Cisco SD-WAN Fabric is SecOps New Best Friend

In this post, we will delve into new capabilities and integrations into the Cisco SD-WAN fabric that provides specific capabilities that support security operations persona.

The Cisco SD-WAN fabric, with all its existing rich security capabilities, enables the convergence of a two-box approach to secure the branch into a single-box solution. From a management perspective, Cisco vManage controller enables a seamless and converged experience for both the networking and security aspects of the SD-WAN fabric. However, the requirements from security professionals to manage the threats and risks in the enterprise are evolving as applications and the workforce become more distributed. To accommodate these changes, the Cisco SD-WAN secure fabric is being enhanced in multiple dimensions to cater to the more specific operational requirements of the SecOps persona.

An SD-WAN Dashboard Tailored for SecOps

Recent innovations in Cisco SD-WAN enable the secure fabric’s WAN functions to be managed by the networking operations team while the security functions are managed by the security operations team. In addition to a NetOps persona, a new SecOps persona is available in Cisco vManage controller. Logging into the controller, the SecOps persona is presented with a security-focused dashboard and management privileges so that the security administrator can quickly gain a comprehensive understanding of the security health of the network. From a management perspective, the SecOps persona will be able to create and associate security policies to specific sites and VPNs in the SD-WAN fabric. SecOps persona will also be able to view SD-WAN operational statistics, but will not be able to create SD-WAN-specific routing policies and configurations.

Security-Focused Visibility for Troubleshooting SD-WAN Fabrics

Logging for the purpose of visibility and troubleshooting is a critical requirement for security persona to be able to defend the far-reaching WAN fabric. The Cisco SD-WAN router generates comprehensive logs for all the security and connection events detected in the SD-WAN router. These logs can be consumed, parsed, and analyzed in real-time by Security Information and Event Management (SIEM) systems to drive timely security remediations, or stored for long-term historical reference. The security event logs are stored in Cisco Secure Analytics and can be filtered and visualized on Cisco Defense Orchestrator (CDO).

Figure 1. Intrusion Event Logging for SD-WAN Security Persona

In addition, Cisco is partnering with Splunk to enable visualization and analysis of the security and connection-related logs generated from SD-WAN. The Cisco SD-WAN application ingests logs from SD-WAN routers and presents actionable security analytics on a pre-populated dashboard. Example uses cases enabled by the Splunk integration for the security operations persona are:

◉ A holistic view of all the security events captured by the SD-WAN security stack.

◉ Ability to examine any security event at the device level along with traffic patterns occurring when the security event was triggered.

The Cisco SD-WAN Splunk Integration consists of two components:

◉ Cisco SD-WAN Add-on for Splunk – Add-ons are used for data optimization and collection processes. Cisco SD-WAN Add-on for Splunk collects a range of Cisco Logs Data and NetFlow Data and stores them in Splunk indexes.

◉ Cisco SD-WAN App for Splunk – Using data from the Add-On, the Cisco SD-WAN App presents dashboards for Cisco Logs and NetFlow Data with detailed visualization, analysis, and representation.

Figure 2. Cisco SD-WAN App for Splunk Provides SecOps with Increased Visibility into Threats

Figure 3. Cisco SD-WAN App for Splunk Provides Detailed Threat Visibility

SecOps Can Rely on Cisco SD-WAN Secure Fabric

There is an abundance of security features in the Cisco SD-WAN fabric now that will become invaluable to SecOps, whether they are hunting for intrusions, assigning security permissions, or detecting threats. Cisco SD-WAN is always evolving to make managing networks simpler and more secure, even as the scale of networks continues to scale and threats increase in complexity.

Source: cisco.com

Continue reading

Innovation at the inner core of Cisco DNA Center

Cisco DNA Center has seen several releases with significant innovation and the evolution of the product platform. With DNA Center capabilities aligned to Gartner’s four IT personas (AIOps, NetOps, SecOps, and DevOps), it is important to take a step back and look at the platform or networks-put the “underlay.”

With changes in the IT landscape, several megatrends are shaping what the network platform needs to deliver. With the new landscape where both applications and users are on the move, the face of the campus network has changed and expanded.

Figure 1. Megatrends shaping digital transformation

Cisco DNA Center Virtual Appliance, deployment flexibility

With applications moving to the cloud, it is no surprise that management platforms are moving to the cloud. Cisco DNA center is no exception. DNA Center is now able to run on AWS, and the deployment of the AWS VA takes under an hour from start to finish.   A lot of flexibility is also provided to the end user through the support of a launchpad to automate the installation or through a manual mode for users who already have a custom AWS environment. DNAC install is completely programmatic in both cases (no login to shell required!)

At this point, users can get on the Cisco DNA Center UI and begin configuration, discovery, and more.

Figure 2. Virtual Appliance Diagram

Following AWS, a VMWare version of the appliance will be released, allowing customers to use their existing VMWare infrastructure to run Cisco DNA Center instead of a physical appliance. As part of Cisco’s commitment to the platform, no matter how you deploy Cisco DNA Center, users will see feature parity it is the same Cisco DNA Center code and capabilities.

Hardened Security Features

Some verticals, industries, and organizations have specific security requirements mandated, such as FIPS.

Activation of FIPS compliance at Cisco DNA Center install time enables security features such as secure boot, TPM, session timeouts, and password expiration.  When data is shared using weak or deprecated ciphers, that data is at risk of being decrypted by malicious actors. Cisco DNA Center now supports FIPS 140-2-compliant cryptography modules, ensuring that only strong NIST-approved ciphers are used and enabling deployment in security-conscious verticals such as the public sector, finance, and healthcare.

Figure 3. FIPS compliance letter

ACL to management access for Cisco DNA Center appliance

By popular demand – many customers utilize ACL’s to control access to the network devices for management. As Cisco DNA Center is now the centralized monitoring and management point for network estate, customers can now create ACL’s to control what networks or IPs can access the Cisco DNA Center UI

Restricted shell support

Again by popular demand customers have requested to provide an enable shell for DNA Center so that sensitive CLI commands can be protected at all times. DNAC now comes with a restricted shell as standard and only non-invasive CLI is allowed to be run on the console. For any  CLI which requires root level / Sudo permissions, the shell will default deny it. A special token needs to be acquired to remove the restriction.

Scale – the agility to keep up with your business

Scale is a constant growth factor with post-pandemic life coming back to normal, with the proliferation of IoT and OT devices on the network on the rise. There is a constant need to ensure that the network management and orchestration platform can continue to scale with the network and business needs. With each release, Cisco DNA Center team has been making continuous strides with an increased platform scale. Recent scale updates for version 2.3.3 include up to 6,000 sites and 24,000 devices (Access Points and Network Devices for both Fabric and non-fabric networks).

Figure 4. DNA Scale

Remote support

As part of improving the support engagement between customers and TAC, at times providing TAC easy access to the equipment has contributed to extending the MTTR (Mean time to repair). To ease the process, customers are now able to allow TAC access to network equipment via Cisco DNA Center. This solution enables the customer to provide TAC-specific access to equipment and the ability to revoke access at any time.

Figure 5. Remote Support Activation

Aura (Audit & Upgrade Readiness Analyzer)

AURA stands for Audit & Upgrade Readiness Analyzer and performs various health, scale, and upgrade readiness checks for the Cisco DNA Center and the rest of the Fabric network. The tool is extremely simple to run and is executed on the Cisco DNA Center.

Figure 6. AURA screen image

The tool uses API calls, DB reads and CLI show commands (read-only operations) and hence, doesn’t affect performance or cause impact the Cisco DNA Center or the networking devices. This functionality was built in collaboration with Cisco DNA Center Escalation Engineering, Sales, and CX Centers TAC Engines team to ensure an efficient upgrade experience. AURA Tool Check Areas:

◉ DNA Center Scale Test

◉ DNA Center Infra Health

◉ DNA Center Assurance Health

◉ WLC/eWLC Assurance Health

◉ SDA Device CLI Capture

◉ SDA Control & Security Audit

◉ Software Bugs Causing Upgrade Failures

◉ Upgrade Readiness Checks

◉ SDA Compatibility Check (Switches, Wireless Controllers & ISE for 2.2.2.x)

◉ DNAC-ISE Integration Checks

◉ Fabric Devices Configurations Capture and Compare using inbuilt diff tool

Figure 7. System Analyzer screen image

Source: cisco.com

Continue reading

Empowering the four IT personas using Cisco DNA Center with Rings of Power

There are many variations of the “Law of Constant Change”; while they all have their own spin on it, the common thread is that change is constant and that it needs to be harnessed. When looking at changes and disruptions in technology, it comes as no surprise that there are numerous transformations and trends which are reshaping the IT landscape. The megatrends and change drivers span a wide range of business changes and transformation agents such as:

To keep up with the rapidly changing IT landscape, many IT organizations have been able to ascend and transform into new operational paradigms with the xOps transformation. Conversations around agility, AIOps, NetOps, SecOps, and DevOps are an outcome of a combination of organizational behavior and tooling in the networking and infrastructure realms. Separately, Gartner has also identified four IT personas (NetOps, SecOps, AIOps, and DevOps) which Gartner defined as predominant roles in today’s network operations realm.

In looking at key challenges, organizations are struggling with:

◉ Reducing time recovery objectives due to the reactive nature of traditional network operations practices.

◉ Bridging the growing IT skill gap.

◉ Keeping up with changing business requirements.

◉ Delivery of secure services in the hybrid workplace.

◉ Having to deliver more with less.

With Cisco’s years of expertise in designing, operating, and supporting networks of all sizes across the globe. Cisco has been an instrumental part in helping IT organizations move forward to the next operational level with tools to embrace and enable the xOps personas and embark on the transformation journey. This boils down to providing tools with analytics capabilities from the infrastructure and cultivating staff skills to use them effectively.

Speaking of how tooling can enable the transition, Cisco DNA Center is at the center of the IT/OT transition into the four IT personas, providing the digital agility to drive network insight automation and security while promoting key capabilities and tools to help in skill cultivation and changed operational models.

Network Operations or “NetOps” is the front line of administrators in the IT organization. The term NetOps is a way to classify the common tasks and responsibilities, or “Jobs to be Done,” by these individuals. With Cisco DNA Center at the heart of the network infrastructure, the NetOps persona is enhanced with varying levels of automation to simplify the creation and maintenance of networks with agile flexibility to move from manual tasks to AI-assisted to selectively autonomous network management. For example, the SWIM (Software Image Management) and network profiles feature not only save time but allow for consistency and elimination of human error with routine tasks. The NetOps automation brought into DevOps provides agility and scalability to IT organizations to keep up with changing demands and integration into the larger IT ecosystem. Gartner has stated that the next generation of Netops, which Gartner coined as “Netops 2.0” is the evolution of network operations towards automation.

Network, application, and user security is a key requirement for any enterprise network, and no network can operate safely without security. The security team is responsible for providing a safe digital experience in today’s connect-from-anywhere hybrid work environment and networks with countless numbers of endpoint devices. Also, many IT organizations in different market segments have various network security and architecture recruitments. Cisco DNA Center empowers the SecOps persona by enabling the complete zero-trust workplace solution with AI-driven security to classify endpoints and automated enforcement of security policies. This is achieved with Cisco’s fully integrated platform, which incorporates hardware and software designed to provide contextual security insights and automation. Cisco DNA Center SecOps can help eliminate security vulnerabilities with proactive security scans, automated security advisory alerting Cisco’s Product Security Incident Response Team (PSIRT), and proactive bug scans powered by Cisco AI Network Analytics engine to ensure the network is always secure.

The DevOps persona brings integration, automation, and orchestration together. Traditionally, DevOps teams focused on very specialized, proprietary, and home-spun applications. Today, these individuals are tasked with taking these apps and integrating them into a connected universe of corporate solutions. DevOps depends on manufacturer-supplied software tool kits (STKs) and standards-based application programming interfaces (APIs) in order to share information and intelligence between applications. With Cisco DNA Center, IT organizations can quickly utilize pre-built integrations to Cisco products and 3rd party enterprise applications such as ServiceNow, Splunk, PagerDuty, and a growing selection of partner integrations. Cisco DNA Center’s mature APIs enable the extraction of data and network management, leveraging and harnessing the power of Cisco DNA Center’s NetOps, AIOps and SecOps via the API interface.

AIOps defines the technologies that implement AI/ML (Artificial Intelligence and Machine Learning) and the individuals that leverage these technologies. Evidently, AI/ML is being implemented in so many of our networking components that it has become imperative that a specialized team of experts manage and amplify the use of this intelligence. Cisco DNA Center provides a simplified view into the complexities of big data and machine learning so that your AIOps teams can make the most of this rich data.  Additionally, Cisco DNA Center provides best-in-class AI-driven visibility, observability, and insights, ensuring the health and experience of users, applications, and infrastructure. AI/ML is packaged within Cisco DNA Center in an easy consumption interface that can deliver value in minutes and allow IT teams to work smarter and elevate the level of service to the users and organization. Hence, with Cisco DNA Center AIOps, IT organizations can gain visibility and insights otherwise not attainable without AI/ML combined with Cisco’s deep networking knowledge. Simply put, this powerful combination makes the IT team more agile and smarter and helps bridge growing IT skills gaps.

The xOps Rings of power

While the four IT personas were explained as distinct roles, in many organizations, they are simply different hats that IT staff can wear at different times depending on the business need.  It is also essential to keep the perspective that each of the personas enables and provides services to other personas, yielding the “Rings of Power” for example, with AI centricity, Cisco DNA Center empowers, enables, and enhances the NetOps, SecOps, and DevOps personas by providing interactions with all personas in the ring. Similarly, NetOps persona-centricity enables and empowers DevOps, SecOps, and AIOps personas.

An example of the AIOps ring of power:

AIOps discovers security vulnerabilities and recommends an upgrade.

NetOps performs the SWIM process to upgrade the software.

DevOps connects to ServiceNow for the change management and ticket creation processes.

SecOps reports the new network security posture, eliminating the security vulnerability from the network.

Leveraging Cisco DNA Center to enable and empower the new IT personas model, IT organizations can quickly and easily gain visibility, observability, insights, and out-of-the-box automation. While organizations with more modern operational models are also able to yield zero trust, and programmability from the Cisco Network infrastructure. This enables IT organizations to be more agile and transform into the new xOps operational paradigm, allowing the IT organization to progress on the operational maturity journey, become proactive and leave the reactive persona behind.

Source: cisco.com

Continue reading