Tuesday, 20 October 2020

Collaboration in the Age of AI: How Cisco is Pioneering the Use of AI and Emerging Technology Within Collaboration

Artificial intelligence (AI) has become all the rage. Just the mere mention of it makes us think of hi-tech and some futuristic state that promises simplicity and instant knowledge. According to research from O’Reilly, engagement with artificial intelligence technology grew 58% last year.* Additionally, the global artificial intelligence market is expected to grow nearly 50% in 2020, to a staggering $40.74 billion.** For the collaboration industry, their use brings hope of frictionless and instant connections.

Webex’s Rich History in AI Innovation

Cisco Webex has pioneered the use of AI within collaboration to bring this hope into reality. There is no other vendor in this space with a rich history in AI innovation like Webex.  All for the purpose of helping people to connect like never before from wherever they work, play, or learn. To enable a safe return to the office. And to make decisions about collaboration spaces and office floor plans. From your home to the board room, our, AI, and automation technology provide intelligent experiences and drive changes, that keep everyone safe and productive.

And it isn’t something that will happen in the future. It’s happening today; in fact, we’ve been doing it for years following our strategy to apply AI and Machine Learning (ML) to practical applications in collaboration. We identified the most important areas where machine learning would make a difference in collaboration solutions and have focused our efforts on relationship intelligence, audio & speech technologies, bots & assistant, and computer vision.

Cisco Study Material, Cisco Learning, Cisco Guides, Cisco Certification

This involved the application of a range of AI-based technologies including:

◉ Conversational AI, a combination of natural language processing, dialog management, and question answering
◉ Wakeword speech technology
◉ Speech To Text (STT) and Text To Speech (TTS)
◉ Speech Transcription and Translation
◉ Noise detection and removal
◉ Face Recognition
◉ People Insights

To support the advanced machine learning techniques used in these technologies several of them were optimized to run on NVIDIA GPU’s. Additionally, these features were deployed in the cloud or directly on client devices in order to provide optimal processing and the best data privacy position for end users.

Cisco Study Material, Cisco Learning, Cisco Guides, Cisco Certification

2017


After several years of research and development, this was the year Webex first introduced AI that could change the way we meet and interact. For example, two big challenges we noticed back then were how we could reduce distracting noises (sirens, doorbells, dog barking, etc.), and how to present the best view of the conference room for remote participants. As a result, we introduced the following:

◉ Machine learning-based noise detection – Webex used AI to recognize these loud and annoying noises in the background. Once detected, the system prompted you to mute your microphone or suppressed common noises such as typing on a keyboard or rustling papers.

◉ Best overview and Speaker Track camera framing of participants – Video systems in the past were able to detect and zoom in on different speakers using multiple moving cameras. Modern Webex Rooms added intelligence to do this digitally with fixed cameras. They automatically framed up attendees as they talk to provide closeups of where the conversation is happening. This dramatically improved the experience of remote participants.

Cisco Study Material, Cisco Learning, Cisco Guides, Cisco Certification

2018


The rise of small, agile teams meant that collaboration wasn’t just happening in traditional conference rooms. Every shared space was effectively turning into a huddle room. Whatever space people met in, they wanted the same easy join/start/share experience.  So, our engineers not only made the conference room look even better to remote participants, but also improved the experience of people in those rooms. Webex Rooms systems have a modern hardware architecture that includes NVIDIA GPUs. This architecture allowed us to build sophisticated computer vision applications and bring AI-driven features to market faster. These included:

◉ Face detection and people count – Webex Room devices used computer vision and a collection of sensors to determine how many people are in the room, unlocking powerful room utilization insights for customers

◉ Presenter tracking – By detecting people and faces, Webex Room cameras could automatically follow the active speaker if they paced or moved about the room, so they always stayed in frame

◉ Conversational AI on devices (Webex assistant) – Webex brought to market the first voice-activated assistant to help you call someone, start meetings or share your screen without touching anything

◉ Automated pair and share: The Webex app connected to your Webex video devices wirelessly through ultrasound, and that’s when the magic happened. The proximity sensors in Webex Rooms could detect when you walked into a room, and the prompt on the screen would welcome you by name. And your Webex app could automatically pair to that device in order to share content without ever touching cables or fiddling with remote controls or cables!

2019


As the remote collaboration experience became better, what people wanted next was building a better, more intimate connection to the people they were meeting with on the screen. How could we shave off the 10 minutes of going around the room for introductions, and yet help you feel you already knew everyone you were meeting with?

◉ Relationship intelligence (People Insights) – Webex brought to market People Insights to provide users with comprehensive, real-time business and professional profiles of meeting participants, giving users context and increased insight about the people they meet with…either before the meeting or during the meeting.

◉ Facial recognition with name labels – To go along with facial detection, we launched facial recognition. Adhering to strict data privacy rules, those who opted in for this feature were able to have the camera system recognize their face and then display their name label under their face to all remote participants.

◉ Proactive collaboration assistant – With advancements in natural language abilities, Webex Assistant became even smarter. Previously, it was able to respond when spoken to and carry out actions. But now it could also proactively start a conversation. For example, when it was time for a meeting, Webex Assistant would wake up and ask the user if they want to join.

Cisco Study Material, Cisco Learning, Cisco Guides, Cisco Certification

Cisco Study Material, Cisco Learning, Cisco Guides, Cisco Certification

2020


This was/is the year where work from home become mainstream, and #RemoteWork started trending on social streams. Working from home presents some unique challenges and it became clear that new innovations were needed to make it easier to work from anywhere, without distraction. This has been a watershed moment for needing AI in collaboration, as more people dealt with all sorts of background and noise distractions.  How did Cisco Webex respond? With intelligent technology for the hybrid workplace:

◉ Background blur AND virtual replacement options across any device or OS – While other vendors offered this, Webex was the first to offer both blurring and virtual background across any device or operating system

◉ Mask-friendly People Counting: Webex Room devices are able to detect & count people regardless of which way they are facing, even if they are wearing masks! This information can now also be used for social distancing alerts based on room capacity.

◉ Noise Removal WITH Speech enhancement – Solving for background noise has become table stakes. With the recent acquisition of BabbleLabs, Webex has taken the technology to reduce meeting interruptions to the next level. This noise removal technology, powered by AI, goes beyond noise suppression by 1) distinguishing speech from background noise, 2) removing background noise in real-time, and 3) enhancing your voice to elevate communication, independent of language.

◉ A personal in-meeting assistant (expanding Webex Assistant in Meetings) – Now you have a personal collaboration assistant in every meeting! The Webex voice assistant expands beyond Room devices, to any Webex meeting, and uses advanced speech recognition and natural language understanding to turn talk into action.

◉ Real-time closed captioning – See what is being said, even if you are in a place that makes it hard to hear what is being said.

◉ Capture action items and highlights – Users can simply tell Webex to highlight certain points in a meeting or to create action items.

◉ Searchable and editable meeting transcript – After the meeting see the transcript, edit it, search within it, and easily share it. It automatically captured for you.

◉ Speaker labeling in transcripts– names are shown on notes, highlights, and transcripts to let you know who said what.

Cisco Study Material, Cisco Learning, Cisco Guides, Cisco Certification

When working from home, many people are faced with spotty Wi-Fi or bandwidth constrained home networks that just aren’t as robust as corporate networks. We improved Webex performance in such conditions by applying machine intelligence in a few core areas:

◉ Video Super-resolution – When there isn’t enough bandwidth to deliver HD video, Webex intelligently applies adaptive super-resolution. We’re able to deliver HD-like quality even when receiving 360p or lower resolution video.

◉ Region of interest encoding – Webex can intelligently identify the most important regions in a video frame, like a person’s face. When bandwidth is limited, Webex can still deliver high-quality video by making sure that the important parts of the frame look better, whereas other parts like backgrounds might be slightly lower quality.

Cisco Study Material, Cisco Learning, Cisco Guides, Cisco Certification

◉ AV1 Next-Gen Video Compression – AV1 is a new, next-gen video codec with an extensive toolset that delivers state-of-the-art compression performance. Last summer, in an industry-first demonstration we not only showed live encoding of 720p30 camera video at half the bandwidth of H.264 but also high frame rate share encoded at 1080p30 using around 2/3 of the bitrate of H.264 encoding 720p30, all on a commodity laptop. We’ve been making steady progress on this technology and soon you will see us implement it in Webex meetings, further reducing the amount of bandwidth required for a high-quality experience. 

What About my Data Privacy?


Webex brings powerful artificial intelligence and machine learning to your collaboration experience, at home or at the office, to help to foster relationships, enhance customer interactions, and build high-performance teams across boundaries. But what about data privacy? How are my data privacy rights being protected?

Our AI/ML initiatives are guided by a few core principles:

◉ Don’t retain data if you don’t have to
◉ If you do, keep it for the shortest possible time
◉ Be transparent about data usage
◉ Provide edit and deletion controls
◉ Empower end-users and admins

Monday, 19 October 2020

Get Ready to Crack Cisco CCNP Enterprise 300-425 Certification Exam

 

Cisco CCNP Enterprise 300-425 Exam Description:


The Designing Cisco Enterprise Wireless Networks v1.0 (ENWLSD 300-425) exam is a 90-minute exam associated with the CCNP Enterprise and Cisco Certified Specialist - Enterprise Wireless Design certifications. This exam certifies a candidate's knowledge of wireless network design including site surveys, wired and wireless infrastructure, mobility and WLAN high availability. The course, Designing Cisco Enterprise Wireless Networks, helps candidates to prepare for this exam.


Cisco 300-425 ENWLSD Exam Overview:

Related Articles:

Saturday, 17 October 2020

Stop playing whack-a-mole and put threats to rest with Cisco Stealthwatch Cloud

Cisco Prep, Cisco Learning, Cisco Tutorial and Material, Cisco Certification

I was recently able to grab some time with a Cisco customer to hear about their experience with Cisco Stealthwatch Cloud, a SaaS-based Network Detection and Response (NDR) solution. Aspire Technology Partners, a Managed Security Service Provider, explained their use of the product for one of its customers that was in a dangerous situation involving some slippery malware floating around in the network. As I worked on this case study, I couldn’t help but think of one thing in particular…The North Carolina State Fair.

I am a relatively new North Carolina resident. Prior to working from home, I was no stranger to the commute up I-40 to building 9 of Cisco’s RTP campus. As I found my way around my new home state, I kept hearing that the NC State Fair is a rite of passage for new residents. I decided to check it out. What an experience that was. I got to see a monster truck show, a lot of farm animals and the world’s largest pumpkin. I also ate more fried food on a stick than my heart could handle. We also got to play whack-a-mole, a game that requires you to smash each mole as they poke their heads out of the machine with a mallet. As you progress, you earn points for each successful ‘whack’. Unfortunately, you can never really win since they never stop popping up.

Without an NDR tool like Stealthwatch Cloud in place, the modern Security Operations Center (SOC) is effectively doing the same thing. Their endpoint and perimeter solutions, while critical to network safety, are playing whack-a-mole: stomping on malware and isolating devices as they become infected while still knowing that the network is still at risk. Without east-west monitoring and visibility into encrypted traffic, businesses are susceptible to subsequent attacks once malware has established a foothold on the network. If your security team can’t identify how threats are accessing the network, malware could stay hidden for months…or even years.

Aspire Technology Partners was working with a customer who deployed an Incident Response (IR) team to contain a threat, believed to be ransomware, that was surfacing all over their network. The Aspire SOC team decided to deploy Stealthwatch Cloud to track the malware through east-west traffic monitoring. Here are a few reasons why Stealthwatch Cloud was critical to not only detecting the threat, but also stopping it dead in its tracks:

Cisco Prep, Cisco Learning, Cisco Tutorial and Material, Cisco Certification
Stealthwatch Cloud deploys almost instantly

The Aspire SOC team deployed Stealthwatch Cloud on the customer’s private network in just 2 hours. This allowed the team to immediately start digging through east-west flows to hunt down the threat.

Stealthwatch Cloud detects threats behaviorally

Stealthwatch Cloud uses the network itself as a sensor, and offers both automated threat detection and the ability to search manually for threats. The team needed to identify the foothold of the attacker, and with comprehensive visibility provided by Stealthwatch Cloud, was able to discover that the malware found its way into the network via a vulnerable 3rd party device. No endpoint or agent-based solution could have figured this out.

Built-in remediation methods enable quick response to threats

Stealthwatch Cloud offers a wealth of integrations with 3rd party and Cisco solutions that allow users to go one step further and communicate across their organization, pivot into other tools to carry on an investigation and much more. Alerts come alongside their supporting observations that contain bits of context that users can leverage as they continue to investigate. A simple firewall rule blocked out this malware for good.

So, stop playing whack-a-mole, unless you’re at the fair. Even with proper agent-based and perimeter protection, your network may still be at risk. You can fill that gap and gain comprehensive visibility on-prem or in the cloud with Stealthwatch Cloud.

Friday, 16 October 2020

The Must-Know Techniques to Prevent IT Downtime

Cisco Preparation, Cisco Learning, Cisco Tutorial and Material, Cisco Guides

Everyone in IT knows the feeling. It’s the little voice in your head that pings you out of nowhere, and asks:

“Have I covered everything? Are we as prepared as we should be for an outage? How much does our resiliency plan have to change?”

You’re certainly not alone. Over the past three years, 96% of IT leaders have experienced at least one significant outage. In the same period, the average U.S. organization experienced 10 IT blackouts or brownouts.

Outages have become alarmingly close to common. Thankfully, there are strategies you can introduce to prevent unexpected downtime before it happens – and get the reassurance of comprehensive network insight to preempt issues.

The true cost of IT outages

When an organization’s network goes down, the effects can be anywhere from inconvenient to catastrophic. In total, IT outages cost North American businesses $700 billion every year.

These losses aren’t confined to revenue. Losses can impact internal productivity, mitigation costs, and even the brand. Just one hour’s downtime can cost an average of $250,000 to $300,000, depending on the size of an organization and its industry.

In the new era of ‘the customer experience’ – where expectations for a superior experience and network access continue to grow – the stakes for staying connected have never been higher.

The basics of incident prevention

The biggest challenge in preventing brownouts and blackouts is identifying root causes in advance and preempting their effects. To achieve this, your organization needs proactive processes to monitor your network, identify risks, and take preemptive actions.

However, monitoring can be difficult for understaffed IT teams, who are focused on the delivery of immediate business goals. Monitoring takes time, and automation is required to identify risk faster, accelerate remediation and reduce the chance of error.

There is another way. Cisco Business Critical Services (BCS) augments your team with analytics and expertise. By investing in experts who’ll continuously engage with your IT professionals and share proactive recommendations to prevent incidents, your teams can get greater visibility into their IT infrastructure to improve uptime, performance, and availability.

Become an expert by learning from others

It’s one thing to understand what could go wrong in your organization. The next step is learning from other businesses’ experiences, and how their outages can help prevent yours.

Thanks to advances in predictive analytics and machine learning, businesses now have access to global intelligence to predict weak points in their own networks. For example, Cisco’s BCS experts draw on their anonymized and proprietary database collected and aggregated from over 30 million devices worldwide.

By cross-referencing our data with your devices, we can help you identify and mitigate vulnerabilities before they impact your organization. Empowered by Cisco intellectual capital, our expertise – powered by analytics, insights, and automation – can help your IT teams avoid costly downtime.

How to review an outage

Likewise, if an outage does take place, a consistent, proactive approach is critical to reaching a positive outcome. As part of Cisco BCS Advantage, our Expert Incident Review recommends best practices to shore up your own incident review framework, then practice it, to improve your network stability and performance:

Turn adversity into opportunity

Network brownouts and blackouts are costlier than ever. But with incident prevention, regular reviews, access to Cisco experts, analytics, insights, and more, IT decision makers are well-positioned to deliver an always-on network.

Thursday, 15 October 2020

Cisco Data Centers Segment Routing Traffic Engineering for Service Providers

Cisco Exam Prep, Cisco Learning, Cisco Tutorial and Materials, Cisco Prep, Cisco Data Center

We are entering a new Era moving to 5G in global pandemic

As we move into the exciting era of 5G and witness an ever-growing number of new devices coming online, the transport network is finding its overall capacity tested in ways we’ve never seen before. Millions of mobile voice, data, and video users and millions more Internet of Things (IoT) devices connecting 24 hours per day means handling this traffic load will present a real challenge in the future.

Cisco predicts* there will be 50 billion devices connected to the Internet by 2020. Advancements in 5G make it more possible to connect industrial IoT, cars, virtual education, smart communities, industrial machinery, and robotics around the world, all piped through the same ultra-fast network.

There is a new perspective on the modern workplace. The first half of 2020 will go down in history as one of the most tumultuous times in living memory. The number of people working from home worldwide has doubled during the corona virus crisis. The pandemic is likely to cause a permanent increase in remote working even after the crisis. With little notice, this culminated in many businesses having to shift a large proportion of their workforce to a home working model – Leading to humongous reliability on technology to communicate and collaborate within an enterprise and between businesses.

Cisco Exam Prep, Cisco Learning, Cisco Tutorial and Materials, Cisco Prep, Cisco Data Center

Cisco Exam Prep, Cisco Learning, Cisco Tutorial and Materials, Cisco Prep, Cisco Data Center

Where Service Providers stand nowadays?

We’re living in a world where application loyalty has become a real measure of brand loyalty. Service Providers are striving to make the application capable of reaching the end-user quickly enough to prevent the degradation of the experience. Network slicing and segment routing provide intelligent routing and traffic differentiation required to efficiently support this distributed architecture.

Service Providers end to end network starts with a fabric relying on the Cisco Nexus 9000 Switches, which provide the foundation for data centers, data centers interconnection with the core and segment routing traffic engineering SR-TE for network slicing.

Segment Routing Operation

Segment routing divides the network into “segments” where each node and link could be assigned a segment identifier, or a SID, which gets advertised by each node using standard routing protocol extensions (ISIS/OSPF or BGP), eliminating the need to run additional label distribution protocols.

As service providers architect the 5G transport domains, leveraging segment routing with traffic engineering is the next generation network design direction.

Nowadays, many Service Providers are moving to Segment Routing because it allows the network to differentiate the way it delivers applications with unmatched simplicity and scalability.

We have engineered segment routing to the NX-OS software code on Nexus 9000 series switches. The unprecedented growth requires Service Providers to transform their networks, and Segment Routing is becoming one of the keys to successfully paving the way to that transformation.

Segment Routing Traffic Engineering (SR-TE)

Segment Routing Traffic Engineering (SR-TE) provides a simple, automated, and scalable architecture to engineer traffic flows in a network. SR-TE takes place through a tunnel between a source and destination pair where it uses the concept of source routing, where the source calculates the path and encodes it in the packet header as a segment.

TE is a discipline that assigns traffic flows to network paths in order to satisfy Service Level Agreements (SLAs). For example, assume that a service provider maintains an SLA with a customer. The SLA guarantees low loss but does not guarantee low latency. Therefore, the service provider might apply a TE policy to that customer’s traffic, which forces it to take low loss paths.

Nowadays, Cisco Nexus 9000 series switches enables customers with segment routing for traffic engineering (SR-TE), which enables Services Providers not needing to maintain a per-application and per-flow state. Instead, it simply obeys the forwarding instructions provided in the packet. This is the corner stone capability to have 5G networking slicing within a backhaul network.

SR-TE utilizes network bandwidth more effectively than traditional MPLS-TE networks by using ECMP at every segment level. It uses a single intelligent source and relieves remaining nodes from the task of calculating the required path through the network.

What is Network Slicing and what the Nexus Switching platform with NX-OS offers to Service Providers?

Network slicing is a flexible, scalable architecture that allows the multiplexing of virtualized, independent networks on the same physical infrastructure, taking advantage of concepts such as Software Defined Networking (SDN) and Network Function Virtualization (NFV). It enables the management of multiple logical networks as virtually independent business operations on a common physical infrastructure.

With end-to-end network slicing, Services Providers differentiated services can be offered on the same network infrastructure with guaranteed SLAs, creating a sizable opportunity. As the underlying virtualized 5G networks become more complex, automation is essential to operate at scale to contain costs. And an open environment is critical to enable new industry partners to develop new services and drive revenue.

It offers the ability to partition mobile networks into a set of virtual resources, and each “slice” can then be allocated for different purposes. It is a key concept in 5G and a way to utilize the network in a more intelligent and cost-effective way than ever before.

How Does Network Slicing Differ from Segment Routing?

Network slicing and segment routing are two separate functions that work together to improve the end-user experience.

Segment routing is gaining popularity as a means of simplifying Multi-Protocol Label Switching (MPLS) networks. We see segment routing changing the way MPLS networks function and facilitating the adoption of SDN. Because segment routing directs traffic on a stateless, flexibly defined path, it has the benefit of being programmed by an SDN controller or locally by the head-end source-based routing.

Introducing Service Provider 5G Networking with SR on NX-OS – SRTE – Flow-based Traffic Steering

Cisco NX-OS provides a seamless protocol gateways functionality that merges the border leaf/spine and the MPLS provider edge router into a single device (WAN Edge) to provide Layer 3 external connectivity to data center fabric.

Cisco Exam Prep, Cisco Learning, Cisco Tutorial and Materials, Cisco Prep, Cisco Data Center
Unified data plane in transport MPLS SR hand-off

Seamless Protocol Gateways

Data Center deployments have adopted VxLAN EVPN for its benefits such as EVPN control-plane learning, multitenancy, seamless mobility, redundancy, simple expansions, and proportional multipath for VNF.

Within the data center fabric, VxLAN QoS enables Service Providers to provide Quality of Service (QoS) capabilities to traffic that is tunneled in VXLAN. This includes classifying traffic and assign different priorities, and queuing & scheduling process which allows to control the queue usage and the bandwidth that is allocated to traffic classes.

For large scale deployments involving several VRFs extending to the core transport, configuration and operations becomes cumbersome especially using VRF-Lite with large number of routing sessions. A single control plane session (MP-BGP EVPN) is used for all VRFs instead of having per-VRF session between VxLAN EVPN fabric node and core network.

Cisco Nexus functionality seamlessly interconnects VxLAN EVPN fabric with Segment Routing L3VPN by allocating a per VRF (tenant) label and advertises to the L3VPN peer(s) across the Telco core transport network providing an end-to-end traffic classes path control by matching the 5-tuples and/or DSCP values which is a key 5G network slicing concept.

This functionality seamlessly interconnects VxLAN EVPN fabric with Segment Routing L3VPN by allocating a per VRF (tenant) label and advertises to the L3VPN peer(s) across the Telco core transport network providing an end-to-end traffic classes path control by matching the 5-tuples and/or DSCP values which is a key 5G network slicing concept.

Tuesday, 13 October 2020

Why Being Different Is Better

Cisco Prep, Cisco Learning, Cisco Tutorial and Material, Cisco Learning, Cisco Exam Prep

At last year’s Partner Summit, Cisco Channel Chief Oliver Tuszik talked about how partners can “own their edge” to uniquely differentiate themselves and help them perform today while transforming for the future. You may also recall his hilarious comparison to a monkey. Although he and the monkey share 99% of the same DNA, the 1% makes them very different beings. That 1% difference in a business context is a competitive advantage that leads to greater partner margin, revenue, and material business outcomes for customers. It is why differentiation is a big focus for Cisco and our partners.

Cisco Prep, Cisco Learning, Cisco Tutorial and Material, Cisco Learning, Cisco Exam Prep
When we talk about differentiation within the Strategic Partner Organization, we’re referring to how we work with our global partners to create a unique competitive advantage that showcases our joint capabilities for customers. How do we do this?  We use a combination of co-developing technology, integrating platforms with APIs, creating new go-to-market initiatives, and building new solutions and joint architectures that open up new buying center budgets within customers. This differentiation is the secret sauce that gives Cisco and our partners the competitive edge to deliver business outcomes.

Differentiation at Work

Here are a few real-world examples of how Cisco and some of our global strategic partners are driving differentiated business outcomes:

NTT

NTT Ltd. provides customers with outcome-based solutions powered by investments and strategic collaboration with Cisco. Our partnership centers around the joint development of consumption and adoption models for software (and services) that delivers on the promise of client-centric, data-driven, managed services. Seamless access to accurate and actionable data is the key differentiator for NTT Ltd., which is integrating more than 160 APIs and telemetry from Cisco platforms, products and programs into their service layer and managed center portal. API integration and telemetry allow customers to realize the full value of software licenses, easily track ROI and build new opportunities for innovation and growth, while ensuring a delightful, data-driven customer experience.

SAP

Through Cisco’s AppDynamics Business IQ for SAP, customers can visualize their SAP application performance and measure how that performance impacts their business health. The solution, which also monitors non-SAP business processes, uses machine learning algorithms to flag operation bottlenecks and provide root cause analysis so customers can remediate the issue. Read our SAP Partner Executive Robert Madl’s August blog “Monitoring SAP Business Processes with Cisco AppDynamics” for more details.

Schneider Electric Industries

Industry 4.0 is enabling digital transformation and delivering business outcomes such as increased agility and productivity gains while reducing operating costs for customers in manufacturing and industrial plants. Cisco and Schneider Electric Industries are committed to take advantage of this market with our joint differentiated solution architecture EcoStruxureTM. Our latest offer, SecureConnect EcoStruxure, leverages Schneider’s market leading IIoT applications integrated with Cisco’s industrial networking, edge intelligence and end-to-end security solutions. It was recently deployed by a large global mining company, which used asset optimization and asset tracking. Additional industry use cases include predictive maintenance and remote monitoring.

Deloitte

Another example of partner differentiation is the collaboration between Cisco and Deloitte. We team together to leverage Deloitte’s cyber strategy and transformation experience with Cisco’s industry leading security portfolio of products. Combining our joint strengths, we helped a large healthcare provider bridge security capability gaps, identify and align on key security priorities, and achieve security objectives through a Security Enterprise Agreement (EA) Value Assessment. The Assessment is designed to provide an objective third-party evaluation of EA value over the agreement’s term, providing customers with data to develop an actionable strategy to realize the highest value of a Cisco Security EA.

NetApp

Our customers live in a hybrid cloud world. They seek consistent and reliable ways to manage their data—whether in the data center, at the network edge or in the public cloud. You’re likely aware that Cisco and NetApp’s converged infrastructure platform FlexPod has supported mission critical applications for over a decade. But did you know that FlexPod offers an elegant solution for modern, hybrid cloud environments? FlexPod leverages NetApp’s Data Fabric, a part of their ONTAP storage operating system, to accelerate digital transformation by simplifying and integrating data management across cloud and on-premise environments.

Sunday, 11 October 2020

Top 5 reasons to keep your Identity and MFA providers in sync

Cisco Learning, Cisco Tutorial and Material, Cisco Exam Prep, Cisco Tutorial and Material

By now, you may have heard about SecureX, Cisco’s new integrated platform that simplifies the security experience. SecureX is built into the Cisco security portfolio, and connects your entire security ecosystem for simplicity, better visibility, and greater operational efficiency. SecureX sign-on is one of the key features of SecureX – it’s giving users instant access to the platform and all of their applications and data, while keeping the identity provider (IdP) and multi-factor authentication (MFA) in sync.

Is your organization using an IdP and MFA provider? You can make life easier for your SecOps team, while strengthening your organization’s cybersecurity posture, improving compliance and increasing visibility without adding tasks to your team. This post will describe a new automated process that can do all these for you.

Background

With SecureX sign-on, we are using several identity providers (like Okta, Auth0, Azure AD and Cisco security) as our applications need and see fit. We chose Duo to be our multi-factor authentication (MFA) provider as it gave us great visibility into our customers’ security posture and is a very flexible MFA. Now we needed to have our Identity and MFA Providers in sync.

An identity provider (abbreviated IdP or IDP) is a system entity that creates, maintains, and manages identity information for principals while providing authentication services to relying applications within a federation or distributed network.

Multi-factor authentication is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).

Multi-factor authentication reduces the incidence of online identity theft, because the victim’s password would no longer be enough to give a thief permanent access to their information.

Why do my Identity and MFA providers need to be synchronized?

Cisco Learning, Cisco Tutorial and Material, Cisco Exam Prep, Cisco Tutorial and Material

Here are 5 reasons to keep them in sync:

1. General security hygiene. Keeping user names and deletion in sync to avoid two split brain databases is always a good idea – you never know when you are going to try to research an issue.

2. User deletion. For both compliance and security reasons, if I delete a user, I want him gone from all my databases. Almost every IDP has 50% ghost accounts and cleaning them up is important.

3. Reset user’s credentials. The number #1 reason for calls to our call centers are lost phones and mistaken registration. Allowing for a simple way to reset from one place that permeate everywhere.

4. Policy is king. Keeping the data in sync allows me to create dynamic policies that traverse the single provider.

5. Reporting. Providing meaningful reports, with groups in place I can show specific admins how their domains look like.

Why not use SCIM?


System for Cross-domain Identity Management (SCIM) is a standard for automating the exchange of user identity information between identity domains, or IT systems.

User identities synchronization can be achieved using the SCIM specification, however not all MFA providers want to use or can use SCIM. This SDK keeps users synchronized between service providers in this case.

How this works


Cisco Learning, Cisco Tutorial and Material, Cisco Exam Prep, Cisco Tutorial and Material

A user can update his profile details in the IdP service.

An admin can perform the following actions in the IdP service:

◉ Create/delete a user
◉ Create/rename/delete a group
◉ Associate/disassociate a user to a group
◉ Disable/reenable a user
◉ Reset MFA for a user
◉ Supported Identity Providers

This list is expected to grow with time

◉ Okta
◉ Auth0

Supported MFA Providers

This list is expected to grow with time

◉ Duo Security

Deployment

The Webhooks endpoint can run anywhere, even on-prem.

Deployment scripts to AWS, Azure and Google Cloud are provided via Terraform.

Supported Cloud Providers

◉ AWS
◉ Azure
◉ GCP