An Easier Way to Secure Your Endpoints

Why is it so hard to secure your endpoints? The most simplistic reason is because endpoints are in the hands of human beings who can inadvertently click on a link that introduces malware or unwittingly use an unsecure Internet connection which allows threat actors to access a corporate network.

Read More: 700-805: Cisco Renewals Manager (CRM)

Organizations became more prone to breaches over the course of the pandemic because more and more workers were not inside corporate walls (and firewalls) and instead worked from places like a home office or café. With more endpoints outside the confines of the corporate WAN, the attack surface abruptly increased, and with this came greater risk. Working to keep endpoints secure while having to grant access so workers can be productive makes for a difficult balancing act.

Endpoints are ground zero for organizations of all sizes and across all industry verticals. Cisco examined the nature of security incidents detected by sensors through Indication of Compromise (IOC), detecting suspicious behaviors and analyzing patterns of malicious activity. These are the top four critical severity IOCs we observed:

Without the capability to bring visibility via focused detection, breaches can go undetected for months, until the organization’s critical data have likely already been compromised.

So, if we know endpoints are so often targeted, then why are many organizations having such a problem securing them?

Customers tell us their primary challenges are expertise, time, and evidence:

Challenge: Expertise	Challenge: Time	Challenge: Evidence
“My team can’t be experts on every new threat, or all be experts in threat hunting.”	“I don’t have enough time to go after every new threat, alert, patch and compromised device.”	“We can’t always identify which threats to prioritize or get to the root cause of every attack.”

These quotes have got to be music to the ears of threat actors. They know, like you do, how hard it can be to find skilled resources to staff your security team. Studies show that most organizations’ internal Security Operations Centers (SOCs) are only able to handle 7 to 8 investigations per day, in part because teams are burdened with frequent, false, and often redundant alerts. This leads to more manual effort for already understaffed teams, making it harder to keep pace with constantly evolving threats and issues. The result? You end up with gaps in security, higher operational costs, and a less efficient and, honestly, burned out team.

But I’m here to tell you it doesn’t have to be like that. Consider our solution offer, Cisco Secure MDR for Endpoint (formerly Cisco Secure Endpoint Pro):

◉ We do the heavy lifting of securing your endpoints: Our dedicated elite team of Cisco security experts performs 24x7x365 endpoint monitoring, detection, and response—so you don’t have to.

◉ We detect and respond to threats in minutes, not hours: Cisco specialists use automation and advanced playbooks, powered by the Cisco SecureX platform, and backed by Talos threat intelligence, to drastically reduce detection and response times.

◉ We investigate every threat and prioritize the most critical ones: We conduct an in-depth investigation of every incident you have and enable you to approve or reject remediation actions based on evidence from our experts.

Cisco Secure MDR for Endpoint can identify and then stop threats, block malware, and contain and remediate even advanced threats that evade frontline defenses. We look at all alert-able threats, investigate and prioritize them, and recommend response actions. We do this around the clock and around the globe, from dedicated, global Cisco SOCs.

By the way, let me tell you a bit more about the incredible Talos threat intelligence standing behind our detection and response capabilities. Talos is a recognized leader in threat intelligence research and proactive and emergency response security services. Their research work includes identifying over 30 billion events per day and then vetting those events with Talos’ 400+ researchers and investigators—benefitting our ability to detect and respond.

We built Secure MDR for Endpoint as a solution, so you don’t have to spend the time and money to build a SOC, develop or acquire the tools to make it work, and then recruit and train the personnel to staff it. Secure MDR for Endpoint takes the time, expense, and complexity out of identifying and responding to threats on endpoints. Our SOC experts use AI and machine learning to separate all the false positive alarms from the real issues that need to be pursued and managed.

Source: cisco.com

Continue reading

Network Service Mesh Simplifies Multi-Cloud / Hybrid Cloud Communication

Kubernetes networking is, for the most part, intra-cluster. It enables communication between pods within a single cluster:

The most fundamental service Kubernetes networking provides is a flat L3 domain: Every pod can reach every other pod via IP, without NAT (Network Address Translation).

The flat L3 domain is the building block upon which more sophisticated communication services, like Service Mesh, are built:

Application Service Mesh architecture.

Fundamental to a service mesh’s capability to function is that the service mesh control plane can reach each of the proxies over a flat L3, and each of the proxies can reach each other over a flat L3.

This all “just works” within a single Kubernetes cluster, precisely because of the flat L3-ness of Kubernetes intra-cluster networking.

Multi-cluster communication

But what if you need workloads running in more than one cluster to communicate?

If you are lucky, all of your clusters share a common, flat L3. This may be true in an on-prem situation, but often is not. It will almost never be true in a multi-cloud/hybrid cloud situation.

Often the solution proposed involves maintaining a complicated set of L7 gateway servers:

This architecture introduces a great deal of administrative complexity. The servers have to be federated together, connectivity between them must be established and maintained, and L7 static routes have to be kept up. As the number of clusters increases, this becomes increasingly challenging.

What if we could get a set of workloads, no matter where they are running, to share a common flat L3 domain:

The green pods could reach each other over a flat L3 Domain.

The red pods could reach each other over a flat L3 Domain.

The red and green pod could reach both the green pods and the red pods in the green (and red respectively) flat L3 Domains.

This points the way to a solution to the problem of stretching a single service mesh with a single control plane across workloads running in different clusters/clouds/premises, etc.:

An instance of Istio could be run over the red vL3, and a separate Istio instance could be run over the green vL3.

Then the red pods are able to access the red Istio instance.

The green pods are able to access the green Istio instance.

The red/green pod can access both the red and the green Istio instances.

The same could be done with the service mesh of your choice (such as Linkerd, Consul, or Kuma).

Network Service Mesh benefits

Network Service Mesh itself does not provide traditional L7 Services. It provides the complementary service of flat L3 domain that individual workloads can connect to so that the traditional service mesh can do what it does *better* and more *easily* across a broader span.

Network Service Mesh also enables other beneficial and interesting patterns. It allows for multi-service mesh, the capability for a single pod to connect to more than one service mesh simultaneously.

And it allows for “multi-corp extra-net:” it is sometimes desirable for applications from multiple companies to communicate with one another on a common service mesh. Network Service Mesh has sophisticated identity federation and admissions policy features that enable one company to selectively admit the workloads from another into its service mesh.

Source: cisco.com

Continue reading

Service Mesh for Network Engineers

Learning never ends, and that’s never been truer for the trusty network engineer. Of late Network Engineers have been moving up the stack, changing the way we deliver network services, becoming programmatic and using new tooling.

A not so scientific graph of what network engineers need to be aware of in 2020

The driving force behind these changes is the evolution of application architectures. In the era of modular development, applications are now collections of loosely coupled microservices, independently deployable, each potentially developed and managed by a separate small team. This enables rapid and frequent change, deploying services to where it makes most sense (e.g. Data Centre, public clouds or Edge). At the same time, Kubernetes (K8s) is quickly becoming the de facto platform upon which to deploy microservices.

What does this mean for the networker engineer? Well, routing, load balancing and security have been the staple of many over the years. It’s stuff engineers know very well and are very good at. But these capabilities are now appearing in some new abstractions within the application delivery stack.

For example, K8s implements its own networking model to meet the specific requirements of the k8s architecture. Included in this model are network policies, routing pod to pod, node to node, in and out of clusters, security and load balancing. Many of these networking functions can be delivered within K8s via a Container Network Interface (CNI) like Nuage or Flannel. Alternatively, you could leverage a lower level networking abstraction such as the Cisco Application Centric Infrastructure (ACI), benefitting from using one common network fabric for bare metal, virtual machines and containers.

As K8s is a container orchestrator, designed for creating clusters and hosting pods, its networking model meets exactly those needs. However, K8s is not designed to solve the complexity of microservices networking. Additional developer tooling for microservices such as failure recovery, circuit breakers and end to end visibility is often embedded in code to address those aspects, adding significant development overhead.

Enter stage left service mesh.

“The term service mesh is used to describe the network of microservices that make up such applications and the interactions between them. As a service mesh grows in size and complexity, it can become harder to understand and manage. Its requirements can include discovery, load balancing, failure recovery, metrics, and monitoring. A service mesh also often has more complex operational requirements, like A/B testing, canary rollouts, rate limiting, access control, and end-to-end authentication”

The above poses the question: is a service mesh a network layer? Well… Kind of. The service mesh ensures that communication between different services that live in containers is reliable and secure. It is implemented as its own infrastructure layer but, unlike K8s, it is aware of the application. Some of the capabilities it delivers to the application are recognisable network functions such as traffic management and load balancing, but these are executed at the microservices layer, and need that intimate knowledge of the application and its constituent services. Equally, the service mesh relies on lower level abstractions to deliver network functions as well.

Service mesh networking vs K8s networking

To compare the capabilities of k8s and service mesh let’s look at the example of a canary deployment. The idea behind a canary deployment is that you can introduce a new version of your code into production and send a proportion of users to the new version while the rest remain on the current version. So, let’s say we send 20% of users to our v2 canary deployment and leave the other 80% on v1.

You can achieve this with k8s but requires some hand cranking. It would require you to create your new canary deployment in proportion to what already exists. For example, if you have 5 pods and want 20% to go to the V2 canary, you need 4 pods running v1 and 1 pod running V2. The Ingress load balancing will distribute load evenly across all 5 pods and you achieve your 80/20 distribution.

Canary Deployments with K8s and Service Mesh

With service mesh this is much easier. Because the service mesh is working at the microservices network layer you simply create policies to distribute traffic across your available pods. As it is application-aware, it understands which pods are V1 and which pods the V2 canaries and will distribute traffic accordingly. If you only had two pods, V1 and V2, it would still distribute the traffic with the 80/20 policy.

In terms of comparing them, we can think of as K8s provides container tooling whereas service mesh provides microservices tooling. They are not competitive. They complement each other.

Looking at the overall stack, we can see that there are now four different layers that can deliver specific networking functions – and you might need all of them.

Abstractions and more abstractions

How Does a Service Mesh Work?

There are a number of service mesh options in the market right now. Istio from Google probably gets most the headlines but there are many other credible service meshes such as Linkerd, Envoy, and Conduit.

Istio Control Plane and Sidecar Proxies

Typically, a service mesh is implemented using sidecar proxies. These are just additional containers (yellow in the diagram above) that proxy all connections to the containers where our services live (blue in the diagram above). A control plane programs the sidecars with policy to determine exactly how the traffic is managed around the cluster, secures connections between containers and provides deep insights into application performance. (We will have some follow-up blog posts going under the service mesh covers in the coming weeks).

Ok. Great stuff. But what does this mean for the network engineer?

Many of the service mesh features will be familiar concepts as a network engineer. So, you can probably see why it’s important for network teams to have an understanding of what a service mesh is, and how, why and where these different capabilities are delivered in our stack. Chances are, you may know the team that is responsible for the service mesh, you may be in that team, or end up being the team that is responsible for the service mesh.

Delivering microservices works great in an ideal world of greenfields and unicorns, but the reality is that most don’t have that luxury, with microservices being deployed alongside or integrated to existing applications, data, infrastructure stacks and operational models. Even with a service mesh, delivering microservices in a hybrid fashion across your data centre and public cloud can get mighty complex. It’s imperative that network engineers understand this new service mesh abstraction, what it means to your day job, how it makes you relevant and part of the conversation, and perhaps it spells great opportunity.

If you want to learn more then there are a number of service mesh sessions at CiscoLive Barcelona.

Service Mesh for Network Engineers – DEVNET – 1697

Understanding Istio Service Mesh on Kubernetes – DEVNET-2022

DevNet Workshop: Let’s Play with Istio – DEVWKS-2814

But..why do I need a Service mesh? – BRKCLD-2429

Continue reading

4 Trends Molding the Future of Customer Service

Technology adoption and consumer behavior shifts have changed customer service forever. The simultaneous rise of mobile computing, social media, and changing demographics have aided a disruption that’s far from over. But as inevitable as change is, most companies are still using a 1995 playbook to solve modern customer service issues.

The issue with that 1995 playbooks is in its results. Eighty percent of businesses think they deliver superior customer service. Only 8% of customers think businesses deliver superior customer service.

It’s time for this to change. Here are four customer service trends that must impact how you interact with your customers from this point forward.

Proactive Customer Experience

While responding to customers online is less expensive than legacy customer service mechanisms like phone or email, the costs are real and the public nature of those pose risk.  Perhaps the best way to invest your resources is to legitimately improve your customer experience so fewer people have any reason to be upset with your business in the first place.

If you’re paying attention to customer feedback, you’re probably aware of the weak parts of your business. You know where and when customer satisfaction is likely to dip. Instead of waiting for your customers to experience those dips, proactively head them off at the pass. The best way to handle unhappy or unsatisfied customers is to eliminate the forces that make them unhappy or unsatisfied.

The best customer problems are the ones that don’t have to happen in the first place.

Self-Service Solutions

If customers can easily and thoroughly address problems on their own, they will. Self-service is an efficient path to issue resolution because customers don’t have to wait on your business to respond.

Self-service makes a lot of sense — on both the customer experience and cost efficiency fronts. According to Forrester, self-service increases customer satisfaction and lowers costs for businesses.

Forrester also found that 72 percent of consumers prefer using a company’s website to answer their questions. Unfortunately, businesses are not universally adept at this approach. Only half of customers can find the information they need online.

The best self-service programs are living organisms. They expand and morph and change to fit customer questions and complaints. To do this, managers must meet often with personnel interacting with customers to discuss what questions and issues are emerging. Many of the questions will be repeats. In fact, one-third of customer questions are common or repeat issues. The objective with self-service is to determine all of those likely questions, and then provide answers to customers in (ideally) multiple online formats.

Community-Based Service

If the most efficient way to get answers to consumers is to give them access to that information in a self-service capacity, the next best approach is to enable support from a customer community.

One of the reasons community-based customer service tools are so powerful is that collectively, the community knows more than any one customer service representative possibly could. These programs also have financial implications. Research from Gartner suggests businesses that implement community-based support can reduce costs by 10 – 50 percent. There’s another business benefit to these programs: Online communities can also breed deep insights that allows businesses and organizations to change their offerings, communicate more effectively, and enhance customer service when it does not need to be provided on a one-to-one basis.

Mobile Messaging Apps

Messaging has fundamentally changed the way we communicate with each another, and it’s making this transformation with gusto. According to Statista, Facebook Messenger has more than 1.3 billion active monthly users. WhatsApp (owned by Facebook) has more than 1.6 billion active monthly users, and WeChat is nearing 1.1 billion.

Messaging has transformed the world of customer service, changing the way people expect to interact with your business. Mobile usage studies show Americans are sending texts five times more often than they’re picking up the phone. In Asia Pacific and Latin American countries, those same studies show a strong preference for the aforementioned chat apps billions of people are using globally. In the U.S., this trend is even more prevalent with younger generations: 36 percent of Millennials would contact a company more frequently if they could text. Messaging apps are bigger than social networks and SMS. When it comes to younger generations, messaging dwarfs communications vehicles like email and phone calls as well.

Messaging apps are the biggest force in communication today, and their functionality for one-to-one messaging has everything you need for customer service. They’re private, which companies love. They’re persistent, which customers love. They’re real-time, and they’re asynchronous. Asynchronicity is one of the key factors that make messaging apps so convenient and powerful. A consumer can start a conversation with a business, do something more important, and pick up the same conversation where she left off 10 or 20 minutes later. Gone are the days of being on hold and gone are the expectations that being on hold is normal.

Not to mention the fact that messaging apps often get better satisfaction ratings than any other CX channel, including phone calls.

If you haven’t already, archive the playbook from 1995 and adjust how your business delivers customer service to meet the expectations of today’s customer.

Continue reading

How to Get the Most Value From Your Container Solutions?

There’s been a fundamental shift in the technology industry over past 3-4 years with “applications and software-defined everything” dominating IT philosophy. The market continues to move towards a cloud native environment where developers and IT leads are looking for agility in application development, faster application lifecycle management, CI/CD, ease of deployment, and increased data center utilization.

Today, engineers and IT operations teams are tasked with churning out applications, new features and functionalities, configuration upgrades, intelligent analytics and automation quickly and efficiently to stay competitive and relevant, all while reducing cost and risk. An elastic and flexible agile development is now considered core to innovation and to reduce time-to-market. However, IT is faced with some key challenges, such as: siloed tools and processes, delayed application deployment cycles, and increased production bugs and issues – all resulting in slower application time-to-market, increasing costs, risk and inefficiency.

Docker revolutionized the industry with the introduction of application container technology where you can run multiple applications seamlessly across a single server or deploy software across multiple servers to increase portability and scale. While this has helped achieve consistency across multiple, diverse IT environments, removed the underlying OS abstractions, and enabled faster and easier application migration from one platform to another — it’s only the beginning. Organizations still need the right strategy and support to accelerate adoption of container solutions.

And it’s no longer a matter of when, but how?

How to speed container adoption?

Containerization is the new norm. Moving applications across heterogeneous environments from the laptop to the test bed, from testing to production, and from the production cycle to actual release both quickly and efficiently, is testament to an efficient and scalable containerized strategy.

So no matter what your broader business goals are, whether you are looking to:

◈ Align your cloud strategies with corporate visions
◈ Identify specific use case requirements for implementing container solutions
◈ Get your applications ready for prime-time
◈ Spin up applications for seasonal capacity surges
◈ Enable operational scaling and design for multicloud/ hybrid cloud deployments
◈ Configure application security policies
◈ Align application automation across diverse DevOps teams to streamline operations and troubleshooting;

You need the right cloud and container strategy, tools and expertise to help you bridge the technology and operational gaps, and accelerate the process of modernizing traditional applications. Services can play a critical role in helping you fast-track your transformation journey, while enhancing application portability and ensuring the optimum use of resources.

Determine the best strategy for your business

You need the right strategy alignment and cloud roadmap to maximize the impact of your cloud services across the organization. Coupled with that is the growing importance attributed to determining governance and security policies to reduce IT risk and speed time-to-market. Employing the right expertise – whether in-house or external, can help you to not only identify the right use case requirements for implementing container solutions, and determine technology/ operational gaps but more importantly, help you optimize your investment across people, processes, and technology.

Accelerate deployment across heterogeneous IT environments

Quick and efficient deployment of container solutions across multiple, disparate IT environments is a must, to enable operational scaling, configure feature integration, and design for hybrid cloud solutions. This is a crucial step in the implementation process, and you need highly experienced and trained specialists who can ensure frictionless operations through end-to-end network automation.You need a fool-proof solution design, test plan and clear implementation strategy that can ensure reduced lifecycle risk and interoperability. Engaging the right experts and skill-sets will result in faster implementation and increased time-to-value.

Consistent optimization and support for continued success

Maintaining application consistency and optimizing your application environment post-deployment, will help you exact the most value out of your technology investment. Conducting regular platform performance audits, root-cause analysis, streamlining existing automation capabilities, and running ongoing testing and validation, are all akin to keeping the lights on. Having the best-of-the-breed technology and industry expertise coupled with integrated analytics, automation, tools and methodologies enables you to preempt risks, accelerate container adoption and navigate IT transitions faster. Furthermore, you need centralized support from engineer-level experts who are accountable for issue management and resolution across your entire deployment.

Looking to accelerate applications to market, Cisco can help through our unmatched IT expertise, experienced guidance and best practices.

We offer a lifecycle of Container Services across Advisory, Implementation, Optimization and Solution Support Services to help you drive faster adoption of container solutions. We take a vendor-agnostic approach to offer container networking, infrastructure and lifecycle support to enable distributed containers across the cloud; manage cloud-native apps with support for orchestration, management, security and provisioning, and ensure integrity of the container pipeline and deployment process.

We also launched a new container management platform called Cisco Container Platform, based on 100% upstream Kubernetes, that offers a turnkey, open and enterprise-grade solution that simplifies the deployment and management of container clusters for production-grade environments by automating repetitive tasks and reducing workload complexity.

Continue reading

Modernization of the Workforce Experience Journey

Collaboration technology is innovating at its fastest pace with more options than ever to increase productivity and empower workforces across the globe. CIOs are doing well in thinking about how they can use collaboration technology to their advantage, but there’s a drawback. Investments don’t always go as planned.

One of the main limitations we see is that organizations get caught in a vicious cycle, which traps them almost like quicksand (Figure 1).

Figure 1: Collaboration Investment Cycle

To break this cycle and create a truly integrated work experience, companies first need to think about collaboration investments in terms of continually aligning three aspects: people and the culture, technology, and organizational vision (Figure 2).

Figure 2: Collaboration Investment Alignment

Ideally all three aspects will carry equal weight because any breakdown will cause disruption to employee productivity. Figure 2 begins with organizational vision, in which investments are made from the bottom-up, rather than top-down, and driven by strong use-cases that highlight the need for specific change. Companies need to see how all the collaboration technology should work together in tandem to bolster productivity:

◈ People start work in documents and can share their content in real-time using a built-in Teams messaging application. They can easily choose who to share their content with (on their web browser, the application itself or their devices, or through email), as directories and Content Management Systems (CMS) are fully integrated

◈ When it’s time to join a meeting, employees can meet instantly with a “Join Now” option or simply use their email, which seamlessly links company directories and calendars

◈ Then people go into meetings in which they share their work to colleagues (both audibly and visually). People on-the-go can see and hear everything in high-quality format

◈ When the meeting ends, people can continue working in their documents and across Teams

Once an integrated vision is complete, organizations invest in the technology that will help turn this vision into a reality. However, this is where the disconnect between expectations and results often begins. Many companies purchase the collaboration products necessary for the integration but overlook the fact that they need services to truly tie everything together.

Cisco Services is the glue that helps customers with Cisco Collaboration products adapt and convert to a fully digitized collaboration environment, both efficiently and cost-effectively. We help organizations proactively solve issues ahead of time, such as network deficiencies that cause video quality issues, and reduce complexity with machine learning (ML) and artificial intelligence (A.I.) that can automate workflows for employees. We can even custom design a solution built around an organization’s unique needs and integrate with Content Management Systems for easy workflows with Webex Teams. The best part is, we can work with our partners to develop a hybrid go-to-market strategy for our customers, in which each party contributes a specialized portion of the solution.

We recently did this with a large global service provider who was able to ultimately lower its operational costs. Cisco helped the company create an enterprise-wide collaboration strategy and timeline through our “Strategy & Roadmap” service and devised an implementation plan through our Advise & Implementation service. One of our partners was brought in to enhance the collaboration solution through AI, natural voice recognition, and improved customer experience metrics while the other partner served as a systems integrator. This hybrid solution helped to ultimately win over the client with everybody’s combined credibility and experience. Cisco’s products and services, along with partner expertise, help our customers realize the value of their Collaboration technology investments more easily.

Throughout our experience, we’ve found that companies generally need help with digital integration in one or more different areas, which we call phases (Figure 3).

Figure 3: Digital Transformation Phases

Phase 1 engages all employees and helps businesses deliver a seamless meeting experience – from scheduling to joining to fully experiencing video and audio quality at scale. At this stage, customers often use our Webex [and Webex Teams] Advise & Implement service to get expert help and guidance on planning, designing, and deploying a full collaboration solution that minimizes the time and expense needed to achieve success. Before we even begin, we verify a network’s ability to support the proposed Cisco solution, analyze gaps and address likely risks, and provide remediation steps to quickly “nip problems in the bud.” This will help support an integrated collaboration environment that provides seamless collaboration (i.e. calling, meeting, messaging, and Teams content sharing) and user experience.

Phase 2 helps customers evolve their work by enabling video-first meeting experiences and integrating team collaboration with existing workloads, workstyles, and systems. The goal is to tap the collective intelligence of the enterprise and speed decision making among employees. At this stage, customers usually rely on us for our “Hybrid Media Services,” which can help them migrate to the cloud slowly while delivering consistent user experiences at infinite scale, and our Business Critical Services,  which help to reduce complexity and costs through analytics, automation, and ML/AI. The real benefit from Business Critical Services is that they can help customers move to a more proactive IT model that can predict and fix problems automatically before reaching the end-user. Future corrective action could be as easy as fine-tuning the automation or additional configurations and could be as complex as predicting a crash that could render the network (and thus collaboration efforts) useless.

Finally, Phase 3 empowers teams by integrating the workflows from 3rd party applications, such as Office365, Box, ServiceNow, Microsoft Exchange and Active Directory, etc. Customers rave about our Custom Application Development &. Integration (CADI) service, which provides API integration for third party application. For one global financial institution, Cisco Services used its CADI service to combine Webex Teams with an automated assisted bot program powered by A.I. Ultimately, we were able to virtually eliminate manual, repetitive, time-consuming tasks that not only reduced OpEx by saving the organization thousands of man hours but also helped assemble packages for portfolio reviews and ensured quality, standardization, and better service for its customers. Other popular services at this stage include “Webex Teams Archival and eDiscovery” service, which enables storage, search, and retrieval of eDiscovery documents, and our “CloudLock” service, which helps to secure cloud communications.

Once customers are able to strongly link products and services for their collaboration technology, as well as successfully map out an organizational vision, the last step, as outlined in Figure 2, is to ensure that all employees are adopting the collaboration tools and using them to the best of their advantage. Businesses at this stage rely on Cisco Services for our Adoption (User Solution Empowerment (USE)) services, which provide customized processes, tools, and techniques from certified change management professionals that help end users adopt your collaboration products and technology with greater speed and effectiveness. Getting an organization’s employees to consistently use, and rely on, an integrated set of collaboration technologies is the final key to avoid the common disconnect between collaboration investment, expectations, and results (see Figure 1).

Continue reading

Service Provider Digital Transformation and Security

For many service providers, the digital transformation journey may not be the smoothest.

Many service providers (SP) are going through a phase where they are either trying to understand the new technologies or in the process of early adoption and implementation–with a majority just beginning to understand and adopt. New technologies like internet of things (IoT), cloud, software defined networking (SDN), network function virtualization (NFV), and others are predicted to have a tremendous implication on an SP’s core business model and their journey toward cost reduction and new service offerings.

Mergers and acquisitions are going to be the norm in the SP space. A broad spectrum of services under one umbrella, with consolidated customer bases, will increase customer stickiness and will be a differentiating factor for many SPs.

Ensuring Security is Built-in

As SPs introduce new technologies and pursue increased mergers and acquisitions, numerous security challenges arise. In many cases security is typically an afterthought and can quickly become a minefield if not considered early enough or done correctly during these acquisitions and mergers.

The other side of the SP journey is focused on their business strategy: they are working to make sure that their average revenue per user (ARPU) keeps increasing with the changing revenue models. One big opportunity in revenue generation is how SPs can monetize security and offer it to their customers.

Currently, majority of the SPs, as part of securing their digital transformation, are trying to think about how to proactively secure their network architectures. At the same time, they are working to make sure they have reactive capabilities and teams are in place — be it an incident response capability or employing strong forensic expertise within their teams or by working with a partner.

As SPs begin to realize how important security is to their business, they are correspondingly assigning increased budget to security initiatives.   IDC recently published an InfoBrief titled “A Pulse on the Service Provider Industry: Digital Transformation and Security Services” that indicates SPs have allocated up to 20% more for security products and services over the last two years.

Figure 1: Increasing security budgets: Year-Over-Year. Source IDC

In the process of moving toward a more secure infrastructure, the customers of SP are also in the same boat and want to better secure their infrastructure. This presents an opportunity for the SP to add security as a value-added play that can help a SP move the needle in revenue generation. According to IDC, 56% of SPs say they will expand their security services offering in the coming year due to customer demand. SPs are actively moving toward providing security advisory services like penetration testing, network architecture assessments, and breach response services, either through internal capabilities or in partnership with a 3rdparty provider.

According to IDC, the demand for security services are driven in large part by enterprises who are seeking assistance to deploy security appropriately in their digital transformation, secure cloud and data center migrations.

Figure 2: Security assistance needed during Digital Transformation. Source: IDC

By offering security advisory services, SPs can assure their customers they are in this journey together. They can demonstrate they want to help their customers scale up and improve their security posture, versus being a traditional SP, with limited offers. In addition, SPs can differentiate themselves against competitors by offering security services to their enterprise customers. Such services improve customer retention, revenue growth and can lead to higher customer satisfaction.

In summary: service providers have an opportunity to become their enterprise customers’ go-to team for ensuring that enterprises are securely moving toward the adoption of new technology.  SPs who do not have security as a core skillset should proactively seek 3rdparty partnerships to develop new security capabilities or to enhance existing security capabilities.

Cisco’s Security Services offer a broad portfolio that includes incident response, penetration testing, secure SDN/NFV, and cloud security that are designed to help SPs secure their infrastructure. In addition, Cisco and the service provider can partner together to build and deploy security capabilities that the SP can offer to their customers.

Continue reading

Solving Security and Compliance Problems with Cisco Business Critical Services

Organizations today need to be both nimble and secure. They’re adopting Cloud, IoT, and machine learning at increasingly quickening speed as well as evolving their applications and endpoints as well as campus, data center, and WAN networking to adapt to their digital business as well as address security risks. At the same time that compliance regimes are a moving target putting increasing pressure on organizations.

In this ever changing world, many organizations struggle with maintaining good security and compliance hygiene. Year over year, IT departments attempt to manage through compliance drift as networks evolve, new systems are added, configuration changes are made, and knowledgeable individuals leave their teams. Poor audit management practices increase audit fatigue and risk even higher rates of attrition. Add requirements for risk assessments, penetration tests, privacy impact assessments, and robust processes; not to mention the pressures of being able to identify and respond to an evolving security threat landscape and the operational pressures, including OpEx spending, can be immense.

About Business Critical Services 

Business Critical Services is the next generation of subscription based advanced services. By leveraging our expert guidance, analytics, and automation solutions, we can not only address resilience, flexibility, and support concerns, but can craft ongoing services to help manage security threats and reduce compliance overhead while decreasing OpEx, allowing customers to focus on activities that most contribute to the growth of their businesses.

Solving Compliance Problems with Business Critical Services

Business Critical Services includes a wealth of offers, or deliverables, which help customers reduce compliance drift, decrease operational churn, and drive increased compliance fidelity regardless of the compliance requirement. From automated compliance hygiene to Privacy Impact Analysis, Business Critical Services enables customers to right size a solution that meets most compliance requirements they face. For example, a customer that must be compliant to the Payment Card Industry – Data Security Standard (PCI-DSS) may choose to take advantage of the following Business Critical Services:

◈ Automated Software Compliance and Remediation, Configuration Compliance and Remediation, and Regulatory Compliance & Remediation form the core of our compliance offerings. These services automate the tasks of identifying and remediating compliance drift by validating that software versions are up to date, vulnerabilities are identified and remediated, and configurations are compliant to both regulatory requirements as well as defined gold standards.  All of this is central to several PCI-DSS requirements.  These services alone provide much needed operational relief from maintaining compliance and provide evidence for your auditors to review.

◈ Security Compliance Assessment augments our automated capabilities using Cisco compliance experts to validate policy, processes, and technical requirements where assessment cannot be automated. When combined with our automated compliance capabilities, this provides a comprehensive view of audit readiness and both tactical and strategic remediation requirements. For PCI-DSS, we review the complete set of requirements, enabling customers to make audit outcomes more predictable and eliminate last minute remediation scrambles.
Network and Application Penetration Testing within Business Critical Services can be used to meet the PCI-DSS requirements to perform these tasks regularly.

◈ Enterprise Security Advisor provides a strategic resource to help drive security and compliance. The best use of this service for Compliance is to engage Cisco as a program manager to collect, collate, and present evidence to your auditor while managing your IT compliance processes, reducing audit fatigue on your staff and freeing up individuals to focus on business growth and digital transformation.

Solving Security Problems with Business Critical Services

In addition, Business Critical Services, can be used to solve operational and ongoing security issues, helping reduce the attack surface of our customers while identifying and helping to remediate vulnerabilities, ensuring the upkeep of security infrastructure, planning and accelerating security architecture transformation, and managing to security threats and incidents. This includes:

◈ An Incident Response Retainer providing both proactive and reactive threat management activities to our customers. We offer one of the most robust and flexible retainers in the business.

◈ Our automated compliance offerings also support good security hygiene, evaluating and remediating configuration and software exposures that expose up attack surface

◈ Health checks and optimization services to facilitate proper maintenance and management of security systems, protecting and enhancing the return on investment for Cisco security architecture.

◈ A Technical Knowledge Library including guides and best practices for security infrastructure to help customer staff manage their security controls

◈ Network Device Security Assessment to analyze security device configurations and firewall rules to identify gaps and recommend remediation

◈ Collaboration Security Assessment to protect against threats to Cisco Unified Communications, video collaboration, and contact center solutions.

◈ Security Metrics Program support to design and manage KPIs to communicate control effectiveness and levels of risk to management

◈ Cyber Range Workshops to provide security operations training to SOC staff

◈ A robust set of security assessments to identify and recommend remediation to security vulnerabilities including Network, Wireless, Application, Social Engineering, and Physical

◈ Penetration Tests as well as Security Risk Assessment, Network Architecture Assessment, and third party risk management program support.

◈ Security Program Assessment and Security Strategy Planning Support to help support not just your strategic security initiatives, but also help review and improve your critical security practices and establish an enterprise security strategic roadmap

◈ Cloud Security Strategy support to help recommend security operations and technology improvements to support Cloud transformation

◈ Security Segmentation Architecture Design to help develop a roadmap to accelerate and transform the network security at our customers organization

◈ Finally, a flexible Enterprise Security Advisor service to provide program management, expert advice, and otherwise support security evolution as well as an Architecture Management Office to help drive technical change throughout customer organizations

Taken together, this robust set of subscription based offers within Business Critical Services can help customers address both the most mundane and repetitive, but critical, security tasks, drive security improvement through assessments and training, and both set and help execute strategic security direction at our customers. I can’t think of any other security company on the planet that can match this comprehensive set of security and threat management services and deliver them under an annual subscription besides Cisco.

Continue reading

5G Security Innovation with Cisco

We have been working with Service Providers and various colleagues across the world to develop the threat surface and use cases to properly apply 5G today and in applications coming tomorrow.  We call your attention to our white paper and to our session on this topic at Cisco Live US in Orlando.  The title of the session is BRKSPM-2010 (Security for Mobile Service Providers).

5G touches almost every aspect of the way we live our lives. It’s not just about faster, bigger or better, it’s about utilizing 5G as an enabler to a series of services that we all will consume in every aspect of our lives. The time is NOW to consider the security implications and cyber risk profile that come with 5G. The business operational risk, legal risk and reputational risk of not only the companies who provide 5G transport, but allcompanies, nation states and individuals who provide the services that will utilize 5G. The time is now to evaluate the cyber risk posture and apply innovative thoughts to how we can approach these challenges today and build for what’s to come tomorrow. Many IoT(Internet of Things) services will utilize 5G services. The intersection of 5G and IoT brings an extension of the existing threat surface that requires careful consideration from a cyber risk perspective. This white paper highlights innovative thoughts which enable you to take action and meet the challenges creating a security safety net for the successful deployment and consumption of 5G based services.

5G is as much the application of new architectural concepts to traditional mobile networks as it is about the introduction of a new air interface. The 5G mobile network intentionally sets out to be a variable bandwidth heterogeneous access network, as well as a network intended for flexible deployment. Aside from the usual reasons of generational shifts in mobile networks, i.e. those concerned with the introduction of networking technologies on lower cost curves, the 5th generation of mobile networks has to be able to allow the mobile service providers to evolve towards new business models that may result in future modes of operation that are very different from those of today. This presents a problem from the view point of securing such a network. The need to be flexible increases the threat surface of the network.

Security provides the foundation of service assurance. Adversaries and the threats that they impose against the networks used to deliver critical services continue to get smarter, more agile, and more destructive.

Networks used to deliver applications continue to converge, making it more important to properly segment threats and vulnerabilities by domain, while examining the aggregate threat landscape at the same time.

Examples of this include the evolved packet core where traditional and mobile services share an infrastructure leveraging the carrier data center and cloud for operational efficiency and also for service delivery. Cisco’s architectural innovations and evolution of existing networks to meet the needs of new service models like IoT services pushing technology evolution such as mobile edge compute and widely distributed secured data centers introducing a new set of visibility and control elements to handle the evolved threats.  In order to properly secure the “full stack” that delivers a connected application, two fundamental elements are applied: visibility and control. Visibility refers to the ability to see and correlate information from the carrier cloud to baseline proper behavior and then to measure deviation from that norm. Simply said, “If you can’t measure it, you can’t manage it.” Sources of visibility come from traditional network measurements (netflow, open flow, etc.), but the need to measure all aspects of a flow, from all elements of the carrier cloud to the application to the end customer, has changed what data is collected and where we get it. An example of the new visibility includes the use of application level probes that are synthetically generated and travel through the network to get a clear picture of how an application is behaving. Another example is where the Path Computation Element, which has a near real time database representing the network topology, is queried programmatically to determine the impact of a potential mitigation action on critical service classes for DDoS. Once all of the telemetry is gathered, a security controller and workflow will analyze it and determine, based on policy, suggested mitigation and controls to be applied. Of course, we have an iterative loop of constant learning. The Cisco Talos research team keeps our customers ahead of the game by its threat research and deployment of mitigation rules into our full portfolio of products, removing that burden from the Service Provider allowing them to focus on their core competencies.  Control refers to the actions taken to mitigate an attack. Some controls are taken proactively while others are applied after an attack takes place. There are two types of attacks. Day zero attacks are threats that we don’t previously have a fingerprint for. Typically deviations in known good behavior of the carrier cloud and applications that request service and state from it, are identified by the security controller and some action is then taken to mitigate the attack or to get additional visibility, an action sometimes taken to properly identify the adversary. Day one attacks are threats that we have a signature or fingerprint for and, quite often, a mitigation strategy exists in advance to handle the attack. Controls take the form of modifications to the carrier cloud to apply quality of service changes in per hop behavior to minimize the impact of an attack and also take the form of physical and virtual security assets applied as close to the source of the threat as possible in order to minimize collateral damage.

The information that the operator has that delivers the application is vast. Innovation in the way that we apply the information we have, in a close loop iterative process, is a recent innovation in threat visibility and mitigation. This is where automation, orchestration and NFV meets security to solve today and tomorrow’s security needs. The three elements of the closed loop iterative process are: policy, analytics, and the application delivery cloud (the whole transaction from the application to the networks used to serve it).  Operators can now apply innovative methods to correlate geo-location information to behavioral analytics, compare those against policy in the context of a threat to the carrier cloud, and ascertain the nature of that threat and what to do about it with far greater clarity. Visibility and control properly applied to the advanced threats of today offer the carrier cloud a level of protection. We must continue to evolve, grow and get smarter to keep our networks safe and resilient in the time of attack.

Continue reading

7 Cisco Strategies for Overcoming Common Cloud Adoption Challenges

The recently released Cisco Global Cloud Index study predicts that by 2021, 94 percent of all workloads and compute instances will be processed in the cloud. Public cloud is expected to grow faster than private cloud and by 2021 the majority share of workloads and compute instances will live in the cloud. Many organizations are expected to adopt a hybrid approach to cloud as they transition some workloads and compute instances from internally managed private clouds to externally managed public clouds.

While Cloud represents incredible opportunity for organizations, the cloud services provider (CSP) market continues to be very competitive. CSPs are increasingly focused on specialization and differentiating themselves through their core services portfolio as well as their vertical specific offerings.

CIOs and CTOs are therefore faced with having to determine the right mix of cloud services and integrating the selected services into their existing IT portfolio. Multicloud adoption is a journey and it is one that can be met with numerous challenges.

Below are the 7 common cloud adoption challenges we have observed and strategies to overcome each.

◈ Adopt a common architectural framework that provides a common language between business and IT

◈ Think in terms of the city analogy – establish a governance model that will drive appropriate consideration of multiple perspectives

◈ Align investment decision making so that architectural impact is considered

◈ Plan for changes in your operating model

◈ Consider changes based on the Cisco Operating Model Transformation Map

◈ Execute changes across five key streams

     ◈ Image of Success

     ◈ Change Leadership

     ◈ Metrics

     ◈ Roles & Responsibilities

     ◈ Costing

◈ Shift from traditional waterfall funding methods to more agile funding processes

◈ Understand the TCO for existing and future services

◈ Develop an understanding of potential cloud providers’ cost structure

◈ Understand what hardware internal services are currently running on ANDwhere that equipment is in the lifecycle

◈ Develop a single pain of glass view that showcases current cloud consumption

Your cloud strategy must deliver the right operational and financial outcomes:

◈ Understand and align business and IT priorities

◈ Develop appropriate prioritization / sequencing

◈ Build the value case for your proposed approach

◈ Create an implementation plan that delivers incremental value rapidly

◈ Validate value achievement

◈ Maintain an architectural perspective

◈ Align Technology to the Business Needs

◈ Technical Agility Creates Business Agility

◈ Optimize Tactical Technical Decisions into Strategic Technical Architecture

◈ Over-engineering vs. no engineering, choose carefully

◈ Fail Fast to Win Quick and be ready to adjust

◈ Include a Continuous Improvement Model through a project based Feedback Loop

◈ Make sure you are aligned to your “why” and can assess options based on value

◈ Invest the time to create a migration strategy that contemplates options and tradeoffs rather than just lifting and shifting

◈ Invest some effort to understand or validate your current environment

◈ Understand the elements of a services approach and consider what you can adopt

◈ Ensure your change management plan includes a description of the new value delivery model

◈ Paint a picture of the future state that is broadly understood throughout the organization

◈ Define and share new roles and responsibilities

◈ Anticipate the impact of automation on previous processes and plan for the migration of resources to higher value efforts

◈ Publicize the successful shifting of people to new (and more valuable) roles

Organizations may encounter the need for one, some or all of these strategies based on their adoption roadmap.

Cisco Cloud Advisory Services can help organizations navigate through these challenges and establish an actionable multicloud strategy.

Continue reading