The Why of AI and ML

In recent years, Artificial Intelligence (AI) and Machine Learning (ML) have been in the spotlight. I think by now folks understand that neither are some strange form of technological magic, but rather a science and some working knowledge of the domain is now well understood. However, up to this point, the question has been “what are AI and ML?”  But what I want to take some time to ask, is why? Why do we need them? Why will they still be a part of products and services; not just in security but throughout our digital lives?

The short answer is because we can no longer operate at human-scale to be competitive. It is necessary that we operate to some degree at machine-scale and this is where advanced computer science techniques become valuable. AI and ML are just a few of these techniques and to maximize their benefits, we must know how to use them safely and effectively. Like any advanced technology, they can be used for good or for bad or maybe I should say that it could be used for your benefit or your demise.

There is a pattern that joins humans to machines, machines to machines, machines back to humans, and humans to humans. We have hundreds of years of social science that we can use when examining human to human patterns. Machine to machine includes a multitude of well-known patterns in computer science discussed on a daily basis. So for now, let’s concentrate on the patterns that integrate humans with machines and vice versa.

Human-to-machine communication is largely based on the human’s ability to communicate their “intent” to the machine. This is done via a model that the machine can process and that the human can express and understand. The precision of this model is critical to the overall success. A model that is too coarse limits the machine’s accuracy in its automation; while a model that is too precise may lead to humans making errors in their expression or just be too tedious to maintain. A great example of a model done well is cloud-native orchestration like Kubernetes. The admin can specify his/her intent for production in a model and Kubernetes orchestrates these microservices in an adaptive manner depending on future demand of the environment – scaling up and down depending on criteria.

One last thing to add about these models that sit in-between human-to-machine is that in the example above, the initial model may have been instantiated by the human, but over time, machines via their observations, can create their own models at scales well beyond human perception. You could say that these machine derived models are “machine-learned.”

The machine-to-human pattern is largely constrained by human cognition and human understanding. No matter how fancy your machine learning system may be, if the human cannot understand how the machine arrived at an answer, it cannot be trusted. Machines must “explain” their findings and analytical outcomes in a way that humans can understand. Failing to do so means that automation is not being safely managed and should not be coupled with actions that are critical to human life or to the business. To operate at machine-scale effectively and safely, machines must be able to communicate their operational integrity and analytical outcomes in ways that their human steward can comprehend. This is challenging because in some cases, machines are interfacing with experts and in some cases, non-experts. In the end, you must design systems that are observer-centric and accommodate for the different personas that use the system.

Getting this right means that we can leverage machines as tools that help us go beyond human perception and even what is humanly possible to build as a workforce. This would not have been such a useful capability if it were not for the Internet. Because of the Internet, businesses are asked to understand questions that are global in scale, that deal with petabytes of data, quantities of data processing that are just no longer at human-scale. Businesses are also having to operate with dynamic ranges never experienced in our recorded history: On Monday you may have to service 30,000 customers, on Tuesday THE ENTIRE INTERNET SHOWS UP, and on Wednesday 20,000 customers. Without the help of machines, we could not take advantage of these opportunities.

The term Machine Learning has been used synonymously with Artificial Intelligence when in reality, ML is a child of AI. So, if AI is the parent of ML, does ML have any brothers and sisters? The answer is yes and over the years, we will move beyond the data science-biased ML as we meet and get to know these new siblings that will help us humans operate safely and securely at machine-scale.

Continue reading

Forget the New Normal. Experience a New Difference With The All New Webex

Staying Connected and Getting Work Done with the All New Webex

The rapid uptake of remote working has led to a parallel increase in use of Webex as businesses key collaboration tool for colleagues to stay connected and get work done.

The power of the all new Webex is the ability to bring together everything you need to see a project through to fruition – One easy-to-use and secure app to call, message, meet and make exceptional work happen. As a result, you may find yourself operating within one app for most of your working day.

With this in mind our Cisco Collaboration team have been brainstorming ideas that not only help you complete your work, but also represents your style and personality.

In this new release we are excited to introduce:

1. Fresh new color themes

2. Backgrounds for your profile, contact card and spaces

3. Cobranding options to reinforce your corporate brand

Fresh New Color Schemes

First up, we have added 3 new color themes to reinvent your Webex experience. You now have a choice between Jade, Lavender and Bronze – each available in light and dark mode on your desktop and mobile app. Easily transform your app color theme within the ‘Appearance’ tab in the app settings.

Expressive New Backgrounds

Next up, you can now add fun and a splash of personality to your Webex app with new backgrounds for your profile, contact card and spaces. Backgrounds can also act as great way to help you differentiate between each of your workflow spaces.

Backgrounds are easily accessible in your app settings. You can now pick from a select number of designs to change a standard space into a fun and visually appealing work area. But stay tuned, as custom backgrounds are coming soon!

The Power of Webex with Your Own Brand

Finally, we have introduced the ability to co-brand Webex with your own company brand. Your brand is your company’s identity, it has value, gives you direction and customer awareness.  And, now you can include that within your Webex experience by adding your company colors to the app header and your company logo on the side panel bar.

Color themes, backgrounds and co-branding are just the start in the Webex journey to bring yourself to your virtual workplace.

Continue reading

What’s in a name? ”Catalyst” 8000 “Edge” Platforms

On October 20, Cisco announced the new Catalyst 8000 Edge Platforms Family, to help customers deliver secure connectivity to hybrid and multicloud applications across cloud, data center and edge locations. The new Portfolio transforms the WAN edge so customers have secure access, agility and the best experiences when connecting to applications anywhere. These new platforms support customers’ move to a SASE architecture by converging cloud-managed SD-WAN and cloud-delivered security (Cisco Umbrella) into one solution.  Customers will also have access to the full SD-WAN security stack for on-prem deployments.

As part of launching the new Catalyst 8000 family, I’ve had the opportunity to talk to a number of industry analysts, media, channel partners and customers.  I would like to address a few questions that have come up in my briefings.

Why extend “Catalyst” brand to the WAN?

With the new Catalyst edge platforms, we are meeting the requirements of the WAN edge, and providing another foundational piece of our intent-based network strategy that spans every domain of the network.

Cisco launched its Intent Based Networking (IBN) initiative targeted for enterprises a few years ago. This initiative was meant to address the complexity that spans campus, wireless and WAN, by transforming the usually static network fabric into a controller-led architecture that captures business intent and translates it into policies that can be automated and applied consistently across the network. The programmability of the fabric combined with integrated analytics allows it to be agile and elastic to help deliver desired business outcomes.

The Catalyst 8000 family was given the “Catalyst” name because as we continue to grow and build upon our intent-based networking (IBN) portfolio it is important that there is product, branding and messaging alignment across Access (LAN) and WAN and that customers view the IBN portfolio as a set of products that unify their enterprise networks and provide software-defined capabilities via a common IOS-XE operating system. With the new naming, the Catalyst brand is now part of the Intent Based Portfolio along with Catalyst Switches and Catalyst APs.

Why is the new portfolio called an Edge device and not a Router?

Enterprise WANs have transformed over the last decade. As Enterprises across various industry segments are looking at digitalization for gaining business advantage, Cloud, IOT, 5G and Edge Compute are quickly becoming key pillars of their digitalization strategies.

The WAN edge hence has become critical to digital businesses, particularly the edge of the WAN where the traditional black-box router no longer serves the needs of the modern enterprise. Speeds and feeds remain important, but today’s networks require a WAN edge platform that is agile, flexible, and open to host multi-service edge functionality.

We are calling these devices “edge platforms” versus “routers” because the definition of a router has evolved over the past few years to be more of a WAN edge device; providing connectivity from distributed locations to both data centers and the cloud, service flexibility for on-prem or cloud deployments as well as containerized hosting of local network services and business applications.

How is a new hardware portfolio a relevant, differentiator, when the WAN world is going software-defined?

With its IBN initiative, Cisco has significantly inverted its development model to be a software led model first with user experience as a key focus area.

The Catalyst 8000 family includes the Catalyst 8000V Edge Software, a virtual platform for anyone that wants to deploy Cisco routing as a virtual network function (VNF) on a general-purpose hardware or in cloud deployments. For environments outside of cloud, our customers, however, prefer a customized solution from Cisco to deliver software innovations for better performance, scale, security, reliability, and flexibility.

High-end aggregation deployments need performance and scale which cannot be fulfilled with a general-purpose CPU architecture. Cisco’s investment in the custom ASIC (QuantumFlow Processor 3.0) allows us to deliver industry leading performance, SD-WAN tunnel scale, and 40/100G interfaces in a compact, one rack unit form factor for the Catalyst 8500 Series Edge Platforms.

In keeping with the industry trend, Cisco’s access portfolio leverages an x86 architecture that gives us flexibility to run containerized services, while also providing the choice of connectivity and flexibility much needed in a global deployment. The new Catalyst 8300 Series Edge Platforms provide 70+ different interface choices including network interface cards, cellular interface cards, voice modules (industry’s only SD-WAN solution that offers support for IP telephony), switch modules, service modules as well as an edge compute module to host local apps and service VNFs. This flexibility is much needed in customer environments to address a variety of deployment needs.

The hard reality of today’s deployments are that most SD-WAN vendors focus on the software functions of building WAN overlays but have been missing out on addressing the underlay needs – variety of interfaces, transport choices with associated protocols, performance, scale, flexibility to add services. Thus, these solutions often end up becoming an add on to an existing Cisco router for the underlay. This adds cost to the overall solution which is often missed in the analysis.

In closing, with the Catalyst 8000 Edge Platforms Family, we are helping you adapt to the requirements of the new WAN edge and providing another foundational piece of our intent-based network strategy that spans every domain of the network — campus, branch, WAN and DC/cloud.  ​The Catalyst 8000 family is the best-in-class platform for SASE, SD-WAN, and 5G in the future; built to address today’s most pressing WAN edge issues, and flexible enough to tackle the challenges of tomorrow.

Continue reading

300-715 Exam Practice Questions | Cisco CCNP Security Exam Info

 

Cisco SISE Exam Description:

The Implementing and Configuring Cisco Identity Services Engine v1.0 (SISE 300-715) exam is a 90-minute exam associated with the CCNP Security, and Cisco Certified Specialist - Security Identity Management Implementation certifications. This exam tests a candidate's knowledge of Cisco Identify Services Engine, including architecture and deployment, policy enforcement, Web Auth and guest services, profiler, BYOD, endpoint compliance, and network access device administration. The course, Implementing and Configuring Cisco Identity Services Engine, helps candidates to prepare for this exam.

Cisco 300-715 Exam Overview:

• Exam Name- Implementing and Configuring Cisco Identity Services Engine
• Exam Number- 300-715 SISE
• Exam Price- $300 USD
• Duration- 90 minutes
• Number of Questions- 55-65
• Passing Score- Variable (750-850 / 1000 Approx.)
• Recommended Training- Implementing and Configuring Cisco Identity Services Engine (SISE)
• Exam Registration- PEARSON VUE
• Sample Questions- Cisco 300-715 Sample Questions
• Practice Exam- Cisco Certified Network Professional Security Practice Test.

Related Article:-

• Avail CCNP Security 300-715 SISE Certification to Enhance Your Career

Continue reading

EDR. NDR? XDR! … is it more than just marketing?

As is often true with new security concepts, vendors are quickly adopting the new terminology to showcase their products’ capabilities. This is where things get confusing and tricky. Some vendors are using XDR (Extended Detection & Response) as a marketing strategy for their existing EDR (Endpoint Detection & Response) or NDR (Network Detection & Response) products, others are launching new products or just rebranding existing products explicitly as “XDR”. Some vendors have built both EDR and NDR, others sell one and partner for the other — yet both approaches claim to be XDR. With the same term being used in multiple ways it can be hard for buyers to understand what XDR actually requires and the security outcomes that should be achieved by it.

So, we want to cut through the noise and provide some clarity on XDR:

◉ Understand the needs driving XDR adoption

◉ Explore Gartner’s definition of the category

◉ Learn how Cisco delivers XDR use cases with our solutions

◉ Discover ways to start your XDR journey

Get the details in our eBook

10 ways Cisco delivers XDR capabilities today

Here’s a sneak peek into 3 of the 10 use cases. Click on the images to see in greater detail.

Use Case #2: Reduced detection times

Detect even subtle or hidden attacks via insider, unknown, or encrypted threats:

Use Case #3: Enriched alerts

Enriched alerts with cross-product context that streamline operations due to the simplicity, visibility, and lowest false positive rates:

Use Case #4: Root Cause Analysis

Visualized root cause analysis from execution to access, lateral movement to exfiltration, and more:

Continue reading

Cisco SD-WAN Integration with AWS Transit Gateway Connect Raises the Bar for Cloud Performance and Scale

As the SD-WAN enterprise customers increase their consumption of business-critical applications from cloud or directly as SaaS over the Internet, there is a growing need for on-demand SD-WAN extension to the cloud or SaaS of choice.

Cisco has partnered with AWS, to deliver Cisco SD-WAN Cloud OnRamp to extend our SD-WAN fabric to AWS workloads.

As our customers transition their workloads to AWS, Cisco continues to build on this partnership to accelerate our customer’s SD-WAN journey to AWS.

In our current integrated solution between Cisco SD-WAN and AWS Transit Gateway, Cisco SD-WAN Cloud OnRamp enables users to connect to their AWS workloads using the Cisco SD-WAN controller(vManage). The Cloud OnRamp feature automates Cisco SD-WAN fabric extension from branch routers to Amazon VPCs. In addition, the integration with TGW Network Manager enables seamless network visibility either through vManage or AWS console. This provides a comprehensive view of the on-premises network, including the WAN, and the customer’s AWS network. All underlying tasks such as spinning up Cisco SD-WAN cloud routers, such as Catalyst 8000V Edge Software, creating Transit VPC, and establishing IPsec VPN tunnels to AWS TGW and forming BGP adjacency are completely automated. In addition, customers can extend network segmentation policies from on-premises to AWS Cloud via a simple-to-use GUI in Cloud OnRamp.

The existing solution with Cloud OnRamp automates the entire orchestration of the TGW and VPC networking, hence reducing the time-consuming manual task to a matter of minutes.

We have integrated further with AWS on our current solution, for customers requiring throughputs in excess of the 1.25 Gbps that is possible today with an IPsec tunnel connection, and preferring not to manage establishing multiple tunnels to scale bandwidth beyond 1.25Gbps. While some other customers have security/compliance considerations and need to establish private IP addresses along the entire path from branch to AWS.

In response to our customer requirements, we are excited to announce our latest integration of Cisco SD-WAN Cloud OnRamp with AWS Transit Gateway Connect.

This latest offering with AWS Transit Gateway Connect, builds upon our existing AWS relationship to provide a tightly integrated solution with additional key benefits, like:

1. Reduced costs with higher bandwidth connections: The new integration between Cisco and AWS uses native GRE tunnels instead of IPsec tunnels, offering up to 4 times the bandwidth and eliminating the challenges and costs of establishing and maintaining a multitude of IPsec tunnels.

2. Enhanced security: By removing the need for public IP addresses, customers with strict security requirements can deploy the solution using private IP addresses to significantly reduce the attack surface reducing risk and streamlining compliance.

3. Increased route limit: This new architecture will increase the number of BGP network advertised routes many-fold over the existing 100 route limit. **

4. Increased visibility: Integration with Transit Gateway Network Manager will provide an increased level of visibility such as performance metrics and telemetry data not only from the third-party appliances but also from the branch appliances sitting behind them. This allows customers to monitor end-to-end network across AWS and on-premises.

Continue reading

Secure Network Analytics (Stealthwatch): Then, Now, and Beyond

Secure Network Analytics (formerly Stealthwatch) was recently recognized as the industry leader in Network Detection and Response (NDR). This product journey began in 2001, and through the years, we have had to innovate to remain a leader. Yes, I said 2001. A time when we were still imaging machines from optical drives, Windows XP had just shipped, before the social media boom and maybe even before some of you readers were born. In so many ways, things are different today than they were back then but the product’s primary objective has never changed;  “To analyze network behavior in order to identify threats and malicious activity and direct it to the most effective response.”

It all began in 2000 where a Georgia Institute of Technology professor, Dr. John Copeland founded a company called Lancope. It was his vision that would inspire others and ultimately lead to where we are today. Along the way, there were some significant battles we had to fight and hold our ground.  Some of these were strategic bets that would later pay off.

Dr. Copeland founded Lancope upon the discovery of “probing” on his home computer through odd bursts of data in the fall of 1999. Recognizing that these data bursts had malicious intent and could traverse a firewall, Dr. Copeland invented “Flow-based Analysis” to derive the probability that a conversation between two hosts was malicious. The clever thing about Flow-based analysis is that it involves the statistical analysis of counts built from packet headers alone. At the time, this meant the solution could operate at higher packet rates that IDP/IPS alternatives of the day.

Using Flow-based analysis was a natural fit for NetFlow, and it allowed us to scale across the entire network to provided unprecedented breadth of security visibility. However, one argument we needed to address was “Why are we using NetFlow? NetFlow was not meant to be used for security!”  NetFlow was introduced by Cisco in 1996 and was superseded by Internet Protocol Flow Information eXport (IPFIX) in 2008 (rfc5101/rfc5102).  We trained our analytics on it because we knew that if we were right, instead of having visibility where we could deploy sensors, the network itself would become our sensor!

The next argument we needed to overcome was “You can’t do real network security detection without Deep Packet Inspection!” Because we did not depend on Deep Packet Inspection, industry experts would argue that we cannot detect threats with NetFlow/IPFIX alone. To understand the validity of this argument, you needed to go back to a time where network encryption was used sparingly. Most of the network was largely operating in the clear – I know it sounds insane, but these were simpler times. The use of SSL and TLS was not widespread and setting up a site-to-site VPN took a network genius. We knew that it would be only a matter of time before Deep Packet Inspection would become a thing of the past. Today, even if you were to capture all the packets, well over 90% of it would be encrypted and opaque to direct inspection. Let me be clear, if DPI was available, we would use it, but we did not depend on it for our security analytical outcomes. This put us in a very strong position because our machine learning algorithms would not be affected by the pervasive use of network encryption. So once again, we made a very important strategic bet for the reality of today.

As Lancope became more and more successful within the larger global 2000 enterprises, we quickly learned that we needed to add integrations that would allow us to perform analytics from multiple centricities. We felt that there might be cases where customers want to view the results by device, or by application, or by user. A device-centric question would be “What has this device communicated with in the past 30 days?” A user-centric question would be “What has the user alice01 done on my network in the past 30 days?” To add in this user-centricity, we needed to integrate with an authoritative source for that data.  At the time, Cisco offered the “Identity Services Engine” or ISE for short. Integrating Secure Network Analytics with ISE meant that we could now offer device and user-centric analytics when it came to the behavior we observed across a customer’s network. ISE would also lay the groundwork for safe and secure automated responses.  If a threat actor was active on a part of the network, Secure Network Analytics could signal to ISE to isolate that device or user. All of this functionality back 10+ years ago would begin to define what is now the extended detection and response (XDR) market today.

With 10 years in market with Secure Network Analytics, Lancope and Cisco established a strong partnership. The two companies were a match made in heaven due to the fact that Secure Network Analytics did network behavioral analysis and the network is where computers behave. Secure Network Analytics is now an essential part of the “Network as a Sensor” concept and customers consider it a pivotal part of their security program. Up until 2011, threat actors were breaking into your networks and thus the appropriate detection was in place, but something was changing.  Attackers weren’t breaking in anymore, they were simply logging in and operating in your network as someone you trusted! Those traditional detection methods were no longer effective because no alarm bells would be triggered. It was now all about detecting when an application, device, or user started to behave in a way that was suspect and Secure Network Analytics was in the right place at the right time.

Source: cisco.com

Continue reading