Monday, 20 May 2019

Cisco AMP for Endpoints excelling in AV Comparatives Business Main Test Series

AV-Comparatives have long been the benchmark of 3rdparty testing in the endpoint security space. This year, for the first time ever, AMP for Endpoints participated in AV-Comparatives malware testing. The Business Main Test Series was broken up into two main sections: the Malware Protection Test and Business Real-World Protection Test.

Cisco Study Materials, Cisco Certifications, Cisco Tutorials and Materials

While the full report will be released in July, AV-Comparatives released a short fact sheet today. Because the test is only partially completed, the results will continue to vary, but Cisco AMP for Endpoints expects to maintain consistently high scores.

Overview


First, let’s give the brief facts behind the Business Main Test Series:

◈ 19 products are participating
◈ All products tested on a Windows 10 RS5 64-bit
◈ All vendors were allowed to configure their products
◈ Cloud and PUA detection activated in all products

Given these parameters, the 19 products will participate in a fourth month test culminating in July. At this midpoint, however, the products have participated in the two aforementioned tests.

Malware Protection Test 


In this test, the products were tested with 1,311 different malware samples. Based on criteria defined by AV-Comparatives in their report, the products were given parameters to detect the malware samples.

So far, AMP for Endpoints is one of eight products to have a malware protection rate of 99.8% or higher. In addition to this extremely high detection rate, AMP for Endpoints registered 0 false alarms on common business software.

Cisco Study Materials, Cisco Certifications, Cisco Tutorials and Materials

AV-Comparatives also performed tests on non-business software. This will not affect the final “Approved Business Product” rating they deliver, but the results are notable as it helps to demonstrates how well a product can really delineate between good and bad. Cisco AMP for Endpoints was granted the highest rating of “very low “which denotes 0-5 false positives on non-business software.

Cisco AMP for Endpoints consistently pledges to deliver elite threat detection, investigation, and response. The 99.8% malware protection rate so far highlights Cisco AMP for Endpoint’s ability to deliver on that pledge. At the same time, the low number of false positives shows that Cisco AMP for Endpoints does not need to bog down IT professionals with useless alerts allowing them to focus on what’s really important.

Real-World Protection Test


Over the course of two months, the products encountered 389 test cases. Of the 389 test cases, Cisco AMP For Endpoints has blocked all but three while producing ZERO false alarms. Resulting in a 99.2% protection rate so far. Cisco AMP For Endpoints is only one of three products to have zero false alarms. Others have already flagged up to 18 false alarms.

Saturday, 18 May 2019

Artificial Intelligence Partner Opportunity

A short time ago I had the opportunity to participate in the AI Partner and Customer events that we had in our Innovation Centers in Paris, London and Berlin. The excitement and interest of both our customers and partners was palpable.

Artificial Intelligence, Cisco Study Materials, Cisco Guides, Cisco Learning

You might have seen some of the headlines in the news around Artificial Intelligence (AI) and Machine Learning (ML) and how in the US, the European Union and Asia many countries are increasing their public and private investment in this field. AI is present everywhere nowadays, from a simple semantic search on the internet to some of the latest self-driving vehicles already available in many places. It is expected that by the year 2022 worldwide spending in AI systems will reach 78 billion US dollars and that the spending in AI servers will grow from 5 billion to 18 billion US dollars. These figures alone represent a substantial opportunity for Cisco and for our Partners.

Another interesting learning from these events was that contrary to what most people might think, a larger percentage of Machine Learning deployments are deployed on-premise as opposed to on cloud. This poses an immediate opportunity for Cisco and our partners in terms of supporting our customers with their initial deployments in their own Data Centers. There are some intrinsic benefits for deploying ML on premise, among them we can list the data gravity integration and application performance, governance and TCO (Total Cost of Ownership), while on cloud deployments provide faster deployments and simplicity.

An AI/ML solution requires multidisciplinary skills and a deep collaboration between different stakeholders, including Data Scientists and Data Engineers, the CIO and the different business leaders as well as the IT team. Without all these different teams working together with a common and joint objective a successful deployment would be really difficult to realize.

The Cisco AI/ML offering focuses on Full Data Life Cycle, Simplicity, and Manageability and includes:

◈ A full portfolio for all AI/ML computing needs.
◈ Validated solutions with technology partners
◈ Natural extension of existing computing environment

The Cisco AI/ML Architecture includes UCS (Unified Computing Systems) Servers, Cisco Infrastructure Management and Cisco Networking Solutions that power a Virtualization Layer, a Converged Infrastructure for AI and Big Data Clusters which in turn sustain the AI/ML Software platforms which eventually provide the business outcomes that AI delivers. This Architecture helps to bridge the gap between IT and the Data Scientists.

There are some real use cases examples that were highlighted in these AI events which I found quite relevant and that our partners can leverage to initiate the discussion with their customers. Some of them include:

Banking

◈ Customer-Centric Marketing

◈ Product recommendation

◈ Experience personalization

◈ Attrition prediction

Operations

◈ Improve customer experience

◈ Predicting Failures

◈ Automatically Position Spares at Depots

◈ Optimizing Supply Chain and Customer Experience

Auto

◈ Autonomous Vehicle Simulations

◈ Complex simulation modelling

◈ Massive storage requirements

◈ High volume data inputs

AI/ML can also help resolve some of the Internet of Things new set of technical challenges such as:

◈ Harsh environments

◈ Hyper-scale

◈ Randomness and unpredictability

◈ Determinism

◈ Subject to (even subtle) attacks

We can also make use of AI/ML to predict performances of the IoT, detect subtle attacks, and make the network reactive at scale as well as for Cognitive and Predictive Analytics.

Friday, 17 May 2019

Practical Ways to Reduce Ransomware Impact: Actions You Can Take Today

During the past year, Cisco Security Incident Response Services has provided emergency incident response services for many customers dealing with incidents that sometimes become a ransomware event. In many cases, we were engaged by the company at the first sign of trouble and were able to help contain the initial incident and reduce the ability of the attacker to shift to a ransomware phase. In other incidents, we were asked to help long after the attackers were in the environment and the systems were already encrypted.

In this blog post, I will share some practical tips that our team use with our customers to help mitigate the risk of ransomware causing a significant business outage.

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Tutorials and Materials

Figure 1: Phases of an attack.

If we follow the standard attack lifecycle (Figure 1), the first step that we need to consider is how we would address the initial attack vector. For this blog post, let us assume the initial access vector is email (which we have observed is often the case).

Initial Attack


The first thing to consider is intelligence-based email monitoring and filtering. An example of this would be the Cisco Email Security Appliance (ESA) product which integrates Cisco Talos threat intelligence into an active email inspection platform.

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Tutorials and Materials

ESA should be deployed to examine email, both inbound and outbound, from the organization. This filtering should be tied to an intelligence feed that dynamically adds new known malicious domains, IP addresses, behavioral indicators, signatures, etc.

By itself, this will not fully protect an organization but without this, you expose your users and your environment to preventable email-based attacks. This control should create log events into the security monitoring system. These events should be reviewed regularly by a member of the monitoring team and if possible correlated with other events (involving the same time, internal hosts, external IP/Domain, and any malware detected). The capability of being able to also review email historically for suspicious attachments or previously unidentified malicious files is helpful for scoping and understanding the scale of the incident and can be used for hunting if the initial detection somehow fails.

User Actions


Subsequent to the initial malicious email entering an environment, the next obvious question is “did the user open it” or “did the user click the link”? To answer these questions, we require some specific log telemetry from within the environment.

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Tutorials and Materials

DNS logs such as those available by using Cisco Umbrella, can be invaluable to identify if a user/IP address/device made a request that is related to a known suspicious domain or IP address. If there is an active incident, these logs should be examined for any requests associated with the incident. These DNS logs should be part of the overall logging environment and the events should also be used to block and track requests to known malicious domains. Again, this should be correlated into events of interest for the monitoring team to consider. This helps us understand if the domain was requested, but does not by itself indicate what the interaction was between the user and the destination.

To gather information on the interaction between the user and the destination, we require logs from a deployed web proxy system that captures the outbound web requests and the responses. Cisco Web Security Appliance (WSA) is an example of an active web proxy/filtering system, powered by Cisco Talos threat intelligence. These systems can often block or filter known malicious sites (based again on intelligence) and also retain the http transaction between the user’s web browser and the destination. This can help us to answer the question of what was done on the site, or what the site sent as a response.

To address the question of “did the user open the file” we recommend the implementation of the Windows SysInternals System Monitor (Sysmon) which can help to answer the question of user behavior and activity. Alternatively, many endpoint security tools may also be able to answer this question. Be sure to test your tools before an incident, so you know what normal activity looks like before you get into an incident and have to try to parse the alerts.

Account Compromise


Following the attack life-cycle, the next phase is account compromise:  did the user either provide their credentials (e.g., if they were prompted to enter their password to access what appeared to be a legitimate company web page) or did the malware gather local cached account data from the system? This is where we recommend multi-factor authentication (MFA) as the standard for all environments.

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Tutorials and Materials

We frequently recommended multi-factor for “high risk” accounts, or for “all externally facing services”, but with the current attack patterns we recommend multi-factor for all Active Directory environments. There can be technical limitations on implementing MFA for some legacy systems, legacy access types, etc. Those exceptions should be identified and very closely monitored for unexpected activity, or isolated into separate Organizational Units or Groups. This may allow early detection of misuse and may limit the impact of these systems or credentials, should they become compromised.

Another key consideration is to monitor the system used to manage the multi-factor authentication. We have seen attackers attempt to bring these systems offline, to attempt to access these systems, or to successfully access these systems and either create one-time use passcodes or create a new account that was allowed to bypass the multi-factor requirement. These systems must be closely monitored for all access and modifications to the users, groups, or creation of one-time use codes.

Privilege Escalation


The next phase is privilege escalation.  In this phase, we recommend a multi-pronged approach as there are multiple risks to address. The first risk is if the environment has a shared local administrator password across multiple devices. This is still a very common practice in many environments due to a number of factors.

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Tutorials and Materials

A solution that can assist with this is implementing the Microsoft Local Administrator Password Solution (LAPS). This provides a better method to manage local accounts. The second risk is an attacker compromising one of the privileged accounts in the environment. If multi-factor authentication is required on these accounts, this should be unlikely, but these accounts must still be monitored for mis-use. Additionally these privileged groups should be monitored for modification (adding/deleting or users, or change to the group roles). These are also events that should trigger alerts that are evaluated by the monitoring team.

Lateral Movement


Lateral movement occurs next. To detect and thwart this, we need to reduce the ability for a user account to move freely within the environment without being validated or having authorization.

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Tutorials and Materials

This can be started by reducing the internal network access from the standard user segments and VPN devices. Network segmentation can be complex to implement across the entire environment, but it is often achievable to make some small restrictions using virtual LANs (VLANs) to reduce which networks can access critical segments. Privileged activity or Administrator activity should always originate from an approved “jump box” that is hardened and monitored, and has specific access restrictions for only users that require this access. Role-based access should also be enforced, not everyone should have access to production, not everyone should have access to the code base, or sensitive data. Access (successful and failed) should be logged and correlated. Reducing the number and type of ports and protocols within the environment may also help to reduce the spread of malware or lateral movement that is expecting specific capabilities, such as the Server Message Block (SMB) protocol, for example.

Encryption of Data


The ultimate risk of a ransomware attack is in the final phase. This is when the attacker is able to encrypt critical business systems or services, causing a business outage. The impact of this outage varies based on the function of your business, your tolerance (or your customers’ tolerance) for downtime, and many other factors.

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Tutorials and Materials

For environments that have critical services that impact life and safety of people, we strongly recommend partnering with the disaster recovery and business continuity teams to test existing plans and update them accordingly with steps that cover full data center loss via ransomware. Other questions that should be considered: Are your backups offline and secure from the possible ransomware? Does your online backup system use the same credentials as your Active Directory environment? Has your organization practiced what a data restore would look like and how long it would take? Is the necessary hardware (or virtual space) available to be able to restore your environment? Is there an understanding of dependencies and other tactical considerations?

Take Action Today


These recommendations will help you improve your ability to detect attacks in the earlier (pre-ransomware) stages and will reduce the overall impact of a ransomware incident. You must take key preventative steps, while also readying your team to act when it strikes. If you feel you need hands-on, expert assistance, consider contacting our team – our incident responders can help you prepare your own team with proactive services and we can work alongside your team during active incidents.

Thursday, 16 May 2019

Ansible: Powered by Cisco DNA Center

We have all seen the segmentation of people and technologies into what we lovingly refer to as ‘silos.’ Initially, these silos were formed to group together teams with common skill sets, ownership, accountability, etc. The effect that we see from this division into functional groups typically manifests as some level of communication hindrance that limits full cooperation between the groups to obtain a higher level objective.

If you look at the technology industry, the same sort of logical grouping is prevalent. For example, we have technology silos like Campus Networking, Data Center Infrastructure, Security, and Storage.

Network Automation, Cisco DNA Center, Cisco Certifications, Cisco Learning, Cisco Study Materials

In these technology domains, we see managers, or controllers, that are responsible to provide that Software Defined Controller role and act as the provisioner for that area. Similar to the challenge faced with people in organizations, this division can be a hindrance when trying to automate across multiple functional areas.

Ansible for Higher Level Automation


What we need to help drive a cohesive strategy for management across each of these domains is a common interface to act as the glue between them. This “higher layer” can interface with each technology domain using whatever interface is exposed by the manager or by reaching the devices directly.

Ansible is a fantastic solution to act as this glue. There are over 2000 modules to provide that communication mechanism into each domain. The coverage is broad enough to span the entire gamete.

Network Automation, Cisco DNA Center, Cisco Certifications, Cisco Learning, Cisco Study Materials

Campus Networking


Cisco Campus networking has seen significant growth in maturity with the DNA Center solution. DNA Center provides GUI driven workflows that greatly simplify complex deployments allowing the technologist to focus on what they want the network to do rather than the specific configurations.

The Assurance engine is without a parallel in the industry. Assurance provides unprecedented visibility into the health of your networks, end users, and applications.

Cisco has released the concept of DNA Center as a Platform and provides access to the APIs that drive the DNA Center solution.

Ansible Modules for DNA Center


That brings us to the point of this write up…with Ansible acting as the glue between your various technical domains combined with your newly deployed Cisco DNA Center you will need some new modules to drive the configurations of DNA Center from Ansible.

World Wide Technology has developed several new Ansible modules for DNA Center. These initial modules provide the ability to deploy configuration of the design workflows including Site Hierarchy, Common settings (DHCP Server, DNS Server, Syslog, etc), IP Pools, Create Discoveries and more.

Network Automation, Cisco DNA Center, Cisco Certifications, Cisco Learning, Cisco Study Materials

These initial modules are just the start. We will continue to develop and refine with the help of the broader, open source community as additional features and APIs are exposed.

The figure below is a snippet of YAML from a sample playbook illustrating the configuration of the DNA Center settings and sites.

Network Automation, Cisco DNA Center, Cisco Certifications, Cisco Learning, Cisco Study Materials

Tuesday, 14 May 2019

Cisco Drives Intent-Based Networking Forward with Multi-Level Segmentation

Why network segmentation matters in the enterprise of today


Network Segmentation easily gets lost in a conversation as it is a heavily used term in the industry. Everyone claims to support it when in reality most vendors support the bare minimum to simply claim compliance in an RFP (Request for Proposal) or RFI (Request for Information).

Network segmentation is a critical requirement to address the growing scale, complexity and security demands of today’s campus and branch networks. That’s because segmentation allows customers to protect their data. Segmentation divides an infrastructure into individual components and builds connection points between the relevant components based on the understanding of applications, users, consumers, and devices

The days of managing secure networks with VLANs and ACLs are ways of the old. Customers require a campus infrastructure capable to support a software defined approach for network segmentation. Networks today need to be purpose built for commencing the journey of intent-based networking. Network segmentation is a key pillar supporting the foundation of Cisco’s powerful Software-Defined Access (SD-Access) architecture.

Raising the stakes with multi-level network segmentation


Traditionally, when a customer was required to isolate a given network, VLANS and ACLs (Access Control Lists) were configured to achieve network separation. A simple use case to enforce policies for users, devices, and things were challenging to implement and complex to manage as new users and devices were added to the network. Cisco has addressed these challenges and raised the stakes for network segmentation offering a new approach to multi-level segmentation for the enterprise campus.

So, what is multi-level segmentation? As it’s called, Multi-level segmentation provides two-levels of segmentation using layer 3 virtual networks (VNs) and scalable group tags (SGTs).

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Certifications
Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Certifications

Comparing vendors


Comparing the segmentation capabilities of Cisco, Aruba and Huawei, several key takeaways can be learned from the independent Miercom report. In the Miercom comparison the bottom line is there is a clear benefit with the automated, single touch point approach of Cisco compared to the manual – multi-touch point approaches of HPE-Aruba and Huawei.

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Certifications

Aruba

Aruba’s segmentation offering is highly dependent on its mobility controller. With only a small amount of traffic, Aruba’s Mobility controller was exposed as a choke point.

Regardless of how many access layer switches and network uplinks are added, the limitation is still present until an additional Aruba Mobility controller can be purchased and added to the network. The network administrator using the Aruba architecture will constantly need to monitor the load of the segmentation service. This is because the mobility controller responsible for wireless association/ termination will become unresponsive when the data plane performance is reached.

Aruba positions their Dynamic Segmentation for Unified Policy for wired and wireless. Aruba launched this back in 2014 and are still positioning this architecture as Next-Gen. The flaws then are still present now.

Is the Aruba solution line-rate? Can it be proved via independent test reports? Can they change policy between users, whatever their respective VLAN is?

Huawei

Huawei’s Free Mobility was basic segmentation at best. Several touchpoints and dashboards are required to get the basics to work.  It’s definitely not easy to use, and requires many repetitive steps to create groups and create policy.

Huawei presents its Free Mobility solution to its customers for segmentation using group-based policy. Free Mobility is an add-on to its policy server the Agile Controller 1.0. Huawei does not offer a simple way to offer policy-based automation.  In all cases Huawei requires multiple touch points and manual based configurations via CLI and countless clicks on their Agile Controller for policy.

The 3rd party test vendor configured Huawei’s Free Mobility solution to discover that it was not as easy as expected.

Multiple steps are required to create a security group – 12 to be exact. To create a single policy between a configured pair of security groups takes 16 steps.

The key takeaway was Huawei’s inability to provide an easy to use offering for multi-level segmentation.

At best, the segmentation was basic and the network administrator was left to log back into the additional devices to enable port isolation for east-west segmentation.

Cisco Study Materials, Cisco Guides, Cisco Learning, Cisco Certifications

As you can imagine traditionally there are many touch points when trying to configure various levels of segmentation.

Cisco


With Cisco Digital Network Architecture (DNA) Center, the creation of virtual networks and management of scalable groups is possible and can be done via a single unified dashboard. Cisco DNA Center and SD-Access outshines and outperforms the competition. Cisco SD-Access is built using a campus fabric with built-in mechanisms to support two levels of segmentation. Other network vendors can only offer segmentation based on simple network separation.

The Cisco Catalyst Family embeds VNs and SGTs in its hardware using the Cisco UADP (Unified Access Data Plane) ASIC. This facilitates building a robust foundation based on a powerful hardware that allows customers to enable a network segmentation service without a compromise on performance. Other network vendors use older architectures which are bottleneck designs with limited data plane performance of only 10Gbps.

Our 3rd party tests, compare and assess the network segmentation offerings of each networking vendor. It can be seen from the report, with the other vendors customers will continue down the path of configuring named VLANs and mapping out the size of the subnet per VLAN preparing for deployment. Customers using either vendor will be required to configure a VLAN for wired employees, a VLAN for wireless employees, a  VLAN for wired guests, a VLAN for wireless guests, etc.

As stated, those are ways of the past …however this is how the competition will design a campus network. They don’t offer a controller based network to provide automation and the ability to deliver true software defined networking.

Cisco SD-Access not only profiles users, devices, and things but also onboards clients to a fabric. It provides customers with capabilities to move devices in a virtual network (macro segmentation) and provide flexibility to support role-based groups (micro segmentation) and control communication based on network contracts.

With Cisco’s DNA Center, the policy application allows customers to create VNs and groups using the “drag and drop” method. Once configured, network connectivity and access were tested to verify segmentation.

Segmentation doesn’t stop in the campus


Cisco also supports the ability to keep the policy intact from the Campus User to the Data Center application with SGT to EPG (endpoint group) mapping. Cisco is the only vendor capable to offer Intent-Based Networking across the Campus and Data Center.

Monday, 13 May 2019

AI in Cisco IT Operations: Finding Golden Needles in Ever Larger Haystacks

Customers often ask us whether artificial intelligence (AI) will be the kind of game changer that analysts are predicting. From what I’m seeing, the answer is an unconditional yes.

The trick is figuring out the right use cases. While any computer can calculate pi to a million places faster than I can sneeze, it takes an AI compute space to sort through billions of pieces of data to answer a single question. One drawback:  AI doesn’t, by itself, know what questions to ask and what to do with the answers. But if you can frame the question the right way, AI can devour planet loads of information and find significant patterns. Think of it this way: AI can winnow through huge haystacks to find a needle—but first a human needs to define a needle.

Cisco IT began our journey to AI through many disconnected teams. Through the grapevine I’d heard about more than 40 projects, each funded by the group that’s using it (e.g., marketing, InfoSec, contact center). Different teams in Cisco – in IT, in Engineering, in Marketing – have already centralized their AI efforts to increase their scope.

Here are some of the ways we’re putting AI to work today.

Security


Detecting Day Zero malware

Malware detection was our first foray into AI. We acquired Stealthwatch technology in 2015. It sifts through billions of data points about how traffic moves through our network to detect anomalous behavior that could indicate Day Zero malware. The hard part is teaching the AI engine what’s normal and what’s not. Here’s an analogy:  if you have a dinner party with millions of guests (it’s a large house), how can you spot the potential thieves?  Most security defenses look for signatures – in this case, mug-shots of known criminals as they come through the door.  But to catch the thieves who are still unknown, you have to look at their behavior.  it’s normal for a party guest to wander through your house, chatting with guests and hovering around the bar; but it’s not normal for them to go immediately to the locked room containing the safe and start looking behind the pictures. When the equivalent of that happens on our network, Stealthwatch raises an alarm or takes action to isolate the threat. We regularly find Day Zero attacks in this way.  To do this, we have to ask Stealthwatch to sift through over 28 billion Netflow records every day, and continue to update it on what’s normal, acceptable behavior and what behavior is characteristic of malware attacks.  But it enables us to see things that no other tool can.

Cisco Certifications, Cisco Guides, Cisco Learning, Cisco Study Materials, Cisco Tutorials and Materials

iscovering malware in encrypted traffic

More than 50% of network traffic is now encrypted, and malware hidden in encrypted traffic can sneak through traditional defenses. But encrypted traffic is so tough to crack (pun intended) that you also need machine learning—telling the AI program to find malware without telling it how. Using an AI program called Encrypted Traffic Analytics, a new Stealthwatch upgrade, we’ve learned some of the clues, such as packet lengths, arrival times, and initial handshake data packets that signify malware even when the stream remains encrypted.. ETA has found malware in encrypted streams that would have slipped right by signature analysis or even AI-based behavior analysis.

WAN optimization


Routing traffic over the best circuit based on predicted performance

Our midsize offices get two circuits: MPLS and VPN-over-Internet. Instead of leaving the secondary circuit idle most of the time, last year we started using Cisco Software Defined-WAN (SD-WAN) to intelligently provision secure WAN links and route application-specific traffic to the circuit that’s best for the job. The decision depends on the type of the traffic (voice, video, email, etc.) and current network conditions. Now we’re making the decision even better by using AI to predict future circuit behavior. Say we’re about a broadcast a live 60-minute webinar. If the MPLS circuit is performing great right now but signs indicate it might degrade in 30 seconds (or 17 minutes), it’s smarter to have the SD-WAN Manager route traffic to the backup circuit.

Cisco Certifications, Cisco Guides, Cisco Learning, Cisco Study Materials, Cisco Tutorials and Materials

LAN Troubleshooting


Identifying problems and recommending solutions before they’re noticed

Cisco Software-Defined Access (SD-A) includes an AI-driven data collection and analysis platform.  Cisco IT has already deployed three main Cisco DNA-Center (DNA-C) clusters, one in each of the three global regions (Americas, Europe, Asia). These AI clusters are collecting large amounts of information regarding switch traffic and performance, tracking traffic from each application and user.  (This has required us to migrate several thousand switches to Catalyst 9000 models, which act as sensors to stream telemetry data to the Cisco DNA-C for analysis.) Like any AI tool, Cisco DNA-C benchmarks normal behavior and performance.  It identifies when performance is degrading and consults over a hundred common Cisco IT network issues. If it finds the right pattern, it will alert a network engineer, point out exactly where in the network path there is a problem, and recommend a solution based on that pattern.  The central Cisco DNA-Controller can then automatically make recommended changes to all relevant network devices.

We’ve found the Wireless Assurance part of Cisco DNA-C to be extremely helpful.  It can stitch together the path of a person walking across the building floor, connecting from one Access Point to the next, and see exactly where and when their voice or video session starts to run into problems, as well as identifying where in the client device, access point or wired network the problem root cause might be.  If it matches one of the hundred-plus common issues, it will recommend a fix and walk the network engineer through that fix.

Data Center Management


Identifying change management problems before they happen, and recommending solutions 

AI tools similar to the networking tools described for WAN and LAN are also at work in the far more complex environment of the data center.  With thousands of different sets of application performance and security policies in place, enforced by the virtual overlay fabrics across ACI, it’s not easy to deploy new application policies without issues.  Cisco Network Automation Engine (CNAE), a new AI tool, will automatically check for new policy conflicts among the millions of different potential connections to see where issues might arise, and recommends different policies to achieve the desired outcome.  This keeps application security and performance at a maximum, with minimal provisioning delay due to misconfiguration anywhere in the data center.  Cisco IT is running CNAE in the largest of our 3 ACI-fabric data centers today.

Cisco Certifications, Cisco Guides, Cisco Learning, Cisco Study Materials, Cisco Tutorials and Materials

Marketing


Identifying the “next best action” for customers who visit our website

Our small and medium business customers generally do their product research on cisco.com. Over the years we’ve experimented with various ways to follow up with web visitors. Email or phone follow up isn’t particularly effective and can seem like spam.

Now we’re using AI to discover the next best action based on the customer’s business need and previous interactions. Working with our Marketing Analytics team, we built a platform that collects and analyzes information from cisco.com and Salesforce to find out how customers were contacted, what content they were given, and whether the action successfully moved the customer up the sales chain (for example, inspiring them to reach out to us, watch a product video, place an order, etc.) As a result, we now know which customers are likely to respond to certain types of contacts, and at what point in the purchase decision. Preliminary results from 25 pilots in 7 countries are very strong: 4 times better customer response rate, 7-10 times fewer outbound communications that don’t result in a response, and lower costs. Even better, we’ve seen that the longer we tune the data, the better the response rates over time.

Contact center


Improving the customer journey

Our contact center is one of the most prolific users of AI. A few examples:

◉ Self-service for callers and agents. Cisco IT worked with the contact center team to build Cisco Answers, an AI-driven knowledge tool.

◉ Intelligent routing: When customers contact us via voice, email, or chat. we use AI to predict what they need, and then connect them to the best available agent with the right expertise. First-call resolution and customer satisfaction have both improved.

◉ Business insights from recorded customer calls. Like a lot of companies, we record contact center interactions for agent training. These recordings are also a gold mine of information for marketing, product development, and more. With close to 100,000 of calls/day, a human couldn’t keep up—but AI can. We’ve started using Verint speech analytics to discover trends in our recorded contact center interactions. For example, if we see a spike in the phrase “software defined” in communications with people in a certain region, we might step up our marketing programs for Software Defined Networking in that region.

Supply chain


Optimizing inventory stores by predicting demand

Other grassroots AI projects are cropping up all over Cisco—in sales, marketing, supply chain, and others. Take supply chain. The Cisco server you order today probably isn’t built yet because we use just-in-time (JIT) manufacturing. To make it work, we need the right components on hand, just when we need them. The more accurately we can predict demand a month or two out, the less risk that we’ll under order something like chips, delaying shipment—or over order, tying up capital and creating the risk of loss or damage. It’s looking like AI will help us reduce inventory requirements for UCS server memory chips by a factor of ten.

Saturday, 11 May 2019

Cisco and F5 Team Up to Address Continuous Deployment Integration Challenge

Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism across F5’s entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations, in addition to network and systems administration expertise. Prior to joining F5, MacVittie was an award-winning technology editor at Network Computing Magazine, where she evaluated and tested application-focused technologies including app security and encryption-related solutions. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University, and is an O’Reilly author. MacVittie is an Advisory Board Member for CloudNOW.

Most of us are familiar with Newton’s Laws of Motion. The Third Law is about actions and reactions. The Second Law provides the mathematical formula for determining force. And the First Law describes motion and forces acting upon it.

But most are unlikely to know Newton’s First Law of DevOps. That’s probably because I made it up. Regardless, it holds true and is based on solid Newtonian physics.

Cisco Certifications, Cisco Guides, Cisco Study Materials, Cisco Learning

The unbalanced forces acting upon application deployments are processes in the continuous deployment pipeline. The disparity in continuous deployment efforts can be seen in the varying degrees to which organizations have automated processes across the core IT concerns of security, network, application services, and app infrastructure. There are several sources of this stop and go, manual and automated mixture of deployments in the enterprise.

One of these unbalanced forces is the siloed nature of enterprise IT. Nearly half of all IT (46%) is still operating in single-function style teams. This includes smaller silos inside of larger silos with each team responsible for focused areas of IT. Security, for example, might be siloed into smaller teams that focus individually on firewalls, application security, and compliance issues. Automation and orchestration of specific services might be available within some areas, but not others.

This causes delays when teams encounter manual processes that require human interaction.

Some of these delays are caused not by manual processes, but by lack of integration across toolsets. Deployment of security services might be automated, deployment of load balancing might be automated, but the tools through which those processes are automated might not be integrated, leaving gaps in the continuous pipeline. That challenge is frustrating, as it causes a delay while a manual handoff occurs between automated systems. More than one-third (36%) of respondents to our annual State of Application Services report noted lack of integration across vendor toolsets as the most frustrating or challenging aspect of network automation. That lack of integration makes it cumbersome to orchestrate an end-to-end continuous deployment.

The good news is that integrations are continuing to evolve to address that obstacle thanks to solutions like Cisco ACI App Center.

Cisco ACI App Center


Cisco ACI App Center, if you aren’t familiar, is an open and programmable infrastructure sporting an open API. It enables deployment of a wide range of services and acts, as a sort of infrastructure deployment app store for the enterprise. Partners, customers, and community solutions are available.

And now it includes the F5 ACI ServiceCenter. Through a supported integration, we’ve teamed up with Cisco to provide L4-L7 (application services) capabilities within Cisco’s APIC environment. This gives joint customers the ability to deploy a full complement of application services, such as Advanced WAF and DDoS protection, as well as supporting network stitching, and enabling full-stack visibility.

Cisco Certifications, Cisco Guides, Cisco Study Materials, Cisco Learning

F5 ACI ServiceCenter will make it faster and simpler for customers to deploy and consume F5 application services. We’ve moved to a declarative interface that reduces the time and effort required to automate deployment pipelines, but that doesn’t mean we’ve reduced capabilities. F5 ACI ServiceCenter still enables the same programmable extensibility that customers have come to rely on from F5 to optimize and secure their applications.

Multi-Cloud Challenges Addressed


One of the reasons we continue to partner with Cisco, is the vision we share of supporting any app, anywhere. Because security, application services, and app infrastructure all depend on those networks, integration with the tools Cisco provides to simplify and speed deployments is one of the best ways to help our joint customers succeed. These integrations address the unbalanced forces that can occur when trying to onboard and provision application services across disparate networks. Being able to automatically configure network-specific characteristics means less delay.

For the enterprise, that means being able to easily deploy application services in a more intuitive, user-friendly experience across multiple environments. Yes, that means public and private cloud as well as on-premises or remote data centers. However, since each environment is unique – with its own network characteristics – integrating with Cisco will improve the onboarding and deployment of application services dependent on those networks. In essence, we’re eliminating an unbalanced force that can put an abrupt stop to a deployment in progress.

Cisco Certifications, Cisco Guides, Cisco Study Materials, Cisco Learning

It’s also important to enable visibility from the network to the application, from L2 to L7. This integration offers just that and enables customers to address one of their top multi-cloud challenges: visibility. Visibility is an integral component of every other capability – from security to availability to performance. Enabling full-stack visibility is a boon to all operational concerns and developers alike. It aids in troubleshooting, shutting down attacks, and optimizing performance.

Continuing to Advance Automation Together


We’re excited to continue to be a part of the Cisco ACI ecosystem, and to bring to customers this new way to deploy and operate F5 application services as a part of the Cisco APIC environment. We plan to expand the availability of F5 application services through the F5 ACI ServiceCenter integration to ensure customers can take advantage of our robust portfolio to ensure the scale, speed, and security of any app, anywhere.

Source: cisco.com