Tuesday, January 5, 2016

Blueprint: Three Predictions for Network Monitoring in 2016

by Tom Kelly, CEO, AccelOps

Why do armies set up look-outs all around their camps? Why do people read their horoscopes and shake magic eight-balls? Simple: they want to see what’s coming. In business, it’s incredibly helpful to be able to accurately forecast needs and set strategy. In the network security and performance arena of the business, it’s table stakes.

While there’s no crystal ball that can tell us everything, one thing is certain: organizations will need to fundamentally change the way they identify and manage threats. Below are my three predictions on this topic for the new year.

  1. It’s time to outsource security. With the unprecedented benefits and growth of the Internet of Things (IoT) and the vast number of touch points connecting to the network, new challenges and unknown risks associated with these tools will continue to multiply. Unknown risks include network and resource utilization, performance expectations and resource needs, interoperability with current systems and tools and, above all else, security risks and challenges to an organization’s livelyhood. As IT budgets shrink, and a shrinking pool of technical personnel, organizations will increasingly look outside their silos to managed security service providers (MSSP’s) for expert help.
  2. Organizations will map the customer journey. Consumers today have access to nearly infinite sources of information through the click of a mouse, resulting in a higher level of expectation for rapid answers from a variety of engagement channels. From websites to social media to mobile and multi-media, organizations are tasked with keeping up with customer demands from an ever-increasing set of “touch-points.” To that end, organizations will turn to tools that map and analyze a “360 view” of their customers’ journey and the respective “touch-points” throughout their organizations. As this integrated security and performance management requirement transitions from a tactical IT expenditure-driven initiative to a mission-critical, strategic business initiative, the era of CIOs and CISOs reporting to CFOs will shift to stronger oversight by boards of directors and CEOs.
  3. Businesses intelligence sources will converge. Proprietary customer and financial data and intellectual property are high-value targets for hackers. The challenge in protecting these targets will continue to grow as organizations become more reliant on business intelligence and analytics (Big Data) to dissect their various channels of customer engagement, workers, network and application productivity. As organizations store this valuable data in onsite and offsite locations (or a variety of both), Big Data is seen as a big target. These rich and proprietary sources of corporate analytics will spawn new and additional targets for hackers. Current silo-based approaches will need to converge with other business intelligence initiatives to provide more rapid identification and mitigation of risks.
Today’s dynamic, data-driven businesses have never been more reliant on the performance of their networks in managing risk and in the pursuit of their strategic initiatives. These same networks have never been more at risk for security breaches and the network performance impacts. With digital transformation in full swing, the pace of change is rapidly accelerating, and an organization’s ability to see into the network through solutions that provide a holistic, real-time view and correlation of the various elements in their network is becoming more critical than ever.

About the Author

Tom Kelly is CEO of Accelops and a technology industry veteran having led companies through founding, growth, IPO and strategic acquisition. He has served as a CEO, COO or CFO at Cadence Design Systems, Frame Technology, Cirrus Logic, Epicor Software and Blaze Software. Tom led successful turnarounds at Bluestar Solutions, MonteVista Software and Moxie Software, having served as CEO in repositioning and rebranding the companies in advance of their new growth. He serves on the Boards of Directors of FEI, Fabrinet, and ReadyPulse. Tom is a graduate of Santa Clara University where he is member of the University’s Board of Regents.

Got an idea for a Blueprint column?  We welcome your ideas on next gen network architecture.
See our guidelines.

AT&T Makes a Push for Open Software, Big Data, Connected Health

AT&T aims to have 50% of the software running its systems based on open source code - up from 5% today, said John Donovan, Senior Executive Vice President—AT&T Technology and Operations, speaking at the annual AT&T Developer Summit ahead of CES in Las Vegas. AT&T is working with OpenDaylight, OPNFV, ON.Lab, the Linux Foundation, OpenStack and other industry groups to
further these ambitions.

Donovan said the AT&T Integrated Cloud (AIC) project, which is based on OpenStack, is ahead of schedule. The plan was to deploy 69 AIC nodes in 2015 for running virtual network functions. In fact, the company deployed 74 AIC nodes in 2015.

Some other projects that AT&T is working on:

Nanocubes: a Big Data visualization tool develop by the AT&T Labs team. A Nanocube provides a real-time map of millions or even billions of data points from across the network.

M2X Data Service: a cloud-based data storage service for enterprise IoT developers that was launched last year. This year, AT&T is launching Flow Designer, a cloud-based tool developed at the AT&T Foundry that lets IoT developers quickly build new applications.

OpenDaylight's Internet of Things Data Management project: addressing interoperability across devices and networks.

AT&T Foundry for Connected Health: a new facility located at the Texas Medical Center Innovation Institute in Houston, Texas. The new AT&T Foundry will focus on digital health innovations that benefit those in and out of the clinical care environment.

SmartCities Framework: AT&T has formed alliances with Cisco, Deloitte, Ericsson, GE, IBM, Intel, and Qualcomm Technologies to create impactful solutions for cities. Areas of focus include Infrastructure monitoring (the conditions of roads, bridges, buildings, parks and other venues); Citizen Engagement; Digital Signage for smarter public transportation; and Public Safety (including gun fire detection technology). AT&T is also developing a new digital dashboard that gives cities a high-level look at their communities’ conditions.

A list of the Top 20 Innovative apps presented at the 2016 AT&T Developer Summit Hackathon is here:
http://developerboards.att.lithium.com/t5/AT-T-Developer-Program-Blogs/Top-20-Innovative-apps-presented-at-the-2016-AT-amp-T-Developer/ba-p/41041?linkId=20116277

BMW Renews Connected Car Agreement with AT&T

BMW  has extended a multi-year, exclusive agreement with AT&T for Connected Car services. Since 2008, AT&T has powered BMW’s ConnectedDrive services and apps. Through a new agreement, we also will connect BMW “infotainment” features such as a Wi-Fi hot spot.

Beginning with the all-new BMW 7 Series, BMW customers now have the option of a Wi-Fi hot spot powered by AT&T’s 4G LTE network.

“We are thrilled to continue our long-standing relationship with BMW and to be a part of a brand that evokes a joy and passion for driving,” said Chris Penrose, senior vice president, Internet of Things, AT&T Mobility. “The new Wi-Fi hot spot lets you connect up to 8 devices at a time and allows passengers to access their favorite apps, play games and surf the net at fast 4G LTE speeds.”

http://about.att.com/story/att_renews_exclusive_connected_car_agreement.html

BT Deploys Cisco FirePower for Threat-centric Security

BT recently announced a partnership with Cisco to deliver threat-centric security solutions for both its internal network and for customer services.

Specifically, BT is using Cisco's threat-centric technologies, such as ASA with FirePOWER Services, Advanced Malware Protection (AMP), and Next-Generation IPS (NGIPS) to provide a differentiated capability in the market. In a Cisco blog posting, BT said it has experienced a 1,000% increase in threats over the past 13 months.  The trend includes an increasing number of transport-layer threats where network elements are targeted. BT's response involves a consolidation in the network architecture and deployment of Cisco's FirePower next-generation IPS tools along with Advanced Malware Protection.

The Cisco solution leverages its recent acquisitions of SourceFire, ThreatGrid and Cognitive Security (COSE).

BT said the partnership enables it to sell advanced security solution into complex IT infrastructures across the globe. BT has sold the capability to a nation-state.

https://blogs.cisco.com/security/security-insights-with-british-telecom


Cisco Targets "Security Everywhere," Intros Firepower 9300

Cisco is rolling out a "Security Everywhere" initiative aimed at embedding security throughout the extended network – from the data center out to endpoints, branch offices, and the cloud. The goal is pervasive threat visibility and control for enterprises and service provider networks. To get there, Cisco is adding more sensors to increase visibility; more control points to strengthen enforcement; and pervasive, advanced threat protection to reduce time-to-detection and time-to-response, limiting the impact of attacks.

Cisco is launching the following set of solutions across the entire networking portfolio:

• Endpoints: With Cisco AnyConnect Featuring Cisco AMP for Endpoints, customers using the Cisco AnyConnect 4.1 VPN client now can easily deploy and significantly expand their threat
protection to VPN-enabled endpoints to continuously and retrospectively guard against advanced malware.

• Campus and Branch: FirePOWER Services solutions for Cisco Integrated Services Routers (ISR) provides centrally managed Next-Generation Intrusion Prevention System (NGIPS) and Advanced Malware Protection (AMP) at the branch office integrated in the network fabric, where dedicated security appliances may not be feasible.

• Network as a Sensor and Enforcer: Cisco has embedded multiple security technologies into the network infrastructure to provide broad threat visibility to rapidly identify users and devices associated with anomalies, threats and misuse of networks and applications. New capabilities include:

Broader Integration between Identity Services Engine (ISE) and Lancope StealthWatch: Enterprises can go beyond just mapping IP addresses to identifying threat vectors based on ISE’s context of who, what, where, when and how users and devices are connected and access network resources. This provides greater contextual threat visibility with StealthWatch for accelerated identification of threats.

NetFlow on Cisco UCS: Extending Cisco’s network-as-a-sensor capabilities to the physical and virtual servers, customers now have greater visibility into network traffic flow patterns and threat intelligence information in the data center.

Using the new embedded security capabilities, Cisco networks now have the ability to automate and dynamically enforce security policies. Customers can segment applications and users throughout the network – across the extended enterprise to use policy to define which users can get which applications and what traffic can traverse the network then automate security operations.

TrustSec + ISE and StealthWatch Integration: StealthWatch can now block suspicious network devices by initiating segmentation changes, providing rapid response to identified malicious activity. ISE can then modify access policies for Cisco routers, switches, and wireless LAN controllers embedded with TrustSec technology.

Hosted Identity Services provide a secure, 24/7, cloud-delivered service for the Cisco Identity Services Engine, a security policy management platform that unifies and automates secure network access control. The new hosted service speeds time to deployment, supporting business growth and providing role-based, context-aware identity enforcement of users and devices permitted on the network, streamlining enterprise mobility experiences.

• pxGrid Ecosystem: Eleven new partners have joined the pxGrid Ecosystem with the addition of several new ecosystem technology categories, including cloud security and network/application performance management. pxGrid is Cisco’s security context information exchange fabric that enables security platforms to share information to drive better threat detection, mitigation and overall security operations.

Cisco is also expanding advanced threat-centric protection for its Evolved Programmable Network (EPN), which is its open network architecture designed to advance the adoption of Software Defined Networking (SDN) and Network Functions Virtualization (NFV). Cisco’s new service provider security solutions include the following:

• Cisco Firepower 9300 Integrated Security Platform is a carrier-grade, high-performance, scalable and modular multi-services security platform purpose-built for service providers, that can scale security for increased data flows due to accelerated service demands and carrier class requirements.

• Expanded Advanced Orchestration and Cloud Capabilities enable Cisco’s new security solutions to integrate with the Cisco architecture and third-party SDN/NFV solutions, as well as Cisco’s Adaptive Security Appliance Virtual (ASAv) with Cisco’s Network Service Orchestrator (NSO) and Application-Centric Infrastructure (ACI). These orchestration and cloud capabilities also include open APIs for integration with orchestration, Operation Support Systems/Business Support Systems, and Cloud Security-as-a-Service solutions.

• Advanced features such as secure containers to accommodate future security services and applications. Additionally, Cisco ASA firewall and third-party DDoS mitigation from Radware are currently supported, with additional capabilities planned for the second half of 2015.

Cisco Integrates ACI with FirePOWER Intrusion Prevention

Cisco is integrating its FirePOWER Next Generation Intrusion Prevention System (NGIPS) into its Application Centric Infrastructure (ACI) architecture.

The integrated ACI + firePOWER security solution, which will be available in June 2015, offers automated threat protection to combat emerging data center security threats. The idea is fine-grained control (including application level security), visibility and centralized automation all the way from infrastructure to the application level.

Cisco ACI also third-party ecosystem solutions from Check Point Software Technologies, Fortinet, Infoblox, Intel Security, Radware, and Symantec.

Cisco said ACI integration with FirePOWER NGIPS (including Advanced Malware Protection) provides security before, during and after an attack, enabling organizations to dynamically detect and block advanced threats with continuous visibility and control across the full attack continuum. These new security capabilities deliver unprecedented control, visibility and centralized security automation in the data center.

Cisco also announced that independent qualified security assessors have validated ACI for deployment in payment card industry (PCI) compliant networks. Managing and simplifying the scope of compliance can help reduce costs for these organizations.

http://newsroom.cisco.com/press-release-content?type=webcontent&articleId=1628097
http://www.cisco.com

Panasonic Develops 300GB "freeze-ray" Optical Discs for Facebook Data Centers

Panasonic unveiled its freeze-ray, an Optical Disc-Based Data Archive System, developed in collaboration with Facebook, which is deploying the first-generation 100 GB Blu-ray Disc-based archive system into its data centers now.  Facebook expects deployment of the second-generation 300GB Archival Disc-based archive system later in 2016.

The technology is aimed at infrequently or never accessed data stored for the long term -- in the world’s data centers.

Panasonic said its freeze-ray data archiving solution provides optimal cold storage for protecting data integrity and reducing costs.  Optical discs provide longevity, immutability, backward compatibility, low power consumption and tolerance to environmental changes.

Panasonic’s main contribution to the effort was its high-density optical technology, key devices (optical discs, drives and related robotics) and library software to control the system easily in the data center. Facebook collaborated by providing its unmatched expertise in designing, deploying, managing and servicing storage systems in data centers. In addition, Facebook provided extensive technical and real-world data center feedback at every stage of the development. Both companies have been working on two generations of the freeze-ray solution.

“As Facebook continues to grow, we needed to address some of our fundamental engineering challenges with an efficient, low-cost and sustainable solution that matches our speed and exabyte-scale of data,” said Jason Taylor, PhD, VP of Infrastructure, Facebook. "We're seeing exponential growth in the number of photos and videos being uploaded to Facebook, and the work we’ve done with Panasonic is exciting because optical storage introduces a medium that is immutable, which helps ensure that people have long-term access to their digital memories.”

http://www.panasonic.com

Broadcom Intros Low-power Wi-Fi/Bluetooth Chip

Broadcom introduced its lowest power Wi-Fi/Bluetooth combo chip for mobile platforms and accessories, boasting up to 3X longer battery life compared to Broadcom's previous combo chips.

The company said its new BCM43012 chip allows OEMs to integrate Wi-Fi into platforms that have traditionally been powered by Bluetooth alone due to battery size or constrained power budgets.  In some applications, the BCM43012 Wi-Fi consumes 80 percent less power than the most common Bluetooth solutions today.

Features:

  • Highly-integrated 28nm dual-band 802.11n and Bluetooth 4.2 SoC
  • Integrated efficient power amplifiers (PAs), low noise amplifiers (LNAs), and power management unit (PMU) for low rest of bill of materials (RBOM) cost and small system footprint
  • Architectural improvements provide unrivaled low power in sleep and active states for both Wi-Fi and BT
  • Coexistence hardware and algorithms to ensure optimal Wi-Fi and BT performance
  • WLAN features include enhanced proximity and location features enabled by 802.11mc and TurboQAM data rates up to 96 Mbps
  • Bluetooth features include angle of arrival (AoA) and angle of departure (AoD) technology, wireless charging support for A4WP and AirFuel, and early adopter 2 Mbps Low Energy protocol capability

"For more than a decade, Broadcom has achieved a market leadership position in connectivity combos by setting the standard for performance, features, and power consumption," said Dino Bekis, Broadcom Vice President of Marketing, Wireless Connectivity Combos. "We have applied this expertise to launch a family of products for the promising mobile accessories markets with solutions that allow our customers to deliver a new generation of connected platforms with breakthrough capabilities."

http://www.broadcom.com

Broadcom Samples 64Bit Quad-core Router Processor

Broadcom has begun sampling the industry's first 64bit quad-core processor for high-end residential routers supporting smart home and Internet of Things applications.

The BCM4908 includes a 1.8GHz 64Bit quad-core ARM CPU and uses Broadcom's Runner network packet processor to deliver more than 5 Gbps of system data throughput without taxing the CPU. It also supports the increased speeds coming into the home including Google Fiber and Comcast 2 Gbps via an interface for a 2.5 Gigabit Ethernet PHY.

Key Features:

  • Zero CPU Wi-Fi offload frees up CPU resources for other tasks
  • BroadStream iQoS acceleration
  • Dedicated security processor to enable hardware VPN acceleration
  • 2.5Gb Base-X Ethernet WAN/LAN port for supporting fast connectivity to multi-gigabit modem or a Network Attached Storage (NAS) device
  • Feature-rich connectivity with integrated SATA III, two USB 3.0 ports and three PCIe Gen 2 ports reduces external RBOM cost
  • Utilizes low power 28nm technology and advanced power management, offering power reductions of more than 50 percent as compared to previous solutions
  • Supports Broadcom's tri-band (AC5300) 5G WiFi XStream 802.11ac MU-MIMO:
  • Three BCM4366 4x4 radios, each with an integrated CPU for host offload processing
  • Providing a total of seven CPU cores ("Septacore") with more than 9.6 GHz of CPU horse power
  • Powerful hardware acceleration for routing and USB storage

"With this new SoC, Broadcom is driving home network connectivity to the next level," said Manny Patel, Broadcom Director of Marketing, Wireless Connectivity. "By increasing the CPU performance and adding advanced features, we're enabling OEMs to build more powerful home routers that address the increased bandwidth requirements needed to support the continued consumption of high-bandwidth content, growing demand for UltraHD as well as the growing emergence of more IoT and smart home applications."

http://www.broadcom.com

UHD Alliance Specs for Devices/Services

The UHD Alliance (UHDA) has begun promoting a new consumer-facing logo to identify devices, content and services capable of delivering a premium experience based on agreed specifications, including performance metrics for resolution, high dynamic range (HDR), peak luminance, black levels and wide color gamut among others. The specifications also make recommendations for immersive audio and other features.

“The diverse group of UHDA companies agreed that to realize the full potential of Ultra HD the specs need to go beyond resolution and address enhancements like HDR, expanded color and ultimately even immersive audio. Consumer testing confirmed this,” said UHD Alliance President Hanno Basse. “The criteria established by this broad cross section of the Ultra HD ecosystem enables the delivery of a revolutionary in-home experience, and the ULTRA HD PREMIUM logo gives consumers a single, identifying mark to seek out so they can purchase with confidence.”

For devices, key specs include:

  • Image Resolution: 3840x2160
  • Color Bit Depth: 10-bit signal
  • Color Palette (Wide Color Gamut)
  • Signal Input: BT.2020 color representation
  • Display Reproduction: More than 90% of P3 colors

High Dynamic Range

  • SMPTE ST2084 EOTF
  • A combination of peak brightness and black level either:
  • More than 1000 nits peak brightness and less than 0.05 nits black level or more than 540 nits peak brightness and less than 0.0005 nits black level

The UHDA, which was established a year ago, has grown to more than 35 companies, including DIRECTV, Dolby Laboratories, LG Electronics, Netflix, Panasonic Corporation, Samsung Electronics, Sony Corporation, Technicolor, The Walt Disney Studios, Twentieth Century Fox, Universal Pictures, Warner Bros. Entertainment, among others.

http://www.uhdalliance.org

AudioCodes to Acquire Active Communications Europe

AudioCodes has agreed to acquire Active Communications Europe, a leading provider of communications solutions, for $3 million in cash plus an earn-out arrangement of up to an additional $2 million based on attaining certain sales targets over the next three years.

Active Communications Europe is a Microsoft Silver Partner specializing in Unified Communications. AudioCodes sells advanced solutions for the Unified Communications and Unified Communications as a Service (UCaaS) market.

"This agreement with Active Communications Europe places AudioCodes in a stronger position to serve the growing adoption of Microsoft Skype for Business Online, Office 365 and Cloud PBX," said Shabtai Adlersberg, President and CEO of AudioCodes. "The technology and expertise of Active Communications Europe effectively complement the AudioCodes One Voice portfolio."

http://www.audiocodes.com/

See also