Remember VH1’s TV show “Behind the Music?” It featured a behind-the-scenes look at your favorite musicians rise to fame. It showed how success was not always easy. That failure was part of the process. That bands like Aerosmith or Counting Crows made mistakes that almost ruined or destroyed the band. The show not only allowed you to connect to your favorite band or singer on a deeper level, but taught you how to avoid their mistakes on your own rise to rock n’ roll fame.
Here at Cisco, we are always seeking deeper connections with people who are using our technologies to create new opportunities. Some of the best stories are now being featured as candid, interactive conversations on our newest platform: Unscripted by Cisco. Each month, TechWiseTV host Robb Boyd leads a lively, engaging discussion around the experience of customers on their journey of digital transformation. What happened, what we can learn, and often, ideas we can take back into our own operations.
The series began:
The series kicked off with Blair Antcliffe from the University of British Columbia, and Stefan Storey from Sensible Building Science. Hear how an PhD student with a fresh take on Wi-Fi Data Analytics was able to reduce University of British Columbia’s energy bill by $400,000 along with a 67% reduction in greenhouse gas emissions with Wi-Fi Data Analytics. Don’t worry if you missed the live conversation, go here to catch the recording.
Now, we are gearing up for our next episode around security:
Network security is always a balancing act between access and protection. This challenge is even more pronounced when there are thousands of employees working from hundreds of locations outside the traditional office.
Join us live this October as Robb Boyd chats with Joseph Paradi, Senior Director of IT for Avanade. As a global, consulting services firm with 10,000 employees spread across 24 countries, Joseph has a story to share.
NetDevOps is one of many new terms coming into the IT lexicon as “DevOps” has become widely adopted and lauded as a positive and valuable approach to software development. As the IT industry looks to expand DevOps to other areas, NetDevOps has emerged along with other new terms such as “ChatOps”, “SecDevOps” and even “NoOps”. It is so new a term and idea that the name “NetDevOps” hasn’t even been fully agreed upon… I’ve also seen “DevNetOps” being kicked around by some… and despite being a member of “DevNet” at Cisco, I personally prefer the moniker “NetDevOps”.
Carl and Captain Cloud Discuss NetDevOps
But what exactly is “NetDevOps”? Like its “grandfather”, there seem to be as many definitions for NetDevOps as there are people asked, so here is mine.
“NetDevOps brings the culture, technical methods, strategies, and best practices of DevOps to Networking.”
So what is DevOps? DevOps is a term applied to a new approach to software engineering that combines the “Development” and “Operation” of software into a single unified team and mindset. DevOps is a full lifecycle approach where “if you build it, you own it” and accountability for success is forefront in everyone’s mind. Technical principles such as automation and monitoring are key to DevOps, but it is much more than just a “Continuous Development” practice. DevOps is a cultural change in IT focusing on providing solutions faster, more often, more reliably, and aligned with business requirements. There are entire books on DevOps and for a great place to start see The Phoenix Project by Gene Kim.
I’ve been seeing more and more about “NetDevOps” come up on social media, at conferences, and in discussions with peers. The majority of these discussions focus on strategies for network automation and embracing “Infrastructure as Code” within the network. And while I am a HUGE believer and evangelist for both of these topics, I think we are cheating ourselves in the networking industry if we simply make “NetDevOps” another word for automation. Yes, Infrastructure as Code (IaC) should be a major part of NetDevOps… I’m actually quite fond of the term “Network as Code” But if we are going to work to make “NetDevOps” as important to the networking industry as “DevOps” has been to software development it must be as transformative. And it should start with culture.
NetDevOps Culture
Culture of Fear Loop
Many organizations today have a “Culture of Fear” about the network and network changes. The network is one of the most critical elements in IT, every other system relies on it for communications and to function properly, but it is seen as complex and fragile. In discussions with engineers, leaders, and executives from companies of all sizes and verticals, I have heard variations of the phrase “if it ain’t broke, don’t fix it”. Network changes are to be avoided if at all possible, and when they must occur they are subjected to rigorous, costly, and lengthy vetting. And despite this vetting, time and time again network changes are fraught with problems and unexpected impacts. The majority of these problems occur due to cases of human error and lack of thorough testing and validation.
The culture and approach to networking within organizations have created a reinforcing loop of fear and distrust that paralyzes networking teams from being able to deliver the agility required by “digital businesses” today.
Organizations practicing “NetDevOps” see network changes as routine and expected. This doesn’t mean that network changes are performed without plan and structure. It is actually the opposite. Because network changes are so routine, there is a well defined and practiced process for designing, testing and deploying network changes. By making them routine, network changes can be small and simple. And because they happen so regularly, the implementation team is practiced, and the larger organization doesn’t see the change as something unusual and of high risk.
Culture of Change Loop
Network Stakeholders
There are two stakeholder groups for the NetDevOps movement, the Network Builders and the Network Consumers.
NetDevOps Stakeholders
The Network Builders are made up of traditional networking teams. These are the architects, engineers, administrators and analysts. They are responsible for designing, building, and maintaining the network “utility” at an organization. Their focus is the care and feeding of the network, making sure it’s available for the “consumers”.
The Network Consumers are the users of the network. They simply want to consume “services” from the network. Services such as connectivity, analytics, power and security are all of interest to the consumers. These stakeholders are not from the “networking team”. They come from application, server, and security teams. They may even come from non-IT teams such as human resources and accounting! They have a limited core networking knowledge, and expect to treat the network like a utility – it “should just work”.
In NetDevOps, the network consumers should be able to consume the “Network as a Service”. That is through APIs, from a catalog, and in a self-service fashion. In order to meet that demand, network builders must build and operate the network using the NetDevOps practices and principals.
NetDevOps builds and manages a network that enables network services to be consumed in a DevOps approach.
Conclusion
Whew… NetDevOps is pretty exciting and I’m just getting started. In this first part we’ve defined NetDevOps and talked about its culture and stakeholders. We’ve explored how NetDevOps will dispel the “Culture of Fear” that exists across the industry today, and how it will bring together the Network Builders and Consumers. In Part 2, NetDevOps Goes Beyond Infrastructure as Code, I’ll consider “The NetDevOps Pipeline” that will control how we bring Continuous Development practices to networking, how DevOps principles of monitoring will impact NetDevOps, and lastly a look at ourselves – “The NetDevOps Engineer“.
I’m very excited to be involved in this transition and look forward to seeing it take shape and learning from all of you about your own thoughts and experiences as you embrace NetDevOps. Leave me a comment here on the post, or drop me a note over on Twitter (@hfpreston) or on LinkedIn (hpreston) and let me know your thoughts. And as always be sure to follow #DevNet on Twitter and Instagram for all the latest adventures in coding!
Until next time!
Hank, NetDevOps Evangelist!
We’d love to hear what you think. Ask a question or leave a comment below.
And stay connected with Cisco DevNet on social!
Imagine this: A weather app that tracks you without your knowledge or consent!
An Innocuous Weather App?
Weather apps are great. Who doesn’t have one?
Like everyone else, you downloaded a free weather app to your smartphone years ago. At that time it asked you to share your current location, as it promises the best weather information when it knows where you actually are. That makes sense. But what if you prefer to keep your location private? Maybe you just want to store a few cities in the weather app and that’s all? “Too many apps are asking for way too many permissions and too much information,” you thought to yourself. You opted out of location sharing.
Fast forward to today. You just read an alarming story about your free weather app: From day one, it has been secretly collecting your location data without your knowledge or consent. And worse, it’s been sending your data over to a third party company that converted it into marketing opportunities for other organizations. Wow, can you believe that! You’re furious! And this is a true story.
The Long Range Forecast
It’s about time for a better way to address situations like this. The General Data Protection Regulation (GDPR) is a new law designed to increase privacy rights for individuals in the European Union (EU), to create consistency across multiple jurisdictions, and to hold companies accountable. Under GDPR, organizations can’t get away with egregious misuse of personal information or they’ll face big fines. Plus they’ll also have to protect the information with “appropriate security” measures as well.
GDPR isn’t just for companies in the EU. It applies to any organization that uses any information to provide goods or services to the people who live there. At Cisco, we are a global organization and are subject to GDPR compliance ourselves. How about you? Your company probably is too.
The compliance deadline is May 25, 2018. Of course, it’s far too early to predict the weather on that day, but it’s not too soon to prepare your organization for GDPR. Just the opposite. In fact, the law is 260 pages with 99 rules (called “Articles or Law”) that you must follow. They cover not only individuals’ privacy rights, but also include cybersecurity principles necessary to properly protect personal information. It requires notification of a data breach within 72 hours of discovery. That’s not a lot of time.
So here’s where we ask: How ready are you for GDPR?
Your GDPR Readiness Kit
“The time to fix your roof is when the sun is shining,” a famous person once said, and the pre-GDPR sun is shining until May. Cisco has been hard at work shoring up our own organization for the deadline, and we’d like to help you prepare too.
That’s why we’ve scheduled a new webinar called “GDPR: Here’s What You Absolutely Need to Know.” It’ll be an engaging conversation with GDPR experts who will cut through the legislation and offer a practical approach to compliance. Think of it as your GDPR readiness kit.
GDPR is coming, whether (weather) you like it or not, and now is the time to prepare. Register now for our webinar! We’re holding two sessions, one for Europe and one for the Americas, and hope to see you there.
Imagine you’re a business traveler at the airport with a little time to spare before your flight. You fire up your laptop, access the airport’s free wi-fi, log on to your bank account, and pay your credit card bill to free up credit for your trip. Efficient use of time, right? Well, also imagine that you chose the wi-fi access point that looked most likely to be the free airport network from the several options that popped up in your connector – except it’s not. It’s actually a look-alike set up by a hacker, who is now tracking your banking and credit card information, because you’re logged on to his network. Not so efficient, or safe.
Such scenarios are unfortunately all too common. Many people equate “free” wi-fi with “safe” wi-fi, but that is simply not the case. With the connected workplace expanded well beyond company walls, both employers and their mobile workers need to approach online security differently.
Be Mindful of Cyber Risks and Maintain Hygiene
With cyber threats so frequent and diverse, users need to stay mindful of the risks. Many of us are more trusting than we should be when it comes to the internet. And, while everyone enjoys getting “free stuff” – internet access, social connections or interesting content – it’s the nature of commerce that something is extracted in return, such as privacy, web surfing habits, receiving advertisements. If you don’t understand what you’re giving up, you may be surrendering more than you want to.
Also, digital hygiene counts! We use our devices for more and more critical things – mobile work, banking, healthcare – so timely updating of apps or devices is crucial to protecting them. For example, big attacks such as last summer’s WannaCry and Nyetya attacks were completely preventable on devices which had the Windows upgrade that fixed the vulnerability. Yet hundreds of thousands of people didn’t apply the patch! If the lock on your front door was broken, would you wait to fix it? Think of the devices you rely on the same way. Installing updates only takes a few minutes, so commit to making this part of your daily routine.
The Employer’s Responsibility
There are many easy-to-deploy, cloud-delivered services that businesses can employ to help increase online safety. For example, Cisco Umbrella is a cloud delivery service that allows visits to safe websites and prohibits visiting risky ones. Additionally, if your resources permit, your IT department can collect embedded data about what devices connect to your network, and determine which may have become infected when off-net. As your company grows, any or all of these defensive layers can be deployed. Think of it like using a basic door knob lock, then adding a slider lock, then a dead bolt.
In addition, online safety requires having a safe connection. A practical option is for employers to offer their teams the reassurance of a Virtual Private Network (VPN), a highly secure pipe between their devices and your servers. Unless your company is legally restricted from doing this, providing your mobile employees a safe way to get online, even if for personal reasons, simply makes good business sense. Policies and controls can restrict inappropriate surfing, but protecting their devices and keeping malware out of your network increases your company’s overall safety – and productivity.
Even with these defenses in place, stay vigilant about proactively looking for intrusions, which will occur. Be able and ready to react. As with security cameras trained on buildings that already have door locks and badge readers, be sure you have some virtualized “camera” guarding your network.
Combating Human Error with Training and Education
Despite all of these precautions, people will still make mistakes. While first-hand experience is always an effective teacher, employers can help people “get it” when it comes to online security by creating targeted training programs. Communicate proactively about cyber risks in ways that are meaningful to specific job roles. A factory worker will face different risks than a bank teller or a mobile insurance sales person, so adapt training to their unique systems and processes. Then proactively notify employees when it’s time to do patches and updates, and, if possible, give them tools to do so easily.
At Cisco, we work hard to establish a culture of cyber security and to drive the online safety message home to our team. Our Cyber Ninja program encourages developers to earn levels of belts that represent increasing cybersecurity knowledge. We maintain Communities of Interest across the company to build a network of cyber knowledge transfer and mentorship. We’ve deployed Cisco Umbrella on every laptop an employee uses, providing an automatic protective layer they don’t have to think about.
Perhaps the most effective training is the quarterly phishing exercises we email to every employee. Everyone needs to be aware of and skilled on spotting phishing attacks. If someone clicks on a phish, they get immediate training on what they did wrong and how to spot the real thing when it comes. Over several years, markedly fewer employees take the bait.
Cyber safe remote work really comes down to awareness. The internet is an incredibly beneficial resource, but it also is an open, untamed and unregulated environment. Like navigating home through a large city, getting to your happy place online means you must first travel through some higher-risk streets. Act accordingly, and you’ll go a long way toward staying safe online.
October is Cyber Security Awareness Month, and Cisco is a Champion Sponsor of this annual campaign to help people recognize the importance of cybersecurity. For the latest resources and events, visit cisco.com/go/cybersecuritymonth.
Today Cisco is introducing a new addition to the Integrated Services Router (ISR) portfolio of branch routers. The ISR 1000 Series follows the new sleek design popping up across Cisco platforms, so it looks sexy, but that’s not why it’s so important. What’s so remarkable about the ISR 1000 Series is that for the first time it brings an architecture normally reserved for higher-end networking platforms down to a place accessible to branch offices of just about any size. Let me explain.
Multi-Processor Device Architectures
Higher-end network devices are built using lots of individual CPU cores working in parallel to process lots of complex features on a multitude of packets flying through the network. This sort of parallel pipelining allows for some advantages like excellent throughput even with highly complex features in the network. It does come with a cost, however, since coordinating all of those CPUs is complicated and expensive.
That’s why traditionally you’ve seen this architecture on high-end Service Provider core and Internet Edge routers like the Cisco ASR 1000 Series and even larger platforms where the cost and complexity is more easily justified. More recently, 2013 to be exact, we were able to bring this architecture, traditionally reserved for expensive custom ASICS, down to the ISR 4000 Series family of modular branch routers.
However, smaller branches with fewer employees haven’t been able to benefit from this architecture. It’s simply too complex and expensive to put multiple parallel processing CPU cores into a branch with less than roughly 100Mbps of throughput. In the Cisco world, these would be the portfolio of fixed Integrated Services Routers; so named because there are no modular interface slots and the interface choices are “fixed” at the time of ordering. Traditionally these would use a single CPU to handle all packet forwarding and feature processing. Simple and relatively inexpensive for those cost-conscious smaller sites.
Bringing the High-End Architecture to the Small Branch – The ISR 1000 Series
Bringing that multi-CPU architecture, and the IOS-XE software that drives it, down to a small branch router has been a goal for a long time. Recent developments from CPU vendors to bring faster, multi-core CPUs down in price, along with continued tweaking of the IOS-XE software to make it more efficient with less resources, finally make building an affordable, small branch router a reality. We can now use the same operating system and architecture from the largest Enterprise aggregation router, the ASR 1000 Series, down to smaller branch offices. The same architecture is also seen in our virtual router platforms, the Cloud Services Router and Enterprise Network Compute System with ISRv.
What that means, in practice, is consistency in features and capabilities across all Enterprise routers from Cisco. It means that as features and capabilities are added in one part of the portfolio, the ISR 1100 Series will benefit from those new features as will Cisco CSR and ASR 1000 Series.
Even without the efficiencies through a shared architecture, the multi-CPU architecture and IOS-XE bring additional benefits. You can now have the predictable performance from higher-end platforms on a smaller ISR, along with a truly integrated security platform with features like Trustworthy Systems, hardware encryption, Umbrella Branch, and Encrypted Traffic Analytics never before available on a fixed ISR.
Naturally, just like other fixed ISRs, the ISR 1000 Series will come in a variety of flavors with interface options to meet just about any need. There are options for Ethernet and DSL, as well as LTE Advanced. There is also an option for an integrated 802.11ac Wave 2 wireless access point (AP) with Mobility Express. That means the ISR 1000 Series can serve as an access point, while also acting as a Wireless LAN Controller for up to 100 additional lightweight APs in the branch.
Building out the Portfolio
The ISR 1000 Series fleshes out an already extensive portfolio of Enterprise Routing from Cisco. With Multi-CPU IOS-XE systems now from small branch through large aggregation plus cloud and virtual deployments, it’s a common architecture across the network. Add to this the new addition of vEdge appliances and Enterprise NFV and there’s support for exciting emerging architectures.
Of course there’s much more information available about the ISR 1000 Series than any blog post could hope to cover. For all that details, along with ordering information, head over to: https://www.cisco.com/go/ISR1000.
If you’re attending SpiceWorld 2017 in Austin, Texas, please stop by Cisco’s booth, #17, to see a demo and ask any questions you have about the ISR 1000!
Ymasumac Marañón Davis is an educational consultant, intuitive life coach and author. This blog is the third in a series around access. All thoughts are her own.
I am often invited to visit schools that have received awards because of high ratings in their use of educational technology and as innovative learning centers. This always excites me, a place where creative learning takes place for kids? Yes, sign me up! And from an initial glance they are definitely different learning environments. New flexible furniture, colorful walls and decor, excited adults – awesome! It is apparent, that there is an effort to change the learning environment; whether or not it’s actually happening at the core level of values and belief systems remains to be seen. What eventually unfolds is something we are accustomed to: some children are eager to share their projects with you, while the majority sit back and quietly share when prompted. What is most striking, is the projects are all vastly similar, if not starkly the same. Where then is the innovation and more importantly, what was the professional development like?
Innovation is a big buzzword right now in education. We need our kids to innovate – we want them to be creative thinkers – they need to think outside the box. The question then becomes, how do we do this?
In an effort to be innovative, schools often latch on to big ideas, like “maker spaces” (classrooms with Legos and art materials whose intention is to allow students to be creative and innovative in their thinking). Many schools are looking towards creating robotics or Lego clubs. All of these intentions are laudable. Unfortunately, these efforts alone do not impact learning for everyone. To do this, we must consider our learning environment.
Bringing in new furniture or programs without shifting the learning culture results in reverting to familiar classroom arrangements and teaching new programs with traditional, teacher driven pedagogy.
When exploring questions around access in education, we have to consider the learning culture of the classroom and school. Although many of the aforementioned efforts may intend to impact the learning culture, they often generate excitement among a small minority of teachers and students. How then, do we impact all students to truly think in creative and innovative ways?
Our starting point most likely is misplaced. Rather than look at students, we need to start with adults. Students are born ready for change and innovation, innately curious about the world around them. By middle school, this inherent drive to learn is minimized so drastically, it is troubling. That this happens in adolescence, when students’ brains once again have become as active as when they were toddlers undergoing an incredible transformative process, tells us that the learning culture surrounding them, rather than any innate characteristics, is what impedes innovative learning. We adults need to be willing to reflect on whether our learning culture truly allows all students to learn.
The good news is that there are adults who are very willing to take these risks and try something new, fail miserably, reflect, and try again! Every campus has at least one of these teachers who is, ready to create change and try new things. It is these teachers who create magic in our classrooms and from whom we can learn to do the same. How can we scale what they have mastered? First, start with the willing and then have them coach peer to peer. These risk-taking teachers are often more than willing to share. They have not just latched onto the tools but also the learning culture that is required to go with the new tools and programs.
Being willing to reimagine our learning culture requires us to examine the skills we hope our students achieve, and to assess, whether the characteristics and qualities of the environments support these skills. If we desire to cultivate the skill of curiosity in our students, then we need to ask ourselves what corresponding change in the learning culture is required. A quality that complements curiosity is risk-taking. However, many react to the prospect of risk-taking with fear: What if our students fail? What if our school doesn’t do well in state testing? These fears often stifle the risk-taking that enables innovation.
My son a freshman in college, recently described to me the frustration he sees from his college teachers, who want their students to speak up and take risks in the classroom through problem-solving. He said none of his peers ever volunteered or spoke up, even though his teacher encouraged them to try, even if it results in mistakes. “Why?”, I asked. His response: “Because they’re afraid to fail.”
“Where does this come from?” I asked.
“It starts in middle school and solidifies in high school. If we make mistakes it affects our grades, and if our grades aren’t good, we know it’ll affect our college prospects or even passing a class. So we don’t like making mistakes, because it means we aren’t doing well and the consequences are too severe.”
In one swift response to the question, “Why don’t students take risks?”
My son summarized our educational system’s culture that ties student performance to their grades, which are tied to school ratings, college entrance, prestige, etc.
I realize this asks us to reexamine our entire system, including our grading practices. Many schools are doing just this. Hampshire College in Massachusetts has dropped standardized testing as a requirement for admission. According to the school’s president Jonathan Nash, in an article published by The Independent, “Our applicants collectively were more motivated, mature, disciplined and consistent in their high school years than past applicants.”
Although many of us cannot make sweeping decisions like this, we can begin by examining the very area where students will spend a good part of their day – our classrooms.
How will students feel when they walk in? Will they, for that brief period, feel encouraged to stretch their limits and take risks? Will they know this is a space where they can tackle tough questions? Learning asks all of us to be present – not just our intellect, but our full selves, which includes our emotions and spirit. What will drive students through problem-solving, if not the inner spirit to know, the gnashing of emotions to pull through the unknowns of questioning?
So when it comes to teacher buy-in and scaling up, start small. Good learning practices can catch like wildfire.
Professional development should not just consist of learning new programs and using new tools and furniture. It should also be a space where educators have an opportunity for deep reflection on their own learning practices. Asking big questions. Educators need time to wrestle with these questions, and then the freedom to begin cultivating a new culture in their classrooms. To do this once is not enough. Professional development is more effective if it models coaching. Ultimately, good professional development should open up more questions and offer an opportunity to continue honing in on these questions throughout the year.
In the end, we have to ask ourselves, what drives us, what keeps us moving through? And then, with an honest lens, open up to the risks that enable innovation – creating magic in the classroom.
Innovative ideas and technologies drive Cisco’s goal to positively impact one billion people by 2025. With digitization and the surge of connected devices, good ideas can make a difference more quickly–and in more places–than ever before.
But without people, such innovations wouldn’t exist.
In schools, dorm rooms, and home garages around the world, students and young entrepreneurs are cooking up the “next big thing” in technology solutions — some of which can help address the world’s most pressing social and environmental problems. We know this because we met hundreds last year as part of the first-ever Cisco Global Problem Solver (GPS) Challenge.
From our grand prize winner, Project Vive, to People’s Choice selection ODA Systems, our prize funding is helping turn breakthrough technologies, products, and services into real-world solutions. It’s a unique opportunity, one that offers students a chance at global recognition for their drive to do more good.
We’re excited to announce that registration is now open for the second-annual Cisco Global Problem Solver Challenge. Individuals and teams of five can submit applications until December 1, 2017 at 5 pm PST. In order to register, individuals or at least half a team’s members must be currently enrolled as students or be recent graduates*.
This week has been a busy one for us. Besides the MLB postseason starting as well as the regular season openers for the NHL, our team was all over the world covering events and shows. In Tennis, the world finals start later this month, the men will be in London, while the women will be in Singapore.
Our team was in Amsterdam this week for the Kaseya Connect Europe show. We unveiled plans of our Cisco FindIT Network Management Platform integration for Kaseya. We could not be more excited to ride the wave of Cisco Small Business networking into Internal IT Administration and Managed Services. For years, Managed Service Providers and IT Admin’s have been asking for better Networking Administration and Management in Remote Monitoring and Management Suites such as Kaseya. The Kaseya VSA is one of the most popular RMM’s out there and we look forward to seeing how Kaseya Users adopt the new Cisco Small Business FindIT Network Strategy.
We are literally providing the ability to treat network devices like computers, laptops and servers within Kaseya. Yes, on par. For MSP’s, that means your network management capabilities just got a major boost, while the energy and cost to do so drops. We are excited, we hope you are too! Here is channel coverage from our friends from Channel2E.
Nasser, Nagaraja and I met with our friends at Newegg Business. It was great to meet the new Sales Director and our dear friend Scott whom we have worked with for years. Lunch was super fun filled with laughs and plans to ramp not only our products, but their overall networking sales. We have plenty of action items to close now!
Europe’s Largest IT Security Expo starts next week and runs from October 10-12th. Of course our team will be there along with the rest of the security industry. If you are planning on attending, please stop by and find Jo! IT-SA 2017 is being held in Nuremburg, Germany.
By now, you know our team (Nasser and Nag) will be in Austin at Spiceworld 2017. If you planning on attending, please stop by booth 17. We will be doing demo’s of FindIT and our products. You might even be able to get a glimpse of the FindIT integration inside of Kaseya…
Don’t forget about our earlier post for the Spiceworld 2017 show.
Hackers now work in organised gangs that target individuals to infiltrate organisations. It’s hard to stop them – but by taking an integrated approach to security, service providers can stay ahead.
Cyber crime has changed.
At one time, hackers were lone operators breaking into systems to cause mischief. Now they work in organised criminal gangs, on operations worth millions of dollars.
Hackers cleverly pinpoint an organisation’s weaknesses to enter networks. Often they do this by targeting specific individuals. Once they’ve found a way in, they might not be detected for a long time – and they can do a lot of damage while they’re there.
Spear phishing – how hackers get to know you
A cyber attack that tried to get you to download software or hand over information by sending a fake email is known as a phishing attack. When hackers do this by pretending to be someone you know, it’s called spear phishing.
Our video on the Anatomy of an Attack demonstrates how hard it can be to realise you are the victim of this kind of attack.
The woman working for the hacking gang finds out as much as she can about the company. She befriends the CEO’s wife on Facebook, and contacts the sales team so she can see the organisation’s email signature style.
She then sends an email to staff impersonating the boss. Anyone who downloads the attachment infects their computer with malicious software.
Once hackers have infiltrated a company, they are able to cause devastating problems. In the video, they extract a large ransom payment and release personal information held by the business, causing its stock to fall to an all-time low.
A growing problem
Spear phishing is attractive to hackers, because by finding just one weak spot in the system, they can potentially gain access to highly sensitive information.
The technique has been used for some high profile attacks. The FBI recently said that the 2014 hack on Yahoo that compromised over 500 million user accounts may have begun with a spear phishing email.
And businesses will become even more vulnerable to attacks like this, as everything, both within and outside organisations, becomes more connected. The growing adoption of the cloud and the internet of things gives hackers more and more potential entry points.
And once they’ve broken through, it’s easier for them to reach other parts of the system.
As the video shows, hacking into a network doesn’t require anyone to be stupid. All it needs is a small oversight.
Is there anything businesses can do to protect themselves?
Combating threats with an integrated approach
Powerful security products, including firewalls and malware detection, are essential for telecoms companies who want to provide a reliable service. But the best defence comes from taking a holistic approach.
That’s why service providers need to rethink the way they combat threats. They need to take a best of breed, architectural approach that enables service providers to deploy security that is simple, open, automated and effective.
All the elements in a security portfolio should also be communicating with each other. And there should be visibility across the system.
Cisco’s holistic approach to security
Cisco can provide the technology and expertise to provide you with high-level protection against cyber threats. We have a comprehensive suite of best of breed security products, and can advise you on how to bring them together into an integrated architecture.
And our products are constantly updated with information from Talos, our global security team that maintains a deep understanding of the latest threats around the world. The team has worked with service providers to take down major hacking gangs.
As the success of Talos demonstrates, Cisco’s strength lies not just in our cyber security expertise, but in applying that expertise practically to help keep businesses safe.
The approaches used by hackers are always evolving. But by thinking holistically and considering threats at every stage, service providers can stay one step ahead.
Find out how Cisco’s holistic approach to security can protect your organisation against modern hackers
