Lippis Report 188: Cisco Deepens the Visibility and Control Attributes of the SecureX Framework to Deliver Context-Aware Mitigation

March 20th, 2012

SecureX is the network security framework that Cisco launched last year. The company has now deepened SecureX to bolster its ability to provide SecOps greater visibility of applications and network traffic, and control of network security resources to mitigate exploits faster and more effectively by providing context- aware security information brought on by Bring Your Own Device or BYOD plus cloud computing applications and services. Cisco achieves this through its new ASA-CX Context-Aware Security capabilities, expanded support for Security Group Tagging or SGT within TrustSec enabled devices, and the addition of device profiling functionality in the IOS of its routers, switches and wireless access points. All of this security technology works with its Identity Services Engine or ISE—Cisco’s identity and access control policy platform.

Read the rest of this entry »

Building an Intelligent Mobile Edge Network

Listen to the Podcast

March 19th, 2012

The edge network has to be more intelligent to support Bring Your Own Device or BYOD as well as existing wired desktops. But many SecOps groups would rather deny mobile access than allow it due to security threats, thanks to lack of visibility or device, user and location information mobile devices offer upon network access. To mitigate this concern, Extreme Networks launched its Intelligent Mobile Edge Network initiative including Ridgeline 3.1 to provide SecOps context-aware identity information and application visibility for mobile and fixed endpoints entering the network. In addition a new line of edge switches called the Summit x440 works closely with WiFi equipment to increase 802.11n performance and scalability. Huy Nguyen, Sr. Director of Product management at Extreme, joins me as we discuss the fundamental changes in edge networking thanks to BYOD and Extreme’s approach to securing mobile devices so corporations can gain the productivity gains of user device freedom.

Which Network Services Need To Be Available In Modern Networks?

Listen to the Podcast

January 16th, 2012

Modern corporate networks are under increasing pressure to support a wider variety of applications thanks to mobile and cloud computing, desktop virtualization plus video traffic having skyrocketed. Not only are bandwidth rates increasing from 1 to 10 to 40 GbE, but most importantly network services are needed to manage and support a different application portfolio mix and network access methods. Network services such as firewalls, WLANs, network diagnostics and monitoring plus application performance acceleration are needed to deliver a consistently excellent user experience. Cisco recently announced an upgrade to its popular Catalyst 6k with the availability of the Supervisor 2T that included re-vamped high performance service modules to deliver these network services. Goyal, product line manager at Cisco Systems joins me to discuss which network services need to be available in modern networks.

Download “A Comprehensive Testing of Cisco Systems Catalyst 6500 Sup2T” report here.

Lippis Report 176: PCI 2.0: Maintaining Compliance in a Mobile, Cloud and Virtualized IT World

July 25th, 2011

It seems like every week or so there is news of a massive cyber attack where criminals get away with stealing credit card and other personal data on the order of tens of millions of individual records. Sony, Bank of America, Epsilon, Nintendo, the International Monetary Fund, the US Senate and CIA are but a few of the targets for high-profile cyber attacks that took place in 2011. According to a recent study by the Ponemon Institute, “cyber attacks have recently become more harsh and recurrent. At least 90% of the IT practitioners surveyed claimed that they had experienced one or more cyber breaches within the last year, and 89% of these respondents could not identify the source of these breaches.”

Read the rest of this entry »

Securing the Data-Center Transformation Aligning Security and Data-Center Dynamics

Get the White Paper

May 24th, 2011

By Ted Ritter Senior Research Analyst, Nemertes Research

The data center is undergoing tectonic shifts with virtualization the primary cause. Everything is moving faster within the data center—moving at the speed of virtualization—putting centers into a state of transition from physical to virtual, which can be long, complex and messy. At the same time, security models remain largely static, anchored by physical security devices. Not only does this put the organization at greater risk, it also puts in jeopardy the core benefits of virtualization. To address this, organizations need a security architecture delivering agile security and supporting the physical infrastructure, the virtual infrastructure, and all the transitional states in between the two. This requires a new security model seamlessly integrating existing security controls for physical infrastructure with comparable security controls for the virtual infrastructure. This new model requires virtualization security.

Lippis Report 168: Cisco Pulls All the Pieces of Its Network Security Program into One Architecture: SecureX

March 15th, 2011

nicklippis.jpgCisco recently launched its SecureX architecture that extends perimeter-based network security to secure modern IT, recognizing the huge growth in mobile and cloud computing. SecureX is a multi-layer architecture built upon Cisco’s AnyConnect client, its global footprint in real-time threat intelligence found in SIO (Security Intelligence Operation), Cisco TrustSec, including policy servers of NAC manager and server appliances, ASA firewall and the security enforcement features of its switches and routers. SecureX is an architecture to Cisco’s network security products and service to work together in an effort to create deeper defenses and contain exploit infestation if, and when, they occur. Fundamental to SecureX is the concept of “context aware” policy across the enterprise, including remote endpoint devices, centralized policy creation with distributed security device and network enforcement. SecureX provides for innovation injection points through APIs (Application Programming Interfaces) for management and SIEM or Security Information and Event Management. In this Lippis Report Research Note, we explore SecureX with a focus on how context increases defenses and keeps IT assets safer.

Read the rest of this entry »

The Future of Network Security: Cisco’s SecureX Architecture

Get the White Paper

March 15th, 2011

By Cisco Systems

There are three major trends sweeping through the enterprise: the rapid rise of the consumerized endpoint, the onset of virtualization and cloud computing, and the growing use of high-definition video conferencing. Each of these critical technologies is transforming business—and forcing a fundamental shift in how security is developed and deployed. In this white paper, Cisco describes its SecureX architecture and how it has evolved IT security so that IT leaders can enjoy the benefits of these IT trends securely.

Lippis Report 165: Network Security in a Virtualized World

January 31st, 2011

nicklippis.jpgThere are powerful market forces changing IT delivery. IT application delivery is becoming increasingly centralized thanks to data center server virtualization plus mobile and cloud computing. Desktops are being virtualized, too, thanks to network speeds that deliver low latency and high bandwidth, creating a thin client user experience that is indistinguishable from a thick client but at lower desktop management cost. One serious implication of this concentration of IT in data centers is that a new IT security model is needed as mobility brings greater threat exposure while virtualization changes traffic patterns and the rules of security appliance placement. In this Lippis Report Research Note, we present a new model for IT security in the virtualized mobile and cloud-computing era.

Read the rest of this entry »

Lippis Report 163: A Multi-Vendor Security Management Approach via a Cisco SIEM Ecosystem

December 13th, 2010

nicklippis.jpgIn an effort to offer a multi-vendor SIEM (Security Information and Event Management) solution, Cisco is placing its SIEM product, CS-MARS, in end-of-life and in its place, offering the industry its first SIEM ecosystem. Cisco acquired MARS six years ago in December 2004. MARS provided traditional event management and security monitoring along with limited forensic capabilities and compliance reporting. But the market demanded a broader cross-vendor SIEM solution rather than a SIEM focused primarily on Cisco products. In response Cisco has launched a SIEM ecosystem to support deep event monitoring, forensics and compliance reporting across a heterogeneous enterprise network. IT has also expanded the role of its Cisco Security Manager or CSM to support policy management and troubleshooting across a wider range of Cisco products. In this Lippis Report Research Note, we examine the new distribution of security responsibilities that now stretch across Cisco CSM and its new SIEM ecosystem with an eye toward stronger defense of IT assets.

Read the rest of this entry »

Cisco 3Q10 Global Threat Report

Get the White Paper

December 13th, 2010

By Cisco Systems

Key Highlights

• 79% of clicks on “Here You Have” email occurred within the first three hours of the worm’s spread.
• During 3Q10, 7% of all Web malware encounters resulted from Google referrers, followed by Yahoo at 2%, Bing/MSN at 1% and Sina at 0.1%.
• Exploits targeted Sun Java increased from 5% of all Web malware encounters in July 2010 to 7% in September 2010.
• The Rustock Botnet was the highest occurring ROS event in 3Q10, at 21% of events handled during the report period.
• Peak Rustock activity occurred in late August 2010, declining in September 2010.

Download the report here

Splunk Security Information and Event Management (SIEM) Deployment Guide

Get the White Paper

December 13th, 2010

By Cisco Systems and Splunk

This document is for the reader who:

-Has read the Cisco Security Information and Event Management and Borderless Networks Enterprise Deployment Guide
-Wants to connect Borderless Networks to a Splunk SIEM solution
-Wants to gain a general understanding of the Splunk SIEM solution
-Has a level of understanding equivalent to a CCNA® certification
-Wants to solve compliance and regulatory reporting problems
-Wants to enhance network security and operations
-Wants to improve IT operational efficiency
-Wants the assurance of a validated solution

RSA Security Information and Event Management (SIEM) Deployment Guide

Get the White Paper

December 13th, 2010

By Cisco Systems and RSA

This document is for the reader who:

-Has read the Cisco Security Information and Event Management and Borderless Networks Enterprise Deployment Guide
-Wants to connect Borderless Networks to a RSA SIEM solution
-Wants to gain a general understanding of the RSA SIEM solution
-Has a level of understanding equivalent to a CCNA® certification
-Wants to solve compliance and regulatory reporting problems
-Wants to enhance network security and operations
-Wants to improve IT operational efficiency
-Wants the assurance of a validated solution

nFX Cinxi One Security Information and Event Management Deployment Guide

Get the White Paper

December 13th, 2010

By Cisco Systems and nFX Cinxi One

This document is for the reader who:

-Has read the Cisco Security Information and Event Management and Borderless Networks Enterprise Deployment -Guide
-Wants to connect Borderless Networks to a nFX Cinxi One SIEM solution
-Wants to gain a general understanding of the nFX Cinxi One SIEM solution
-Has a level of understanding equivalent to a CCNA® certification
-Wants to solve compliance and regulatory reporting problems
-Wants to enhance network security and operations
-Wants to improve IT operational efficiency
-Wants the assurance of a validated solution

LogLogic Security Information and Event Management (SIEM) Deployment Guide

Get the White Paper

December 13th, 2010

By Cisco Systems and LogLogic

This document is for the reader who:

-Has read the Cisco Security Information and Event Management and Borderless Networks Enterprise Deployment Guide
-Wants to connect Borderless Networks to a LogLogic SIEM solution
-Wants to gain a general understanding of the LogLogic SIEM solution
-Has a level of understanding equivalent to a CCNA® certification
-Wants to solve compliance and regulatory reporting problems
-Wants to enhance network security and operations
-Wants to improve IT operational efficiency
-Wants the assurance of a validated solution