Wednesday, 24 October 2018

Cloud Covered – Are You Insured?

Security is a topic that is a top-of-mind for every CIO out there. It is interesting to know that according to a study performed by Research 451, 64% of enterprises report information security is not a separate line in terms of budget, instead, it is part of their IT infrastructure one.

Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Study Material, Cisco Certifications

In other words, most of us take security for granted until something bad happens. Pete Johnson (“Cloud Unfiltered”) even referred to it as “insurance” and I believe that it is the appropriate term for it.

We all know we need insurance, but what is the right-coverage for me? Well, it really depends on what are the type of assets you are trying to protect and how your business would be impacted if something happened.

If we think about our daily lives, imagine having 20 doors/windows wide open and then just locking or adding video-surveillance to the one in the backyard (because your neighbor just told you he had been robbed the night before and that the thief broke into his house through the backyard door). Well, that’s a good start, however there are still more than 19 doors & windows still wide open and vulnerable for anybody to access right?

Well, that’s pretty much what happens in IT and only securing a few “doors” is called “black-listing”. Let me explain: every server has 65535 ports open (for TCP and the same amount for UDP). If we consider the black-listing approach, we may just close a few ports based on common vulnerabilities knowledge. Most of the times, we don’t know which ports our apps need to work on, therefore we need to follow this approach and just block a few ports while permitting the rest of them.

In today’s Multicloud world, constant and more sophisticated threats are a fact and black-listing security is definitely not enough.

All we must do is install a Tetration software sensor on top of Operating Systems like Windows, Linux, Solaris, AIX among others, it does not matter if they are running bare-metal, virtualized, container-based or even on any Public Cloud or non-Cisco hardware. Once installed, the sensors will continuously feed every flow going in and out of that host to the Tetration Engine, which will show us the Application Dependency Mappings.

Think of the sensors as continuous-feed cameras while the Tetration Engine performs as that person in the SoC watching 24×7, reporting any process-level/network anomalies and having all the recordings from the past available for you to analyze when needed. Before, we would only rely on “video-samples” from specific places and at specific times (using things like Netflow or SPAN sessions).

Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Study Material, Cisco Certifications
This provides us with great value, since now we know what specific ports our apps really need and we can close the rest, which is called “white-listing” or “zero-trust policies”. We can now use that information and execute our Zero-Trust Policies either manually or even automatically as shown in the video below.

Tetration supports enforcing those policies at the sensor level, turning the software sensor into an enforcement agent and executing segmentation at the OS level. We could also automate the configuration of those policies on ACI or on your own firewall using tools like Tuffin.

Tetration software sensors log every flow at the process level, therefore, they may help us to identify any anomalies or deviation from the standard (like privilege escalation, change in binary files, failed logons and many more).

There are many other types of coverage we may need for IT and our apps and a comprehensive solution may be needed. This is where Stealthwatch & Stealthwatch Cloud (which effectively report potential attacks), ACI (that can execute and complement our security strategy at the multicloud network level while encrypting VXLAN communications) and an effective Next-Generation Firewall like the Firepower Family among others, can further reduce blind-spots and help us react faster to potential threats.

Having multiple homes (in this case Clouds) where our applications may live, would normally force us into having multiple insurance policies. With solutions like these, we can have a single, continuous and consistent one, which should help us getting some extra hours of quality sleep at night!

Saturday, 20 October 2018

Machine Learning is NOT Rocket Science: Part 2

In Part 1 of this blog, I point out that using machine learning algorithms is much easier today with packages such as scikit-learn, TensorFlow, PyTorch, and others. In fact, using machine learning has been relegated down to largely a data management problem and software development issue rather than the mythical complexity of a rocket science.

Yet, it has never been more important to take advantage of machine learning.  According to the McKinsey report, being one of the first to adopt artificial intelligence has huge implications on future cash flow.

Machine Learning, Cisco Learning, Cisco Tutorial and Material, Cisco Study Material
Relative Change in Cash Flow by AI Adoption

If indeed machine learning boils down to data management and using the machine learning packages, what challenges are enterprise facing today to make use of that data?  For many Cisco customers, we find that

◈ Data scientists are tasked with mining value out of the data.  As they explore the value of data source A and B, there may be petabytes of additional data, which represents huge changes in infrastructure requirement.  While data scientists can have a small set of data using curated version of machine learning software on their laptop, scaling to petabytes clearly requires working closely with IT teams.

◈ There are numerous machine learning software stacks.  Not only are there numerous options, many, like TensorFlow, even have nightly builds with new capabilities.  Hence, the machine learning software ecosystem is relatively immature compared to say relational databases.

◈ IT teams are trying to help the data scientists.  Yet, constantly changing data sources leads to drastic infrastructure requirement changes.  With immature software ecosystem, it is very difficult for IT to create a stable environment with the needed infrastructure to scale.

At Cisco, we understand these challenges.  Often times, we find that the IT team and the data scientists may be at odds with one another.  To help our customers, Cisco has developed Cisco Validated Designs (CVD), in partnership with the machine learning software ecosystem, to create a complete solution based on unified architecture that can quickly scale, enabling the IT teams to better support the data scientists.

Let’s highlight some examples of Cisco Validated Design supporting machine learning. One of the prerequisites of machine learning is data itself.  For many Cisco big data customers, they already have a data lake in Hadoop that requires further analysis to extract more value from the data.  Hence, Cisco has partnered with Cloudera to create a CVD using Cloudera Data Science Workbench enabling customers to tap into the Hadoop data lake and use the latest machine learning frameworks such as TensorFlow and PyTorch.  In a similar way, Hortonworks 3.0 also has the latest YARN scheduler that is able to schedule workloads on CPU and GPUs to support workloads like Apache Spark and TensorFlow as Docker containers.  This solution enables IT teams to scale the CPU, GPU, and storage.

Cisco’s proven approach helps simplify deployments, accelerate time to insight, and enables the data scientists to curate their own machine learning software stack. For some data scientists that may want to do some machine learning experiments in the cloud, Cisco is actively contributing code to the Kubeflow open source project ensuring that there are consistent tools for machine learning both on-premise and in the cloud enabling a hybrid cloud architecture for AI and ML.  In fact, Gartner points out that 57% of machine learning models are developed using resources on-prem.

Machine Learning, Cisco Learning, Cisco Tutorial and Material, Cisco Study Material
UCS AI ML Solutions

By expanding our UCS portfolio with the new C480 ML, we continue to diversify for any workload. All UCS Servers are based on a unified architecture and can be managed by Cisco Intersight, making it simple to integrate into existing UCS environments.

Machine Learning, Cisco Learning, Cisco Tutorial and Material, Cisco Study Material
UCS Unified Architecture

In short, Cisco has expanded the UCS portfolio to now include a system that is purpose built for deep learning. We are working with machine learning software ecosystem to demystify AI/ML with proven, full-stack solutions developed with industry leaders. Our goal is to help IT better support AI projects and their data scientists.  May your machine learning journey be fast and smooth.

Machine Learning, Cisco Learning, Cisco Tutorial and Material, Cisco Study Material
Activate Power of Data with UCS

Friday, 19 October 2018

Machine Learning is NOT Rocket Science: Part 1

Movies have always created powerful mystique about artificial intelligence. For example, 2001: A Space Odyssey had the computer, Hal 9000, that recognized astronauts, spoke to them, and even locked the door to prevent an astronaut from entering the spacecraft. In the Terminator movies, Skynet was a self-aware computer set on destroying humans. The awesome computer capabilities depicted in these and other movies are very entertaining to be sure but also create a mysticism about computers being omniscient, omnipresent, and even omnipotent. Parts of these fictional computer superpowers are actually reality in our pockets. For many of us, the smart phone is able to recognize our voices, our faces, talk to us in different languages, and even lock doors. Despite how artificial intelligence and machine learning are embedded into our lives, the mystical powers of fictional computers still give many the impression that using artificial intelligence or machine learning capabilities in business requires the wizardry of Merlin, the intellect of Einstein, and the national effort of a moon landing.

Machine Learning, Cisco Tutorial and Material, Cisco Learning, Cisco Study Material, Cisco Guides

The reality is that machine learning has advanced to a point where it is no longer in the realm of rocket science. To take advantage of machine learning today, one does NOT need know all the internal details of a machine learning algorithm such as

Auto-differentiation
Stochastic Gradient Descent
Kernel tricks of a support vector machine

One only has to be able to use software packages such as scikit-learn, TensorFlow, PyTorch, and many others. Rather than the mysticism of rocket science, the true technical barrier for entry to machine learning has been lowered to that of a software problem. Does having a data scientist that understand the machine learning algorithmic details help? Absolutely. However, data scientists do not need to know all the details of the machine learning algorithm to mine value out of data. This situation is very similar to that of a C programmer who may not understand the details of assembly language but can still develop sophisticated programs.

Is machine learning different than traditional programming? Yes. Historically, humans had to create software to take input data and have the computer to generate output data. For example, a programmer can try to write code that recognize photos of cats and dogs by describing all the characteristics of of cats and dogs (e.g., nose, ears, tails). Unfortunately, this is an exceptionally daunting problem because of the myriad variations among cats, dogs and their respective breeds. Instead of writing such detailed instructions to recognize a pet, with supervised machine learning, you feed the machine learning algorithm with lots of labeled examples, such as photos that are properly identified as cats and dogs. Then, the machine learning algorithm can create a program, also known as a model, that can recognize cats and dogs with amazing accuracy. With this ability to recognize patterns in data, machine learning can be used in a variety of tasks, not just academic examples such as dog recognition. The once complex pattern recognition problem has become as simple as managing the labeled data and using the machine learning algorithms.

Machine Learning, Cisco Tutorial and Material, Cisco Learning, Cisco Study Material, Cisco Guides
AI / ML Write Code Based on Examples

Wednesday, 17 October 2018

Miercom Tests Endorse Cisco 1000 Series ISRs’ IPsec Encryption Performance

In both traditional and future SD-WAN network architectures, IPsec encryption performance is one of the most important technologies for secure delivery of customer traffic in branch routers. Higher IPsec throughput performance can also translate into improved customer experience and even revenue.

Miercom recently validated a few models of Cisco and Huawei fixed branch routers, measuring RFC 2544 IPsec encryption throughput performance. The testing shows that the Cisco 1111 Integrated Services Router (ISR) demonstrated the highest average IPsec throughput performance of 365 Mbps, compared to Huawei and HPE fixed branch routers. The Huawei AR1220E shows only 245 Mbps. The result is the average of 20 test results, so it is very reliable.

Table 1 shows the overall throughput performance comparison chart from the Miercom report.

Cisco Tutorial and Material, Cisco Learning, Cisco Study Material, Cisco Guides

Table 1. Competitive WAN performance

Let’s look at the result variation among the 20 test runs. See Table 2.

Cisco Tutorial and Material, Cisco Learning, Cisco Study Material, Cisco Guides

Table 2. WAN performance variation

The Huawei AR1220E fixed router shows the largest throughput variations. In other words, Huawei fixed router throughput performance is not the same when measured at different times under the same setup conditions and environments. To customers, this could mean very inconsistent throughput due to complex processing of I/O, buffering, table lookup, queuing, and forwarding sessions. For a service provider, this could result in poor customer satisfaction.

If we look at the overall test result variations reported by Miercom, the two Cisco fixed ISRs, the 1117 and 1111, have the lowest variations in IPsec throughput results, while the three Huawei fixed routers, the AR1220E, AR169FGW-L, and AR201, show the highest variations. See Table 3. To customers, this means that if you pick Cisco fixed routers as your branch router for WAN services, you will get better and more consistent IPsec throughput performance, while if you pick Huawei fixed routers, the service may be very inconsistent.

Cisco Tutorial and Material, Cisco Learning, Cisco Study Material, Cisco Guides

Table 3. Competitive WAN performance variability

For the full details, download the comprehensive Miercom report and accompanying test results.

Sunday, 14 October 2018

Building the 5G Business Case

2018 to date has been the year when 5G came out of the standards and into reality, with many trials throughout Asia Pacific (APAC). The learnings from these trials have shown us not only what services could be supported, but how 5G should be deployed and what the likely investments will be required for a commercial launch. During the recent 5G Asia event, the 5G discussions have moved from how and when 5G will be deployed, to how are we going to pay for it. So what will a 5G investment business case look like?

Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Study Materials

The way I see it, there are three broad areas of focus for the initial 5G business case, considering both top-line and bottom-line drivers:

1. First, the initial focus area is the economics of meeting the current projected data capacity growth requirements at a lower cost per bit. 3G/4G traffic is still growing at more than 100% year-over-year in some APAC markets and even jumped over 400% in India last year. The amount of capacity that 5G will enable of course depends primarily on the amount of new spectrum that regulators make available, but looking at allocations to date, we expect 5G to open up around 5x more bandwidth than 4G has today. Based on our modeling, 5G cost per bit could be less than half of what it is for 4G, and a quarter of 3G costs. This will drive traffic migration and spectrum re-farming initiatives once 5G is launched.

2. Second, 5G enables more customized services, or so-called slices. Most 4G services today are supported over the same generic “bearer” regardless of the requirements or value of that service. With 5G networks, attributes like bandwidth (BW), latency, resiliency and security can be customized, like per over-the-top (OTT), enterprise or Internet of Things (IoT) application, etc. The business case drivers here are both increased revenue share with new and differentiated services, and further improved cost to serve.

3. Third is the monetization of completely new services beyond what 4G can support today. This is where the new cool applications come in, like lower latency, Augmented Reality (AR)/Virtual Reality (VR), tactile internet, super high-definition media with Gbps bandwidth, and massively dense machine-to-machine (M2M) deployments. In this area, we have the most uncertainty for Return on Investment (RoI). Traditionally, the mobile industry hasn’t been great at predicting the next “killer” application, but we do know 5G is a step change in mobile capabilities and with the right device and application ecosystem, the next killer app will come.

Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Study Materials

As we move from trial, to deployment, to launch of 5G services, the business model will continue to evolve, but at least for now, we have an initial view of how 5G will benefit service providers. Investment business cases based on lower cost per bit capacity and service differentiation are enough to show positive RoI, and monetizing the next 5G killer app will be the future icing on the cake.

Empowering Defenders: AMP Unity and Cisco Threat Response

Defenders have a lot of work to do, and many challenges to overcome. While conducting the Cisco 2018 Security Capabilities Benchmark Study, where we touched more than 3600 customers across 26 countries, these assumptions were confirmed. We have seen that defenders are struggling with the orchestration of a mix of security products and that, by itself, may obfuscate rather than clarify the security landscape.

Let’s take a moment to imagine a security team and the tasks it performs daily. Reviewing increasing numbers of alerts, attempting to correlate information from various sources to build a complete picture of each potential threat, triaging and assigning priorities, are all complex tasks performed under time pressures. The goal is to quickly come up with an adequate response strategy based on the clear understanding of the threat, its scope of compromise, and the potential damage it could cause. This process is often error-prone and time-consuming when it is manual. At the same time when understanding the alerts becomes a challenge, high severity threats can slip through the defenses.

We have heard from the majority of customers that an integrated approach is easier to implement and is more cost effective. Listening to and understanding the needs of our customers has always been a priority for us. Therefore, to empower security analysts with effective weapons to defend their organizations, Cisco has built a security architecture that helps streamline security operations. Most recently we have developed two offerings: one a platform and the other a capability: Cisco Threat Response and AMP Unity. Both are exciting developments and while they are different, they serve the same strategic goal.

AMP Unity


AMP Unity is a capability that allows organizations to register their AMP-enabled devices (Cisco NGFW, NGIPS, ESA, CES, WSA with a Malware/AMP subscription) in the AMP for Endpoints Console. In this way, those devices can be seen and queried (for sample observations) the same way the AMP for Endpoints Console already provides for endpoints. This integration allows correlating file propagation data across all of the threat vectors in a single User Interface (Global File Trajectory view).

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Tutorial and Material
Global File Trajectory view (showcasing file transfer through an email gateway, down to the endpoint, across the network to another endpoint)

But it doesn’t stop there. AMP Unity also allows you to create common file whitelists and file blacklists (through the same AMP for Endpoints Console) and enforce them across all of the registered AMP-enabled devices in the organization alongside your AMP endpoints (Global Outbreak Control).

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Tutorial and Material
Global Outbreak Control (adding a file to a Simple Detection list which enforces a blocking action across all AMP-enabled devices and endpoints)

In an incident response scenario, being able to quickly understand the scope of compromise and the way threats propagate across the environment, is essential. Being able to enforce policy across the malware inspection gateways and endpoints consistently helps security teams save time and address threats that matter.

Keep in mind that AMP Unity is a capability. It doesn’t introduce new dashboards or policies – it’s all managed through the AMP for Endpoints Console. That helps you derive more value out of your existing AMP investments.

Cisco Threat Response


Cisco Threat Response is an innovative platform that brings together security-related information from Cisco and third-party sources into a single, intuitive investigation and response console. It does so through a modular design that serves as an integration framework for event logs and threat intelligence. Modules allow for the rapid correlation of data by building relationship graphs that in turn, enable security teams to obtain a clear view of the attack, as well as to quickly make effective response actions.

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Tutorial and Material
Cisco Threat Response Relationship Graph

As of the time of publishing this blog, Cisco Threat Response brings together event logs and threat intelligence from multiple Cisco and 3rd party modules. It’s likely that by the team you read this blog, the platform has added additional modules and capabilities.

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Tutorial and Material
Cisco Threat Response Modules

The obvious value here is automation and the reduction of incident response lag caused by shifting through multiple user interfaces and attempting to correlate available data manually. That’s precisely what Threat Response does for you. The daily workflow is also streamlined through the integrated case management tool named “Casebook”. That is a tiny UI component that allows you to gather and pivot on observables, assign names to your investigations, take notes and much more. Casebooks are built on a cloud API and data storage, and can be referenced by any product (with your credentials). Because of this, they can follow you from product to product, eventually across the entire Cisco Security portfolio.

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Tutorial and Material
Casebook

Cisco Threat Response is currently available to AMP for Endpoints and Threat Grid customers, who can take advantage of this powerful platform and the possibilities it provides today.

Tying AMP Unity and Cisco Threat Response Together


Considering both of these developments provide added value to security teams through tighter native integrations, how do they relate to each other? Simple – Cisco Threat Response queries correlated event telemetry from AMP for Endpoints and allows you to quickly take containment actions. It does so through the AMP for Endpoints API, via the AMP for Endpoints module enabled in Threat Response. Since AMP for Endpoints Console is a central place to correlate telemetry from AMP-enabled devices, this information can be used to enrich relationship graphs built by Threat Response. On top of that, Global Outbreak Control capabilities introduced by AMP Unity can be used through the Threat Response User Interface.

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Tutorial and Material
AMP Unity Events in Threat Response

AMP Unity brings your AMP-enabled device data to Threat Response via the AMP for Endpoints module, and in turn Threat Response allows you to quickly take action at both the endpoint and edge layers of your AMP deployment based on investigation results across all Threat Response data.

As Cisco continues to develop new modules for Threat Response, enabling AMP Unity will be an optional step to correlate event telemetry from AMP-enabled devices. Eventually Threat Response will be able to query these devices (WSA, ESA, CES, NGFW, NGIPS) directly without having to rely on the AMP for Endpoints module (which is especially important for customers who do not have AMP for Endpoints).

Friday, 12 October 2018

Meraki Wireless Health APIs Make Network Assurance Easier

As Meraki continues to drive cloud managed networking into new markets, we continue to evolve our offerings to help customers and partners adopt this mission. With large enterprise, campuses, and service providers all rapidly growing Meraki wireless deployments, Meraki continues to rapidly evolve to drive innovation in these markets. As part of the strategy to make our rich data sources available to our customers, we introduced Meraki Wireless Health and a brand new product line Meraki Insight at Cisco Live in Barcelona 2018.

In addition to our rapid adoption of Meraki Wireless Health, Meraki’s API platform has also been experiencing rapid adoption by our customer and partner community. Since the introduction of APIs less than 2 years ago, the API platform has grown into 100’s of unique APIs and over 20 million API calls a day

Access all Meraki Wireless Health features via an API interface


Wireless Health has been an instant hit with hundreds of thousands of customers now actively using Meraki Wireless Health, we have maintained our focus on wireless health to build out additional value for our customers. To build on top of all of these successes, Meraki is proud to announce that we are now launching full Wireless Health API endpoints. This is one of our largest API launches to date, and all of our customers now have access. These new API endpoints will make it easy for both Meraki’s Partner Solutions team and Cisco’s DevNet team to drive simple Open Source and Partner Solutions that can help simplify the management of wireless deployments of all types and for all verticals.

With this launch we are creating 3 key types of API endpoints


1. Connection Health – Summarizes the connection health of a network, AP or client
2. Connection Failures – Returns a full list of association, authentication, DHCP and DNS issues
3. Network Latency – Summarizes the latency of a network, AP or client.

The great thing about these new API endpoints is we have designed them to be flexible. You can filter all of them by a specific VLAN or SSID. You can also call the summary statistics by using start time and end times.

Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Network, Cisco Study Materials

Leverage our DevNet community to build your own customized analysis or visualization

Using the new APIs to create working solutions


During the development of the Wireless Health API endpoints, Meraki worked with DevNet to validate the format of the API endpoints and make them as robust as possible. Our teams also worked together to create a real working solution using the new API endpoints. With the experienced DevNet team working with the Meraki team, we were able to put together a full working demonstration of the new API endpoints within one week. Now that Meraki APIs are part of Cisco DevNet we now have access to over 500,000 DevNet developers who can create services and solutions based on the Meraki APIs.

Wireless infrastructure supports mobile POS devices


Together we created a solution that allows one of our retail customers to correlate how network health, customer foot traffic, and point of sale statistics all interact – and do it in a single dashboard for over 50 separate locations! With mobile point of sale (POS) devices becoming a predominant method of in-store payments, the wireless infrastructure has become more important than ever. So we wanted to create a dashboard where our customers could quickly check the overall current health of the retail store, but also (thanks to some open source engineering) see the historical health. We also worked with the customer to create an overall health score for their retail stores, so that they can roll up the disparate and complex data set into a single scoring rank. This unleashes an incredibly powerful data point, where the retailer can quickly identify poorly performing retail locations and within seconds dive in and investigate the root cause.

Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Network, Cisco Study Materials

Complete visibility into the retail locations data using Kibana

Unleash the power of your data in the Meraki platform


This is just the beginning of Meraki unleashing the power of the data in our platform. In the months ahead, we will continue to release more network health metrics that will further streamline the running of enterprise networks. We are looking forward to all the great things our customers and partners are going to create with these newly introduced API endpoints, and our team will continue to leverage our agile development environment to drive more innovations in the networking space.

Since 2017 the Cisco Meraki team has been working with the Cisco DevNet team. As a result, over the last year a large number of partners have leveraged our API infrastructure to create solutions specific to unique use cases. We are constantly adding new solutions and partners to our ecosystem, and they are easily available for anyone to view.