The Tactical Chameleon: Security Through Diverse Strategy

Over the course of my professional career, I have been fortunate enough to be involved in the development of video games and I still keep up with current events and trends in the video game industry. For many, video games are a hobby but for me, they are much more than that. Video games have given me a way to model conflict and there are many patterns we can borrow and apply to the way we approach cybersecurity. When this subject comes up in academic circles, they are quick to reach into the field of study called Game Theory. However, I have had very little luck applying this logical and orderly model in the real world. The reality is, production networks are messy, attackers don’t fit nicely into categories, and in the fast-moving field of cybersecurity, a lot of what happened even this week will take months if not years to reach learning institutions.

The ability to communicate tactics and strategies that are useful in conflict pre-dates the invention of Game Theory and I’m sure you have your set of favorite strategists that have served you well in business, cybersecurity, sports, and other conflict-oriented environments.

I’m no exception to this and in this article, I want to introduce you to a favorite of mine named Musashi Miyamoto. He was the greatest samurai to ever walk this earth and in his later years, he wrote “The Book of Five Rings” where in he outlined his no-nonsense approach to the art of combat. There are a few patterns he describes that I believe are important to those of us trying to figure out how to automate our systems in a way that serves our businesses and not our attackers.

The Tactical Chameleon

The martial arts are a collection of moves or forms that are rehearsed over and over. This repetition trains the body and the mind for battle where milliseconds of hesitation might mean defeat. Musashi placed a lot of value on not just knowing one form, but all of them. For Musashi, being over-reliant upon a single form was worse than bad technique. This approach earned him a reputation as the “Tactical Chameleon” because he would adapt to his opponents form and exploit the deterministic qualities of those forms’ countermeasures.

Let’s take a moment to connect this approach to the video game genre of fighting games. Looking back to some of the earliest games in this genre like Street Fighter, each character in the game has a defined move-set that makes up a deterministic quality of that character. This still holds true for fighting games today as well. Competitive eSport players study every character, every move, and learn every frame by frame detail to help give them a predictive advantage over their competitors.

Now back to Musashi. When facing an opponent on the trail, he would at first not know what form that opponent was trained in so he would start to exhibit a gesture like “Are you form B?” The way his opponent would react to his initial gesture would confirm or deny this. If yes, the next course of action would be to respond with a countermeasure that was exclusive to form B. By determining the form of his opponent, Musashi could exhibit a move that would put his foe in a vulnerable position and allow him to perform a killing blow.

This same methodology is also applied in eSports. At major fighting game tournaments like the Evolution Championship Series (EVO), the top competitors not only know all the ins and outs of the character they play, but they also know all the moves and matchups against other characters down to the frame level. This approach holds deterministic qualities that the players can use offensively and defensively.

The Musashi Approach to Security Automation

One thing that I should point out in this analogy is that in fighting games, player A and player B both have offensive and defensive capabilities. This is not the case with cybersecurity, where the conflict dynamic is more akin to player A is primarily a defender and player B is an attacker.

However, regardless of this difference, there are still qualities we can learn from Musashi and the fighting video game genre that are useful in threat modeling security automation.

Behavioral Modeling

At a basic level, you can view Musashi’s strategies as behaviors that either lead to surviving the conflict or not. Similarly, you can also look at the top players of eSports fighting games as having a dominant set of behaviors that win tournaments and ultimately championships.

As a defender, you are constantly trying to model the behavioral aspects of your attacker. This happens at both your attacker’s cognitive level as well as the mechanical level (machine-scale). Both may exhibit deterministic characteristics that can be used for detection and lead to defensive actions.

As an attacker, threat actors are modeling your activity and identifying any behaviors that will help them achieve their desired outcome with the lowest chance of detection at the lowest cost of operations. If your adversary were to gain the knowledge of your playbooks or runbooks, how would that play to their advantage in terms of evading detected or achieving their goals?

When it comes to behavioral modeling, we just don’t talk about it enough when we assess our security programs. We are still so stuck on nouns (things) when we need to be looking at the verbs (behaviors). Any advanced set of technology will have a dual use with the potential for both good and evil. For example, encryption keeps your customers’ communications private, but it also keeps your adversaries command and control channels private too. The software distribution system you use for updates across your enterprise can also be used as malware distribution by your adversary. In both examples, the thing (or noun) has not changed, but (the verb) behavior has.

A Deterministic Approach to Defense Can Be a Vulnerability

Any deterministic quality can be a weakness for the attacker or defender. Because Musashi was an expert in all forms, early in a battle, he would exhibit moves that had deterministic responses from a martial arts form in order to determine his opponents move-sets. By seeing how his opponents reacted, he then knew what the optimal dominant strategy was to counter that form and defeat his adversary.

With fighting games, the game itself holds the deterministic qualities. A certain character will have moves that when a player commits to a specific input sequence, they turn control over to the game to complete that move. During this time, the other player will know at least for the next few microseconds, what the future holds and must determine their next move to move the fight towards their advantage. Repetitive and static use of automation is like using the same combos/patterns over and over in a game. It might work well against many of the opponents you face, but if your foe understands how the combo/pattern works and knows how you use it, they can counter it accordingly.

Take a moment to consider the following: What aspect of your processes or automation techniques could a threat actor use against you?  Just because you can automate something for security, does not mean you should. Our systems are becoming more and more automation rich as we move from human-scale operations to machine-scale operations. It is paramount that we understand how to automate safely and not to the advantage of our attackers. Treating your infrastructure as code and applying the appropriate level of testing and threat modeling is not optional.

Defense in Diversity

Security has always claimed that “Defense in Depth” is a dominant strategy. As we enter the world of automated workloads at internet-scale, it has become clear that it is “Defense in Diversity” that wins over depth. When dealing with mechanized attacks, iteration over the same defense a million times is cheap. However, attacking a million defenses that are slightly different is costly.  It then comes down to this: How can you raise the cost to your adversary’s observations and actions without raising the cost equally for the defender?

It is accepted that human beings have a cognitive limit on things like recall, working memory, dimensional space, etc. Operating outside of any one of these dimensions can be viewed as beyond the peripheral cognition of a human. This is important because machines have no problem operating outside these boundaries, which is why I have differentiated certain challenges in this article as human-scale versus machine-scale.

Diversity is the countermeasure to Determinism. Extreme forms of diversity are feasible for machines but infeasible for humans, so we need to be careful in its application in our systems.

By accepting these human-level versus machine-level constraints and capabilities, we need to design automation that has machine-scale diversity and operational capacity while still being able to be operated at the human-scale by the defenders.

Outro

In order to effectively combat an increasingly strategic and varied set of threats, security professionals need to take a page from fighting game players. While repetitive and static use of an effective move or combo might keep some adversaries at a disadvantage, or even defeat some of them outright, at some point, a player is going to come across a foe that not only recognizes those patterns, but also knows how to counter them and effectively punish them, leaving the player defenseless and open for attack. Much like how an e-sports pro can’t just spam the same set of moves to win every fight, security professionals can’t rely on the same static methods over and over again in order to defend their organizations.

I encourage you to take some time to assess your organization’s current approach to security and ask yourself some important questions:

◉ How deterministic are your defense methods?

◉ Are there any methods that you’re currently using that threat actors might be able to abuse or overcome? How would you know threat actors have taken control?

◉ What set of processes are human-scale? (manually executed)

◉ What set of processes are machine-scale? (automated by machines)

The first step to becoming a successful “Tactical Chameleon of Security” is learning to identify what elements of your approach are human-scale problems and which are machine-scale problems.  Recognizing how to efficiently balance the human and AI/ML components in your kit and understanding the advantages each provide will allow you to better defend against threats and allow you to seize victory against whatever foes come your way.

Continue reading

Unleashing SecureX on a real Cyber Campaign

There’s so much excitement around the general availability (GA) for SecureX. Let’s take a look under the hood as the industry learns to define what we should all expect from a security platform. And while I have your attention, I am going to attempt to thoroughly explain how SecureX delivers simplicity, visibility and efficiency through a cloud-native, built-in platform with an emerging use case. Here is the problem statement – we want to investigate cyber/malware campaigns impacting your environment and if there are any identified targets by looking at historical events from your deployed security technologies. Every Cisco security customer is entitled to SecureX and I hope you find this use case walk-through helpful. I will also share a skeletal workflow – which you can either run as your own ‘playbook’ or modify to be as simple or complex as your needs merit.

Let’s set the background. Recently we have been made aware that certain Australian government owned entities and companies have been targeted by a sophisticated state-based actor. The Australian Cyber Security Centre (ACSC) has titled these events as “Copy-Paste Compromises” and have published a summary with links to detailed TTPs (tactics, techniques, procedures). The ACSC also published and is maintaining an evolving list of IOCs (indicators of compromise) which can be found here. As far as mitigations, ACSC recommends prioritizing prompt patching of all internet facing systems and the use of multi-factor authentication (MFA) across all remote access services. Also, the ACSC recommends implementing the remainder of the ASD Essential Eight controls. Cisco Security has a comprehensive portfolio of technologies that can provide advanced threat protection and mitigation at scale. My colleague Steve Moros talked about these in his recent blog. However, if you are curious like me, you would first want to understand the impact of the threat in your environment. Are these observables suspicious or malicious? Have we seen these observables? Which endpoints have the malicious files or have connected to the domain/URL? What can I do about it right now?

If you are not in Australia, don’t walk away just yet! The title ‘Copy-Paste Compromises’ is derived from the actor’s heavy use of proof of concept exploit code, web shells and other tools copied almost identically from open source. So you may see some of these in your environment even if you are not being specifically targeted by this campaign. Also you can replace the example above with any other malware/cyber campaign. Typically you will find blogs from Cisco (TALOS) or other vendors or community posts, detailing the TTPs and more importantly the IOCs. In other situations, you might receive IOCs over a threat feed or simply scrape them from a webpage/blog/post. Irrespective with minor tweaks the below process should still work for any of those sources as well. Let’s get started!

Step 1 – Threat Hunting & Response

In this step, I simply copied all the IOCs from the published csv file and put them into the enrichment search box in my SecureX ribbon. This uses SecureX threat response to parse any observables (domains, IPs, URLs, file hashes, etc) from plain text and assign a disposition to each observable. We can see there are 102 observables that have been tagged as clean (3), malicious (59), suspicious (1) and unknowns (39). The unknowns are of higher concern, as the malicious and suspicious observables would hopefully have been blocked, if my threat feeds are working in concert with my security controls. Nonetheless, unless they are of clean disposition, any sightings of these observables in an environment are worth investigating. Also the ACSC will keep adding new observables to their list, as this campaign evolves. That just shows the live nature of today’s cyber campaigns and how important it to stay on top of things! Or you can automate it all, using the workflow I describe in Step 2 a bit later in this blog.

Figure 1: Observables from Text in SecureX Dashboard

Let’s see if there are any sightings of these observables in my environment and identify any targets. I do this by clicking the “Investigate in Threat response” pivot menu option in the ‘Observables from Text’ pop-up. This brings all the observables into SecureX threat response which then queries integrated security controls (modules) from my environment. In my case, 5 modules including Umbrella and AMP, had responses. I can quickly see any historical sightings, both global, and local to my environment.

Figure 2: Threat Hunting with SecureX threat response

There are few things to take note of in the screenshot above. The horizontal bar on top breaks down the 102 observables from ACSC into 9 domains, 31 file hashes, 44 IP addresses, 6 URLs and email addresses. I can now expand to see dispositions of each of them. The Sightings section (top right) gives me a timeline snapshot of global sightings and most importantly the 262 local sightings of these observables in my environment over the last few weeks. And an important detail on the top left we have 3 targets. This means that 3 of my organization’s assets have been observed having some relationship with one or more of the observables in my investigation. I can also investigate each observable more deeply in the observables section (bottom right). The relations graph (bottom left) shows me any relationships between all the 102 observables and the 3 targets. This helps me identify ‘patient zero’ and how the threat vector infiltrated my environment and spread.

Let’s expand the relations graph to get a closer look. I can apply various filters (disposition, observable type, etc.) to figure out what is going on. I can also click on any observable or target, both in relations graph as well as anywhere else in the SecureX/Threat Response user interface‑to investigate it further using threat intelligence or pivot into related Cisco Security products for a deeper analysis. Once I have completed the analysis, I can start responding to the threat, from the same screen. With a few clicks in the SecureX/Threat Response user interface, I can block any of the observables in the respective Cisco Security products (files in Cisco AMP, domains in Cisco Umbrella, etc.) and even isolate infected hosts (in Cisco AMP) to prevent further spread. I can also go beyond the default options and trigger pre-configured workflows (explained in next section) to take action in any other security product (Cisco or 3rd party) using the power of APIs/adapters. This is the illustrated by the ‘SecureX Orchestration Perimeter Block’ workflow option in below screenshot amidst other analysis/response options.

Figure 3: Incident Response with a click

So far, using SecureX threat response, we have simplified the threat hunting and response process. We were able to take all the ACSC observables, run them through various threat feeds and historical events from our security controls, while avoiding the need to jump through each security product’s user interface. We have avoided “the swivel chair effect”, that plagues the security industry!

Step 2 – Orchestrating it all with a workflow

While we achieved a lot above using the power of APIs, what if we could further minimize the human intervention and make this an automated process. SecureX orchestrator enables you to create automated workflows to deliver further value. The workflow below can be modified for any IOC source, including the TALOS Blog RSS Feed, however in this case we are going to use the ACSC provided IOC csv file.

I’d like to credit my colleague Oxana who is deeply involved with our devnet security initiatives for the actual playbook I am about to share below. She is very comfortable with various Cisco Security APIs.

Here is the generic workflow:

Figure 4: the Workflow

The workflow itself is fairly straightforward. It uses SecureX threat response APIs for the bulk of the work. For notifications we chose Webex APIs and SMTP, but this can be replaced with any collaboration tool of choice. The steps involved are as follows:

1. Get Indicators – by making a generic http request to ACSC hosted IOC csv file (or any other source!), do some clean up and store the raw indicators as text

2. Parse IOCs – from raw text stored in step 1, using SecureX threat response Inspect API

3. Enrich Observables – with SecureX Threat Response Enrich API to find any global sightings (in my integrated threat feeds) and more importantly local sightings/targets (in my integrated security modules like Umbrella, AMP, etc.)

4. Notify – if any targets found (from local sightings). For each queried module, post the targets on Webex teams and/or send an email.

5. Case Management – by creating a new casebook the first time any targets are found. On subsequent runs keep updating the casebook if targets found.

Here are some screenshots of the workflow in SecureX orchestrator. It is a bit difficult to fit in one screen, so you get 3 screenshots!

Figure 5: Workflow in SecureX orchestrator

It is possible to further improve this workflow by adding a schedule, so that workflow runs every few hours or days. This may be useful as ACSC keeps updating the indicators regularly. Another option could be to build in response options (with or without approval) using the SecureX threat response API. These are just ideas and the possibilities are limitless. SecureX orchestrator can be used to modify this workflow to run any API action for notifications and responses, both on Cisco and 3rd party products. Simply use the built in API targets or create new ones (eg. for 3rd party products), add any variables and account keys and just drag and drop the modules to build logic into your workflow. Essentially, we have given you the power of workflow scripting in a drag and drop UI. Every environment is different and so we will leave it for the readers to improve and adapt this workflow to their individual needs. Lastly as mentioned before, you can also use this workflow for extracting observables from any other web sources and not just the ACSC Copy Paste Compromises IOC list. To achieve this just modify the “ACSC Advisory Target” under Targets.

Figure 6: Modifying the observables source

The above workflow is hosted on github here. You can import it into your own SecureX orchestrator instance as a json file. Before you go through the import process or when you run the workflow, you will need to provide and/or adjust variables like the Webex token, Webex teams room id and email account details.

Figure 7: Adding the notification variables

Lastly when you run the workflow, you can see it running live, the input and output of every module and every ‘for’ loop iteration. This allows easy troubleshooting of things from the same friendly graphical interface!

Figure 8: Running the workflow in SecureX orchestrator

After running the playbook, you should see email notifications or Webex Teams messages, indicating targets found (or not) for each queried module. You should also see a case by selecting “Casebook” on the SecureX ribbon on the SecureX dashboard.

Figure 9: Webex Teams notifications on local sightings and targets

Figure 10: Casebook in SecureX dashboard

If you are a Cisco Webex Teams customer, simply login and get your personal webex access token to use in the workflow from here. To get the room id for the Webex Teams room that will be used for notifications from the workflow, add roomid@webex.bot to the room and it will reply to you with a private message containing the room id. Oxana has documented everything needed to get the workflow going in the readme file.

Continue reading

From Data Center to Cloud, Guidance for Managing Data Everywhere

As enterprises react to rapid changes in business models driven by macro-events, digital transformation, and redistribution of both the workforce and the workloads, agility and resiliency in IT solutions and services are a key differentiator for success. Whether application workloads reside in the cloud, at the edge, or on-prem, the data center needs to be optimized for performance, reliability, and user experience as business and operational needs evolve.

Data center and cloud networking agility provide the ability to react quickly to changes and goes way beyond traditional measurements of speeds and feeds. Agility depends on being able to manage the network fabric holistically with emphasis on higher-level infrastructure orchestration platforms, automation tools, programmability through APIs, and end-to-end visibility through deep analytics with machine learning.

With the many permutations of cloud and data center infrastructures that exist in the global market, IT has a wealth of vendor options to evaluate for network solutions that match the needs of their enterprise and cloud data centers. Fortunately, there are analysts and technology journalists to help sift through the flood of data with independent research. What are the critical capabilities that set leaders of network infrastructure and management apart from followers? Let’s look at some of the capabilities that Gartner uses to evaluate data center and cloud networking solutions.

2020 Gartner Critical Capabilities for Data Center and Cloud Networking

The capabilities for optimizing data center and cloud networking—from hardware to network operating systems to management solutions—are all drivers of agility and business resiliency. In particular, Gartner highlights three use cases that are top of mind for many enterprise IT teams for evaluating data center networking solutions:

1. Enterprise Refresh/Build-Out Use Case. Includes switch hardware, Network Operating System (NOS), management, and automation integrations.

2. Agility Boost Use Case. Based on management platform independence, automation, hyper-converged infrastructure integrations, and public cloud integrations.

3. DevOps Driven Organization Use Case. Day 1 and Day 2 automation and data center platform integrations.

These capabilities, among others, build a foundation for managing data center resources for modern enterprises facing continuous change. For example, Gartner predicts that “by 2023, 10% of enterprises will fully integrate data center networking activities into CI/CD pipelines, up from nearly zero in early 2020”, with DevOps driving the development of applications critical to business. For these applications to run successfully under high demand, organizations will need increased insight and automation into managing Day 2 operations for data center and hybrid-cloud operations. In the 2020 Magic Quadrant for Data Center and Cloud Networking report, Gartner highlights Cisco’s strengths and cautions as a Magic Quadrant Leader.

◉ With solid products and a large and global installed base, Cisco offers depth and breadth of features that covers nearly all usage scenarios, including advanced routing and ultra-low-latency switching.

◉ Cisco has a roadmap to deliver increasing levels of analytics and automation to satisfy emerging customer requirements for a more autonomous and self-healing network.

◉ Cisco Network Insights improves Day 2 operational activities such as troubleshooting, reporting, and bug scrubs, and integrates with both Application Centric Infrastructure (ACI) and Data Center Network Management (DCNM) controllers.

Six Years of Positioning as a Gartner Magic Quadrant Leader in Data Center and Cloud Networking

2020 marks the 6th consecutive year that Gartner positions Cisco in the Leaders Quadrant for Data Center and Cloud Networking. This year Gartner included Cloud Networking in addition to the traditional on-prem data center offerings and we believe Cisco was named a Leader given our proven multi-cloud architecture. Gartner evaluated Cisco data center and cloud switches, NOS as well as Cisco Application Centric Infrastructure (ACI), Data Center Network Management (DCNM), and Data Center Network Assurance and Insights Suite.

*Source: Gartner Magic Quadrant for Data Center and Cloud Networking, June 30, 2020

Continue reading

Get Started with IoT and Prepare for DEVIOT Certification

“To do, or not to do.” That is the question. Do you find you are asking yourself this question often? Well, while I can’t speak about your other dilemmas, let me help you with any confusion you might have regarding how to get started on your IoT journey. My July 21st webinar will be a great place for you to start.

Where do you even start with IoT?

Chances are if you have come this far reading this blog, you have made up your mind to embark upon the journey to equip your arsenal with more skills and knowledge regarding IoT.

You certainly own a smart device, don’t you? Great! Then you are already a part of the IoT world. How? If you are using Wi-Fi or Bluetooth, then you are already into IoT as these are some of the fundamental protocols that apply to IoT. There are many other protocols and standards which you should know about while deep-diving into the IoT world. Since IoT is adapted in so many different markets, each market or application has its own suitable IoT protocol that aligns to their requirements.

Consider the MQTT protocol. It has gained popularity in industries such as Supply Chain & Logistics, and Healthcare because of its lightweight properties and simplicity. Check out Cisco DevNet Intro to IoT Technologies – Protocols, Tools, and Software Module to learn about this protocol with a  hands-on DevNet Learning Lab!

There are many resources you can find by visiting the DevNet IoT Dev Center to get you started with IoT. You’ll find introductory topics such as:

◉ how to develop applications using Cisco IOx
◉ getting started with Cisco Kinetics Gateway Management Module (GMM)

You can take advantage of these resources and more to get familiar with cutting edge Cisco IoT technologies.

Get prepared for an IoT professional certification

In the webinar, you’ll get an overview of the Cisco Certified DevNet Specialist, IoT Certification Exam. We’ll cover some ground on the topics the exam enlists, and what percentage of questions are to be expected from each module. We will also talk about some resources which will be useful to help you prepare for this certification exam.

See what my fellow Dev Advocate Jock Reed has to say about this certification, along with a short breakdown of the exam topics here.

There has never been a better time to get certified

Online, proctored exams are now delivered in most countries around the globe now. Thus, now is the ideal time to prepare for and earn your professional certification.

Please join me for the webinar on July 21st at 8:00 AM PDT.  Register Now!

See you all there!

Source: cisco.com

Continue reading

Energy efficiency of Cisco products

Improving product energy efficiency is more than just a regulatory requirement for Cisco. It’s an opportunity for us to help customers save on energy costs, lower GHG emissions, and reduce global energy demand. It also makes our products more competitive.1 Recent literature from 2015 has seen GHG emissions from the ICT industry leveling off, with the total energy footprint stabilizing at around 3.6 percent of global electricity consumption. 2 While it’s a good start that the ICT energy footprint is not growing, we believe success will ultimately be measured by a decreasing ICT energy footprint and decreasing global energy consumption. That’s why improving product energy efficiency and decreasing energy consumption are important factors in our product development.

We track how much total energy our products use as a Scope 3 Use of Sold Products GHG emission. To calculate this, we first created a manual database of our existing products and listed their typical power rate. When that was unknown, we identified the max power output on the products’ power supply and de-rated that value, providing an approximation of their power rate. We then calculated how many of each product we sold in the previous fiscal year and added that to our database. With those factors, we multiplied the typical power rate by the number of units shipped to determine the total energy consumed by our products sold in that fiscal year. To account for products sold in a previous year, we assumed an average life of five years. We scaled that number using past hardware revenue to determine total energy used by all of our products potentially in use. About 80 percent of emissions were calculated using primary data.

To better calculate this number, we’re exploring ways to create a database to track our products’ energy consumption. Our goal is to automate this process as much as possible to allow for easier energy calculations and more consistent data year over year. By the end of FY20, we plan to have our initial database ready to help calculate our GHG emissions from use of sold products.

Customers and regulators have rising expectations that our products minimize energy costs and GHG emissions. Every year, the number of inquiries related to environmental sustainability we receive from analysts, customers, shareholders, and nongovernmental organizations rises. We track applicable energy-use regulations and certification programs to review compliance needs as requested by our customers.

Improving product energy efficiency

Improving product energy efficiency addresses two key challenges for Cisco. First, to achieve the projected, and required, product performance specifications for the next five to 10 years, Cisco products need an architecture with “energy scalability.” This is one that can provide energy- efficient service for variable traffic types, traffic demands, customer usage, and installs. Second, product use is by far our largest GHG emissions source. To address these challenges, Cisco is investing in five primary product energy efficiency engineering initiatives. These initiatives were chosen as they allow us to have the largest impact on improving our products’ energy consumption.

◉ Power initiative. We are improving product efficiency of our products from plug to port and set a product power efficiency goal in early FY18. This goal is to improve large rack-mounted- equipment system power efficiency—as measured from the input power from the facility to the board-mounted ASICs, memory, and other chip devices—from 77 percent to 87 percent by FY22 (FY16 baseline). Read more about this goal in our goal announcement blog post. Such a goal drives Cisco to design new power systems that result in a net positive gain in overall product efficiency.

◉ Thermal initiative. We are exploring alternative methods of cooling (air flow, liquid, and refrigerant cooling) to reduce operating temperatures and facility cooling requirements. Forced air cooling systems in wide use today have limitations in cooling concentrated areas of high power from next-generation packet processing engines. To cool these higher-power components, we must deploy more efficient and effective systems. These advanced cooling systems, targeted towards 2023, will use multiphase cooling techniques to transfer expected thermal output of next- generation switches and routers.

◉ High-speed interconnects initiative. High- speed silicon-to-silicon or optics-to-silicon interconnects are an integral part of routing and switching systems. These interconnects consume a significant portion of the total system power. We are exploring ways to increase the interconnect speed, driving the gigabits per second per watt (Gbps/W) consumed metric as high as possible. This will increase performance and reduce energy use. By the end of 2020, increasing traffic bandwidth demand will require interconnect speed efficiency to be discussed in terms of Tbps/W of traffic transmitted or received. By 2022, ASIC packet processing technology will likely consume more than 1,000 watts in a 4-inch by 4-inch area, using hundreds of transmit and receive channels and thousands of power connections. This initiative drives optimization in the high-speed signaling interconnect to allow more physical space and effective methods of delivering power to the ASIC.

◉ Customer facilities initiative. We are working with customers to reduce the amount of energy required to operate IT facilities with power solutions that increase the efficiency of overhead power, avoid step-down transformers, and provide integrated cooling strategies. These end-to-end solutions reduce hardware requirements and energy consumption while providing a more integrated method for managing IT infrastructures. This initiative includes developing power supplies with wide-ranging AC and DC inputs, and Power over Ethernet (PoE) and Pulsed Power systems integrated into connected building applications that reduce the buildout of future electrical infrastructure.

◉ Power Supply Initiative. Power supplies play a critical role in managing product energy efficiencies, as they are the first step where energy is lost. To overcome this loss, we are working to offer more energy-efficient options for power supplies, giving customers the option of platinum or titanium 80+ rated power supplies whenever possible. This provides cost-sensitive customers the option of selecting lower-rated power supplies, such as gold or silver, while allowing customers concerned about reducing their total energy use to select the higher-rated supplies. For external power supplies, we ship products that are DOE6 compliant, aligning with the latest U.S. energy efficiency standards.

When we evaluate product energy efficiency, we consider the power performance of the entire system. We measure the percent efficiency as electricity passes through each component or function. This can include, for example, the external power supply units (PSU), intermediate bus converter (IBC), point of load (POL), and ASIC, memory, or other chips.

Reducing product energy consumption

Increasing energy efficiency is key to Cisco’s strategy for managing the total amount of energy used by our products, but it is only one part. Cisco produces a wide variety of products ranging in size from access points (APs) to LNE. This means we must take a multifaceted approach to managing energy consumption. Our products fall into three categories in which we report revenue: Infrastructure Platforms, Applications, and Security. Each product segment requires a different approach.

Infrastructure platforms make up the backbone of the network and consume the most energy. The total energy footprint of each of our products is determined mainly by which components we use. As components, such as the ASICs, CPUs, PHYs, and DIMMs, continue to consume more energy, our products will, too. To offset this energy increase, we continue to push the bps/W ratio of our products higher to get superior performance for the additional energy they use.

Our wireless portfolio, which includes APs, also falls under this segment. These products are primarily powered through PoE, making energy consumption a high priority. Each product must fit into the desired PoE standard, ranging from the 802.3af standard of max power at 15.4 W to the 802.3bt max power rating of 90 W. Due to the use case of these products, we design them to minimize their energy consumption during low use periods, such as overnight. Our latest products support the new Wi-Fi 6 standard power-saving feature called Target Wake Time (TWT). TWT allows the AP and client to schedule target wake-up times to exchange data.

Our collaboration portfolio is made up primarily of our IP Phones and telepresence products. Like APs, IP Phones can spend an even greater amount of their lifetime not in use. It’s critical for these products to be designed to efficiently power up for use, then switch into a standby mode to minimize their energy footprint. It is also a priority for our IP Phones to be designed to meet ENERGY STAR standards.

Telepresence products help customers reduce their GHG emissions from business air travel and commuting. When designing these products, we prioritize efficient switching between product use and standby modes. Whenever possible, we design our telepresence line of products to support three modes to minimize energy consumption: off, standby, and networked standby. Products can then be set to transition to either of the two standby modes if no input signals are detected for a predetermined time.

Continue reading

IDC White Paper shows ROI of 462% for Cisco SD-Access and Assurance

We are pleased to announce the publication of a new IDC white paper, sponsored by Cisco, that examines the business value realized by customers who have adopted Cisco’s Software-Defined Access (SD-Access) and Assurance solutions. The study showed some very impressive results, such as an average projected five-year return on investment (ROI) of 462%.

Cisco DNA Assurance and Cisco SD-Access are two major components of Cisco’s Digital Network Architecture, and are implemented using the Cisco DNA Center management platform. Together, these enable organizations to apply business intent to the network, creating unprecedented levels of visibility and control across the entire enterprise network.

Real customers sharing real experiences

For anyone who has been skeptical about our claims about the benefits of Assurance and SD-Access, this report should help sway your opinion.  There are many firsthand accounts from customers who are using these solutions in their networks, not just as demos or proof of concepts, but to actually run their IT operations. Participants in the study represented a range of business sizes and industry verticals, making it even more impressive that the results were so positive across the board.

Cisco DNA provides real benefits

According to the IDC authors, customers initially turned to SD-Access and Assurance to make managing complex operations easier, prepare for anticipated growth, and become more proactive in their approach to network management. What they discovered was that as network management becomes easier and performance improves, staff productivity increases and greater innovation company-wide becomes possible.

Some highlights of the results

◉ Average annual benefits of $3.18 million on a per organization basis
◉ 462% five-year ROI
◉ 9-month payback period
◉ 49% more efficient network management staff
◉ 35% more efficient network security teams
◉ 86% reduction in unplanned downtime

A key reason that the measured ROI was so high is that the time savings is compounded across all areas of network management and extends to non-IT personnel as well. Customers reported a wide range of positive benefits. With Cisco SD-Access, security is both more effective and easier to deploy and maintain. With Cisco Assurance, service issues are easier to track down and are detected earlier. These improvements lead to reduced downtime and improved application performance.

Source: IDC 2020

Cisco DNA solves real problems

Legacy network processes are inefficient and do not scale to the number of clients and devices now in use today. As the scale of the network increases, the friction inherent in manual processes for onboarding and managing connectivity cause a cascade of difficulties such as:

◉ Less than optimum experience for network users.
◉ Policy enforcement becomes more and more complex and inefficient.
◉ Holes open up in security policies.
◉ Network operators do not have visibility into what is happening in the network at any given moment.
◉ Problems take time to identify and solve, making users frustrated and slowing productivity across the company.

We believe this report helps prove that SD-Access and Assurance aren’t just shiny new toys. These solve real problems experienced by most network operators. With these solutions, you can proactively solve problems. You can match policy to the user, not the machine. You can automate routine tasks and roll out changes more quickly, making your network and your business more agile and able to respond to changing conditions.

Here is a concrete example that one of the customers in the study shared about their experience with SD-Access that illustrates this point about time savings:

A big thing for us is the rapid deployment or moving of different segmented networking groups. For example, right in the middle of one of our projects we had one of the labs moved. But it took 4 hours instead of what would have been about a month prior to SD-Access.

Continue reading

Industrial NetDevOps Enables Your Industrial Network with Programmability and Automation

Industrial NetDevOps solves real-world problems 

◉ Breaking down the barriers and building a closer alignment between the IT and OT departments ◉ Increase network change management, incident management and security
◉ Lower OT expenses and downtime while increasing your network effectiveness and agility

These crucial and well-desired subjects are exactly what Industrial NetDevOps is trying to solve. And DevNet has the tools and learning resources to help you start with that journey right away:

◉ Free Webinar, July 14th — Register Now
◉ New Learning Labs
◉ New Scripts on Code Exchange

What is Industrial NetDevOps?

Industrial NetDevOps brings the culture, tools, technical methods and best practices from DevOps to Industrial Networks.

Instead of using SNMP and CLI, you configure, manage and monitor industrial network devices via standardized network device APIs and software automation tools. Industrial NetDevOps workflows use Open Source, standards and Python scripts alongside commercial devices and tools to deliver fast-responsive and secure industrial networks.

DevOps is a set of practices that combines software development (Dev) and IT operations (Ops). Similar to DevOps, in the industrial space are industrial operations professionals who understand and control the equipment (OT/Dev), but need support from their IT colleagues to make OT-data meaningful, OT-devices accessible and better aligned with other business systems (IT/Ops).

The vision of Industrial NetDevOps is taking the full advantage of both teams by working together: Creating a single source of truth for network configurations (e.g. with Git), making small but well tested changes to the network, deploy configuration changes though APIs, use automation to save time and costs, enable automated IT network services for operations professionals, get real-time health data of your network and OT devices and many more.

What has changed? Why move now?

Operations leaders recognize that operational data they use to support real-time decision making could create additional value for the company. The vision of a fully connected factory is real, the transformation is happening right now. Therefore, the industrial network needs to be as responsive, agile and secure as it has ever been.

Cisco realized this movement and is leading it: The industrial switch series IE3x00, the embedded switch ESS3300 and the industrial router IR1101 are running IOS XE (same as on the Catalyst 9000 Series) which enables model-driven programmability with open APIs and data models such as NETCONF/RESTCONF & YANG. Also, the Cisco Catalyst 9800 Series Wireless Controller supports model-driven programmability along with traditional APIs.

Furthermore, the network controller and orchestration software Cisco DNA Center supports an extensive REST-API as well as the industrial security software Cisco Cyber Vision. As you can see, Cisco’s industrial software and hardware is ready for the transformation!

What are the Use-Cases which you can start right now?

To give you a better understand of how powerful Industrial NetDevOps can be with our Cisco industrial solutions, here are some use-cases which will get you started. However, there are many more!

◉ Enable or disable remote access with just one REST-API Call: By simply defying a service as a python script which will execute pre-defined NETCONF commands to create, enable and disable ACLs on specific industrial hardware, for example the IE3400.

◉ Deploy your desired IOS configuration for hundreds or thousands Cisco IE switches automated with the software automation tool Ansible and just one command. For example, configure the IND bootstrap-, specific ISE-, PROFINET-, CIP-, PTP-configuration and so on with one centralized tool or even application of yours.

◉ Get fully automated and tailored reports about the health of your network and IT/OT devices via the REST APIs of Cisco Cyber Vision and Cisco Industrial Network Director. In the same process-chain, analyze the report with other Cisco tools: Check each DNS query what has been made in your industrial network with the Cisco Umbrella Investigate API to see if some requests were malicious and highlight the originators.

◉ Enable ChatOps in your Industrial Environment: Operations professionals can easily change the network configuration and many other application settings via simple text messages on Cisco Webex Teams (see the example below with the IR1101). What changes the OT worker is allowed to make will be pre-defined by the IT team.

How does the Toolset of Industrial NetDevOps look like?

It depends on your use-cases and requirements what skills are important – you do not need to know them all! Here is breakdown of which technologies and tools will help you further to enable Industrial NetDevOps:

◉ Programmability Basics: Understanding REST-APIs and Python (or any other programming language) are the basics for programmability which will help you automating your tasks and can solve specific IT/OT challenges.

◉ Device Level: In order to leverage the APIs directly on your industrial device (e.g. IE3400) for a single configuration change or getting device operational data, get started with NETCONF/RESTCONF and YANG.

◉ Controller & Orchestrator Level: If you manage your industrial hardware with Cisco DNA Center, Industrial Network Director, Kinetic GMM or vManage, you can simply do that with the REST-APIs and automate your tasks with Python for example.

◉ Configuration Management: If you want to change the IOS configuration on hundreds or thousands of devices, get started with the software automation tools Ansible, Puppet, Chef or others.

◉ Network Verification: If you want to know if your IOS configuration on which of your IE3400s has changed in the last weeks or months or want to test your IOS configuration, definitely get started with the Cisco framework pyATS.

◉ Security: Especially in an industrial environment network security is highly important. Together with the industrial security software Cisco Cyber Vision (REST-API capable), Cisco Firepower & FirePower Threat Defense (REST-API capable), the ruggedized Cisco Industrial Security Appliance ISA3000, Cisco Stealthwatch (REST-API capable) and Cisco Identity Services Engine (pxGrid API) enable your network to talk to these security tools and the other way round.

◉ Telemetry and Monitoring: To visualize your collected data from your industrial device (e.g. IR1101 in the image below), get started with streaming telemetry and the TIG-stack (Telegraf, InfluxDB and Grafana), ELK-stack (Elasticsearch, Logstash and Kibana) or any other preferred databases and dashboards.

Where should I deploy the Industrial NetDevOps tools?

As usual, this depends on your architecture, devices, and industry. However, if we look at the Converged Plantwide Ethernet (CPwE) Architecture, it makes sense to include these tools in the Industrial Zone as seen in the image below.

Source: cisco.com

Continue reading