Monday, June 8, 2015

Cisco Targets "Security Everywhere," Intros Firepower 9300

Cisco is rolling out a "Security Everywhere" initiative aimed at embedding security throughout the extended network – from the data center out to endpoints, branch offices, and the cloud. The goal is pervasive threat visibility and control for enterprises and service provider networks. To get there, Cisco is adding more sensors to increase visibility; more control points to strengthen enforcement; and pervasive, advanced threat protection to reduce time-to-detection and time-to-response, limiting the impact of attacks.

Cisco is launching the following set of solutions across the entire networking portfolio:

Endpoints: With Cisco AnyConnect Featuring Cisco AMP for Endpoints, customers using the Cisco AnyConnect 4.1 VPN client now can easily deploy and significantly expand their threat
protection to VPN-enabled endpoints to continuously and retrospectively guard against advanced malware.

Campus and Branch: FirePOWER Services solutions for Cisco Integrated Services Rou
ters (ISR) provides centrally managed Next-Generation Intrusion Prevention System (NGIPS) and
Advanced Malware Protection (AMP) at the branch office integrated in the network fabric, where dedicated security appliances may not be feasible.

Network as a Sensor and Enforcer: Cisco has embedded multiple security technologies into the network infrastructure to provide broad threat visibility to rapidly identify users and
devices associated with anomalies, threats and misuse of networks and applications. New capabilities include:

o Broader Integration between Identity Services Engine (ISE) and Lancope StealthWatch: Enterprises can go beyond just mapping IP addresses to identifying threat vectors based
on ISE’s context of who, what, where, when and how users and devices are connected and access network resources. This provides greater contextual threat visibility with
StealthWatch for accelerated identification of threats.

o NetFlow on Cisco UCS: Extending Cisco’s network-as-a-sensor capabilities to the physical and virtual servers, customers now have greater visibility into network traffic
flow patterns and threat intelligence information in the data center.

Using the new embedded security capabilities, Cisco networks now have the ability to automate and dynamically enforce security policies. Customers can segment applications and
users throughout the network – across the extended enterprise to use policy to define which users can get which applications and what traffic can traverse the network then automate
security operations.

o TrustSec + ISE and StealthWatch Integration: StealthWatch can now block suspicious network devices by initiating segmentation changes, providing rapid response to identified
malicious activity. ISE can then modify access policies for Cisco routers, switches, and wireless LAN controllers embedded with TrustSec technology.

Hosted Identity Services provide a secure, 24/7, cloud-delivered service for the Cisco Identity Services Engine, a security policy management platform that unifies and automates secure
network access control. The new hosted service speeds time to deployment, supporting business growth and providing role-based, context-aware identity enforcement of users and devices permitted on the network, streamlining enterprise mobility experiences.

pxGrid Ecosystem: Eleven new partners have joined the pxGrid Ecosystem with the addition of several new ecosystem technology categories, including cloud security and network/application performance management. pxGrid is Cisco’s security context information exchange fabric that enables security platforms to share information to drive better threat detection, mitigation and overall security operations.

Cisco is also expanding advanced threat-centric protection for its Evolved Programmable Network (EPN), which is its open network architecture designed to advance the adoption of Software Defined Networking (SDN) and Network Functions Virtualization (NFV). Cisco’s new service provider security solutions include the following:

Cisco Firepower 9300 Integrated Security Platform is a carrier-grade, high-performance, scalable and modular multi-services security platform purpose-built for service providers, that
can scale security for increased data flows due to accelerated service demands and carrier class requirements.

Expanded Advanced Orchestration and Cloud Capabilities enable Cisco’s new security solutions to integrate with the Cisco architecture and third-party SDN/NFV solutions, as
well as Cisco’s Adaptive Security Appliance Virtual (ASAv) with Cisco’s Network Service Orchestrator (NSO) and Application-Centric Infrastructure (ACI). These orchestration and cloud capabilities also include open APIs for integration with orchestration, Operation Support Systems/Business Support Systems, and Cloud Security-as-a-Service solutions.

• Advanced features such as secure containers to accommodate future security services and applications. Additionally, Cisco ASA firewall and third-party DDoS mitigation from Radware
are currently supported, with additional capabilities planned for the second half of 2015.

http://www.cisco.com

Gigamon and JDSU Develop Software-Defined Traffic Visibility

JDSU is developing closed loop integration plugins that support Gigamon’s Software Defined Visibility, a framework that allows customers, security and network equipment vendors, as well as managed service providers, to control and program Gigamon’s Visibility Fabric via REST-based APIs.

There are several use cases in which JDSU plans to utilize Software Defined Visibility:


  • Session-based Filtering – JDSU will take advantage of Gigamon’s Adaptive Packet Filtering capabilities to dynamically drop unwanted ‘streaming’ traffic such as Netflix or YouTube, thereby reducing the demand on monitoring appliance storage capacity.
  • IPv4 and IPv6 Traffic Filtering – As more networks begin deployment of IPv6 along with legacy IPv4 infrastructure, JDSU expects customers will need to selectively filter v4 and v6 traffic. Leveraging the intelligent filtering of the Gigamon Visibility Fabric, network administrators can rest assured knowing that they have comprehensive visibility and a future-proof path to simplify IPv6 adoption without creating new blind spots.
  • Reduce ‘Mean Time To Resolution’ – To assist with faster diagnosis of traffic anomalies, the ability to enhance captured packets that are subsequently stored on JDSU’s GigaStor appliances will improve diagnosis accuracy and focus. Through the addition of Gigamon’s “Flow Mapping” meta-data and “network neighbor” discovery information, Network Operators will be able to evaluate network incidents more effectively and isolate issues to specific segments of the network infrastructure.

“We are excited to be working with Gigamon to integrate with APIs that support Software Defined Visibility,” said Charles Thompson, senior director, Product Line Management for JDSU. “With this integration, we envision a multitude of possibilities where our customers can automate traffic visibility, so that they can focus their resources on other mission-critical activities.”

“Having partners like JDSU on board and adopting our recently released APIs accelerates our Software Defined Visibility market momentum,” said Ananda Rajagopal, VP of Product Line Management at Gigamon. “Not only is JDSU at the forefront of adoption, they are validating the market need for pervasive and active visibility. Their API-based development demonstrates the true power and flexibility that a programmatic framework can provide to quickly and automatically react to changes in network conditions.”

Gigamon's GigaVUE-FM 3.0 Fabric Manager offers a single pane-of-glass view of both physical and virtual nodes across the Visibility Fabric, while providing a wizard-based approach for configuring Flow Mapping and GigaSMART traffic policies. A single instance of GigaVUE-FM can manage hundreds of visibility nodes across multiple locations delivering more than a quarter of a million physical and virtual ports. Flow Mapping is a patented technology at the heart of Gigamon’s GigaVUE Visibility Fabric nodes that takes line-rate traffic at 1Gb, 10Gb, 40Gb or 100Gb from a network TAP or a SPAN/mirror port (physical or virtual) and then optimizes flows based on individual traffic profiles of the tools and applications that secure, monitor, and analyze the network infrastructure.

http://www.gigamon.com

Alibaba's Aliyun Announces Cloud Marketplace Alliance Program

Alibaba's Aliyun cloud computing arm, is launching a global Marketplace Alliance Program (MAP) to boost public cloud services worldwide. The MAP program will provide enterprises worldwide with access to Alibaba cloud computing’s public cloud solutions. Essentially, the program enables Aliyun to localize its cloud computing offerings by partnering with other leading players.

Aliyun has data centers in Beijing, Hangzhou, Qingdao, Hong Kong, Shenzhen, Silicon Valley, and Dubai (under construction). As of June 30, 2014, Aliyun served more than 1.4 million customers directly and indirectly through independent service providers.

The initial Aliyun’s MAP partners include Intel, Singtel, Dubai holding company Meraas Holdings, Equinix, Hong Kong's PCCW, French website hosting and cloud services provider LINKBYNET, and Hong Kong public utility Towngas.

“The new Aliyun program is designed to bring our customers the best cloud computing solutions by partnering with some of the most respected technology brands in the world. We will continue to bring more partners online to grow our cloud computing ecosystem,” said Sicheng (Ethan) YU, vice president, Aliyun.

Commenting on the scheme, Raejeanne Skillern, general manager of Cloud Service Provider Business at Intel Corporation said, "For years Intel and Alibaba have collaborated on optimizing hardware and software technology across the data center for Alibaba's unique workloads. As a partner in Aliyun's Marketplace Alliance Program, Intel looks forward to continuing our collaboration to promoting joint technology solutions that are based on Intel Architecture specifically tailored to the rapidly growing market of international public cloud consumers."

“As one of the first global partners of Aliyun, Singtel will offer our customers even more choices in cloud infrastructure platforms in China and around the world,” said Lim Seng Kong, Singtel’s managing director (Global Enterprise Business). “With Singtel’s strong Managed Cloud services capabilities, extensive customer reach and strong suite of information and communications technology services, we can also provide the springboard for Aliyun to grow its footprint in the Asia-Pacific, which is one of the fastest growing markets for cloud services.”

http://www.aliyun.com

Coriant Supplies 100G for UNINETT's Arctic Optical Network

UNINETT, a non-profit provider of telecom and data network connections to Norwegian universities and research institutions, selected Coriant to build a new 100G-capable subsea optical transport infrastructure connecting Ny-Ålesund and Longyearbyen on the Svalbard archipelago. The network will enable UNINETT to scale optical transmission capacity and meet the low latency connectivity requirements of demanding, high-bandwidth scientific research and education traffic and applications.

The deployment uses the Coriant hiT 7300 Multi-Haul Transport Platform and the Coriant Transport Network Management System (TNMS), serving as Submarine Line Terminal Equipment (SLTE).  The Coriant hiT 7300 LH/ULH platform will provide UNINETT with coherent 100G connectivity between Ny-Ålesund and Longyearbyen in a DWDM subsea application spanning approximately 260 kilometers.

The northernmost civilian year-round settlement in the world, Ny-Ålesund is an important international research community that hosts a broad range of life, earth, and environmental scientists. Eleven institutions from ten countries have established permanent research stations in Ny-Ålesund, and an increase in research activities, including plans for a new astronomical research observatory, is one of the primary drivers behind the need for higher network capacities. Real-time and near-real time astronomy data transmission is one example of the types of research and education applications requiring reliable, high-speed connectivity.

“High-speed global collaboration and real-time exchange of media-rich data and applications are critical to research and educational institutions, and serve as the life blood of research communities like Ny-Ålesund,” said Vidar Faltinsen, Chief Technology Officer, UNINETT. “In order help us achieve our goal of bringing our customers state-of-the art broadband communications, we needed a proven technology partner that could deliver a highly reliable and flexible DWDM solution, with the service expertise to support network deployment and service commissioning in Svalbard’s particularly harsh environment. Coriant proved the ideal partner on all fronts.”

“Coriant has a wealth of experience in providing robust and reliable optical transport solutions for hybrid subsea and terrestrial networks,” said Uwe Fischer, Chief Technology Officer, Coriant. “We continue to build our industry leadership on superior photonic layer performance, stability, and scalability, with proven features such as active power transient management and integrated high-density LH/ULH ROADMs that ensure the high-availability required by UNINETT’s customers.”

http://www.coriant.com/company/press_release.asp?id=1226

SingTel Launches Software-Defined WAN based on Viptela

Singapore Telecommunications launched its SingTel ConnectPlus Software-Defined Wide Area Network (SD-WAN), a cloud-based IP-VPN service available to enterprises in Asia Pacific, Australia, Europe and the U.S.

The Singtel ConnectPlus SD-WAN, which leverages software from Viptela, enables enterprises to simplify and centralize their network provisioning and policy management, and configure network requirements in real time.

Mr Lee Han Kheng, Vice President (Global Products), Singtel Group Enterprise said: “Singtel is empowering enterprises with the capability to adapt and programme their network operations based on their needs. Using a self-service portal, they can exercise dynamic control over network issues such as performance, bandwidth utilisation and security. Singtel ConnectPlus SD-WAN is one of several software-based innovations that we are implementing to help our customers enhance their networks and improve business productivity.”

“We are excited to partner Singtel to support their global hybrid networking strategy. By combining Singtel’s global reach and market-leading network services with Viptela’s SD-WAN technology, Singtel ConnectPlus customers can easily change their network requirements, regardless of the number of physical locations, networking devices and underlying transport technologies. This helps businesses reduce operating costs by providing one point of control for all their IP VPN, private line and Internet services anywhere in the world,” stated Amir Khan, CEO of Viptela.

http://www.singtel.com
http://www.viptela.com

Blueprint: What’s Wrong with the WAN?  No comments


by Khalid Raza, CTO, Viptela Today’s WANs are built on largely the same infrastructure as they were 10 years ago.  Back then, demands by users and applications were more predictable, resulting in more expected traffic patterns and bandwidth requirements.  And there was no cloud.  And there was no virtualization. But things are different today.  Delay-sensitive real-time applications such as VoIP and video are now enterprise...





  • Viptela, Inc. is a software-centric networking company focused on transforming how Fortune-500 companies build and secure their end-to-end network infrastructure. Viptela improves the security, agility and performance of corporate IP networks for next-generation business applications. Viptela was founded in 2012 by a team of top-tier talent from Cisco, Juniper Networks, Alcatel-Lucent, and VMware. Viptela is backed by Sequoia Capital and headquartered in San Jose, CA. 

Telefonica and Bouygues Telecom Plan JV for France

Telefonica and Bouygues Telecom agreed to established a joint venture to provide telecommunications services to multinationals in France. The joint venture will use Bouygues’ domestic infrastructure in France and Telefonica’s global presence in 40 countries and service reach in more than 170.

The new Telefonica Global Solutions France will include its own dedicated marketing and sales resources committed to selling both Telefonica and Bouygues Telecom communication services whilst simultaneously managing the end-to-end commercial relationship with multinational companies. The “Telefonica” brand will be used.

Juan Carlos Lopez-Vives, CEO of Telefonica Business Solutions, said: “This agreement with our strategic partner Bouygues Telecom reflects our joint commitment to the MNC market and represents a significant step forward in the improvement of our value proposition for our customers, while reinforcing our position in the European market”.

Richard Viel, COO of Bouygues Telecom, commented: “Telefonica has been our strategic partner since 2011, bringing fruitful collaboration in all fields. Now we are happy to strengthen this alliance targeted on key accounts. A joint commercial approach was tested in 2014, and resulted in a booming performance in the MNC market thanks to the combined strengths of our leading 4G network and a truly global proposition.”

https://www.globalsolutions.telefonica.com/en/news/2015/06/03/telefonica-and-bouygues-telecom-create-telefonica-global-solutions-france-a-joint-venture-to-meet-the-needs-of-multinationals-in-france/

Menlo Security Raises $25 million for Isolation Platform

Menlo Security emerged from stealth to unveil its Isolation Platform, a new technology that eliminates the threat of malware from key attack vectors, including Web and email.

The solution does not use endpoint software. Instead, the Menlo Security Isolation Platform isolates and executes all Web content in the cloud and away from the endpoint. It uses patent-pending, clientless rendering technology, Adaptive Clientless Rendering (ACR), to deliver a non-executable, malware-free copy of the user’s session to their native browser, creating a transparent user experience.

The Menlo Security Isolation Platform is available now as a public cloud-based service or as a virtual appliance for on-premise deployment. The Platform is compatible with any hardware (desktop, laptop, tablet, smartphone), any OS (Windows, MacOS, iOS, Android) and any browser (IE, Chrome, Safari, FireFox).

Menlo Security also announced $25 million in Series B funding, led by new investor Sutter Hill Ventures and joined by existing investors General Catalyst, Osage University Partners and Engineering Capital.

“Organizations and individuals should be able to interact online without the fear of being compromised,” said Amir Ben-Efraim, co-founder and CEO of Menlo Security. “By focusing on ease of deployment and a seamless user experience, the team at Menlo Security has reinvented isolation as a highly usable and scalable front line of defense against malware.”

Prior to emerging from stealth, Menlo Security in November 2014 announced $10.5 million in Series A funding to reinvent security. The new round of financing brings the total company funding to $35.5 million. Additionally, Stefan Dyckerhoff, managing director at Sutter Hill Ventures, is joining the Menlo Security’s board of directors.  

http://www.menlosecurity.com

See also