Beat the Cisco 700-760 SAAM Exam: 7 Effective Study Techniques

In the ever-evolving landscape of IT, Cisco certifications have consistently set the standard for expertise and authority. Among these, the Cisco 700-760 SAAM (Cisco Security Architecture) certification is a highly sought-after credential that not only validates your knowledge but also opens doors to promising career opportunities. Whether you’re an IT professional looking to advance in your career or a student aiming to specialize in security architecture, the 700-760 SAAM certification is a crucial step in your journey.

Know the Cisco 700-760 SAAM Certification

The 700-760 exam is designed to assess your knowledge across Cisco's security portfolio, which is crucial for obtaining the security specialization in various roles within the industry. The exam covers a broad spectrum of topics from the threat landscape, cybersecurity issues, Cisco’s security solutions, and customer interaction strategies in security contexts​.

Cisco 700-760 Exam Overview:

• Exam Price- $80 USD
• Duration- 90 minutes
• Number of Questions- 55-65
• Passing Score- Variable (750-850 / 1000 Approx.)

700-760 SAAM Exam Key Topics:

• Threat Landscape and Security Issues (20% of the exam)
  Focus on digitization in cybersecurity, understanding cyber threats, and identifying fragmented security in businesses.
• Focus on digitization in cybersecurity, understanding cyber threats, and identifying fragmented security in businesses.
• Selling Cisco Security (15% of the exam)
  Learn about Cisco's support for practice development and their security portfolio that can be leveraged to enhance partner support and profitability​.
• Customer Conversations (15% of the exam)
  It’s crucial to understand how to discuss security solutions tailored to customer-specific needs and challenges.
• IoT Security (15% of the exam)
  IoT is becoming increasingly critical; understand Cisco’s IoT solutions and the importance of layered protection.
• Cisco Zero Trust (15% of the exam)
  Dive into the concepts of trust-centric security and zero-trust solutions, focusing on their implementation and benefits.
• Cisco Security Solutions Portfolio (20% of the exam)
  This involves a comprehensive understanding of Cisco’s security solutions that address modern network environments and next-generation network challenges​.

5 Benefits of the Cisco 700-760 SAAM Certification

1. Enhanced Career Opportunities

Earning the 700-760 SAAM certification opens doors to advanced roles in cybersecurity within Cisco's ecosystem and partner organizations. It signifies expertise in Cisco’s security solutions, making you a preferred candidate for roles requiring specialized security knowledge.

2. Recognition of Expertise

Cisco Security Architecture for Account Managers certification is recognized globally and demonstrates your commitment to the cybersecurity profession. It validates your skills to employers and peers, establishing your credibility in the field.

3. Access to Exclusive Resources

Certified professionals gain access to a wealth of resources from Cisco, including advanced training materials, up-to-date information on security technologies, and invitations to exclusive networking events.

4. Improved Earning Potential

Holding a Cisco certification like the 700-760 SAAM can lead to higher salary opportunities compared to non-certified peers, as it highlights a specialized skill set in a high-demand area.

5. Professional Development and Growth

Preparing for and achieving the Cisco Security Architecture for Account Managers certification helps you stay current with industry standards and technological advancements, ensuring your professional growth and continuous learning in the rapidly evolving cybersecurity landscape.

7 Effective Study Techniques to Crack 700-760 SAAM Exam:

1. Understand the 700-760 SAAM Exam Blueprint

The first step in your preparation should be to thoroughly review the exam blueprint, which Cisco provides on its official website. This document outlines all the exam objectives, the key topics covered, and their respective weightings. By understanding the blueprint, you can prioritize your study efforts according to the importance of each topic in the exam. This strategic approach ensures that you allocate more time to the areas that will likely constitute a larger portion of the exam questions.

2. Leverage Official Cisco Materials

Cisco offers a range of study materials specifically designed for the 700-760 SAAM exam. These include study guides, course materials, and other educational resources that are up-to-date with the latest exam content and format. Utilizing these official materials is crucial as they are tailored to cover all the necessary topics comprehensively. Moreover, these resources are created by experts with in-depth knowledge of Cisco’s security architecture, ensuring that they are both reliable and relevant.

3. Participate in Training Courses

Enrolling in official Cisco training courses can significantly enhance your understanding of complex topics. These courses are usually conducted by Cisco-certified instructors who provide valuable insights and clarifications on intricate concepts. Training sessions also offer practical experience and examples that can help you better understand how theoretical concepts are applied in real-world scenarios, which is invaluable for internalizing the exam material.

4. Join Study Groups and Forums

Interacting with peers and experienced professionals through study groups and online forums can greatly benefit your exam preparation. These platforms allow you to exchange knowledge, discuss difficult concepts, and get advice from individuals who have successfully passed the exam. Additionally, study groups can offer moral support, keeping you motivated throughout your preparation process.

5. Practice with 700-760 SAAM Online Exams

Practicing with online exams is essential for effective exam preparation. These practice tests mimic the actual exam environment, helping you familiarize yourself with the exam structure and timing. They also provide immediate feedback, allowing you to identify areas where you need further study or improvement. Regular practice with these exams can boost your confidence and improve your time management skills during the actual test.

6. Review and Revise

Regular review and revision of your study materials are key to retaining the information you've learned. Make it a habit to take detailed notes during your study sessions and revisit them frequently. This continuous engagement with the material helps deepen your understanding and ensures that you remember key details during the exam.

7. Stay Informed of Updates

Staying updated with any changes to the exam content or format is crucial. Cisco may periodically update the exam syllabus or format to reflect the latest industry trends and technologies. Regularly check Cisco’s official website for any announcements or updates regarding the 700-760 SAAM exam. This ensures that your preparation is aligned with the most current standards and expectations.

By following these steps and fully engaging with the preparation process, you can enhance your chances of passing the Cisco 700-760 SAAM certification exam, setting a solid foundation for your career in cybersecurity.

Conclusion: Achieve 700-760 SAAM Certification Today

Embarking on the path to Cisco Security Architecture for Account Managers certification is a significant step towards becoming a proficient security architect. Remember, the key to success lies in thorough preparation, understanding the core concepts, and continuous practice.

Explore the benefits of Online Practice Exams today. Familiarize yourself with the detailed syllabus and take advantage of the extensive question banks and real-time analytics at your fingertips. Begin your Cisco Security Architecture certification journey now and unlock your potential in the cybersecurity domain.

Continue reading

Evolutio FinTech module on Cisco FSO Platform gives visibility to financial transactions

We’re all aware that user experience has become the most important KPI for today’s digital businesses. Applications are the engines that power these experiences, and if a digital interaction is sub-par, customers are unforgiving.  Consider the situation of a prominent bank that recently suffered a series of downtimes on its mobile applications. Their users were not happy and  rival credit unions were advertising, highlighting their level of service compared to the “mega-bank.”  Churning customers due to digital blips is a NO-NO today. Organizations need visibility, context and control, so they can ensure that their customers are empowered with the best experiences possible. But true observability requires more than a “one size fits all” approach. Today’s application environments are highly specialized, built to support specific industries and business processes.

Observability tailored to fit specific use cases

Given the diversity and complexity of today’s modern apps, how can organizations fully align their technology to specific use case needs? Cisco FSO Platform brings data together from multiple domains including application, networking, infrastructure, security, cloud, sustainability, and business sources. It is an open and extensible, API-driven platform focused on OpenTelemetry and anchored on metrics, events, logs, and traces (MELT), providing AI/ML driven analytics.

The Cisco ecosystem of partners plays a key role in enabling this flexibility by creating custom observability solutions that help customers drive business outcomes with specific use cases. Let’s take a closer look at the Evolutio Fintech module, built by a key Cisco technology partner.

Evolutio Fintech gives holistic visibility to online financial transactions

Every moment matters in financial services, especially in online and point of sale transactions. Financial services organizations need to be able to see the full picture—and take action with insight.

The Evolutio Fintech module correlates infrastructure health with credit card authorization data. It helps organizations reduce revenue losses resulting from credit card authorization failures by figuring out the impact of infrastructure health on the credit card authorization.

“We developed a Fintech solution for the banking sector, around credit card processing,” said, Laura Vetter, CTO and Co-Founder of Evolutio. “It looks at credit card processing, how much money is running through, and the number of transactions, split by customer region data centers, which is most relevant to the business. If someone calls in and has an issue with processing, it’s easy to look at that specific company’s data and determine whether the issue involves the whole company, or just one region.”

Evolutio lets financial organizations view credit card authorization projects by region, to spot issues like falling numbers of authorizations, or regions that have stopped reporting data.

Evolutio lets organizations view KPIs and insights grouped and aggregated based on metadata like region, schemas, infrastructure components, and merchant name, to understand how their system is behaving as a whole.

A powerful partnership for technology innovators

For our technology partners, Cisco FSO Platform presents an excellent opportunity to bring new solutions to market fast, supporting specific domain and vertical use cases.

“Cisco has provided a very easy way to interact with the platform,” said Vetter. “It’s basically just a schema that you interact with and extend to make it happen. My team keeps telling me about the tight partnership that we have had throughout this entire journey.”

Our customers win, too, gaining the interoperability, agility, and flexibility of an adaptable, highly modular platform.

Together, Cisco FSO Platform and its partner modules deliver a comprehensive solution that scales as businesses scale—and easily extends everywhere, across the infrastructure and the application life cycle.

Source: cisco.com

Continue reading

Cisco Innovation for Payment Solutions

No matter what century you research, you’ll find innovative people doing things to make everyday life easier. Think of the Roman Aqueducts built more than two thousand years ago to move fresh water into the more populated areas. Or, consider the Wright Brothers in 1905 inventing their first powered aircraft that could sustain both flight and navigation.

These examples made life easier for the people at the time and for those who came afterward. At Cisco, our renewed focus on supporting Small and Midsize Businesses has given us a drive to also make it easier for them to take full ownership of how they pay for their Cisco hardware, software, and services over time.

Cisco Capital

Cisco Capital, through Cisco, offers partners and customers flexible payment solutions in how they purchase the needed tech to achieve the business outcomes they want. We never want budget to hold you back from getting the Cisco technology to help your business thrive.

Cisco Capital solutions help you:

1. Bundle everything from hardware to services into a single payment

2. Spread payments over time with less cash up front required

3. Simplify your software license purchases

4. Lock in costs, including renewals, for multi-year service agreements

Flexible Payment Solutions

There are multiple choices for how customers can pay for their solutions. From lifecycle management, consumption models, to traditional leasing or loans, there’s a financing solution that will best suit your budget needs. For our Small and Midsize Businesses, there is one that I’d like to feature.

Cisco Easy Pay

Through Cisco Easy Pay, customers can spread their expenses for Cisco hardware, software, and services over time into a single, predictable payment. Cisco Easy Pay enables customers to:

◉ Spread payments over 3 to 5 years

◉ Enhance cash flow and save capital

◉ Access to below market rates

◉ Provide full ownership of the equipment at the end of the term

For partners, Cisco Easy Pay lets you provide customers with a competitive, low-rate payment solution. This allows you to streamline selling motions with an offer that is easy to understand and manage. Lack of capital or budget no longer needs to hold customers back from accessing the right hardware, software, and services they need. With no upfront costs, customers can invest in other business priorities, innovate sooner, and accelerate their IT projects.

Source: cisco.com

Continue reading

Cisco NX-OS VXLAN Innovations Part 1: Inter-VNI Communication Using Downstream VNI

In this blog, we’ll look closely at VXLAN EVPN Downstream VNI for intra-site and inter-site (Inter-VNI communication using Downstream VNI).

Segmentation is one of the basic needs for Multi-Tenancy. There are many different ways to segment,  be it with VLANs in Ethernet or VRFs in IP Routing use-cases. With Virtual Extensible LAN (VXLAN), segmentation becomes more scalable with over 16 million assignable identifiers called VNI (Virtual Network Identifier). Traditionally, VXLAN segments are assigned in a symmetrical fashion, which means it must be the same to allow communication. While this symmetric assignment is generally fine, there are use cases that could benefit from a more flexible assignment and the communication across VNIs. For example, Acquisition and Mergers or  Shared Services offerings.

During Acquisition and Mergers, it is pertinent to achieve a fast and seamless integration both for the business and the IT infrastructure. In the specific case of the IT infrastructure, we are aiming to integrate without any renumbering. This broken down to VXLAN, we want to provide inter-VNI communication.

In the case of Shared Services, many deployed segments are required to reach a common service like DNS, Active Directory or similar. These shared, or extranet, services are often front-ended with a firewall which avoids the need for inter-VNI communication. Nevertheless, there are cases where specific needs dictate transparent access to this extranet service and inter-VNI communication becomes critical.

There are different methods where inter-VNI communication is used. The most common cases with attached terminology are called VRF Route Leaking. In VRF Route Leaking, the goal is to bring an IP route from one VRF and transport or leak it, into a different VRF. Different needs are present in translation cases. For example,  when you want to represent a segment with a different identifier than what was assigned (think VLAN translation).

Downstream VNI assignment for VXLAN EVPN addresses inter-VNI communication needs, be it for communication between VRFs, or is it for use-cases of translating VNIs between Sites.

Use Case Scenarios

Downstream VNI for shared services provides the functionality to selectively leak routes between VRFs. By adjusting the configuration of the VRF Route-Targets (RT), you have the option to import IP prefixes into a different VRF. Downstream VNI assignment allows the egress VTEP (Downstream) to dictate the VNI used by the ingress VTEP (Upstream). This is to reach the network advertised by the egress VTEP, which would otherwise honor the configured VNI. Downstream VNI complements and completes the need for asymmetric VNI assignment and simplifies the communication between different VRF with different VNIs. For example, the Extranet/Shared Services scenario where a service (DNS Server) sitting in service VRF needs to share the services to all the hosts (servers in different VRFs). The Shared service VRF needs to a) import the multiple VRFs into its local VRF as well as should be b) able to support the disparate value of downstream VNI.

Similar as in the shared services use-case, Downstream VNI provides a method of Translating or Normalizing VNI assignments in a VXLAN EVPN Multi-Site deployment. Where traditionally the same VNIs have to be assigned across all the Sites, with Downstream VNI we can allow inter VNI communication on the Border Gateway (BGW). By aligning the Route-Target configuration between the BGW, Sites with different VNIs will be able to communicate. Exactly as explained for the prior use-case, the egress VTEP (Downstream) dictates the VNI to be used by the ingress VTEP (Upstream) For example, Normalization/Asymmetric VNI deployment scenario, when we are adding new Sites in VXLAN EVPN Multi-Site, on new Border Gateway (BGW), it may be desirable to use and stitch completely disparate values of VNIs.

Benefits

Seamless Integration and Flexible Deployments. With Downstream VNI we have the opportunity for more seamless integration of disjoint networks with the same intent. As a result, a much more agile and time-saving approach is available. For use-cases where Extranet/Shared Service scenario exists, a more flexible deployment option exists with Downstream VNI.

How it works

1. Upon receiving a route update on the ingress VTEP (Upstream), the route is being installed with the advertised VNI from the egress VTEP (Downstream). In short, the prefix is installed with the Downstream VNI.

2. As a result, the egress VTEP dictates the VNI used by the ingress VTEP to reach the respective network advertisement done by egress VTEP. This way, the ingress VTEP uses the right VNI to reach the prefix advertised by the egress VTEP when forwarding data to this peer.

3. The process of Downstream VNI is achieved by the egress VTEP (Downstream) publishing the VNI via BGP control-plane protocol to other receiving VTEPs, which will use this downstream assigned VNI for the encapsulation instruction to send data to the egress VTEP. Data traffic will always be sent with the Downstream VNI assigned to a prefix and will override the otherwise honored configured VNI.

4. The egress VTEP dictates the VNI to be used by ingress VTEP by performing the downstream VNI assignment via the BGP EVPN control-plane protocol.

In the above example, the VTEPs have disparate VNIs i.e. 50001 and 50002. If VLAN 20 with VRF-B needs to communicate to VLAN10 of VRF-A, the VTEP-1 (L3VNI 50001) will act as a Downstream VTEP and dictate VTEP-4 to use VNI 50001 to encapsulate the packets to reach VLAN 10 and vice-versa.

What’s Next?

Stay tuned for our next blogs which cover features and benefits for VXLAN EVPN based data center fabrics such as Loop detection and mitigation in VXLAN EVPN fabrics, deliver packets in secured fashion across VXLAN EVPN sites using CloudSec and seamless integration of multicast packet (TRM) with MVPN (Draft-Rosen).

Continue reading

The Must-Know Techniques to Prevent IT Downtime

Everyone in IT knows the feeling. It’s the little voice in your head that pings you out of nowhere, and asks:

“Have I covered everything? Are we as prepared as we should be for an outage? How much does our resiliency plan have to change?”

You’re certainly not alone. Over the past three years, 96% of IT leaders have experienced at least one significant outage. In the same period, the average U.S. organization experienced 10 IT blackouts or brownouts.

Outages have become alarmingly close to common. Thankfully, there are strategies you can introduce to prevent unexpected downtime before it happens – and get the reassurance of comprehensive network insight to preempt issues.

The true cost of IT outages

When an organization’s network goes down, the effects can be anywhere from inconvenient to catastrophic. In total, IT outages cost North American businesses $700 billion every year.

These losses aren’t confined to revenue. Losses can impact internal productivity, mitigation costs, and even the brand. Just one hour’s downtime can cost an average of $250,000 to $300,000, depending on the size of an organization and its industry.

In the new era of ‘the customer experience’ – where expectations for a superior experience and network access continue to grow – the stakes for staying connected have never been higher.

The basics of incident prevention

The biggest challenge in preventing brownouts and blackouts is identifying root causes in advance and preempting their effects. To achieve this, your organization needs proactive processes to monitor your network, identify risks, and take preemptive actions.

However, monitoring can be difficult for understaffed IT teams, who are focused on the delivery of immediate business goals. Monitoring takes time, and automation is required to identify risk faster, accelerate remediation and reduce the chance of error.

There is another way. Cisco Business Critical Services (BCS) augments your team with analytics and expertise. By investing in experts who’ll continuously engage with your IT professionals and share proactive recommendations to prevent incidents, your teams can get greater visibility into their IT infrastructure to improve uptime, performance, and availability.

Become an expert by learning from others

It’s one thing to understand what could go wrong in your organization. The next step is learning from other businesses’ experiences, and how their outages can help prevent yours.

Thanks to advances in predictive analytics and machine learning, businesses now have access to global intelligence to predict weak points in their own networks. For example, Cisco’s BCS experts draw on their anonymized and proprietary database collected and aggregated from over 30 million devices worldwide.

By cross-referencing our data with your devices, we can help you identify and mitigate vulnerabilities before they impact your organization. Empowered by Cisco intellectual capital, our expertise – powered by analytics, insights, and automation – can help your IT teams avoid costly downtime.

How to review an outage

Likewise, if an outage does take place, a consistent, proactive approach is critical to reaching a positive outcome. As part of Cisco BCS Advantage, our Expert Incident Review recommends best practices to shore up your own incident review framework, then practice it, to improve your network stability and performance:

Turn adversity into opportunity

Network brownouts and blackouts are costlier than ever. But with incident prevention, regular reviews, access to Cisco experts, analytics, insights, and more, IT decision makers are well-positioned to deliver an always-on network.

Continue reading

Why SOAR Is the Future of Your IT Security

The threat landscape evolves constantly, with new and increasingly sophisticated cyberattacks launching with growing frequency across network, cloud, and software-as-a-service environments.

As threats continue to stack up against organizations, IT teams face the challenge of managing heterogeneous end-user device environments composed of various network-connected devices, operating systems, and applications. They must ensure that consistent, organizationally-sanctioned controls are applied across these environments.

While this is achievable with the right security expertise, there is also a global cybersecurity skills shortage. In fact, 3.5 million cybersecurity positions are expected to remain unfulfilled by 2021.

These challenges are not insurmountable. They can be conquered with the security operations and incident response approach called SOAR.

What is SOAR?

SOAR refers to a solution stack of compatible software that allows organizations to orchestrate and automate different parts of security management and operations to improve the accuracy, consistency, and efficiency of security processes and workflows with automated responses to threats.

How does SOAR work?

Security orchestration

The first component of SOAR, security orchestration, involves leveraging the different, compatible products for use within a solution stack to orchestrate the management and operations activities through standardized workflows. These security solutions automatically aggregate data from multiple sources, add context to that data to identify potential weaknesses, and use risk modeling scenarios to enable automated threat detection.  Recognizing this, more and more organizations are prioritizing the need for effective integration between security technologies to enable rapid threat detection and response.

Security automation

The second component is security automation, which involves automating many of the repetitive actions involved in the threat detection process.

Traditionally, security analysts within an organization would handle threat alerts manually, usually multi-tasking to size up alerts from numerous point solutions. This increases the likelihood of human error, inconsistent threat response, and high severity threats being overlooked.

SOAR, on the other hand, automates gathering enrichment and intelligence data on an event, can perform common investigative steps on behalf of the analyst to help triage events, and consistently delivers on the orchestration and response of the incident response lifecycle.

Security response

The third component, security response, involves triage, containment, and eradication of threats.

Response methods depend on the type and scope of the threat. Some threat responses can be automated for faster results, such as quarantining files, blocking file hashes across the organization, isolating a host or disabling access to compromised accounts.

However, sophisticated cyber-attacks require sophisticated responses. This is where security playbooks come in.

With Cisco Managed Detection and Response (MDR), automation is supported by defined investigation and response playbooks, containing overviews of known threat scenarios and best practices for responding to different types of threats. The role of automation is to rapidly execute these playbooks.

What does a threat detection and response process look like with SOAR?

Let’s start with an example based on AMP for Endpoints identifying a file as potentially malicious. SOAR would be able to begin the investigation process, start answering questions, and performing tasks automatically such as:

◉ Was the file quarantined?

◉ Was the file executed?

◉ Where else has this file been seen in the network?

◉ Detonate the file in a Cisco Threat Grid sandboxing environment

◉ Investigate using available context related to connection, file, and source at relevant technologies, such as Umbrella and Stealthwatch Cloud

◉ Retrieve any available threat intelligence information on the file and check for occurrences of known indicators of compromise (IOCs)

◉ Collect identification information on the host and username

The answers to these questions provide contextual information to the investigator to aid in determining the legitimacy, impact, urgency, and scope of the incident. This information in turn determines appropriate response actions, which may include:

◉ Quarantining the host on the network

◉ Blocking the file hash across the network

◉ Blocking IOCs

◉ Scanning and cleaning any devices with occurrences of IOCs

Betting on SOAR

The cybersecurity skills shortage, tight IT budgets, the dynamic nature of the threat landscape, and the need to optimize security operations make SOAR a compelling proposition.

With Cisco MDR, security alerts, correlation, and enrichment are automated; blocked items are propagated for instant containment; and indicators of compromise are reported near-instantly for blocking, hunting, and follow-up.

The result is streamlined security operations and a stronger security posture without breaking the IT budget or having to recruit a team of security analysts.

Continue reading

Cisco Secure Remote Worker Architecture for Azure

Today companies are investing in empowering their workforce to have a secure connection to the resources hosted in the Cloud. Cisco provides a secure remote worker solution that uses the Cisco AnyConnect Secure Mobility Client, Cisco Duo, Cisco Umbrella, and Cisco Advanced Malware Protection (AMP) for Endpoints.

◉ Cisco AnyConnect Secure Mobility Client: Cisco AnyConnect Secure Mobility Client empowers remote workers with frictionless, highly secure access to the enterprise network from any device, at any time, in any location while protecting the organization. It provides a consistent user experience across devices, both on and off-premises, without creating a headache for your IT teams. Simplify management with a single agent.

◉ Cisco Duo: Cisco Duo is a user-friendly, scalable way to keep business ahead of ever-changing security threats by implementing the Zero Trust security model. Multi-factor authentication from Duo protects the network by using a second source of validation, like a phone or token, to verify user identity before granting access. Cisco Duo is engineered to provide a simple, streamlined login experience for every remote user. As a cloud-based solution, it integrates easily with your existing technology and provides administrative, visibility, and monitoring.

◉ Cisco Umbrella Roaming Security Module: Cisco Umbrella Roaming Security module for Cisco AnyConnect provides always-on security on any network, anywhere, any time — both on and off your corporate VPN. The Roaming Security module enforces security at the DNS layer to block malware, phishing, and command and control callbacks over any port. Umbrella provides real-time visibility into all internet activity per hostname both on and off your network or VPN.

◉ Cisco Advanced Malware Protection (AMP) Enabler: Cisco AnyConnect AMP Enabler module is used as a medium for deploying Advanced Malware Protection (AMP) for Endpoints. It pushes the AMP for Endpoints software to a subset of endpoints from a server hosted locally within the enterprise and installs AMP services to its existing user base. This approach provides AnyConnect user base administrators with an additional security agent that detects potential malware threats in the network, removes those threats, and protects the enterprise from compromise. It saves bandwidth and time taken to download, requires no changes on the portal side, and can be done without authentication credentials being sent to the endpoint. AnyConnect AMP Enabler protects the user both on and off the network or VPN.

Figure 1 – Components of the Cisco secure remote worker solution

Cisco Secure Remote Worker Architecture for Azure

Today organizations are consuming services, workloads, and applications hosted in Azure (Public Cloud). Azure provides a wide range of services that offer ease of usability, orchestration, and management. Customers are embracing these services, but this resource consumption model opens another attack surface. Using Cisco Security controls, customers can provide a secure connection to the Azure cloud infrastructure. This remote access VPN architecture protects multi-VNet, multi-AZ (availability zone) by extending the Cisco Secure Remote Worker solution. This Architecture brings together Cisco Security and Azure Infrastructure-as-a-service (IaaS) and extends remote access VPN capabilities with Duo, Umbrella, and AMP Enabler.

Figure 2 – Secure Remote Worker architecture for multi-VNet, multi-AZ

The above network design has the following components and services:

◉ Cisco ASAv or Cisco NGFWv for Remote access VPN termination (TLS or DTLS)

◉ Cisco Secure AnyConnect Mobility Client on the endpoints

◉ Microsoft Windows 2019 Active Directory for LDAP

◉ Cisco Duo for Multi-Factor Authentication

◉ Umbrella Security Roaming Module for DNS Layer Security

◉ AMP Enabler for protection against Malware

This Architecture is designed on the bases of the Hub and Spoke model, the hub-vnet has firewalls for VPN termination. The Hub-VNet is connected to spoke-VNets using VNet peering. VNet peering uses the Azure backbone network and the Azure backbone network provides higher throughput.

◉ Remote Access VPN sessions are load balanced by Azure Traffic Manager

◉ Azure Internal Load Balancer (Standard) is used for non-VPN traffic load balancing (East/West)

◉ Azure External/Public Load Balancer is used for non-VPN traffic load balancing (North/South)

Traffic Flow 

Remote Access VPN: Azure blocks layer-2 visibility required for native HA and VPN load balancing to work. To enable resiliency and VPN load balancing, one must rely on the native cloud services such as Azure Traffic Manager (ATM), DNS, and UDR. In this architecture, VPN users send VPN traffic to the Azure Traffic Manager. ATM tracks all the firewalls using probes, and it load-balances VPN connection endpoints (Cisco Firewalls).

◉ Each Firewall has a separate VPN pool

◉ Azure User Defined Route (UDR) forwards traffic back to the correct firewall

◉ Azure Traffic Manager load balances the RAVPN traffic

Figure 3 – Secure Remote Worker architecture for multi-VNet, multi-AZ (RA VPN Traffic Flow)

Non-VPN (East/West): Firewalls in the HubvNET inspects east-west traffic, each subnet in the spoke VNet has a route-table that has a user-defined route (UDR) pointing to Azure ILB “virtual-IP address”. Traffic lands on ILB and ILB forward it to the firewall. The firewall inspects the traffic; if traffic is allowed, it is sent to the destination VNet using VNet peer. Return traffic is forwarded back to the ILB because of the similar UDR is applied on destination VNet also. ILB maintains the state and sends traffic back to the same firewall that processed the initial packet flow.

Figure 4 – Non-VPN East/West Traffic Flow

Non-VPN (North/South)

◉ Outbound Traffic Flow: Each spoke subnet has a route-table associated with it. UDR controls traffic routing, and it has a default route that points to ILB’s virtual IP (VIP). HubvNET has ILB, and ILB points to firewalls for internet connectivity. Internet traffic is load-balanced on the perimeter firewall, and traffic is SNATed to the outside interface IP address. Outbound traffic does not hit the external load balancer because a public IP mapped to the outside interface of the firewall and UDR on the outside subnet used 10.82.1.1 as a default gateway. Azure ILB used in this architecture is a standard SKU that requires explicit Azure NSG to allow traffic on firewalls (backend devices). There is an azure NSG applied to inside and outside interfaces of firewalls; this NSG has allow-all rule applied, but you can restrict traffic according to your Infosec policy.

Figure 5 – Non-VPN North/South (Outbound Traffic Flow)

◉ Inbound Traffic Flow: External users would access frontend IP on the Azure public load balancer (ELB), ELB has external interfaces in the backend pool. ELB is responsible for load balancing incoming non-VPN traffic, ELB sends traffic to the firewall if allowed traffic is SNATed to inside interface to maintain traffic symmetry.

Figure 6 – Non-VPN North/South (Inbound Traffic Flow)

Continue reading

4 Ways We’re Growing with Cisco’s Community Garden

Something I have always loved and admired Cisco for is how they go above and beyond in connecting everything. Yes, we have great food services, a wonderful gym, and both indoor and outdoor spots at our global campuses (when it is safe to be in office, of course.) But it is not just about connecting the products and people here, but also the people to nature.

That is what surprised me the most, when I learned of our community garden in Bangalore – a small piece of land where employees can farm and grow fruits and vegetables.

It is where we, as team members can come with a focus on learning and growing together. We can pick daily yields like green chilies, before moving on to weeding and watering the plants. And what of pesticides? Well, Cisco is making an organic pesticide from the cafeteria’s solid waste so that we can have some organic veggies!

This is an activity with two kinds of results – a direct result which is the yields from the garden, and the indirect result of the experience we have because of our garden. I would love to share more about our experience with you and how our garden truly benefits our team.

1. Team collaboration: Each year, teams look for ways to bond through events, trainings, and experiences. I would say our garden has been one of our best team bonding activities. We see results every day and realize that we must put in the work – together – to take care of our plants. Every crop is different – some need more time to grow, others may be distracted by bugs, some may spread out while others go deep into the earth – these are things we have learned over time as we account for each plant and their needs. This translates to our team as well.

2. Relaxing with nature: Green, is the color of nature and it helps in comforting and refreshing the mind. It’s why many experts suggest looking out the windows often throughout the workday to have a moment of relaxation. Now think about how much physically going outside may reduce your stress. I know that by going out into nature as a team for those 10 – 15 minutes every day, we come back better rested and ready to tackle our afternoon with a clearer mind.

3. Share like friends: This community garden gave us a chance to expand our habit of sharing our crop yields with one another. We have gotten to try and learn new things, while bonding not just as a team – but as friends. It makes me proud to know that Cisco supports initiatives that work to make our lives more well-rounded and empowers us to make our friendships and teams stronger.

4. Work-Life Balance: At Cisco, we’re encouraged to bring our whole selves to the office – to really ‘be you, with us’ – and I’ve found our little garden even helps here as we bring stories back to our families of the great things that happened in the garden that day. We were also able to bring the family to the garden over the weekend so that they could see our efforts and help us to maintain the plants. This always gives me the biggest smile to see all the families working together as well.

It is wonderful to see one of the oldest professions (farming) blending so beautifully with one of the newest professions in tech. It is truly a gift that Cisco inspires us to connect everything in our lives to work towards a better world.

Continue reading

Three requirements to securely connect your industrial network

Digital transformation initiatives are driven by the desire to make data-driven business decisions. Whether you’re looking to increase production, reduce waste, or improve safety, the answer resides in your data: collecting it, analyzing it, and learning from it. But what happens when your data lives in extreme locations? Perhaps in places of severe heat, cold, humidity, salinity, or dust? How do you gather information with such harsh conditions? And how do you do it securely?

The first step is to converge to a single IP network. Network convergence is a proven formula for pulling together all the data in your environments. Cisco has been helping hundreds of thousands of organizations to converge their voice, video, data, and IoT networks to a single IP network. We’ve been doing this for over 30 years, and we know it works. A single network is easy to manage and operate and reduces your total cost of ownership. However, the primary challenge with a converged network is that it needs to be secure. There are three elements you need to securely connect an industrial network: 1) purpose-built hardware, 2) digitally signed and authentic security software, and 3) extensible architectures.

1. Choosing the right hardware

Start with the right hardware. For industrial internet of things (IIoT), the network hardware must satisfy the requirements of both the operational technology (OT) department and the IT department. At a high level, OT runs point on operations and understands how the organization produces its goods or services. IT connects the network and wants to make sure it’s done securely. OT and IT each have different priorities, goals, and concerns, yet the hardware has to meet both sets of requirements.

In addition to meeting the requirements of both OT and IT, the network hardware you select for connecting the industrial network should have a hardware trust anchor. A hardware trust anchor ensures that whatever software runs on the hardware will do so in a secure manner. To this end, the hardware should have an anti-theft, anti-counterfeiting, and anti-tamper chip that is completely immutable, meaning that it cannot change. Also look for built-in cryptography functions, secure storage for certificates and objects, and certifiable entropy for random number generators.

2. Selecting the right software

Going up the technology stack, the next component you need to securely connect the industrial network is the right software. Complement the secure hardware with digitally signed images, a secure boot process, and runtime defenses to ensure the software is secure and hasn’t been tampered with.

What is meant by digitally signed images? When we compile an image at Cisco, we execute a hash function on the binary code. The result of that hash function is encrypted using Cisco’s private key, and that signature is embedded right within the software image. At boot time, two things happen: 1) the local machine computes its own hash based on the binary of the software image, and 2) it decrypts the information they’re in, looking for that signature and making sure the two match. This process provides reassurance that the software hasn’t been tampered with and that it’s safe to boot up. Digitally signed images are an important component to a secure boot process.

Now that the software has securely loaded on the device, the network administrator has at his or her disposal the most powerful and secure networking operating system in the industry: Cisco IOS XE, which contains over 1,300 security feature commands and keyword options.

Cisco IOX XE also supports application-hosting in containers so that they can run on networking devices. Leveraging this application-hosting capability, Cisco has recently delivered an OT-specific security solution, namely Cisco Cyber Vision.

Cisco Cyber Vision provides innovation in OT security. For example, Cisco doesn’t require customers to install dedicated hardware sensors, but rather virtualizes their sensor to run as an application on network infrastructure, such as Cisco Catalyst Industrial Ethernet (IE) switches or Cisco ISR Industrial Routers (IR) or even Cisco Catalyst 9300 switches (which may be found in some industrial environments, albeit in temperature-controlled cabinets/rooms). Cisco’s unique approach of using a software sensor for OT protocols is not only an industry-first, but also the most scalable solution in this space, as it allows for the security solution to simply scale with the network infrastructure itself.

Another innovation that Cisco brings to OT security is the use of distributed analytics and OT flow metadata to minimize bandwidth impact. The Cyber Vision sensors running on the network devices perform deep packet inspection (DPI) on all OT flows. However, rather than mirroring these flows to a central analytics engine (i.e. the Cisco Cyber Vision Center) these sensors summarize OT flows as metadata, similar to NetFlow records (though the metadata Cyber Vision uses far exceeds the data contained in NetFlow records). Cisco Cyber Vision goes beyond NetFlow by detailing attributes of the devices sending and receiving the flows, the OT protocols used, the commands sent and received, and even the specific variables that these commands reference. As an analogy, while NetFlow can tell you who is talking to who, Cyber Vision metadata can tell you not only who is talking to who, but also the languages they are speaking, as well as specific details of their conversation. And the summary of these flows is highly efficient, typically consuming only 2-5 percent of incremental bandwidth.

3. Architectural integrations

The third piece in the tech stack is architectural integrations. Look for security solutions that leverage the existing network hardware to provide visibility into network traffic, and to identify and stop potential threats. Both IT and OT can benefit from having complete visibility of the OT environment, but IT cannot afford the operational overhead required to support a separate SPAN network. By integrating sensors into network hardware, IT can see anomalous behavior anywhere in the environment, while OT can obtain new and deeper insights into operations.

Ideally, the security solution also integrates with the technology used by the Security Operations Center (SOC) to monitor, investigate, and remediate security incidents in the IT environment. This way, the SOC has all the information it needs in one location to reduce the time to detect and respond to a security incident. Security analysts can see, for example, whether an attack originated in the IT environment and moved laterally to the OT environment, or if an attack entered the OT environment via something like a vulnerable device.

How Cisco can help

Cisco’s industrial-grade network hardware and Cisco Cyber Vision are designed to work together to meet the three requirements for securely connecting an industrial network. Our ruggedized networking switches and routers are built to withstand the harshest environmental conditions while delivering enterprise-level networking capabilities, including a hardware trust anchor. Our software uses digitally signed images to validate that software has not been tampered with, and Cisco Cyber Vision leverages the network architecture to deliver visibility and control over the OT environment. Cyber Vision also provides real-time threat detection and integrates with the SOC.

Continue reading

6 Essential Elements of Your Managed Detection and Response Lifecycle – Part 2

This is Part 2 of our series on developing a managed detection and response strategy. If you missed Part 1, catch up here.

In the first part of this blog, we discussed the growing trend of remote work, how organizations have adapted to new working styles, and how this shift has created new challenges for security operations. We introduced a security operations detection and response methodology created around use cases, examining the first two of six phases – identify and prioritize.

In Part 2, we’ll guide you through the remaining four lifecycle phases: develop, evaluate, deploy, and enhance.

Develop

As we discovered previously, establishing and documenting a procedure for identifying and prioritizing threat scenarios allows you to maintain rigor and discipline throughout the security operations lifecycle.

Here’s an example of steps SecOps teams could follow when developing a use case:

◉ Step 1: Review and refine the description of the threat and the requirements for addressing it

◉ Step 2: Ensure monitoring tool deployment and configuration

◉ Step 3: Validate data sources

◉ Step 4: Validate context sources

◉ Step 5: Perform a gap analysis against security operations procedures

Evaluate

Once a use case is developed, you’ll need to determine what will trigger a review or reevaluation of its function.   This will help avoid the “set it and forget it” approach that often leads to security operations teams losing sight of the need for this critical part of the lifecycle.

The better approach is to define clear notification criteria, so SecOps teams can ensure each use case stays relevant. This way, when thresholds are met – or when there is a change or update to the available context data – use cases can be reevaluated.

For example, age/duration, changes in compliance, threats, and data security can require a reevaluation of threat definitions, monitoring tools, contexts, validation metrics, and performance – or they could make a use case redundant entirely. Having a clear set of metrics that trigger reviews ensures necessary evaluations are not overlooked.

Deploy

The deployment phase involves the following practical tasks:

◉ Training security operations teams to respond to new alerts with clear actions

◉ Updating and publishing runbooks, ops guides, and process documents

◉ Promoting code through testing, staging, and production environments

◉ Reporting threat validation metrics

Once deployed, use cases must be continuously incorporated into the evaluation and enhancement workflows.

Enhance

Unlike the evaluation phase, fine-tuning a use case is not driven by network or business changes. Rather, it is driven by the evolution of threat tactics, techniques, and procedures, as well as changes in data and context. The purpose of this phase is to provide clear actions and remove any uncertainty.

Like other phases in this lifecycle, a defined process will allow teams to successfully address the rapidly expanding threat landscape.

Elements that could justify a reevaluation include:

◉ Event generation settings, thresholds and metrics

◉ Outputs, such as impact and urgency

◉ Environments leveraging automation

◉ Additional response options

Similar to the previous phase, you need to address operational processes, update runbooks, and provide training to Security Operations Center analysts.

Overlooking these activities or handing them over to operations analysts is a recipe for losing ground in the fast-paced threat landscape. It can lead to analysts being unable to effectively manage the overwhelming number of alerts, and increase the risk of human error, which in turn prolong investigations and increase workloads.

Taking a disciplined approach to structuring responsibilities and expectations for your teams will ensure continuity, while supporting the continued growth and maturity of your security operations program.

Learn from the experts

If you don’t have the resources to keep pace with the evolving threat landscape and manage security operations comprehensively, consider a solution like Cisco’s Managed Detection and Response (MDR). Our team of security investigators and responders utilize the unmatched threat research of Talos, and proven playbooks to guard your organization’s IT around the clock.

Continue reading

6 Essential Elements of Your Managed Detection and Response Lifecycle – Part 1

We’ve seen a sharp increase in the number of organizations growing their remote workforces over the last decade. In fact, at the start of 2020, the number of remote workers in the U.S. stood at 4.7 million, which represents 3.4% of the population.

The advent of cloud, multi-cloud, and hybrid cloud architectures has made it possible for businesses to rapidly adapt to changing workforces and working styles. However, these changes have also introduced new challenges in managing security operations.

The key reasons for this include:

◉ Workers are accessing organizations’ servers and applications remotely, which opens up new entry points for cyber attacks

◉ Employees are relying increasingly on cloud-hosted services to work and collaborate

◉ Remote workers are being targeted by more and more malware sites

◉ Employees fail to consistently practice good cyber hygiene

As the remote workforce grows and cyber threats stack up, its important organizations have the capability to manage risks and uncertainty to keep critical assets secure. Where risks are known, actions are clear. But with unknown risks, there needs to be a focus on disciplined research and investigation. This helps generate intelligence to develop detailed use cases, providing Security Operations (SecOps) teams with a guide to respond to threats.

By defining known and unknown risk scenarios in your security operations lifecycle, you can meet the demands of remote workers using cloud and network services, while ensuring you remain protected.

Let’s explore how to establish a six-phase threat detection and response methodology that addresses uncertainty.

Managing uncertainty with disciplined security operations

Identify

Establishing a clear methodology for security operations teams to follow is a critical element of effective and efficient threat detection and response.

This methodology starts with identifying uses cases.  Uses cases are the definition and analysis of an attack method.  In addition to the type of attack, use cases include step-by-step detail on how an attack unfolds, e.g. exfiltration of data from an organization or compromised privileged login, as well as possible control points for use in mitigation. Establishing a methodology that SecOps then leverages to identify and create new use cases is crucial to ensuring the organization maintains a strong security posture.

Building a disciplined approach to use case identification and analysis is the foundation of your detection and response process; providing insights on use case relevancy and organizational asset protection effectiveness.

Without these insights you will lack the visibility needed to truly maximize the value of follow on process steps such as developing, evaluating, and enhancing.

Organizations that follow a defined methodology to discover, collect, refine, validate, and apply changes to use cases address a critical weakness in “set it and forget it” programs. These programs assume the security policies and use cases developed at the time of implementing advanced operations tools remain static – an assumption that can create broad gaps in your threat visibility.

Prioritize

Prioritizing use case development is very important given it directly impacts how fast your organization is ready to respond to specific threats.  It is often debated which use cases to do first, which are most important, and how to assess the lifecycle for additional use cases. While prioritization could be based on importance, you’re likely to be more effective balancing importance with feasibility (e.g. how complex and risky is the use case to implement) and the speed at which a particular business operates.

Establishing a model to prioritize use cases will help you manage this balance. One approach is to create relative categories. For example:

◉ ‘Control’ based use cases relate to a regulatory objective, such as Payment Card Industry Data Security Standard (PCI DSS)

◉ ‘Threat’ based use cases leverage threat intelligence related to Tactics, Techniques, and Procedures (TTPs)

◉ ‘Data or Asset’ based use cases relate to specific datasets or assets that represent additional risk to the business

Reviewing new use cases in each of these categories with a balance between importance and feasibility provides a great strategy for new use case prioritization.

Continue reading

How Partners Make Money with Cisco Customer Experience (CX)

With the advent of SaaS and cloud business models, customers expect a shorter time between when they buy something and when they attain value from their purchase. These days, partners can’t sell something, install it, support it, and expect their customers will satisfactorily consume and receive available value from what was bought.

Partners need to enable customers with a customer success strategy that helps ensure they will derive maximum value and ROI from their purchases — but this can be challenging. As an example, newly purchased business-critical technologies can be complex to implement and deploy. As another example, in the absence of usage data, it’s often difficult for customers to know their level of consumption for purchased products, which can make renewal discussions troublesome.

The Cisco Customer Experience (CX) team has an answer, helping Cisco partners transform from a traditional product resell business model to a value-added lifecycle growth model and helping them to help their customers extract the most value from their investments.

To be clear, many Cisco partners have built very successful businesses selling their professional services along with reselling Cisco offerings. That said, although this approach has yielded considerable success in the past, going forward it is not well differentiated, because many partners can essentially replicate this formula. The result is a diluted value proposition, reduced margins, and — quite frankly — a future struggle for survival.

So, to help partners create new sources of value and enable expanded growth, while helping ensure that customers have an optimal experience, Cisco offers the CX Success Portfolio. The Cisco CX Success Portfolio consists of three fundamental elements:

◉ A simplified Cisco portfolio of products and services that makes it easier for buyers to buy and partners to bundle in their own value-add services.

◉ Insights and analytics based on usage and telemetry data generated from the Cisco portfolio, spotlighting customer consumption of the overall product and specific features and enabling ongoing partner-to-customer discussions to help deliver customer satisfaction and identify partner upsell opportunities.

◉ A lifecycle selling framework, which helps guide the selling motion to where there are opportunities to grow revenues.

A simplified Cisco portfolio

Previously, Cisco services were sold as product attach during the initial sale and then hopefully again at renewal. The result was a complicated portfolio of product and service offerings not aligned to the customer lifecycle. In the future, the new CX portfolio will have a simplified, agile, and innovative services portfolio with flexible options to meet your customer’s business requirements. We are developing a new suite of solution capabilities comprised of four primary focus areas:

1. Expert Resources
2. Trusted Support
3. Insights and Analytics
4. Contextual Learning

We are evolving our portfolio with new Expert Resources; designed a more tailored approach to hardware and software with Trusted Support; added Insights and Analytics features; and added Contextual Learning to create an optimal experience in every step of your customer’s lifecycle journey. We will offer graduated service levels that build upon each other as they increase — with everything from self-help tools to working beside them to show, guide, and jointly team to deliver the right level of support to meet specific needs or directly execute successful outcomes.

Your customer can choose the right level of support, expert guidance and insights that aligns with their budget, resources and IT environment, to resolve issues quickly and realize value faster at all levels of their lifecycle.

Additionally, this simplified portfolio makes it easier for partners to bundle in their own value-added implementation, deployment and ongoing management services. As an example, a partner can bundle in accelerators, such as one-on-one workshops, which provide deeper education on how to deploy a purchased technology.

Insights and analytics

In addition, the Cisco portfolio now provides usage and telemetry data, offering partners insights into how much their customers are utilizing the products they’ve purchased. This data becomes a critical tool to help partners engage with customers, ultimately with the goal to increase usage and satisfaction with purchases, which can lead to increased renewals. This data also gives partners a lens into opportunities on how best to position their services en route to upselling additional services.

Lifecycle Services Framework

Ultimately, Cisco’s simplified portfolio, along with insights and analytics, provide the foundation for partners to align their services around the Cisco CX Lifecycle framework racetrack, as shown in Figure 1.

Figure 1: The customer lifecycle

Partners can utilize this framework to align capabilities in their organization to deliver enhanced customer experiences in areas such as customer and user onboarding, implementation, adoption, expansion, training, customer success help desks, and traditional technical support. Likewise, partner CX capabilities need to meet customer expectations around regular reviews of product utilization and outcomes delivered, help with renewals and future planning, and provide timely updates on new features and offers.

The breadth and depth of partner lifecycle services, offered in concert with their industry and domain expertise, can create strong differentiators and help fuel future growth in four major areas:

◉ Increase deal sizes at purchase, because partners are better positioned to achieve a higher attach of Cisco CX offers and sell at a higher price point as a part of the bundled offer.

◉ Increase bookings, because more partner value-added services can be sold along with Cisco Simplified Portfolio offers. Partners will have opportunities to better differentiate themselves by offering accelerators for deployment and adoption of technologies.

◉ Increase renewal rates through insights and analytics, facilitating partner investments in their customers’ success as they work with customers around increasing adoption and renewal activities.

◉ Increase upsell pull-through, as partners utilize insights and analytics to identify additional upsell opportunities for Cisco product portfolio.

According to Cisco’s own research, by adopting the lifecycle selling framework, as shown in Figure 2, partners on average can expect to see a 1.15X increase in deal size, a 20 percent point increase in partner service pull-through, a 10 percent increase in renewal rates, and a 5 percent higher pull-through. Ultimately, this leads to increased partner revenues.

Figure 2: Partners can grow profitability with the CX lifecycle

How much additional revenue? Ultimately through the Cisco CX Success Portfolio and adopting the lifecycle selling framework, Cisco has discovered that over a five-year period partners on average can see a 2X increase in revenue, as shown in Figure 3.

Figure 3: Increased partner revenue through lifecycle selling

Survive and thrive

Essentially, Cisco CX is here to help partners not only survive by further differentiating their offers from traditional box reselling, but also thrive through increases in revenue over the lifetime of each deal.

In fact, this is the path Cisco took. In the last few years, Cisco has increasingly focused on growing its recurring software business, which has resulted in better visibility into future earnings and higher profitability. Partners can look to Cisco as an example of how they might evolve themselves.

Continue reading