An Easier Way to Secure Your Endpoints

Why is it so hard to secure your endpoints? The most simplistic reason is because endpoints are in the hands of human beings who can inadvertently click on a link that introduces malware or unwittingly use an unsecure Internet connection which allows threat actors to access a corporate network.

Read More: 700-805: Cisco Renewals Manager (CRM)

Organizations became more prone to breaches over the course of the pandemic because more and more workers were not inside corporate walls (and firewalls) and instead worked from places like a home office or café. With more endpoints outside the confines of the corporate WAN, the attack surface abruptly increased, and with this came greater risk. Working to keep endpoints secure while having to grant access so workers can be productive makes for a difficult balancing act.

Endpoints are ground zero for organizations of all sizes and across all industry verticals. Cisco examined the nature of security incidents detected by sensors through Indication of Compromise (IOC), detecting suspicious behaviors and analyzing patterns of malicious activity. These are the top four critical severity IOCs we observed:

Without the capability to bring visibility via focused detection, breaches can go undetected for months, until the organization’s critical data have likely already been compromised.

So, if we know endpoints are so often targeted, then why are many organizations having such a problem securing them?

Customers tell us their primary challenges are expertise, time, and evidence:

Challenge: Expertise	Challenge: Time	Challenge: Evidence
“My team can’t be experts on every new threat, or all be experts in threat hunting.”	“I don’t have enough time to go after every new threat, alert, patch and compromised device.”	“We can’t always identify which threats to prioritize or get to the root cause of every attack.”

These quotes have got to be music to the ears of threat actors. They know, like you do, how hard it can be to find skilled resources to staff your security team. Studies show that most organizations’ internal Security Operations Centers (SOCs) are only able to handle 7 to 8 investigations per day, in part because teams are burdened with frequent, false, and often redundant alerts. This leads to more manual effort for already understaffed teams, making it harder to keep pace with constantly evolving threats and issues. The result? You end up with gaps in security, higher operational costs, and a less efficient and, honestly, burned out team.

But I’m here to tell you it doesn’t have to be like that. Consider our solution offer, Cisco Secure MDR for Endpoint (formerly Cisco Secure Endpoint Pro):

◉ We do the heavy lifting of securing your endpoints: Our dedicated elite team of Cisco security experts performs 24x7x365 endpoint monitoring, detection, and response—so you don’t have to.

◉ We detect and respond to threats in minutes, not hours: Cisco specialists use automation and advanced playbooks, powered by the Cisco SecureX platform, and backed by Talos threat intelligence, to drastically reduce detection and response times.

◉ We investigate every threat and prioritize the most critical ones: We conduct an in-depth investigation of every incident you have and enable you to approve or reject remediation actions based on evidence from our experts.

Cisco Secure MDR for Endpoint can identify and then stop threats, block malware, and contain and remediate even advanced threats that evade frontline defenses. We look at all alert-able threats, investigate and prioritize them, and recommend response actions. We do this around the clock and around the globe, from dedicated, global Cisco SOCs.

By the way, let me tell you a bit more about the incredible Talos threat intelligence standing behind our detection and response capabilities. Talos is a recognized leader in threat intelligence research and proactive and emergency response security services. Their research work includes identifying over 30 billion events per day and then vetting those events with Talos’ 400+ researchers and investigators—benefitting our ability to detect and respond.

We built Secure MDR for Endpoint as a solution, so you don’t have to spend the time and money to build a SOC, develop or acquire the tools to make it work, and then recruit and train the personnel to staff it. Secure MDR for Endpoint takes the time, expense, and complexity out of identifying and responding to threats on endpoints. Our SOC experts use AI and machine learning to separate all the false positive alarms from the real issues that need to be pursued and managed.

Source: cisco.com

Continue reading

The Rise and Rise of DevOps Adoption

Thriving in the fast-changing world of technology means staying abreast of the latest trends and advancements. In recent years, one such trend—DevOps— has surged in popularity and usage. DevOps has become one of the most sought-after cultures to be adopted by organizations, with DevOps engineering roles among the IT industry’s highest in demand.

What led to the rise of DevOps? Why are organizations prioritizing DevOps adoption? Let’s take a step back and review what the term refers to, its benefits, and what we can learn from its impact on organizations and tech professionals shifting to the DevOps approach.

Demystifying DevOps

What is DevOps? Allow me to explain how the term received its name. The Development (Dev) team writes the code and performs extensive testing. The Operations (Ops) team builds the platform and manages the product’s infrastructure. As the software development lifecycle gets complex over time, it becomes difficult to assign responsibilities. The result is delayed rollouts and shortcomings in the feature’s quality.

That is exactly what DevOps fixes.

DevOps combines the Development and Operations team into a single cohesive unit. (See Figure 1.)

Figure 1. DevOps collaboration cycle between Development and Operations teams.

DevOps aims to improve the collaboration between the two teams. When development and operations work together, the result is a lessened delivery time for a feature to make its way from ‘whiteboard’ to ‘production.’

Benefits of DevOps adoption

DevOps offers a wide range of benefits to organizations, as well. Here are several reasons they choose to adopt DevOps:

1. Helps organizations move faster with feature rollouts maintaining product quality.

2. Defines the role and responsibilities of everyone involved, thus streamlining the delivery process.

3. Promotes transition to a more automated and integrated system management approach.

4. Provides reduced deployment frequency, lesser failure of new releases, and shorter time between patch fixes.  

Statistics on DevOps adoption

Figure 2. Impact of DevOps on organizations. (Source: Atlassian)

Recent surveys and studies complement the steady increase in the adoption of DevOps in organizations. In a Global Market Insights study, the DevOps market size exceeded US$7 billion in 2021 and is expected to grow at a CAGR of over 20% from 2022 to 2028 to a value of over US$30 billion.*

Predictive analysis reveals Asia-Pacific’s DevOps market size is set to experience massive growth of around 25% by 2028. And with the staggering growth of the DevOps market, organizations are actively hiring engineers skilled in DevOps technologies.

Presently, there are over 17,000 DevOps engineer roles advertised on Indeed in the United States alone, with an average salary range of $96,600-$122,000.

Extensive research by Atlassian showed that once DevOps impacted their organization, 78% of the total respondents had to learn a new skill, 61% say it helped them produce higher quality deliverables and 49% say they see a faster time to market.

Organizations experience a multitude of positive impacts post-DevOps adoption, as shown in Figure 2. As DevOps practices continue to gain traction, businesses need to ensure it fits into their objectives and adds value to deliveries. As such, 83% of IT decision-makers report their organization is implementing DevOps practices.

The transition has its challenges, however. Only 18% of organization’s and teams have adopted a DevOps approach. Meanwhile, 78% consider themselves to be evolved to a middle level and 4% to a low level.**

Figure 3. (Source: Atlassian)

Atlassian’s trend survey showed 84% of respondents have faced barriers to their DevOps implementation. As illustrated in Figure 3, the most common hurdles are a lack of skills in employees, legacy infrastructure and adjusting corporate culture. 

Outlook for DevOps in the  Future

While the transition to DevOps is rewarding for organizations, it comes with challenges. Management needs to carefully plan DevOps’ integration in the development lifecycle. Ideally, organizations should promote learnings on DevOps technologies to their employees and encourage them to take DevOps training and certifications to hone their skills in the area.

The Cisco Certified DevNet Expert certification recognizes NetDevOps leaders with the expertise to leverage automation methodologies, technologies and practices to improve networking—securely and at scale.

As we move further into future, DevOps will continue to evolve along with its rising compatriots; Cloud, Edge and IoT. Coming up, I’ll take a deep dive into DevOps and touch base with the technologies associated and provide a complete learning roadmap. Stay tuned! 

How has the adoption of DevOps impacted your organization? Have you faced challenges such as learning barriers or skills shortages? Please share your experience with me in the comments below. If you are an IT professional, I invite you to join me in the DevNet Certifications Community, where we can continue the conversation about how you can upskill into this highly sought-after field. 

* DevOps Market Size By Component (Solution [Management DevOps {Continuous Business Planning, Testing & Development, DevOps Analytics}, Delivery DevOps {Continuous Integration, Software Delivery Management}, Operation DevOps {Continuous Deployment, Monitoring & Performance Management}], Service [Professional Service, Managed Service]), By Deployment Model (On-premise, Cloud [Public Cloud, Private Cloud, Hybrid Cloud]), By Enterprise Size (Large Enterprises, SMEs), By Application (BFSI, IT & Telecom, Healthcare, Retail, Government, Manufacturing, Media & Entertainment), COVID-19 Impact Analysis, Regional Outlook, Growth Potential, Competitive Market Share & Forecast, 2022 – 2028, Global Market Insights, March 2022

** DevOps Stats And Facts – All The Numbers You Might Ever Need On DevOps In 2022, K&C, May 27, 2022

Source: cisco.com

Continue reading

Getting to the Core of the Digital Divide with 5G Fixed Wireless Access

Even today, there is a sizeable U.S. population without internet connectivity. The majority of this population are rural households who either lack in-home broadband service or have few options for in-home broadband. And so, for this community, affordable connectivity remains largely out of reach. While fiber broadband would be the ideal solution, developing new infrastructure and even the trenching work required for fiber remains a significant challenge for broadband connectivity providers. A number of promising policies including the Global Connect Initiative and Advancing the Deployment of Broadband Through Dig Once are offering hope. Both were launched to bring cost savings, increase access to reliable broadband, and assist with faster deployment when a conduit is already in place. These policy initiatives are meant to help realize public and economic benefits. Improving access to broadband leads to prosperity and new opportunities where service is affordable and available.

At Cisco, we believe that affordability and connectivity should not be at odds with one another. To change this dynamic, and build towards a more inclusive future, we have been working to change the economics of the internet. The digital divide came to the forefront during the shift to remote work and learning prompted by the 2020 pandemic, exposing under-served communities and their lack of access to broadband. For communities without infrastructure already trenched in the ground, the use of mobile wireless broadband has become a lifeline for remote work, learning, and even telehealth. In this new era of hybrid work, 5G mobile broadband is an effective solution for extending reliable connectivity into underserved rural and suburban areas. While mobile broadband technology has been around awhile, it is just now, at the tail end of the 4G era and the beginnings of 5G with access to new mid-band and high-band spectrum, that mobile wireless broadband is becoming a serviceable reality. Communication Service Providers (CSPs) that have been slowed or even disincentivized by the time and cost of trenching new cable are recalculating and redressing the value of the last mile using Fixed Wireless Access (FWA) service for rural and suburban communities.

Why Fixed Wireless Access?

Fixed Wireless Access is a great tool for reducing the digital divide when it comes to accessibility and affordability. The economics for providing Internet services were in need of a change and FWA offers some good ones – reducing trenching requirements, increasing serviceable area, offering self-install customer equipment (CPE), and even providing a common wireless network architecture that can serve both Fixed Wireless Access and Mobile Access services.

When considering our approach to designing 5G networks, a guiding principle has been to improve through simplification, because managing one network and one core is simpler than managing two. The architectural differences between 4G and 5G are significant and many operators saw 5G NSA as the simplest route to early 5G, where you can introduce some limited 5G functions and features on top of existing 4G infrastructure. But 5G NSA is just a half-measure, affording a small amount of the 5G goodness we hear so much about. The next step, getting to 5G SA, is a significant achievement in network transformation for the few CSPs who have managed to accomplish the task.

Growing Fixed Wireless Access from 4G to 5G

With 5G SA new service capabilities can be explored without the limitations of the legacy architecture. Take 5G Fixed Wireless Access for example, unlike previous generations’ architectures, a 5G SA’s network architecture can flexibly deploy User Plane Function (UPF) nodes to anchor a FWA subscriber’s user plane traffic for peering at the nearest edge aggregation point. Unlike a typical mobile device such as a cell phone, fixed wireless devices are meant to be always-on and connected for serving end user devices. Meaning that the latency and reliability we commonly expect from traditional wireline services is expected from fixed wireless services too.

Even though Fixed Wireless Access isn’t new and 4G LTE FWA services have existed for several years, transitioning into 5G technologies for FWA services is a big step towards achieving the scale that rivals FTTx offerings. As a matter of fact, T-Mobile has already begun scaling up their 5G Fixed Wireless Access services, smoothly transitioning from their initial 4G service offering, using our Cisco Converged Core. The process has been so smooth, that in the 2022, T-Mobile became the fastest growing Internet service provider—doubling their number of FWA customers in the past six months. With over 2 million FWA subscribers and counting, the scalability and flexibility of having a Converged Core has proven invaluable. Being able to deploy UPF nodes for Fixed Wireless Access in remote locations while managing the Session Management Function (SMF) nodes at a central site(s) is effective for scaling the network, optimizing the usage of the transport infrastructure to deliver better end-user latency

Scaling and extending Fixed Wireless Access with the flexible deployment of UPF nodes, optimizing the routing for user plane traffic.

Of course, having a Converged Core is just a piece of the 5G puzzle. A service like Fixed Wireless Access leverages the Radio Access Network (RAN), converged Software Defined Network (SDN) transport, and a whole host of policy, security, management, and automation components. Additionally, managing the spectral efficiency and capacity available on the existing network infrastructure for FWA services are important for delivering wireless broadband. It is estimated that around 70 percent of communication service providers today offer a form of Fixed Wireless Access services, most of them still using 4G LTE which delivers a fraction of the performance of fiber. Upgrading network architectures to meet the needs of new 5G services needs a smooth plan for the transition and at Cisco, we believe that can begin in the core. With a Converged Core, communication service providers can migrate from 4G to 5G without disruption while scaling to serve the needs of millions of new subscribers.

Source: cisco.com

Continue reading

Boost Your Cisco 200-301 Exam Score with CCNA Practice Test

To earn the Cisco Certified Network Associate (CCNA) certification, you must pass the Cisco 200-301 exam. This exam tests your knowledge and skills in networking fundamentals, network access, IP connectivity, IP services, security fundamentals, automation, and programmability. To prepare for the exam, you need to have a solid understanding of CCNA syllabus, and the best way to do so is by taking CCNA practice test.

This article will discuss different study resources, why CCNA practice tests are essential, and how they can help you ace the Cisco 200-301 exam.

Helpful Study Resources to Ace Cisco 200-301 Exam

Preparing for the Cisco 200-301 exam can be daunting, but with the right study resources, you can ace the exam and take your networking career to the next level. This article will explore the best study resources for the Cisco 200-301 exam that will help you prepare for the test and achieve your certification.

Cisco Learning Network

The Cisco Learning Network is a comprehensive resource for anyone studying for a Cisco certification. This platform offers a variety of resources, including self-paced e-learning courses, study groups, and practice exams. The Cisco Learning Network also has a community of experts available to answer your questions and provide guidance throughout your studying process.

Official Cert Guide

The Official Cert Guide is a comprehensive study resource written by Cisco experts. This guide provides in-depth coverage of all exam objectives, with detailed explanations of concepts and practice questions to help you gauge your understanding. The guide also comes with access to an online practice test engine, which provides you with practice questions and simulates the exam environment.

Cisco Press Books

Cisco Press is the official publisher of Cisco certification and technology books. Their books cover a wide range of topics related to networking and provide detailed explanations of concepts and technologies. For the Cisco 200-301 exam, Cisco Press offers a variety of books, including the Official Cert Guide, Exam Cram, and study guides.

CCNA Practice Test

Evaluating your preparedness for an exam by taking a CCNA practice test is advisable, as it can give you an idea of your readiness for the actual exam. Once you have taken the exam, you can examine your performance and make improvements in areas where you need to. It is also recommended that you take a complete practice test, as this can help you tackle the daunting task of taking the actual exam and the anxiety that comes with it.

Why Are CCNA Practice Tests Important?

CCNA practice tests are a great way to prepare for the Cisco 200-301 exam. These tests mimic the exam and allow you to practice and assess your knowledge and skills in a simulated environment. By taking practice tests, you can identify your strengths and weaknesses and focus on areas that need improvement.

Practice tests also help you familiarize yourself with the exam format, types of questions, and time constraints. This familiarity will help you feel more confident and less anxious when taking the exam.

How CCNA Practice Tests Can Help You Ace the Cisco 200-301 Exam

Identify Knowledge Gaps: CCNA practice tests can help you identify knowledge gaps in each exam topic. By doing so, you can focus on areas that need improvement and reduce the chances of missing questions during the exam.

Time Management: The Cisco 200-301 exam has a time limit of 120 minutes, and you need to answer 100-120 questions. CCNA practice tests can help you manage your time better by allowing you to practice answering questions within the time limit. This practice will help you understand the time required for each question and the pace you must maintain during the exam.

Exam Format: The Cisco 200-301 exam consists of multiple-choice, drag-and-drop, simulation, and testlet questions. CCNA practice tests can help you familiarize yourself with these questions and provide the necessary experience to answer them confidently.

Build Confidence: Taking CCNA practice tests can help build your confidence by making you feel more familiar with the exam format, types of questions, and time constraints. This familiarity will help you feel less anxious and more confident when taking the exam.

How to Find CCNA Practice Tests

There are many resources available online that provide CCNA practice tests. You can find free and paid options, and choosing a resource that meets your needs and budget is essential.

Some popular resources for CCNA practice tests include Cisco's Official Practice Test and the nwexam website. Both platforms offer a comprehensive official practice test that explains each question.

Conclusion

Taking CCNA practice tests is essential to preparing for the Cisco 200-301 exam. These practice tests can help you identify areas where you need improvement, build your confidence, reduce your anxiety, get used to the exam format, and experience different types of questions. By taking advantage of CCNA practice tests, you can increase your chances of success and become a certified Cisco network associate.

Continue reading

Cisco Introduces 100G Service Edge To The Catalyst 8500 Family

Vrrroooom!  Vvrrrrooooom!  Did you hear the rumble? The fastest Catalyst 8500 Series Edge Platform with four times more horsepower is ready to tear up the road! Cisco just launched its highest-performing Catalyst 8500 Series Edge Platform- C8500-20X6C.

Architects today want to build networks that deliver the best secure application experience at scale, with better power efficiency. Cisco Catalyst 8000 Series Edge Platforms are designed to make this happen. In particular, the C8500-20X6C has highly scalable feature sets for Routing and SD-WAN deployments. It is the ideal platform for Multi-Tenant Edge/Hub, Colocation hosted Multi-Cloud Gateway, Border Router in Multi-Region Fabric (MRF), SD-WAN Remote Access aggregation, IPsec Gateway for Private 5G-IoT endpoints, multi-cloud services edge, and more…

Built using the third generation of QuantumFlow Processor (QFP), the latest addition to the portfolio inherits feature parity with the existing Catalyst 8500 Series, comes with built-in high-density, high-speed 100/40GE interfaces and offers hundreds of Gigs of scalable services.

Deploy WAN Innovations At Scale

Cisco SD-WAN offers best-in-class features for modern WAN environments in a multitude of architectures. The C8500-20X6C is a highly flexible and scalable SD-WAN headend. With 100Gbps aggregate IMIX performance, it simplifies network designs eliminating the complexity of horizontal scale-out. In a Multi-Region Fabric deployment, it can be deployed as a Border Router to increase fabric scale and span across multiple regions. Multi-Tenancy (MT) is another great innovation for sharing the C8500-20X6C platform hardware among multiple tenants in a colocation deployment. Complete isolation of control and data plane is offered for each tenant within a shared physical platform configured as MT-Hub, MT-Gateway, or MT-Edge.

When used as SD-WAN Remote Access (SD-WAN RA) aggregation edge, it allows remote users to enter the fabric at the nearest entry point and benefit from an SD-WAN-driven application experience. Unlike other industry remote access solutions, the Cisco SD-WAN RA solution provides a consistent policy and user experience regardless of whether users are inside the office or at a remote location while offering the lowest TCO.

On routing edge deployments, the C8500-20X6C offers secure WAN aggregation and scalable endpoint aggregation for Private 5G-IoT using well-established VPN technologies. It can be used for DCI (Data Center Interconnect), SD-Access, and Network Infrastructure use cases with higher performance.

C8500-20X6C can operate as a service edge for private cloud infrastructures. It could also be a multi-cloud gateway placed in a colocation space offering high-scale services.

Figure 1: C8500-20X6C offers scalable services for Enterprise, and Service Provider edge deployments

What Makes C8500-20X6C An Industry-Leading Services Edge Platform?

Two important dimensions for service edge platforms are data plane and control plane performance and scale.

A total of 3584 threads from 896 Packet Processing Engines (PPEs) in an intelligently meshed 4 QFP complex form the data plane for applying accelerated services. A high-speed 8-core Intel CPU is used for the control plane and adds a boost to control functions. Intel’s QuickAssist Technology (QAT) enables faster IPsec session creation. Two mirrored 160Mb TCAMs enable lightspeed classification rules for accelerated policy executions in the data plane offering increased services scale.

The C8500-20X6C has six QSFP28 ports for 100/40Gbps and twenty SFP+ ports for 10/1Gbps ethernet connectivity. All interfaces can be enabled and used simultaneously. They offer line rate MACsec for path encryption and Synchronous Ethernet for network-timing needs. The platform is built with sufficient buffering ability to handle I/O over-subscription and ensure traffic prioritization.

The platform offers more x86 cores for edge-compute service planes to host KVM and LXC applications including ThousandEyes monitoring.

Figure 2: Cisco Catalyst 8500 Series Edge Platform Portfolio

A Secure Platform You Can Trust

The C8500-20X6C is trustworthy. It implements Trust Anchor module, Secure Boot, image signing, and runtime defenses to protect against modern cyber-attacks.

There are 64 crypto engines inside the QFP data plane. The crypto engines have dedicated resources for encryption and their use does not impact non-encrypted traffic. The digest and cipher algorithm instructions are built for scale. The cryptography occurs in line with the forwarding functions to deliver ‘hardware accelerated’ multi-hundred gig crypto performance.

Helping Achieve Your Sustainability Goals

Often customers end up deploying scale-out architectures with multiple boxes when the aggregation performance needs cannot be met by a single device. In today’s business environment, sustainability is a key goal, usually measured as ‘Performance-to-Power’ ratio.   Using one high-performance C8500-20X6C vs multiple services platforms, customers can recognize up to 60% reduction in power per Gbps which will help organizations reach their energy efficiency goals.

Add Muscle To Your Network With C8500-20X6C

In summary, the C8500-20X6C will help flex your network’s performance boundaries to a new level.

◉ Raw packet processing power, hardware-accelerated crypto, and scalable services offer the necessary muscles for evolving edge networking use cases.

◉ Trustworthy solutions strengthen the platform against unforeseen network attacks.

◉ All of this with healthier power efficiency… a greener way for a scalable future!

Source: cisco.com

Continue reading

Evolution towards Full-Stack Observability

Applications are the front door for virtually every business, and they are under pressure to accelerate their digital transformation projects. Flawless application experience is a top priority, and 84% report that the need to maintain the performance of business applications is now more important than ever.

Modern Applications are complex

However, it is also more complicated than ever. Modern applications are built on top of microservices, running on cloud-native and hybrid cloud architectures, which are based on massively decentralized services, ultimately creating a complex and rapidly evolving environment. A small issue in one service can have a cumulative effect on the overall experience.

The information and experience required to operate these environments is scattered and siloed across different tools and teams. This reduces the ability to identify, prioritize, and effectively address the issues that are directly impacting the user experience and most likely the business and its brand and reputation.

Monitoring to Visibility to Full-Stack Observability

As applications are becoming more complex, the way we monitor and observe them should also change.

Earlier, we had monitoring – when each team had their own dashboard, which was built based on passive access of information, usually alerts and events that typically are built into the dashboard based on sampling. The main KPI that organizations were looking at was availability.

Then the industry evolved towards visibility – more active ingestion of Telemetry. In particular, the addition of metrics, events and logs, and root-cause analysis. But still each team or domain had their own tool. Performance was the main KPI for visibility.

Now industry is building on monitoring and visibility, into Full-Stack Observability. Business context is getting added to the conversation. In addition to metrics, events and logs, tracing is added for measuring the experience end-to-end for cloud-native applications. Security also comes to the forefront with FSO. But the most important change we are seeing in the market today is the ability to do full-stack observability across multiple domains and multiple teams because traditional monitoring and/or silo visibility does not work in a world that is driven by hybrid or cloud-native deployments. Full-Stack Observability provides business context with availability and performance so that you can monitor the experience.

Source: cisco.com

Continue reading

Boost your 80km links to 100G with QSFP-100G-ZR4-S optical modules

Introduction

Cisco’s QSFP-100G-ZR4-S pluggable module

Data-intensive applications like streaming video, cloud computing, and 5G wireless are triggering massive increases in bandwidth demand even in remote areas. To keep up, service providers and network operators need to upgrade existing 10G networks with mature 100G optics. 100G QSFP28 pluggable modules are already in broad deployment across reaches from 100m to 40km. The problem is that traditional 100G QSFP28 modules are not designed to operate beyond 40km distance.

Previously, organizations wanting to upgrade their 80km 10G links had to either add external amplifiers (and possibly repeater huts) to their 40km 100G QSFP28 solutions or use coherent transport systems. Both approaches increased cost and complexity. For enterprises, service providers, telcos, and wireless carriers operating in remote areas, those solutions don’t fit the business case—but neither does continuing to invest in 10G links.

These network operators have been waiting for a cost-effective 100G QSFP28 module capable of operating up to 80km distances. Today, the wait is finally over.

With an advanced design incorporating an integrated semiconductor optical amplifier (SOA), Cisco’s QSFP-100G-ZR4-S modules provide a simple and economical 100G solution for a variety of extended-range applications requiring 80km reaches. Rather than installing or leasing new fiber to meet demand, network operators can upgrade existing 10G modules to the QSFP-100G-ZR4-S to gain a huge bandwidth boost and reduce cost per bit. Often times there is an unused 100G QSFP28 port available on existing equipment. The additional capacity enables operators to dramatically upgrade their offerings, bringing in new revenue streams. They can do this while , transforming their network and cutting costs.

QSFP-100G-ZR4-S equips network operators to dramatically upgrade their networks.

The QSFP-100G-ZR4-S in action

The QSFP-100G-ZR4-S addresses several application areas:

◉ Enterprise: From retail to manufacturing, healthcare to remote offices, today’s enterprises require high-speed connectivity to link facilities across increasing distances. With its extended reach, the QSFP-100G-ZR4-S provides greater flexibility to build a network that best suits the business.

◉ Connecting to a regional data center: To reduce IT operating costs, businesses are offloading applications to the cloud. With the QSFP-100G-ZR4-S, organizations can reliably transmit more data across high speed links to data centers over distances of up to 80km.

◉ Rural broadband: As service providers expand access to under-served and unserved rural communities, the 80km reach of the QSFP-100G-ZR4-S provides an effective solution for remote regions where distance, power, cost, and space are key factors.

◉ Mobile: With the rollout of 5G, wireless providers need 100G links to aggregate 4G and 5G traffic. QSFP-100G-ZR4-S modules deliver, offering long enough reach to serve distant decentralized locations at reaches up to 80km.

Source: cisco.com

Continue reading

Women Technical Leader Incubation Program (WTLI) in India

Cisco IT has launched a women technical leader incubation program to support and encourage women in technology. The initiative, which has been run in-house, offers training and development for women to build leadership skills. Its four-pillar framework of experience, education, empowerment, and exposure was designed to enable women to “confidently build their path in technology with skilled guidance and opportunity.” An added hackathon-style event proved “beneficial to garner employee engagement and enthusiasm.”

Overview

Women empowerment has shattered many myths and altered numerous mindsets around the world. Although technology is an open arena for leaders of any gender, the number of women leaders remains low. Retaining and developing women’s technical talent is a challenge, and the numbers can be discouraging. Cisco IT conducted a survey with site leaders, managers, women leaders, and women employees to determine why there are fewer women in technology. The reasons ranged from the lack of female role models to the perpetuation of myths, such as imposter syndrome, as well as the lack of opportunities to network, train, and provide a platform for empowerment.

Cisco IT initially implemented a gender-neutral Technical Leadership Initiative in India, but this did not bring women to the forefront. According to the survey, women who take a career break find it difficult to keep up with the latest technology and upskill. Many who return to work after a leave period, or a sabbatical, feel outdated. These insights led to the creation of a specific program for women.

A Unique Program

With this in mind, Cisco IT developed and launched a unique program in-house to address the challenges and obstacles faced by women in the technology industry. This innovative platform provides enterprise women leaders with an opportunity to work together on cross-functional business problems and serve as role models for other women. The goal of the program is to empower women and help them become the leaders they aspire to be.

The framework

To support and empower women in the technology industry, Cisco IT developed the program with four key pillars: experience, education, empowerment, and exposure. This holistic approach provides women with the guidance and opportunities they need to confidently pursue and build successful careers in technology. The program was developed in early February, and the first cohort of participants began their projects in May 2022.

In line with its efforts, the program followed a rigorous nomination process and ultimately selected 20 women to participate. The participants were then divided into four cohorts with cross functional expertise and given projects with a coach to learn and apply the four-pillar framework.

1. Education

To provide participants with the best possible learning experience, the program leveraged a variety of soft skills and leadership training courses available on Degreed. These courses were facilitated in group settings to encourage active collaboration and practice. In addition, a defined technical leadership curriculum was developed, and the latest technology trainings were made available to participants. Key players in the cloud technology industry, such as AWS, also contributed training sessions in a group forum. Hackathon-based events were also organized to engage and energize participants.

2. Experience

After completing their training, it was important for the participants to gain practical experience. To provide this opportunity, technology leaders from across Cisco came together to design cross-functional business problems for the participants to work on. This allowed the participants to shadow the leaders and gain hands-on experience, breaking the traditional mindset of project execution and fostering leadership skills. It also facilitated connections across different parts of the organization, helping participants develop their business acumen.

3. Exposure

To provide the participants with diverse perspectives and guidance on their projects, the team brought in Principal and Distinguished Engineers from various functions across Cisco to serve on the advisory board. The board held a mix of panel discussions and role-model series featuring successful women leaders who shared their experiences and insights on topics such as work-life balance and making difficult decisions. These sessions provided valuable guidance and inspiration for the participants.

4. Empowerment

To celebrate the completion of the program, each participant presented a lightning pitch to Cisco CIO Fletcher Previn. This was a rewarding and empowering experience for them. It also enabled them to identify a sponsor through Cisco’s Multiplier platform, where the power of sponsorship is leveraged to increase a pipeline of diverse talent. Additionally, the participants had the opportunity to participate in one-on-one speed mentoring sessions with women leaders from across Cisco, which helped them chart a career path forward.

Valuable Outcomes

The program empowered women employees to make their own decisions, define the scope of their projects, engage with stakeholders, and become thought leaders in their fields. Most of the participants went through career progression by taking on challenging responsibilities, increased scope or being part of complex technical projects, with better visibility and technology stack, ever since the culmination. One participant even had the opportunity to speak at Cisco Live as a technical expert.

The program has received overwhelmingly positive feedback from both participants and coaches involved. One major advantage of the program is its ability to retain and develop in-house talent, which can be challenging in the current global environment. The program offers women the opportunity to enhance their skills and break new ground in technology. Many participants who were originally part of a technical team are now leading their own teams, tackling new challenges with confidence.

Overcoming Challenges

One of the main challenges of the program was to break down the myths and misconceptions that held women back. Because of career breaks and a conventional mindset, women often lacked confidence and were hesitant to ask for what they needed or negotiate for better opportunities. These negative biases made them feel excluded from innovative projects.

The solution took five to six months to develop, as the team worked with multiple vendors to provide training, coordinated with site leaders for nominations, consulted with Principal Engineers to identify business use cases, and worked with the Learning and Development team to review progress.

The program was launched during the COVID-19 pandemic, which made it difficult as the virtual format made it challenging to provide effective training in soft skills. However, as the program gained momentum, it became more interactive and effective.

Manager support was key to help employees balance work and training, making the program a success with huge positive impact for all participants.

Future: Where there is intent, opportunities are limitless.

Preparation for the next phase of the Women’s Technical Leadership Initiative (WTLI) Program is underway, with plans to implement it in March 2023. The team is also evaluating expansion to more locations across the globe. With the support of Cisco’s senior leadership, we are confident that the program will be successful and help bring more women technical leaders to the forefront.

Source: cisco.com

Continue reading

New Cisco hybrid work offers: Helping you reimagine the employee experience

Getting Hybrid Work “just right”

The concept of “hybrid work” is getting a lot of attention as more companies are trying to determine the right mix of remote and in-office presence for their employees. This challenge is also highlighting a lack of understanding on the best ways to support a hybrid workforce to achieve improvements in productivity and office space optimization.

We have learned a lot at Cisco from our 15+ years of experience in creating the best experience for employees to get work done instead of worrying about where the work gets done. Creating this employee experience took much more than stitching together a collection of technology products, vendors, and commercial support models. Instead, we focused on delivering the hybrid work experience as a business outcome. By taking this holistic approach, we have seen some impressive results that are flowing through to our bottom line:

◉ Helping us to be rated #1 Best Place to Work for multiple years, and with less than half of the average industry attrition.

◉ Enabling our Real Estate teams to invest in higher quality, more modern and sustainable work environments with 30-50% less space, and with better employee experiences.

◉ Scaling of IT processes, infrastructure, and applications to support secure hybrid work for tens of thousands of employees worldwide.

Re-imagining the employee experience

One of the major obstacles we had to overcome was making hybrid work easy for non-technical employees without much IT expertise. After all, hybrid work should not require your employees to be their own IT manager.

To get employees productive quickly, we pre-install our hybrid work software package on employee laptops. Webex is the best platform for collaboration. Secure Endpoint, Duo, Meraki Systems Manager, and Umbrella provide world-class security that frustrates attackers, not users. And ThousandEyes Endpoint Agent enables remote troubleshooting, so employees do not need to go into the office for IT help.

We also added our Meraki networking for fast, secure home office wireless. To ensure that remote workers can fully engage with anyone in the office, we include a Cisco 4K video camera and headphones with a large video monitor. Combined with Webex, this solution provides outstanding video and audio quality.

The best part is the employee experience. The employee just turns on the laptop and is automatically connected. Simple. No technical experience needed.

What’s new?

Our business outcome approach to hybrid work has been hugely popular with Cisco employees. We want to make our experience YOUR experience. I’m thrilled to announce the availability several new offers with special pricing that make it easier to design, purchase, and implement hybrid work for your own organization. These new offers include:

1. Detailed design guides for Work from Office renovations.

2. Cisco Validated Framework documentation for IT managers to deploy Work from Office.

3. New commercial construct –

◉ Hybrid Work Software Offer — Powered by Enterprise Agreement 3.0, this is the best value in the industry for hybrid work across collaboration, security, digital experience monitoring, and mobile device management.

◉ Hybrid Work Home Offer – Our work-from-home expertise for delivering collaboration with different devices and networking at special pricing.

◉ Hybrid Work Office Offer – Helping companies build sustainable spaces that are optimized for hybrid work.

Source: cisco.com

Continue reading

Enforcing Zero Trust Access with Cisco SD-WAN

As applications become distributed across clouds, data centers, SaaS, and to the edge, enterprises need to enable secure access to these applications for their workforce from anywhere. Implementing Secure Access Service Edge (SASE) is a preferred method for enabling secure access to distributed applications by a hybrid workforce and the growing number of IoT devices.

Zero trust is one of the most common starting points for enterprises that are embarking on their SASE journey. Many enterprises are either in the process of adopting zero trust or have already adopted it. The initial transition was primarily driven by a large number of remote workers as a result of the pandemic. However, many enterprises are now transitioning to hybrid environments with the workforce distributed from campuses to branches to home offices.

This hybrid work environment, along with increasing reliance on distributed cloud and SaaS applications, requires a network architecture that provides scalable and distributed zero-trust security enforcement close to endpoints and people using them. This maximizes bandwidth utilization of the WAN link while ensuring that there is no central choke point where all the traffic needs to be redirected. In addition, in order to thwart real-time threats, IT needs the network to continuously monitor and assess the security posture of devices after application access is granted.

The latest enhancements in the SD-WAN security architecture are designed to support this new paradigm of distributed applications and hybrid workforces. Now, the tight integration between Cisco SD-WAN and Cisco Identity Services Engine (ISE) enables IT to employ zero trust security functions for the traffic that goes through an SD-WAN fabric.

Cisco ISE Configures Security Posture in SD-WAN Fabric for Zero Trust

Delivering a Zero Trust methodology for SD-WAN traffic requires four key functionalities: application access policies based on the desired security posture (who can access what); security controls for admitted traffic; continuous enforcement; and immediate adaptation to security posture changes—all enforced with a consistent model for on-prem, mobile, and remote devices and workforce.

Cisco ISE supports the configuration of security posture policies in SD-WAN fabric. When a person’s device or an IoT endpoint connects to the network, the posture of the device is evaluated based on the configured policy, and an authorization decision is made based on that outcome. For example, an outcome of a device posture evaluation can be compliant, non-compliant, or unknown. This outcome of device posture evaluation determines an authorization policy, which can include the assignment of a Security Group Tag (SGT) and other authorization attributes to the device and owner. Details about how this is configured in Cisco ISE are captured in this technical article and video.

In addition, Cisco ISE shares the security group tags and session attributes with the Cisco SD-WAN ecosystem. This information can be leveraged by IT to create identity groups and associate security policies in Cisco vManage to enable access by specific user groups to applications over the SD-WAN fabric all the way to the edge.

The images of Cisco vManage console in Figures 1 – 3 illustrate the process of how Cisco vManage learns a set of security group tags from ISE.

Figure 1: Identity groups pulled from ISE and shown in Cisco SD-WAN vManage

Figure 2: Creation of identity lists which includes a group of security groups – identity lists are used in the security policy configuration

Figure 3: Security policy configuration based on identity lists

Monitoring of Security Posture Guards Against Attacks

Cisco ISE also supports a periodic reassessment of device posture. Any change in the posture will cause a change of authorization which results in a different security policy being implemented in the SD-WAN edge. This enables the network and endpoints to work in unison to enable zero trust capabilities. Following are three use cases to illustrate what is possible with the deep integration of Cisco ISE and SD-WAN solutions.

◉ IT can configure a posture policy that requires an Anti-Malware Protection (AMP) agent running on endpoints to identify malicious files. When the owner of a device connects to the network, the posture is evaluated and determined to be compliant with a running AMP agent. The compliant status results in a specific SGT being assigned to the traffic and associated authorization access. As an added benefit in this case, SD-WAN router will not execute the network AMP functionality when it is being run on the endpoint. However, if the AMP process on an endpoint is terminated either voluntarily or involuntarily, ISE will detect this through periodic posture assessment. The endpoint’s non-compliant status will result in a more restrictive SGT being assigned. On the SD-WAN router, a policy for non-compliant traffic will result in the execution of the network-based AMP function for the traffic originating from that endpoint. As a result the network and end-point work in unison to ensure that the right policies continue to execute properly.

◉ IT can configure posture policy that prevents the insertion of a USB device in an end-point. When a device connects to the network without a USB attached, the posture is evaluated by ISE as compliant, and therefore traffic from the device is allowed to pass through the network. If a USB is connected to the device, ISE will immediately detect the non-compliant status and do a change of authorization, assigning a different SGT which can be used by the SD-WAN edge to block all traffic from the device as long as the USB is attached.

◉ With Software-Defined Remote Access (SDRA), another key technology of Cisco SD-WAN, the traffic from remote workers and their devices is processed by the SD-WAN edge as well as subjected to ISE posture evaluation. This means that all the functions for accessing applications based on posture are applicable and available to both on-prem and remote endpoints.

Start the Journey to SASE with Zero Trust-Enabled Cisco SD-WAN

Cisco SD-WAN connects the workforce and IoT devices to any application using integrated capabilities for multicloud, security, and application optimization—all on a SASE-enabled architecture. Zero trust is a key capability of SASE, along with SD-WAN, enterprise firewalls, a cloud access security broker, secure web gateways, malware protection, intrusion prevention system, URL filtering, and DNS-layer protection.

As organizations make progress on their journey to SASE, Cisco SD-WAN’s rich security capabilities enable Zero Trust functions across SD-WAN traffic to secure the network and devices in a scalable, optimal, and cost-effective way.

Source: cisco.com

Continue reading