Cisco aims for AI-first security with Armorblox buy

Cisco plans to buy Armorblox, a six-year-old AI vendor, to help create “an AI-first Security Cloud.” “Leveraging Armorblox’s use of predictive and Generative AI across our portfolio, we will change the way our customers understand and interact with their security control points,” wrote Raj Chopra senior vice president and chief product officer for Cisco Security in a blog announcing the pending acquistion. While securing email was Armorblox’s first application of its AI techniques, they might also be applied to attack prediction, rapid threat detection, and efficient policy enforcement, Chopra wrote. “Through this acquisition though, we see many exciting broad security use cases and possibilities to unlock.” To read this article in full, please click here
http://dlvr.it/Spy5YS

Why it makes sense to converge the NOC and SOC

It’s been 17 years and counting since Nemertes first wrote about the logic of integrating event response in the enterprise: bringing together the security operations center (SOC) and network operations center (NOC) at the organizational, operational, and technological levels. Needless to say, this has not happened at most organizations, although there has been a promising trend toward convergence in the monitoring and data management side of things. It’s worth revisiting the issue. Why converge? The arguments for convergence remain pretty compelling: * Both the NOC and SOC are focused on keeping an eye on the systems and services comprising the IT environment; spotting and understanding anomalies; and spotting and responding to events and incidents that could affect or are affecting services to the business. * Both are focused on minimizing the effects of events and incidents on the business. * The streams of data they watch overlap hugely. * They often use the same systems (e.g. Splunk) in managing and exploring that data. * Both are focused on root-cause analysis based on those data streams. * Both adopt a tiered response approach, with first-line responders for “business as usual” operations and occurrences, and anywhere from one to three tiers of escalation to more senior engineers, architects, and analysts. * Most crucially: When something unusual happens in or to the environment (that router is acting funny), it can be very hard to know up front whether it is fundamentally a network issue (that router is acting funny – it has been misconfigured) or a security issue (that router is acting funny – it has been compromised) or both (that router is acting funny – it has been misconfigured and is now a serious vulnerability). Having fully separate NOC and SOC can mean duplicative work as both teams pick something up and examine it. It can mean ping-ponging incidents that bounce from one to the other, or incidents that neither picks up, thinking the other has or will. At the very least, the lower tiers of separate NOC and SOC operations should be converged, so that there is neither duplication nor a game of hot potato as staff try to figure out what a problem actually is, and whether the response will be network focused, security focused, or both. Maintaining separate or semi-separate escalation paths is supportable given that lower-level convergence. To read this article in full, please click here
http://dlvr.it/SpZ08L

IBM wants drag-and-drop connectivity for hybrid cloud applications

IBM is developing a SaaS package to help enterprises securely network heterogenous environments, including edge, on-prem and multicloud resources. The IBM Hybrid Cloud Mesh is a SaaS service that implements a virtualized Layer 3-7 environment to rapidly enable secure connectivity between users, applications, and data distributed across multiple locations and environments, according to Andrew Coward, general manager of IBM’s software defined networking group.  In a nutshell, Hybrid Cloud Mesh deploys gateways within the clouds – including on-premises, AWS or other providers’ clouds, and transit points, if needed – to support the infrastructure, and then it builds a secure Layer 3-7 mesh overlay to deliver applications, Coward said. At the application level, the exposure to developers occurs at Layer 7, and the networking teams see Layer 3 and 4 activities, Coward said. To read this article in full, please click here
http://dlvr.it/SpFBxB

Cisco aims for full-stack observability with AppDynamics/ThousandEyes tie-in

Cisco is more tightly integrating its network- and application-intelligence tools in an effort to help customers quickly diagnose and remediate performance problems. An upgrade to Cisco's Digital Experience Monitoring (DEM) platform melds the vendor’s AppDynamics application observability capabilities and ThousandEyes network intelligence with a bi-directional, OpenTelemetry-based integration package. (Read more about how to shop for network observability tools) The goal with DEM is to get business, infrastructure, networking, security operations, and DevSecOps teams working together more effectively to find the root cause of a problem and quickly address the issue, said Carlos Pereira, Cisco Fellow and chief architect in its Strategy, Incubation & Applications group.  To read this article in full, please click here
http://dlvr.it/Sp4qYq

Nebulon's TripLine offers ransomware encryption protection for on-prem systems

Ransomware protection for on-premises systems and hyperconverged infrastructure is the goal of the latest release from “smart infrastructure” vendor Nebulon.
http://dlvr.it/SnmYsP

Cisco wants you to buy now, pay later

Cisco today announced a new finance program that encourages customers to buy products and services now without having to start paying for them till 2024. Specifically the Cisco Capital Business Acceleration Program will let customers purchasing Cisco products before July 29, 2023, and defer all payments until 2024. Payments deferred until 2024 would be based on the total amount financed and contract terms, the vendor stated. Cisco said another flexible payment option is available for its partners to let their customers buy Cisco technology today, and pay later, the vendor said in a statement. The entirety of Cisco’s portfolio is eligible for the program, including hardware, software, and services, as well as select partner services and third-party hardware. In addition the Cisco Refresh portfolio of Cisco certified remanufactured products is also eligible for organizations that want to acquire used gear, the vendor stated. To read this article in full, please click here
http://dlvr.it/SnVJTf

AWS secures access to cloud apps without using VPNs

Amazon Web Services has launched a service that secures user access to its cloud applications without requiring a VPN. AWS Verified Access, which the company previewed last November, validates every application request using Zero Trust principles before granting access to applications. Since AWS previewed the networking service, it has added two new features: AWS Web Application Firewall (WAF) and the ability to pass signed identity context to customers’ application endpoints. To read this article in full, please click here
http://dlvr.it/SnTCbm