Keep Your Cisco IOS Software Updated. Here’s Why.

April 4, 2018

Even the best security solutions can become liabilities if not maintained.

Let’s face it; keeping up with the onslaught of security vulnerability warnings can be daunting. In addition to the volume of information, it takes time to certify the patch or image, schedule a maintenance window and roll it out to your production environment and then validate that all the target devices were updated and are still working properly.

It can be tempting to let a software update—or two or three—pass by before updating your network devices. This is a trend we’ve been observing with some of our customers running Cisco IOS (Internetwork Operating System), which is a family of software used on most Cisco routers and current Cisco network switches. Cisco’s research corroborates our findings, too. In the Cisco 2016 Annual Security Report, the Cisco Security research team revealed the results of a one-day scanning and analysis exercise of Cisco devices on the internet and across customer environments. Out of 115,000 tested, 106,000 were found to have known vulnerabilities in the software they were running. In fact, some of the end users in the financial, healthcare and retail verticals were using versions of Cisco software that were more than six years old.

I can tell you from experience that when we receive calls about a malware outbreak or network security breach, outdated security software signatures are almost always involved.

Before you put the next Cisco IOS software update on the backburner, consider a few pointers from Cisco’s Security Vulnerability Policy:

  • Cisco Security Advisories provide detailed information about significant security issues that directly involve Cisco products and require an upgrade, fix or other customer action.
  • Cisco Security Notices document low- and medium-severity security vulnerabilities that directly involve Cisco products but don’t warrant the visibility of a Cisco Security Advisory.

The point to keep in mind here is that you can get away with not acting on every notice, but all Cisco Security Advisories should be heeded. Cisco generally discloses Security Advisories on Wednesdays, and it releases two scheduled Cisco IOS Software bundles each year—on the fourth Wednesday in March and the fourth Wednesday in September—per its Security Vulnerability Policy.

Getting too far behind on Cisco IOS software updates has other downsides, too. For example, if a new Security Advisory is released with a highly critical vulnerability that may impact hundreds of different products, it will be difficult to identity the impacted devices in a timely fashion. Furthermore, software version control is a best practice while deploying consistent software versions on similar network devices. This improves the chance for validation and testing on the chosen software versions and greatly limits the amount of software defects and interoperability issues found in the network. Limited software versions also reduce the risk of unexpected behavior with user interfaces, command or management output, upgrade behavior and feature behavior. This makes the environment less complex and easier to support. Overall, software version control improves network availability and helps lower reactive support costs. In other words, the extra time and effort invested now will pay off down the road.

Adam Davis, CEO, Next Dimension Inc

SMBs Need Enterprise-Grade Wireless Mobility, Too

February 6, 2018

SMBs have many of the same wireless mobility needs as larger enterprises, but they have a number of additional challenges that must be overcome first.

As technology users become more mobile and connected, small to midsize businesses (SMBs) are facing many of the same wireless challenges and opportunities as their enterprise counterparts. Achieving these business goals can affect the workplace in a staggering way, as Cisco’s research shows. For example, 80% of business leaders agree that mobility enables employees to work anytime, anywhere and on any device. Additionally, 71% of business leaders say that mobility allows new revenue opportunities by providing customers with value-added access and services.

However, the positive effects that come with increased mobility and “going digital” are not enjoyed as frequently among SMBs as they are with larger organizations. According to a 2015 study conducted by Techaisle, for instance, the top challenges SMBs experience are:

  1. Total cost of ownership (46%)
  2. Ensuring compliance (44%)
  3. Integration with desktop, IT and communications infrastructure (37%)
  4. Finding a solution (36%)
  5. Finding suitable service providers (33%)

To fill SMBs’ wireless mobility needs, Cisco introduced Mobility Express Solution, which is designed to deliver enterprise class Wi-Fi for SMBs. This solution is different from many enterprise mobility offerings, which require lengthy configurations. Cisco Mobility Express allows users to configure the solution over the air via the Cisco Wireless app in less than 10 minutes’ time.

For SMBs in retail, education and hospitality that need faster mobility, this solution is a good fit. Plus, it allows guests and employees to use the same network without compromising the business’ security and authentication requirements.

Cisco bundles Mobility Express Solution into its 802.11ac Wave 2 access points (APs), which forward data at gigabit speeds and beyond. Each 1850 or 1830 Cisco Aironet AP comes with a virtual controller that allows admins to set up wireless LANs (WLANs) containing up to 25 APs and supporting up to 500 client devices in a matter of minutes.

The main benefit of a software-based WLAN controller is that it allows admins to configure, update and manage the AP infrastructure without having to configure and manage each AP individually. More than just lowering setup times, users gain access to other enterprise-grade features, such as location-based services.

In addition to the Mobility Express Solution, Cisco’s Connected Mobile Experiences (CMX) is a complementary platform built on the Cisco Unified Access Infrastructure. CMX uses Wi-Fi to connect, detect and engage users. Retailers, for example, can use this context-aware solution to deliver personalized mobile services to their customers. Based on a user’s location, CMX can deliver informational updates, indoor maps, sales promotions or evacuation instructions. Additionally, location data can be analyzed to provide retailers with insights into the shopping habits of new and repeat customers.

Adam Davis, CEO, Next Dimension Inc

Why You Should Start Thinking About IoT Security Now

January 15, 2018

When it comes to protecting the Internet of Things (IoT), an extensive, embedded security plan is a necessity.

According to Gartner, 25 billion connected “things” will be in use by 2020. When you think of products like connected security systems, thermostats, cars, electronic appliances and alarm clocks, it becomes clear that IoT is becoming an integral part of everyday life. Advances in disruptive technologies like the cloud and security, combined with the rise of social media and increased mobility are enabling a new frontier of opportunities for these products to become more interconnected with people, processes, data and technology.

IoT’s impact on digital business will be undeniable, too. “It will introduce new business models, causing industries to be ‘digitally remastered’ and changing the way that businesses put great minds to work,” says Diane Morello, managing vice president at Gartner.

With multiple business applications like medical prescribing, banking, energy, retail, insurance and a multitude of other facets moving toward full digitization in the next few years, it raises the question of how to address concepts such as endpoint security. The typical method of security includes layering many different point security tools on top of one another. The problem with this is that the differing solutions often do not collaborate well together, or they leave security gaps that can easily be exploited.

The IoT security problem affects everyone. As each and every person’s data, devices and technologies become more intertwined and interconnected with everyone else’s, it becomes necessary to have some sort of embedded security plan in place.

To meet IoT’s specific security needs, a flexible security framework with four main components exists:

Authentication: This level focuses on verifying the identity of information of an IoT entry. When a connected IoT device needs to access an IoT infrastructure, the trust relationship is initiated based on the device’s identity.

Authorization: The second layer focuses on authorization that controls a device’s access throughout the network fabric. This layer builds upon the core authentication layer by leveraging the identity information of an entity. With authentication and authorization components, a trust relationship is established between IoT devices to exchange appropriate information.

Network Enforced Policy: This layer encompasses all elements that route and transport endpoint traffic securely over the infrastructure.

Secure Analytics: This layer defines the services by which all elements (i.e., endpoints and network infrastructure, inclusive of data centers) may participate to provide telemetry for the purpose of gaining visibility and eventually controlling the IoT ecosystem.

IoT has a diverse set of security needs that must be met to ensure users are protected. One example of a company that’s designing security solutions to meet the IoT security needs described above is Cisco. Cisco’s Security Everywhere strategy embeds multiple security technologies into the network infrastructure to provide broad threat visibility while minimizing the time needed to contain threats. Cisco Security Everywhere also allows users to maximize their existing and future investments by turning the Cisco network into a security sensor and security policy enforcer—facilitating enhanced visibility, context and control over any user or device that connects to the corporate network.

Adam Davis, CEO, Next Dimension Inc

Why Old Networking Devices Can’t Handle Today’s Security Threats

January 5, 2018

Decade-old network devices lack security-centric capabilities such as image signing, secure boot and hardware trust anchors, which are must-haves to protect against today’s sophisticated security threats.

When it comes to IT buying decisions, the old adage ‘If it’s not broken, don’t fix it,’ is a good rule to follow most of the time—except when it comes to network security decisions. Keeping your network infrastructure updates on the back burner too long could ultimately lead to your business’s demise.

If you fall into the category of saving these important updates for last, you aren’t alone. Cisco Security Research conducted a study of 115,000 Cisco devices on the internet and across customer environments and found that approximately 106,000 devices (92%) had an average of 26 known vulnerabilities in the software they were running.

Device users in finance, healthcare and retail verticals, for example, were using networking software that was more than six years old. Even worse, most of the infrastructures in the study had reached their final day of support, no longer able to be updated.

If you haven’t experienced any major issues with your decade-old networking devices, you probably think that they’re doing their job and working successfully. With constant evolvement in technology, however, aging network devices rarely have the protections necessary to withstand current cyberattacks. Two examples of newer security-centric capabilities include:

  1. Image signing. Cryptographically signed images help ensure that BIOS, firmware and other software updates are authentic. As the system boots, this signature is checked by an anchor of trust, ensuring the integrity of the system’s software. From the aspects of preventing man-in-the-middle replacements of software and firmware and providing layered protections against the persistence of illicitly modified firmware, this is an exceptionally important tool.
  2. Secure boot and hardware trust anchors. Secure boot advances image signing by providing increased assurance about the integrity of the hardware and software that are performing image checks and other critical system functions through a combination of immutable, hardware-based anchors of trust. It also ensures that a system’s foundational state and software can’t be modified, regardless of a user’s privilege level.

To protect your business from the latest cyberthreats, it’s important to incorporate modern security defenses as a top priority. For additional security tips and best practices, check out “Cisco’s Guide to Hardening Cisco IOS Devices.” The document, created by Cisco engineers, covers topics such as software patching, credential management, physical security for all network devices, and robust architectural defenses, such as  telemetry-based infrastructure device integrity monitoring.

Adam Davis, CEO, Next Dimension Inc


November 2, 2017

Hyperconvergence: The Smart Way to Handle Mission-Critical Workloads

Hyperconverged infrastructure minimizes data center complexity, resulting in cost savings, simplified management and scalability.

With demands for data center capacity and energy costs growing, it became necessary to find a way to increase computing capacity without increasing data center floor space (IT sprawl), cooling and power requirements. The solution? Hyperconverged infrastructure (HCI).

Data centers have traditionally been constructed with a silo approach, reserving specific sets of resources for individual functions or business applications. About five years ago, the industry began leveraging HCI, a data center strategy that eliminates silos and allows applications to share servers, storage space and networking, using software to optimize storage and compute resources.

HCI is an intelligent solution to the problem of ever-growing, ever-complicated data centers, and it provides additional benefits, such as:

  • Cost savings. The initial investment for HCI is less expensive than traditional networking systems—you purchase one solution versus separate servers, storage and computing resources. Additionally, HCI environments are more efficient, saving power and cooling costs.
  • Low maintenance. HCI minimizes storage capacity management complexity through a single dashboard that shows CPU, memory and storage utilization rates. This is an especially appealing feature to companies with limited in-house IT resources.
  • Scalability. HCI makes it easy to expand capacity or storage. You can invest in the capacity you need today and easily add modules to scale when new business applications are deployed or your company grows. Furthermore, hyperconvergence works at the storage controller software layer to ensure the more appliances that are added, the greater performance and capacity. Next-generation HCI products, such as Cisco HyperFlex, also enable companies to add branch locations and centrally manage their hyperconverged environments.
  • Data protection. Hyperconverged environments are designed to facilitate business continuity and data backups. HCI protects data with an efficient use of resources, and because data is managed from a central console, IT can respond to problems more quickly.
  • Agility. In an HCI environment, data is distributed across all servers and virtual disk drives. It can use available resources to handle spikes in demand, and because the system is managed through a single pane of glass, it’s easy to migrate workloads. This ensures consistent performance throughout your system.
  • User experience. HCI enables the creation of software products and services and the ability to deploy them quickly through the enterprise, giving you the ability to provide tools that can boost employee productivity and customer satisfaction.

Additional Benefits of a an HCI Strategy

One of the primary benefits of HCI is that it allows companies to standardize their infrastructures with one vendor. This eliminates finger-pointing such as one hardware vendor blaming a second hardware vendor or the operating system vendor if something doesn’t work, which can eat up hours of time trying to get to the real culprit.

With HCI, it’s still possible there could be questions about operating systems or business applications, but software vendors will certify their applications to hypervisors, so finger-pointing should be minimized.

To further mitigate HCI problems, it’s imperative to work with a qualified solutions provider that can help with the product selection process, provide implementation and support and recommend affordable options for adding modules when your business needs to scale.

Your company’s data storage needs and demands on your IT infrastructure will only continue to grow. Consider HCI as a solution to manage your infrastructure today—it will also provide a way to scale to meet increasing demands in the future.

Adam Davis, CEO, Next Dimension Inc