Sunday, 21 June 2020

Cisco is Identified as a Leader in Aragon’s Globe for Intelligent Contact Center 2020

Cisco Tutorial and Material, Cisco Exam Prep, Cisco Guides, Cisco Certification

Driving Business Growth for Customers with the Intelligent Contact Center


Over the past year, Cisco has been advancing our contact center portfolio to help our customers drive business growth and competitive differentiation.  We’ve launched Webex Contact Center in multiple geographies, and recently introduced Webex Contact Center Enterprise, a robust, scalable, cloud contact center solution that meets the unique and sophisticated needs of very large enterprises.

We acquired Voicea, and quickly integrated new AI-powered agent call transcription capabilities that improve productivity and call wrap-up efficiency through best in class word error rate and transcription accuracy performance. Our second major acquisition was CloudCherry, which resulted in Webex Experience Management, our first experience management SaaS solution that enables companies to do meaningful analyses of their customers’ feedback and journey experiences to improve business outcomes such as Net Promoter Score and customer lifetime value.

We made significant enhancements to our on-premises solutions providing our customers with a simpler way to manage their software licenses, and integration to advanced cloud services such as analytics reporting, call transcription, and customer feedback metrics at the agent desktop – all reducing pain of adoption for cloud services.

We announced the Webex Platform for Contact Center, an open and flexible multi-tenant cloud solution, based on the Webex architecture that is the underpinning of our contact center portfolio and forms the foundation for all future innovations.

Lastly, our AI portfolio grew substantially during the year, with the introduction of a conversational IVR solution, deep integration to Google Cloud Dialogflow, and plans to deliver more AI-based capabilities in the near future.

Identified by Aragon Research


We are thrilled that our portfolio and strategy have been acknowledged again this year by globally recognized industry analyst firm Aragon Research. In their 2020 Aragon Globe for Intelligent Contact Center, Cisco was identified as a leader in its Intelligent Contact Center category.

Aragon Research is an independent research and advisory firm, with decades of experience in helping business and IT executives make more informed technology and strategy decisions.  The Aragon Research Globe is a market evaluation tool that looks beyond size and market share, using those as comparative factors and evaluating a providers’ complete portfolio capabilities. Positioning in the Globe reflects how complete a provider’s future strategy relates to their performance in fulfilling that strategy in the market – a balance of both performance and vision.

Cisco Tutorial and Material, Cisco Exam Prep, Cisco Guides, Cisco Certification

Copyright © 2020 Aragon Research Inc. and/or its affiliates. All rights reserved. Aragon Research and the Aragon Research Globe are trademarks of Aragon Research Inc.

Aragon’s analysis evaluated key areas such as product strategy, performance and execution, and global reach. According to the report authored by Aragon Research lead analyst Jim Lundy: “Cisco, a leader in UCC, has made a series of announcements in 2019 that strengthened its overall focus on contact center, with AI at the center.”

Here are some of the key reasons that we believe contributed to our leadership position:

The Cisco Brand

Cisco’s brand is globally known for its innovation, extensive R&D, open platforms, digital transformation, and for shaping the future of work.  We’re known for our ability to execute in scale for large enterprise contact center deployments, and for our deep familiarity with the needs of enterprise IT and line of business leaders.

Contact Center Installed Base

Over 3 million agents across 36,000 different enterprises are using Cisco Contact Center solutions today, making us a market-share leader for contact centers – number one in North America and number two worldwide. Our customers range from small businesses to very large enterprises across all industries. We have a specialized contact center sales organization and an extensive partner network serving our customers globally.

Focus on AI

We’ve made significant investments in our AI practice through acquisitions such as Accompany, Voicea, MindMeld, and CloudCherry. From those organic capabilities, we have developed a robust set of AI solutions that are powered by our own in-house AI, and through our partnership with Google Cloud, we leverage their Cloud Contact Center AI (CCAI) platform which allows us to accelerate the adoption of advanced AI capabilities to the market.

Flexible Cloud, Premises, and Hybrid Deployment Options

Our multi-cloud approach and flexible consumption model makes it easy for customers to take their first steps to cloud transformation to effectively meet the pain of adoption and scalability issues while enhancing their on-premises investments. Our Webex Platform for Contact Center provides a practical path for every Cisco contact center customer to benefit from cloud agility and continuous delivery of innovative features, while they migrate without disruption over time.

End-to-End Encryption

Cisco has an industry-leading reputation for enterprise security. We continue to invest to make your contact centers more secure, and protect your customer’s privacy and confidentiality. Our products adhere to Cisco’s high-security standards and adherence to quality of service and performance, giving our customers a rock-solid contact center foundation and the peace of mind they expect from a security leader like Cisco.

Overall Unified Communications and Collaboration Capabilities

Cisco stands apart from other contact center providers by focusing on the “big picture” delivering a broad and integrated portfolio in all areas of communications ranging from contact center, messaging, meetings, calling, security, networking, and devices. This allows us to offer tremendous productivity benefits and economies of scale through the integration of key capabilities. These capabilities support a concept we call the Collaborative Contact Center, where front and back-office resources work hand in hand on real-time customer issues. Another example of this is how we are integrating Webex Calling with Webex Contact Center to improve call quality, reduce costs, and ease of solution acquisition.

Saturday, 20 June 2020

Workspaces in Control Hub— What’s in it for you?

Cisco Prep, Cisco Guides, Cisco Learning, Cisco Certification, Cisco Tutorial and Material

Optimize your Workspace Through Control Hub


As announced at Cisco Live, we have introduced a new range of intelligent features in Control Hub under the new Workspaces tab. This will revolutionize the way IT, facilities, and HR work together, making the transition back to the office as seamless and safe as possible.

Control Hub is the single pane of glass management platform that provides administrators a view into their Devices, Meetings, Calling and Messaging environments, all without transitioning to different tools. Administrators have the ability to deep dive into analytical trends or troubleshoot reported issues directly in the platform. On the devices side, Control Hub has mostly focused on technical issues, such as packet loss and jitter. Now, we are expanding that to include what is happening in the physical workspace! By giving visibility into what is happening in the workspace, you will gain deeper insights into emerging and existing trends within the four walls of your workspace. Knowledge is power, and with these new insights, you can make better strategic decisions.

How to Navigate the Workspaces Tab


The first part of this new Workspaces section is the ability to set a “Workspace Type.” You can choose between a plethora of room types, such as “Meeting Room”, “Huddle”, or even “Desk.” This allows for effortless filtering and reporting on different workspace types to easily find trends. For example, if a certain style of workspace is not being adopted, or it is all the rave being spoken about around the coffee machine!

The other new attribute you can add to a workspace is capacity. Now administrators can easily find out their capacity in certain locations or find out if their workspaces are being utilized correctly. If the capacity is exceeded, you will be notified with visual indicators. This makes it easy to ensure you are staying in line with the recommended people counts in different rooms.

Cisco Prep, Cisco Guides, Cisco Learning, Cisco Certification, Cisco Tutorial and Material

Real-Time Utilization and Environmental Data

That leads me to the next new change in Workspaces, and that is the ability to see real time usage of utilization and occupancy directly in Control Hub – no need to refresh! This data is not just limited to showing whether the room is being occupied or by how many people, but it also has environmental data like ambient noise level and sound levels. This data is vital to ensure the workspace is the set up for collaborative success. A workspace with ambient noise above a certain dBA level will impact the quality of the meeting experience, both for in-office and remote participants. No one wants to work in a noisy environment. It is simply distracting!

Cisco Prep, Cisco Guides, Cisco Learning, Cisco Certification, Cisco Tutorial and Material

Let’s say you need to install some acoustic treatment based on the recommendations of our advanced troubleshooting tools to test the reverb of the meeting space. Then it is useful to know whether the workspace is booked for later, so that you can schedule the best time to intervene. We got you covered! You don’t even need to leave Control Hub to view the calendar in a different application – booking information for the next 24 hours is right at your fingertips. For privacy reasons the meeting title won’t be exposed, so no worries there.

Cisco Prep, Cisco Guides, Cisco Learning, Cisco Certification, Cisco Tutorial and Material

These are just some of the changes, all designed to give administrators a better experience and help manage their workspaces and devices more efficiently. With the ability to see data directly on one page, it really is like a virtual cockpit for your workspace!

This is just the start of a journey. We are investing in bringing more tools and metrics of the workspace to the fingertips of administrators, the next thing on our roadmap is bringing historical metrics and APIs to connect to existing workflows.

Friday, 19 June 2020

6 Essential Elements of Your Managed Detection and Response Lifecycle – Part 2

This is Part 2 of our series on developing a managed detection and response strategy. If you missed Part 1, catch up here.

In the first part of this blog, we discussed the growing trend of remote work, how organizations have adapted to new working styles, and how this shift has created new challenges for security operations. We introduced a security operations detection and response methodology created around use cases, examining the first two of six phases – identify and prioritize.

In Part 2, we’ll guide you through the remaining four lifecycle phases: develop, evaluate, deploy, and enhance.

Cisco Tutorial and Materials, Cisco Certification, Cisco Exam Prep, Cisco Study Materials

Develop


As we discovered previously, establishing and documenting a procedure for identifying and prioritizing threat scenarios allows you to maintain rigor and discipline throughout the security operations lifecycle.

Here’s an example of steps SecOps teams could follow when developing a use case:

◉ Step 1: Review and refine the description of the threat and the requirements for addressing it
◉ Step 2: Ensure monitoring tool deployment and configuration
◉ Step 3: Validate data sources
◉ Step 4: Validate context sources
◉ Step 5: Perform a gap analysis against security operations procedures

Evaluate


Once a use case is developed, you’ll need to determine what will trigger a review or reevaluation of its function.   This will help avoid the “set it and forget it” approach that often leads to security operations teams losing sight of the need for this critical part of the lifecycle.

The better approach is to define clear notification criteria, so SecOps teams can ensure each use case stays relevant. This way, when thresholds are met – or when there is a change or update to the available context data – use cases can be reevaluated.

For example, age/duration, changes in compliance, threats, and data security can require a reevaluation of threat definitions, monitoring tools, contexts, validation metrics, and performance – or they could make a use case redundant entirely. Having a clear set of metrics that trigger reviews ensures necessary evaluations are not overlooked.

Deploy


The deployment phase involves the following practical tasks:

◉ Training security operations teams to respond to new alerts with clear actions
◉ Updating and publishing runbooks, ops guides, and process documents
◉ Promoting code through testing, staging, and production environments
◉ Reporting threat validation metrics

Once deployed, use cases must be continuously incorporated into the evaluation and enhancement workflows.

Enhance


Unlike the evaluation phase, fine-tuning a use case is not driven by network or business changes. Rather, it is driven by the evolution of threat tactics, techniques, and procedures, as well as changes in data and context. The purpose of this phase is to provide clear actions and remove any uncertainty.

Like other phases in this lifecycle, a defined process will allow teams to successfully address the rapidly expanding threat landscape.

Elements that could justify a reevaluation include:

◉ Event generation settings, thresholds and metrics
◉ Outputs, such as impact and urgency
◉ Environments leveraging automation
◉ Additional response options

Similar to the previous phase, you need to address operational processes, update runbooks, and provide training to Security Operations Center analysts.

Overlooking these activities or handing them over to operations analysts is a recipe for losing ground in the fast-paced threat landscape. It can lead to analysts being unable to effectively manage the overwhelming number of alerts, and increase the risk of human error, which in turn prolong investigations and increase workloads.

Taking a disciplined approach to structuring responsibilities and expectations for your teams will ensure continuity, while supporting the continued growth and maturity of your security operations program.

Learn from the experts


If you don’t have the resources to keep pace with the evolving threat landscape and manage security operations comprehensively, consider a solution like Cisco’s Managed Detection and Response (MDR). Our team of security investigators and responders utilize the unmatched threat research of Talos, and proven playbooks to guard your organization’s IT around the clock.

Thursday, 18 June 2020

Webex Cloud-Connected UC: Add the Power of Cloud to Your On-Premises UC Systems

Cisco Tutorial and Material, Cisco Guides, Cisco Certification, Cisco Study Materials

Enabling the Workforce with Cisco Webex Cloud-Connected UC


The last ninety days have transformed business operations, globally. Enterprises are adjusting to the new “work from home” reality and are working around the clock to enable their workforce with the tools they need to be successful. Customers and partners are looking for an easy way to understand how their unified communications usage pattern is changing and how their network is handling the increased traffic load. The need for a single-pane view of business and operational insights is more important now than ever.

This is the first, of a two-part blog series where we will discuss how Cisco is meeting this need, through the introduction of Cisco Webex Cloud-Connected UC, a suite of cloud services that provides global business and operational visibility for our unified communications (UC) customers.

The Unified Communications Landscape


Cisco is the market share leader for on-premises UC, in large part because we have the broadest and deepest UC portfolio. We have helped many on-premises customers migrate their calling and messaging workloads to Cisco cloud offers – Cisco Webex Calling, Cisco Hosted Collaboration Solution (HCS), or Cisco Unified Communications Manager Cloud. For a variety of reasons, many customers intend to continue to operate their UC applications on-premises on their own or their partner’s data centers. We continue to invest and innovate to deliver compelling values for these customers.

Cisco Webex Cloud-Connected UC is one such innovation that enables on-premises customers to reap the benefits of cloud-delivered services while retaining their on-premises investments. For them, it is the best of both worlds. Powerful, agile, innovative management, delivered from the cloud, serving their own secure, reliable, private UC platform.

What is Cisco Webex Cloud-Connected UC?


Cisco Webex Cloud-Connected UC is a suite of cloud services that allow Cisco Unified Communications on-premises customers & partners to connect their UC deployments in their data centers to the Cisco Webex cloud and consume value-added services from the cloud. These services include:

1. Management services, that improve the experience of the UC administrator, and
2. UC supplemental services, that improve the experience of the enterprise end-users.

In this blog, we will focus on management services. We will cover supplemental services in part two of this series.

UC Management from Webex Control Hub


Our UC customers have been asking for an administrative tool that gives them a centralized, single-pane view of their entire deployments, across regions, in order to simplify their administration. Cisco and other industry vendors offer various UC management products. While these tools were fine for handling management requirements in simpler times, they fall short, when compared with the latest cloud technologies and the rapid innovation cycle offered by cloud services.

Cloud-Connected UC addresses this by centralizing and simplifying the on-premises management workflows on Cisco Webex Control Hub. Now, Control Hub can bring you the “single pane view” for on-premises deployments, in addition to the centralized management it already provides for Webex cloud and edge services.

The initial release of Cloud-Connected UC offers the foundational ability to connect on-premises systems to the cloud to get a rich, global cloud analytics service dashboard. We will build upon this foundation by adding various operational workflows to simplify the life of the UC administrator.

Cisco Tutorial and Material, Cisco Guides, Cisco Certification, Cisco Study Materials

Webex Cloud-Connected UC Analytics


Webex Cloud-Connected UC Analytics provides historical insights into business and operational metrics that will serve customer and partner IT administrators, as well as the IT buyer.  Cloud-Connected UC Analytics serves the IT mission by answering the following questions:

For IT Administrators:

◉ What is the operational health of my clusters & servers?
◉ What is the Quality of Experience for my users?
◉ Are there any issues I need to act upon (expired certificates, missing security fixes, etc.)?

For IT buyers:

◉ How are my assets being utilized? How can I optimize my asset usage?
◉ Are users adopting and engaging with new endpoints and features?
◉ Do I need to increase my service capacity to prepare for increased usage?

Tying back to the increased “work from home” usage situation that we started with, the analytics dashboard also provides enterprises the necessary insights to enable work from home usage and manage their users’ return to the office.

Cloud-Connected UC Analytics is built with intelligence to recognize patterns in the historical data, identify potential issues, recommend resolutions, and proactively notify the administrator. We are continuously exploring new ways to leverage cloud technologies, like Artificial Intelligence, Machine Learning, and Natural Language Processing to simplify the life of an administrator. The possibilities are practically unlimited.

Tuesday, 16 June 2020

Smart Parking: A Cisco IoT Solution with LoRaWAN

Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Exam Prep

I’m going to give you a behind the scenes look at the architecture of this small, but real, IoT application. It shows an easy way to get a digital output from an analog action. But first, let me introduce you to the problem and solution components.

Do you know the feeling? When you’re in a large parking garage and looking for an empty parking space? You are circling around with your car. Perhaps you’re late! You know there’s an empty spot somewhere. But where?!

There’s a Cisco IoT solution for that

Well, there is a Cisco IoT solution for that which we implemented for our e-parking spaces in our Cisco office in Frankfurt, Germany. There, we have 4 parking spaces where you can charge your e-car. That’s good, but 4 spaces are too few to meet demand, and can be occupied quite fast. To solve the problem we implemented a solution using LoRaWAN parking sensors. The solution helps our visitors and employees with the following:

Website

The website is where the user can check live data on what parking spaces are empty and occupied.

Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Exam Prep

Web-Dashboard with historical data

By simply storing data in a time-series database (InfluxDB), the web-dashboard (Grafana) can showcase the number of parking processes per parking space and time/date. As you can see below, because of the Covid-19 crisis nobody went to the office the last months.

Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Exam Prep

Proactive and reactive Webex Teams Bot

Users get notified via push-messages if only one parking space is still available and if all parking spaces are occupied. The same is also possible the other way around: Users can reactively ask the ParkingBot what parking spaces are empty or occupied.

Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Exam Prep

Architecture & Behind the Scenes

In this scenario, the data is being sent from the LoRaWAN sensors to our Cisco IXM LoRaWAN gateway which is directly connected to the industrial router IR829. Both devices are managed by the IoT Field Network Director with zero touch deployment. Then, the sensor data is sent via the cellular network to the LoRaWAN network server Thingpark Enterprise (Cisco Partner Actility). The cellular connectivity of the IR829 is managed by the Cisco Control Center which is an industry-leading SaaS SIM-card management platform. The SIM card was provided by our partner KPN.

After decrypting the LoRaWAN sensor payload, the data is forwarded via MQTT to the Python script and to InfluxDB, where the sensor data is stored for long-term. The python script also orchestrates the Webex Teams bot notifications and serves as the back-end to the website for sending the latest parking information data. Grafana is directly connected to InfluxDB.

Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Exam Prep

◉ Special thanks to Michael Eder who helped building this showcase application.

Saturday, 13 June 2020

6 Essential Elements of Your Managed Detection and Response Lifecycle – Part 1

We’ve seen a sharp increase in the number of organizations growing their remote workforces over the last decade. In fact, at the start of 2020, the number of remote workers in the U.S. stood at 4.7 million, which represents 3.4% of the population.

The advent of cloud, multi-cloud, and hybrid cloud architectures has made it possible for businesses to rapidly adapt to changing workforces and working styles. However, these changes have also introduced new challenges in managing security operations.

The key reasons for this include:

◉ Workers are accessing organizations’ servers and applications remotely, which opens up new entry points for cyber attacks

◉ Employees are relying increasingly on cloud-hosted services to work and collaborate

◉ Remote workers are being targeted by more and more malware sites

◉ Employees fail to consistently practice good cyber hygiene

As the remote workforce grows and cyber threats stack up, its important organizations have the capability to manage risks and uncertainty to keep critical assets secure. Where risks are known, actions are clear. But with unknown risks, there needs to be a focus on disciplined research and investigation. This helps generate intelligence to develop detailed use cases, providing Security Operations (SecOps) teams with a guide to respond to threats.

By defining known and unknown risk scenarios in your security operations lifecycle, you can meet the demands of remote workers using cloud and network services, while ensuring you remain protected.

Let’s explore how to establish a six-phase threat detection and response methodology that addresses uncertainty.

Managing uncertainty with disciplined security operations


Cisco Prep, Cisco Tutorial and Materials, Cisco Learning, Cisco Exam Prep

Identify

Establishing a clear methodology for security operations teams to follow is a critical element of effective and efficient threat detection and response.

This methodology starts with identifying uses cases.  Uses cases are the definition and analysis of an attack method.  In addition to the type of attack, use cases include step-by-step detail on how an attack unfolds, e.g. exfiltration of data from an organization or compromised privileged login, as well as possible control points for use in mitigation. Establishing a methodology that SecOps then leverages to identify and create new use cases is crucial to ensuring the organization maintains a strong security posture.

Building a disciplined approach to use case identification and analysis is the foundation of your detection and response process; providing insights on use case relevancy and organizational asset protection effectiveness.

Without these insights you will lack the visibility needed to truly maximize the value of follow on process steps such as developing, evaluating, and enhancing.

Organizations that follow a defined methodology to discover, collect, refine, validate, and apply changes to use cases address a critical weakness in “set it and forget it” programs. These programs assume the security policies and use cases developed at the time of implementing advanced operations tools remain static – an assumption that can create broad gaps in your threat visibility.

Prioritize

Prioritizing use case development is very important given it directly impacts how fast your organization is ready to respond to specific threats.  It is often debated which use cases to do first, which are most important, and how to assess the lifecycle for additional use cases. While prioritization could be based on importance, you’re likely to be more effective balancing importance with feasibility (e.g. how complex and risky is the use case to implement) and the speed at which a particular business operates.

Establishing a model to prioritize use cases will help you manage this balance. One approach is to create relative categories. For example:

◉ ‘Control’ based use cases relate to a regulatory objective, such as Payment Card Industry Data Security Standard (PCI DSS)

◉ ‘Threat’ based use cases leverage threat intelligence related to Tactics, Techniques, and Procedures (TTPs)

◉ ‘Data or Asset’ based use cases relate to specific datasets or assets that represent additional risk to the business

Reviewing new use cases in each of these categories with a balance between importance and feasibility provides a great strategy for new use case prioritization.

Thursday, 11 June 2020

Why 5G is Changing our Approach to Security

Cisco Prep, Cisco Exam Prep, Cisco Guides, Cisco Tutorial and Material, Cisco Security

While earlier generations of cellular technology (such as 4G LTE) focused on ensuring connectivity, 5G takes connectivity to the next level by delivering connected experiences from the cloud to clients. 5G networks are virtualized and software-driven, and they exploit cloud technologies. New use cases will unlock countless applications, enable more robust automation, and increase workforce mobility. Incorporating 5G technology into these environments requires deeper integration between enterprise networks and 5G network components of the service provider. This exposes enterprise owners (including operators of critical information infrastructure) and 5G service providers to risks that were not present in 4G. An attack that successfully disrupts the network or steals confidential data will have a much more profound impact than in previous generations.

5G technology will introduce advances throughout network architecture such as decomposition of RAN, utilizing API, container-based 5G cloud-native functions, network slicing to name a few. These technological advancements while allowing new capabilities, also expand the threat surface, opening the door to adversaries trying to infiltrate the network. Apart from the expanded threat surface, 5G also presents the security team with an issue of a steep learning curve to identify and mitigate threats faster without impacting the latency or user experience.

What are Some of the Threats?


Virtualization and cloud-native architecture deployment for 5G is one of the key concerns for service providers. Although virtualization has been around for a while, a container-based deployment model consisting of 5G Cloud Native Functions (CNFs) is a fresh approach for service providers. Apart from the known vulnerabilities in the open-source components used to develop the 5G CNFs, most CNF threats are actually unknown, which is riskier. The deployment model of CNFs in the public and private cloud brings in another known, yet the widespread problem of inconsistent and improper access control permissions putting sensitive information at risk.

5G brings in network decomposition, disaggregation into software and hardware, and infrastructure convergence which underpins the emergence of edge computing network infrastructure or MEC (Multi-Access Edge Compute). 5G Edge computing use cases are driven by the need to optimize infrastructure through offloading, better radio, and more bandwidth to fixed and mobile subscribers. The need for low latency use cases such as Ultra-Reliable Low Latency Communication (URLLC) which is one of several different types of use cases supported by 5G NR, requires user plane distribution. Certain 5G specific applications and the user plane need to be deployed in the enterprise network for enterprise-level 5G services. The key threats in MEC deployments are fake/rogue MEC deployments, API-based attacks, insufficient segmentation, and improper access controls on MEC deployed in enterprise premises.

5G technology will also usher in new connected experiences for users with the help of massive IoT devices and partnerships with third-party companies to allow services and experiences to be delivered seamlessly. For example, in the auto industry, 5G combined with Machine Learning-driven algorithms will provide information on traffic, accidents and process peer to peer traffic between pedestrian traffic lights and vehicles in use cases such as Vehicle to Everything (V2X). Distributed Denial of Service (DDoS) in these use cases are a very critical part of the 5G threat surface.

What are Some of the Solutions to Mitigate Threats?


Critical infrastructure protection: Ensure your critical software, technologies, and network components such as Home Subscriber Server (HSS), Home Location Register (HLR), and User Defined Routing (UDR) are secured with the right controls.

Cisco Secure Development Lifecycle: Being cloud-native and completely software-driven, 5G uses open source technologies. Although this is critical for scalability and allowing cloud deployment integrations, vulnerabilities from multiple open-source applications could be exploited by attackers. To reduce the attack surface, service providers need to verify the 5G vendor-specific secure development process to ensure hardened software and hardware. We offer security built into our architectural components. Our trustworthy systems’ technology includes trust anchor, secure boot, entropy, immutable identity, image signing, common cryptography, secure storage, and run-time integrity.

Vendor Assessment (security): It’s critical to validate the vendor supply chain security, secure your organization’s development practices from end to end, and employ trustworthy products. You must also be vigilant when it comes to continuously monitor hardware, software, and operational integrity to detect and mitigate infrastructure and service tampering. Sophisticated actors are looking to silently gain access and compromise specific behavior in the network. These attackers seek to take control of network assets to affect traffic flows or to enable surveillance by rerouting or mirroring traffic to remote receivers. Once they have control, they might launch “man-in-the-middle” attacks to compromise critical services like Domain Name System (DNS) and Transport Layer Security (TLS) certificate issuance.

Secure MEC & Backhaul: 5G edge deployments will supply virtualized, on-demand resource, an infrastructure that connects servers to mobile devices, to the internet, to the other edge resources and operational control system for management & orchestration. These deployments should have the right security mechanisms in the backhaul to prevent rogue deployments and right security controls to prevent malicious code deployments and unauthorized access. As these MEC deployments will include the dynamic virtualized environments, securing these workloads will be critical. Cisco workload protection, will help service providers to secure the workloads. Cisco’s Converged 5G xHaul Transport will provide the service providers with the right level of features for secure 5G transport.

Cisco Ultra Cloud Core allows the user plane to support a full complement of inline services. These include Application Detection and Control (ADC), Network Address Translation (NAT), Enhanced Charging Service (ECS), and firewalls. Securing the MEC would require multiple layers of security controls based on the use case and the deployment mode. Some of the key security controls are:

• Cisco Security Gateway provides security gateway features along with inspections on GTP, SCTP, Diameter, and M3UA.

• Secure MEC applications: Securing virtualized deployments on the MEC and centralized 5GC requires a smarter security control rather than just having firewalls, be it hardware or virtualized. Cisco Tetration provides multi-layered cloud workload protection using advanced security analytics and speedy detections.

• Secure MEC access: Securing user access to MEC can be catered by utilizing the Zero Trust methodology, which is explained in greater detail below.

Utilizing zero trust security controls during 5G deployment is critical for service providers. This is particularly important in the deployment phase where there will be multiple employees, vendors, contractors, and sub-contractors deploying and configuring various components and devices within the network. The old method of just providing a VPN as a security control is insufficient, as the device used by the configuration engineer might have an existing malicious code that might be deployed within the 5G infrastructure. This whitepaper gives you more insights on how zero trust security could be applied to 5G deployments.

End to End Visibility: 5G brings in distributed deployments, dynamic workloads, and encrypted interfaces like never before. This requires end-to-end visibility to ensure proper security posture. Advanced threat detection and encryption methods can identify malware in encrypted traffic without requiring decryption. And because latency is very important in 5G, we can’t use traditional methods of distributed certificates, decrypting traffic, analyzing the data for threats, and then encapsulating it again, as this adds too much latency into the network. Cisco Stealthwatch is the only solution that detects threats across the private network, public cloud, and even in encrypted traffic, without the need for decryption.

Source: Cisco.com