Wednesday, 11 November 2020

Tetration Updates – New capabilities for microsegmentation and workload security

Cisco Prep, Cisco Learning, Cisco Tutorial and Material, Cisco Exam Prep

Cisco Tetration release 3.4 expands support for micro-segmentation, workload and container security

Cisco Tetration, a leader in micro-segmentation and workload security, announces significant new enhancements, available now, that help security architects achieve the protection required for today’s heterogeneous multicloud environments.

One of the key challenge’s businesses face is how to provide a secure infrastructure for applications without compromising business agility.  With the rise of cloud usage, containers and microservices architectures, you need a solution that brings security closer to your applications using a new firewall type of enforcement that surrounds each workload.  Many companies like Per Mar Security Services choose Tetration to be the foundation of their zero-trust and broader cybersecurity plan, protecting their critical applications from compromise.

This latest Tetration release includes features that support new microsegmentation capabilities, workload protection, sensor support for new operating system versions, platform features required for enterprise customers and much more.

Enhancements include:

Cisco Prep, Cisco Learning, Cisco Tutorial and Material, Cisco Exam Prep
Microsegmentation:

Enhanced usability and management of microsegmentation.  Granular control to specify which workloads should receive what policy elements, making policy definition, generation, and enforcement much more flexible and customizable to your environment

Latest versions and enhancements across Kubernetes and OpenShift orchestration platforms and support for microsegmentation policy enforcement on ingress controllers such as HAProxy or Nginx .

Application dependency mapping updates to speed policy generation.  (ADM offers forensic understanding of applications/workloads and their complex interdependencies)

Compromised state awareness: alerting/ policy changes after a workload or endpoint is detected as compromised with flows to a known threat.

Cisco Prep, Cisco Learning, Cisco Tutorial and Material, Cisco Exam Prep
Workload Protection:

Enhanced vulnerability detection that leverages, in addition to NIST CVE (Common Vulnerabilities and Exposures) database, the latest threat intelligence from Operating System vendors to ensure accuracy and the most up to date risk profile for applications in your environment.   

New MITRE-based attack detection techniques and tactics plus several new anomalous Windows processes alerts.

Cisco Prep, Cisco Learning, Cisco Tutorial and Material, Cisco Exam Prep
Usability and operational improvements

New and improved user interface to better visualize and manage application scopes, workloads that are part of those applications and associated hierarchies.

Improved visualization of policy version differences to easily understand what rules were added or removed and also filter for specific rules based on number of parameters.

Resiliency features including new mode of continuous data backup, new backup and restore workflows, the Federation of multiple Tetration clusters for a high degree of scalability and availability.

Cisco Prep, Cisco Learning, Cisco Tutorial and Material, Cisco Exam Prep
Software sensors:

OS updates: Support for the latest versions of key operating systems our customers care about (RHEL, CentOS, Oracle Linux, Ubuntu, plus added support for IBM AIX for legacy applications in key verticals like healthcare and financials.

Easily transition from deep visibility to policy enforcement to speed the time to microsegmentation

Enhanced monitoring and management features for better sensor visibility and usability in key areas like monitoring, installation, upgrade status.

Cisco Prep, Cisco Learning, Cisco Tutorial and Material, Cisco Exam Prep
3rd Party Ecosystem Partners

ServiceNow CMDB integration for ingesting CI (Configuration Item) attributes to provide more context to help define inventory filters, tag workloads, define policies, and visualize flow traffic.

Native support for Workload AD (Windows Domain Controller) for rich user and workload context to enhance policy definition, inventory filters and visualize flow traffic.

Tuesday, 10 November 2020

Experience the Future with Cisco and the Internet of Things

Cisco Exam Prep, Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Prep

It’s the year 1950, and I’m asking you what you imagine technology would be in 70 years; what would you say? My guess is you proceed to list out some science-fiction-like answers such as the existence of space exploration programs, maybe artificial intelligent robots, or perhaps the invention of some all-knowing neural network that enlightens humankind through accessible information. While such ideas may have been on the cusp of science-fiction at the time, it’s incredible to realize that we are in the generation where many of these innovations not only exist but are customer-ready today!

Oh, and by the way, remember that “all-knowing neural network” you had mentioned? This is what we presently refer to as the internet and, of course, is what you are using to access this blog at this very moment. Despite how much of a technological breakthrough the internet was during its invention in 1983, it has become such an everyday tool, and it just doesn’t spark the same excitement as it once did.

Let me be that unwarranted catalyst and re-ignite that internet excitement by introducing a new generation of internet-powered technology. A generation of technology that can harness the limitless knowledge of the internet and engrain it into inanimate objects connecting us in a way never thought possible. I am referring to the Internet-of-Things (IoT), a technological innovation spearheaded by Cisco and its state-of-the-art Application Hosting on the Catalyst Access Points (AP) platform.

What is the Internet of Things?

The Internet-of-Things is a concept where a wireless network is leveraged for communication with smart devices to accomplish tasks in a more simplified, efficient, and often automated manner. In fact, many IoT products probably have already found their way into your home already. These products come in all shapes and sizes, but some examples could be a voice-activated speaker such as an Amazon Alexa, a mobile application-controlled thermostat such as a Nest Thermostat, a motion-activated doorbell camera such as the August Doorbell Cam, or more excitingly, a voice triggered music playing salt dispenser such as the SMALT!

Other than the salt-dispenser (which actually exists), these are all products that, due to their simplicity and usefulness, have become seamlessly integrated into many of our lives.

Cisco Exam Prep, Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Prep
Figure 1: Modern Internet-of-Things products leveraging a wireless network.

So, if IoT already exists, what is Cisco’s role in this field?

Think about how IoT products work, and you’ll realize it requires a robust wireless network to connect the IoT endpoints to the information it needs to operate. While a single wireless router can easily accomplish this for a typical household size deployment, the challenge is how we can execute this at an enterprise level, where hundreds to thousands of IoT devices must work together to form a single solution. Without a proper management infrastructure to provide visibility, serviceability, and security, IoT at scale can be a complete nightmare to deploy and manage.

Cisco’s Internet of Things Solution


Application Hosting on the Catalyst Access Points and Cisco’s intent-based networking platform, Cisco DNA Center is the solution that solves this problem. This integration allows users to leverage Cisco DNA Center to deploy custom IoT applications directly onto docker containers within Cisco’s Catalyst Wi-Fi 6 access points. This integration with Cisco DNA Center solves the problem of visibility and serviceability at scale by taking on the applications’ life cycle manager’s role and allowing users to take advantage of their existing Cisco wireless infrastructure for IoT communication.

During Day 0, a user simply uploads the IoT application onto Cisco DNA Center, and from there, can choose what locations to deploy the application. From Day 1, applications throughout an entire network can now be easily monitored and maintained through a GUI and even upgraded by simply uploading then deploying a newer version of the IoT application. With this integration with Cisco DNA Center, IoT application management has never been easier!

Cisco Exam Prep, Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Prep
Figure 2: Cisco DNA Center’s simplistic IoT application deployment workflow.
 
After deploying the IoT application onto the access points, the application then begins communication with its application server, leveraging each access point as an IoT gateway to communicate with surrounding IoT devices. This communication with surrounding IoT devices happens through an IoT USB connector inserted into the Cisco Catalyst access point, which can broadcast anything from Zigbee to BLE to vendor-specific proprietary RF protocols, providing true versatility to IoT solutions possible.

Cisco Exam Prep, Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Prep
Figure 3: Application Hosting on the Catalyst Access Points IoT Topology.

What about the IoT Application itself?


This is where things get exciting! Cisco is now open for partnerships with third-party IoT development companies, providing them with the opportunity to integrate their IoT solutions with Catalyst access points. While the development of IoT applications may not be a simple feat, Cisco has streamlined the process by creating an entire website, DevNet, with the sole purpose of supporting third-party application development. With DevNet, you now have an intuitive step-by-step guide that will teach you how to go from writing a basic “Hello World” application to creating an innovative end-to-end IoT solution capable of solving real-world problems!

The marketplace of IoT Technology


Once the application has been developed, as a partner, you can then join the Solution Partner Program, which allows you to post your IoT solution directly onto DevNet. Essentially, Cisco aims to create a whole marketplace of ready-for-deployment IoT solutions, providing customers with a one-stop-shop to browse, discover, then deploy IoT solutions that best fit their niche business needs.

Cisco Exam Prep, Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Prep
Figure 4: Cisco Solution Partner Program.

Together, Application Hosting, Cisco DNA Center, and DevNet form a truly seamless IoT experience that allows partners to materialize, and customers deploy any IoT envisioned solution through Cisco’s powerful yet simplistic wireless infrastructure. And that is something that anyone could have predicted!

Saturday, 7 November 2020

Invest In Your Most Critical Assets: People

Cisco Prep, Cisco Guides, Cisco Learning, Cisco Exam Prep, Cisco Tutorial and Material

If you asked our customers and partners what their most important asset is these days you’d get a variety of answers. Everything from infrastructure to real estate to mission-critical applications. To Bell Canada, one asset you can’t overlook is your people. Their philosophy is investing in people will always pay positive dividends. While investing in people may seem like common sense, Bell has taken this to the next level and has streamlined and optimized the development of their Sellers and Solutions Architects. How have they done this you ask? One way is by leveraging Cisco’s premiere architecture enablement platform, the Cisco Black Belt Academy.

Bell and Cisco. A Long-Standing Partnership.

Bell Canada, a leading Canadian provider for telecommunication services, has been a Gold Partner with Cisco Canada for decades and has always been amongst the top tier partners amongst our roughly 1,800 partners across the country. Year after year, Bell and Cisco have had significant joint success, recognized for consecutive years during Cisco Partner Summit. In 2018, Bell was recognized by Cisco for being the #1 overall partner in the Americas and has been Canada’s Partner of the Year for two years running.

“Over the course of many years, Bell has been well aligned to Cisco because of our tremendous synergy as a value-added reseller – a relationship that covers many different domains of the business. Our mutual expertise includes Network, Security, Cloud, Voice/Unified Communications and the Internet of Things,” commented Errol Fernandes, who leads Bell’s Enterprise Architecture teams as he addresses the partnership.

Ever evolving technology and staying current

As the Greek philosopher Heraclitus said, “The only constant is change.” Little did Heraclitus know that this would be the theme of our decade. The rate at which our customers’ needs continue to evolve is unprecedented. And as we have all witnessed, technology vendors and providers need to adapt quickly to continuously deliver the same best-in-class experience that customers have come to expect.

Fernandes reminds us “our technical team prioritizes staying current on the latest technology, and that includes the most recent Cisco software solutions. The Bell team has always been extremely diligent at getting the standardized certifications that Cisco offers (CCIE, CCNA etc.), and with  Cisco’s continual acquisition approach – to expand and integrate the latest technologies to solidify each portfolio – our technical sales team of almost 300 resources always needs to upskill.” This is where the Cisco Black Belt Academy aims to help in keeping partners current.

Cisco Prep, Cisco Guides, Cisco Learning, Cisco Exam Prep, Cisco Tutorial and Material

Cisco Black Belt and Developing Expertise


The Cisco Black Belt program is an enablement framework consisting of carefully curated training content, that Cisco employs in ensuring its Sales and Technical teams are well versed on the latest technologies and solutions. This framework, has allowed Cisco’s Channel Partners like Bell to integrate directly into their existing training programs. Bell in many ways, has led this charge and has rolled out Black Belt to train its roughly 300 technical and sales team members.

By leveraging the Cisco Black Belt program, Bell has been able to carefully create custom development plans that align to specific roles within the Technical Sales team within Bell Business Markets. These development plans were curated early in 2020 and went through multiple planning revisions before a successful implementation of a pilot program.

In this pilot, a group of 16 Solution Architects from various practices completed role-specific training content. At the end of the pilot the solutions architects gave a 4 star+ rating for overall user experience and content relevancy; which is outstanding for this type of pilot. Rami Al Saber, one of the pilot participants says “I believe it is a great tool for various sales teams and technical sales teams to try, as it has great learning tools.”

Because of the dynamic nature of the framework and the practical way individuals are certified – typically through proof of concepts, a solution sale or customer design – Bell is confident in the quality of the training and enablement. By partnering with Cisco and investing in their people with the Black Belt Academy, Bell is very well positioned to navigate through these uncertain times, and accelerate their business.

Friday, 6 November 2020

How Cisco Silicon One Can Help You Save Millions

Cisco Prep, Cisco Learning, Cisco Certification, Cisco Guides, Cisco Exam Prep

Cisco Silicon One changes the paradigm of energy consumption and why that matters to the environment and how we’re dramatically more efficient than other 12.8T silicon. As the father of two young children, this is something I spend a considerable amount of my free time fretting over. As an engineer at Cisco, I feel fortunate that I can help control the continued rise of carbon emissions by developing products that focus on power efficiency.

Working for an equipment manufacturer makes it easy to focus on how the advancements we’ve made with Cisco Silicon One significantly affect one box but miss the larger impacts of what happens at a full web scale data center level. So I spent some time analyzing how building systems with Cisco Silicon One could impact customers deploying massive web scale networks. I created a model for a web scale data center with 110,000 servers to help you understand the ramifications.

Going into the analysis, I wasn’t really sure what to expect, but I was amazed when I found that simply by deploying Cisco Silicon One customers could save up to 580kW and up to $9.75 million dollars. Let’s look closer at what I modeled and what I found.

Most web scale customers treat data center topologies as carefully guarded secrets so I created a representative topology using 1RU pizza boxes with a 3.2Tbps Top of Rack (TOR) switch, a 12.8Tbps leaf switch, a 12.8Tbps spine switch, and a 12.8Tbps Data Center Interconnect (DCI) router.

Cisco Prep, Cisco Learning, Cisco Certification, Cisco Guides, Cisco Exam Prep

I then analyzed how energy consumed by the switch silicon is delivered through a system and the greater facility, as well as how the heat generated in the process is removed. The less efficient the systems and facilities are, the larger the savings would be with Cisco Silicon One.

As an engineer, I find it more persuasive to lean conservative in my estimates and show potential savings even with highly efficient systems and facilities. The model makes the following assumptions: a total system efficiency of 85 percent and a facility Power Usage Efficiency (PUE) of 1.2.

Both are close to industry-leading numbers. Together these show that for every watt consumed by the switch silicon, 1.41W will be consumed by the facility.

Cisco Prep, Cisco Learning, Cisco Certification, Cisco Guides, Cisco Exam Prep

Because of the impressive efficiency of Cisco Silicon One versus other silicon on the market, simply by building a network with Cisco Silicon One could save customers up to 580kW or 30 percent of network switching power.

Cisco Prep, Cisco Learning, Cisco Certification, Cisco Guides, Cisco Exam Prep

As impressive as the power savings is, what’s more interesting is what saving that much power means to the customer.

According to the U.S. Energy Information Administration (EIA), the average commercial price per kilowatt-hour (kWh) is 10.67 cents, while in low-cost regions it can be as low as 4.68 cents per kWh. And according to Turner & Townsend, building a 30MW web scale data center costs between $7.1 and $8 per watt in the United States. Together, these may enable a customer to save between $6.8 million and $9.75 million over a 10-year period.

Cisco Prep, Cisco Learning, Cisco Certification, Cisco Guides, Cisco Exam Prep

The power reduction in networking can also be used to add more revenue-generating servers. With an average server power of 500W, this translates to being able to add another 966 servers or roughly a one percent increase in the total server count of the facility.

These were astounding findings. But what’s most impressive about Cisco Silicon One is that while we can be so energy efficient, we also provide the highest performance and most flexible routing and web scale switching silicon on the market under a fully unified architecture.

Thursday, 5 November 2020

The New Care Outlook, According to Healthcare Executives

Cisco Prep, Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Exam Prep

This year, the healthcare sector has been thrust into the spotlight globally. Healthcare is the front line, but also our last line of defense in this pandemic – doing incredibly important, but also dangerous work with huge health and economic consequences.

To date, healthcare providers have been focused on the response phase of COVID-19 which, as the state of Victoria in Australia has proven, is not necessarily linear. We are starting to realize that this pandemic is not predictable, and we will need our systems, institutions and individual mindsets to be dynamic, adaptive and resilient.

To discuss the impact of the pandemic to care and the outlook in a post-pandemic world, we gathered virtually more than 30 health and aged-care executives from Australia, New Zealand and the US. The conversation was part of a Cisco round table, aligned to a broader industry series and anchored by perspectives from Silver Chain Group (Dale Fisher), the Cisco-RMIT Health Transformation Lab, Flinders University and representatives from executives at acute and community health institutions.

The conversation highlighted a number of themes that describe the challenges and opportunities in healthcare ahead and are summarized in the graphic below.

Cisco Prep, Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Exam Prep

One of the strong themes emerging from the round table was the importance of digital infrastructure and capability in helping institutions maintain business continuity, improve levels of care, and ultimately be more responsive to changing conditions. In the quest for short term workarounds, organizations are realizing that things like cybersecurity and redundancy cannot be compromised.

A similar round table is planned for earlier next year to again reflect on and re-imagine the next normal that we are now living through.

Stay tuned for additional insights on that round table!

Cisco Prep, Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Exam Prep

Wednesday, 4 November 2020

Protecting Our People

Cisco Executive Platform, Cisco Exam Prep, Cisco Certification, Cisco Guides, Cisco Study Materials

You might have read about a claim brought against Cisco by California’s Department of Fair Employment and Housing (DFEH) on behalf of a current Cisco employee, claiming that the employee (we’ll call him “G.,” not his real initial) was denied opportunities by his manager on the basis of G.’s Indian caste. Because the claim of caste discrimination is novel in the American legal system, it has received a lot of attention. This blog is to update you about this case and what we’ve learned.

For those not familiar with the concept of caste, caste refers to a system of dividing society into hereditary classes, some of whom inherit exclusive privileges. While caste is most frequently used to refer to distinctions in Indian society, the concept is a useful one for understanding many different kinds of discrimination based on hereditary characteristics. Isabel Wilkerson, whose Warmth of Other Suns helped me understand the insidious nature of anti-Black racism in the US, has written a magnificent new book applying the concept to US racism, entitled Caste: The Origin of Our Discontents. To understand the analysis more fully, you may want to read the book, or read Harvard Law Professor Ken Mack’s great Washington Post review.

Cisco has a long history of zero tolerance for discrimination. We began pay equity reviews more than five years ago, and have extended that to promotions and the full spectrum of compensation, beyond base pay. With our roots in California, Cisco has long taken an expansive view of workplace discrimination and, even before the US adopted legal protections based on sexual orientation, we pledged to and did investigate (and where needed remediate), any case raising issues of discrimination based on LGBTQ status. We also are committed to transparency. Unlike many companies, we are fully transparent with our employees and our Board about the number of internal complaints raised by employees alleging bias, discrimination, harassment, or bullying and bad behavior.

Our conscious culture is a big part of the reason that we recently were selected for the second year in a row as Global #1 in the “Great Places to Work” survey. The results are based on our own employees’ own responses to the survey. Part of being a great place to work means honestly confronting challenges and pushing ourselves to do better. When G.’s complaint came to our Employee Relations Department, it was indeed novel – we had never encountered a claim of casteism. Nevertheless, Employee Relations management instructed that it be investigated as would be any complaint of discrimination, even though there is no law, federal or state, defining caste as a protected classification. Here’s what we learned:

☉ G. was hired by Cisco approximately five years ago as a Senior Engineer working on highly coveted, advanced projects. G. was recruited and hired to the role by someone G. had known since they had attended university together in India. That person became G.’s manager at Cisco.

☉ In keeping with the special role working on advanced technologies for which he was recruited, G. received from his manager special bonuses to come to Cisco. Even within that special projects team, G. was among the highest compensated members.

☉ G. claims that shortly after he started at Cisco, the same manager who recruited and hired him for this selective engineering position, and knew his caste when he did so, had told another team member the year before that G. was not on the “main list” at their university, which G. feels revealed G.’s caste to his coworker. G. does not allege that he suffered any discrimination in this first year even though his caste was apparently known to some of his coworkers. G claims that he spoke to his manager about this alleged statement and that his manager thereafter retaliated by failing to give him a leadership position in the aftermath of a team restructuring, and isolating him from the team.

☉ G. also alleges that his subsequent manager continued the alleged acts of retaliation and discrimination. And he alleges that another coworker of Indian origin (whose caste G. doesn’t mention) received a management role that he wanted.

☉ The manager against whom the vast majority of these allegations were made, is the same manager who hired, gave leadership opportunities, provided top compensation, including special bonuses, to G., all the while allegedly having knowledge of G.’s caste because of their relationship that dated back to their studies together.

The Cisco investigation was thorough and complete. We found no evidence that G. was discriminated or retaliated against on the basis of caste. G. also had the opportunity to seek a thorough second-level review of the outcome of the initial investigation, which was conducted, and the initial findings of no caste discrimination or retaliation were confirmed. Given our principles, had we found discrimination or retaliation, we would have remediated it, regardless of the fact that there is no legal basis in the US for a claim of caste discrimination.

Ultimately G. sought out, was offered, and accepted a lateral role on another engineering team at Cisco, where G. still works, with no degradation of compensation.

Given this history, we were surprised the California DFEH decided to file a complaint. Concerned that G. might be discriminated against further were his caste publicly known, DFEH and G. have insisted on keeping G.’s identity confidential, a courtesy neither he nor the DFEH extended to G.’s former managers. Instead, they publicly named the managers, resulting in harassment and abuse on social media with no chance to be heard and defend themselves.

We must of course respond to the DFEH complaint. G. signed an arbitration agreement when his employment at Cisco commenced, and once we informed the DFEH that we would be asking the court to refer the case to arbitration, the DFEH voluntarily dismissed the case from federal court and refiled in state court. Even now that we are in state court, we are asking the court to refer the case to arbitration. We have a workforce in the US of over 30,000 employees. And, in the past five years, we’ve only had 14 employee-initiated claims proceed to arbitration.

Cisco Executive Platform, Cisco Exam Prep, Cisco Certification, Cisco Guides, Cisco Study Materials
We are well aware of the concerns about arbitration that have been raised in the context of the #MeToo movement. To ensure those concerns are addressed for all claims of unfair treatment by our employees, we’ve taken intentional steps to ensure that all arbitrations arising from claims brought by Cisco employees address these concerns:

◉ We don’t ask that employees keep the results of arbitration confidential (even though we are bound to do so if the employee requests);

◉ Employees choose the site of arbitration, so employees aren’t forced to pursue their claim in a far off or inconvenient place;

◉ Cisco pays for the costs of the arbitration;

◉ The employee is a coequal partner in selecting the arbitrator – this isn’t our decision alone; and

◉ If we enter into a settlement agreement, we do not require confidentiality regarding the facts of the case.

Given G.’s reputation concerns and desire for privacy, arbitration should be G.’s preferred forum as he will be able to control whether it is public or not.

We thoroughly examined G.’s concerns and continue to believe that he was treated fairly. We also don’t believe we should be subject to claims either in court or in an arbitration for a form of alleged discrimination that is not legally recognized. We would however fully support the Legislature adding caste to the list of categories having protection against discrimination. Until that happens, we will continue to treat caste as an unacceptable form of discrimination for purposes of our internal reviews – as we did in G.’s case.

Source: cisco.com

Tuesday, 3 November 2020

Bolstering Cyber Resilience in the Financial Services Industry: Part One

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Exam Prep

Today’s Security Environment

As we review the impact of COVID-19 on major industries at a global level, it is heartening to know that the financial services industry as a whole, has been able to withstand the immediate pressures arising from the pandemic.

The post COVID-19 era for the financial services industry will be rife with low interest rates, low profitability and increased non-performing assets (mortgages, business loans etc.).  At the same time, customer confidence and trust on financial services firms will be put to the test as sophisticated cyber-attacks continue to target the firm’s digital products and services infrastructures as well as remote workers.

A 2020 Accenture report – ‘Securing the Digital Economy: Reinventing the Internet for Trust’– forecasts that nearly $350 billion could be lost by the financial services industry to cybercrime by 2025.

Therefore, financial services firms will need to prioritize their investments and accelerate the implementation of cyber resilience strategies to avoid increased business loss and brand damage due to sophisticated cyber-attacks. Knowing this, we put together a two-part blog series to help you assess and improve your financial institution’s security.

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Exam Prep

Look for a Long-Term Solution


With remote working being the new normal in the post COVID-19 era, cyber criminals are tirelessly focusing their efforts to steal data from the financial firm’s remote workers and third party partners through advanced malware and social engineering methods. While most financial firms have rushed to plug the gaps that exist in their security policies to support this new normal, this is a just a short term solution.

The focus should also be on building cyber resilience against emerging threats that could severely damage a financial service firm’s brand and lead to financial market disruption, like data manipulation. Financial firms have been using data to gain insights and deliver competitive services. Data driven decision-making has been an important strategy adopted by most financial firms to deliver exceptional customer experience and gain operating model efficiencies. Emerging attacks will shift from data theft to data manipulation. These attacks will be led by highly skilled adversaries with advanced Tactics, Techniques & Procedures (TTPs) such that detection will be a challenge. Manipulation of credit scores, market data, KYC (Know Your Customer), customer account data, and many others will threaten the financial firm’s brand as well as severely impact customer trust.

As per the Reserve Bank of New Zealand “Cyber resilience is the ability to withstand, contain, and rapidly recover from a cyber incident by anticipating and adapting to cyber threats and other relevant changes in the environment.”

It is crucial that a holistic approach to cyber resilience be adopted taking current and emerging threats into consideration. Our recommendation to financial services firms is to augment their current cyber security practice with a five-point strategy which would help them bolster cyber resilience. This blog encompasses the first two points, check out next week’s blog for the final three points.

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Exam Prep

#1) Secure by Design


As financial services firms accelerate digital transformation, security has to be more than a department or set of loosely-integrated solutions to keep up. It has to be a total philosophy – driven by the CEO and implemented throughout the entire product lifecycle. This includes using a secure development lifecycle, embedding security into product design and manufacturing, delivering products securely, and ensuring a corporate culture of transparency and continuous innovation. Cisco’s Trustworthy technologies are an evolving range of security technologies designed into Cisco solutions for financial services customers to tap into as they develop their digital products and services. Security by design and trustworthiness must never be afterthoughts; they must be designed, built, and delivered from the ground up.

#2) Cisco Zero Trust


Cisco Zero Trust offers a comprehensive solution to secure all access across a financial services firm’s applications and environment, from any user, device, or location allowing the firm to consistently enforce policy-based controls while gaining visibility into users, devices, components, and more.

Cisco implements zero trust with a three-step methodology across the workforce, workloads and workplace by:

1. Establishing trust of a user, device, application, etc. – before granting access or allowing connections or communications.

2. Enforcing trust-based access policies with granular controls based on changing context – such as the security posture of devices and the behavior of applications

3. Continuously verifying trust by monitoring for risky devices, policy noncompliance, behavior deviations and software vulnerabilities

This complete zero trust security model allows the firm to mitigate, detect, and respond to risks across their entire environment.