy, and as such, we must consider the importance of distinguishing between the various types of SOC models in today’s demanding security needs. However, before explaining the various models that exist for today’s need of monitoring and detecting the latest cyber threats, we must first understand, “What is the purpose of a SOC and what organizational goals would implementing a SOC achieve for the greater good of the organization?”

The purpose of a SOC is two-fold: provide central monitoring capabilities to detect, identify, and respond to security incidents that may impact the organization’s infrastructure, services, and customers. The SOC aims to detect and contain attacks and intrusions in the shortest possible timeframe, limiting the potential impact and/or damage that an incident may have by providing real-time monitoring and analysis of suspicious events. If a SOC can halt an attack in action, it already has saved the organization time, money and possibly data exfiltration and brand reputational damages that may have been endured depending on the extent of the attack.

There are multiple models in which understanding the key differences becomes an invaluable measurement to the path an organization chooses to take when securing their daily operations from a monitoring and detection perspective. It is important to note that no two organizations are alike and the model that is chosen will highly depend on the following criteria, but not limited to: the size of the organization, the budget within IT Security, the skillset amongst IT personnel, previous incidents the organization has encountered in the past, the type of industry the organization is in, along with the data that the organization handles day-in and day-out.  All have a strategic impact in the way you will shape, design, and architect your SOC.

The Primary Models:

Internal SOC

Building an internal in-house SOC is recommended for large-sized organizations who are mature from an IT and IT security perspective. Organizations who tend to build internal SOCs have the budget to support an investment that includes 24×7 around-the-clock effort and tends to deal with lots of moving parts in and around their network infrastructure.One of the more essential advantages that building an internal SOC has includes having the most visibility across the network (internally). The team is dedicated internally and will have the capability to monitor the environment and all of its log sources, providing a complete picture of where the organization stands from a threat landscape perspective. Some significant disadvantages include: possible misses in detection, a struggle to recruit and retain talent, and high upfront investment costs. In addition, this model typically takes a considerable amount of time to build at an effective and efficient level.

An advanced version of this model is referred to as a “fusion center”, which incorporates detection, response, threat hunting, intel sharing, and data science together to support a center’s mission in protecting the organization.

Virtual SOC

Selecting a virtual SOC is recommended for the majority of organizations who seek assistance from an outside firm to perform highly-skilled monitoring and detection duties. Some organizations may be mature in nature from an IT and IT security perspective, however budget constraints and limited expertise may hinder the ability to build a fully functional internal 24 x 7 SOC. Conversely, some organizations may fall under the very immature stages of protecting the organization and require expertise to step-in quickly to handle monitoring and detection efforts.Advantages of this model include: quickest, simplest, most scalable, and cost-effective to implement. In this model, since there are a wide variety of clients and industries that MSS (managed security services) typically support on a daily-basis, the expertise and wealth of additional intel can be invaluable for an organization. While this seems to be an attractive model for most, some disadvantages to consider include: the organization having reduced visibility of where they stand from a threat landscape perspective (at a granular level), some data is handled by a third party, and longer escalation times since the MSS wouldn’t nearly be as familiar with the organization as compared to dedicated internal employees.

Hybrid – Small Internal & Virtual SOC

A hybrid model brings out the best of both worlds; in-house staff complemented with third-party experts, offering the most secure approach from a monitoring and detection standpoint as there are supplementary pairs of eyes and double checking (of alerts) that takes place. Most organizations at this level are large enough to build a small team of their own, however lack the capability to build a fully functional internal 24 x 7 SOC because of budget constraints, expertise, lack of resources, and so on.Advantages include: most secure from a monitoring and detection perspective, quick detection & response time, low backlog as there are additional analysts (internally & externally) working through low, medium, and high priority findings. Additionally, this model offers the best learning combination for an organization and its employees in gathering and cross-training knowledge from the experts of an MSS. Significant disadvantages include: setting up additional hardware, data handled through a third party, and can be costly to sustain long-term.

There are multiple ways of envisioning the best approach in selecting a SOC model.  The choice will highly depend on how the organization can handle existing threats.

For instance, you may want to ask, does your organization have the bandwidth and skill set to support monitoring and detection efforts after business hours? If the team cannot support this effort on a 24 x 7 basis, a hybrid solution may be considered in one instance where an MSS can examine lower priority finds (typically low-level alerts), and the internal team can handle higher priority concerns. There are many other instances where a hybrid solution can be effective depending on the needs of the organization, and better yet, any of these models can be effective as long as they are implemented to accommodate future growth of the organization and anticipate the next challenges the industry as a whole faces in combating cyber threats.

Have questions about your specific situation? Leave a comment for me here or visit our Security Advisory Services for Threat Management page to learn about our services.

If you’re attending Cisco Live Berlin this week, stop by World of Solution Hall 3.2 where we’ll have experts on hand in the Security and Security Services Zones to discuss best practices for building and running a SOC.

Authors

Avatar

Aaron Varrone

Threat Management IC

Cisco Security Advisory Services