Story image

Express Data & Cisco - Mobility in today’s world

09 Apr 15

Mobility today allows access to any resource from any device from any location. The resources can be public cloud, private cloud and data centre. They can even be shared resources from end user devices.

A good example of this is Cisco collaboration combining voice, video, and user applications for distance based, highly interactive meetings. This is designed to increase the level of decision making and significantly reduce the time taken in making critical decisions.

What does this allow companies to do? Make important business changes quickly, efficiently and with companywide buy-in from all critical parties regardless of geographical location. For companies today, making the right decisions faster is simply about being more profitable.

What does this mean for their network? Company resources, applications and data, are no longer within the traditional confines of a data centre or office-based locked down user devices. The security exposure to companies has dramatically increased.

A new approach to security has to be adopted. It is no longer a case of blocking attackers coming through your Next Generation Firewall and installing some antivirus software on your end user devices. Today it is not a matter of ‘if’ your company will be compromised, but ‘when’ this will happen. The focus is now on ‘how do I detect an attack already within my network and how do I deal with it’. The firewall is still a major aspect of a security strategy, but is only part of the story.

The network platform itself has to be part of the security fabric. Ideally, a centralised security management system should leverage the network for information about network traffic as well as dynamically changing the network to isolate and contain security breaches. An example of this is Cisco’s Identity Services Engine (ISE). This is part of a complete security system approach.

A recent study showed that 54% of breaches remain undiscovered for months and that 60% of data is stolen within hours of a breach.

A security platform today needs to be able to understand what is happening on your network. It needs to be able to tell you who and what is on your network, who is talking to whom, and what are they talking about. It needs to understand the threats and their relevance to your business (threat centric). It needs to focus across the whole threat cycle; before, during, and after.

This is why Cisco recently purchased Sourcefire. Cisco Sourcefire (FirePOWER services) combined with ASA firewalls is the first step in implementing an integrated threat defence system. As well as the standard Next Generation Firewall features, FirePOWER services offers Malware File Trajectory, correlated SIEM eventing (Security Information and Event Management), File Analysis and many more features.

What does this mean? Looking at the biggest security threat today, Malware, it provides a graphical and textual representation of the attack trajectory (Malware File Trajectory). This provides information on what type of attack it is, where the attack started (ground zero), the point and method of entry, the scope of the attack, the file type, and the trajectory of where the attack has gone in the network.

With correlated SIEM it also provides information on the severity of the attack in relation to your business, how hostility was determined, the OS of the end point and its vulnerability to this attack (application vulnerability), whether the host has been compromised by this or other attacks, and what operating systems are in your network and their general disposition (do they have all the latest patches, updates, etc.). As well as all of this, if the disposition of an attack changes (the MalWare file may be dormant for a period of time and then change at a later time whilst still in your network or may change from one type of attack to another), FirePOWER services can also retrospectively go back and identify the scope of the breakout. This information allows the attack to be contained and remediated quickly and efficiently.

Prioritising attacks is essential. Many security offerings today provide huge amounts of information on attacks against a network but, because there is so much information, the critical attacks can be missed. Attacks need to be correlated correctly (correlated SIEM) and then highlighted based of business importance. Cisco provides graphical and textual information highlighting this and therefore allowing businesses to easily identify and concentrate on the most critical attacks first

“Express Data works very closely with our resellers to assist them with mobility opportunities across a number of technologies. Providing virtual wireless access point deployment layouts, engaging with reseller’s end users to assist with planning and demonstrations and provide assistance in project management and configuration services. Express Data provides quarterly regional technology updates to their partners, currently Express Data and Cisco will be hosting an ASA Firepower training sessions in early May in Auckland, Wellington, and Christchurch.”

The key to financial institutions’ path to digital dominance
By 2020, about 1.7 megabytes a second of new information will be created for every human being on the planet.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
Record revenues from servers selling like hot cakes
The relentless demand for data has resulted in another robust quarter for the global server market with impressive growth.
Opinion: Critical data centre operations is just like F1
Schneider's David Gentry believes critical data centre operations share many parallels to a formula 1 race car team.
MulteFire announces industrial IoT network specification
The specification aims to deliver robust wireless network capabilities for Industrial IoT and enterprises.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Schneider Electric's bets for the 2019 data centre industry
From IT and telco merging to the renaissance of liquid cooling, here are the company's top predictions for the year ahead.