I am pleased to announce that the OASIS CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2 committee specification is now available. As covered in our previous blog posts, the purpose of the OASIS Common Security Advisory Framework (CSAF) Technical Committee (TC) is to standardize the practices for structured machine-readable security vulnerability-related advisories. The CSAF TC is focusing all efforts to enhance the CVRF specification originally developed by the Industry Consortium for Advancement of Security on the Internet (ICASI). The CVRF language supports the creation, update, and interoperable exchange of security advisories as structured machine-readable content.
Cisco recently wrapped up its annual worldwide sales conference, and while much of the content and conversations were directed toward our salespeople, all of it was focused around our most important audience—our customers.
I had the privilege to present to more than 3,500 sellers, to update them on Cisco’s transformation and how we are enabling our customers’ digital businesses. Here are a few of the key takeaways from the week and how they directly relate to our customers.
Pervasive Underpinning of Digital Transformation
The world is changing, and fast. It may surprise you to learn that the latest Ford F150 pickup trucks contain 150 million lines of code, more than a Boeing 787 or the Android operating system! This fact highlights that every industry is being digitally disrupted and moving toward more software-defined business models.
As this happens, companies need one pervasive network to be the underpinning of their entire organization as they become a digital business. They simply can’t afford to have separate networks for diverse functions. Cisco recently unveiled The Network. Intuitive where we reiterated the importance of the network as the enabler of digital business transformation and reclaimed our identity as the networking company. Customers need a network that will act as an intelligent system and respond at the pace of business. A network with automation, analytics and security baked in its fabric. This is precisely what Cisco brings to the table with The Network. Intuitive.
Aligning to Cisco’s Innovation Roadmap
As I mentioned in an earlier post, digital transformation is never ending. This reality requires companies to have visibility into Cisco’s architecture roadmap, so they can align their business transformation with our continuous innovation. As customers understand what we are doing and where we are headed in terms of delivering a new era of networking that continuously learns, adapts and protects, they will want to broaden the Cisco network across their organization.
Cisco’s Transformation to Serve Customer Needs
Before joining Cisco two years ago, CEO Chuck Robbins asked me two questions: 1) Where is technology going? and 2) What are the implications for business?
I quickly learned we had two core assets—tremendous talent and incredible innovation. However, before we could fully leverage these strengths, we first needed to address our customers’ needs by pivoting from a hardware-based business to a “consumption” company.
By reinventing both our operating model (how we work) and business model (how we deliver customer value), we have been able to simplify our portfolio, so customers can more easily consume all that we have to offer. This work is bearing fruit as evidenced by the recent Enterprise Agreement (EA) announcement. With EA, customers have a simplified buying model, a real-time consumption model view of licenses, and an enterprise-wide contract. These capabilities allow customers to centralize license management, predict budgets, and have a more strategic relationship with Cisco. In FY2017, Cisco experienced 56% growth in EA sales. Customers, especially in the C-suite, are seeing the value Cisco delivers to their businesses. And this is just the beginning.
Cisco is also simplifying its breadth of offerings into suites. For example, the Catalyst 9300 combines hardware, software, and services. This approach of building continuity into our portfolio through suites enabled Cisco to sell 47% more software. While this is good for Cisco, it’s even better for our customers because they benefit by participating in our ongoing innovation and product roadmap, which speeds their digital transformations.
A New Conversation
Cisco is no longer solely a hardware-centric product company. We have spent the past two years changing into an intent-based networking company that is defining a new era of networking – secure, automated and built for the digital business era. In addition, we are just at the beginning of an incredible cycle of innovation as we extend these new intuitive networking capabilities across our portfolio. Just as important, our business and operating model transformation to support our customers’ demands for flexible consumption options now allows them to gain faster and easier access to Cisco’s innovation where, when and how they want.
My overall message to our sales team, along with our customers and partners, is that Cisco has reached a critical milestone, and now we are focused on scale and acceleration to achieve our full potential and deliver even more value to customers.
Unlike traditional marketing, digital marketing is more flexible and lets you tell your story on the range of channels that buyers frequent. You can start small by testing proven tactics like email nurture programs, paid advertising, and social media. Then you can optimize and scale your campaigns as you grow.
The more relevant, interesting, and nonintrusive your digital strategy is, the more likely it is you’ll reach your intended audience. Here are some tips on creating a seamless conversation to boost your brand and move your business forward.
Tie goals to your mission statement
Use goal setting ACES: A(chieve) C(onserve) E(liminate) S(teer clear)
Marketing automation lets you synchronize efforts on every channel, from email and social to SEO and paid search, and across every device to deliver a seamless conversation. It also crosses a wide range of initiatives with many key benefits:
Your website is one of the most effective channels for attracting and retaining customers. But do you have the right tools to engage website visitors in personalized conversations?
To assess the quality of your website, it’s important to consider the following factors:
Responsive design is a modern approach to web, email, and landing page design that ensures that your content is readable and consumable on any device, such as your desktop computer, tablet, or mobile phone. It creates a consistent and engaging user experience on any device including:
Website and landing pages
Email Design
As a Cisco partner, you have a wealth of resources at your fingertips—all designed to help you stay one step ahead of the game. Be sure to explore each of these resources for even more information on digital readiness.
Some things really are rocket science. Like the research astronomers are doing at the ALMA observatory in Chile. There’s only two of them though… on top of a mountain in the desert. Everyone else works in the processing center miles away. So, when ALMA needed an IT overhaul to support the data gathered from the stars, they had some very specific requirements. And our partner Dimension Data got to work.
Dimension Data says…
The world’s largest observatory ALMA (Atacama Large Millimeter/submillimeter Array), located in the Chilean Atacama Desert, needed their digital network infrastructure to withstand one of the most extreme environment on Earth – 5,000 meters above sea level.
The conditions are brutal. Cold, wind, snow, low humidity, and lack of oxygen. It’s a challenge to move data from the sixty-six 15m tall antennae through dedicated fiber optic links to the Operations Support Facility (OSF) 28k away and nearly 3000m closer to sea level. The OSF hosts a data center, state-of-the-art labs, offices and dormitories where more than 200 people work every day with the data from the observatory.
Using Cisco servers, software, and storage, we installed a robust and reliable digital network architecture that stores and transports data through high-speed networks. It works in real time from the telescope antennas to a supercomputer for processing. And also, a virtualization solution for routing and LAN capabilities.
This also gives ALMA greater operational efficiency and services without requiring people to climb a mountain or cross the desert.
If you’ve followed my blogs for long, you know I’m a big believer in the Internet of Things (IoT). IoT is part of a digital transformation that will revolutionize virtually every industry—manufacturing, healthcare, mining, transportation, agriculture, and the list goes on. But to fulfill its promise, IoT must be secure.
Today, I would give the overall state of IoT security the grade “C+.” We have made progress, but security remains the greatest barrier to IoT adoption. Just last week, researchers disclosed the “BlueBorne” attack vector, which puts at risk 5.3 smartphones, printers, and IoT devices that use Bluetooth communications.
IoT also represents a huge opportunity. A new report from IoT Analytics predicts that in the next five years IoT security will grow into a $4.4 billion worldwide market.
To be fair, IoT presents a unique security challenge: It is more distributed, more heterogeneous, and more dynamic than traditional IT security environments. It also introduces new scenarios (think networks of connected cars or sensor swarms) and new elements (a plethora of traditionally unconnected consumer-class devices) that require brand new approaches to security. And in many cases, IoT deployments operate in mission-critical situations, where a security breach could bring down a whole production line or transportation system.
Like the Internet of Things itself, the increasingly complex world of IoT security requires unprecedented levels of collaboration, cooperation, and co-innovation along the entire IoT value chain. Rather than assuming that cybersecurity is someone else’s job, everyone should have a sense of personal responsibility for keeping IoT secure.
Own your role in IoT security
IoT security isn’t just the Chief Information Security Officer’s (CISO) job; it’s everybody’s job throughout the value chain—from manufacturers to end users.
It starts with device vendors. Too often, device connectivity (especially for consumer-class devices) is an add-on feature with little consideration for enterprise-level requirements including security. Unlike highly standardized personal computers, servers or smartphones, IoT connected devices vary a lot in capabilities, which makes it difficult to provide consistent security treatment across all of them. It has also been a challenge to convince device vendors—especially consumer device makers—to invest in security. They often view the extra cost, complexity, and time to market as extra burdens with unclear payoff. Thus, it’s no wonder that we still find rudimentary vulnerabilities such as default names and password hard-coded into these devices. And hackers are more than happy to exploit them.
Security vendors are responding just as they did 15 years ago when Wi-Fi took off and consumer-class Wi-Fi clients started proliferating across enterprises. Granted, the challenge back then was at a significantly smaller scale and complexity. Still, the industry got together to work on standards, interoperability, and certifications, and we’re doing the same thing for IoT today. I’m glad to say that following last year’s IoT Distributed Denial of Service (DDoS) attacks, pretty much all major security vendors have finally started to invest appropriately in IoT security.
Standards are evolving in horizontal and vertical standards bodies and in consortia. For example, the Internet Engineering Task Force is working on developing standards governing the ways manufacturers should disclose how their devices are expected to function, so that networks can detect and block anomalous device behaviors. Other organizations such as the Industrial Internet Consortium’s (IIC) security working group and IEEE have also been very active in developing IoT security frameworks, standards, and methodologies to help ensure cybersecurity across interconnected IoT systems. In vertical standards bodies such as ODVA or ISA the IT and operational technology (OT) teams evolve industry-specific best practices and combine them with horizontal approaches.
Governments have a role in overcoming these security challenges as well. In the United States, the Federal Trade Commission has recently released new guidelines for how manufacturers should inform customers about device security, including whether and how the device can receive security updates, and the anticipated timeline for the end of security support. However, it is critical that the governments work closely with the industry to establish consensus around a core set of requirements at the device level that address critical security, data protection and privacy needs. Such baseline capabilities will also facilitate richer interactions between devices and the network to ensure that IT professionals have the tools to effectively manage security in the face of rapid proliferation of Internet-connected technologies.
Businesses are also evolving rapidly. Back in the day when industrial enterprises ran self-contained, proprietary systems, “security by obscurity” was standard practice—if you’re not connected to anything, no one can break in. That approach no longer applies in today’s connected IoT environment (if it ever did), so businesses must rely on a policy-based architectural approach and ask CISOs to own security strategy for the entire enterprise.
Start with a few best practices
So, how do we get our head around the IoT security challenges? First, we must realize that if we want to enjoy the full benefits of connected systems there is no silver bullet or foolproof solution ensuring complete IoT security. Nonetheless, everyone can make informed decisions around risk versus cost by applying a few key principles:
Use risk assessments to determine how much risk you can tolerate for each system and business process. Then use policies, analytics, and automation to enable your systems to prioritize, contain, and defeat attacks based on these assessments. Engage top management in this process since enterprise security issues already put their jobs on the line.
Take an architectural approach, break down current functional silos, engage with your CISO to create a unified and policy-based security architecture across the enterprise, and design security into everything, right from the start.
Minimize “Shadow IT.” To avoid compromising enterprise-wide security, work with your IT and security teams to “bring into the fold” all the teams and departments implementing their own tools, devices, and connections.
IoT presents unique security challenges, which demand a comprehensive architectural approach.
Adopt a comprehensive before/during/after approach. Implement strategies before an attack to prevent unauthorized access (from both external and internal players). During an attack, quickly identify the breach and shut it down. Then, after the attack, assess and minimize the damage—and adjust security practices based on lessons learned.
Integrate physical security and digital security. Many IoT security attacks originate inside the organization. Thus, implementing security best practices that include both physical security (including tailgating prevention policies and use of biometrics to control access) and digital security (role-based access, etc.) is essential.
Adopt industry-supported standards. Proprietary approaches will cripple your security efforts down the road and increase their cost.
Automate and monitor IoT security end-to-end. Build in intelligence and predictive analytics. The fast-growing volume of IoT activity will quickly swamp manual efforts, even in small organizations. We suffer from a severe shortage of security experts—especially in IoT—and this challenge will continue. Automation and deployment of smart tools is the answer.
Apply well established best practices such as device and trafficsegmentation and use a multi-tenant network infrastructure to isolate problems. It’s one thing to have a DDoS attack that shuts down employee access to the HR system for a few hours. It’s quite a different thing to have a breach that crashes your production line. So keep interface components separate from critical infrastructure.
Keep your systems up to date. According to recent Verizon study, most security incidents in enterprises take advantage of known vulnerabilities (things we know are broken and we know how to fix them). So, be rigorous about applying patches and keeping your systems up to date.
Finally, educate everyone about security practices and policies. This includes employees, partners, vendors—everyone in your business ecosystem. Remember that your security architecture is as good as its weakest link.
It’s a journey
Like IoT itself, IoT security is never “one and done.” It’s a journey. For most organizations, the logical first step is to leverage 30+ years of experience and best practices that IT security systems give us. You don’t need to reinvent the wheel. Instead, take a comprehensive, strategic, policy-based architectural approach by extending and enhancing current IT security architectures to cover IoT devices, infrastructure, solutions, and use-cases. Then evolve your technologies and security practices as the threats evolve. Implement IoT as an ongoing process like the IoT journey itself. And that begins with making security job one for everyone.
How are you approaching IoT security in your organization?
From iRobot to R2D2 to Star Trek’s Data, the concept of robots and humans working together has always been part of the science-fiction world. Below, Philip the co-bot carries on this tradition as we continue our comic-book vision of the Future of Work.
For years, robots have taken on repetitive, dangerous, or heavy jobs in auto assembly plants and other manufacturing settings—but always fenced off from humans for safety reasons. Now collaborative robots—or co-bots—are working side-by-side with human workers. They may do anything from flipping burgers to moving goods around a warehouse. But one thing is certain: human-robot collaboration is here to stay.
Will there be uncertainties as humans and machines evolve together? Of course. In fact, one reason we’re doing this comic book series is to help us think in a concrete way about potential pitfalls. By envisioning various versions of the future, we can help create the future we want.
How technology can augment human workers is just one of the concepts we’ll be exploring in our living lab on the Future of Work. The Cisco Hyperinnovation Living Labs (CHILL) team, Cisco’s innovation catalyst, is currently looking for visionary companies to join us for two days of rapid innovation to help design the Future of Work. Join the conversation via Twitter @katecokeeffe or in the comments below.
Now let’s rejoin our heroine Gail, as she deals with her own set of uncertainties….
To catch up on the story from the beginning, see part 1 and part 2.
Sources:
The evolving worker:
Skill sets evolve; collaboration and socialization with artificial intelligence and robots are highly valued.
Moving to the cloud is a no brainer. It’s far more cost effective than maintaining internal systems. No wonder companies have been transitioning to cloud platforms, like Microsoft Office 365, over the last few years. It’s great for the bottom line. Companies with fewer than 1,000 users can expect to save up to 24% on average according to Gartner. Plus, employees can be more productive with all the collaboration tools in Office 365. But as more and more companies have made the transition, the Office 365 platform has become an incredibly attractive attack surface.
According to Verizon’s 2017 Data Breach Investigations Report, attackers used email to communicate with their target in 95 percent of breaches. The Cisco 2017 Midyear Cybersecurity Report also found that attackers turn to email as the primary vector for spreading ransomware and other malware. With ransomware and business email compromise on the rise, Office 365 customers should consider adding advanced email security capabilities to protect their cloud mailboxes.
Stop More Threats with Better Threat Intelligence
Threat intelligence is the critical information that informs security solutions. For email security, this includes details like sender reputation, file signatures of known malware, and more. Advanced email security capabilities should leverage robust threat intelligence to detect and block threats before they launch.
Cisco Talos, the largest threat detection network in the world, is the Cisco Email Security foundation. For starters, Talos analyzes 600 billion emails per day. This number is more than what other competitors see in an entire month! Why is this important? Because more data means a broader view of the threat landscape. The 600 billion emails per day is also only a fraction of what Talos sees because it correlates data from the best intelligence feeds available and from all points in the attack kill chain. The breadth and depth of this data means Talos stops more threats before they reach our customers. Talos also shares the latest threat insight via updates to our customers’ email security solutions every three to five minutes.
The Talos Email and Web Traffic Reputation Center (formerly known as SenderBase) is the world’s most comprehensive real-time threat detection network. You can see global spam and email data and a real-time visualization of threats on TalosIntel.com.
Combat More Malware Hidden in Files with Retrospection
Thanks to innovative techniques used by attackers, malware doesn’t always reveal itself during initial inspection. With retrospective security, when a file that was allowed into a network is later revealed to have been malicious, defenders are able to ‘turn back the clock’ and effectively deal with the threat. Advanced email security needs the ability to combat files that contain malware – no matter when they become malicious.
Advanced Malware Protection (AMP) combats ransomware hidden in malicious attachments. It blocks known malware and remediates breaches fast with AMP retrospective security, if malware happens to infiltrate your network. If an unknown file comes in, Threat Grid provides a sandbox, or secure environment, to automatically evaluate the file’s behavior against more than 913 behavioral indicators and for a wider variety of file types than other competitors. AMP on Email Security is part of our AMP everywhere architecture, which shares malware analysis and verdicts globally so that all AMP customers benefit. This leads to improved threat efficacy. But the even better news for Office 365 customers is that AMP can also automatically remediate malware in Office 365 mailboxes. Administrators can forget about the manual process of cleaning up infected mailboxes. This automated response means security teams can get that time back to focus on more strategic projects.
Stop URL-Based Attacks Before They Reach the User
Attacks like phishing, ransomware and business email compromise often target users by including malicious links in emails. Email security solutions must include deep URL inspection to keep users safe.
With Cisco Email Security, administrators have different options to protect against risky links such as dropping the message, rewriting, or replacing the hyperlink with text that reads “This URL is blocked by policy,” as one example. Also, Cisco Email Security has the ability to look more closely into the context of the message to determine if the site is harmful before taking action. And before the recipient receives the message, URLs are checked against the latest threat intelligence, which is updated every three to five minutes. Often times websites may initially appear clean because attackers compromise fresh sites with zero-day malware to evade detection. If the reputation of a site remains unknown, the recipient is protected by the re-written URL. Other email security vendors only have click time analysis, which works only at the time the user clicks on the link to the risky site. With better web security intelligence, Cisco Email Security drops the emails with risky links automatically and before they reach the user’s inbox. Consequently, we stop URL-based threats faster.
Our advanced threat capabilities are the reason why customers are choosing Cisco Email Security to protect their Office 365 email. Office 365 customers can have enterprise-class email security to get the best threat efficacy when they transition. Cisco is committed to email security and this means we will continue innovating so you can reap the full benefits of moving to the cloud and protect your business with effective email security that is simple, open and automated. That makes cloud mailbox services safer to consume.
Have a question or comment? Tweet at @CiscoCSR and be sure to join us September 21, from 10-11am PT, for a #CiscoChat with PPP thought-leaders.
To develop and sustain successful public-private partnerships, companies must ensure long-term sustainability. Clearly defining success metrics, establishing a baseline, and developing a process for continuous monitoring helps PPPs determine what collaborative success looks like.
Monitoring, analyzing, and reporting these metrics and outcomes can help prioritize projects as well as provide continuous learning, improvement, and replication opportunities. It’s also important to consider how the political and partnership landscape may evolve over time and to update the PPP model, transfer ownership, or implement an exit strategy accordingly.
Cisco Networking Academy, a world-leading IT skills and career building program, addresses the growing need for IT talent by equipping students with entry-level IT and 21st-century career skills. Networking Academy is Cisco’s longest-running corporate social responsibility (CSR) program, and this year, we are celebrating 20 years of impact.
We focus on keeping up with rapid technological change, student learning preferences, and employer needs to ensure Networking Academy remains, and will continue to remain, relevant and successful. As such, our program is insights-based and strategically designed to build interest and competency.
Over the past decade, more than 3000 students with disabilities have benefited from Networking Academy courses, delivered in partnership with organizations helping students with vision, hearing, and selected physical disabilities. We are scaling the reach of this program and have a goal to empower 10,000 students with disabilities within five years.
Digital skills can be an equalizer for people with disabilities, who often have poorer health outcomes, lower education achievements, and higher rates of poverty than those without disabilities.
Wilson Nyabera, who is hearing impaired, grew up in Kibera, Africa’s largest slum. Wilson, pictured above, earned his Cisco CCNA certification after taking Networking Academy courses at Deaf Aid in Kenya, and now works as a network engineer for Copy Cat, an office automation and information technology company. With his salary, he is able to invest in his community and his family, paying his mother’s rent and his younger sister’s school fees.
Over the past 20 years, we have seen firsthand how critical PPPs are, as we’ve worked in collaboration to grow Networking Academy into the world’s leading digital skills and career building program. Bringing new digital professionals into the workforce and building an inclusive digital economy is good for society and business, benefitting partners, customers, and developed and developing economies.
But, most importantly, it benefits millions of students around the globe who receive affordable and accessible education.
Blog #3
To learn more, visit www.netacad.com. Has your organization had success in implementing sustainable public-private partnerships? Leave us a comment below, tweet at @CiscoCSR and stay tuned for our final PPP post next week post on leveragingtechnology and innovation.
Ready to visit one of the happiest and friendliest Cisco offices on earth? If you are, here are some tips for when you visit or interview in our office in Costa Rica. I’m Lucero, I’m a Partner Advisor here and I’ll be your blog guide today.
Let me start with some fun facts about Costa Rica:
Our National slogan is “Pura Vida”, it can be translated as pure life and it can be used to say many things like hello, how are you, I’m great and even thank you. We refer to ourselves as ticos and ticas instead of Costa Ricans. And according to the Happy Planet Index we are the happiest country on earth. Who wouldn’t like to visit, right?
Views of Plaza Roble
About the office:
Our office in Costa Rica is located in the capital city of San Jose. The offices are in Plaza Roble a corporate center in the west side of town. We are in Edificio Los Balcones, on the first floor. But don’t be fooled even on the first floor we have some pretty great view of the gardens and the palm trees. The office is divided into two sections, the main guest area and the inside area. If you are interviewing here, you’ll stay in the main area, we have many TP rooms there, event rooms, our lab and our newly inaugurated Spark Board Room. In the inside area you’ll find all the seating spaces, group work rooms and quiet rooms in case you need some quiet space to take important calls.
We work hard and play hard
We are around 140 cisconians in this office, one of the biggest in the region. Cisco is celebrating it’s 20th anniversary in Costa Rica this year. We welcome you to celebrate with us!
We love giving back (and selfies), here we are celebrating a painting job well done.
Coffee Time
Costa Rica is known for its coffee. Our mountains are great for producing premium coffee. We are proud experts on coffee making, there’re even coffee beans in our flag. So trust me when I say you are going to try some of the best coffee there is while you are here.
The office always has some ready in the kitchen, but if you want to try some of the greatest coffee our country has to offer, ask our coffee experts in the GVS (Global Virtual Sales) team, Pablo and Armando. They always have a “secret stash” of premium coffee stored in the office.
It’s lunch time, where should I go?
We don’t have an onsite café, but Plaza Roble is connected to one of the biggest malls in town. And It is great to go for lunchtime, since there are many options of restaurants available for you. From local restaurants to international cuisine. You can try something different every day. Eat in the restaurant or order it to go, we have some cool spots to lunch outside in the garden of Plaza Roble.
Visiting from out of town?
The closest Hotel to the office is the Real Intercontinental just across the street. It’s a really nice hotel with all the amenities you’ll need. It also has some very well known restaurants available. Another option close by is the Sheraton. It’s a smaller hotel, just a two minutes taxi drive away. If you stay here, don’t miss the pool, it has an amazing view of the entire city.
Regarding the weather: Costa Rica is a warm country, winter does not exist here. We have summer weather all year round and have a rainy season that goes from May to October. For this rainy season, be sure to bring closed shoes. Just remember that even if outside is warm, the office can get a little chilly with the AC. As for how to dress, Costa Rica is a formal country when we talk about business so if you have events or an interview dress accordingly.
Even Pikachu loves it here
Have free time, stay the weekend!
Just 1 hour away from San José you can find the beach. So grab your bags and head to paradise, no kidding our country is well known for having some great beach spots. Three hours away from the office you’ll find Manuel Antonio, one of my personal favorites. It’s a national park, protected by the government, since it’s home of many wildlife like sloths, pizotes, raccoons, monkeys and many types of birds. Just be careful, because Manuel Antonio is well known as a place where you can get mugged … by monkeys! They like to take bags to the trees and search them for food.
Some other great places to visit by the beach: Corcovado, Marino Ballena, Playa Conchal, Playa Penca and Papagayo.
If you have time in San Jose, be sure to visit some of our waterfalls or volcanos. There are many options located just one short drive away from where the office is located. So if you come, don’t miss the opportunity to explore the country.
