Tuesday 30 March 2021

Initiatives to enable progress: Taking action during a global pandemic

Cisco Prep, Cisco Learning, Cisco Certification, Cisco Preparation, Cisco Career

Cisco employees continue to seek ways to make an impact, especially during this difficult time. We made this easier by doubling the number of paid days off available for employees to volunteer from five to 10 in 2020. In addition, we increased the annual match for employee giving and volunteering from US$10,000 to US$25,000. Disaster response campaigns launched to address specific crises are matched at US$10,000 per employee per campaign and do not count against the annual match limit.

In addition, Chairman and CEO Chuck Robbins challenged Cisco’s 77,000+ employees to make donations to global nonprofits supporting those most vulnerable to COVID-19, which were matched by the Cisco Foundation. Employees quickly achieved the initial goal of US$750,000 in giving and matching over a 72-hour period, raising US$3.2 million for more than 50 organizations by the end of the fiscal year.

In response to employee demand, Cisco also helped facilitate a menu of virtual volunteering options. Opportunities included translating texts for humanitarian organizations, volunteering for crisis help lines, providing résumé and job interview assistance, donating food and school supplies for children, and more.

Standing up for social justice

In fiscal 2020, Cisco pledged US$5 million in grants to social justice organizations, including nonprofits in our internal Fighting Racism and Discrimination Fund, which continues to provide employee donations and matching contributions to 16 nonprofits focused on social justice. A dynamic team, including Inclusive Communities members (Cisco’s version of EROs), is partnering with Cisco’s Community Impact team to determine how best to build long-term relationships with the nonprofits in the Fund.

Preventing homelessness and serving youth

Long-time Cisco nonprofit partner Destination: Home, a public-private partnership working to end and prevent homelessness year-round in Santa Clara County, California, proactively set up a relief fund designed to help families bridge the gap created by lost jobs during the pandemic. They received thousands of applications that all needed rapid review. Cisco volunteers helped accelerate the application review process and payment by receiving training and then reviewing the applications for funding.

Cisco also has a strong partnership with Covenant House International, an organization providing housing and supportive services to youth facing homelessness. In November 2019, hundreds of Cisco employees slept outside during the Covenant House “sleep out” in cities across the U.S. Sleep outs raise awareness about youth homelessness and funding to support Covenant House programs. During the event, Cisco employees generated over US$1.8 million in support for Covenant House through their donations and Cisco Foundation matching gifts.

In March 2020, Cisco employees helped the Young Professionals Sleep Out event go virtual, allowing communities across the U.S. to connect through a livestreamed Webex event. During the broadcast, participants learned just how difficult the COVID-19 outbreak has been for homeless youth already facing extraordinary challenges.

Through Cisco’s Next Horizon Impact initiative, Cisco Chairman and CEO Chuck Robbins brought together customers, partners, and suppliers to raise tens of thousands of dollars for people in the Bay Area experiencing homelessness as the COVID-19 crisis began. Robbins led a discussion featuring Jen Loving, CEO of Destination: Home, who shared the crisis facing the region’s most vulnerable.

Chief People, Policy & Purpose Officer Francine Katsoudas led a second wave of outreach and discussion with partners and suppliers, along with CEO of Great Place to Work Michael Bush, Loving, and Covenant House California CEO Bill Bedrossian. Bush shared how companies who treat communities well differentiate themselves in the market and will lead as we build a path out of the crisis and back to a thriving economy. These conversations led to an increase in awareness and key relationships as a result of Next Horizon Impact, which will lead to more resources for the homeless community.

Global Citizen impact

Global Citizen is focused on ending extreme poverty by 2030. As Global Citizen’s technology partner, Cisco is foundational to the organization’s ability to engage millions of citizens around the world—our employees among them. In fiscal 2020, over 1200 employees took action on GlobalCitizen.org to advocate for changes in policy, legislation, and leadership behavior to address the root causes of poverty. Actions included signing a petition, sending an email, or participating in social media campaigns.

Staying Earth Aware, virtually

Cisco has observed Earth Day for many years—but we also do much more, organizing a two-month employee volunteerism and awareness campaign that we call Earth Aware. During a typical year, we invite employees to practice sustainable behaviors, like biking to work and properly sorting waste in cafeterias, and host events like on-campus farmers markets. In fiscal 2020, Earth Aware went fully online, featuring virtual presentations on living a zero-waste lifestyle, environmental justice, and cleaning local watersheds, as well as a sustainability trivia event. We even gave employees a virtual tour of the new beehives at our Research Triangle Park campus.

Earth Aware 2020 also included a virtual SustainX, our thought leadership forum on sustainability. During this annual event, we invite internal executives to share what their teams are doing to reduce their environmental impact and external speakers to discuss the innovative ways they are working to improve the environment. In fiscal 2020, leading environmentalist and author Paul Hawken shared existing strategies for drawing down carbon from the atmosphere in order to reduce global warming, and a Cisco Fellow explained how our new 8000 Series routers save significant amounts of power and materials.

Living sustainably year-round

Beyond Earth Aware, Cisco has ongoing opportunities for employees to connect with peers who share a passion for sustainability—and make changes in their lives and in the workplace. Cisco Green is a hub on our internal social media site that enables employees to learn about Cisco’s environmental sustainability activities. It provides links to programs, information, and other tools. For those looking to connect with others, Cisco GreenHouse is an interactive sustainability web platform that helps Cisco employees find likeminded peers worldwide who want to lead more sustainable lives. As a core program featured in Community Impact, Cisco GreenHouse was promoted on the companywide digital portal and more than doubled its active users.

Promoting circular business models

Another way Cisco contributes to sustainability is by helping advance the circular economy. To grow awareness and inspire employees to contribute to Cisco’s circular economy transformation, we publish a quarterly circular economy newsletter, manage a circular economy Webex Teams space, and provide other opportunities to engage throughout the year. In fiscal 2020, we hosted two employee webinars on topics related to circular operations and circular design and launched an internal website with case studies on the Cisco Circular Design Principles. We also regularly convene extended team members and other internal stakeholders through a variety of workgroups, including the Circular Design Working Group, the Circular Economy Regional Leader Network, and the Circular Economy Sales Champion Network.

Connecting employees to how products are made

Launched in fiscal 2020, the Cisco Responsible Sourcing campaign is raising internal awareness of our commitment to source products ethically and sustainably. One element of the campaign is our Champions of Sustainability, a recognition program that highlights the people behind responsible sourcing at Cisco across our Supply Chain Operations and Global Procurement Services. The champions demonstrate a shared commitment to sustainability and drive social and environmental responsibility in how we source goods and services.

We also developed a supply chain human rights training to raise awareness and educate employees on how they can help follow through on our human rights commitments. More than 2400 employees have taken the training, including employees in supply chain operations, customer experience, enterprise networking, and cloud.

Cisco Prep, Cisco Learning, Cisco Certification, Cisco Preparation, Cisco Career

Source: cisco.com

Monday 29 March 2021

2021 Security Outcomes Study: Timely Incident Response as a Business Enabler

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Career, Cisco Preparation

Cybersecurity has a set of starting signals as well, but they differ in one aspect. In the event of a cybersecurity event, the team responsible for incident response is not the initial actor. Incident response is based on the same readiness as a world-class performer; however, incident responders only start (metaphorically) after the rest of the horses have left the gate. Absent the catalyst, an active responder would be entirely out of place. This makes the cybersecurity professional the second player in a nail-biting competition.

Cybersecurity as a first responder

One could posit that a cybersecurity incident responder is no different than any other first responder, such as a law-enforcement officer, or a firefighter. This is true, but only in a limited sense. As with all things in the virtual realm, the unseen can be much harder to respond to than a physical event. For example, a firefighter has a much easier time locating a fire than a security analyst has of locating the source of a breach. Indicators of compromise can sometimes be quite ephemeral.

Similar to other first responders, a cybersecurity incident responder must be ready at all times to jump into action at the earliest sign of a problem. The key to a successful, versus a failed incident response, is timeliness.

Timely incident response as a business enabler

Cisco’s Security Outcomes Study addresses the topic of timely incident response. By interviewing 4,800 security professionals, the importance of timely incident response became a clear gauge, not only of security success, but also business enablement. In fact, timely incident response ranked higher than vulnerability remediation deadlines.

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Career, Cisco Preparation

The report emphasizes this finding, by stating succinctly:

It may seem odd at first to see incident response (IR) listed as a top business enabler. But IR isn’t just about putting out fires and cleaning up the mess. It’s ultimately about handling unexpected events with minimal impact to the business.

If you work in an environment where everything comes to a halt at the announcement of a vulnerability, and the subsequent deployment of the corrective patch, this finding is transformative. It contemplates the idea that disrupting the business operations to apply patches should perhaps take a secondary role to the ability to respond to an active exploit. This is important, as security is often seen as something that hinders the flow of business, rather than an enabling force. However, incident response, and specifically timely incident response, does not just become a new title that can be slapped onto the front door of the Security Operations Center. Incident response is a discipline, with specific phases, and approaches.

The six stages of incident response

In incident response parlance, there are six classic stages: prepare, identify, contain, eradicate, recover, and lessons learned. (It is fair to note that there are variations on this, but the general rules are all aligned along the same track.)

Which phase would you consider the most important? Consolidation to the most important is probably not the point, as that logic creates a whirlpool of conflicting interests that may be distracting towards the full goal. For instance, while preparation is a primary concern, one can never prepare for everything. The identification phase includes scoping, which is often not performed to the fullest extent that it should be, which introduces quite a number of problems, and the intentions are never realized. This becomes an exercise in circular logic, which is merely a time waster.

When you consider why a musical, or athletic performance is so transfixing, or why we all stop to watch first responders in action, it may be because we are mesmerized by the effortlessness through which these people carry out their tasks. That is the result of constant training. The most important part of incident response is reducing the dwell-time of attackers through early detection, and that, like all other aspects of the kill chain comes through practice.

Incident response is part of a complete security strategy

Timely incident response as a business enabler is surprising, and even more telling is that, among the respondents of the Security Outcomes Study, incident response also ranked highly on the list of components that contribute to a host of other progressive security initiatives, including:

◉ Overall security program success
◉ Creating a strong security culture
◉ Managing top risks
◉ Regulatory compliance
◉ Security cost-effectiveness

Security, and all of IT is often considered a cost center, meaning that it does not generate revenues. However, if we look at cybersecurity as a cost-avoidance strategy, timely incident response takes on an entirely new level of importance. One of the best metrics to demonstrate that money is well-spent in an organization is through the reduction of wasted effort that is wasted. The Security Outcomes Study indicates that there is a high correlation between a successful security program via minimizing wasted effort and timely incident response.

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Career, Cisco Preparation

Security readiness is achieved through planning, practice, and continuous improvement. One of the newest components of a solid security program is incident response. It is important to note that disaster recovery is part of a response effort. However, as threats advance, incident response is rising as a leader towards a more complete security strategy.

Sadly, not all organizations are fully invested in the idea of the value of incident response. Nearly 40% of our interviewees designated that their organization did not embrace the importance of timely incident response. Given the other indicators in the report, we can only hope that this trend diminishes over time.

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Career, Cisco Preparation

Incident response is not an easy task to accomplish. Imagine if you were able reduce incident response time by up to 85% with a coordinated defense to fully expose, contain, and resolve threats and vulnerabilities. Cisco Secure Endpoint simplifies investigation allowing you to get to the root cause of the incident fast, accelerating remediation.

And what’s more, the threat response feature of Cisco SecureX leverages an integrated security architecture that automates integrations across Cisco Security products to simplify threat investigations and responses. Saving you time and effort by speeding up investigations significantly and allowing you to take corrective action immediately.

Source: cisco.com

Saturday 27 March 2021

Improving Application Experience with Full-Stack Observability

Cisco Prep, Cisco Learning, Cisco Certification, Cisco Preparation

In the not-too-distant past, everything in the application and networking stack was under IT’s control. Workloads lived securely in the on-premise data center—people sat in their campus offices connected to the secure wireless network, and an MPLS service with an SLA connected branch offices to the data center.

Today, workforce productivity depends on cloud and SaaS applications that often rely on the public cloud infrastructure, which in turn depends on the internet as part or all of the WAN connectivity which in turn depends on a multitude of ISPs, CDNs and advanced network services. Hybrid and native clouds applications are mostly containerized, so performance can be affected by the communication paths among the microservices, both in the data center and cloud. The total application experience as perceived by the workforce is dependent on the performance of all the components of applications and network connections acting in concert. If one element falters, the whole experience can be impacted.

NetOps and DevOps need to understand the interdependencies among the component applications and tune the enterprise network and internet paths accordingly. A unifying view can only be provided by the network fabric that monitors and analyzes the full stack of interlacing components: from the foundational network data layer to the software-defined WAN to application containers in the cloud. With the workforce accessing applications from literally everywhere, all the time, IT requires pervasive, real-time monitoring of network, internet, and application performance with auto-healing capabilities. This is Full-Stack Observability, driven by software-defined controllers and network analytics that enable ​action, policy, and automation.

Observability Begins with a Deep Historical View

To improve application experience, IT needs tools to record, analyze, and report on network and application activity at a massive scale to build a deep historical data set against which to apply AI and Machine Reasoning tools. Hybrid and cloud applications consist of multiple micro-components connected by east-west traffic in the data center or cloud service. Continuous monitoring and analysis are needed to optimize application experience because many inter-application communication issues are transitory and difficult to replicate. Application performance needs to be recorded for machine analysis to determine recurring issues and root causes. Full Stack Observability from the perspective of the application requires:

◉ Application end-user experience as measured by ThousandEyes, NetFlow, or AppDynamics;

◉ Dependency graph to the underlying composite application services and infrastructures;

◉ Comprehensive availability and performance data on each of the supporting components such as composite application services, public cloud services, ISPs, networking devices, compute and storage infrastructure.

The irony of having mountains of telemetry and activity logs awaiting analysis by overworked IT teams is that there is too much noise in too much data for humans to deal with in a timely manner. When the volume of data is beyond human scale and below human sensitvity, machine reasoning (MR) automates the analysis of trillions of bytes of switch and router telemetry, wireless radio fingerprints, and network access point interferences to uncover patterns in the chaos, and turn the findings into actionable insights and automated mitigation actions.

Automated Observability with AI Nework Analytics

To make full use of the deep historical and real-time data, IT can take advantage of an Analytics Stack that can:

◉ Use purpose-built applications to augment human engineers in NetSecOps with Insights into network performance and security vulnerabilities

◉ Leverage machine-speed analytics and knowledgebase-driven Machine Reasoning Engine (MRE) to unburden NetSecOps from mundane monitoring tasks to focus on proactive digital transformation projects with DevOps.

◉ Achieve massive collection, storage, and parsing of diverse data lakes—collections of anonymized network and application telemetry based on volume, velocity, and variety of data to compare performance and security metrics.

For several decades, Cisco has been building a data lake of worldwide, anonymized customer telemetry in parallel with a knowledgebase of expert troubleshooting experience, both of which are available to machine reasoning algorithms under the command and control of Cisco DNA Center. With Cisco AI Network Analytics, NetOps can, for example, be forewarned of increases in Wi-Fi interference, network bottlenecks, uneven device onboarding times, and office traffic loads in the more traditional data center and campus network environments.

Cisco Prep, Cisco Learning, Cisco Certification, Cisco Preparation

Observability for cloud-based applications, however, needs a different approach as much of the application infrastructure is not under direct control of IT. Direct internet connections to clouds can be unreliable—especially for latency-sensitive applications—unless they are monitored and automatically tuned using cloud onramps.

Observability into Cisco Cloud OnRamps for each of the major cloud services—Microsoft Azure, Amazon AWS, and Google Cloud, as well as colocation, and SaaS platforms—provides the ability to monitor and set performance parameters that are automatically applied to maintain the proper quality of service based on the type of application and cloud provider. Paths are calculated by tracking characteristics including packet loss, latency, and jitter in the data plane tunnels among cloud workloads and edge devices. Cisco AppDynamics and ThousandEyes provide application layer observability for inter-cloud and intra-cloud dynamics that enables NetOps and DevOps to monitor and identify factors affecting application experience.

Network Analytics + Software-Driven Controllers = Full Stack Observability

AI Network Analytics working in conjunction with Software-Driven Controllers enables Full Stack Observability. Operational intents and security policies defined in software-driven controllers are compared with telemetry and operational anomalies detected by an MRE to automatically adjust operations or isolate rogue devices. Always-on AI Analytics watch over the distributed workforce and workloads at machine-speed, making automatic adjustments or sending alerts with suggested remediations to appropriate levels of IT personnel or to SIEM applications to log and kickoff trouble tickets. Over time, NetOps and DevOps can fine-tune application performance using a consistent flow of insights from analytics to adapt to changes in workloads, workforce, and workplace.

The next shift is using AI and MRE to “personalized” recommendations on updates and patches for controllers. Upgrading controllers carries a certain risk given the complexity and many differences among existing network configurations. Knowing in advance what affect an update can have—and even if it applies to the existing configuration—can bring peace of mind to the process. Does a specific configuration warrant a patch if that issue is not relevant? If not, then there is no reason to force an update that is not required. Are controllers running an OS version with active PSIRT vulnerabilities? NetOps is alerted to put a higher priority on upgrading those specific controllers. Automation and observability go hand in hand to make operation teams more efficient so they can spend time on more valuable tasks.

Observability Provides Operational Simplicity and Serviceability

Full stack observability is the foundation of a new network and security operating model that ensures application experience and trust. The ultimate outcome of attaining full-stack observability is to make all the operations teams—NetOps, SecOps, DevOps and CloudOps—able to work together to raise the levels of serviceability across the application infrastructure. Automations that support full-stack observability simplify operations as well by eliminating many of the time-consuming and tedious tasks of network monitoring and troubleshooting.

Source: cisco.com

Friday 26 March 2021

How Agility Has Become The Ultimate Superpower For IT

Cisco Prep, Cisco Learning, Cisco Certification, Cisco Career, Cisco Guides

Many CIOs and IT professionals are feeling between a rock and hard place right now, battling the disruption caused by the global pandemic while facing immense pressure to accelerate their digital journeys.

Yet out of the crucible of these opposing forces, remarkable opportunities have emerged, along with new learnings and new innovations.

I recently had the pleasure of moderating a roundtable discussion with the CIOs of three large customers. I also spoke with two of my colleagues — Jeetu Patel, SVP and GM of Cisco’s Security and Applications business, and Todd Nightingale, SVP and GM of Cisco’s Enterprise Networking and Cloud business.

The disruption our CIOs faced was unprecedented. In the early days of the pandemic, one of them — a large health care system in northeastern United States — sent 1,000 back-office employees home within the space of a week. Many had never worked remotely before. Even today, only about 25 staff members are allowed back on site at any given time. And with 75 percent of workers set to remain remote, there appears to be no going back to the old ways.

Another, from a federal government department in Australia with responsibilities including immigration and customs border policy kicked off 2020 with the triple-whammy of massive wildfires, freak hailstorms, and the pandemic. With travel plummeting, the agency faced steep declines in revenue, even as the number of people accessing its network remotely soared from 500 to 20,000. This CIO’s team was asked to do more with less — and quicker.

Our third CIO — from a multinational technology company — said business continuity shot to the No.1 priority as markets went into lockdown. In India, that meant 200,000 people going remote almost overnight. This meant beefing up the network and VPN to keep mission-critical processes up and running.

Todd Nightingale said much of his focus is on ensuring our customers’ infrastructure is ready for these types of massive transitions. That means pushing critical resources, systems and functions to the cloud — such as Cisco’s Webex collaboration platform — and making them available everywhere, whether people are working from home, at critical sites or walking down the street.

“There’s this real need for everything we could have done from an office to now be doable from anywhere,” Todd said. “It’s an amazing transformation and it’s driving a ton of what we do.”

Jeetu Patel, who oversees our Webex collaboration platform, said that a major focus is providing digital experiences that are 10 times better than in-person interactions. For example, the new noise reduction feature in Webex, courtesy of Cisco’s BabbleLabs acquisition, eliminates the need for phrases like “Can you put yourself on mute?” or “Can you stop typing, please?”

Advice for becoming future-ready

Our CIOs stressed the importance of thinking outside the box, as well as upgrading talent to be ready for the huge opportunities they see emerging post-pandemic. For example, contact tracing is an opportunity to bring IoT (Internet of Things) to life. Given the vast amounts of data that will be collected, it’s also a time to think about security differently — not just as a function, but as a mindset.

They also cited four success factors for achieving greater resilience: agility, scalability, speed, and innovation. Among their recommendations: embracing the concept of the MVP (minimum viable product), rapid innovation, flattening organizational structures, and creating task forces.

Cisco’s Todd Nightingale said that the pandemic showed organizations how fast they can move if they need to, calling agility “the ultimate superpower for IT.” Agility is the core value driving Cisco’s focus on providing a “cloud onramp” through our platforms strategy.

Cisco Prep, Cisco Learning, Cisco Certification, Cisco Career, Cisco Guides
Equally vital to agility, said Todd, is Cisco’s cloud automation strategy, which helps organizations transform their infrastructure “with a few clicks.” He also stressed the importance of monitoring network and application performance in order to ensure the best user experience. Cisco’s recent acquisition of ThousandEyes is critical to this, as it extends our end-to-end visibility capability into networks our users don’t necessarily own.

My closing message for the roundtable was this: Disruption is here to stay. Acceleration of digitalization is inevitable — we have to do it. And in many ways, the technology is the easy part. The hard part is breaking down the barriers to be able to respond with the required speed and agility. In that sense, the pandemic has actually helped organizations move faster, innovate more quickly and face into disruptions. The opportunities are here — it’s up to us to seize them.

Source: cisco.com

Thursday 25 March 2021

New Cisco 500-450 Exam: UCCEIS Sample Questions | UCCEIS Exam Info

Cisco UCCEIS Exam Description:

This exam tests a candidate's knowledge of installing and deploying Cisco Unified Contact Center Enterprise (Cisco Unified CCE) solutions. Cisco Unified CCE is part of the Cisco Unified Communications application suite, which delivers intelligent call routing, network-to-desktop computer telephony integration (CTI), and multichannel contact management to contact center agents over an IP network. Skills assessed include install, setup, configure, and troubleshoot the solution.

Cisco 500-450 Exam Overview:

Related Article:-

Threat Trends: DNS Security, Part 2

Cisco Prep, Cisco Exam Prep, Cisco Preparation, Cisco Tutorial and Material, Cisco Learning, Cisco Guides

Part 2: Industry trends

In our Threat Trends blog series, we attempt to provide insight into the prevalent trends on the threat landscape. Our goal in giving you the latest info on these trends is that you’ll be better prepared to allocate security resources to where they’re needed most.

Knowing the larger trends can help in this pursuit, particularly when it comes to the most common threat types. This is what we covered in part one of this Threat Trends release on DNS Security, using data from Cisco Umbrella, our cloud-native security service.

However, different industries sometimes have different levels of exposure to certain threat types. For example, those in the financial services industry may see more activity around information stealers; others in manufacturing may be more likely to encounter ransomware.

This is what we’re going to cover in part two. We’ll focus on specific industries, looking at two things: the top threat categories they face, and the categories that they’re more likely to encounter when compared to other industries. In this way, you’ll be better armed knowing which threats you’re more likely to encounter within your industry.

As in part one, we’ll be looking at data covering the calendar year of 2020. This time we’ll be comparing yearly totals of DNS traffic to malicious sites, by industry. While we do this, we’ll occasionally drill down to the monthly level, or look at endpoint data, to highlight items of interest. All of this gives us a window into the categories of threats that generate the most traffic for various organizations.

So, without further ado, and in no particular order, here are the industry trends:


The vast majority of DNS traffic in the Technology sector—the sector involving the development and/or distribution of technological goods and services—can be attributed to two categories: cryptomining and phishing. These two categories alone accounted for 70 percent of the traffic for organizations in this sector.

Cisco Prep, Cisco Exam Prep, Cisco Preparation, Cisco Tutorial and Material, Cisco Learning, Cisco Guides

Unsurprisingly, the Technology sector saw far more cryptomining traffic than any other industry. While much of this activity can be attributed to bad actors, it’s possible that more knowledge surrounding cryptocurrencies could lead workers in this field to attempt to install miners on their company computers, triggering DNS blocks in Umbrella due to company policy violations. In comparison, Financial Services—an industry where workers are more likely aware of the risks of running cryptomining software on company devices—had one of the lowest levels.

Interestingly, the Technology sector saw the second-highest level of ransomware-related traffic, primarily driven by attacks involving Sodinobiki and Ryuk. However, the incredibly high proportion of cryptomining pushed the overall percentage down, coming in a six percent. trojan activity was also high, given that Emotet and Trickbot were used to distribute Ryuk, as previously discussed in part one.

Financial Services

Phishing resulted in the highest levels of malicious DNS traffic in the Financial Services sector. In fact, this sector saw 60 percent more phishing than the next-closest sector, Higher Education. It’s possible that this sector is targeted by attackers through phishing more often than others simply because of its proximity to many bad actor’s end goal: money.

Supporting this idea is the fact that the Financial Services sector also saw more information-stealing threats than any other industry. While not known to generate high volumes of DNS traffic (only 2 percent), Financial Services saw five times as much traffic in this category than any other industry.

Cisco Prep, Cisco Exam Prep, Cisco Preparation, Cisco Tutorial and Material, Cisco Learning, Cisco Guides

Financial Services also saw the second-highest amount of traffic in a number of categories, such as trojans, botnets, and remote access trojans (RATs). The breadth of malicious traffic seen in this industry could speak to how attractive a target it is to bad actors.


The Healthcare industry saw more trojans than any other sector, as well as higher numbers of droppers. Most of the trojan-based activity can be attributed to Emotet, as healthcare organizations were hit hard by the threat in 2020. Close to seven out of every ten trojans seen within the healthcare sector was Emotet. Throw Emotet’s close cousin Trickbot into the mix, you’re looking at 83 percent of all trojan-related traffic.

Cisco Prep, Cisco Exam Prep, Cisco Preparation, Cisco Tutorial and Material, Cisco Learning, Cisco Guides

It likely comes as no surprise that ransomware also made its presence known within the Healthcare sector. Ryuk was particularly active, no doubt associated with the high activity surrounding Emotet. The Healthcare sector was also narrowly edged out of the second-highest place for ransomware, coming in only 1.5 percent lower in overall DNS traffic.


Like the Technology sector, cryptomining activity was also high in the Manufacturing industry. It saw roughly half the activity seen in the Technology sector, but interestingly, there were almost three times as many endpoints in the Manufacturing sector involved in cryptomining. In short, more machines resulting in less DNS activity leads us to believe these endpoints were less powerful when compared to those in the Technology sector. It’s possible that the machines compromised are involved in the manufacturing process itself, even IoT related. In these cases, cryptomining would likely have been slower, but could still impact production speeds.

Cisco Prep, Cisco Exam Prep, Cisco Preparation, Cisco Tutorial and Material, Cisco Learning, Cisco Guides

It turns out that the Manufacturing sector is also the most likely to be impacted by ransomware. This industry saw almost as much ransomware-related traffic as the next two closest industries combined (Technology and Healthcare). This appears to be a clear indication the industry is regularly targeted by bad actors, likely through big game hunting and the potential payout bad actors could receive.

Higher Education

The COVID-19 pandemic closed campuses worldwide in 2020. As classes moved remote, many malicious activities that would have been blocked on campus would have occurred on student’s home networks. This resulted in drop-offs in malicious activity for this sector in many categories from March onwards, and much lower overall numbers in 2020 than in previous years.

Cisco Prep, Cisco Exam Prep, Cisco Preparation, Cisco Tutorial and Material, Cisco Learning, Cisco Guides

That’s not to say that activity dropped off a cliff, as certain activities that would require access to campus resources did register their share of DNS activity. For instance, phishing activity managed to put Higher Education in second place when comparing across industries. Cryptomining outfits also frequently target the Higher Education sector in an attempt to siphon off computing resources, or student-discounted cloud computing credits, to run their miners.


Of the industries that we’ve examined, the Government sector appears to be the most evenly distributed across the top categories highlighted in part one of this series (Phishing, Cryptomining, Ransomware, and Trojans). The Government sector even saw a fairly even distribution for each of these categories when looking at them month-on-month.

Cisco Prep, Cisco Exam Prep, Cisco Preparation, Cisco Tutorial and Material, Cisco Learning, Cisco Guides

The sole exception to this trend was cryptomining, which saw low numbers in the first three quarters of the year, only to jump in October as cryptocurrency values reached a high for the year and continued to climb. However, the month-on-month numbers didn’t fluctuate through the last quarter of the year, remaining at largely the same elevated level each month.

Preventing successful attacks

As mentioned earlier, the data used to show these trends comes from Cisco Umbrella, our cloud delivered security service that includes DNS security, secure web gateway, firewall, and cloud access security broker (CASB) functionality, and threat intelligence. The malicious activity shown here was stopped in its tracks by Umbrella.

Umbrella combines multiple security functions into one solution, so you can extend protection to devices, remote users, and distributed locations anywhere. Umbrella is the easiest way to effectively protect your users everywhere in minutes.

Picking your battles

There is no doubt that examining trends on threat landscape can reap benefits. Knowing where attacks are occurring can make it easier to decide where to dedicate your resources to defend against them. Cryptomining and phishing are commonly seen these days, as are trojans like Emotet and Trickbot, used to deploy ransomware such as Ryuk.

Of course, different sectors are impacted by different threats in different ways, so it helps to understand the specific trends surrounding the sector you find yourself within. For instance, it would be wise for someone in the Financial Services sector to keep a close eye on phishing trends, while someone in the Manufacturing sector may want to take a closer look at ransomware.

Ultimately designing a defensive strategy combining the larger trends and those of your specific industry, can bring you a long way towards protecting your assets.


We’ve followed the same overall methodology in this blog that we did in part one, with a few changes in representation. Pie charts are based off DNS query traffic to malicious sites. Any category comprising more than one percent of traffic for a particular industry is represented in the charts. All categories below one percent are combined into the ‘All Others’ group in the charts.

Source: cisco.com

Wednesday 24 March 2021

Five ways we’re improving telework with SD-WAN and telemetry

Inside Cisco IT, Cisco Prep, Cisco Learning, Cisco Certification, Cisco Guides, Cisco Career, Cisco Preparation

Bad dream for an IT engineer? Try this: an executive working from home gets booted off an all-hands video meeting. Then it happens again. And again.

That happened to me a couple of months ago. Fortunately, when I received the call, I could see immediately that the problem lay with the executive’s ISP, not our network. As a result, my team quickly resolved the problem and saved hours of troubleshooting time. And I slept better.

Better visibility is one of several ways our Customer Zero team is improving the telework experience at Cisco. As Customer Zero, we try out new Cisco technologies in a real-world setting so we can share our experiences with customers. Here are five ways we’re improving telework.

Inside Cisco IT, Cisco Prep, Cisco Learning, Cisco Certification, Cisco Guides, Cisco Career, Cisco Preparation

We’ve always had a robust telework program. Most people who work remotely use Cisco AnyConnect Secure Mobility Client on laptops and mobile devices and some teleworkers use the Cisco Virtual Office (CVO), which includes a hardware-based VPN service. AnyConnect and CVO are both what’s known as “full tunnel” solutions. All traffic from the laptop goes through a VPN tunnel to a Cisco data center. From there, cloud traffic takes another hop to its final destination.

But if I want to work on an Excel file, it doesn’t make a lot of sense for my request to go through the Cisco data center on its way to the Office 365 cloud. The detour adds latency and unnecessarily uses data center network bandwidth. It’s smarter to “split” the tunnel, providing separate routes for data center traffic and cloud traffic.

Inside Cisco IT, Cisco Prep, Cisco Learning, Cisco Certification, Cisco Guides, Cisco Career, Cisco Preparation

We’ve split the tunnel using our Cisco remote worker SD-WAN solution. On the Cisco vManage console, we’ve created a rule that sends traffic destined for designated trusted SaaS providers (Webex, Cisco TV, Office 365, and Box, etc.) directly to the cloud.

Inside Cisco IT, Cisco Prep, Cisco Learning, Cisco Certification, Cisco Guides, Cisco Career, Cisco Preparation

Our InfoSec team is strict about what they consider a trusted cloud. Other cloud traffic, like iCloud, also bypasses our data center. But rather than heading directly to its destination, it goes first to Cisco Umbrella, which blocks malicious domains and cloud applications.

Inside Cisco IT, Cisco Prep, Cisco Learning, Cisco Certification, Cisco Guides, Cisco Career, Cisco Preparation

The fastest path to a cloud service provider might be different at 8:30 a.m. than it is at 8:32 a.m., depending on network conditions. To deliver a consistently good experience with Office 365, we’re using an SD-WAN feature called Cloud On-Ramp for SaaS. It probes the various paths to the cloud to identify the best quality of experience at the moment and then directs the traffic over that path.

Inside Cisco IT, Cisco Prep, Cisco Learning, Cisco Certification, Cisco Guides, Cisco Career, Cisco Preparation

Many of us share a home internet connection. If your three kids are all in Zoom school, your Webex video might freeze. On the Customer Zero team, we’re using the QoS feature on our home ISR 1100 routers to prioritize Webex and other latency-sensitive applications. Whenever available home internet bandwidth dips below a certain threshold, the bandwidth allocated for Webex and other high-priority applications are automatically adjusted.

Inside Cisco IT, Cisco Prep, Cisco Learning, Cisco Certification, Cisco Guides, Cisco Career, Cisco Preparation

I’ve noticed that if an application is slow or the connection drops, a teleworker’s first instinct is to blame the equipment. I can’t count the times I’ve spent hours troubleshooting a case only to discover the source was an ISP issue. One of our favorite management tools is ThousandEyes, a software agent installed on the Customer Zero team’s laptops. ThousandEyes constantly collects user experience data—for example, the time it takes for a page to load, internet service provider issues, features used, laptop CPU utilization, runtime issues, etc. If a user opens a case but the issue disappears before we can look at it, we can go back in time to find the cause. Just last week someone reported a Webex issue, and ThousandEyes showed that at the time of the issue, laptop CPU utilization was 100%. That visibility saved us a fruitless investigation. We just explained to the user how to use a bot on Cisco Webex Teams if the issue ever happened again.

Source: cisco.com

Tuesday 23 March 2021

Introducing the Cisco DNA Traffic Telemetry Appliance

Cisco DNA, Cisco Tutorial and Material, Cisco Learning, Cisco Career, Cisco Preparation

Add-ons extend the latest technology to legacy systems, like how my old TV turned smart overnight with an additional streaming player. It is even better when the supplements work in cohesion with the primary products to deliver a seamless experience. Imagine if you could utilize the same remote to operate your TV and streaming player.

The Cisco Catalyst 9000 series wired and wireless devices enable enterprises to unlock newer network infrastructure possibilities. For instance, these platforms conduct deep packet inspection (DPI) and provide data streams for services such as the Cisco AI Endpoint Analytics and Application Assurance on the Cisco DNA Center. With Endpoint Analytics, customers are gaining unprecedented endpoint visibility, which is a crucial first step in implementing zero-trust security within the workplace and confidently deploying network segmentation without the risk of shutting down critical network services.

However, several organizations still have a portion of their network infrastructure that has not been migrated to the Cisco Catalyst 9000 series platforms. Those legacy infrastructures cannot perform the deep packet inspection required for advanced analytics. We are introducing the Cisco DNA Traffic Telemetry Appliance to bridge the gap between the new and existing deployments.

Cisco DNA, Cisco Tutorial and Material, Cisco Learning, Cisco Career, Cisco Preparation

The IOS® XE-based telemetry sensor platform generates telemetry from mirrored IP network traffic from Switched Port Analyzer (SPAN) sessions of switches and wireless controllers. The appliance inspects thousands of protocols using the Network-Based Application Recognition (NBAR) technology to produce a telemetry stream for the Cisco DNA Center to perform analytics. The Cisco DNA Traffic Telemetry Appliance can handle 20-Gbps of sustained throughput traffic and inspect 40,000 endpoint sessions for device profiling.

Cisco DNA Traffic Telemetry Appliance serves two use cases: endpoint visibility and application assurance. The Cisco AI Endpoint Analytics service on the DNA Center analyzes the data received from the Telemetry Appliance to provide you with granular endpoint profiling details such as endpoint type, manufacturer, model, operating system, and others. The Cisco DNA Center also receives qualitative application performance metrics from the Telemetry Appliance and calculates application health data for business-critical applications. It analyses essential metrics such as delay, jitter, and packet loss to isolate and troubleshoot application performance issues efficiently.

Cisco DNA, Cisco Tutorial and Material, Cisco Learning, Cisco Career, Cisco Preparation

Next time someone connects a TV to your network powered with the Cisco DNA Traffic Telemetry Appliance and the Cisco DNA Center, you will not only know the make, model, operating system, and other details about the endpoint. But you will also know if the user behind the device is accessing Netflix, YouTube, and other applications.  Remember, as you do this, you will also be operating both the legacy infrastructure and the new add-on appliance from a single controller, the Cisco DNA Center.

Monday 22 March 2021

Why Cisco Joined the Confidential Computing Consortium

Cisco Prep, Cisco Learning, Cisco Tutorial and Material, Cisco Guides, Cisco Preparation

Building a Networked Mesh of Hacker-Resistant Software

The world’s digital devices are based on layered software stacks.  Each of these layers has its own security vulnerabilities. A successful attack made into one of the layers of software is typically leveraged to exploit another layer.

Some digital devices embed internal protections to limit potential damage. These protections are constructed using shared keys, certificates, or even passwords. Unfortunately, these shared secrets also can be compromised. Additionally, application software layer must implicitly trust underlying layers such as the Operating System or hypervisor manager. And, for these applications, there is little that can be done when the most fundamental layers of a device are actively being exploited.

Over the years, a variety of security technologies have been implemented to protect digital devices. From anti-virus to firewalls to intrusion detection systems, entire industries have been born. But hackers continue to overcome these protections. As long as developers continue to build traditional layers of software, and as long as our protections depend on software-based shared secrets, security exploits will continue.

Confidential Computing offers a new paradigm. Built upon secrets which never leave the specific computing chips, one layer of software can now be protected from exploits originating in another layer. Additionally, a hacker who has gained administrative privileges for a device’s Operating System will be unable to read or change an application’s data or code.

There are two foundational Confidential Computing technologies that enable this new paradigm. The first is the hardware-based Trusted Execution Environment (TEE). There is a class of TEE which allows application code to be compiled, signed, and encrypted by a software developer. That code can only be decrypted and executed within a compliant TEE. Subsequent memory or disk exchanges with the CPU are fully encrypted. Even a root hacker cannot look into the memory.

But using a TEE to run a verifiably genuine application is only part of the solution. This is where the second foundational technology plays a role. This technology is known as Remote Attestation. With Remote Attestation, an application within a TEE can externally assert the secure context in which it is running. Consequently, the TEE’s remote peer can verify that it is interfacing with a known, secured instance of untampered software.

Once two peers have verified each other’s identity, it becomes possible to integrate multiple sets of trustworthy peers together. The result is a mesh of directly connected trusted software. This eliminates entire classes of Operating System and hypervisor manager compromises from the list of attack surfaces that a hacker might exploit.

Cisco Prep, Cisco Learning, Cisco Tutorial and Material, Cisco Guides, Cisco Preparation

Getting to these trustworthy meshes will require agreements on the inter-device protocols needed for Remote Attestation. Some of these protocols will not be a surprise. For example, we can assume technologies like Transport Layer Security (TLS) might be used to connect the TEE. But within TLS, we will still need an industry-accepted language for communicating Remote Attestation claims about a TEE. Such standardization of these protocols will take time and work.

The good news is progress is being made. One place to look is the IETF’s Remote Attestation Working Group. In this venue, architectures for such specifications are nearing completion. But neither the IETF nor other traditional standards bodies have yet to float specific protocol proposals. Implementers only have access to a set of vendor-driven proposals. And each of these proposals has been framed upon the assumptions underlying a vendor’s specific TEE chipset.

This is where the Confidential Computing Consortium (CCC) is well positioned to play a role. Within the CCC, there are projects for acquiring attestable information out of TEEs. One of these projects is Open Enclave SDK for Intel SGX. Other venues exist for parallel efforts such as OP-TEE for Arm TrustZone. But these projects just scratch the surface of what can be Remotely Attested. Only now is the industry in a position to attempt to generalize and agree upon:

◉ The definitions of specific attestable TEE claims

◉ The level of trust that can be associated with a type of TEE or even on a specific TEE instance

◉ Acceptable stacks of network transport protocols and encodings

◉ How the initiator of a request can verify only approved TEEs have been used to deliver an end-to-end function

Accomplishing any of these objectives will require effort. Simultaneously allowing protocol extensibility and vendor neutrality will be non-trivial. The CCC can influence these discussions.

At Cisco, we care a great deal about the trustworthiness of networking peers. Our reasons for joining the CCC are simple. We are going to advocate for Remote Attestation interoperability. And we are going to integrate Remote Attestation into our Network Admission Control portfolio. We believe both have significant potential to reduce the risks that come from today’s layered software stacks.

Sunday 21 March 2021

Improving DNS Security While Preserving Resiliency

DNS Security, Cisco Prep, Cisco Learning, Cisco Certification, Cisco Tutorial and Material, Cisco Guides

The IETF’s Discovery of Designated Resolvers

The Domain Name System (DNS) has played a key role in the Internet’s success. It was designed to be scalable and resilient to handle enormous growth. The DNS has also proven to be a strong control point used to identify and remediate threats as Cisco Umbrella (previously Cisco OpenDNS) has repeatedly demonstrated. As the industry seeks to strengthen privacy, it must find methods to do so that retain resilience or risk large outages. Used correctly, an emerging technology known as Discovery of Designated Resolvers (DDR) can facilitate secure discovery of resolvers. It’s a significant security feature and is the topic of this blog.

DNS Security, Cisco Prep, Cisco Learning, Cisco Certification, Cisco Tutorial and Material, Cisco Guides
Figure 1: DNS traffic growth over four years (Source: Akamai)


DNS has scaled well to meet the needs of over four billion people since its inception in the 1980s. In that time, there has never been an Internet-wide failure of the service. That is thanks to the millions of caching resolvers and large numbers of root servers spread around the world, along with redundancy at every other level. This architecture is no accident; it represents a solid design combined with decades of experience by people globally handling the Internet’s evolutionary growth in both size and capability.

One of the most important capabilities of the DNS is its use as a control point. For example, if bad actors attempt to use the DNS as a command-and-control (C&C) channel between them and their bots, the good guys use the DNS to identify and block those C&C channels. In the case of the recent attack on Solar Winds, this meant blocking queries to [*]avsvmcloud[.]com. A key value of Umbrella and similar services is that they are backed by expertise and ongoing operations to identify such threats. With IoT devices using mechanisms such as Manufacturer Usage Descriptions, the DNS can restrict communications from devices to a known set of destinations. Another use of the DNS is as a security control point to block or redirect answers for known malware sites.

What Has Changed?

For the past few years, the industry has been working on standardizing the privacy of DNS queries. This is a capability that OpenDNS has offered for quite some time through DNSCrypt. DNS over HTTP (DoH), which OpenDNS also supports, encrypts queries and responses over a RESTful interface and transmits them over HTTP. This is a strong technological advancement. However, the DoH standard does not define how an application should choose the resolver. Until recently, there were two ways to discover a DoH server: attempt to access DoH on the resolver handed to the application by the operating system or use one provided by the application provider.

The first method involves a bit of a guessing game. When applications try to use DoH on existing resolvers, they attempt an HTTP request over port 443 to the resolver that they learn from the operating system. The request is tested to see if a valid response is received. This requires that the DoH capability be directly bound to the existing hosts that offer DNS over UDP port 53. While this might be a reasonable first attempt to bootstrap DoH, in the longer term these services may have different scaling qualities. In addition, if the version of HTTP changes, applications would have to determine this by trying one HTTP version and then another. Also, in general, it is not good to send requests that the other side might not expect to receive.

DNS Security, Cisco Prep, Cisco Learning, Cisco Certification, Cisco Tutorial and Material, Cisco Guides
Figure 2: Normal DNS versus Application-Controlled DNS

When non-cooperating applications or platforms choose their own resolvers, they bypass the DNS-based malware protections available to the IT administrator (illustrated in Figure 2). This circumvents the will of the user or administrator. If your resolvers are not seeing DNS queries from browsers, this may be what is happening. Moreover, if browser developers were to use a small number of DNS resolver services, one could reasonably expect the existing resolver infrastructure capacity to diminish over time due to lack of demand. This is where we begin to become concerned about overall system resilience. Many of these services on their own are highly resilient. But when they fail, they risk taking out a very large number of services for large portions of the population—at the same time. Because DNS is a fundamental service used by every application, we must pay close attention to this risk.

One key form of protection from these sorts of failures is choice. When enterprises and individuals have the choice of product, the risk of large-scale failures due to a monoculture is considerably diminished.

Enter Discovery of Designated Resolvers

The new proposal, known as Discovery of Designated Resolvers (DDR), provides a new way for clients to query locally designated resolvers for a record that indicates whether the DoH service is available. Either an application or the underlying platform can make use of DDR to locate a DoH resolver by first querying for a list of resolvers using a new DNS record called Service Binding (SVCB). SVCB works similarly to the highly tested, well-known service (SRV) record, but also allows for additional application parameters, such as Application-Layer Protocol Negotiation (ALPN) information for transport layer security (TLS). The current proposal offers several different approaches for clients to authenticate resolvers. One requires that a certificate contain an IP address. Another approach omits that requirement but requires that the IP address of the DDR-discovered resolver have the same IP address as the unauthenticated resolver. A third approach bases the resolver discovery on a name rather than an IP address. We expect these models to develop further as the DDR proposal matures.

DNS Security, Cisco Prep, Cisco Learning, Cisco Certification, Cisco Tutorial and Material, Cisco Guides
Figure 3: Discovering DNS over HTTP with DDR

DDR resolves both visibility and scalability concerns, avoiding guesswork by developers. The infrastructure can be exercised so that a large and thriving resolver ecosystem can continue to flourish, with queries and responses encrypted, and reduce the risk of concentration of resolver services. DDR also has the potential to reduce individual device configuration complexity that is handled today by mobile device managers. What is needed are a few new records in resolvers and appropriate certificates on the resolvers.

There are several issues that DDR needs to resolve, such as how to address scaling of large numbers of resolvers, and it sometimes requires validation of IP addresses in certificates. That is a mechanism with which we currently have limited experience at scale. It also often relies on unauthenticated processes to discover the IP addresses of the resolvers that need to be in those certificates. Also, how to securely identify resolvers in devices outside an enterprise environment needs a bit more consideration.

Moving Forward and What Cisco Customers Should Do Now

As currently envisioned, DDR is the best secure resolver discovery proposal to date, but we expect this entire solution space to continue to evolve. A list of DNS resolvers is just one critical element of network configuration that needs to be securely learned. There are many others. The key is to establish trust between the end device and the network infrastructure and then rely on that trust to receive configuration information.

How do we bootstrap that trust? That is another area that the industry needs to devote more time and resources to establish.

For our enterprise, industrial, and small business customers, Cisco’s recommendation is that administrators deploy a secure and reliable resolver service that provides a layered defense against exfiltration and BOTnets—for all devices at all times whether at home, work, or elsewhere. Combined with DNSCrypt or DoH, Cisco Umbrella offers a needed level of protection for safety, security, scalability, and stability.

Because the stability and security of the Internet is an important topic, you may also wish to participate in this discussion hosted by the IETF. DDR will be discussed over the coming months and then submitted for approval. Participation in IETF activities is open to all and there is no cost to join the mailing list discussions.

Source: cisco.com