Secure Your Mobile Connections with New IP Blocking Feature

When downloading an application from the App Store, do you actually check the logistics of it? For example, how is it connecting to the internet? Or an even more relatable scenario: that game you were playing while waiting in line paused to present an advertisement, was it triggered by an IP address or a DNS request? The majority of times, users don’t check or understand those nitty gritty details. We simply see something we like, click, and begin launching the app onto our devices.

However, what if that application is connecting to a malicious IP address? And in a case that your employee is using a corporate-owned iOS device and downloads that app; this presents a security gap.

Cover All Your Bases: IP Addresses and DNS Requests

The Umbrella extension within Cisco Security Connector serves as a first line of defense against threats by protecting users from malicious domains. Umbrella delivers both DNS-layer encryption and enforcement on top of an intelligent proxy that provides URL and file inspection for risky domains. Therefore, when your employee attempts to make any connections to the internet, Cisco Security Connector is there to protect your business against suspicious app and user-initiated network requests.

But applications can also connect to malicious IP addresses. To counter that, Cisco Security Connector is continuing to innovate with a newly added IP Blocking feature as a part of Clarity. This IP Blocking feature now provides complete network protection for your corporate-owned iOS devices. With just a few clicks, adminscan simply add a suspicious IP address to their blacklist and regulate that list accordingly; giving more control to businesses. Now, whether it’s a direct IP connection or DNS request, Cisco Security Connector can secure your users end-to-end.

Image: iOS Events List

Cisco Security Connector

Cisco Security Connector allows businesses to gain deep visibility and control across all devices. With the ability to integrate with existing MDM/EMM such as Cisco Meraki Systems Manager, VMware AirWatch Cloud EMM, and MobileIron on-premises EMM, Cisco Security Connector ensures ease of deployment as well as adaptability to a business’s current environment.

With similar Cisco Advanced Malware Protection (AMP) capabilities extended to iOS devices, users can now gain insight into all application and device behaviors on all devices. Though most importantly, as part of the AMP console, admins can now have one single location to manage all their endpoints.

Unfortunately, we can’t control our employee’s actions on our network, but what we can control are the results of it. So, cover all your bases with Cisco Security Connector.

Continue reading

Network Management: Don’t React – Act

The future will bring a lot of changes for telecoms, internet and cable service providers: more data, more devices and more services. Cisco’s research predicts that by 2021, annual global IP traffic will reach 3.3 zettabytes (that’s 3.3 trillion gigabytes).

There are two ways things can go for service providers. They can buckle under the pressure. Or they can find new operational approaches, that help them grow their business by creating the agile, powerful services their customers need.

Proactive Control with Cisco Crosswork

For service providers who want to maintain their competitive edge, the key will be automation: programming large, complex workflows so they can take care of themselves. Automation improves the way your network functions by reducing human error, inconsistencies, and service disruption. It allows you to stay on top of operations, with time to focus on what really matters.

Automation isn’t simple. But our engineers have spent a long time working out how it can best be supported. The result is Cisco Crosswork, a new framework for approaching network operations. With its three key pillars – mass awareness, augmented intelligence, and proactive control – it enables service providers to work with unprecedented precision and efficiency.

Cisco Crosswork gathers comprehensive data and then runs this through a sophisticated analysis, enabling actionable insights. At its heart is the Cisco Network Services Orchestrator (NSO), which uses advanced data models for intent-based networking, and is proven to work across network elements from different vendors.

This creates many benefits for service providers. It helps them protect themselves against ever-evolving security threats, maintain stringent service level agreements, and discover valuable new revenue streams.

Transforming Level 3’s* Network

One service provider that has adapted to meet new customer demands is Level 3 (*now part of CenturyLink). Level 3 realised that their customers increasingly expected instantly available services with less complexity and less overhead – and that included capacities like integrating third-party cloud services.

Powered by the Cisco NSO, the business put together a powerful set of programmable wide area networks that enabled it to automate a wide range of services in markets around the world.

This meant that Level 3 could design and deliver services more quickly, using a single modelling language and a single data store. The company was able to automate tens of thousands of tasks monthly, offer bandwidth scalability of up to 300%, and enable the management of 5,000 network devices around the world. Services could be adapted within minutes or even seconds while running, with no disruptions.

Innovation Through Automation

Results like these explain why many service providers are considering automating their networks as they look to ensure they are capable of meeting new challenges. Intelligent, end-to-end automation offers them a transformed landscape. Instead of constantly trying to play catch-up with events, they can make more informed decisions, using information about the service, the end user, and all of the multi-vendor devices in their service chain.

We want to help service providers bring about a shift in their approach to running networks. To move away from managing functions in separate silos, towards a world of intelligent, holistic operations. Forward-looking service providers understand that if they can transform their network in this way, they will boost their innovation and effectiveness for years to come.

Continue reading

Scaling to PB within Minutes – The Road to Full Automation for Scale-Out Storage with Cisco UCS

Building Scale-Out Storage solutions can be now fully automated to reduce the overall amount of work and to easily scale software-defined storage environments within minutes. Partners and customers can begin to leverage this capability using Ansible modules and playbooks for UCS Manager.

I have to admit that working in a Business Unit can be sometimes very challenging and fast and then there is no time to reflect and see the big picture, no matter which company you are working for. But sometimes projects are crystal clear, you can’t wait to see the result. One of those projects is Automation for scale-out storage.

Big Picture

In the 1990’s, where I started working in the storage industry, we handled GB of data and managed it by doing a lot of manual steps. Initial configuration and installation took a long time, sometimes days. In the 2000’s, storage arrays and disks got larger and we handled then TB of data but with the same problems as in the 1990’s. Now in the 2010’s the situation hasn’t changed that much. We’re now talking about PB of data, even EB but the initial work in the beginning is still the same and challenging.

There are exceptions but as soon as you come to a project where you need multi-PB, you run into an issue of scaling your work of configuration and installation.

Problem #1:

People might think of traditional storage systems solving their problem but they are limited in their ability to easily and cost-effectively scale to support large amounts of unstructured data. With now about 80 percent of data being unstructured, x86 servers are proving to be more cost effective, providing storage that can be expanded as easily as your data grows. Software-defined storage is a scalable and cost-effective approach for handling large amounts of data. Sounds good?

Problem #2

When scale-out storage grows, it can get complex in configuring and installing. This is one of the major obstacles when it comes to enterprise-readiness for software-defined storage. Touching each server and configuring network ports, disk for storage, or even the install media can take a long time and is mostly error-prone. And it’s a difference to prepare 5 servers or 50 servers.

Solution

But there are two ways out of the dilemma that can help a lot and reduce the overall amount of work to a minimum. Even large environments don’t take longer than smaller environments when it comes to the configuration and installation of the scale-out storage hardware.

◈ Cisco UCS Manager: Creating policies and profiles and associating them to servers simplifies scale-out storage solutions a lot. There is no need to repeat specific configurations for each server. Just assign the previously created Service Profile and you’re done. Cisco is doing it now for almost 9 years very successful.

◈ UCS Manager Ansible Modules: Sometimes it doesn’t make sense to create everything via the UCS Manager GUI and you want to further simplify the whole process for configuring and installing servers. Then Ansible for UCS Manager is the right way to move forward. You run a complete Ansible Playbook with all variables you need and within less than 2 minutes your UCS Manager Service Profiles get associated.

There are many ways to do it but we’ve seen a very good adoption of using Ansible for automation in data centers.

We have now published all Ansible Modules for UCS Manager to configure a complete scale-out storage solution. A couple of options for you to run a scale-out storage Ansible Playbook for UCS Manager:

◈ Ansible Role: You can use the Ansible Role

◈ Playbook:You could either use a hardcoded playbook or a playbook with variables and a JSON file.

I did a quick test of configuring and installing 2 x S3260 Dual Node Chassis. You could use much more hardware – the time would be around the same as the process of association works in parallel. Take a look at the 2 minute video.

That gives us now a couple of advantages:

◈ As much as I like the simplicity of UCS Manager GUI – when it comes to scaling and automation then Ansible for UCS Manager can do it in a much shorter time.

◈ You can run the playbooks as often as you want, even if you only want to change a small thing like MTU size for the storage network.

◈ The story gets even better when you integrate the northbound Cisco Nexus switches in Ansible.

Outlook:

The project won’t stop here. Our next steps for scale-out storage automation are:

◈ The full story obviously comes with the integration of scale-out storage vendors. Stay tuned for the first end-to-end Ansible full automation in the industry, from network to compute to storage to software.

◈ The big picture for the Cisco UCS team is certainly Cisco Intersight. Mid-term, we want to integrate the scale-out automation into Cisco Intersight to make it easy for customers and partners to use from a central user interface.

Continue reading

The Factory: A Living Organism for Wireless and Mobility

We live in a wireless world. We almost never plug our computers into a network. Our mobile phones and tablets provide constant connectivity. Some of us wear health tracking devices like Apple Watches, Fitbits, and Garmins. These devices count our steps, measure our heart rates, and log the number of hours we sleep. In doing so, health tracking devices create incredible volumes of data we use to monitor our personal health and improve the quality of our lives. When we don’t feel well, we can look back at hours slept and pulse rate to understand the cause and effect of our bodies’ inputs and outputs.

In many ways, our bodies are like machines requiring inputs like food for fueling, sleep for recovery, and exercise for maintaining optimal performance. When we take care of our bodies, we are rewarded with optimal outputs including increased awareness and productivity.

The same is true for machines on the factory floor. They require electricity for fuel and raw materials to manufacture products. Historically, machinists and engineers were the experts in operating their tooling. They learned through years of experience. Over time, sensors connected to the equipment and computers collected data used to monitor and improve visibility into operating characteristics. Sensors measure equipment performance like vibration, current draw, and lubricant temperatures assisted equipment operators in gaining maximum productivity from their equipment.

Initially many of these sensors and computers were wired and tethered. Over time, sensors became wireless and hard-wired computers morphed into wireless laptops, tablets, and mobile devices. And with wireless becoming pervasive, manufacturers gained considerable flexibility to monitor and manage the health of their factory equipment.

The shift to mobility

Previously, we described networks as being wireless. Over-time, we shifted from wireless to mobile and mobility. With mobility, we can drive the business benefits associated with the wireless features.

Building a mobile manufacturing network creates many challenges. The fundamental challenge is to ensure the wireless capabilities are built on a solid foundation. The foundation requires robust security and a common network infrastructure. Historically, the factory network operated independently of the enterprise network. However, today, it’s possible to secure and converge both the factory and enterprise networks with Cisco’s standard platform.

Once the foundation has been established, the mobile environment must be configured for the three foundational use cases.  These use cases enable data, communications, and video capabilities.

Although it sounds obvious, data drives everything.  Sensors enable access to data.  The simplest type of IoT sensors- vibration, current, particle, temperature, humidity, etc. connects wirelessly. These sensors then communicate with our networks where we secure, move, and reduce data we want to persist or keep, as well as discard the data when it’s perishable.

When we move to communication, the most tangible and relatable mobility use case, we typically think about providing workers with mobile devices like tablets and phones. Mobile communications enable workforces to do their jobs at the place of work. Wi-Fi enabled voice, makes it possible to replace licensed use of hand-held paid spectrum and cellular fees by shifting to Wi-Fi enabled communicators.

Of course, with Wi-Fi mobile communicators, everyone on the factory floor gains immediate access to factory floor personnel as well as receive real-time notifications, pages, and safety alert messages.

Wireless video has become part of our daily lives, typically through applications like Cisco WebEx, Facetime, and many others. On the shop floor or in a warehouse, the video capabilities take communications to the next level. Video on the shop floor, whether enabled by a mobile phone or tablet, immediately takes away the mystery of trying to imagine what is happening or what has happened.

The business benefits of mobility

Because every dollar spent in manufacturing is tied to a return on investment, it’s crucial to map mobility capabilities to business needs and benefits.

Ultimately, factory wireless solutions enable essential business benefits like less downtime, fewer line stoppages, improved worker efficiency, increased cycle time and higher OEE, which means better productivity, availability, and quality.

The Cisco Factory wireless platform includes our products, services, partners and solution implementation plans. Together, all of these components provide what’s necessary for customers to deploy and scale their wireless capabilities.

A manufacturing plant is like a living organism – requiring care and feeding in all areas. Every organism must be part of a connected ecosystem, sensing and sharing information across all parts to ensure not just survival, but growth as well.

While we wouldn’t attach a Fitbit to a piece of manufacturing equipment, we will deploy wireless and mobility capabilities in our factories to monitor and connect our equipment, resulting in operational benefits with improved cost, quality, and delivery.

Continue reading

5 Things You Need to Know about Webex Meetings

Webex has come a long way. We recently unpacked a lot of great innovation in the new meetings experience. The great thing about Webex Meetings is that it’s a full video and content-sharing cloud solution that you can join via desktop, mobile, browser, and video devices. Webex Meetings is more powerful than ever before. Bring meetings to the way you work, not the other way around.

We recently announced a whole new level of collaboration, bringing meetings and team collaboration together on a single platform. Now, everyone who uses Webex Meetings also has access to Cisco Webex Teams (formerly Cisco Spark), helping everyone collaborate, even after the meeting ends.

We’ve integrated the latest artificial intelligence (AI) and machine-learning technologies into the meetings experience to keep participants engaged. Webex Meetings can automatically detect background noise to remove distractions. The video delivers optimal views of people and content. Core functionality like start/join a meeting, attendee rosters, and more are at your fingertips no matter how you join.

Simple to join on any platform

I appreciate being able to join a scheduled meeting simply by pressing the big green button on my desktop, mobile device, or Cisco video device. Cisco is the only vendor to offer a single, consistent one-button join across devices and apps. We’ve simplified things. You don’t have to figure out how to join — the green join button comes to you.

Webex has the most comprehensive, browser-based meeting experience on the market today. If you are invited to a Webex meeting, all you need to do is click the big green button in the invitation and it takes you right in. This is especially important for first-time users. There’s nothing to install, plug in, or download to join from Chrome, Internet Explorer, Firefox, or Safari browsers. And joining from a browser doesn’t mean you have to compromise on features. Hosts and participants get the rich video and application screen-sharing of the desktop version. You have full control and can see everyone participating.

Plays well with others

We’ve also made sure that Webex works with your preferred collaboration tools. Webex not only works across our own hardware and software but also with third-party solutions. You can join or a start a meeting from Webex or do it from  Slack, Microsoft Teams, and Workplace by Facebook. It also works with calendars like Google Calendar. Support for Microsoft Office 365 is right around the corner. These integrations mean you do less switching between apps and have a more efficient workflow. You get the trusted, seamless, and reliable Webex features in the environment that you choose.

The best mobile meeting experience

Several enhancements make it easier be more productive and engaged – even on the road. For a long time, it was hard to see the other people in a meeting if you joined from a mobile device. Likewise, functionality like content sharing and scheduling weren’t options. We’ve turned the experience around and used the latest technologies to make significant improvements that help mobile users get an equal seat at the meeting table.

We’ve optimized the interface for better viewing. Pinch-and-zoom technology makes it easier to see who’s in the meeting and what they’re sharing. You’ll get native screen sharing and the easiest scheduling on the market. If you are an Apple user, you can now use voice commands, Touch ID, and Face ID.

Unparalleled speed and bandwidth

All Webex products use the Cisco network backbone, regardless of how attendees join. It’s a trusted, worldwide IP network built over the last 10 years with interconnects around the world. No other company can do this. Webex connects with both public cloud providers and our own data centers. Regardless of how you join, traffic hops off the Internet as soon as possible and enters the Webex backbone, minimizing latency, bandwidth, jitter, and packet-loss issues that happen so often on the public Web.

Grows with your business needs

Several options for using Webex let you mix and match between services as your business evolves. In addition to a free trial, there are several Webex Meetings subscription models for individuals, teams, departments, and, of course, companies. The offers are competitively priced and flexible so that you can choose a buying model based on your current requirements. Market-leading, secure, innovative Webex Meetings, plus team collaboration, unlimited VoIP, global PSTN audio services, technical support, customer success, and even analytics are all included so you always get the best features and services Webex has to offer.

Continue reading

BMC Remedy ITSM – Cisco ACI joint solution delivers robust and agile IT operations

Introduction

As companies strive to become digital enterprises, they need to make the best use of their existing assets and infrastructure, while introducing new technology and tools that drive the business forward. ITSM is one of the key digital accelerators that deliver improved performance, higher availability, and reduced risk, all while optimizing IT costs. Modern IT operations have to function in a continuous dev-ops model, manage numerous tools, and make sense of all the noise in an environment that lack any decipherable data and analytics to deliver modern applications that have a complex web of interdependencies across a distributed environment.

At Cisco, we observed the growing customer interest in ITSM/ITOM space since the announcement of ACI and quickly forged relationships with leading ITSM vendors like ServiceNow, Cherwell and brought to market joint solutions to automate and streamline incident management, health monitoring use-cases while simultaneously building a growing pipeline of customer deployments.

Today, we are proud to add BMC Remedy solution for Cisco ACI to this significant ITSM technology partner ecosystem portfolio. This blog captures the essence of the solution and how it enables intuitive service management for the digital enterprise, on-premises or in the cloud.

Solution overview

BMC Remedy ITSM suite provides out of box ITIL service support functionality, from architecture to integration and implementation to support. BMC Remedy ITSM has fast established itself as one of the market leaders addressing IT transparency, flexible and agile services, and effective collaboration and reporting, aided by a single, central shared data model. Cisco ACI, an SDN based networking architecture, enhances business agility, reduces TCO, automates IT tasks, and accelerates data center application deployments.

Organizations are increasingly looking to cut costs and find ways to optimize their IT investments. Tight integration of the ITSM layers with underlying IT infrastructure helps organizations to not only optimize their IT infrastructure but also helps them to streamline day to day IT operations.

BMC Remedy ITSM solution for Cisco ACI is a fully-automated policy-based enterprise service management solution that provides single console visibility into your data center and delivers business-aware IT operations.

Cisco ACI’s open API seamlessly integrates with BMC Remedy’s REST API and forms the foundation for the integration. The key solution component is the BMC ITSM App for Cisco ACI.  The APIC facing interface of the App pulls necessary information from the APIC object database and passes it to BMC instance.

Figure: Architecture and Use Cases of BMC Remedy ITSM – ACI solution

Major use cases covered as part of the ACI-BMC Remedy joint solution include CMDB enrichment, health and fault monitoring, and proactive incident management. With these ACI-BMC ITSM solution use cases, customers get unprecedented automation, visibility, and efficiency in their IT service management.

The solution brings a lot of value to the customer, including:

Single console visibility: The solution keeps track of the entire ACI fabric and passes that information periodically to BMC Remedy CMDB thus providing an accurate and up to date picture of the underlying infrastructure. This in-depth visibility allows admins to make more informed decisions and manage the data center infrastructure efficiently.

Healthy Data Center: Faults and dip in health scores in the ACI fabric triggers automatic ticketing workflows in BMC Remedy and further provides admins with the all the relevant information needed for troubleshooting. With all the workflows happening in near real-time, IT teams can quickly identify the root-cause and remedial solutions leading to a drastically reduced MTTR.

Proactive Incident Management: With Cisco ACI keeping an up-to-date view of service-aware infrastructure and informing BMC Remedy ITSM suite about any disruptions and outages, IT operations teams respond more proactively to incidents. Further, the user can use BMC Remedy Problem management workflows and record recurring problems and associated solutions in the Known Error DB (KEDB) building a rich repository of past incidents and actions thus creating a proactive incident management system.

As customer adoption of ACI-BMC Remedy ITSM suite becomes widespread, we will continue to explore newer use-cases to address IT operational pain-points.

Continue reading

Cisco Stealthwatch and DNA Center bridge the SecOps – NetOps divide

By sheer necessity, there is an increasingly interdependent role between NetOps and SecOps in many enterprises. Cisco has been monitoring three trends:

1. Networks are connecting ever more devices, locations and users. The complexity of managing them is creating openings for new threats.

2. As advanced threats multiply, organizations need to control the cost of containment by automating and extending visibility across different functions.

3. And as threats become more advanced, they are becoming an inhibitor to network assurance. For example, instead of breaking in, attackers simply hide in encrypted traffic to gain access to the network.

In short, SecOps needs immediate access to security telemetry to get visibility from all the new endpoints being added to the network, and NetOps needs to know about threats that could impact uptime, particularly encrypted threats.

These are some of the challenges that led to the integration of Cisco DNA Center and Cisco Stealthwatch.

Better IT workflow for faster threat resolution

Cisco Stealthwatch extends threat detection and containment to the DNA Center, the one-stop NetOps management for distributed enterprises.  DNA Center now automates enabling threat telemetry, including enhanced telemetry from encrypted traffic (Encrypted Traffic Analytics or ETA), to be sent to Stealthwatch. The critical threats from Stealthwatch, in turn, can now be monitored from the DNA Center, which provides a platform for custom resolution services such as opening a ticket for automated threat containment.

In the past, these workflows have never been integrated seamlessly. But now we have the ability to streamline them with the new, open DNA Center Platform. Highlighting the power of the DNA Center open platform approach, combined with the expertise of Cisco Advanced Services engineers – the application development and integration required for this workflow was completed in just 3 weeks

Step 0

Automatically find and turn-on threat telemetry from your network devices, including Encrypted Traffic Analytics. Today, customers can take weeks to months to identify and turn on necessary telemetry for security visibility.  We can do it in minutes.

Step 1

Stealthwatch applies advanced security analytics in the form of behavioral modeling, machine learning and global threat intelligence to pinpoint critical threats with high confidence, including where they are originating from. This info now appears in the 360 dashboard for every client on the network.

Step 2

DNA Center instantly communicates with the ITSM (IT Service Management) to generate a ticket related to this incident. And also communicates the incident to customer-specific Security Operations app (developed by Cisco Advanced Services) used by SecOps team to contain the threat.

Step 3

SecOps informs DNA Center to quarantine the user using the Security Operations App, and DNA Center isolates the user.

Step 4

DNA Center confirms containment and informs  SecOps that the user has been quarantined.

Step 5

SecOps uses the Security Operations app to update the ticket in the ITSM.

This workflow can be simpler or more complex depending on the type of threat, but the key is that it is seamless and intuitive between NetOps and SecOps.

Security is everyone’s problem now and containing threats quickly while maintaining network performance requires cooperation, automation, and visibility across IT, Network and Security Operations.

If you are attending Cisco Live Orlando this week, come and see the solution in action at the DNA Center Platform demo stand in the World of Solutions!

Continue reading

Solving Security and Compliance Problems with Cisco Business Critical Services

Organizations today need to be both nimble and secure. They’re adopting Cloud, IoT, and machine learning at increasingly quickening speed as well as evolving their applications and endpoints as well as campus, data center, and WAN networking to adapt to their digital business as well as address security risks. At the same time that compliance regimes are a moving target putting increasing pressure on organizations.

In this ever changing world, many organizations struggle with maintaining good security and compliance hygiene. Year over year, IT departments attempt to manage through compliance drift as networks evolve, new systems are added, configuration changes are made, and knowledgeable individuals leave their teams. Poor audit management practices increase audit fatigue and risk even higher rates of attrition. Add requirements for risk assessments, penetration tests, privacy impact assessments, and robust processes; not to mention the pressures of being able to identify and respond to an evolving security threat landscape and the operational pressures, including OpEx spending, can be immense.

About Business Critical Services 

Business Critical Services is the next generation of subscription based advanced services. By leveraging our expert guidance, analytics, and automation solutions, we can not only address resilience, flexibility, and support concerns, but can craft ongoing services to help manage security threats and reduce compliance overhead while decreasing OpEx, allowing customers to focus on activities that most contribute to the growth of their businesses.

Solving Compliance Problems with Business Critical Services

Business Critical Services includes a wealth of offers, or deliverables, which help customers reduce compliance drift, decrease operational churn, and drive increased compliance fidelity regardless of the compliance requirement. From automated compliance hygiene to Privacy Impact Analysis, Business Critical Services enables customers to right size a solution that meets most compliance requirements they face. For example, a customer that must be compliant to the Payment Card Industry – Data Security Standard (PCI-DSS) may choose to take advantage of the following Business Critical Services:

◈ Automated Software Compliance and Remediation, Configuration Compliance and Remediation, and Regulatory Compliance & Remediation form the core of our compliance offerings. These services automate the tasks of identifying and remediating compliance drift by validating that software versions are up to date, vulnerabilities are identified and remediated, and configurations are compliant to both regulatory requirements as well as defined gold standards.  All of this is central to several PCI-DSS requirements.  These services alone provide much needed operational relief from maintaining compliance and provide evidence for your auditors to review.

◈ Security Compliance Assessment augments our automated capabilities using Cisco compliance experts to validate policy, processes, and technical requirements where assessment cannot be automated. When combined with our automated compliance capabilities, this provides a comprehensive view of audit readiness and both tactical and strategic remediation requirements. For PCI-DSS, we review the complete set of requirements, enabling customers to make audit outcomes more predictable and eliminate last minute remediation scrambles.
Network and Application Penetration Testing within Business Critical Services can be used to meet the PCI-DSS requirements to perform these tasks regularly.

◈ Enterprise Security Advisor provides a strategic resource to help drive security and compliance. The best use of this service for Compliance is to engage Cisco as a program manager to collect, collate, and present evidence to your auditor while managing your IT compliance processes, reducing audit fatigue on your staff and freeing up individuals to focus on business growth and digital transformation.

Solving Security Problems with Business Critical Services

In addition, Business Critical Services, can be used to solve operational and ongoing security issues, helping reduce the attack surface of our customers while identifying and helping to remediate vulnerabilities, ensuring the upkeep of security infrastructure, planning and accelerating security architecture transformation, and managing to security threats and incidents. This includes:

◈ An Incident Response Retainer providing both proactive and reactive threat management activities to our customers. We offer one of the most robust and flexible retainers in the business.

◈ Our automated compliance offerings also support good security hygiene, evaluating and remediating configuration and software exposures that expose up attack surface

◈ Health checks and optimization services to facilitate proper maintenance and management of security systems, protecting and enhancing the return on investment for Cisco security architecture.

◈ A Technical Knowledge Library including guides and best practices for security infrastructure to help customer staff manage their security controls

◈ Network Device Security Assessment to analyze security device configurations and firewall rules to identify gaps and recommend remediation

◈ Collaboration Security Assessment to protect against threats to Cisco Unified Communications, video collaboration, and contact center solutions.

◈ Security Metrics Program support to design and manage KPIs to communicate control effectiveness and levels of risk to management

◈ Cyber Range Workshops to provide security operations training to SOC staff

◈ A robust set of security assessments to identify and recommend remediation to security vulnerabilities including Network, Wireless, Application, Social Engineering, and Physical

◈ Penetration Tests as well as Security Risk Assessment, Network Architecture Assessment, and third party risk management program support.

◈ Security Program Assessment and Security Strategy Planning Support to help support not just your strategic security initiatives, but also help review and improve your critical security practices and establish an enterprise security strategic roadmap

◈ Cloud Security Strategy support to help recommend security operations and technology improvements to support Cloud transformation

◈ Security Segmentation Architecture Design to help develop a roadmap to accelerate and transform the network security at our customers organization

◈ Finally, a flexible Enterprise Security Advisor service to provide program management, expert advice, and otherwise support security evolution as well as an Architecture Management Office to help drive technical change throughout customer organizations

Taken together, this robust set of subscription based offers within Business Critical Services can help customers address both the most mundane and repetitive, but critical, security tasks, drive security improvement through assessments and training, and both set and help execute strategic security direction at our customers. I can’t think of any other security company on the planet that can match this comprehensive set of security and threat management services and deliver them under an annual subscription besides Cisco.

Continue reading

5G Security Innovation with Cisco

We have been working with Service Providers and various colleagues across the world to develop the threat surface and use cases to properly apply 5G today and in applications coming tomorrow.  We call your attention to our white paper and to our session on this topic at Cisco Live US in Orlando.  The title of the session is BRKSPM-2010 (Security for Mobile Service Providers).

5G touches almost every aspect of the way we live our lives. It’s not just about faster, bigger or better, it’s about utilizing 5G as an enabler to a series of services that we all will consume in every aspect of our lives. The time is NOW to consider the security implications and cyber risk profile that come with 5G. The business operational risk, legal risk and reputational risk of not only the companies who provide 5G transport, but allcompanies, nation states and individuals who provide the services that will utilize 5G. The time is now to evaluate the cyber risk posture and apply innovative thoughts to how we can approach these challenges today and build for what’s to come tomorrow. Many IoT(Internet of Things) services will utilize 5G services. The intersection of 5G and IoT brings an extension of the existing threat surface that requires careful consideration from a cyber risk perspective. This white paper highlights innovative thoughts which enable you to take action and meet the challenges creating a security safety net for the successful deployment and consumption of 5G based services.

5G is as much the application of new architectural concepts to traditional mobile networks as it is about the introduction of a new air interface. The 5G mobile network intentionally sets out to be a variable bandwidth heterogeneous access network, as well as a network intended for flexible deployment. Aside from the usual reasons of generational shifts in mobile networks, i.e. those concerned with the introduction of networking technologies on lower cost curves, the 5th generation of mobile networks has to be able to allow the mobile service providers to evolve towards new business models that may result in future modes of operation that are very different from those of today. This presents a problem from the view point of securing such a network. The need to be flexible increases the threat surface of the network.

Security provides the foundation of service assurance. Adversaries and the threats that they impose against the networks used to deliver critical services continue to get smarter, more agile, and more destructive.

Networks used to deliver applications continue to converge, making it more important to properly segment threats and vulnerabilities by domain, while examining the aggregate threat landscape at the same time.

Examples of this include the evolved packet core where traditional and mobile services share an infrastructure leveraging the carrier data center and cloud for operational efficiency and also for service delivery. Cisco’s architectural innovations and evolution of existing networks to meet the needs of new service models like IoT services pushing technology evolution such as mobile edge compute and widely distributed secured data centers introducing a new set of visibility and control elements to handle the evolved threats.  In order to properly secure the “full stack” that delivers a connected application, two fundamental elements are applied: visibility and control. Visibility refers to the ability to see and correlate information from the carrier cloud to baseline proper behavior and then to measure deviation from that norm. Simply said, “If you can’t measure it, you can’t manage it.” Sources of visibility come from traditional network measurements (netflow, open flow, etc.), but the need to measure all aspects of a flow, from all elements of the carrier cloud to the application to the end customer, has changed what data is collected and where we get it. An example of the new visibility includes the use of application level probes that are synthetically generated and travel through the network to get a clear picture of how an application is behaving. Another example is where the Path Computation Element, which has a near real time database representing the network topology, is queried programmatically to determine the impact of a potential mitigation action on critical service classes for DDoS. Once all of the telemetry is gathered, a security controller and workflow will analyze it and determine, based on policy, suggested mitigation and controls to be applied. Of course, we have an iterative loop of constant learning. The Cisco Talos research team keeps our customers ahead of the game by its threat research and deployment of mitigation rules into our full portfolio of products, removing that burden from the Service Provider allowing them to focus on their core competencies.  Control refers to the actions taken to mitigate an attack. Some controls are taken proactively while others are applied after an attack takes place. There are two types of attacks. Day zero attacks are threats that we don’t previously have a fingerprint for. Typically deviations in known good behavior of the carrier cloud and applications that request service and state from it, are identified by the security controller and some action is then taken to mitigate the attack or to get additional visibility, an action sometimes taken to properly identify the adversary. Day one attacks are threats that we have a signature or fingerprint for and, quite often, a mitigation strategy exists in advance to handle the attack. Controls take the form of modifications to the carrier cloud to apply quality of service changes in per hop behavior to minimize the impact of an attack and also take the form of physical and virtual security assets applied as close to the source of the threat as possible in order to minimize collateral damage.

The information that the operator has that delivers the application is vast. Innovation in the way that we apply the information we have, in a close loop iterative process, is a recent innovation in threat visibility and mitigation. This is where automation, orchestration and NFV meets security to solve today and tomorrow’s security needs. The three elements of the closed loop iterative process are: policy, analytics, and the application delivery cloud (the whole transaction from the application to the networks used to serve it).  Operators can now apply innovative methods to correlate geo-location information to behavioral analytics, compare those against policy in the context of a threat to the carrier cloud, and ascertain the nature of that threat and what to do about it with far greater clarity. Visibility and control properly applied to the advanced threats of today offer the carrier cloud a level of protection. We must continue to evolve, grow and get smarter to keep our networks safe and resilient in the time of attack.

Continue reading

Business Outcomes are Driving theJourney from Finger Defined Networking (FDN) to Software Defined Networking (SDN)

Business Outcomes are driving the journey from Finger Defined Networking (FDN) to Software Defined Networking (SDN).

The industry is going through an exponential surge in bandwidth consumption along with high volumes of new devices/subscribers coming on line every day. It is fair to say that the Operation teams of Service Providers will struggle to keep up with adding many more devices every year in their current operating environments. The proliferation of 5G and Internet of Things (IoT) will lead to new business opportunities, but it will depend on Software Defined Networking (SDN) to deliver network performance with broader connectivity. Cisco’s Industry leading Network Services Orchestrator (NSO), Wide Area Networks (WAN) Automation Engine (WAE) and Segment Routing XR Traffic Controller (XTC) are the basic building blocks of our SDN solution within the Cisco Crosswork Automation framework.

Operational benefits of converting from FDN to SDN:

Automation of network functions and speed are needed to  meet the diverse needs of customers with a high level of quality of service.

Network automation: Cisco’s Automation framework helps automate workflows, services and applications – increasing efficiency in network resources and maximised path optimisation. Management and orchestration of network and services are centralised into an extensible orchestration platform by  automating the provisioning and configuration of the entire infrastructure and network services.

Speed and agility: In a rapidly changing network environment, IT policies or resource allocation are evolving all the time. In addition, deployment of new applications and business services has to be fast. With Cisco’s Software-Defined WAN (SD-WAN), networks are managed centrally and rolled out across the enterprise in real time, responding speedily to new business challenges with less bandwidth. To complement, Cisco’s NSO makes it easy to orchestrate application-based service chaining, accelerating delivery.

Orchestrated Assurance: Cisco Network Service Orchestrator solution’s augmented intelligence automatically tests deployed services and proactively monitors service quality from end user point of view providing quality assurance. Service providers can validate SLAs and resolve issues faster, bridging the gap between service fulfillment and assurance.

Business Outcomes from SDN

Our Modular Network Automation framework enables network optimisation and helps deliver use cases that reduces both Capex and Opex.  According to Cisco’s  analysis on automation, some typical results include up to 70 percent improvement in operational efficiency and up to 30 percent revenue uplift. Other business outcomes from SDN include:

Scalability: Deploying large number of network elements, integrating the network, activating services, on-boarding millions of subscribers or IoT devices, managing network operations and service up-time can be achieved with mass-scale automation. Cisco’s Automation Framework delivers complete lifecycle management for all the building blocks of network. It is  automated to minimise human resources and errors, and enables optimal traffic flows through network path optimisation.

Reduced manual errors: Human driven network changes are prone to errors, time consuming, and lack comprehensive validation. This is greatly reduced by automating the provision and configuration of the entire infrastructure and services. This typically reduces opex overhead and technician’s precious time spent on manual work. Embarrassing network/service outage and unpleasant customer experience can also be avoided.

Agility: Augmented intelligence residing in SDN with close loop automation enhances network responsiveness. Application deployment can be as fast as minutes on any platform without compromising user experience. This gives service providers the flexibility to meet network-on-demand offering self-service portals. Delivery of network services are faster and network’s ability to quickly and proactively resolve issues when they arise to ensure customer quality of service. This is also the result of auto-remediation and self-healing with big data analytics and augmented intelligence.

Here are some of the use cases delivered by Cisco’s Transport SDN and Automation framework:

1. Orchestrated Network Optimisation

2. Seamless Network Optimisation (Bandwidth Optimisation)

3. Bandwidth on Demand

4. Operating System Upgrades

5. Device Port turn up

6. Zero Touch provisioning

7. Device and Service migration

8. Metro Ethernet services.

The result of network automation is enhanced customer experience, faster service delivery, with increased business realisation and productivity.

Continue reading

Microservices Deployments with Cisco Container Platform

Technological developments in the age of Industry 4.0 are accelerating some business sectors at a head-spinning pace. Innovation is fueling the drive for greater profitability. One way that tech managers are handling these changes is through the use of microservices, enabled by containers. And as usual, Cisco is taking advantage of the latest technologies.

From Cost Center to Profit Center

In this new world, IT departments are being asked to evolve from cost centers to profit centers. However, virtualization and cloud computing are not enough. New services developed in the traditional way often take too long to adapt to existing infrastructures.

Because of such short life cycles, IT professionals need the tools to implement these technologies almost immediately. Sometimes one company may have many cloud providers in a multicloud environment. Containers give IT managers the control they were used to in the data center.

Microservices and Containers

But what if you could break up these entangled IT resources into smaller pieces, then make them work independently on any existing platform? Developers find this new combination of Microservices and containers offers much greater flexibility and scalability. Containers offer significant advantages over mere virtualization. Containers supercharge today’s state-of-the-art hyperconverged platforms and they are cost-effective

A remaining challenge is to get companies to use containers. The adoption of a new technology often depends how easy it is to deploy. One of the early players in container technology is Kubernetes. But getting Kubernetes up and running can be a major task. You can do it the hard way using this tutorial from Kelsey Hightower. Or you can take the easy route, using the Google Container Engine (GKE).

Cisco Container Platform

Another easy-to-use solution is the Cisco Container Platform (CCP). Cisco’s takes advantage of the company’s robust hardware platforms and software orchestration capabilities. CCP uses reliable Cisco equipment that enable users to deploy Kubernetes, with options for adding cloud security, audit tools, and connectivity to hybrid clouds. Notice the growing popularity of the Kubernetes platform in the graph below:

Use Cases

Space does not permit the inclusion of all the potential use cases of Cisco Container Platform and its accompanying software solution. Here are just a few examples we would like to highlight:

#1: Kubernetes in your Data Center

For agility and scale, nothing beats native Kubernetes. Developers can easily deploy and run container applications without all the puzzle pieces required in traditional deployments. This means a new app can be up and running in minutes rather than days or weeks. Just create one or more Kubernetes clusters in Cisco Container Platform using the graphical user interface. If more capacity is needed for special purposes, simply add new nodes. CCP supports app lifecycle management with Kubernetes clusters and allows for continuous monitoring and logging.

#2: Multi-tier App Deployment Using Jenkins on Kubernetes

Developers are often frustrated because of the time it takes to get their applications into production using traditional methods. But these days it’s critical to get releases out fast. Using open-source solutions, Cisco Container Platform is able to create the continuous integration/continuous delivery (CI/CD) pipeline that developers are looking for. CCP takes advantage of Jenkins, an open-source automation server that runs on a Kubernetes engine.

BayInfotech (BIT) works closely with customers to implement these CI/CD integrations on the Cisco Container Platform. While it may seem complicated, once the infrastructure is set up and running, developers find it easy to create and deploy new code into the system.

#3: Hybrid Cloud with Kubernetes

The Cisco Container Platform makes it easier for customers to deploy and manage container-based applications across hybrid cloud environments. Currently, hybrid cloud environments are is being achieved between HyperFlex as an on-premises data center and GKE as a public cloud.

#4: Persistent Data with Persistent Volumes

Containers are not meant to retain data indefinitely. In the case of deletion, eviction or node failure, all container data may be lost. It involves the use of persistent volumes and persistent volume claims to store data. Further, when a container crashes for any reason, application data will be always retained on the persistent volume. Customer can reuse the persistent volumes to relaunch the application deployment so that customer will never lose the application data.

Continue reading

Managing a DAA Hub with Analog and Digital Nodes in a Single Context

The building blocks for a distributed access architecture (DAA) are shipping from Cisco. More than 60 customers in 25 countries spanning 4 continents have received key DAA components, such as Remote PHY nodes, Remote PHY shelves, cBR-8 digital cards and Smart PHY automation software. DAA holds much promise to simplify cable operations and improve overall network reliability and makes it easier to manage and configure the cable network and the services that are delivered by the network. As part of DAA, employing Remote PHY devices (RPDs) in nodes are a key element to enable 10G digital optics, Ethernet and IP used for delivering services to nodes.

Another network element that is key to DAA success is a rack mounted RPD shelf. Rack mounted RPDs are designed to connect analog nodes to digital Converged Cable Access Platform (CCAP) cores. Installed in the hub or headend, they are connected to CCAP cores via 10G digital optical connections routed through Layer2/3 Ethernet switch routers. The output of each rack mount RPD is traditional RF analog broadband, which is connected to analog fiber optics that transmit to and from legacy analog nodes in the access network. Rack mounted RPDs allow digital fiber optics and Ethernet to replace cumbersome RF hub-based coaxial distribution cables and amplifiers that were used to feed analog optical transmitters.

There are two use cases for RPD shelves. The first use case is to enable one CCAP core to serve multiple small and/or distant hubs via digital fiber (i.e. hub site consolidation). The benefits are appreciable savings in both CCAP equipment and operations costs, because RPD shelves enable CCAP processing in fewer locations, using longer distance digital optics between one CCAP core and multiple remote hubs, each with one or more RPD shelf.

However, there is a second, equally valuable benefit of RPD shelves. Consider a network in which a large portion, but not all, of the hub nodes will be upgraded to an N+0 (node + 0), DAA architecture.  For this portion of the network, it doesn’t make economic sense to rebuild and convert existing analog nodes to digital (RPD) nodes. The cable operator is faced with operating and managing a portion of the network with conventional edge QAMs, combining networks and analog optics, while the majority of the network employs digital optics, Ethernet and IP routing to do the same things. Instead of making operations simpler, operations is faced with supporting both the legacy network and the new digital network, having to support two very different operating procedures simultaneously in the same hub.

By using Remote PHY shelves to provide all connectivity to analog nodes, this problem is solved. A single, unified mode of operations is created for the hub, across both the analog and digital portions of the network. Specifically, RF combining networks and amplifiers in the hub can be completely eliminated, replaced by Ethernet switches and digital optics. Video services can be converged with data through the CCAP core if desired. Analog RF outputs from CCAP platforms can be eliminated, and CCAP platforms can be operated as CCAP cores, resulting in a higher service group density per platform. Future node splits can be done in digital, even if the node being split is analog. Simply put, Remote PHY shelves enable a hybrid analog/digital network to be managed as a single DAA network.

Software and hardware interoperability continue to be essential for enabling a DAA. The Open Remote PHY Device (OpenRPD) initiative was established to stimulate the adoption of a DAA by providing reference software for OpenRPD members, encouraging future OpenRPD devices to be based on interoperable software standards and enabling them to develop OpenRPD devices more quickly than by developing code from scratch. Cisco continues to be a key member of the initiative, openly developing and contributing significant portions of RPD software code to the initiative. To verify that hardware and software interoperability work as advertised, CableLabs® has established thorough CCAP core and RPD interoperability testing. Cable operators looking to migrate to a DAA can look for CableLabs’ stamp of interoperable approval and be confident that the devices they choose will work in a multivendor network. As an active participant in interoperability testing, Cisco is committed to interoperability.

The Distributed Access Architecture is a dramatic evolutionary change in the cable network. It is a step toward cloud-native CCAP and the evolution of cable networks to a Converged Interconnect Network (CIN). With our comprehensive hardware and software portfolio for DAA, including the cBR-8 platform, Remote PHY digital nodes and Smart Digital Nodes, Remote PHY shelves that can be configured for redundant operation, and SmartPHY software, Cisco can help cable operators radically simplify the configuration and management of DAA networks.

Continue reading

Cisco’s Fanless Catalyst 2960-L Switch for Unleashed SMB Performance

Making an investment in IT is more critical today than ever before for a small- to medium-size business. With so many open-air business settings and anywhere, any location workspace bring technology up close and personal. Cisco’s insight into saving  space and reducing noise makes everyone—from librarians to your coworkers—happier than ever.

We live in a connected world of phones, laptops and tablets in our hands, and we’re surrounded by our technology of whiteboards, routers, wireless access points, and switches that connect multiple devices on the same network within a building or campus. A switch is necessary because it enables connected devices to share information and talk to each other.

Cisco’s Catalyst 2960-L fanless switch.

Why does a feature like fanless matter? Fanless means quiet and compact. Compact because the use of fans requires airspace and airflow. A fanless switch  can be put in smaller spaces that wouldn’t normally work. A typical network switch is a bit noisy. Some networks range from a hum to what is best described as “helicopter-like whirling. That can be distracting in offices, retail, hospitality or clinics where noise can be an issue.” Being fanless opens up options for smaller organizations to create a robust network in smaller spaces than before.

The Cisco Catalyst 2960-L has been designed for just an environment. The Cisco Catalyst 2960-L Series switch isn’t just any fanless switch: it’s the industry’s first 24-port and 48 port 1 Gbps, POE, fanless switch.

Reliable, Secure and Intuitive

The Cisco Catalyst 2960-L includes a host of reliability and security features that come with Cisco IOS. And the Cisco Catalyst 2960-L is preloaded with Cisco Configuration Professional for Catalyst (CCPC) built-in. CCPC provides users with an easy-to-use and intuitive graphical interface to configure, manage and monitor a standalone, stack or cluster of Cisco Catalyst switches.

Key features that solve problems for SMBs:

◉ Quiet and cool operations — You won’t even know it’s there

◉ Small form factor — Great for mounting in confined spaces to be inconspicuous for hospitality, cruise ships, healthcare or retail locations.

◉ Perpetual PoE — Power over Ethernet for all connected devices avoids unnecessary power cabling to connect to the switch.

◉ Automatic switch recovery — No touch recovery. You can also configure automatic recovery on the switch to recover from the error-disabled state after the specified period of time.

◉ Bluetooth connectivity — You can access the Command-Line Interface (CLI) through Bluetooth connectivity by pairing the switch to a computer.

◉ Cost-effective connectivity — Ideal for branch offices, wired workspaces and infrastructure networks; conventionally wired workspaces with PC, phones and printers; building infrastructure networks to connect physical security, sensors and control systems; and any application requiring fast Ethernet connectivity and a low total cost of ownership.

◉ Enhanced limited lifetime hardware warranty — Next-business-day delivery of replacement hardware where available and 90 days of 8×5 Cisco Technical Assistance Center.

◉ Built-in web-based GUI: Catalyst 2960-L supports a day-zero GUI called Cisco Configuration Professional for Catalyst (CCPC) to help with easy deployment of the switch without the need for a CLI.

— Simple provisioning
— Easy-to-use diagnostics
— Performance at-a-glance dashboard

With these features, we believe our small business customers can affordably expand their IT reach.

Continue reading