On March 2 at Mobile World Congress, Robert Franks, Managing Director, Digital Commerce at Telefónica UK and Cisco’s Kelly Ahuja, SVP, Service Provider Business, Products & Solutions, had a standing-room only crowd as part of the “Personalizing the Consumer Experience” keynote.

During their session, they emphasized how they could understand the consumer as a digital stream of information, not simply isolated pieces of information.  That stream of information, combined with in-person location details, can help both service providers and enterprises improve the experience for their consumer customers.  Both Kelly and Robert recognized that the data has always been available, but it wasn’t easily accessible.  Now Telefónica and Cisco are working together to find ways to use that information to provide a better experience for consumers.

Kelly summarized it well by stating that “personalization is going to be the key to determine the consumer experience.”  Audience members agreed with what was said in real-time tweets.

Both Robert and Kelly discussed Read More »

Tags: mobile world congress, mwc, privacy, security, Service Provider, wi-fi, wireless

2014 was a terrible year for corporate data breaches. If there is to be any silver lining, information security professionals must draw lessons from the carnage. A good place to start is to identify common denominators.

Several of the most damaging incidents started with phishing emails into office (or contractor) networks. Social engineering has gotten so sophisticated and targeted, we can hardly blame the employees (sometimes high-level executives) for clicking on legitimate-looking links. Once an attacker establishes his credentials as the compromised employee, he potentially can gain access to whatever that employee uses. One attacker got in through a corporate software development network that was not sufficiently segregated from other critical networks. In other cases, disgruntled employees with access to valuable customer data were involved.

Clearly, employee access controls are critical. If we can improve these systems, we will go a long way toward securing our networks. This is not as easy as it sounds, however. When information security teams restrict access or revoke privileges, they get pushback. They become obstructionists, bad cops, bureaucrats. To be fair, we really do run the risk of strangling teamwork, erecting stovepipes, and throttling collaboration. How do we construct robust user access controls without being the bad guys?

Read More »

Tags: access control, data breaches, phishing, security, social engineering

The portals that your employees and guests use for enterprise mobility and guest access are a reflection of your company brand and putting your best foot forward means customizing them for a better user experience. The challenge is that customization often requires someone with knowledge of HTML, Java, CSS, and even jQuery skills – in addition to having design skills to properly feature content.

While Cisco offers brand new, out-of-the-box customization with Cisco Identity Services Engine (ISE) 1.3, we wanted to give customers the ability to do much more – so we’ve introduced a new, web-based tool called the ISE Portal Builder that we demo’d at Cisco Live! in Milan, Italy. The show attendees who came by our booth and attended private showings were really amazed by the capabilities offered and they recognized that the ISE Portal Builder enabled almost anyone to build a beautiful guest, BYOD, profile, sponsor, or MDM portal in minutes at no additional cost.

While we already improved the ISE 1.3 ability to quickly model workflows and do basic customization, utilizing the ISE Portal Builder designers can choose from a suite of templates, or create their own using a drag-and-drop page creator. In addition, we’ve made it easy to import, layout, and manage images and other displayed files. You can add advertisements and banners in different places, and even add them into a rotating carousel. You can select up to 17 languages and even create a custom portal for each!

To access the tool go to http://isepb.cisco.com and register using your CCO ID.

Tags: cisco live, Cisco Live Europe, Cisco Live Milan, security

Registration is now open for the upcoming FIRST Technical Colloquium May 4-6, 2015 at Cisco Systems in Amsterdam, Netherlands. Please contact us at amsterdam-tc@first.org for any questions. The event already has an exciting preliminary program covering:

• Attacks Against Cloud Server Honeypots
• Emerging Threats – The State of Cyber Security
• Cisco IOS and IOS-XE Integrity Assurance
• CIIP and NIS Directives and Their Implication for CERTs – Recent German Activities
• APT Attack & Mobile Threats – MyCERT Case Studies
• Challenges in Applied Threat Intelligence
• SSHCure: Flow-Based Compromise Detection Using NetFlow/IPFIX
• Next Level Red Team vs. Blue Team

As well as many more current issues facing the incident response community! Learn how organizations operationalize intelligence to mitigate and detect advanced threats, and listen to war stories from front line incident responders and managers.

The event’s line-up includes notables from KPMG, IBM, CERT, Cisco, MyCERT, Alertlogic, and many others. Looking forward to a great TC in Amsterdam!

https://www.first.org/events/colloquia/amsterdam2015

Jeff Bollinger and Matt Valites

Tags: FIRST, security

If you were to ask any security administrator who had to manage the security policies across an organization, they would probably define the “5-Tuple” as a “hard to understand, cryptic method leftover from the 1990s’ policy management for implementing access control and segmentation capabilities in networks.

Despite its complexity, 5-Tuple has been a mainstay in performing access control and segmentation for decades. However, Cisco has provided an alternate deployment approach to the pains of the “5-Tuple” approach to managing security policies across the organization by delivering Cisco TrustSec across our product portfolio so that Security Teams could consolidate their security policies, scale segmentation, and create a security fabric that spans across the entire organization. Read More »

Tags: data center security, secure data center, security