Saturday 30 December 2023

Webex Connect and a new digital experience

Webex Connect and a new digital experience

Consumers are relying on digital channels for their retail needs now more than ever. This shift requires online experiences to be increasingly enhanced, and a strong digital experience can make a significant difference in consumer attraction and retention.

While creating such engaging experiences is necessary for businesses of all sizes, smaller teams in particular need to find a way to get their customers’ questions answered without relying on as much manpower. The Cisco Store is one such program, and Webex Connect provides an efficient, easy-to-use solution to this problem.

Multi-Channel Communication

Webex Connect is an enterprise-grade Communications Platform as a Service (CPaaS) that transforms how businesses engage with their customers. In simple terms, CPaaS is a cloud-based technology that lets companies easily add custom communication features—like messaging, video, and voice—into their apps or services by deploying application programming interfaces (APIs). Webex Connect enables enterprises to deliver secure, automated, and hyper-personalized interactions at scale. And with little to no coding required, it empowers technical and non-technical teams alike to create rich, seamless customer interactions.

With a diverse API portfolio and multitude of integration options, businesses can connect their existing backend systems – such as their customer relationship management (CRM), order management, delivery management or even shift management – with the latest digital communication channels to create personalized, automated customer experiences.

Webex Connect handles customer communications over multiple digital channels, including SMS, WhatsApp, Voice, Email and more. The platform allows for inbound messages and automated two-way interactions, allowing customers to feel just as attended to as they might in a physical location. Customers can manage their communication preferences and consent at all times in accordance with online regulations, giving them full control over their digital experience. On the business side, employees can easily debug any issues in real-time and view key statistics through the platform’s centralized dashboards, data visualization, and data analytics capabilities.

Ease of Use

The Cisco Store sets up multiple travel stores every year at events such as Cisco Live Amsterdam, Cisco Live Vegas, and Cisco IMPACT. These stores feature both our merchandise and our Tech Lab equipment, and our small team hosts numerous customer tours every day. To streamline efficiency with our limited staff, we can easily program Webex Connect to have prompts and answers ready regarding our events, such as the store’s hours and location in the building. Customers simply need to message the bot on their channel of choice to receive rapid assistance.

Live Agent Handover

The platform also allows for bot interactions to be seamlessly handed over to live agents while still retaining the conversation context. Escalation to an agent is routed to a Webex Space, where someone on the Cisco Store team can claim the task and interact directly with the customer.

Webex Connect and a new digital experience
Webex Connect and a New Digital Experience

Webex Connect is currently being used both online and in-person at the Cisco Store, with 77% of the bot’s sessions occurring on the web, followed by 23% of the sessions occurring on Apple Messages for Business. Moreover, throughout the first quarter of FY24, Webex Connect averaged 30.4 messages per day, with 42% of the total sessions being handled by the bot.

 Interactions with Webex Connect during Q1 FY24 have mostly occurred online compared to in-person at the store locations. The most common conversation topics with the bot, in order of frequency, were engagement with a live agent, order tracking, store timings, and store locations. 

Looking Ahead

The Cisco Store plans to use Webex Connect in a multitude of additional ways moving forward to truly maximize customer engagement. Customers may be able to do self-checkout via the platform by simply scanning a QR code and paying from their mobile devices. To speed up their order process, customers could buy their products online and pick them up curbside with the assistance of the chatbot. Moreover, Webex Connect could eventually be integrated with order management systems: customers can receive updates on their order statuses and shipping notifications via their preferred mobile channel. 

The possibilities of Webex Connect reach far beyond a simple Q&A platform – teams will receive 24/7 support, developer resources, account management, and expert live chat whenever they need it. Webex Connect will prove to be an efficient solution for customer engagement, starting with the Cisco Store itself.


Thursday 28 December 2023

Managing API Contracts and OpenAPI Documents at Scale

Managing API Contracts and OpenAPI Documents at Scale

Cisco DevNet presents at API Days Paris 2023

Year after year, this global event for API practitioners gets bigger. This year the event was held in the newly renovated CNIT Forest – a central and easy to join location in the Paris La Defense business area. Many of us were amazed by the number of talks and exhibitors showing their latest advances in API Design, API Management, and Event Driven Management gateways and the many discussions around OpenAPI, JSON-Schema, and GraphQL.

As a sponsor of API Days Paris, Cisco DevNet – Cisco’s developer program – offered a booth where we engage 100+ conversations with attendees and discussed how to build and publish robust APIs, sharing our experience driving API Quality and Security initiatives. (We also had the opportunity to meet and, for some of us, play chess with Laurent Fressinet, the two-time French Chess Champion, and ‘second assistant’ with opening preparation during Magnus CarlsenWorld Chess Championship matches. But that’s a different story.)

The importance of API Contracts

DevNet offered 2 talks explaining the importance of API Contracts, how we are evaluating and scoring our APIs internally, and also the challenges that come with the lifecycle and management of OpenAPI documents (see resources below for recordings and slides).

Managing API Contracts and OpenAPI Documents at Scale

We were able to show why and how a successful API-first strategy not only encourages consistent practices when designing, versioning, and documenting APIs, but also lets you look into testing and observing live traffic to ensure APIs behave as per their contract.

Managing API Contracts and OpenAPI Documents at Scale

Schedule a live Panoptica demo

In this regard, we offered demonstrations of the latest version of Panoptica – Cisco Cloud Application Security solution – with a particular focus on API Security. If you are interested in this topic, we encourage you to schedule a live demo of Panoptica.

Managing API Contracts and OpenAPI Documents at Scale


Tuesday 26 December 2023

The Next One Billion Lives

The Next One Billion Lives

Cisco shared the news that we’ve achieved our ten-year goal to positively impact one billion lives through the Cisco Foundation, Social Impact grants, and Networking Academy – one year ahead of schedule.

As the leaders of these organizations, we’ve never been prouder of the extraordinary work of our teams and our global nonprofit partners, and the contributions of leaders and employees across our company in innovating to help solve the world’s greatest challenges.

Expanding our impact

Now, we’re exploring what’s next.  How will we continue to expand our approach – and accelerate our progress? What inspired, ambitious goals will we set? And how will we impact the next one billion lives?

These are questions worthy of the same thoughtful consideration, passion, and drive as the original ambitious goal.  Now that we’ve achieved it, we can stand on the shoulders of what we’ve learned along the way in connecting longstanding challenges with new possibilities to overcome them – pushing beyond limits – and deepening our understanding of how to create meaningful impact.

What we believed nine years ago continues to be Cisco’s guiding principle: Our ability to impact billions of lives lies in our ability to scale. We’re now expanding our areas of focus and aligning on impacting entire communities – and countries – through our Social Impact, Networking Academy, and Country Digital Acceleration programs. And we’re focusing on addressing the systemic causes of inequity and driving innovation to create lasting, generational change.

Anchoring the workforce of the future

Cisco’s Networking Academy, which now operates in 190 countries has trained more than 20.5 million students in networking and cybersecurity skills over the past 26 years.  In training thousands of learners every year, we not only empower individuals to start a rewarding new career, but also create millions of next-generation jobs and that will anchor the workforce of the future.  We know, however, that connecting the unconnected isn’t just a moral imperative; it’s economically prudent. According to a 2022 World Bank Report, raising internet connectivity to 75 percent of the population in all developing countries (from the current level of approximately 35 percent) would add up to US$2 trillion to their collective gross domestic product (GDP) and create more than 140 million jobs around the world.

By continuing to scale our impact, we’re changing the economic trajectory of communities around the world, increasing economic productivity, and fulfilling our purpose to power an inclusive future for all.

Scaling tech-enabled social impact solutions

Within our global Social Impact Grant programs, our focus on promising nonprofits and NGOs with tech-enabled solutions that we can scale is continuing to create lasting change across communities. When we bring the full measure of Cisco’s strengths to support our nonprofit partners in developing their solutions – and give them the time, space, and flexibility to test their ideas – the impact they create can be astonishing. Like the women of Living Goods, which combines game-changing technology, quality products, and vital health services to empower community health workers to deliver on-call care to their neighbors’ doorsteps. And they earn a livelihood while doing it.

Cisco was an early supporter of Living Goods’ work to leverage technology to deliver healthcare products and services at scale, in a cost-effective manner.  We were proud to partner with them to help them reach their goal of providing quality healthcare to more than 25 million people via 34,000 digitally empowered community health workers by 2021.

Sharing what we’ve learned on the journey to one billion lives

As we contemplate our next inspired goal, we’re committed to sharing more about what we’ve learned in positively impacting one billion lives and to understanding more about the challenges faced by communities around the world.  The most important words of Cisco’s purpose statement – to power an inclusive future for all may be the final two.


Saturday 23 December 2023

Cisco and Nutanix Team Up in Response to Customer Demand: Another Win for Customer-Centric Innovation

In the ever-evolving landscape of IT, organizations continually seek solutions that simplify complexity, break down silos, and enhance agility. At Cisco, we’re continually tuned into the demands and requirements of our customer base, and it’s this laser focus that has led to our most recent collaborative venture. We are thrilled to announce our new integration with Nutanix, a leader in enterprise cloud computing solutions.

Listening to You: Our Driving Force

Time and time again, our commitment to delivering top-notch, efficient solutions is fueled by the needs and feedback of our customers. You spoke, and we listened. The partnership with Nutanix is a direct reflection of this two-way dialogue, a testament to our commitment to not just hear, but actively listen and respond to what you are saying.

Bridging the Gap with ACI VMM Integration

One of the key facets of this collaboration is the integration of Cisco’s Application Centric Infrastructure (ACI) Virtual Machine Manager (VMM) with Nutanix. This marriage of technologies effectively bridges domain silos between the network and server teams. Network configurations and server deployments, historically segmented tasks, can now be coordinated more efficiently, fostering a more agile and responsive infrastructure. This integration is designed to simplify operational complexities, promoting a more streamlined and efficient operational workflow.

Cisco ACI: Beyond Traditional Networking

Before we jump into the integration, let’s re-familiarize ourselves with Cisco ACI:

◉ APIC (Application Policy Infrastructure Controller): It’s not just a management tool; think of it as the brain behind the orchestration of network policies.
◉ Spine and Leaf Architecture: This ensures a swift and efficient flow of data, connecting all aspects of the data center seamlessly.
◉ Policies: The linchpin of ACI, these pre-defined functionalities ensure the network is adaptive and responsive to specific needs.

Why Nutanix?

Nutanix is a frontrunner when it comes to hyperconverged infrastructure, bringing together compute, storage, and virtualization under one roof. Their solution, which focuses on simplicity and scalability, offers an ideal playground for ACI’s capabilities. Integrating with Nutanix’s VMM functions ensures that ACI’s policy-driven approach aligns perfectly with the agility and dynamism of virtualized workloads.

Cisco and Nutanix Team Up in Response to Customer Demand: Another Win for Customer-Centric Innovation

The Power of Integration

Holistic Visibility: ACI’s already granular insight extends into Nutanix environments. Network administrators can track activities from the physical infrastructure up to individual VMs in the Nutanix cluster.

Elastic Networking: As virtual machines and workloads shift within the Nutanix ecosystem, ACI adapts, ensuring network policies remain consistent and effective.

Enhanced Security Posture: ACI’s renowned micro-segmentation, when combined with Nutanix’s security features, offers a formidable defense against malicious activities and breaches.

Unified Management: With APIC interfacing directly with Nutanix’s Prism management, it consolidates the administrative experience, simplifying operations.

Getting Started with ACI and Nutanix

Integration at a glance:

  • Kickstart with a robust ACI environment and an operational Nutanix cluster.
  • Through APIC, navigate to VM Networking, and add a VMM domain specific to Nutanix.
  • Detail out the Nutanix cluster specifications and correlate with ACI’s bridge domain.
  • Watch as ACI seamlessly integrates its policies with Nutanix, creating a cohesive networking environment.

Joint Commitment to Customer Success

Both Cisco and Nutanix are firmly committed to jointly supporting our customers. Our shared goal is to deliver the best infrastructure automation experience possible. By harmonizing the strengths of ACI’s policy-driven architecture with Nutanix’s prowess in hyperconverged infrastructure, we aim to offer a solution that epitomizes efficiency, simplicity, and most importantly, customer satisfaction.

In Conclusion

The integration of Cisco’s ACI with Nutanix marks a pivotal moment in data center networking. It signifies a future where the physical and virtual, the network and the application, are in perfect harmony. For enterprises looking for agility, security, and simplicity, this integration opens up new vistas of possibilities.


Thursday 21 December 2023

Why CISOs and CIOs Should Work Together More Closely

Why CISOs and CIOs Should Work Together More Closely

Although there are overlaps in the goals and responsibilities of the CIO and the CISO, there are also challenges that get in the way of a more cohesive relationship, including reporting lines, organizational structures, budgets, and risk appetites.

If they don’t overcome these challenges, they’ll stall the technology from achieving its full potential, silos will persist, and the rifts will widen.

What’s the aim? Unite these two executive leaders under a common purpose. A panel of CIOs and CISOs identified some of the shifts that can get these two roles working better—together.

Shift #1: Identify the overlaps.

CIOs and CISOs have different jobs to do.

◉ The CISO is the cybersecurity leader who leverages compliance and regulations to protect information and stop data leakages.
◉ The CIO is the enabler of business growth and innovation who makes sure that the organization is getting the most out of the information at hand.

The overlap is their perspective on the “information” part of “information technology.” Specifically, how the CISO’s technical and cybersecurity responsibilities juxtapose the CIO’s growth mindset.

Conflict emerges when CIOs and CISOs look at the IT risks and opportunities as separate responsibilities. This doesn’t make sense to Brian Brackenborough, CISO at Channel 4, who says it is inefficient to separate the many responsibilities that CIOs and CISOs carry.

He said there is no need for separate IT teams to focus on fixing devices while another focuses on networks. Instead, there should be one team managing it across the board.

Shift #2: Overcome the tension in your reporting lines.

Consider both viewpoints of CISOs and CIOs, which is to understand the origins of tension between the roles. Some of this friction can be attributed to reporting structures: when the CISO reports directly to the CIO there is typically less friction, but with more CISOs reporting directly to the CEO with a seat at the board room table, this dynamic changes. The choice of reporting structure could be down to strategic priorities flexing between regulation and innovation phases of the business cycle.

Organizations can choose to approach this dynamic duo differently. Johnson Matthey’s CIO, Aidan Hancock, says the CISO has always reported to him, but that reporting lines can grow and spread out. His focus is making sure the CISO is fully on board with the rest of his IT leadership team.

Equality in reporting lines will be a dead end if CIOs and CISOs don’t share responsibility for risk. That’s not to say they must have identical perspectives—each leads the organization from a different vantage point—but they do need to understand and align.

Shift #3: Align on risk.

Doug Drinkwater, Director of Strategy at HotTopics, suggests that historically, the CISO will be the one to “take the hit” when it comes to risk.

At the top of any organization, the CIO and CISO must be united and share the responsibility for leading risk. Hancock’s main concern is a CISO with an independent reporting line owning risk while “the CIO delivers most of the actions that meet that risk.” His solution to this is for the leaders to find a common purpose.

Shift #4: Work together for a shared purpose.

Anuj Tewari, CISO at TMF Group, looks at collaboration between CIOs and CISOs as a key success factor. The moment they stop working together, everything becomes a challenge. The greater the disconnect, the less optimistic the partnership can be.

The budget exercise was one example where Tewari said he saw CIOs and CISOs work hand in hand. In the end, he maintains that collaboration is about creating a road map to ensure that CISOs and CIOs can secure the data and overall “crown jewel” for the organization. That means consciously overriding our human instinct to stick with our “people.”

For Brackenborough, transparency between the two roles is foundational. He gave the example of the traditional CIO and CISO conferences. An information security conference is full of CISOs and information security professionals. Brackenborough suggests they swap. This way, technology leaders will know what’s happening in each other’s camps and help the CISO and CIO overcome the feeling that they’re talking different languages.

Understanding the overlap in the roles and becoming intentional about reporting lines while aligning on risk and purpose can bring IT organizations closer together. This is ideal because technology is starting to do the same.

The convergence of technology and people

The industry is moving forward and the convergence of networking and security is giving organizations the technology to scale. This shift allows organizations to better support demand, fulfill performance requirements, and allow for deployment of new services, all while securely connecting hyper-distributed teams, places, and things.

Think about security, incident response, and detection paired with the alignment of goals, objectives, and priorities. Modern tools break down the silos between the CISO and CIO so that convergence can take place.

Resultingly, teams can start working together to push forward. CIOs and CISOs get a holistic view of what is going on in the organization they’re leading. With the right tools for the job and doing business with security in mind, there’s a lot of potential to be unlocked.

CIOs and CISOs must clarify roles, responsibilities, and reporting structures. By aligning on risk and purpose they can organize their teams to work better—together.


Tuesday 19 December 2023

Simplifying IT for Better Experiences

Simplifying IT for Better Experiences

IT leaders face the challenge of managing a growing set of often disparate technologies and successfully delivering them to a wide audience of end users who demand simple experiences. However, today’s technology landscape is complex and fragmented.

Simplifying IT requires us to rethink our processes and what we mean by “experience.”

Unified experiences show us what’s possible when technologies, applications, and networks all work as one. Simplifying the end-to-end journey, which includes back-end systems and end-user experiences, comes with challenges, risks, and opportunities.

With insights from a panel of cross-sector IT leaders, we can examine what we’re simplifying and how that leads to superior experiences.

Simplify the back end

Whether driven by internal or external forces, innovation typically results in more systems and greater complexity. A closer look often reveals a patchwork of new and legacy systems that are burning through budgets, confusing customers, and squeezing profits.

A big part of this complexity stems from backward compatibility with legacy systems. It’s not so much a matter of redundant old systems taking up valuable resources, but rather maximizing value and operations efficiency across both old and new systems. This challenge lies at the heart of simplifying IT.

Graeme Howard, former CTO and CIO of Covea Insurance, points to legacy systems as a challenge for his organization’s digital transformation. “We built out a huge number of new platforms and new functionality, but we also had many legacy platforms that were far too expensive to change.”

In the process of driving customer experience, hyper-personalization, and data enrichment, legacy systems can pose a significant obstacle. Graeme encourages leaders to persevere and push through such challenges.

Focus on first impressions, Graeme argues. If it’s difficult for a customer or internal user to log onto a system or buy a product, that could mean losing customers and business.

Simplify for the customer

Simplifying IT for better experiences isn’t just about hiding the complexities of our processes from the customer. It’s also about including customers in the design of those experiences. Whether starting from scratch or taking on a complex project of integrating new and legacy systems, IT can no longer dictate to the user.

Instead of relying on customers to create their own demand for our products and services, Archana Jain, CTO at Zurich Insurance Group, understands simplifying IT as the opportunity to reach insurance customers with products and services, when and how they need them. Alongside traditional methods of insurance, she poses a simple question to get her industry thinking: “Can we offer [customers] insurance when they need it, as opposed to having something static forever and forever?”

For example, if a customer wants to go on holiday, instead of a lengthy process of booking travel insurance for flights, hotels, and car rentals, Jain suggests simplifying that experience through a partner so the customer can buy insurance with one click. That thinking conceptualizes travel insurance within the customer’s travel-planning journey, not as a stand-alone task. It’s a win for everyone.

Simplify to better manage risk

As IT leaders, we can be nimble in how we lead digital transformation. For superior experiences, how we responsibly simplify IT must extend to how we manage risk. Change for the sake of change, or moving too fast for stakeholders to keep up, can expose organizations to unnecessary risk.

Technologists leading successful IT simplification strategies can balance business value, business case, and legacy systems. Joanna Pamphilis, UniCredit’s Senior Vice President and CDIO, is one such leader. She believes organizations should be practical about the need to eliminate legacy systems, and deliver value while leading responsible change.

Jain at Zurich Insurance Group says operational alerts are a great example of how technology that is designed to improve a process can, ultimately, complicate it. How often do we hear stories of overburdened IT operations teams with piles of server, network, device, and security alerts (among others) with no way of sorting the high priorities from the quick fixes from the FYIs? But technology is also the answer to simplifying that same operation without completely unravelling the infrastructure.

According to Jain, Zurich Insurance Group’s IT operations team were handling thousands of alerts designed to pick up events like server issues. Ironically, the technology deployed to manage risk created the risk of not having the human resources to investigate every alert—and the risk of an unreliable user experience. To solve this challenge, Zurich now uses artificial intelligence (AI) to filter out the unnecessary alerts so their IT operations team can better focus on actionable items.

Simplifying IT for Better Experiences

Consolidating customer, employee, and other types of data is a critical step in becoming proactive about risk and the customer experience, according to Ronald Martey, CISO at GCB Bank. He wants leaders to investigate different elements and systems, and ask, “What kind of data can I move onto the cloud that will not impact privacy and security regulations?”

Simplify for the future

From pioneering digitalization to pivoting to hybrid work, every era of digital transformation has been about optimizing organizations’ need to serve customers and grow businesses efficiently, reliably, and safely.

The process of simplifying IT requires us to assess our entire business, from customer interactions to back-end systems, and the role of data. It’s about rethinking our traditional methods and modernizing them, without the rush to rip out and replace everything.

The era of simplifying IT will test you, just like every era before it did, but the ultimate reward of a more simplified IT infrastructure is unified experiences that connect your customers and teams through technologies, applications, and networks that all work as one.


Saturday 16 December 2023

Secure Workload and Secure Firewall: The recipe for a robust zero trust cybersecurity strategy

You hear a lot about zero trust microsegmentation these days and rightly so. It has matured into a proven security best-practice to effectively prevent unauthorized lateral movement across network resources. It involves dividing your network into isolated segments, or “microsegments,” where each segment has its own set of security policies and controls. In this way, even if a breach occurs or a potential threat gains access to a resource, the blast radius is contained.

And like many security practices, there are different ways to achieve the objective, and typically much of it depends on the unique customer environment. For microsegmentation, the key is to have a trusted partner that not only provides a robust security solution but gives you the flexibility to adapt to your needs instead of forcing a “one size fits all” approach.

Now, there are broadly two different approaches you can take to achieve your microsegmentation objectives:

◉ A host-based enforcement approach where the policies are enforced on the workload itself. This can be done by installing an agent on the workload or by leveraging APIs in public cloud.
◉ A network-based enforcement approach where the policies are enforced on a network device like an east-west network firewall or a switch.

While a host-based enforcement approach is immensely powerful because it provides access to rich telemetry in terms of processes, packages, and CVEs running on the workloads, it may not always be a pragmatic approach for a myriad of reasons. These reasons can range from application team perceptions, network security team preferences, or simply the need for a different approach to achieve buy-in across the organization.

Long story short, to make microsegmentation practical and achievable, it’s clear that a dynamic duo of host and network-based security is key to a robust and resilient zero trust cybersecurity strategy. Earlier this year, Cisco completed the native integration between Cisco Secure Workload and Cisco Secure Firewall delivering on this principle and providing customers with unmatched flexibility as well as defense in depth. Let’s take a deeper look at what this integration enables our customers to achieve and some of the use cases.

Use case #1: Network visibility via an east-west network firewall

The journey to microsegmentation starts with visibility. This is a perfect opportunity for me to insert the cliché here – “What you can’t see, you can’t protect.” In the context of microsegmentation, flow visibility provides the foundation for building a blueprint of how applications communicate with each other, as well as users and devices – both within and outside the datacenter.

The integration between Secure Workload and Secure Firewall enables the ingestion of NSEL flow records to provide network flow visibility, as shown in Figure 1. You can further enrich this network flow data by bringing in context in the form of labels and tags from external systems like CMDB, IPAM, identity sources, etc. This contextually enriched data set allows you to quickly identify the communication patterns and any indicators of compromise across your application landscape, enabling you to immediately improve your security posture.

Figure 1: Secure Workload ingests NSEL flow records from Secure Firewall

Secure Workload and Secure Firewall: The recipe for a robust zero trust cybersecurity strategy

Use case #2: Microsegmentation using the east-west network firewall

The integration of Secure Firewall and Secure Workload provides two powerful complimentary methods to discover, compile, and enforce zero trust microsegmentation policies. The ability to use a host-based, network-based, or mix of the two methods gives you the flexibility to deploy in the manner that best suits your business needs and team roles (Figure 2).

And regardless of the approach or mix, the integration enables you to seamlessly leverage the full capabilities of Secure Workload including:

  • Policy discovery and analysis: Automatically discover policies that are tailored to your environment by analyzing flow data ingested from the Secure Firewall protecting east-west workload communications.
  • Policy enforcement: Onboard multiple east-west firewalls to automate and enforce microsegmentation policies on a specific firewall or set of firewalls through Secure Workload.
  • Policy compliance monitoring: The network flow information, when compared against a baseline policy, provides a deep view into how your applications are behaving and complying against policies over time. 

Figure 2: Host-based and network-based approach with Secure Workload

Secure Workload and Secure Firewall: The recipe for a robust zero trust cybersecurity strategy

Use case #3: Defense in depth with virtual patching via north-south network firewall

This use case demonstrates how the integration delivers defense in depth and ultimately better security outcomes. In today’s rapidly evolving digital landscape, applications play a vital role in every aspect of our lives. However, with the increased reliance on software, cyber threats have also become more sophisticated and pervasive. Traditional patching methods, although effective, may not always be feasible due to operational constraints and the risk of downtime. When a zero-day vulnerability is discovered, there are a few different scenarios that play out. Consider two common scenarios: 1) A newly discovered CVE poses an immediate risk and in this case the fix or the patch is not available and 2) The CVE is not highly critical so it’s not worth patching it outside the usual patch window because of the production or business impact. In both cases, one must accept the interim risk and either wait for the patch to be available or for the patch window schedule.

Virtual patching, a form of compensating control, is a security practice that allows you to mitigate this risk by applying an interim protection or a “virtual” fix to known vulnerabilities in the software until it has been patched or updated. Virtual patching is typically done by leveraging the Intrusion Prevention System (IPS) of Cisco Secure Firewall. The key capability, fostered by the seamless integration, is Secure Workload’s ability to share CVE information with Secure Firewall, thereby activating the relevant IPS policies for those CVEs. Let’s take a look at how (Figure 3):

  • The Secure Workload agents installed on the application workloads will gather telemetry about the software packages and CVEs present on the application workloads.
  • A workload-CVE mapping data is then published to Secure Firewall Management Center. You can choose the exact set of CVEs you want to publish. For example, you can choose to only publish CVEs that are exploitable over network as an attack vector and has CVSS score of 10. This would allow you to control any potential performance impact on your IPS.
  • Finally, the Secure Firewall Management Center then runs the ‘firepower recommendations’ tool to fine tune and enable the exact set of signatures that are needed to provide protection against the CVEs that were found on your workloads. Once the new signature set is crafted, it can be deployed to the north-south perimeter Secure Firewall.

Figure 3: Virtual patching with Secure Workload and Secure Firewall

Secure Workload and Secure Firewall: The recipe for a robust zero trust cybersecurity strategy

Flexibility and defense in depth is the key to a resilient zero trust microsegmentation strategy

With Secure Workload and Secure Firewall, you can achieve a zero-trust security model by combining a host-based and network-based enforcement approach. In addition, with the virtual patching ability, you get another layer of defense that allows you to maintain the integrity and availability of your applications without sacrificing security. As the cyber threat landscape continues to evolve, harmony between different security solutions is undoubtedly the key to delivering more effective solutions that protect valuable digital assets.


Thursday 14 December 2023

The Technology That’s Remaking OU Health into a Top-Tier Medical Center

The Technology That’s Remaking OU Health into a Top-Tier Medical Center

I hold daily status meetings with various groups within our technology team, and the questions almost always drifts to: “What’s today’s challenge?”  Sometimes that challenge might be, “We can’t print at one of our ambulatory care facilities,” or “Today, we can’t send diagnostic images to our remote Radiologists.” The meeting helps us to focus our attention, and as the CTO of OU Health in Oklahoma City, my job is to eliminate the issues that crop up on those meetings and work to minimize or eliminate these issues repeating in the future.

To do so, we needed to tackle the root of the problem. This, along with our desire to replace our electronic health record and revenue cycle system, contributed to OU Health’s decision to completely overhaul our IT infrastructure in support of our long-term organizational needs.

OU Health strives to bring innovation to our patients. As an academic health system, we operate one of 71 National Cancer Institute-designated cancer centers in the country, Oklahoma’s only Level I trauma center and the state’s highest level NICU, offering high-quality patient care and running clinical trials leading to exciting new treatments. More than solving our daily headaches, our IT overhaul will fundamentally transform how we manage our infrastructure and administer the enterprise and clinical systems we use to support our healthcare professionals and patients.

A complete revamp of a health system’s IT infrastructure is a daunting task. To use a well-worn cliché, it is like trying to work on the engine of a moving train. The process has taken dedication and careful planning, the work of my team and the support of technology partners like Cisco to put together and roll out a solution across OU Health’s sites.

A Fresh Start, a Greenfield Network, and Some Limitations

I have had the privilege of working in healthcare IT for over 13 years. My previous experience includes serving as the VP of Technology Architecture at Cablevision for seven years and two years at Discovery as the SVP of Enterprise Architecture, where I gained a wealth of knowledge in telecommunications and entertainment. Following a six-month sabbatical, I had the opportunity to return to my previous role, but I decided to use my expertise to assist others in a much more impactful way. Watching my wife struggling for years with her organization’s IT as a family practice provider and educator made me realize the difficulties that arise when dealing with healthcare IT systems. Thanks to a friend I had worked with earlier in my career, I joined a healthcare consulting company launching my career in healthcare IT to help physicians and patients achieve the best possible outcomes in medical care.

OU Health officially launched in July 2021, following a historic merger that combined the University of Oklahoma College of Medicine faculty practice and OU Medicine, Inc. (sole member, University Hospitals Trust) to create OU Health — Oklahoma’s first fully integrated academic health system. The merger aligned the OU Health clinical enterprise with national best practices across the healthcare industry and enabled the hospitals and clinics to become one unified and cohesive organization.

Since my arrival at OU Health in March of 2022, I have worked closely with our IT leadership team on the Epic migration project. This initiative moved OU Health to a new EHR system. To achieve this, we deployed a greenfield solution, which involved setting up new networks, systems, data centers and applications, while keeping our legacy systems running.

Unfortunately, our environment was not in the best shape. It featured outdated equipment, overlapping solutions, outdated code, unpatched equipment, and more, which caused numerous challenges. Our network was also very slow, which meant that it took 15 to 30 minutes for a radiologist to download X-rays and CAT scans at our remote locations.

This hindered workflows and caused frustration among our clinicians and hospital staff. They had to call us whenever something went wrong, and we had no way to proactively monitor and restore our systems. When a link went down, we didn’t know how to repair it. It was clear that an overhaul was necessary to ensure that our healthcare professionals could focus on caring for their patients and not worry about technical issues.

We Wanted Redundancy, Resilience, and Performance—That Meant Cisco

Healthcare organizations are somewhat conservative when procuring IT. We don’t look for the newest solution, nor do we look at the cheapest. We don’t cut costs because patients’ lives are at stake. Instead, we look at the most advanced tried and true systems. We take this approach when selecting lab equipment, imaging and diagnostic systems, surgical supplies, and more.

At OU Health, we have a long-standing relationship with Cisco, and our lead engineer holds CCIE Enterprise Infrastructure certification. Our internal project manager also brings decades of experience in managing large-scale Cisco deployments. We all know that Cisco can deliver highly performant, redundant and resilient infrastructure. However, my job requires me to be objective, so I attend events like Gartner Summits and the annual HIMSS Global Health Conference & Exhibition to see what’s out there. I have an excellent grasp of the technology landscape, and I’ve yet to find a partner that can deliver on its promises like Cisco.

Hospitals are 24/7 institutions, and hospital infrastructure must fully support a never-down scenario.

When we created the specifications for our new environment, we looked at three things: high redundancy, high resilience, and high performance. OU Health, like most healthcare organizations, runs 24 hours a day, seven days a week, and our infrastructure must fully support a never-down scenario. When it came time to build our new environment, we didn’t ask, “Why Cisco?” The real question was, “Why not Cisco?”

The Technology That’s Remaking OU Health into a Top-Tier Medical Center

Redefining Our Network with Software-Defined Networking

When it came time to pitch our new infrastructure, the team worked with Cisco’s network architects, external partners, and our internal lead architects. We put together a funding request and presented it to our board. We expected our executives to approve less than what our budgeted request was, but instead we were given the green light to build everything we had asked for – a state-of-the-art network and system environment that would put OU Health on the map as a top-tier medical center.

We built our new network on Cisco technology. Its core layer is Cisco ACI (Application Centric Infrastructure), a software-defined networking solution, to help segment our network. We built redundant high-speed links throughout our Wide Area Network (WAN) and multiple paths connecting our core network to our hospitals, clinics, and ambulatory systems. Then we have multiple routers to handle our software-defined network and segmentation. If a router or segment fails, we divert traffic to an alternative path.

We use Cisco ACI to route traffic to specific destinations within our network. A great example is lab results. Our lab equipment doesn’t communicate with the outside world, but our technicians must send results to our EMR. So, we’ve segmented the network to transfer results only to specific servers that then upload them to our records systems.

Patient health includes their healthcare data, and we prioritize the security around our patients’ protected health information (PHI). We used ACI to create a firewalled zone for PHI and other sensitive data per HIPAA regulations. Users can only access that environment if they’re performing a transaction requiring that information.

We also use Cisco UCS servers for scalable efficiency and agility, Cisco Identity Services Engine (ISE) for endpoint management, and we go end-to-end on Cisco wireless solutions, consisting of Cisco Catalyst 9130AX and 9166 access points and 9800-80 controllers. In addition, we adopted Cisco VDI to integrate some of our legacy systems (running on ancient machines) into our new infrastructure. Virtualizing these allows us to keep them running until we’re able to replace the systems without disrupting care.

Migrating Our Data Centers to Ensure IT Transparency

Our three new data centers carry the load of our new network. Two of our data centers are active/active and mirror each other, splitting our workloads in two and with each facility running at 50% capacity. Our third data center is for disaster recovery (DR) and has redundant links to all our hospitals, clinics, and ambulatory systems. Should the unthinkable happen and our primary data centers fail, the third data center will ensure we remain operational.

One of our biggest challenges and opportunities was migrating our systems and infrastructure to new, more sustainable data centers. Instead of building our own on-prem data centers, we decided to partner with a top-tier co-location facility who could host our data centers and lower our footprint dramatically. We partnered with TierPoint, and were one of the first clients at their new facility built with efficiency in mind. They architected the power, cooling, HVAC, and building materials to reduce their carbon footprint. We benefit from robust redundancy and backup features, and the energy-efficient technology helps lower our operating expenses while protecting the environment. Moving our data center off-prem was one of our best business and tech decisions.

On June 3, 2023, OU Health went live with Epic and our new infrastructure. We had already moved to our new primary network in March 2023, but this was the final test. We are already reaping the rewards of our new Cisco infrastructure. We’re no longer fielding complaints about slow Wi-Fi speeds, connection failures, network segment outages and VPN issues. OU Health can access what they need quickly, getting patients what they need faster. I look forward to sitting down with our care teams to find ways to expand, innovate and build on our new platform.

Cisco Is Helping OU Health Elevate Our Organization

Before long, my IT team will be able to leverage our new Cisco network to enable and execute OU Health’s business vision. We can integrate new departments, locations, and facilities into our network faster because we anticipated the need to build more WAN connections and have a comprehensive map of both current and future state. In the past, every network addition was a one-off event. But now, we can expand our platform as needed to add powerful new applications like data analytics and population health management (PHM) tools to aggregate patient information across multiple systems and technologies. Now that we have rolled out Epic, we have a solid foundation to help us push the envelope of quality patient care and cutting-edge research.

The best minds gravitate to organizations that let them add value by supporting a business vision instead of fixing things.

Our new Cisco infrastructure is a valuable retention and recruitment tool. Clinicians and researchers also want to work in high-tech environments. They would prefer user-friendly systems over struggling with electronic forms, drowning in endless emails, or waiting hours for medical images, test results, and trial and patient data. When they have the most efficient tools and IT works flawlessly, they can focus on their patients and research.

OU Health is on a mission to elevate and transform our organization into a top-tier academic health system. Our leadership sees technology as key to delivering on our vision and business strategy. We are expanding our services and research initiatives and will continue to innovate in diabetes and cancer care, pediatrics, and geriatrics. We want to make a difference in Oklahoma and beyond by bringing the best medical care to the populations we serve.


Tuesday 12 December 2023

Bringing Simplicity to Security: The Journey of the Cisco Security Cloud

Bringing Simplicity to Security: The Journey of the Cisco Security Cloud

In June of 2022 at the RSA Conference, we announced our vision for the Cisco Security Cloud Platform. We set out to provide an integrated experience to securely connect people and devices everywhere to applications and data anywhere. We focused on providing an open platform for threat prevention, detection, response, and remediation capabilities at scale. Since the announcement, we’ve been working hard to deliver, and the core of what we’ve accomplished has been rooted in how we can bring simplicity to security, and simplicity for our customers.

Bringing Simplicity to Security: The Journey of the Cisco Security Cloud

Our platform vision was founded with five key design goals in mind: Cloud-native, multicloud, unified, simplified, AI-first, and open and extensible. Here’s how we have executed on our vision since we launched the Cisco Security Cloud:

  • We delivered Cisco Secure Access, a cloud-delivered security service edge (SSE) solution, grounded in zero trust, that provides our customers exceptional user experience and protected access from any device to anywhere.
  • We improved zero-trust functionality with an integrated client experience (Secure Client), and industry first partnerships with Apple and Samsung using modern protocols to deliver user friendly, zero trust access to private applications, and improved network traffic visibility.
  • We delivered our Extended Detection and Response (XDR) solution with first-of-its-kind capabilities for automatically recovering from ransomware attacks that costs businesses billions of dollars annually.
  • We have made significant investments in advanced technologies and top talent in strategic areas like multicloud defense, artificial intelligence, and identity with the acquisitions of Valtix, ArmorBlox, and Oort.
  • We simplified how customers can procure tightly integrated solutions from us with our first set of Security Suites (User, Cloud, and Breach Protection) that are powered by AI, built on zero trust principles, and delivered by our Security Cloud platform.
  • We have taken a major step in making artificial intelligence pervasive in the Security Cloud with the new Cisco AI Assistant for Security, and introduction of our AI Assistant for Firewall Policy. Managing, updating, and deploying policies is one of the most complex and time-consuming tasks that is fraught with human error. Our AI Assistant solves the complexity of setting and maintaining these policies and firewall rules.

Our goal continues to be lifting the complexity tax for customers

While I’m certainly proud of the tremendous progress we have made in the last two years, I know there’s still work to be done. It’s a well-known fact that within security industry, every time there is a new problem, there would be a cluster of security companies that spring up to solve that problem. This whac-a-mole approach can certainly challenge efficiency but, more importantly, it puts the burden on the customer to constantly deploy a new vendor, a new tool, and manage siloed data. I refer to this as customers paying the “complexity tax”.

This has created fatigue among security practitioners and increased interdependencies, blind spots, and unpredictability as evidenced by the eye-opening data from Gartner showing that 75% of organizations today are pursuing security vendor consolidation. Customers should not have to spend time deciphering what products they need in order to solve their specific security challenges. That should be our job and I take this responsibility to heart.

What’s crucial to our success is to listen to the voice of our customers, which is a powerful force in helping us steer in the right direction. We always appreciate candid feedback we get from customers. A couple of recent reminders we got from customers include:

  • Customers value things that will minimize disruption when migrating to a new solution or platform. They need our help to simplify and make this process easier through features like the Cisco Secure Firewall Migration Tool and the Cisco AI Assistant for Security.
  • We must be mindful that there are operational and business costs associated, and vendor or software consolidation may not always be as easy as technology migration – for example, factoring in for cost of existing software licenses of decommissioned products.
  • Hybrid cloud is the de facto operating model for companies today and security is no exception. We must continue to deliver the benefits of cloud operating model and SaaS-like functionality to on-premises security environments.

The Road Ahead

As we mentioned at launch, fulfilling the Security Cloud vision is a multi-year commitment and journey. From the Cisco Security Engineering standpoint, our go-forward strategy and priorities include:

  • A major priority is for us to optimize the user experience and simplify management across our portfolio for features and products we have shipped. We will continue to focus on delivering innovation from a customer-centric approach and shifting focus from deliverables to outcomes; the business value we can provide and what problems we can solve.
  • Working closely with our customers to prioritize customer-found defects or security vulnerabilities as we develop new features. In general, security efficacy continues to be one of our top objectives for Cisco Security engineering.
  • Harnessing the incredible power and potential of generative AI technology to revolutionize threat response and simplify security policy management. Solving these problems is one of the first “killer applications” for AI and we’re only scratching the surface of what we can do from AI-driven innovation.
  • With Oort’s identity-centric technology, we will enhance user context telemetry and incorporate their capabilities across our portfolio, including our Duo Identity Access Management (IAM) technology and Extended Detection and Response (XDR) portfolios.
  • Leveraging our cloud-native expertise and decades of on-premises experience to reimagine and redefine how security appliances are deployed and used.

We are making big moves, and our Cisco Security Cloud journey continues. Our vision is realized through innovation, and innovation comes from new technology, new concepts for mature technologies, and new ways to build, buy or use our capabilities. Stay tuned on more news from us as we continue to deliver some of the most exciting innovation areas for Cisco and the security industry at large.


Saturday 9 December 2023

How Cisco Black Belt Academy Learns from Our Learners

Cisco Black Belt Academy offers the latest in technology enablement to our partners, distributors, and Cisco employees. With ever-changing industry trends and market dynamics, an in-depth understanding of end-users’ requirements is of supreme importance, and we strive to offer the best in Partner Experience.

Learning from our learners

Listen-Learn-Act-Repeat is a never ending cycle at Black Belt Academy. We endeavor to engage our partners in a variety of ways to offer Black Belt Academy courses that help them succeed. With an exhaustive enablement catalogue, we ensure that we are in sync with the wants of our learners. Our Partner Experience team works tirelessly behind the scenes to support learners when they need help.

How Cisco Black Belt Academy Learns from Our Learners

In principle, we believe in having a symbiotic approach in the way we go about doing business: we are as good as our learners on any given day.

Constantly refining based on learners’ input

We have identified specific touch points to include our partners’ input in refining our Learning Plans:

Voice of the Partner: The initiative is a part of Global Partner Routes and Sales. It is designed to understand the perspective of our consumers across all Cisco verticals. Such inputs help us in innovating and upgrading our offerings.

Partner Listening: Taking cue of the Voice of the Partner initiative, we have set forth a Partner Listening activity that caters to Black Belt-specific partners and distributors. We take pride in the fact that the initiative has increased our engagement levels with our consumers. Our platform refinement and the revamped framework of our learning courses exemplifies our commitment towards developing user-oriented products.

Review and Feedback: At the end we have the Review/Feedback option attached to our courses. This might be a contemporary tool, but it is nevertheless very important at sorting escalations at the earliest.

Your voice, our actions

The feedback received is diligently addressed by our entire Black Belt Team. We make deliberate efforts to accommodate the requested changes from our partners, especially those that affect our overall engagement and user experience. Our Annual Refresh is dedicated to integrating these changes into both the Platform Experience and the curated content. The Black Belt Content BDMs collaborate to enhance the quality of assets and the context of trainings each year, ensuring we provide what you need in the manner you need it.

An experience based on learners’ needs

We take pride in being among a handful of organizations whose product orientation is based on customers’ wants. Through the implementation of both proactive and reactive measures, we ensure our learners have the best experience. As you learn from us rest assured, we are continuously learning from you.


Wednesday 6 December 2023

Why You Should Pass Cisco 350-701 SCOR Exam?

The CCNP Security credential confirms your expertise in security solutions. Achieving the CCNP Security certification involves successfully completing two exams: one covering core security technologies and another focusing on a security concentration of your choosing. This article will concentrate on the core examination known as "Implementing and Operating Cisco Security Core Technologies" (350-701 SCOR).

What Is the Cisco 350-701 SCOR Exam?

The 350-701 SCOR exam by Cisco assesses a wide range of competencies, encompassing network, cloud, and content security, as well as endpoint protection and detection. It also evaluates skills in ensuring secure network access, visibility, and enforcement.

The SCOR 350-701 exam, titled "Implementing and Operating Cisco Security Core Technologies v1.0," lasts for 120 minutes and includes 90-10 questions. It is linked to certifications such as CCNP Security, Cisco Certified Specialist - Security Core, and CCIE Security. The exam focuses on the following objectives:

  • Security Concepts (25%)
  • Network Security (20%)
  • Securing the Cloud (15%)
  • Content Security (15%)
  • Endpoint Protection and Detection (10%)
  • Secure Network Access, Visibility, and Enforcement (15%)
  • Tips and Tricks to Pass the Cisco 350-701 SCOR Exam

    When dealing with Cisco exams, it's essential to be clever and strategic. Here are some tips and techniques you can employ to excel in your Cisco 350-701 exam:

    1. Have a Good Grasp of the Cisco 350-701 SCOR Exam Content

    Initially, it's crucial to possess a well-defined understanding of the examination format. You must comprehend the expectations placed on you, enabling you to confidently provide the desired responses without hesitating among seemingly comparable choices.

    2. Familiarize Yourself With the Exam Topics

    Gaining insight into the goals of the Cisco SCOR 350-701 Exam can be highly advantageous. It allows you to identify the key concepts within the course, enabling a more concentrated effort to acquire expertise in those specific areas.

    3. Develop a Study Schedule

    Having a study schedule is crucial as it enhances organization and ensures comprehensive coverage. It provides a clear overview of the time available before the exam, allowing you to determine the necessary study and practice duration.

    5. Perform Cisco 350-701 SCOR Practice Exams

    Engaging in practice exams assists in identifying areas of deficiency, areas for improvement, and whether there's a need to enhance speed. You can access dependable Cisco 350-701 SCOR practice exams on the nwexam website. Repeat the practice sessions, pinpoint your weaker areas, monitor your results, and ultimately build confidence in your knowledge and skills.

    6. Engage in Online Forums

    Numerous online communities are specifically focused on Cisco certifications and exams. By becoming a part of these communities, you can connect with individuals possessing relevant experience or working as professionals in the field. Their insights and recommendations will assist you in steering clear of errors and optimizing your work efficiency.

    7. Brush Up on Your Knowledge Right Before the Exam

    Having a concise set of notes that you can review just before the exam is beneficial. This aids in activating your memory and bringing essential knowledge to the forefront of your mind, saving valuable time that might otherwise be spent trying to recall information.

    8. Strategies for Multiple-Choice Questions

    Utilizing Multiple-Choice Questions strategies is beneficial when you're uncertain about the correct answer. For instance, employing the method of eliminating incorrect options can be effective. It's also advisable to skip questions that are challenging, proceeding to the others without spending excessive time on them. Complete the remaining Cisco 350-701 questions and return to the challenging one later.

    Why Should You Pass the Cisco 350-701 SCOR Exam?

    Indeed, examinations are commonly undertaken to acquire the knowledge and skills necessary to address human challenges. Successfully completing the Cisco 350-701 SCOR exam offers more than just that – it grants the CCNP Security certification and additional advantages, including:

    1. Set Yourself Apart From the Crowd

    The job landscape for IT professionals is intensely competitive. Simultaneously, hiring managers are compelled to seek exceptionally skilled candidates. Consequently, only individuals who have demonstrated dedication and commitment to their careers through examinations and certifications are chosen. Opting for a Cisco 350-701 SCOR exam also signifies your enthusiasm and practical expertise in your professional domain.

    2. Official Validation

    Consider the perspective of the hiring manager: asserting your proficiency in network security technologies through words alone may not be highly persuasive. However, when your resume is enhanced by an industry-standard certification from a reputable vendor, additional explanations become unnecessary. The esteemed reputation of Cisco in the networking field alone is sufficient to secure a job.

    3. Showcase Your Professional Relevance

    Many employers prefer to recruit versatile professionals capable of undertaking diverse responsibilities within a company. Successfully completing the Cisco 350-701 SCOR exam demonstrates your accurate understanding of workplace technologies and your capacity to contribute to organizational empowerment. In essence, certification assures your employer that your skill set aligns with the requirements of their job position.

    4. Boost Your Earnings

    Attaining the CCNP Security certification opens doors to lucrative opportunities for increased earnings. Additionally, you become eligible for job positions that offer higher salaries compared to those available to non-certified professionals.

    5. Propel Your Career Advancement Swiftly

    If you've been aiming for promotions within your company, obtaining CCNP Security certification can be instrumental in reaching even managerial positions. The widespread application of Routing and Switching technologies in many organizations is attributed to their provision of secure communication and data sharing.

    6. Reinforce Your Confidence

    Positions in networking are typically hands-on, demanding consistent performance. Successfully completing the Cisco 350-701 SCOR exam instills confidence in executing tasks, as the acquired skills provide a robust comprehension of network security. Certifications also hold significance for employers during the hiring process, serving as proof that they have selected a qualified and capable professional.


    Ascending to higher levels and achieving your aspirations in the IT field can be challenging without additional certifications validating your capabilities. Although various organizations provide numerous certifications, it's crucial to identify the one that aligns most effectively with your objectives. Otherwise, the investment of time and money could prove futile. Act promptly and secure your Cisco 350-701 SCOR certification using the best available resources tailored for you.