Hiding in Plain Sight: How Subdomain Attacks Use Your Email Authentication Against You

For years, analysts, security specialists, and security architects alike have been encouraging organizations to become DMARC compliant. This involves deploying email authentication to ensure their legitimate email has the best chance of getting to the intended recipients, and for domain owners to be quickly notified of any unauthorized usage of their domains. While together we are making progress thanks to DMARC adoption and reporting services such as Cisco’s OnDMARC offering, there’s an opportunity to do better particularly with on-going monitoring to address new and emerging threats, such as this Subdo campaign.

What’s happened?

Recently a totally new attack type has been seen that takes advantage of the complacency that an organization may have when they approached their DMARC rollout with a ‘ticked the box’ mindset.

The SubdoMailing (Subdo) campaign has been ongoing for about two years now. It sends malicious mail – that is typically authenticated – from domains and subdomains that have been compromised through domain takeover and dangling DNS issues.

These attacks were initially reported by Guardio Labs who reported the discovery of 8,000 domains and 13,000 subdomains being used for these types of attacks since 2022.

Several weeks before that, Cisco’s new DMARC partner, Red Sift, discovered what they initially thought was an isolated incident of bad senders passing SPF checks and sending emails fraudulently on behalf of one of their customers. In the customer’s instance of Red Sift OnDMARC, they noticed email was coming from a sender with a poor reputation and a subdomain that appeared unrelated to their customer’s main domain. But these emails had fully passed SPF checks with the customer’s current SPF record. Upon alerting the customer who then investigated all the ‘includes’ in their SPF record, several outdated CNAME addresses were found that had been taken over by attackers, which is what caused the issue.

What should I look out for?

The bad actors in this campaign are capitalizing on stale, forgotten or misconfigured records that were wrongfully included in DNS to send unauthorized emails. The attackers then send phishing emails as images to avoid text-based spam detection.

It is this oversight that has seen many notable organizations be impacted by these new subdomain attacks in the last few months, solely because they have not been actively monitoring in the right areas.

Proactive steps to start today:

1. Don’t let your domain names expire – these are what provide fraudsters the opportunity to carry out the attack.

2. Keep your DNS clean – Remove resource records from your DNS that are no longer in use and remove third-party dependencies from your DNS when they become redundant.

3. Use a trusted email protection provider – It makes sense to use a vendor for DMARC, DKIM and SPF requirements but be sure to use a trusted vendor with the capability to proactively identify problems, such as when part of a SPF policy is void or insecure.

4. Check for dangling DNS records – Have an inventory of hostnames that are monitored continuously for dangling resource records and third-party services. When identified, remove them immediately from your DNS.

5. Monitor what sources are sending from owned domains – If the domain or subdomain is taken over for sending, then it is important to know if mail is being sent from it as quickly as possible.

What else should I do?

If you are wondering if you have been impacted by SubdoMailing, the best place to start is Red Sift Investigate, this will provide you with a review of your domain such as can be seen below:

Should this valuable tool reveal any ‘SubdoMailers’ – also known as poisoned includes – the Red Sift SPF Checker allows you to visualize them in a dynamic ‘SPF tree’, allowing you to quickly pinpoint where they are and speed up remediation efforts, an example of a dynamic SPF tree can be seen below: –

The OnDMARC Adoption and Reporting Solution that Cisco partners with Red Sift on has already been updated to uncover exactly these issues directly within the tool to ensure our customers are protected.

If you’d like to learn more then sign up for a free SubDo vulnerability scan to get in-depth insight into your current threat landscape, covering email and domain security, and uncover any potential DNS vulnerabilities.

If you’re a Cisco Secure Email customer, find out how you can quickly add Red Sift domain protection to your security suite and better detect that image-based spam.

Source: cisco.com

Continue reading

SD-Routing: Unlock Agility and Efficiency for the Secure WAN Edge

Many Cisco enterprise customers have decades of Cisco Catalyst routing and security capabilities functioning at branch locations. However, many of their traditional network management solutions can’t keep up with the demands of cloud adoption, remote work, and ever-growing user expectations. This translates to poor user experience, sluggish applications, and possible security vulnerabilities. These factors are driving the need for a transformation across applications, networks, and security.

This operational paradigm shift aims to seamlessly connect users anywhere to any application and secure user access by protecting against evolving threats. The answer to these operational challenges is Cisco’s software-defined routing (SD-Routing) solution. It goes beyond traditional per-device-based management by enabling full frictionless lifecycle device management, monitoring, configuration, and troubleshooting—as well as robust, next-generation firewall security integrations—from a single dashboard that doesn’t require any changes to your existing environment.

Figure 1. SD-Routing solution overview

Let’s explore some key use cases of SD-Routing that can transform your network:

Frictionless device lifecycle management. Simplify and prepare your network for the future with one management platform. SD-Routing, controlled through the Cisco Catalyst SD-WAN Manager dashboard, can:

• Unify management: Manage device software upgrades, monitoring, and troubleshooting through the intuitive Catalyst SD-WAN Manager dashboard. This simplifies network operations and empowers you to manage both traditional routing and Catalyst SD-WAN environments.
• Tame legacy challenges: Simplify complex legacy operations with SD-Routing. Basic troubleshooting tools within the manager help you maintain and optimize performance. Continuous updates ensure your network stays ahead of the curve.
• Combat configuration drift: Manage and track changes with a unified platform. Use the manager to create configuration templates for standardized deployments and future SD-WAN migration.

Network administrators might be using homegrown automation or third-party vendor tools to solve these problems. You can continue to use these tools, but you don’t need to invest further. Rather, take advantage of SD-WAN Manager, which comes as a part of Catalyst licensing.

Security

Configuring diverse IOS XE security features through the command-line interface (CLI) or customized ad hoc scripts has historically been a complex, labor-intensive process that is prone to errors. This is especially true for defining granular security policies across zones and containers. With the introduction of SD-Routing guided security workflows, customers aiming to implement robust, next-generation firewall (NGFW) security on their on-premises routers will find this a valuable addition, allowing for consistent policy application across deployments. Many customers want Direct Internet Access (DIA) at their branch offices, but security concerns hold them back. SD-Routing can streamline secure DIA deployment on WAN edge routers, offering a simpler approach to securing distributed networks.

Cloud on-ramp for multicloud

Traditional network teams often struggle to securely extend their WANs to cloud providers, where key enterprise applications may reside. SD-Routing simplifies this process, especially for those who are hesitant to adopt it. With SD-Routing, you can securely connect to cloud providers like AWS and Azure following best practices, without months of learning complex, cloud-specific configurations. This empowers you to seamlessly connect to cloud providers and focus on your business outcomes.

As you tackle the modern network challenges, explore SD-Routing to simplify, streamline, secure, and future-proof your WAN environment. The single management platform for Catalyst SD-WAN and SD-Routing saves time and operational expenses with agile and automated workflows that quickly respond to network changes.

Beyond these immediate benefits, SD-Routing also can help strategically position your network for simplified future migrations to SD-WAN, depending on where you are in your digital transformation journey.

Whether you have existing enterprise networking equipment in your WAN or are considering a future purchase of Cisco Catalyst 8000 Edge Platforms, Cisco 1000 Series Integrated Service Routers, Cisco 1000 Series Aggregation Service Routers, or Industrial Routers, SD-Routing can unlock their full potential. Even better, if you’re already using Cisco Catalyst SD-WAN Manager, you can leverage the same platform to manage your SD-Routing deployments.

Source: cisco.com

Continue reading

GenAI will Transform B2B Interactions and Solutions in the Year Ahead with New Depth of Context and Control

Human-like interaction with B2B solutions, bespoke multimodal LLMs for better accuracy and precision, curated workflow automation via LAMs and customized B2B applications will become the norm as GenAI expands in the business sphere.

With the rapid launch of new solutions powered by generative AI (GenAI), the business-to-business (B2B) landscape is being reshaped in front of our eyes. Many organizations have taken a cautious and meticulously planned approach to widespread adoption of artificial intelligence (AI), however the Cisco AI Readiness Index reveals just how much pressure they are now feeling.

Adverse business impacts are anticipated by 61% of organizations if they have not implemented an AI strategy within the next year. In some cases, the window may even be narrower as competitors pull away, leaving very little time to properly execute plans. The clock is ticking, and the call for AI integration – especially GenAI – is now louder than ever.

In her predictions of tech trends for the new year, Chief Strategy Officer and GM of Applications, Liz Centoni said GenAI-powered Natural Language Interfaces (NLIs) will become the norm for new products and services. “NLIs powered by GenAI will be expected for new products and more than half will have this by default by the end of 2024.”

NLIs allow users to interact with applications and systems using normal language and spoken commands as with AI assistants, for instance, to instigate functionality and dig for deeper understanding. This capability will become available across most business-to-consumer (B2C) applications and services in 2024, especially for question-and-answer (Q&A) type of interactions between a human and a “machine”. However, associated B2B workflows and dependencies will require additional context and control for GenAI solutions to effectively elevate the overall business.

The point-and-click approach enabled by graphic user interfaces (GUIs) effectively binds users to a limited set of capabilities, and a restricted view of data that is based on the GUI requirements set by the business at the point of design. Multi-modal prompt interfaces (mainly text and audio) are fast changing that paradigm and expanding the UI/UX potential and scope. In the coming year, we’ll see B2B organizations increasingly leverage NLIs and context to “ask” specific questions about available data, freeing them from traditional constraints and offering a faster path to insight for complex queries and interactions.

A good example of this is the contact center and its system support chatbots as a B2C interface. Their user experience will continue to be transformed by GenAI-enabled NLIs and multi-modal assistants in 2024, but the natural next step is to enrich GenAI with additional context, enabling it to augment B2B dependencies (like services) and back-end systems interactions, like application programming interfaces (APIs) to further boost accuracy and reach, minimize response time, and enhance user satisfaction.

Meanwhile, as the relevance of in-context faster paths to insights increases and the associated GenAI-enabled data flows become mainstream, large action models (LAMs) will start to be considered as a potential future step to automate some of enterprise workflows, most likely starting in the realm of IT, security, and auditing and compliance.

Additional B2B considerations with GenAI

As Centoni said, GenAI will be increasingly leveraged in B2B interactions with users demanding more contextualized, personalized, and integrated solutions. “GenAI will offer APIs, interfaces, and services to access, analyze, and visualize data and insights, becoming pervasive across areas such as project management, software quality and testing, compliance assessments, and recruitment efforts. As a result, observability for AI will grow.”

As the use of GenAI grows exponentially, this will simultaneously amplify the need for comprehensive and deeper observability. AI revolutionizes the way we analyze and process data, and observability too is fast evolving with it to offer an even more intelligent and automated approach from monitoring and triage across real-time dependencies up to troubleshooting of complex systems and the deployment of automated actions and responses.

Observability over modern applications and systems, including those that are powered by or leverage AI capabilities, will be increasingly augmented by GenAI for root-cause analysis, predictive analysis and, for example, to drill down on multi-cloud resource allocation and costs, as well as the performance and security of digital experiences.

Driven by growing demand for integrated solutions they can adapt to their specific needs, B2B providers are turning to GenAI to power services that boost productivity and accomplish tasks more efficiently than their current systems and implementations. Among these is the ability to access and analyze vast volumes of data to derive insights that can be used to develop new products, optimize dependencies, as well as design and refine the digital experiences supported by applications.

Starting in 2024, GenAI will be an integral part of business context, therefore observability will naturally need to extend to it, making the full stack observability scope a bit wider. Besides costs, GenAI-enabled B2B interactions will be particularly sensitive to both latency and jitter. This fact alone will drive significant growth in demand over the coming year for end-to-end observability – including the internet, as well as critical networks, empowering these B2B interactions to keep AI-powered applications running at peak performance.

On the other hand, as businesses recognize potential pitfalls and seek increased control and flexibility over their AI models training, data retention, and expendability processes, the demand for either bespoke or both domain-specific GenAI large language models (LLMs) will also increase significantly in 2024. As a result, organizations will pick up the pace of adapting GenAI LLM models to their specific requirements and contexts by leveraging private data and introducing up-to-date information via retrieval augmented generation (RAG), fine-tuning parameters, and scaling models appropriately.

Moving fast towards contextual understanding and reasoning

GenAI has already evolved from reliance on a single data modality to include training on text, images, video, audio, and other inputs simultaneously. Just as humans learn by taking in multiple types of data to create more complete understanding, the growing ability of GenAI to consume multiple modalities is another significant step towards greater contextual understanding.

These multi-modal capabilities are still in the early stages, although they are already being considered for business interactions. Multi-modality is also key to the future of LAMs – sometimes called AI agents – as they bring complex reasoning and provide multi-hop thinking and the ability to generate actionable outputs.

True multi-modality not only improves overall accuracy, but it also exponentially expands the possible use cases, including for B2B applications. Consider a customer sentiment model tied to a forecast trending application that can capture and interpret audio, text, and video for complete insight that includes context such as tone of voice and body language, instead of simply transcribing the audio. Recent advances allow RAG to handle both text and images. In a multi-modal setup, images can be retrieved from a vector database and passed through a large multimodal model (LMM) for generation. The RAG method thus enhances the efficiency of tasks as it can be fine-tuned, and its knowledge can be updated easily without requiring entire model retraining.

With RAG in the picture, consider now a model that identifies and analyzes commonalities and patterns in job interviews data by consuming resumes, job requisitions across the industry (from peers and competitors), online activities (from social media up to posted lectures in video) but then being augmented by also consuming the candidate-recruiter emails interactions as well the actual interview video calls.   That example shows how both RAG and responsible AI will be in high demand during 2024.

In summary, in the year ahead we will begin to see a more robust emergence of specialized, domain-specific AI models. There will be a shift towards smaller, specialized LLMs that offer higher levels of accuracy, relevancy, precision, and efficiency for individual organizations and needs, along with niche domain understanding.

RAG and specialized LLMs and LMMs complement each other. RAG ensures accuracy and context, while smaller LLMs optimize efficiency and domain-specific performance. Still in the year ahead, LAM development and relevance will grow, focusing on the automation of user workflows while aiming to cover the “actions” aspect missing from LLMs.

The next frontier of GenAI will see evolutionary change and totally new aspects in B2B solutions.  Reshaping business processes, user experience, observability, security, and automated actions, this new AI-driven era is shaping itself up as we speak and 2024 will be an inflection point in that process.   Exciting times!

Source: cisco.com

Continue reading

Increase Market Share Quickly with Cisco Specializations and GTM Tools

Your Managed Services opportunity with Cisco is exploding, with a total addressable market of $161 Billion by 2027. Within that, the SMB segment is growing 1.6 times faster than other segments. However, you may not realize how quickly and easily we can help you capture more of this market. Here’s how the Cisco Partner Program and incentives help:

• Differentiate yourself from your competition by earning more Cisco Powered Services Specializations and pave your way to Gold-level advantages.
• Use your market development funds for business development, demand generation, funding headcount, and internal training.
• Leverage ready-made marketing kits and templates and get access to experts to help you grow your business.
• Earn greater pricing incentives and discounts that help you reach your revenue goals faster. Cisco continuously updates and adds marketing resources, so you can maximize your earning potential as your sales grow.

Growth drivers

Customers want speed and flexibility when achieving their targeted business outcomes, and with managed services as part of your value proposition, you can deliver both. Organizations across all industries face a common set of business challenges: lean IT staffs in complex IT environments, IT skills gaps, and a lack of resources needed to manage, optimize, and automate their networks. On top of that, security issues can arise when policies do not encompass both on-prem and cloud environments. Often, traditional on-prem consumption models do not align with cloud solutions and marketplaces. As a managed service provider, you can close these gaps, address your customer’s business challenges, and help them achieve their goals.

Greater Together

By working together closely and partnering to create unrivaled value for customers around their needs, we can capture more managed services opportunities. Building on Cisco’s industry-leading platforms and technologies like Cisco Powered Services, you can create and deliver your own innovations that help customers accomplish their specific business outcomes. We can achieve more innovation faster than ever across platforms, networking, security, collaboration, and optimized applications. Together we have a unique advantage, the ability to serve customers of every size and industry segment solving their biggest technology challenges.

Create marketplace differentiation with Cisco

With Cisco Powered Services specializations, you can elevate your organization above your competition. These recognized technology credentials help you build greater demand for your services and win new customers. They showcase your ability to build, provision, manage, and support managed services using industry-leading Cisco technologies that deliver the business outcomes your customers need. Grow your organization’s skills efficiently by building repeatable and scalable managed services. In addition, Cisco Powered Services give you:

• Proven blueprints: Validate your competency in areas including Power Hybrid Work, Secure the Enterprise, Transform Infrastructure, and Reimagine Applications.
• Quicker path to advancement: Meet specialization training requirements with up to 40 percent cost reductions. Role-share using CCIEs and CCNPs helps you meet Provider-level requirements faster.
• Showcase capabilities: Once you achieve these specializations, you gain access to industry-recognized logos and exclusive go-to-market resources to build successful solutions and services for Managed SD-WAN, Meraki, SASE, FSO, and many more.
• Sales acceleration: Expand your Cisco Powered Services portfolio and earn greater rewards within the Provider role, including exclusive upfront discounts and market development funds.

New resources available

You don’t need a large marketing team to reach current and potential customers. Cisco provides a variety of marketing materials and creative assets to help you highlight your unique capabilities. These ready-made materials will help you build targeted campaigns quicker and reach your customers faster. Newly added assets within Marketing Velocity Learning include a video and a companion guide with step-by-step guidance to help you grow your managed services business more quickly.

Source: cisco.com

Continue reading

Transforming the Economics of Superfast Broadband with Cisco Routed PON

Today marks the launch of Cisco Routed PON, a truly disruptive solution that enables agile, differentiated broadband services through a software-defined broadband network. It’s part of our ongoing mission to transform the economics of networking for the benefit of communication service providers and communities worldwide. Routed PON drastically improves the cost of broadband deployment in rural, suburban, and urban areas, to help bring reliable, superfast connectivity to both residential and business customers.

In July 2016, the United Nations declared the internet a basic human right. Recognizing the importance of high-speed internet access in improving people’s lives and growing the digital economy, governments worldwide are investing heavily in broadband builds. The $42.45 billion Broadband Equity, Access and Deployment (BEAD) fund in the U.S. is just one example. Its goal is to ensure that every American can reap the benefits of high-speed internet access.

Communication service providers have welcomed initiatives like this because of the high cost of building new infrastructure and declining ARPU. Yet, bridging the digital divide and meeting both consumers’ and businesses’ growing bandwidth demands requires more than just public funding. It calls for a complete rethink of how broadband networks are built. That’s why we developed Cisco Routed PON—to help communication service providers and municipalities to deploy broadband networks in a better and simpler way.

Why can’t we just keep doing things the old way?

In today’s hyperconnected world—where hybrid work is the new normal, artificial intelligence (AI) innovation is accelerating, and new bandwidth-hungry applications continue to emerge—rolling out and managing profitable, high-performance broadband access networks is difficult and complex. And, it’s going to become even more difficult as bandwidth growth continues—from 10G, 25G and to 100G, and beyond.

The challenges are about connectivity and the services that broadband solutions enable. Our customers want to deliver services in an agile and cost-effective way, but they are increasingly constrained by traditional broadband architectures with large, dedicated optical line terminal (OLT) chassis that require dedicated space and power. Additionally, these chassis are separate from the access router, so they require separate layer management that can be costly. Traditional broadband architectures also offer less flexibility because they come as an integrated solution from a single vendor.

What sets Routed PON apart?

Unlike traditional chassis-based solutions, Cisco Routed PON enables communication service providers to put a small form factor PON pluggable in a router and converge FTTx access with their end-to-end network. It has three building blocks, all underpinned by a software-defined end-to-end architecture based on the IOS XR operating system.

1. Cisco Routed PON OLT Pluggable – A pluggable 10G OLT that replaces traditional stand-alone OLT chassis and connects the PON network to Layer 3 routing and services through a small form factor pluggable (SFP+) port on the router. The SFP is a cost optimized and power efficient way to deliver 10G symmetrical upstream and downstream data. Open and compliant with the OMCI standard, the OLT pluggable is compatible with any optical network terminal (ONT), helping customers avoid vendor lock-in.

2. Cisco Routed PON Controller – A stateless management controller that runs as a container on the router, configuring and monitoring end points in the PON network. It applies configurations to OLT and ONT devices and collects state information, statistics, alarms and logs from devices, and reports the information to higher layer applications.

3. Cisco Routed PON Manager – A WebUI application that acts as a graphical user interface for the PON network. The PON Manager facilitates device and service provisioning, and enables the management of users, databases, and alarms.

Flexibility, service differentiation, and investment protection

The capabilities of Cisco Routed PON lead to multiple positive business outcomes. The innovative architecture offers customers more flexibility because it’s interoperable with many ONTs. So, communication service providers can decide for themselves which ONT best meets their requirements and cost targets, upgrade to new features as needed, and not be tied to a single vendor’s roadmap.

Cisco Routed PON also makes their end-to-end architecture much simpler to manage, which in turn lowers OpEx. Instead of having separate systems and processes for PON, communication service providers can converge it with other access technologies on IP routers like active Ethernet – all unified by a common operating system, IOS XR, and automation.

At a time when reducing churn and growing revenue is critical, Cisco Routed PON helps customers stand out from competition and monetize their network investments in a smarter way. Thanks to its end-to-end architecture—with powerful IOS XR capabilities, such as segment routing and EVPN—it improves subscriber experience.

These capabilities also enable communication service providers to offer differentiated services for business and residential customers, such as ultra-low latency connectivity or additional security features. Crucially, Cisco Routed PON protects communication service providers’ investments as they build the Internet for the Future – ready for 10G, 25G, 50G, 100G, and beyond. When new higher-bandwidth Cisco pluggable OLTs become available, customers can simply plug them into their router on a port-by-port basis.

I’m proud of how Cisco keeps pushing the boundaries of routing and optical innovation to enable our customers to create more efficient and profitable network architectures. I see Cisco Routed PON as a further demonstration of how we are transforming and simplifying networking like we have done previously with Routed Optical Networking. I look forward to working with our customers as they leverage this new solution to accelerate the deployment of high-speed broadband in cities and rural communities around the world to bridge the digital divide.

Source: cisco.com

Continue reading

Complexity drives more than security risk. Secure Access can help with that too.

Modern networks are complex, often involving hybrid work models and a mix of first- and third-party applications and infrastructure. In response, organizations have adopted security service edge (SSE) solutions, such as Cisco Secure Access, to protect users regardless of where they are located or what they are accessing.

This reliance on third-party infrastructure doesn’t only drive security risk, it also increases the likelihood of performance outages and disruptions. Oftentimes, these disruptions are the result of service outages and slowdowns in third-party infrastructure, which make it difficult for IT teams to detect and remediate the problem. Experience Insights, a component of Cisco Secure Access, allows administrators to maintain a positive end user experience by detecting and responding to connectivity problems as soon as they occur, all from the same dashboard they use to manage security capabilities and access policies.

Cisco Secure Access is our flagship Security Service Edge (SSE) product, which provides all the tools you need to enable remote and branch users to securely connect to the Internet, software-as-a-service (SaaS) applications, and private apps. While much of these capabilities are focused on security, it is also important to monitor network performance, ensuring a strong digital experience with minimal outages and connectivity problems.

Experience Insights is powered by Cisco ThousandEyes technology, which enables rapid root cause identification and resolution from device to application and every network in between. According to the Forrester Total Economic Impact report for ThousandEyes, the technology’s end user monitoring capabilities resulted in a 50% productivity boost for IT and network operations and a 50-80% reduction in the time it took to identify intermittent or degraded performance, whether it was global or localized.

Provide a strong user experience and troubleshoot performance issues

Performance problems can originate in many sources, including:

• Devices, such as laptops
• Wi-Fi networks
• Internet service providers
• Corporate resources, such as VPNs or security tools
• Applications

For many organizations, it can be a challenge to simply detect these problems, let alone mitigate them. This results in ongoing, undetected connectivity problems, causing a loss of productivity and end user frustration.

Experience insights is a digital experience monitoring (DEM) solution that provides a comprehensive view of endpoint, application, and network performance, making it easier to identify and troubleshoot performance problems as they arise. Ultimately, these capabilities result in a reduced mean time to resolution (MTTR) for performance incidents.

This includes a variety of metrics related to:

• Device – detailed user and system information, including CPU and memory utilization and Wi-Fi signal strength.
• Internet and network paths – key metrics regarding the network path from the device to the Secure Access gateway, including latency, packet loss, and jitter.
• Collaboration applications – automatic performance tests for key collaboration tools, such as Cisco Webex, Microsoft Teams, and Zoom.
• SaaS applications – insight into the most popular SaaS applications, including the overall health status and details such as HTTP response times and status codes.

Single-dashboard, single-agent

One of the primary benefits of Cisco Secure Access is a single-dashboard experience. The solution combines 12 different technologies and provides unified management, configuration, and troubleshooting capabilities. Experience insights is a core component of Secure Access, which means all its data and alerts are provided in the same management portal as the rest of Secure Access’ capabilities. This prevents administrators from being forced to juggle numerous technologies and management portals, streamlining operations and reducing frustration.

In addition, all Secure Access capabilities, including Experience Insights, rely on the Cisco Secure Client, a single agent on the end-user’s machine. This simplifies administration and deployment while optimizing workflows.

All at no extra cost

We recognize how important it is to be able to identify and troubleshoot connectivity problems in an SSE solution, which is why we are including it in the base Secure Access license at no extra cost. In addition, customers can purchase a full license for Cisco ThousandEyes for more advanced capabilities and broader coverage across their network.

Experience insights is just one capability of an incredible solution

While experience insights is our latest announcement, Secure Access includes many capabilities, including a secure web gateway, cloud access security broker with data loss prevention, firewall-as-a-service, and zero trust network access. It is an all-encompassing solution for securely connecting remote and branch users to the Internet, SaaS applications, and private apps.

Source: cisco.com

Continue reading

Simplify DNS Policy Management With New Umbrella Tagging APIs

This blog post will show you how you can automate DNS policy management with Tags.

To streamline DNS policy management for roaming computers, categorize them using tags. By assigning a standard tag to a collection of roaming computers, they can be collectively addressed as a single entity during policy configuration. This approach is recommended for deployments with many roaming computers, ranging from hundreds to thousands, as it significantly simplifies and speeds up policy creation.

High-level workflow description

1. Add API Key

2. Generate OAuth 2.0 access token

3. Create tag

4. Get the list of roaming computers and identify related ‘originId’

5. Add tag to devices.

The Umbrella API provides a standard REST interface and supports the OAuth 2.0 client credentials flow. While creating the API Key, you can set the related Scope and Expire Date.

To start working with tagging, you need to create an API key with the Deployment read/write scope.

After generating the API Client and API secret, you can use it for related API calls.

First, we need to generate an OAuth 2.0 access token.

You can do this with the following Python script:

import requests

import os

import json

import base64

api_client = os.getenv('API_CLIENT')

api_secret = os.getenv('API_SECRET')

def generateToken():

   url = "https://api.umbrella.com/auth/v2/token"

   usrAPIClientSecret = api_client + ":" + api_secret

   basicUmbrella = base64.b64encode(usrAPIClientSecret.encode()).decode()

   HTTP_Request_header = {"Authorization": "Basic %s" % basicUmbrella,

"Content-Type": "application/json;"}

   payload = json.dumps({

   "grant_type": "client_credentials"

   })

   response = requests.request("GET", url, headers=HTTP_Request_header, data=payload)

   print(response.text)

   access_token = response.json()['access_token']

   print(accessToken)

   return accessToken

if __name__ == "__main__":

   accessToken = generateToken()

Expected output:

{“token_type”:”bearer”,”access_token”:”cmVwb3J0cy51dGlsaXRpZXM6cmVhZCBsImtpZCI6IjcyNmI5MGUzLWQ1MjYtNGMzZS1iN2QzLTllYjA5NWU2ZWRlOSIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ1bWJyZWxsYS1hdXRoei9hdXRoc3ZjIiwic…OiJhZG1pbi5wYXNzd29yZHJlc2V0OndyaXRlIGFkbWluLnJvbGVzOnJlYWQgYWRtaW4udXNlcnM6d3JpdGUgYWRtaW4udXNlcnM6cmVhZCByZXBvcnRzLmdyYW51bGFyZXZlbnRzOnJlYWQgyZXBvcnRzLmFnZ3Jl…MzlL”,”expires_in”:3600}

We will use the OAuth 2.0 access token retrieved in the previous step for the following API requests.

Let’s create tag with the name “Windows 10”

def addTag(tagName):

   url = "https://api.umbrella.com/deployments/v2/tags"

   payload = json.dumps({

   "name": tagName

   })

   headers = {

   'Accept': 'application/json',

   'Content-Type': 'application/json',

   'Authorization': 'Bearer ' + accessToken

   }

   response = requests.request("POST", url, headers=headers, data=payload)

   print(response.text)

addTag("Windows 10", accesToken)

Expected output:

{

   "id": 90289,

   "organizationId": 7944991,

   "name": "Windows 10",

   "originsModifiedAt": "",

   "createdAt": "2024-03-08T21:51:05Z",

   "modifiedAt": "2024-03-08T21:51:05Z"

}

Umbrella dashboard, List of roaming computers without tags 

Each tag has its unique ID, so we should note these numbers for use in the following query.

The following function helps us Get the List of roaming computers:

def getListRoamingComputers(accesToken):

url = "https://api.umbrella.com/deployments/v2/roamingcomputers"

payload = {}

headers = {

'Accept': 'application/json',

'Content-Type': 'application/json',

'Authorization': 'Bearer ' + accessToken

}

response = requests.request("GET", url, headers=headers, data=payload)

print(response.text)

Expected output:

[

{

“originId”: 621783439,

“deviceId”: “010172DCA0204CDD”,

“type”: “anyconnect”,

“status”: “Off”,

“lastSyncStatus”: “Encrypted”,

“lastSync”: “2024-02-26T15:50:55.000Z”,

“appliedBundle”: 13338557,

“version”: “5.0.2075”,

“osVersion”: “Microsoft Windows NT 10.0.18362.0”,

“osVersionName”: “Windows 10”,

“name”: “CLT1”,

“hasIpBlocking”: false

},

{

“originId”: 623192385,

“deviceId”: “0101920E8BE1F3AD”,

“type”: “anyconnect”,

“status”: “Off”,

“lastSyncStatus”: “Encrypted”,

“lastSync”: “2024-03-07T15:20:39.000Z”,

“version”: “5.1.1”,

“osVersion”: “Microsoft Windows NT 10.0.19045.0”,

“osVersionName”: “Windows 10”,

“name”: “DESKTOP-84BV9V6”,

“hasIpBlocking”: false,

“appliedBundle”: null

}

]

Users can iterate through the JSON list items and filter them by osVersionName, name, deviceId, etc., and record the related originId in the list that we will use to apply the related tag.

With related tag ID and roaming computers originId list, we can finally add a tag to devices, using the following function:

def addTagToDevices(tagId, deviceList, accesToken):

   url = "https://api.umbrella.com/deployments/v2/tags/{}/devices".format(tagId)

   payload = json.dumps({

   "addOrigins":

   })

   headers = {

   'Accept': 'application/json',

   'Content-Type': 'application/json',

   'Authorization': 'Bearer ' + accessToken

   }

   response = requests.request("POST", url, headers=headers, data=payload)

   print(response.text)

addTagToDevices(tagId, [ 621783439, 623192385 ], accesToken)

Expected output:

{

   "tagId": 90289,

   "addOrigins": [

       621783439,

       623192385

   ],

   "removeOrigins": []

}

After adding tags, let’s check the dashboard

Umbrella dashboard, list of roaming computers after we add tags using API

A related tag is available to select when creating a new DNS policy.

Notes:

• Each roaming computer can be configured with multiple tags
• A tag cannot be applied to a roaming computer at the time of roaming client installation.
• You cannot delete a tag. Instead, remove a tag from a roaming computer.
• Tags can be up to 40 characters long.
• You can add up to 500 devices to a tag (per request).

Source: cisco.com

Continue reading

Enterprise security: Making hot desking secure and accessible on a global scale

Making hot desking secure and accessible on a global scale

The first rule of interviewing a CISO at the Australian division of Laing O’Rourke is this: You can’t dig deep into use cases or clients.

And this makes perfect sense, because when you’re responsible for securing critical infrastructure for an AUD $6 billion global construction and engineering firm, with projects ranging from transport to defense, even scant details can lead to cyberattacks.

Crafting security for joint ventures, and a very distributed network

Despite the high stakes, Laing O’Rourke’s security challenges are distinctly universal – especially post-2020, where the world saw a massive boost in the sophistication and number of DDoS, VPN, and other web-related attacks. And like peer companies, the company needed to set a firm foundation to block internet-based attacks on distributed infrastructure.

But here’s where things are different. Thanks to business requirements, Laing O’Rourke’s network environment is complex. The company often works on what James Fields, Group Deputy CISO for Laing O’Rourke, calls “mega projects,” joint ventures (JVs) with other companies that are – to put it plainly – competitors.

“Being a construction business, physical security is a real challenge out on project sites. Often, for some of our larger-scale projects, we find ourselves in collaborative partnerships with our rivals,'” Fields commented. “At one moment, they’re our partners in a project, and in the next, they could be our competitors for fresh contracts. By engaging in these joint ventures, we’re effectively inviting our competition into our network.”

So, it is imperative that Laing O’Rourke delivers secure network access to staff, clients and JV partners in a hot-desking environment AND satisfy clients demanding adherence to different frameworks and certification. The company must also prevent threat actors — as well as anyone who could benefit competitively, financially, or in any other way – – from accessing or exfiltrating information from the network.

And they did it this by adding two different Cisco solutions to the stack: Cisco Secure Firewall and Cisco Identity Services Engine (ISE).

Streamlining security in the face of unnecessary, time-consuming tasks

Getting backing from leadership to invest in the best traffic and threat management tools can seem impossible for many teams. Thankfully, Fields has enthusiastic backing from the board.

“My team and I are truly passionate about cybersecurity, and we have the board’s support not just for compliance’s sake (not just performing a tick box exercise), but also for establishing the best practices and instilling a cyber-centric mindset throughout the business.”

But that doesn’t mean it’s been easy building that framework.

As a snapshot, before Cisco ISE, Fields says, “Our joint venture partners and clients had a potential risk of unintentionally (or deliberately) accessing our corporate network due to shared office space. This prevented business agility, necessitating fixed desks. Consequently, IT had to frequently reconfigure ports on project sites as staff assignments changed based on project phases or collaboration needs.”

Developing those pre-designed workspaces based on whether the user was from Laing O’Rourke, or a JV took precious time and energy that could have been used elsewhere. The Laing O’Rourke team needed intelligent automation to streamline the process.

Laing O’Rourke already had multiple firewalls in place, but it needed a Cisco Secure Firewall to help the company control network access, prevent intrusions and exfiltration, filter URLs, and conduct deep packet inspection. Meanwhile, Cisco ISE would help wrangle all those joint venture devices.

Since the Laing O’Rourke team was already using Cisco switches and was familiar with how Cisco solutions work, it made the choice to add more Cisco to the stack all that much easier.

“We, like most enterprises, use Cisco switches at our core and at the edge. So it made sense to talk to Cisco about how they could help us protect our network.”

Using Cisco Secure Firewall to streamline access and safeguard the network

Laing O’Rourke needed physical security that could accommodate hybrid staff members and contractors through hot-desking (multiple workers using a single physical workstation) and achieving seamless connectivity and network management was crucial.

To address this, Laing O’Rourke turned to Cisco Secure Firewall, allowing the company to achieve and maintain the confidentiality, integrity, and availability — the coveted CIA triad — of data. By effectively controlling network access and preventing unauthorized data changes, Cisco Secure Firewall played a pivotal role in safeguarding Laing O’Rourke’s network infrastructure.

Key stakeholders, including Fields, emphasized the importance of Cisco’s wide-ranging threat intelligence. These updates ensured that the firewalls remain current with the latest threat and vulnerability signatures, reinforcing the strength and effectiveness of Laing O’Rourke’s security measures.

By partnering with Cisco, Laing O’Rourke has enhanced its ability to identify and mitigate a wide range of threats by using advanced features of Cisco Secure Firewall, including intrusion prevention, URL filtering, and deep packet inspection capabilities.

The team also used Firewall Management Center (FMC) dashboards to manage firewalls using a single pane of glass, which was ultra-convenient when they needed insights on intrusion events, potential threats, and geolocation. Thanks to the proactive security measures implemented through Cisco’s Secure Firewall solution, Laing O’Rourke has experienced a considerable decrease in web-related vulnerability attacks.

Once the Cisco Firewall was in place for Laing O’Rourke, it was ready to do what it’s known for: helping prevent DDOS, malware, VPN, and many other attacks.

“When it comes to firewalling, we take a dual vendor approach. Around five years ago we went out to market to replace our [competitor] firewalls. Given our positive experience with Cisco’s networking equipment, Cisco FTD’s were on our shopping list,” Fields said. “We still take a dual vendor approach and Cisco is still helping secure our edge.”

Adding a zero-trust framework with ISE for identity

Cisco Secure Firewall has proven itself a formidable force to manage traffic and block threats, with automatic updates and frequent attack intel as a sweetener. But ISE has been a revelation for Laing O’Rourke, giving the team a firm, confident hand when managing IP phones, tablets, and laptops – all used to conduct business.

“ISE was a real game changer for us. It has transformed the way we operate on project sites, negating the need for predefined workspaces based on if the user was a Laing O’Rourke staff member, JV partner, client, or guest, while simultaneously increasing protection of our corporate network”.

With ISE, ports can be configured to dynamically reconfigure a port based on security posture and device ownership, permitting access to the right network segments at the right time. This includes access to the company’s corporate wireless (and wired) networks, guest Wi-Fi, and BYOD – including operational technology (OT) networks.

“While ISE takes a bit of effort to set up right, once it up and running, it’s a very stable platform, easy to configure and integrates well with other security platforms like Firewall Threat Defense (FTD) and mobile device management (MDM) solutions,” Fields said.

If he had to name three things that make Cisco ISE a solid solution for Laing O’Rourke, Fields spoke of dynamic profiling that detects device type and applies the right policy, the MDM integration and compliance check that makes sure devices are up-to-date, and anomalous behaviour detection.

According to Fields, many years ago, a pen-tester discovered a technical gap that absolutely needed to be closed. So now when an IP phone starts to communicate as Windows traffic, for instance, ISE catches it with behavioural detection.

“With the lack of physical security on our project sites, along with actively inviting our competitors onto our network, seems like a disaster waiting to happen,” he said. “Cisco ISE has proven to be an invaluable solution for segregating access between our employees and our clients and partners, protecting us from threat actors and rogue network devices.”

Cisco Secure Firewall and ISE save money and time

Many network and security pros understand how painful it can be to secure a network – especially one that’s distributed. But with a Cisco Secure Firewall in play and ISE to manage BYODs, Laing O’Rourke’s networking team has already seen a difference.

To start, those Monday morning calls about desk moves and disrupted network access are no more. Laing O’Rourke is saving minutes, hours, and days, while simultaneously bolstering network security:  something that notoriously…takes time.

The user experience has improved, and the team has more time to focus on threats. Though Laing O’Rourke uses a dual vendor approach, Cisco is the go-to for this critical, global company, with ROI already evident once the company’s other firewalls were replaced with Cisco Firewalls.

“The [competitor] firewalls were significantly more expensive and offered no additional functionality. The replacement [Cisco] actually saved us money,” Fields said. “What I can say is one of the few things that doesn’t keep me up at night is our network uptime or network-based security — thanks to Cisco Firewall Threat Defense (FTD) and Cisco ISE.”

Source: cisco.com

Continue reading

Dashify: Solving Data Wrangling for Dashboards

This post is about Dashify, the Cisco Observability Platform’s dashboarding framework. We are going to describe how AppDynamics, and partners, use Dashify to build custom product screens, and then we are going to dive into details of the framework itself. We will describe its specific features that make it the most powerful and flexible dashboard framework in the industry.

What are dashboards?

Dashboards are data-driven user interfaces that are designed to be viewed, edited, and even created by product users. Product screens themselves are also built with dashboards. For this reason, a complete dashboard framework provides leverage for both the end users looking to share dashboards with their teams, and the product-engineers of COP solutions like Cisco Cloud Observability.

In the observability space most dashboards are focused on charts and tables for rendering time series data, for example “average response time” or “errors per minute”. The image below shows the COP EBS Volumes Overview Dashboard, which is used to understand the performance of Elastic Block Storage (EBS) on Amazon Web Services. The dashboard features interactive controls (dropdowns) that are used to further-refine the scenario from all EBS volumes to, for example unhealthy EBS volumes in US-WEST-1.

Several other dashboards are provided by our Cisco Cloud Observability app for monitoring other AWS systems. Here are just a few examples of the rapidly expanding use of Dashify dashboards across the Cisco Observability Platform.

• EFS Volumes
• Elastic Load Balancers
• S3 Buckets
• EC2 Instances

Why Dashboards

No observability product can “pre-imagine” every way that customers want to observe their systems. Dashboards allow end-users to create custom experiences, building on existing in-product dashboards, or creating them from scratch. I have seen large organizations with more than 10,000 dashboards across dozens of teams.

Dashboards are a cornerstone of observability, forming a bridge between a remote data source, and local display of data in the user’s browser. Dashboards are used to capture “scenarios” or “lenses” on a particular problem. They can serve a relatively fixed use case, or they can be ad-hoc creations for a troubleshooting “war room.” A dashboard performs many steps and queries to derive the data needed to address the observability scenario, and to render the data into visualizations. Dashboards can be authored once, and used by many different users, leveraging the know-how of the author to enlighten the audience. Dashboards play a critical role in low-level troubleshooting and in rolling up high-level business KPIs to executives.

The goal of dashboard frameworks has always been to provide a way for users, as opposed to ‘developers’, to build useful visualizations. Inherent to this “democratization” of visualizations is the notion that building a dashboard must somehow be easier than a pure JavaScript app development approach. Afterall, dashboards cater to users, not hardcore developers.

The problem with dashboard frameworks

The diagram below illustrates how a traditional dashboard framework allows the author to configure and arrange components but does not allow the author to create new components or data sources. The dashboard author is stuck with whatever components, layouts, and data sources are made available. This is because the areas shown in red are developed in JavaScript and are provided by the framework. JavaScript is neither a secure, nor easy technology to learn, therefore it is rarely exposed directly to authors. Instead, dashboards expose a JSON or YAML based DSL. This typically leaves field teams, SEs, and power users in the position of waiting for the engineering team to release new components, and there is almost always a deep feature backlog.

I have personally seen this scenario play out many times. To take a real example, a team building dashboards for IT services wanted rows in a table to be colored according to a “heat map”. This required a feature request to be logged with engineering, and the core JavaScript-based Table component had to be changed to support heat maps. It became typical for the core JS components to become a mishmash of domain-driven spaghetti code. Eventually the code for Table itself was hard to find amidst the dozens of props and hidden behaviors like “heat maps”. Nobody was happy with the situation, but it was typical, and core component teams mostly spent their sprint cycles building domain behaviors and trying to understand the spaghetti. What if dashboard authors themselves on the power-user end of the spectrum could be empowered to create components themselves?

Enter Dashify

Dashify’s mission is to remove the barrier of “you can’t do that” and “we don’t have a component for that”. To accomplish this, Dashify rethinks some of the foundations of traditional dashboard frameworks. The diagram below shows that Dashify shifts the boundaries around what is “built in” and what is made completely accessible to the Author. This radical shift allows the core framework team to focus on “pure” visualizations, and empowers domain teams, who author dashboards, to build domain specific behaviors like “IT heat maps” without being blocked by the framework team.

To accomplish this breakthrough, Dashify had to solve the key challenge of how to simplify and expose reactive behavior and composition without cracking open the proverbial can of JavaScript worms. To do this, Dashify leveraged a new JSON/YAML meta-language, created at Cisco in the open source, for the purpose of declarative, reactive state management. This new meta-language is called “Stated,” and it is being used to drive dashboards, as well as many other JSON/YAML configurations within the Cisco Observability Platform. Let’s take a simple example to show how Stated enables a dashboard author to insert logic directly into a dashboard JSON/YAML.

Suppose we receive data from a data source that provides “health” about AWS availability zones. Assume the health data is updated asynchronously. Now suppose we wish to bind the changing health data to a table of “alerts” according to some business rules:

1. only show alerts if the percentage of unhealthy instances is greater than 10%

2. show alerts in descending order based on percentage of unhealthy instances

3. update the alerts every time the health data is updated (in other words declare a reactive dependency between alerts and health).

This snippet illustrates a desired state, that adheres to the rules.

But how can we build a dashboard that continuously adheres to the three rules? If the health data changes, how can we be sure the alerts will be updated? These questions get to the heart of what it means for a system to be Reactive. This Reactive scenario is at best difficult to accomplish in today’s popular dashboard frameworks.

Notice we have framed this problem in terms of the data and relationships between different data items (health and alerts), without mentioning the user interface yet. In the diagram above, note the “data manipulation” layer. This layer allows us to create exactly these kinds of reactive (change driven) relationships between data, decoupling the data from the visual components.

Let’s look at how easy it is in Dashify to create a reactive data rule that captures our three requirements. Dashify allows us to replace *any* piece of a dashboard with a reactive rule, so we simply write a reactive rule that generates the alerts from the health. The Stated rule, beginning on line 12 is a JSONata expression. Feel free to try it yourself here.

One of the most interesting things is that it appears you don’t have to “tell” Dashify what data your rule depends on. You just write your rule. This simplicity is enabled by Stated’s compiler, which analyzes all the rules in the template and produces a Reactive change graph. If you change anything that the ‘alerts’ rule is looking at, the ‘alerts’ rule will fire, and recompute the alerts. Let’s quickly prove this out using the stated REPL which lets us run and interact with Stated templates like Dashify dashboards. Let’s see what happens if we use Stated to change the first zone’s unhealthy count to 200. The screenshot below shows execution of the command “.set /health/0/unhealthy 200” in the Stated JSON/YAML REPL. Dissecting this command, it says “set the value at json pointer /health/0/unhealthy to value 200”. We see that the alerts are immediately recomputed, and that us-east-1a is now present in the alerts with 99% unhealthy.

By recasting much of dashboarding as a reactive data problem, and by providing a robust in-dashboard expression language, Dashify allows authors to do both traditional dashboard creation, advanced data bindings, and reusable component creation. Although quite trivial, this example clearly shows how Dashify differentiates its core technology from other frameworks that lack reactive, declarative, data bindings. In fact, Dashify is the first, and only framework to feature declarative, reactive, data bindings.

Let’s take another example, this time fetching data from a remote API. Let’s say we want to fetch data from the Star Wars REST api. Business requirements:

• Developer can set how many pages of planets to return
• Planet details are fetched from star wars api (https://swapi.dev)
• List of planet names is extracted from returned planet details
• User should be able to select a planet from the list of planets
•  ‘residents’ URLs are extracted from planet info (that we got in step 2), and resident details are fetched for each URL
• Full names of inhabitants are extracted from resident details and presented as list

Again, we see that before we even consider the user interface, we can cast this problem as a data fetching and reactive binding problem. The dashboard snippet below shows how a value like “residents” is reactively bound to selectedPlanet and how map/reduce style set operators are applied to entire results of a REST query. Again, all the expressions are written in the grammar of JSONata.

To demonstrate how you can interact with and test such a snippet, checkout This github gist shows a REPL session where we:

1. load the JSON file and observe the default output for Tatooine

2. Display the reactive change-plan for planetName

3. Set the planet name to “Coruscant”

4. Call the onSelect() function with “Naboo” (this demonstrates that we can create functions accessible from JavaScript, for use as click handlers, but produces the same result as directly setting planetName)

From this concise example, we can see that dashboard authors can easily handle fetching data from remote APIs, and perform extractions and transformations, as well as establish click handlers. All these artifacts can be tested from the Stated REPL before we load them into a dashboard. This remarkable economy of code and ease of development cannot be achieved with any other dashboard framework.

If you are curious, these are the inhabitants of Naboo:

What’s next?

We have shown a lot of “data code” in this post. This is not meant to imply that building Dashify dashboards requires “coding”. Rather, it is to show that the foundational layer, which supports our Dashboard building GUIs is built on very solid foundation. Dashify recently made its debut in the CCO product with the introduction of AWS monitoring dashboards, and Data Security Posture Management screens. Dashify dashboards are now a core component of the Cisco Observability Platform and have been proven out over many complex use cases. In calendar Q2 2024, COP will introduce the dashboard editing experience which provides authors with built in visual drag-n-drop style editing of dashboards. Also in calendar Q2, COP introduces the ability to bundle dashify dashboards into COP solutions allowing third party developers to unleash their dashboarding skills. So, weather you skew to the “give me a gui” end of the spectrum or the “let me code” lifestyle, Dashify is designed to meet your needs.

Summing it up

Dashboards are a key, perhaps THE key technology in an observability platform. Existing dashboarding frameworks present unwelcome limits on what authors can do. Dashify is a new dashboarding framework born from many collective years of experience building both dashboard frameworks and their visual components. Dashify brings declarative, reactive state management into the hands of dashboard authors by incorporating the Stated meta-language into the JSON and YAML of dashboards. By rethinking the fundamentals of data management in the user interface, Dashify allows authors unprecedented freedom. Using Dashify, domain teams can ship complex components and behaviors without getting bogged down in the underlying JavaScript frameworks. Stay tuned for more posts where we dig into the exciting capabilities of Dashify: Custom Dashboard Editor, Widget Playground, and Scalable Vector Graphics.

Source: cisco.com

Continue reading