Security Cloud Control: Pioneering the Future of Security Management

Organizations face a critical challenge today: attackers are exploiting the weakest links in their networks, such as unsecured users, devices, and workloads. This threat landscape is complicated by the shift from traditional data centers to a distributed environment, where protecting dispersed data across multiple touchpoints becomes complex.

To address these threats, many organizations resort to using multiple security tools, leading to siloed teams, tech stacks, and management systems that hinder effective security. This fragmented approach results in unnecessary costs, longer deployment times, inconsistent security, and critical gaps.

Security products that do not integrate or benefit from each other exacerbate these issues. For example, Network Security Admins struggle to navigate disparate teams and tools for effective policy deployment. Additionally, customers often under-utilize security tools, resulting in poor security hygiene and misconfigurations that increase the risk of a breach. Manual monitoring of multiple tools makes it impossible for organizations to proactively predict issues that lead to operational challenges. Consequently, the burden has been pushed onto the customer to understand the gaps and figure out how to best use the tools.

Inconsistent security policies, siloed management, lack of unified visibility, misconfiguration risks, and cybersecurity skills shortage are all significant challenges organizations face. While organizations are facing these challenges, the urgency is underscored by findings from the IBM X-Force Threat Intelligence report. According to the report, the average time from initial access to ransomware deployment has dropped from 1637 hours (about 2 months 1 week) to just 92 hours (less than 4 days) in 2023. This dramatic reduction means organizations now have much less time to respond to threats, making effective and integrated security solutions more critical than ever.

Without a centralized platform, gaining a holistic view of security is challenging. Manual identification of misconfigurations is error-prone and can lead to breaches. There is a lack of skills, time, and resources to fully utilize security features and maximize ROI. Customers must implement best practices, requiring specialized knowledge and time. Resolving access or policy issues is lengthy due to diverse security products. Admins spend excessive time crafting similar policies across different platforms. Operational issues are often addressed reactively, leading to downtime and suboptimal performance. Non-actionable alerts and overwhelming data cause analysis paralysis and hinder decision-making, with a missing sense of urgency. While we will never fully move away from having distributed enforcement points, there is a significant opportunity for the security industry to provide consistent security across these varied touchpoints.

A unified security platform aims to alleviate these issues by providing a comprehensive view of the security landscape, enabling consistent policy enforcement, simplifying troubleshooting, and offering actionable insights with the help of AI. Thus, it reduces the cognitive load and dependency on specialized skills. When considering Unified Security Management (USM), the goal is to have seamless management experience.

To meet the unique needs of various organizations and support diverse network firewall configurations, our strategy focuses on three core objectives: simplifying operations, enhancing security, and improving clarity. We aim to streamline security management processes, strengthen defenses with advanced Zero Trust and vulnerability protection, and offer clear, actionable insights through AI-driven intelligence. These focused efforts are designed to deliver a more intuitive, robust, and user-friendly security solution.

Customer Outcomes with Security Cloud Control

We are excited to launch AIOps, offering a game-changing way to enhance operational efficiency and bolster security. AIOps addresses critical IT challenges such as misconfigurations and traffic spikes, preventing downtime and reinforcing network performance. AIOps provides predictive insights and automation to help administrators improve security and reduce costs. We are introducing key features, such as policy analysis and optimization, best practice recommendations, traffic insights, and capacity forecasting. By incorporating AIOps into our services, we are adopting a more intelligent and proactive methodology to safeguard and optimize the performance and security of your network infrastructure.

Best Practice Recommendations: Nudging admins to get to better security state

Predictive Insights with AIOps

Benefits of AIOps

Our solution is designed to accommodate management of a wide array of form factors of firewalls, ensuring comprehensive security from the ground up to the cloud. It seamlessly integrates with various deployment models, including physical and virtual firewalls (Cisco Secure Firewall Threat Defense), Multicloud Defense, Hypershield, and Adaptive Security Appliances (ASA).

This versatility simplifies the management of your security infrastructure, making it easier to maintain a robust and adaptive defense system across your entire network all from a single place.

Our partnership with Splunk represents a significant leap forward in streamlining security operations. By integrating with Splunk, we enhance the oversight and monitoring capabilities of both cloud-based and on-site firewalls. Utilizing Splunk’s powerful data processing, analytics, and real-time logging strengths, we deliver an enriched, responsive, and comprehensive view of your security posture.

This collaborative effort simplifies the management of security operations, providing Security Operations Center (SOC) teams with a superior, streamlined, and more effective method for protecting their digital landscapes.

We are introducing a unified dashboard that enables our customers to gain a real-time, holistic perspective of their entire network and cloud security ecosystem. Customers can efficiently manage tens of thousands of security devices, coordinating multiple tenants under a centralized global administrator.

Unified Dashboard: A Comprehensive view of firewall and security services

We are further simplifying the operations for our admins with the Firewall AI Assistant. It revolutionizes network security by tackling the complexity of firewall rule management. With many organizations handling over a thousand rules—some outdated or conflicting—firewall maintenance becomes a security risk. Gartner notes that misconfigurations may lead to 99% of firewall breaches through 2023, highlighting the need for this AI-driven simplification. Customers can ask the Assistant to explain the intent of the policies and assist with creating rule.

AI Assistant for Firewall: Rule Analysis

AI Assistant for Firewall: Rule Creation

A key breakthrough in our security strategy is the implementation of seamless object sharing, which plays a pivotal role in maintaining consistent protection across hybrid networks. This feature facilitates the distribution of network objects across both on-premises firewalls and multi-cloud defenses. Its primary objective is safeguarding application and workload data wherever they reside, by enabling our admins to build a consistent policy across different environments. This approach fortifies the security posture of your hybrid environment, and streamlines change management processes, reduce opportunity for errors, thereby, contributing to a more secure, effective, and resilient IT ecosystem.

Consistent Policy Enforcement: Sharing Network Objects across on-prem and Cloud environments

We are committed to continuously enhancing our services and expanding our global footprint to better serve our customers. In conclusion, our vision extends beyond merely supplying tools—we strive to revolutionize the user experience.

Through the fusion of cutting-edge technology and intuitive design, our goal is to foster a supportive environment for administrators, where operations are efficient, and security is strong. We are dedicated to alleviating the customer’s burden by offering a Unified Security Platform that empowers them to achieve the best state of security.

Source: cisco.com

Continue reading

Mastering CCNP Security 300-740 Exam: An In-Depth Look

In the ever-evolving field of network security, standing out as an IT professional requires not just skill, but validation of that skill. The CCNP Security 300-740 certification emerges as a beacon for those dedicated to mastering Cisco networks' security. This coveted credential is more than a certificate; it's a badge of honor that signifies your prowess in deploying and managing cutting-edge security measures in the cyber world.

Diving Deep into the CCNP Security 300-740 Exam

At the heart of the CCNP Security certification lies the 300-740 exam, a rigorous test that probes your knowledge across various pivotal security domains such as secure network access, content security, and navigating the complexities of cloud security. Crafted meticulously, the 300-740 SCAZT exam ensures that those who pass can shield network infrastructures against the threats of today and tomorrow.

300-740 SCAZT Exam Breakdown:

• Duration: 90 minutes

• Question Count: Between 55 to 65

• Passing Score: Typically falls between 750 and 850 out of 1000

• Format: A mix of multiple-choice and simulation-based questions

• Validity: 3 years before renewal is required

CCNP Security Exam Preparation Pathways

• Official Cisco Resources: Dive into the wealth of knowledge provided through Cisco's own training courses. These not only cover the theoretical aspects but also offer practical lab exercises.

• Comprehensive Study Guides: Bolster your preparation with detailed study materials that go in-depth into each 300-740 exam topic.

• Practice Makes Perfect: Regular practice exams are invaluable. They pinpoint areas needing improvement and familiarize you with the Cisco SCAZT exam's structure and pacing.

• Community Engagement: Connect with peers through forums and study groups. Sharing insights and experiences can provide unique perspectives and study tips.

Best Tips to 300-740 Triumph

• Know What's Expected: Thoroughly understanding the 300-740 SCAZT exam objectives can give you a clear roadmap of what to study.

• Strategic Study Plan: Allocate your study time wisely, ensuring each topic gets the attention it deserves, with regular reviews.

• Real-World Application: There's no substitute for hands-on experience. Create a lab environment to practice real-world security scenarios on Cisco networks.

• Stay Informed: The cybersecurity landscape is dynamic. Keep abreast of the latest trends and technologies that could be included in the CCNP Security exam.

Career Advancement Post-Certification

Earning the CCNP Security 300-740 certification can significantly propel your career forward, marking you as a seasoned professional ready to tackle complex security challenges. Career doors that may open include roles as a Network Security Engineer, Security Analyst, Cybersecurity Specialist, or Network Administrator with a security focus.

Benefits of Being CCNP Security Certified:

• Industry Credibility: CCNP Security certification is a gold standard in IT, highlighting your expertise in Cisco's security solutions.

• Career Growth: It paves the way for advanced roles, showcasing your dedication to professional growth and security mastery.

• Skill Enhancement: Preparing for the 300-740 SCAZT exam deepens your understanding of network security, from principles to best practices.

• Salary Upside: Certified professionals often enjoy higher salaries and better job prospects.

• Global Recognition: Cisco's certifications are acknowledged worldwide, opening international career opportunities.

Considering the Challenges:

• Investment Required: Achieving certification comes with its costs, including exam fees and study materials.

• Time Management: The extensive study required demands a significant time commitment.

• Keeping Pace with Technology: As security technologies evolve, so must your knowledge, necessitating continuous learning.

• Exam Rigor: The CCNP Security exam's challenging nature demands a solid grasp of complex concepts and hands-on experience.

• Specialization: While highly valuable for those in network security, it might not offer the same benefits for individuals in non-Cisco environments or different IT areas.

Conclusion

The journey towards obtaining the CCNP Security 300-740 certification requires dedication, consistent studying, and practical application. It is a path that not only enhances your professional life but also distinguishes you as an expert in the vital field of network security. By embracing the challenge and making the most of the resources available, you can unlock a new realm of career opportunities and personal growth in the IT security domain.

Continue reading

Safeguard Your Network in a Post-Quantum World

Security is critical when transmitting information over any untrusted medium, particularly with the internet. Cryptography is typically used to protect information over a public channel between two entities. However, there is an imminent threat to existing cryptography with the advent of quantum computers. According to the National Institute of Standards and Technology (NIST), “When quantum computers are a reality, our current public key cryptography won’t work anymore… So, we need to start designing now what those replacements will be.”

Quantum computing threat

A quantum computer works with qubits, which can exist in multiple states simultaneously, based on the quantum mechanical principle of superposition. Thus, a quantum computer could explore many possible permutations and combinations for a computational task, simultaneously and swiftly, transcending the limits of classical computing.

While a sufficiently large and commercially feasible quantum computer has yet to be built, there have been massive investments in quantum computing from many corporations, governments, and universities. Quantum computers will empower compelling innovations in areas such as AI/ML and financial and climate modeling. Quantum computers, however, will also give bad actors the ability to break current cryptography.

Public-key cryptography is ubiquitous in modern information security applications such as IPsec, MACsec, and digital signatures. The current public-key cryptography algorithms are based on mathematical problems, such as the factorization of large numbers, which are daunting for classical computers to solve. Shor’s algorithm provides a way for quantum computers to solve these mathematical problems much faster than classical computers. Once a sufficiently large quantum computer is built, existing public-key cryptography (such as RSA, Diffie-Hellman, ECC, and others) will no longer be secure, which will render most current uses of cryptography vulnerable to attacks.

Store now, break later

Why worry now? Most of the transport security protocols like IPsec and MACsec use public-key cryptography during the authentication/key establishment phase to derive the session key. This shared session key is then used for symmetric encryption and decryption of the actual traffic.

Bad actors can use the “harvest now, decrypt later” approach to capture encrypted data right now and decrypt it later, when a capable quantum computer materializes. It is an unacceptable risk to leave sensitive encrypted data susceptible to impending quantum threats. In particular, if there is a need to maintain forward secrecy of the communication beyond a decade, we must act now to make these transport security protocols quantum-safe.

The long-term solution is to adopt post-quantum cryptography (PQC) algorithms to replace the current algorithms that are susceptible to quantum computers. NIST has identified some candidate algorithms for standardization. Once the algorithms are finalized, they must be implemented by the vendors to start the migration. While actively working to provide PQC-based solutions, Cisco already has quantum-safe cryptography solutions that can be deployed now to safeguard the transport security protocols.

Cisco’s solution

Cisco has introduced the Cisco session key import protocol (SKIP), which enables a Cisco router to securely import a post-quantum pre-shared key (PPK) from an external key source such as a quantum key distribution (QKD) device or other source of key material.

Figure 1. External QKD as key source using Cisco SKIP

For deployments that can use an external hardware-based key source, SKIP can be used to derive the session keys on both the routers establishing the MACsec connection (see Figure 1).

With this solution, Cisco offers many benefits to customers, including:

• Secure, lightweight protocol that is part of the network operating system (NOS) and does not require customers to run any additional applications
• Support for “bring your own key” (BYOK) model, enabling customers to integrate their key sources with Cisco routers
• The channel between the router and key source used by SKIP is also quantum-safe, as it uses TLS 1.2 with DHE-PSK cipher suite
• Validated with several key-provider partners and end customers

Figure 2. Cisco SKS engine as the key source

In addition to SKIP, Cisco has introduced the session key device (SKS), which is a unique solution that enables routers to derive session keys without having to use an external key source.

Figure 3. Traditional session key distribution

The SKS engine is part of the Cisco IOS XR operating system (see Figure 2). Routers establishing a secure connection like MACsec will derive the session keys directly from their respective SKS engines. The engines are seeded with a one-time, out-of-band operation to make sure they derive the same session keys.

Unlike the traditional method (see Figure 3), where the session keys are exchanged on the wire, only the key identifiers are sent on the wire with quantum key distribution. So, any attacker tapping the links will not be able to derive the session keys, as having just the key identifier is not sufficient (see Figure 4).

Figure 4. Quantum session key distribution

Cisco is leading the way with comprehensive and innovative quantum-safe cryptography solutions that are ready to deploy today.

Source: cisco.com

Continue reading

Why CISOs and CIOs Should Work Together More Closely

Although there are overlaps in the goals and responsibilities of the CIO and the CISO, there are also challenges that get in the way of a more cohesive relationship, including reporting lines, organizational structures, budgets, and risk appetites.

If they don’t overcome these challenges, they’ll stall the technology from achieving its full potential, silos will persist, and the rifts will widen.

What’s the aim? Unite these two executive leaders under a common purpose. A panel of CIOs and CISOs identified some of the shifts that can get these two roles working better—together.

Shift #1: Identify the overlaps.

CIOs and CISOs have different jobs to do.

◉ The CISO is the cybersecurity leader who leverages compliance and regulations to protect information and stop data leakages.

◉ The CIO is the enabler of business growth and innovation who makes sure that the organization is getting the most out of the information at hand.

The overlap is their perspective on the “information” part of “information technology.” Specifically, how the CISO’s technical and cybersecurity responsibilities juxtapose the CIO’s growth mindset.

Conflict emerges when CIOs and CISOs look at the IT risks and opportunities as separate responsibilities. This doesn’t make sense to Brian Brackenborough, CISO at Channel 4, who says it is inefficient to separate the many responsibilities that CIOs and CISOs carry.

He said there is no need for separate IT teams to focus on fixing devices while another focuses on networks. Instead, there should be one team managing it across the board.

Shift #2: Overcome the tension in your reporting lines.

Consider both viewpoints of CISOs and CIOs, which is to understand the origins of tension between the roles. Some of this friction can be attributed to reporting structures: when the CISO reports directly to the CIO there is typically less friction, but with more CISOs reporting directly to the CEO with a seat at the board room table, this dynamic changes. The choice of reporting structure could be down to strategic priorities flexing between regulation and innovation phases of the business cycle.

Organizations can choose to approach this dynamic duo differently. Johnson Matthey’s CIO, Aidan Hancock, says the CISO has always reported to him, but that reporting lines can grow and spread out. His focus is making sure the CISO is fully on board with the rest of his IT leadership team.

Equality in reporting lines will be a dead end if CIOs and CISOs don’t share responsibility for risk. That’s not to say they must have identical perspectives—each leads the organization from a different vantage point—but they do need to understand and align.

Shift #3: Align on risk.

Doug Drinkwater, Director of Strategy at HotTopics, suggests that historically, the CISO will be the one to “take the hit” when it comes to risk.

At the top of any organization, the CIO and CISO must be united and share the responsibility for leading risk. Hancock’s main concern is a CISO with an independent reporting line owning risk while “the CIO delivers most of the actions that meet that risk.” His solution to this is for the leaders to find a common purpose.

Shift #4: Work together for a shared purpose.

Anuj Tewari, CISO at TMF Group, looks at collaboration between CIOs and CISOs as a key success factor. The moment they stop working together, everything becomes a challenge. The greater the disconnect, the less optimistic the partnership can be.

The budget exercise was one example where Tewari said he saw CIOs and CISOs work hand in hand. In the end, he maintains that collaboration is about creating a road map to ensure that CISOs and CIOs can secure the data and overall “crown jewel” for the organization. That means consciously overriding our human instinct to stick with our “people.”

For Brackenborough, transparency between the two roles is foundational. He gave the example of the traditional CIO and CISO conferences. An information security conference is full of CISOs and information security professionals. Brackenborough suggests they swap. This way, technology leaders will know what’s happening in each other’s camps and help the CISO and CIO overcome the feeling that they’re talking different languages.

Understanding the overlap in the roles and becoming intentional about reporting lines while aligning on risk and purpose can bring IT organizations closer together. This is ideal because technology is starting to do the same.

The convergence of technology and people

The industry is moving forward and the convergence of networking and security is giving organizations the technology to scale. This shift allows organizations to better support demand, fulfill performance requirements, and allow for deployment of new services, all while securely connecting hyper-distributed teams, places, and things.

Think about security, incident response, and detection paired with the alignment of goals, objectives, and priorities. Modern tools break down the silos between the CISO and CIO so that convergence can take place.

Resultingly, teams can start working together to push forward. CIOs and CISOs get a holistic view of what is going on in the organization they’re leading. With the right tools for the job and doing business with security in mind, there’s a lot of potential to be unlocked.

CIOs and CISOs must clarify roles, responsibilities, and reporting structures. By aligning on risk and purpose they can organize their teams to work better—together.

Source: cisco.com

Continue reading

Bridging the IT Skills Gap Through SASE: A Path to Radical Simplification and Transformation

Imagine a world where IT isn’t a labyrinth of complexity but instead a streamlined highway to innovation. That world isn’t a pipe dream—it’s a SASE-enabled reality.

As we navigate the complexities of a constantly evolving digital world, a telling remark from a customer onstage with me at Cisco Live in June lingers: “We don’t have time to manage management tools.” This sentiment is universal, cutting across sectors and organizations. An overwhelming 82% of U.S. businesses, according to a Deloitte survey, were prevented from pursuing digital transformation projects because of a lack of IT resources and skills. Without the right experts to get the job done, teams are often entangled in complex, disparate systems and tools that require specific skills to operate.

The IT talent crunch

Today’s tech landscape presents a challenge that IT leaders can’t ignore: complex IT needs combined with a fiercely competitive talent market. Internally, teams are overwhelmed, often struggling to keep up with ever-evolving technical demands. In fact, many teams are strapped and rely on early-in-career staff to fill wide gaps left behind by more experienced predecessors. And the problem is only going to get worse.

For experienced IT workers, it’s an attractive time to entertain new opportunities. According to a global Deloitte study, 72% of U.S. tech employees are considering leaving their jobs for better roles. Interestingly, a mere 13% of employers said they were able to hire and retain the tech talent they most needed.

Now more than ever, organizations must rethink their approach to talent management and technology adoption to stay ahead of the curve.

Convergence as a catalyst for transformation

In an era where time is a premium and complexity is the norm, the need for convergence has never been more apparent. Technical skills, while essential, are not enough. The real game-changers are adaptability, cross-functional collaboration, and strategic foresight. And yet, these “soft skills” can’t be optimally used if teams are entangled in complex, disparate systems and tools that require specialized skills to manage and operate.

So how do organizations tackle this dilemma? How do they not just keep the lights on but also innovate, improve, and lead? In a word: convergence. Unifying siloed network and security teams as well as systems and tools with a simplified IT strategy is key to breaking through complexity.

A platform to radically simplify networking and security

Secure access service edge (SASE) is more than just an architecture; it’s a vision for the future where the worlds of networking and security are not siloed and become one. Cisco takes a unified approach to SASE, where industry-leading SD-WAN meets industry-leading cloud security capabilities in one, robust platform to make managing networking and security easy.

Figure 1. SASE architecture converging networking and security domains

Unified SASE converges the two domains into one, streamlining operations across premises and cloud. Admins from both domains gain end-to-end visibility into every connection, making it easier to optimize the application experience for users, providing seamless access to critical resources wherever work happens. This converged approach to secure connectivity through SASE delivers real outcomes that matter to resource-strapped organizations.

Simplify IT operations and increase productivity

◉ Administrators find it easier to manage networking and security when they are consolidated

◉ 73% reduction in application latency improves collaboration and enhances overall productivity

◉ 40% faster performance on Microsoft 365 improves employee experience

Do more with less

◉ 60% lower TCO for zero-trust security enables budget reallocation to strategic initiatives3

◉ 65% reduction in connectivity costs helps ease the burden on IT budgets3

Enhance security without adding complexity

◉ Simplify day-2 operations with centralized policy management, which makes it easier for IT teams to execute

◉ Improve security posture through consistent enforcement—from endpoints and on-premises infrastructure to cloud—across your organization

Scale and adapt

◉ Cloud-native architecture supports scaling and addresses the challenges of rapidly evolving IT landscapes

◉ Prepares your organization for changes, reducing the need for constant upskilling or reskilling in IT teams

Organizations can use SASE architecture to advance their technological frameworks and strategically address the IT skills gap, leading to long-term business success.

Shifting gears: Unifying, simplifying, innovating

SASE is not merely a technological evolution; it’s a paradigm shift in how we approach IT management. This lets IT admins focus less on tool management and more on driving business innovation, enriching user experiences, and evolving in tune with market demands.

Figure 2. Introducing unified SASE with Cisco+ Secure Connect, a better way to manage networking and security

The path ahead with unified SASE from Cisco

Cisco offers a unified, cloud-managed SASE solution, Cisco+ Secure Connect. From on-premises to cloud, this comprehensive SASE solution delivers simplicity and operational consistency, unlocking secure hybrid work for employees wherever they choose to work. The beauty of Cisco’s unified SASE solution lies in the principle of interconnecting everything with security everywhere–if it is connected, it is protected. It’s that easy.

Source: cisco.com

Continue reading

When it Comes to Compliance Requirements – Topology Matters!

When I look at the evolution of network security and how IT and security practitioners have protected the network for the last 30 years, I can’t help but notice how traditional network security enforcement points (insert your favorite firewall here) are still used to secure networks and workloads. They have evolved to offer a diverse set of features (i.e., IPS, decryption, application detection) to deeply analyze traffic coming in and out of the network to protect workloads. However, while firewalls are very capable appliances, it has been proven that they are not enough to keep malicious actors at bay, especially if those actors manage to breach the firewall defenses and move laterally in the network. But why is this?

We are in the digital era, where the concept of the perimeter is no longer contained to a location or a network segment. To offset this new reality and provide a more tailored-based policy control for protecting workloads, vendors have moved security closer to the workload.

There are two approaches to do this -, using agent or agentless techniques to build a micro-perimeter around the workloads.

Which approach is the correct one to take? Well, this depends on multiple factors, including organizations, type of application, or team structure. So, let’s start untangling this.

The challenge(s)

The most direct approach to protect applications is to install software agents on every workload and call it a day. Why? Because then every workload has its own micro-perimeter, allowing access to only what is necessary.

However, it is not always possible to install a software agent. Perhaps it is a mainframe application or a legacy operating system that requires fine-grained policies due to a compliance mandate. Or application workloads that are in the cloud and the agent installation is simply not possible due to organizational constraints.

And this is not the only challenge or consideration for choosing your approach. The teams or groups that comprise any company often have different security requirements from each other, leading to the triad challenge: people, processes, and technology.

Let’s start with people (policy owner) and process (policy execution). Usually, each organization has its own set of unique requirements to protect its application workloads, and a defined process to implement those requirements in the policy. To support this, a tool (technology) is required, which must adapt to each organization’s needs and should be capable of defining a common policy across agent and agentless workloads.

To start unwrapping this, you need to ask yourself:

◉ What are we protecting?

◉ Who is the owner of the policies?

◉ How is policy execution done?

As an example:

Say you want to protect a finance application (what) using an agent-based approach (how), and the owner of the policies is the App Team/Workload Team (who). In this scenario, as long as the application doesn’t break and the team can continue to focus on coding, this is generally an acceptable approach. However, when implementing the common policy, the translation from human language to machine language tends to generate extra rules that are not necessarily required. This is a common byproduct of the translation process.

Now, let’s assume that in your organization the protection of a legacy application (what) is tasked to the Network/NetSec team (who) using an agentless enforcement approach with network firewalls (how) because in this case, it is not possible to install software agents due to the unsupported legacy operating system. As in the first example, extra rules are generated. However, in this case, these unnecessary extra rules create negative consequences because of firewall rules auditing requirements for compliance mandates, even though they are part of the common policy.

Topology as the source of truth – pushing only what is required

Cisco Secure Workload has been addressing the people, process, and technology challenges since its inception. The solution embraces both approaches – installing software agents on workloads regardless of form factor (bare-metal, VM, or container) or by using agentless enforcement points such as firewalls. Secure Workload adapts to each organization’s needs by defining the policy, such a zero trust microsegmentation policy, to effectively apply micro-perimeters to application workloads in support of the zero trust approach. All within a single pane of glass.

However, as explained in the example above, we still needed to align our policy to the compliance needs of the Network/NetSec team, only using the policy rules that are required.

To tackle the additional rules challenge, we asked ourselves, “What is the most efficient way to push policies into a network firewall using Secure Workload?”

The answer boiled down to a common concept for Network/NetSec teams – the network topology.

So how does it work?

With Secure Workload, the term topology is intrinsic to the solution. It leverages the topology concept using a construct named “Scopes”, which are totally infrastructure agnostic, as shown in Figure 1.

It allows you to create a topology tree in Secure Workload based on context, where you can group your applications and define your policy by using human intent. For example, “Production cannot talk to Non-Production” and apply the policy following the topology hierarchy.

The Scope Tree is the topology of your application workloads within the organization, but the key is that it can be shaped for different departments or organizational needs and adapted to each team’s security requirements.

The concept of mapping a workload Scope to a network firewall is called “Topology Awareness.”

Topology Awareness enables the Network/NetSec teams to map a particular Scope to a specific firewall in the network topology, so only the relevant set of policies for a given application is pushed to the firewall.

So, what does this execution look like? With the Scope mapping achieved, Secure Workload pushes the relevant policy to the Cisco Secure Firewall by way of its management platform, Secure Firewall Management Center (FMC). To maintain compliance, only the required policy rules are sent to FMC, avoiding the extra unnecessary rules because of Topology Awareness. An example of this is shown in Figure 2:

Key takeaways

Operationalizing a zero trust microsegmentation strategy is not trivial, but Secure Workload has a proven track record of making this a practical reality by adapting to the needs of each persona such as Network/NetSec admins, Workload/Apps owners, Cloud Architects, and Cloud-Native engineers – all from one solution.

With topology awareness, you can:

◉ Meet compliance and audit requirements for firewall rules

◉ Protect and leverage your current investment in network firewalls

◉ Operationalize your zero trust microsegmentation strategy using both agent and agentless approaches

Source: cisco.com

Continue reading

Unifying Experiences Starts By Unifying SASE

Over the years, advancements in technology and the endless waves of new innovations have created an unintended problem for most organizations today—overcomplexity. 53% of senior decision-makers say their IT environment is more complex than it was just two years ago.

I explained how Secure Access Service Edge (SASE) and the convergence of networking and security are key to reducing operational complexity. Now, more than ever, organizations need an efficient way to securely connect distributed workforces and build a consistent operational model that extends from on-premises to the cloud, bridging a hyper-dispersed landscape and creating secure and seamless experiences anywhere.

Answering that call are two general SASE approaches that may deliver those desired outcomes. The first, a “best of breed” solution, is comprised of separate networking (SD-WAN) and security service edge (SSE) products, typically from multiple vendors, which inherently will lack a consistent operational model, leading to a more fragmented experience given the increased integration required to produce a complete SASE solution. This may also lead to a solution that is less secure.

The second approach is a unified SASE solution that delivers networking and security components as a simplified, turnkey cloud service featuring unified management from a single dashboard. A well-designed SASE solution removes complexity by providing centralized management with intelligent and consistent distributed enforcement, along with controls and visibility across endpoints, enterprise edge, and cloud edge to deliver a more secure end-to-end solution that further enhances the end-user experience. Unified SASE embraces a platform approach, seamlessly converging networking and security technologies into one experience that makes management easy.

Acknowledging the importance of a unified, single-vendor approach, Gartner predicts that… “By 2025, 50% of new SD-WAN purchases will be part of a single-vendor SASE offering, up from 10% in 2022.” 

Converging the Best of Networking with Security on a Single Platform

Cisco+ Secure Connect is Cisco’s premier unified solution that provides a blueprint for SASE made easy. This unified SASE solution is built on a converged cloud-first platform that connects Cisco’s industry-leading networking and security technology and delivers several key outcomes:

◉ Creates a streamlined IT management experience, which in turn helps deliver a more seamless experience for end users so they can access the resources they need, wherever and whenever they need them

◉ Simplifies the management of networking and security domains within a single dashboard, providing greater visibility and insight to ITand allowing them to proactively stay on top of threats and vulnerabilities across the network, ensuring greater resiliency and security

◉ Harmonizes the networking and security domains by interconnecting everything and providing security everywhere to build a unified SASE fabric, removing complexity and creating a simple, consistent operating model

Figure 1. Cisco+ Secure Connect Dashboard

Every organization has an installed technology base, and there may be a temptation to simply add the missing SASE functionalities to whatever currently exists. However, it’s important to note that SASE is a long-term strategic choice and simply deploying all the components of a SASE model without a high level of integration does not constitute a fully functional SASE solution and will not deliver the desired outcomes. For this reason, unified SASE is the simplest and easiest path to realizing true SASE benefits that “stick” – ultimately, delivering better experiences.

Source: cisco.com

Continue reading

Greater Monitoring and Visibility for your Security Success

Managing network and security needs of a modern enterprise

Today’s digital transformation is fostering the modernization of enterprise networks. It’s very common for an enterprise to mix and match vendors to build its network and security infrastructure just like you would use different sources to build your home entertainment center. With the increasing adoption of different point products, SOC (Security Operations Center) engineers are getting overwhelmed with all the consoles they need to keep track of. They need a way to pool all the information together just like you would use a receiver to connect all the components of your home entertainment center

SIEM (Security Information and Event Management) is the “receiver” used to address this challenge by offering a common console to visualize data. Cisco has collaborated with Splunk, one of the market leaders in the SIEM space, to produce a comprehensive SOC dashboard.

Using Cisco SD-WAN and Splunk to create efficiencies 

Your enterprise solution often has comprehensive logging streams, and your SOC team needs an efficient approach to make sense of all the chaos around them. In addition, it’s becoming increasingly challenging to find and retain security professionals. All this and much more fuel the argument that a SIEM is becoming extremely important in enterprise networks.

Cisco has developed the SD-WAN Splunk application to ensure we are not leaving you ‘high and dry’. The application automatically parses the router’s security logs when they are sent to your Splunk environment and populates the data on a pre-built security dashboard.

How it works

You can locate and download the application on the Splunk marketplace, Splunkbase, using your existing Splunk license. The Cisco SD-WAN and Splunk integration can be achieved in a few simple steps

Figure 1 – Cisco SD-WAN / Splunk Topology

1. Download and install the Cisco SD-WAN Splunk App and App Add-on https://splunkbase.splunk.com/app/6657 Cisco SD-WAN Splunk App

https://splunkbase.splunk.com/app/6656 App Add-on

2. Under the application settings, add the Cisco SD-WAN IP and port number as a source for the log forwarding

On Cisco SD-WAN vManage, add the Splunk Application IP as a destination to forward logs

Figure 2 – Cisco SD-WAN App on Splunkbase

Deliver significant insights out of a mountain of alerts

You’re then able to make use of a comprehensive SOC dashboard to visualize all the threats captured by the SD-WAN router.

This will serve as a one-stop shop to gain a holistic view of the security events in your network. You can navigate through charts and graphs to drill down to device-level details and inspect what packet flows triggered a security event. These events are listed in three main sections.

Figure 3 – Threat Inspection Dashboard

Together, Cisco SD-WAN and Splunk enable you to transform your network and security operations

Enterprises rely on Cisco to build secure and agile networks that can safeguard their users and applications from bad actors and external threats. Just like an amplifier helps your receiver consume all the components of your home entertainment center for the best overall experience, the new Cisco SD-WAN Splunk Application helps enterprises collect vital security analytics and ensure their SOC team is on top of all the security events traversing their network.

Source: cisco.com

Continue reading