Webex: Create Smarter and More Personalized Meeting Experiences

We unveiled some new, innovative features that automate and simplify steps in the meeting process, so you can make the most of your meeting time. We want to improve the meeting experience for everyone — from the host, to your attendees, and even IT. Our goal is to help make meetings smarter, more productive, and more personalized. Through Cognitive Collaboration, you can gain greater insights and build deeper connections for team collaboration.

Get Profiles About Who You’re Meeting

One way we are making meeting smarter is with People Insights which helps you quickly learn about anyone in the meeting. We announced People Insights in March and it is generally available to customers this month for the desktop app, mobile app and web page. I like this feature because it saves me from having to spend hours doing Google searches and scouring the Web for other sources of information. It works by creating a rich, dynamic profile of everyone who joins your meeting and displays that information in the Webex Meetings participant panel. Meeting participants can edit the information that’s displayed about them through the settings page. Things like photos, bios, news articles, social links, and directory data (if you are in the same company) are aggregated and available for quick viewing.

Put a Name to Every Face in the Meeting

Another way we are making your meeting smarter is with the use of facial recognition. When you use a Webex device for your meeting, the system scans the faces of anyone showing up on the video and is able to not only calculate also but identifies participants by name. It starts with a profile picture that meeting participants submit on the settings page. The Webex device then logs the picture and gives it an identifying number, which represents the participant. When you’re in a meeting, the system will scan the faces of meeting participants and use the same algorithm to calculate an identifying number for the participants. The information is encrypted and then matched against the numbers stored.

Never Miss an Action Item From the Meeting

Transcription in Webex Meetings is another feature. I use it when I need to recap what was said in the meeting or follow up on critical action items. It works by using natural language processing to deliver high-quality transcripts of your Webex Meeting recording. When you record a Webex Meeting, a transcription is saved and will appear during recording playback. You can search for text in the transcript to verify what was said, and when. All I have to do is search the recording for keywords – like my name, for example – and I can quickly review any actions assigned to me or my team.

Deeper Integrations and Interop with Your Collaboration Workflow Tools

At Cisco, we are always looking for ways to build bridges between Cisco and other collaboration solutions you may choose to use every day. That’s why we’ve upped the ante on interop too, by offering more integrated and intelligent experiences with 3rd party tools, from Microsoft, Google, Jira, and Zapier in this latest release.

For example, we improved sharing content in Webex Meetings from within Microsoft Office apps. And starting Personal Meeting Room (PMR) and recording notifications within Microsoft Teams has never been easier. The Microsoft O365 add-on recognizes meetings scheduled from Exchange for automatically synching schedule changes.

We’ve also added improvements for G-Suite users in phase two of our integration work with Google. Important features like scheduling your PMR and ad-hoc meetings, as well as advanced settings like templates, alternate hosts, audio type, and call-in details are available in the add-ons framework. Check them out soon in the Webex meeting settings, inside the Google Calendar interface. In addition, we are now integrated with Google home devices so now you can ask, “Google, what’s my meeting schedule today” or “please play my recording.”

Improve User Management for IT

And we can’t forget IT, an important persona in improving workplace experiences. We’ve made some additional improvements to Webex to help IT manager and make the most of the Webex management experience.

We expanded global audio coverage so more people can dial into Cisco Webex Meetings seamlessly through the public switched telephone network (PSTN). Your users now have access to the broadest global PSTN coverage of any other web conferencing provider, covering nearly 200 countries across all audio plans. This global coverage expansion allows you and your meeting participants to join with PSTN audio from more countries than ever. This increase represents 11 new countries included in our base Webex Flex Meetings offer at no additional cost, and the remaining countries were added to our usage audio offer for additional toll and toll-free coverage.

Last but not least, Webex Control Hub is a single pane of glass that give IT not just diagnostics, but also the ability to manage users and services. You can drill down on analytics at the individual participant level for detailed, continuous analytics on how an end user’s device is behaving or look at usage to determine whether or not certain services are
valuable or need further investment. In this management portal, you can also provision, administer, and manage Cisco Webex services and Webex Hybrid Services, such as Hybrid Call Service, Hybrid Calendar Service, Hybrid Directory Service, and Video Mesh.

These are just some of the ways we are improving the meeting’s experience.

Continue reading

Cisco AI Network Analytics: Making Networks Smarter and Simpler to Manage

Enterprise networks generate a lot of data. A lot. Imagine a network with 6000+ access points, 10 wireless controllers, a data center, dozens of branch offices, and over 10,000 roaming wireless devices covering an area the size of a small city. Every AP collects telemetry on its operating environment, radio performance, interference statistics, and the identities of devices that are connecting to them. The SD-WAN fabric connects distributed branch offices and remote workers to cloud applications and data center resources, managing thousands of connections and traffic flows over the course of a work day.

Trying to manually analyze and troubleshoot the traffic flowing through thousands of APs, switches, and routers is a near impossible task, even for the most sophisticated NetOps team. In a wireless environment, onboarding and interference errors can crop up randomly and intermittently, making it even more difficult to determine probable causes. How long does it take for devices to onboard as they are carried from segment to segment? Is taking 5 seconds to connect to an AP satisfactory or unacceptable performance? Is onboarding time consistent regardless of device density or does it vary unpredictably? How do you measure and compare application performance from SaaS providers to distributed branch offices and remote workers?

The irony of having mountains of telemetry and activity logs awaiting analysis by overworked IT teams is that there is too much noise from too much data for humans to deal with in a timely manner. Machine learning (ML) and applied artificial intelligence (AI) automates the analysis of trillions of bytes of telemetry, radio fingerprints, and network access points to uncover patterns in the chaos, and turn the findings into actionable insights or automated mitigation actions. Where is the nexus of AI/ML for enterprise network analytics? In the Cisco DNA Center and the Cloud.

Cisco AI Network Analytics in the Cloud

For years now, Cisco has been integrating AI/ML into many operational and security components, with Cisco DNA Center the focal point for insights and actions. Now we are adding new capabilities with Cisco AI Network Analytics in the Cloud. AI Network Analytics collects massive amounts of network data from Cisco DNA Centers at participating customer sites, encrypts and anonymizes the data to ensure privacy, and collates all of it into the Cisco Worldwide Data Platform. In this cloud, the aggregated data is analyzed with deep machine learning to reveal patterns and anomalies such as:

◈ Highly personalized network baselines with multiple levels of granularity that define “normal” for a given network, site, building, and SSID

◈ Sudden changes in onboarding times for Wi-Fi devices, by individual APs, floor, building, campus, and branch

◈ Simultaneous connectivity failures with numerous clients at a specific location

◈ Changes in SaaS and Cloud application performance via SD-WAN direct internet connections or Cloud OnRamps

The Worldwide Data Platform leverages a growing knowledgebase of over 35 years of Cisco engineering problem resolutions and AI-derived insights. As patterns are discovered and anomalies uncovered in the diverse ocean of data, alerts with correlated information—such as physical locations, histories, possible causes, and potential remedies—are sent to the corresponding Cisco DNA Centers for evaluation and action by NetOps.

AI Analytics Provides Visibility, Insight, and Action

The AI processes in the cloud perform the logical troubleshooting steps that a network engineer executes to resolve problems, but much faster and against a much larger data set than humans’ can handle. In large campus networks and remote branch offices, the number of alerts and false-positives for minor to major issues can come fast and furious at times, making triage the first step for NetOps teams. The AI processing helps triage issues by categorizing them according to severity, location, number of affected devices, and the ability to automatically remedy a subset of issues. As a result, NetOps can focus on high-priority alerts instead of hunting through a blizzard of data for disruptive problems. Cisco AI Network Analytics and DNA Assurance provides visibility, insight, and action for resolving network issues and improving performance.

Visibility into Personalized Baseline Behavior

Using machine learning to determine a baseline range for network activity—error rates, onboarding times, application performance, for example—helps spotlight relevant deviations in behavior that impact network availability. Once a personalized baseline is established, NetOps can measure performance over periods of time to determine the effects of network design changes, adding devices, changing segmentation, and adding SaaS application connections to distributed branches. A baseline enables NetOps to focus on significant anomalies rather than the noise of minute-to-minute deviations, saving time and resources for IT projects that add value.

Insights Gathered From Around the World

With a baseline of normal network operations established, Cisco AI Network Analytics examines abnormal behaviors to pinpoint specific issues and their root causes. A knowledgebase of engineering experience—accumulated by Cisco over decades of network monitoring and troubleshooting—works with the patterns and anomalies uncovered by ML in the Worldwide Data Platform to prescribe actions to fix issues. Workers in a remote branch office that are taking longer than the normal baseline to onboard, for example, trigger an alert in Cisco DNA Assurance, along with potential remedies, enabling NetOps to take proactive remediation steps before the delays impact productivity and customer experience.

In IP networks, a problematic event is often preceded by a benign event or series of events. Using the Proactive Exploration features of AI Network Analytics, NetOps can, for example, be forewarned of increases in Wi-Fi interference, network congestion, and office traffic loads. By learning how a series of events are correlated to one another, system-generated insights can help foresee future events before they happen and alert IT staff with suggestions for corrective actions. These insights can recommend changes to Wi-Fi, switch, or application configurations that will improve system performance and user experience, improve issue relevancy, and accurately identify trends and root causes.

AI Network Analytics can also compare activity and patterns among, for example, branch offices, to determine “normal” activity and pinpoint performance issues pertaining to individual sites. Since all the data in Worldwide Data Platform is anonymized, Cisco AI Network Analytics can securely compare a campus network’s performance against other sites of similar size and configuration, helping to identify opportunities for network upgrades while optimizing IT spending.

Action and Guided Remediation from Expert Knowledgebase

Insights lead to action with guided remediation suggestions resulting from the fusion of machine pattern recognition and AI-derived workflows from the engineering knowledgebase. Events similar to those that have occurred in other enterprise sites provide possible solutions that have previously resolved analogous issues. This demonstrates the value of leveraging the Worldwide Data Platform and ML to capture issues that crop up sporadically in networks all over the world and resolve them quickly and efficiently.

Note that participating in the Worldwide Data Platform is optional when using Cisco DNA Center, but will result in more limited capabilities. Even though all data received from customer DNA Centers is anonymized, and each customer has a unique private key for decryption, not participating in the Worldwide Data Platform is an option for organizations that have privacy and compliance issues that limit data sharing.In

Intent-based Networking is Smarter and Simpler to Manage with AI Network Analytics

Cisco AI Network Analytics, within Cisco DNA Center, adds another layer of intelligence to Intent-Based Networking, making networks even smarter, simpler to manage, and more secure. Integrating decades of Cisco network engineering experience into the AI Network Analytics platform to continuously analyze network operations and deviations leads to faster problem resolution and thus greater IT efficiency. By identifying the most relevant optimization opportunities for each customer’s unique configuration and usage patterns, IT resources can be allocated to high priority projects providing the most benefit instead of chasing minor fluctuations in network performance.

Cisco will continue to add AI and machine learning to bring simplicity and security to enterprise networks of all sizes and shades of complexity. The more telemetry, operational statistics, and security threat indicators flow into the Cisco Worldwide Data Platform, the more value enterprises using Cisco DNA Center will gain.

Continue reading

F5 ACI ServiceCenter App Pushes the Envelope in DC Networking Automation

Introduction

In tune with changing technology trends, our data center customers are increasingly adopting a solution-focused approach, instead of a point product one, for managing and monitoring their Data Center operations. This trend is very much pronounced with intent-based networking technologies, such as ACI, that provide customers a cloud-like experience with their on-prem infrastructure. A very understandably popular request from our customers – and this was heard loud and clear in our most recent Cisco Live EMEA – is to consume networking and application-delivery services together as a cohesive solution. With the goal to enable customers to do just that, Cisco and F5 have collaborated on a F5 App for the Cisco ACI App Center.

Today, I am pleased to share with you my thoughts on this newly designed F5 ACI ServiceCenter App, a multi-function and operations focused solution, covering its key L2-L7 operational use-cases. You’ll be able to see how customers can leverage its capabilities combined with the speed and flexibility of its host, the ACI App Center.

What does this mean?

Customers want a native ACI solution and a single point of automation and visibility for L2-L7 infrastructures. The F5-ACI App represents a strategic and new directional transference from the erstwhile device-package based integration approach. Centered around ease-of-use and customer experience, this App is quick to install and intuitive in its design flow for the end user. This forms the basis for the design innovation of the F5-ACI App addressing flexibility without compromising features, domain expertise, or ease of use.

F5 ACI App – Key Use Cases and Value Proposition

F5-ACI App – Use Cases

1. Enhanced Visibility across Cisco ACI and F5 BIG-IP
(correlation of APIC components and BIG-IP configurations)
2. Configure network connectivity between ACI and BIG-IP
(deploy ACI-to-BIGIP L2-L3 connectivity)
3. Provision application services on BIG-IP from App UI
(use pre-defined json files to push custom configuration from App-to-BIGIP)
.

F5-ACI App – Key Benefits

1. Native and easy deployment from ACI App center
2. Operational model alignment with ACI and F5 users
3. Applicability to “Brownfield/Greenfield” user deployments
4. Consistent with F5’s overall approach towards automation leveraging a declarative automation approach through AS3 from the F5 Automation Toolchain

We are committed to a robust roadmap evolving the App to address the strong demand of this integration by our customers. This is a phenomenal milestone – two industry leaders collaborating to enable our customers with success and cutting edge, yet simple, technology.

Continue reading

Security Analytics and Logging: Supercharging FirePower with Stealthwatch

When we consider network threat detection, most of us immediately think of signature and rule-based intrusion detection and prevention systems (IDPSs). However, it is a little discussed fact that the very first intrusion detection systems, built back in the ‘80s, were actually based on anomaly detection!

Those pioneers understood that with the presence of zero-days and the lack of exhaustive black-lists, we needed to use the full range of analytical techniques at our disposal to be effective.

Those anomaly detection roots may not be so evident in today’s IDPSs however they were not totally lost. In fact, a whole new branch of network threat detection systems were developed that used those very same anomaly detection techniques. That heritage manifests itself, today in so-called Network Traffic Analysis (NTA) tools.

While IDPSs have made detecting the initial intrusion in the packet stream their relentless focus, NTA systems take a very different approach. They generally work on metadata generated from the network, often called network flows, so they can expand our scope of analysis in both time and space to become essential in post-breach analysis, incident response, and even threat hunting situations.

Well Cisco has arranged a family reunion!

We are proud to announce the combination of our best-in-class IDPS and NTA products, Cisco Firepower and Cisco Stealthwatch. The Security Analytics and Logging (SAL) solution brings the best of perimeter-based protection and detection with the power of visibility and security analytics over the entire network. We believe we have created the most comprehensive network-centric threat protection, detection, and response solution – something that only Cisco is in the position to achieve.

Raising the bar on Network Security

It is very well understood how IDPSs are effective in security protection: blocking activity that can be identified as a threat or violates some policy. However, we accept that threats still get through and that is why IDPS have robust rules-based detection engines based on content-inspection.

But what do we do with all these detections? What if the traffic cannot be inspected? What if decryption is not an option? What if the threat is spreading internally?

Security Analytics and Logging service is specifically designed to augment your Cisco Firepower deployment with security analytics, from the Stealthwatch Cloud platform, to drive improved threat detections and provide the insight needed for more effective protection.

It All Starts with Visibility

The foundation of the solution is the aggregation of the connection and detection logs from Cisco Firepower with the network flows that the Stealthwatch platform collects. Just think about that. A dataset that gives us unprecedented visibility into the entire breadth of your network from perimeter to access, from campus to branch. But that’s not all! That “general ledger” not only contains all the header-based metadata, but now also includes all the metadata and inferences derived from all the deep content-inspection the Cisco Firepower engine provides.

Now you might be thinking to yourself, “there are plenty of tools I can use to gain this type of visibility.” However, in practice the sheer volume, velocity, and variety of the data can lead to staggering costs. The Stealthwatch team has made working at these scales our speciality and because our back ends are optimally engineered for the security outcomes we desire, we can offer this visibility in a much more cost-effective manner.

Security Analytics Driving Rapid Response

With all that visibility comes the opportunity to apply security analytics that can detect breaches that have bypassed the content-inspection based rules at the perimeter.

The security analytics powered by Stealthwatch can achieve this by baselining normal behavior of endpoints on the network in a process we call entity modelling. These models are then used to detect malicious activity based on any changes in behavior and indicators of compromise. The Stealthwatch engine can then combine these observations with others that may come from other parts of the network or even the detection engine in Cisco Firepower to create reliable and useful alerts.

Through this, you get detection of internal and external threats based on the analysis of network telemetry and IDPS logs, all from within Cisco Defense Orchestrator (CDO) and from that same interface, you can modify your network-wide policy to immediately deploy a remediation strategy. In addition, CDO is fully integrated with Cisco Threat Response which allows you to build incident casebooks and drive response actions across the whole of the Cisco security portfolio.

Closing the Loop: Improving Protection through Policy Tuning

Up until now, I have discussed the during and after phases of an attack but with SAL we can close the loop and reason more effectively about the before phase. In this phase we, as security practitioners, try to understand what is actually on our networks and what activity is to be allowed or blocked.

We express this intent through policies that enshrine both threat defense and compliance considerations. But designing and managing these policies across an increasingly complex digital business has historically been a major challenge and can leave many organizations vulnerable to attack.

The insight that it brings to the game drastically improves the way you can make policy decisions from within CDO. Through this capability you can query the logs collected from Cisco Firepower devices to play out what-if scenarios and validate the correct behavior of the policy at the enforcement point. In addition, the extended visibility of the rest of the network that the Stealthwatch platform provides can even allow you to determine if traffic is bypassing your enforcement points.

You can then turn around and deploy these highly tuned policies across the entire portfolio of security products right from within CDO! This is an entirely new paradigm that is required to not only scale with your growing network but also help you seamlessly manage policies across your environment powered by intelligence and insight.

Through this, you get detection of internal and external threats based on the analysis of network telemetry and IDPS logs all from within Cisco Defense Orchestrator (CDO) and from that same interface you can modify your network-wide policy to immediately deploy a remediation strategy.

Continue reading

20 Years of Wireless with the Wi-Fi Alliance

In 1999, the idea of connecting to a network wirelessly was mostly a dream. The only device one might want to connect was a laptop, and they were generally expensive and often restricted to the executive suite in larger enterprises. But 1999 was also the year that the IEEE 802.11 Working Group approved the IEEE 802.11b standard, the technological base of Wi-Fi.

However, the mere existence of a standard written by a bunch of smart engineers is rarely sufficient to ignite a revolution. Wireless technology needed a savvy champion, an industry organization to market the technology to the world and ensure it really works in the hands of users. Aironet (acquired by Cisco in 1999) was one of six companies to recognise this need and co-founded the Wireless Ethernet Compatibility Alliance (WECA), also in 1999.

The WECA took on two vital tasks immediately: to ensure the technology really worked in a multi-vendor environment, and to find a better name, one that would resonate around the world. It succeeded in both.

In 2000, WECA changed the name of its technology from Wireless Ethernet to Wi-Fi. Today, the Wi-Fi label is recognized across the globe and Wi-Fi is so valued that, according to at least one survey, people would rather give up beer or their morning coffee than their Wi-Fi.

Technical diligence

In 2000, the newly renamed Wi-Fi Alliance issued its first interoperability certification for an IEEE 802.11b product, operating at 11Mb/s. This certification was the first of over 45,000 product certifications over the next twenty years. As Wi-Fi technology has expanded, Wi-Fi Alliance certifications have kept users confident that their devices will work with products from other vendors. In 2019, users can be sure of interoperable, reliable and secure Wi-Fi access using the latest IEEE 802.11ax standard (now branded Wi-Fi 6) at rates of up to 5 Gb/s.

In the early years of the Wi-Fi Alliance, it was not always clear that Wi-Fi was going to become the dominant wireless access technology. It certainly was not pervasive. I recall IEEE 802.11 Working Group meetings in 2001, where most engineers designing standards for the next generation of Wi-Fi did not even have Wi-Fi access on their laptops; during Working Group meetings we often had to borrow Wi-Fi cards from a big box at the front of the room.

Today, the idea of a laptop not having perfectly-working Wi-Fi connectivity built-in is alien. Every laptop has Wi-Fi, as does just about any device that generates or uses data. Over 30 billion devices have been made with Wi-Fi, from security cameras in homes to badge readers in enterprises to entertainment systems in cars, industrial sensors, and, of course, mobile phones. There are so many devices using Wi-Fi that by 2022, Cisco’s Visual Networking Index forecasts more than half of all global IP traffic will access the network using Wi-Fi. Unfortunately, this traffic includes my Wi-Fi enabled bathroom scale, telling the cloud each morning that I really should do more exercise.

Challenges along the way

Wi-Fi is not perfect and never will be, but the Wi-Fi Alliance has provided a forum for ongoing development and improvement. For example, a flaw in Wi-Fi security was revealed in 2001 in the form of the WEP Debacle, in which it was shown WEP actually provided very poor security. It was almost a death sentence, because Wi-Fi without security is close to useless. Fortunately, the whole Wi-Fi ecosystem, led by the Wi-Fi Alliance, quickly pulled together and defined WPA (as a temporary solution) and then WPA2 (as a solution that has lasted more than 15 years) to ensure Wi-Fi had appropriate security to meet users’ needs. Of course, you can never take your eye off the ball with security. The Wi-Fi Alliance has continued to promote improvement, most recently with the release of WPA3 (with significant leadership from my Cisco colleague, Stephen Orr).

The Wi-Fi Alliance does not always get it right in its certification programs either, but every experience improves the process, and some “failures” hold the keys to future success. The Wi-Fi Direct certification for peer-to-peer communications was technically successful, in terms of the number of certifications, but the technology didn’t see widespread use. The Wi-Fi Alliance has not given up on peer-to-peer communications, though. Instead, it has learned from the experience;  there are great hopes that the recently introduced Wi-Fi Aware certification will better meet user’s needs.

The WiGig program for 60GHz access is another example where the Wi-Fi Alliance continues to persevere. This activity started in the Wi-Fi Alliance back in 2010. WiGig is still not yet successful, but it represents a significant opportunity for new spectrum and new use cases. The Wi-Fi Alliance’s ongoing work and perseverance means it is an opportunity that still has an excellent chance of being fulfilled in the near future.

Despite the Wi-Fi Alliance’s “learning experiences” over the years, the key point is that Wi-Fi has been successful because it has always fulfilled a promise to enable anyone, anytime, anyplace to construct a cost effective solution to solve real user’s problems. And the problems Wi-Fi solves are evolving. In 2000, the problem was connecting a laptop. Today, it is connecting anything to everything in homes, enterprises, factories, transport and public spaces.

The key to fulfilling this promise has been the Wi-Fi Alliance members’ cooperation across the Wi-Fi ecosystem. The Alliance is a forum for making sense of the alphabet soup of standards from the IEEE 802.11 Working Group, and for developing additional specifications as necessary. It’s also the primary forum for bringing vendors together to ensure interoperability of basic Wi-Fi technology as it continues to develop.

Proud to lend a hand

Cisco is proud to have played a role in the Wi-Fi Alliance since 1999. The company has been a driving force in the Wi-Fi Alliance from the very beginning, as a Sponsor member influencing its strategic direction and as a participant in Task Groups and Interoperability Test Beds. The Wi-Fi Alliance has a provided a basic interoperable Wi-Fi platform for Cisco to provide innovative features that meet the particular needs of our customers; features including Cisco Compatible eXtensions (CCX), controllers with coordinated Access Points, Cisco CleanAir® interference detection and mitigation, location based solutions such as Cisco DNA Spaces, Application Visibility & Control, Hyperlocation, Flexible Radio Assignment (FRA) of dual 5 GHz radios, Software Defined Access, and Intelligent Capture and real-time telemetry. In many cases, Cisco has contributed our proven features back into the Wi-Fi ecosystem, ultimately with certification by the Wi-Fi Alliance.

After twenty years, the global economic value of Wi-Fi is almost $2 trillion per annum (as of 2018). However, it is not the only globally-used wireless data network. Many claim that cellular data, in particular 5G, will take over from Wi-Fi in several key market segments. But Cisco don’t see this as a game with only one winner.

Cisco project that both Wi-Fi and 5G will succeed, and in fact strengthen each other’s success. Wi-Fi will continue to grow to meet the needs of the local area (in unlicensed spectrum), and 5G will meet the needs of outdoor, high speed needs (mostly in licensed spectrum). They will be better together – especially if users can move between the systems smoothly.

To help bring that vision to life, Cisco recently introduced OpenRoaming, building on the Wi-Fi Alliance’s Passpoint certification, which will allow users easy and secure access to Wi-Fi networks globally via a cloud-based federation of access networks and identity providers – including mobile carriers.

I am proud to have been personally involved with the Wi-Fi Alliance since 2003, most of that time on the Board of Directors, including as Chair of the Board from 2006 to 2011. I participated in its 10 year and 15 year anniversary celebrations, and now its 20 year anniversary. I look forward to watching Wi-Fi continue grow and develop in the future under the guidance of the Wi-Fi Alliance.

Continue reading

Driving Simplicity and Convenience for our Customers and Partners

At Cisco, one of our guiding principles is simplicity and convenience for our customers and partners. We believe that seeking and ingraining feedback in the future design and roadmap is a key factor which enables us to continually improve our products and solutions to solve real customer issues. In that vein, we received important customer feedback in three critical areas.  Here is what you told us:

1. You want to see all of your purchases in a single view. Without full visibility into what you own and what you are using, your organization could fall prey to significant legal, financial and operational issues. Legal issues like software compliance and audits.  Financial issues such as over or under purchasing or ineffective contract negotiations. And operational issues such as poor utilization of hardware and entitlements or expired service and support contracts.  It is difficult, if not impossible, to properly manage what you can’t see.

2. You need to be able to easily view and control who has access to service transactions and data. IT Administrators need to be able see and manage who has access to what, at any given time. Roles change, people move in and out of an organization, projects start and stop. Admins need instant access and control to generate or re-host licenses, manage user roles, and be able to quickly turn off access to critical network assets and entitlements when needed.

3. There are too many tools and processes, along with multiple, uncoordinated touch points.  Network infrastructures are getting more and more complex every day. With more tools, more portals, more subscriptions, more services, you need a solution that will consolidate all of the touch points and connect the dots for you.

Your feedback drove a new solution

My Cisco Entitlements (MCE) is a new, secure, user-friendly solution to manage assets and entitlements including technical support, software upgrades and downloads – all in one place, on one platform. MCE provides complete end-to-end IT infrastructure transparency. Building on the power of Cisco Smart Accounts, it brings visibility and control together on one platform that provides access to all Cisco services, subscriptions, licenses, and devices throughout their lifecycle.

No more portal hopping

With MCE you can now view everything in one place, instead of many. Real-time insights provide a forward view into products and services along with activation and utilization metrics.

A streamlined dashboard provides a customized view based on pre-selected filter choices. You can instantly obtain status on your systems and equipment, location of components, asset warranty, expiration dates, and more.

The flexible MCE platform provides the ability to:

◈ Filter, sort, export, tag and organize assets and entitlements
◈ Assign assets to Smart Accounts/Virtual Accounts
◈ Open a new support case
◈ Request software version upgrades on the fly

Providing insight into critical IT questions

IT managers and network administrators are confronted daily with questions that directly impact their organization’s investments. Questions like:

◈ Are we fully optimizing the utilization of our existing assets and entitlements?
◈ Do we need additional or fewer services, subscriptions, licenses, or devices?
◈ What is nearing expiration or approaching end of support?

MCE provides valuable and actionable insights and answers to these important questions. For instance, MCE can proactively identify what’s at risk and the changes required to optimize an organization’s investment to its maximum potential. Dashboards and filters show usage metrics as well as service and support contracts that are near expiration.  Additionally, an organization’s investments are protected with secure and consolidated user access management using MCE.

We’re not done yet.

In the future, MCE will offer self-service MACD (Moves, Adds, Changes, and Deletes) on assets and entitlements. It will be the unified entry point to access all of your Cisco products and services entitlements such as rehosting licenses, requesting an RMA, and registering products and services. Features such as device management APIs, customizable and actionable notifications and alerts, and legacy licensing capabilities will all be standard.

While this is a giant leap in the right direction, we are not done yet. We will continually strive to build upon the platform and deliver more value, insights and capabilities for our users. We appreciate the partnership and the straight talk with our customers and partners, which has enabled us to bring together this unique platform.

MCE delivers on our simplicity and convenience for customers and partners ethos and I look forward to sharing more in the future.

Continue reading

MUD is officially approved by IETF as an Internet Standard, and Cisco is launching MUD1.0 to protect your IoT devices

With over 8 billion “things” being connected today, IoT security has undoubtedly evolved from a mysterious buzzword to one of the biggest real threats to our network today. According to Gartner, over 51% of survey respondents believe that cybersecurity is the number one technology-related challenge for IoT deployment.

Overwhelmed by the countless number of IoT security comments and stories, let’s try to demystify this seemingly complex concept. To begin, let me ask you three simple questions: What types of IoT devices are connected to your network? What behaviors are appropriate for these IoT devices? Is there an industry standard to follow while connecting these IoT devices? If you don’t know the answers to these questions yet, that’s when we say the IoT security risks are probably right around the corner staring at you.

What is MUD?

To answer the above three questions, Cisco has been working on a solution known as Manufacturer Usage Description (MUD) to arm IoT security with you.

The key idea of MUD is to facilitate device visibility and segmentation by allowing your network administrators to effortlessly identify the type of IoT device and define the corresponding appropriate behaviors for that device. To do this accurately, we are introducing a participant to the conversation: the manufacturer. IoT manufacturers are able to disclose to us what their devices are, and what network policies they need for the devices to correctly function.  This whitelist statement is something that customers can use to deploy access policies in their own networks without any guesswork.

As shown in Figure 1, an IoT device first sends out a pre-embedded MUD-URL to the network devices (e.g. switch & AAA server), through which the MUD-URL will be received by the MUD controller (software). According to the specific MUD-URL, a matching MUD file will be provided from the MUD file server and translated into policy format through the MUD controller, to then enforce the access control list to the device.

Clear benefits to both customers and device manufacturers brought by MUD

If you get the overall idea of MUD so far, you may see that IoT device manufacturers and customers are two key stakeholders in the MUD ecosystem. MUD offers distinct benefits for customers and manufactures:

Benefits to customers:

◈ Automate IoT device type identification thus reducing operational costs

◈ Simplify and scale IoT device access management by automating policy enforcement process

◈ Reduce threat surface of exploding number of IoT devices by regulating traffic and thus avoiding lateral infections

◈ Secure enterprise network through standard-based approach

Benefits to manufacturers:

◈ Improve customer satisfaction and adoption due to reduced operational costs and security risks

◈ Enhance device security through standard-based onboarding procedure

◈ Differentiate device offerings with embedded network-based device security feature

◈ Reduce product support costs to customers by following an easy-to-implement process

In addition to these benefits, we’ve received positive feedback from our partners:

“MUD technology is valuable for Innovative Lighting. MUD technology will enhance our commissioning process by identifying our devices on the network. Furthermore, MUD technology will provide the appropriate access control policy promoting a more secure system. We look forward to working more with Cisco and the MUD technology.”

-Harry Aller, CTO at Innovative Lighting

 “MUD was selected to protect Molex IoT solution against malicious parties. MUD is a relatively simple solution to implement at the device level, light on constrained IoT devices but takes advantage of strong network infrastructure including network switches and authorization server. Our goal to reduce exposure footprint and the overall solution allows us to provide a level of security to our customers that is scalable and flexible at the same time. The ability to whitelist specific devices in the field allows us to lock down the network but also to respond quickly to events that may take place post deployment.”

-Mo Alhroub, Manager of Software Engineering at Molex

MUD is approved as an Internet Standard and released as RFC8520 by IETF

I am delighted to announce that MUD has been officially approved as an Internet Standard by the Internet Engineering Task Force (IETF) and is now released as RFC 8520. Meanwhile, MUD is also part of the NIST Mitigating IoT-Based DDoS project, and an optional component of the Open Connectivity Foundation’s framework now.

MUD 1.0 is ready

Besides the IETF approval, I am also thrilled to announce that we are launching MUD1.0, the first phase of the entire MUD solution. While MUD itself is an open standard, Cisco is pioneering our unique version by leveraging Cisco switch and ISE (Identity Service Engine, a AAA server) as the network devices shown in Figure 1.

In this Cisco MUD1.0 release, we focus on providing device visibility by enabling the IoT device identification inside the enterprise network. As shown in Figure 2, the IoT device sends out the MUD-URL to the switch and then passes it to ISE. The administrators will see the device specific information on ISE UI including the device model, manufacturer, etc. Specifically, MUD1.0 supports profiling IoT devices, creating profiling policies dynamically, and automating the entire process of creating policies and Endpoint Identity Groups. Furthermore, administrators can leverage these profiling policies to create Authorization Policies and Profiles manually for securely on-boarding IoT devices.

To make the sophisticated story simple, through MUD1.0, you would know exactly what devices are coming to your network the minute they are connected. Even more, you can define policies for these IoT devices. Isn’t that amazing?!

With MUD1.0 released, future releases will more fully automate the policy control part. On top of MUD1.0 when ISE receives the MUD-URL to extract the visibility information, the MUD-URL will be passed to the MUD controller (software) which will then go out to the MUD server to get the MUD file and translate the content into policy (as shown in Figure 1). The network devices will then enforce the appropriate policy onto the devices. The whole process will be fully automated. Want more flexibility as well? No worries, we’ve got you covered! Before the automation process, you get the choice to edit the recommended policy as needed.

Continue reading