The 135 Spanish Steps are perhaps one of the most popular tourist attractions in Rome-and this in a city where your alternatives include stunning options like visiting the Vatican, the Colosseum or the Trevi Fountain. And yet, a visitor to the Spanish Steps today is first-and ahead of any chance to delve into the rich history or architectural heritage of this monumental stairway-forewarned of the dangers of the omnipresent pickpockets that frequent the area! I bring this up because while European vacations may not always be part of our quotidian routine, our daily lives do involve shopping online, visiting our neighborhood retailer or posting updates on social media. And none of these places post enough warning signs urging us to be wary of the virtual pickpockets, waiting to steal and profit from personal, financial and business information that traverses across thousands of transactions at places we visit in person or on our browsers every single day.
As consumers we may even squeeze by with a bit of a lax attitude, but businesses are only painfully aware of the speed, ferocity and variety with which attackers move to try and gain access to critical business data. Our customers tell us that their cybersecurity teams work tirelessly-but often in reactive mode-to fight against breaches and constantly assess ways to eliminate vulnerable links. Today, we are thrilled to share that we're stepping up to provide our customers and partners with enhanced capabilities to combat the changing nature of threats. Cisco ASA with FirePOWER Services integrates the proven Cisco ASA 5500 Series firewall with application control, and the industry-leading Next-Generation Intrusion Prevention Systems (NGIPS) and Advanced Malware Protection (AMP) from Sourcefire in a single device, providing integrated threat defense across the entire attack continuum-before, during and after an attack.
By providing a reduced network footprint (fewer security devices to manage and deploy) and arming you with some of the most sophisticated threat protection technologies available in the market today, we continue to work hard to be your trusted security advisor and partner in the middle of the evolving threat landscape.
Some IT teams may understandably hesitate to rapidly migrate to these newer technologies. In today's dynamic threat environment, the slightest disruption to the security infrastructure increases vulnerability, leaving room for attackers to make their move. And then of course, with "everything else" that is going on (always, no?) it never feels like a good time to migrate. So, how do you move quickly and take advantage of new security solutions while minimizing potential disruption to both your security and business goals?
I took this question to our Cisco Security Services engineering team. This is a crew that doesn't shy away from complex challenges-they have managed thousands (yes, thousands) of network and security migrations and I figured that their observations (distilled to three simple principles) can probably help provide perspective, if not a blueprint for a successful migration project.
Any action in the network (including an upgrade) impacts everything connected to that network, including various technology components and the policies and procedures that they enforce. Those are the trees, and your team is probably pretty good at tracking all the trees. But can they see the forest?
A migration plan requires that you understand how the migration fits into the "big picture":
Understanding the answers to these questions will help you prioritize the order in which new capabilities are deployed in the migration, and an outcome that meets the business and technical objectives you have signed up for
But all those trees matter too, so a detailed migration plan should include a complete map of the environment that will impacted, including these best practices:
Eat right and exercise. Measure twice, cut once. Practice makes perfect. Yup, the good stuff is all out there. Yet, our engineers say that you often tend to cut short time in the lab and thus seriously undermine the success of any upgrade. The best migrations have multiple pilots and dry runs before going into full production:
Running a pilot is when you'll typically move beyond planning and get hands-on with the new equipment for the first time. But the most successful upgrades never stop planning -pilots are your opportunity to:
Once a migration project is complete, it's a great idea to continuously revisit your deployment and confirm that it is operating at peak performance. Your network is continuously evolving, and so are the threats against it. If you perform regular audits on the configuration and rules (say, deleting old rules or policies no longer required) you'll keep your deployment "clean" and always ready to take advantage of the latest tools and innovation.
The Cisco Security Services team constantly renews and refreshes best practices so that we are always prepared to help you quickly deploy the right technology solution. We work with you to assess, recommend, design and implement solutions based on your unique requirements. And together with our partners, we offer a complete set of security services and solutions, leveraging the intellectual property of the industry's top security R&D and engineering teams.
While new technology brings exciting opportunities and the latest in threat defense, migration projects do sometimes give reason to pause. But you can rarely afford to wait-the attackers certainly don't! Share your own best practices with us via the comments below, and join us to chat live with two of our experts in an online webinar, "Best Practices for Upgrading Your Network Security Beyond Traditional Defenses," at 11 a.m. Pacific Time Thursday, September 25.