Threat Trends: DNS Security, Part 1

Part 1: Top threat categories

When it comes to security, deciding where to dedicate resources is vital. To do so, it’s important to know what security issues are most likely to crop up within your organization, and their potential impact. The challenge is that the most active threats change over time, as the prevalence of different attacks ebb and flows.

This is where it becomes helpful to know about the larger trends on the threat landscape. Reading up on these trends can inform you as to what types of attacks are currently active. That way, you’ll be better positioned to determine where to dedicate resources.

Our Threat Trends blog series takes a look at the activity that we see in the threat landscape and reports on those trends. After examining topics such as the MITRE ATT&CK framework, LOLBins, and others, this release will look at DNS traffic to malicious sites. This data comes from Cisco Umbrella, our cloud-native security service.

We’ll briefly look at organizations as a whole, before drilling down into the number of endpoints connecting to malicious sites. We’ll also look at malicious DNS activity—the number of queries malicious sites receive.

Overall, this can provide insight into how many malicious email links users are clicking on, how much communication RATs are performing, or if cryptomining activity is up or down. Such information can inform on where to dedicate resources, such as topics requiring security training or areas to build threat hunting playbooks.

Overview of analysis

We’ll look at DNS queries to domains that fall into certain categories of malicious activity, and in some cases specific threats, between January and December of 2020. While performing this analysis we looked at a wide variety of threat trends. We’ve chosen to highlight those that an organization is most likely to encounter, with a focus on the categories that are most active.

It’s worth noting that we’re deliberately not making comprehensive comparisons across categories based on DNS activity alone. The fact is that different threat types require varying amounts of internet connectivity in order to carry out their malicious activities. Instead, we’ll look at individual categories, with an eye on how they rise and fall over time. Then we’ll drill further into the data, looking at trends for particular threats that are known to work together.

Organizations and malicious DNS activity

To start off, let’s look at organizations and how frequently they see traffic going to sites involved in different types of malicious DNS activity. The following chart shows the percentage of Cisco Umbrella customers that encountered each of these categories.

To be clear, this does not indicate that 86 percent of organizations received phishing emails. Rather, 86 percent of organizations had at least one user attempt to connect to a phishing site, likely by clicking on a link in a phishing email.

Similar stories present themselves in other categories:

◉ 70 percent of organizations had users that were served malicious browser ads.

◉ 51 percent of organizations encountered ransomware-related activity.

◉ 48 percent found information-stealing malware activity.

Let’s take a closer look at some of the more prevalent categories in further detail, focusing on two metrics: the number of endpoints alerting to malicious activity (depicted by line graphs in the following charts), and the amount of DNS traffic seen for each type of threat (shown by bar graphs in the charts).

Cryptomining

It’s not surprising that cryptomining generated the most DNS traffic out of any individual category. While cryptomining is often favored by bad actors for low-key revenue generation, it’s relatively noisy on the DNS side, as it regularly pings mining servers for more work.

Cryptomining was most active early in the year, before declining until summer. This, and the gradual recovery seen in the later part of the year, largely tracks with the value of popular cryptocurrencies. As currency values increased, so too did the rate of activity. For example,  researchers in Cisco Talos noticed an increase in activity from the Lemon Duck threat starting in late August.

It’s also worth noting that there’s little difference there is between “legitimate” and illicit cryptomining traffic. Some of the activity in the chart could be blocks based on policy violations, where end users attempted to mine digital currencies using company resources. In cases like this, administrators would have good reason for blocking such DNS activity.

Phishing

The amount of phishing-related DNS activity was fairly stable throughout the year, with the exception of December, which saw a 52 percent increase around the holidays. In terms of the number of endpoints visiting phishing sites, there were significant increases during August and September.

This is due to a very large phishing campaign, where we see a 102 percentage-point shift between July and September. More on this later, but for now, take note of the point that dramatically more endpoints began clicking on links in phishing emails.

Trojans

Similar to cryptomining, Trojans started the year strong. The incredibly high number of endpoints connecting to Trojan sites was largely due to Ursnif/Gozi and IcedID—two threats known to work in tandem to deliver ransomware. These two threats alone comprised 82 percent of Trojans seen on endpoints in January.

However, the above-average numbers from January were likely tied to a holiday-season campaign by attackers, and declined and stabilized as the year progressed.

In late July, Emotet emerged from its slumber once again, comprising a massive amount of traffic that grew through September. This threat alone is responsible for the large increase in DNS activity from August through September. In all, 45 percent of organizations encountered Emotet.

Ransomware

For most of the year, two key ransomware threats dominated—one in breadth, the other in depth.

Beginning in April, the number of computers compromised by Sodinokibi (a.k.a. REvil) increased significantly and continued to rise into autumn. The increase was significant enough that 46 percent of organizations encountered the threat. In September, overall queries from this particular ransomware family shot up to five times that of August, likely indicating that the ransomware payload was being executed across many of the impacted systems.

However, this is a drop in the bucket compared to the DNS activity of Ryuk, which is largely responsible for the November-December spike in activity. (It was so high that it skewed overall activity for the rest of the year, resulting in below-average numbers when it wasn’t active.) Yet the number of endpoints connecting to Ryuk-associated domains remained relatively small and consistent throughout the year, only showing modest increases before query activity skyrocketed.

So, while one threat corrals more endpoints, the other is much busier. Interestingly, this contrast between the two ransomware threats correlates with the amount of money that each threat reportedly attempts to extort from victims. Sodinokibi tends to hit a large number of endpoints, demanding a smaller ransom. Ryuk compromises far fewer systems, demanding a significantly larger payment.

Tying it all together

In today’s threat landscape, the idea that ‘no one is an island’ holds true for threats. The most prevalent attacks these days leverage a variety of threats at different stages. For example, let’s look at how Emotet is often delivered by phishing in order to deploy Ryuk as a payload. While the data below covers all phishing, Emotet, and Ryuk activity, as opposed to specific campaigns, a clear pattern emerges.

Remember the 102 percentage-point shift in phishing between July and September? This lines up with a 216 percentage-point jump in Emotet DNS activity. Activity drops off in October, followed by an eye-watering 480 percentage-point increase in Ryuk activity.

Emotet’s operations were significantly disrupted in January 2021, which will likely lead to a drop-off in activity for this particular threat chain. Nevertheless, the relationship presented here is worth considering, as other threat actors follow similar patterns.

If you find one threat within your network, it’s wise to investigate what threats have been observed working in tandem with it and take precautionary measures to prevent them from causing further havoc.

For example, if you find evidence of Ryuk, but not Emotet, it might be worth looking for Trickbot as well. Both Emotet and Trickbot have been seen deploying Ryuk in attacks, at times in coordination, and other times separately.

Sure enough, Trickbot follows a similar pattern in terms of DNS activity—lower in the first half of the year, busy in August and September, then quiet in October. However, Trickbot was active between November and December, when Emotet was not, likely contributing to the phenomenal increase in Ryuk activity during these two months.

Preventing successful attacks

As mentioned earlier, the data used to show these trends comes from Cisco Umbrella, our cloud delivered security service that includes DNS security, secure web gateway, firewall, and cloud access security broker (CASB) functionality, and threat intelligence. In each of these cases, the malicious activity was stopped in its tracks by Umbrella. The user who clicked on a phishing email was unable to connect to the malicious site. The RAT attempting to talk to its C2 server was unable to phone home. The illicit cryptominer couldn’t get work to mine.

Umbrella combines multiple security functions into one solution, so you can extend protection to devices, remote users, and distributed locations anywhere. Umbrella is the easiest way to effectively protect your users everywhere in minutes.

Also, if you’re looking to get more information on the malicious domains that your organization encounters, Umbrella Investigate gives the most complete view of the relationships and evolution of internet domains, IPs, and files — helping to pinpoint attackers’ infrastructures and predict future threats. No other vendor offers the same level of interactive threat intelligence — exposing current and developing threats. Umbrella delivers the context you need for faster incident investigation and response.

Up next

In this blog we looked at the most active threat categories seen in DNS traffic, as well as how evidence of one threat can lead to uncovering others. In part two, we’ll break the data down further to examine which industries are targeted by these threats. Stay tuned to learn more about the impact on your industry!

Methodology

We’ve organized the data set to obtain overall percentages and month-on-month trends. We’ve aggregated the data by the number of endpoints that have attempted to visit certain websites that have been flagged as malicious. We’ve also aggregated the total number of times websites flagged as malicious have been visited. These numbers have been grouped into meaningful threat categories and, when possible, have been marked as being associated with a particular threat.

We’ve also applied filtering to remove certain data anomalies that can appear when looking at malicious DNS traffic. For example, when a C2 infrastructure is taken down, compromised endpoints attempting to call back to a sinkholed domain can generate large amounts of traffic as they unsuccessfully attempt to connect. In cases like these, we have filtered out such data from the data set.

The charts use a variation of the Z-score method of statistical measurement, which describes a value’s relationship to the mean. In this case, instead of using the number of standard deviations for comparison, we’ve shown the percent increase or decrease from the mean. We feel this presents a more digestible comparison for the average reader.

Source: cisco.com

Continue reading

How to Balance IT Stability and Strong Security

Remember the old days of deploying Anti-Virus (AV) across your organization? Most often, it was a “set it and forget it” approach. It worked back then. Until it didn’t.

This leaves us with a perplexing dichotomy. On the one hand, the mindset of the old AV days still persists, where many companies are reluctant to update, upgrade, or even touch their existing security technology. On the other hand, we found in our recent 2021 Security Outcomes Study that most practitioners believe a technical refresh is the most prudent approach to staying ahead of existing and emerging threats.

So where is the problem? What is it that causes organizations to resist upgrading?

Instability as a Source of Insecurity 

The problem is one of stability. After all the configurations have been tweaked to make a deployed product behave as a finely tuned engine, there is nothing more uncertain than having a vendor announce a new product that has the potential to disrupt your harmonious tech orchestration. To state it more bluntly, people have been burned too many times with the promise of the latest and greatest software that ultimately interrupts their workflow and, in some cases, entirely halts production.

This is the classic struggle between operations and security; they do not always line up. Everything might be flowing smoothly, but when an exploit emerges that an attacker could use to compromise the organization, the security team is viewed by the organization as overly paranoid if they want to make changes, threatening the stability of a perfectly functioning environment. In other instances, the security team may not even have the time to stay on top of necessary updates, leading to “upgrade resistance” even among the security ranks.

Why Is Stability Threatened When a New Product Is Introduced?  

According to our Security Outcomes Study, it would seem that the inability to retain skilled security professionals may be part of the problem. Another factor is that even with a staff of skilled professionals, they are often stretched beyond their capabilities and are expected to do too many tasks in the course of a normal workday. Unfortunately, short staffing and an overworked security team can lead to a lack of testing, which can create issues when it comes to effectively implementing software updates.

How to Ensure Success

Proper training

When we think about the tools needed to succeed, one of the best tools for any staff is training. If you offer training to the staff, you end up not only with a stronger, more skilled team but also a team that feels valued and appreciated. As shown below, role-specific training is one of the top success factors that can help a security team keep up with business demands.

Top security success factors for keeping up with the business

I am often reminded of a joke that I heard where a manager asks, “What happens if we spend money on training and the staff then leaves?” To which the other person responds, “What happens if you don’t train them and they stay?”

It is all about instilling confidence in the team and empowering them to make the correct choices when it comes to what’s best for an organization’s overall infrastructure. For example, testing prior to deployment is an absolute necessity towards the success of any project.

Reliable vendors

Another key to ensuring success is to work with reliable and trustworthy vendors. The vendor relationship is important from a technology standpoint as well as a business standpoint.

How can you combat the fear of new security technology in an organization? You can do so by imparting stability into project plans, which can be achieved by elevating your staff’s qualifications and by working with reputable vendors. As shown below, properly managing vendor security is one of the top success factors for creating a strong security culture within an organization.

Top success factors for creating a strong security culture

Automated, integrated technology

Last but certainly not least, technology itself can help with maintaining a stable and secure environment, while not letting software get out-of-date. In addition to protecting an organization’s infrastructure, security technology should ideally empower teams as well. It should provide security professionals with a boost, not a burden.

Seek out security technology that is streamlined, integrated, and automated. Unfortunately, the culture of procuring a new point product for every new security threat has left us with crushing complexity in many cases. Vendors today must simplify their security offerings by making them work together to reduce the manual processes that often slow down security teams.

By lessening the tedious, time-consuming tasks that stand in the way of fast, effective security, an integrated, automated tool set can help security teams more confidently stay on top of technology updates – and implement them more safely and securely. In time, this confidence can extend over to other parts of the organization and lessen overall resistance to change. After all, you cannot properly secure an organization with stagnant technology.

How Cisco can help

Cisco has been on a mission for several years to simplify and streamline its security capabilities. With the launch of Cisco SecureX, we introduced an integrated platform that incorporates greater visibility, efficiency, and automation into security processes. It brings together our entire Cisco Secure portfolio, as well as many third-party technologies, to streamline and strengthen operations not just for security teams, but for IT and networking groups as well.

With SecureX, these various teams can more easily collaborate – viewing and responding to the same data in the same place – to more quickly and effectively identify and troubleshoot potential issues. Additionally, since SecureX is delivered via the cloud, it is easy to add or update security capabilities as needed, further lessening the burden of proactive tech refreshes.

While there are many steps that can be taken to strengthen security, our Security Outcomes Study suggests that proactive tech refreshes, training, strong vendor relationships, and integration and automation can all go a long way.

Source: cisco.com

Continue reading

Meet the Enchanted Virtual Classroom

Cisco Networking Academy enables distance learning

The COVID-19 pandemic has disrupted the traditional education model for millions of students and teachers around the world, including the nearly 12,000 learning institutions worldwide that participate as Cisco Networking Academy schools. 

The Networking Academy curriculum has been delivered via a hybrid model of in-person and online teaching. So when the pandemic hit, and while many schools, teachers, and students experienced widespread disruption and challenges in making the move to a 100 percent online model, the Networking Academy transition was manageable, and students and teachers were already equipped to operate exclusively online effectively.

Beyond the move to a fully online model, the events of 2020 pushed our engineering teams at Cisco to look for new ways to offer both students and teachers more immersive experiences and better learning engagement opportunities.  

Working hand in hand with Networking Academy instructors, our engineers delivered significant enhancements to Cisco Packet Tracer’s physical mode. Combined with significant increases in the availability of our Cisco Webex collaboration suite, our teams have created what we like to think of as an “Enchanted Virtual Classroom.” 

Welcome to a world of enchantment

The concept of enchantment in the digital world – and specifically the notion of “Enchanted Objects” – has been introduced by David Rose, product designer and lecturer at the MIT Media Lab. According to Rose, Enchanted Objects can be brought to life thanks to specific design guidelines for immersive Internet of Things (IoT) environments that align with fundamental human desires including “omniscience, telepathy, safekeeping, immortality, teleportation, and expression.” 

Rose believes that IoT sensors and actuators embedded in our physical environments can lead to enchanting experiences. 

Within Cisco Networking Academy, we are applying this design philosophy to distance learning. 

Fusing Packet Tracer – which invokes senses of safekeeping (a safe place to make mistakes), omniscience (creating networks from scratch), and expression (telling networking stories relevant to their lives), with Webex – which invokes senses of telepathy (insight into how others think) and teleportation (video collaboration as if we were sharing the same physical space doing labs together) enables useful, purpose-driven, even enchanting distance learning experiences. 

We seek to help address issues that arise from the loss of physically co-located instructors, students, and equipment. A simulation-based microworld, like Packet Tracer 8.0, with enhanced physical mode representations, used in tandem with collaboration software such as Webex, may have synergies that lead to effective and delightful experiences. 

The Charm of Packet Tracer

The new version of Packet Tracer (PT 8.0), released last month, approximates the experiences of the real-world job and classroom lab interactions as shown in Figure 1. 

Using the “Geo” mode (Figure 2) students can explore floor plans, maps, and other background images that help provide context heat maps showing Wi-Fi, cellular, and Bluetooth signals, as well as manipulable cables. This representation encourages tracing a packet across various physical locations. 

With the new Packet Tracer capabilities, students can build “What-if” models, following their own inquiry, using Packet Tracer as a “virtual Lego kit.” Students can also be assigned structured design, configuration, and troubleshooting challenges, using activities that were authored via Packet Tracer’s Activity Wizard and which are automatically graded (as shown in Figure 3). 

Students can interact with a shelf (inventory system) at right, having to choose amongst devices. They can also interact with a pegboard, having to choose among cables, place devices at specific locations on tables (centre) and equipment racks (left), as well as power devices and read status LEDs.

The magic of learning through Webex 

Webex is now integrated within the NetAcad.com platform, making relevant features for teaching more readily available to Networking Academy instructors, including:

◉ Whole-class, lecture-style interaction via video and audio

◉ Breakout lab-group style interaction

◉ Screen sharing with remote annotation, desktop mouse and keyboard sharing, and whiteboarding

◉ Attendance, chat, polling, and notes

We believe Webex can enable interactions like “over the shoulder” coaching and peer-to-peer group collaboration within Packet Tracer labs, creating powerful synchronous and asynchronous distance learning experiences.

We know that human-to-human relationships are central to learning. Cisco Networking Academy is pioneering better distance learning by making enchanted virtual classrooms with playful, simulation-based, collaborative educational interactions a reality. And this is just the beginning.

Source: cisco.com

Continue reading

Radically simplifying unified communications with secure connectivity

Unified Communications (UC) has been defined in more than a few different ways. It’s a set of technologies that continue to advance how individuals communicate with one another. As humans, we have preferences in the way we communicate. We send and we receive communications and sometimes it is more effective to communicate using the method the ‘receiver’ prefers. Also, your preferred method may not be as effective as another method for you – perhaps to keep a record of leave breadcrumbs to information you may need to refer back to. Unified Communications can enhance and optimize these interactions while reducing latency and eliminating both device and media dependency.

94% reduction in unplanned downtime

– Business Value of Cisco SD-WAN Solutions: Studying the Results of Deployed Organizations, IDC, April 2019.

Unified communications integrates communication services including voice, extension mobility and single number reach (as well as other advanced calling features), instant messaging, presence information, video conferencing including data and desktop sharing, with non-real-time communication services such as unified messaging (integrated voicemail, messaging, email, and faxing).

Figure 1. Integrating Unified Communications with Cisco SD-WAN

Cisco SD-WAN Solutions with Integrated UC

Cisco has taken this integration to a new level. By integrating UC with our industry-leading Cisco SD-WAN solution onto a single device, we provide our customers and partners with the opportunity to reduce costs by eliminating the need for a second platform for UC, while simplifying deployment and reducing complexity of the overall solution. For large enterprise datacenters, service providers and colocation providers, the reduction in footprint and time to rack and stack can also be massive. For existing customers with Cisco SD-WAN edge devices, Unified Communications has now been fully integrated in the IOS-XE v17.3 release.

Productivity despite adversity – the ‘Branch of One’ Use Case

In 2020, for many, the place you work from changed. Both the user experience and productivity were negatively impacted. Many questioned, “How can I set up a secure connection to my company network and still have productive interactions using various connectivity tools with the performance required to support them – from the kitchen table?” You need your own branch office. And let’s not forget that a significant other may need similar capabilities from the living room…and maybe the kids need to connect for distance learning from their bedrooms. Then the afternoon arrives, and the kids sign off videoconferencing, but are now streaming movies and playing video games. Bandwidth is limited, so you need to prioritize your videoconference over gaming traffic. You start a late videoconference, but the ‘dinner rush’ starts and the kitchen table seem to become a hostile work environment and you need to switch the videoconference to a mobile device and head to the back yard.

Having a Cisco edge platform with integrated UC enables communications while it simplifies, segments, and secures your connectivity.

Cisco SD-WAN Unified Communications and Voice Integration Benefits

Let’s review some of the main benefits from Cisco’s SD-WAN and UC integration:

Telephony Integration

Cisco is the only vendor to natively integrate analog, digital and IP telephony interfaces directly into the Customer Premise Equipment (CPE)

Reduced OpEx and CapEx

With both UC and SD-WAN within a single CPE, there are less support and licensing costs, as well as eliminating the cost of the UC hardware

VoIP Solution Investment Protection

Many customers have large deployments of IP phones and other VoIP solutions. Integration of UC/Voice on Cisco edge devices ensures that existing equipment investments can be leveraged since they are supported in the cloud with Cisco SD-WAN.

Reduced Complexity

Cisco vManage can orchestrate scalable and consistent UC configurations across the entire enterprise via templates and policies can prioritize specific applications links, with fallback capability in case of link failure or degradation.

Telephony Survivability

Prevents internal and external IP phone outages using Cisco unified SIP SRST enabling the edge device as the fall back IP PBX with access to the PSTN.

Middle-mile Optimization

Cisco is the only vendor extensively partnering with colocation and SDCI Partners for optimization with cloud applications (Cisco WebEx, UCM Cloud and more). Cisco’s Cloud OnRamp functionality provides optimal performance for UC applications hosted in a SaaS cloud.

Ensuring security and communication integrity

Cisco SD-WAN also integrates best-of-breed security with cloud-based Cisco Umbrella or Cisco’s on-premise security portfolio, thereby ensuring the security and integrity of your network and Unified Communications.

The Distinguishing Features of Cisco

Cisco’s rich feature set in this integrated solution meets the most demanding needs of the enterprise. Let’s take a closer look at some of the key features:

Application Visibility

Application visibility is an essential element for any SD-WAN solution, not only from a monitoring standpoint, but also for analytics and policy construction. Traditionally, policies for the WAN required administrators to use IP Addressing, Ports, Layer 4 Protocol, DSCP value, and more to define traffic that should receive any special treatment. This worked in the past, but as applications evolved, policy cannot be built on these criteria. In our multi-cloud world, applications are far more dynamic and often cannot neatly fit within the confines of legacy rules. Cisco’s SD-WAN solution addresses this by utilizing both Qosmos and Network Based Application Recognition (NBAR2) to identify the applications to which it is forwarding traffic. Deep-Packet-Inspection (DPI) engines are invoked directly in the Data Plane and evaluate every packet. By using a complex formula of Layer 3, 4 and 7 information, the engines are capable of identifying which WAN application a particular packet belongs to. The data can then be used within a policy to provide intelligent routing for these applications. If an administrator wants to provide priority to Unified Communications traffic such as a videoconference, they are no longer required to specify DSCP values, ports or IP Addresses. They simply select the Unified Communications Application Family. Qosmos and NBAR2 will do the rest!

Application-Aware Routing

Cisco application-aware routing computes the optimal paths for data traffic, helping assure service levels for UC applications as well as voice traffic. These paths are calculated by tracking characteristics including packet loss, latency, and jitter in the data plane tunnels between edge devices. Cloud OnRamp automates the selection of best performing path to cloud-based UC services, including the choice of DIA for remote locations.

Quality of Service (QoS)

Automation of QoS deployments using Cisco vManage to simplify and assure best quality for voice and video. QoS prioritizes bandwidth for UC and voice traffic. The SD-WAN overlay network examines packets that enter at the edge of the network, while the edge devices are configured to provision QoS. The data traffic will then flow automatically over IPsec connections between edge devices.

You can also modify the packet forwarding flow with centralized and localized data policies. The centralized data policy enables control over traffic based on the address, port, and Differentiated Services Code Point (DSCP) fields in the packet’s IP header. The localized data policy controls the flow of traffic into and out of the edge devices’ interfaces.

Each interface has eight queues on edge devices, numbered 0 to 7. Queue 0 is reserved for both control traffic and low-latency queuing (LLQ) traffic; you must configure any class mapped to queue 0 to use LLQ. All control traffic is transmitted. Queues 1 to 7 are available for data traffic.

Per-VPN topology

Virtual Private Networks (VPNs) provide segmentation and enhanced security in the SD-WAN overlay, much like Virtual Routing and Forwarding instances (VRFs). Each VPN is isolated and has its own forwarding table. Each Interface or sub-interface is explicitly configured under a single VPN, using labels in OMP route attributes and the packet encapsulation to identify it. You can create a separate VPN topology for UC traffic (full mesh).

Packet Duplication and Forward Error Correction

Forward Error Correction (FEC) and Packet Duplication enhancements were added to Cisco SD-WAN. Packet Duplication creates a copy of critical application flows across the SD-WAN fabric. FEC drastically improves audio/video quality over a lossy link such as an internet connection by adding correction packets to the flow. If packet loss occurs, these duplicated/FEC flows can be recovered from a secondary link. This does however come with the requirement of up to doubling the bandwidth allocated for a given application. However, for Unified Communications flows, this may be acceptable when considering these traffic flows are generally smaller. Also, CODEC selection can also help to alleviate the burden that Packet Duplication/FEC incurs.

Data Policy-Traffic Engineering

Data policies affect the flow of data traffic through the network based on fields in the IP packet headers and VPN membership. You can use centralized data policies for application firewalls, service chains, traffic engineering, QoS, and Cflowd. Localized data policies allow you to configure data traffic handling at a specific site, including ACLs, QoS, mirroring, and policing. A centralized data policy such as QoS classification or app-route policies may also impact handling on edge devices. You may also route voice traffic based on data policy with Cisco SD-WAN.

Geo-Redundancy

UC traffic routed through geo-redundant network links enable failover and fallback protections.

In today’s business environment, it’s never been more important to reduce costs. Cisco now offers a robust, integrated UC and secure SD-WAN solution on a single platform to both reduce CapEx and decrease support and licensing costs that reduce OpEx.

We are all doing more with less. Cisco vManage helps reduce complexity with the addition of UC orchestration with configuration via templates and policies for consistency across an enterprise datacenter, network operations center of colocation facility.

With middle-mile optimization and telephony survivability, Cisco offers the business resiliency and options to maximize your performance now, and for future needs.

Integrating UC with Cisco SD-WAN provides benefits regardless of if you are a Multi-national conglomerate with many datacenters, a service provider or a Branch of One.

Continue reading

Balancing Safety and Security During a Year of Remote Working

I have not been inside an office building for 12 months. A sentence I did not imagine writing anytime soon. Last February, everything changed. And when we pause to reflect, we have to consider that, of the many dramatic impacts to our lives, to society, and the world, in the realm of the professional, one of the most impactful changes has been the fact that many of us no longer commute to an office to perform our jobs.

It’s been a year, give or take, since organizations had to provision extraordinary numbers of employees to work remotely as a result of the pandemic. Some companies may consider reopening traditional offices again, but the new work-from-home paradigm has many people contemplating a hybrid model (remote-first seems to be a popular option). In a recent Cisco study, not only were many people currently working remotely, but a substantial percentage of organizations also said that more than half of their employees would still work remotely once pandemic restrictions are lifted.

Source: Cisco Future of Secure Remote Work Report

The pandemic brings new security challenges

In security, we lament about how new initiatives are often instituted with threat protection as an afterthought. This is somewhat true as well of this rush to remote working, especially for companies that had not previously entertained the concept of remote work.

Security cannot remain a secondary thought, and it was quickly understood that remote working led to new security challenges. The concept of “Bring Your Own Device” was in full bloom – maybe “Use Your Own Device” is more accurate given that no one has been bringing anything anywhere. 

While we were working to secure this new environment, there was a dark side brewing; the world of cybercrime saw an opportunity to capitalize on the haste to preserve life, and we saw a rise in cyberattacks. In one analysis by Cisco Talos, pandemic-themed phishing scams emerged over the course of just a few months.

Percent of observed emails tracked by Talos containing pandemic themes

Source: Cisco, “Defending Against Critical Threats, A 12 Month Roundup”

While the pandemic raged on, and cybercrime targeted our fears, there was no slowdown in the everyday threats that carried on with broader targets, as shown in this timeline from a recent Cisco report.

Source: Cisco, “Defending Against Critical Threats, A 12 Month Roundup”

Cisco technology for secure, remote work

At the start of the pandemic, Cisco quickly took action to help our customers securely provision for remote workers. Some of the offerings included extended free licenses and expanded usage counts for Cisco Webex, as well as several technologies for securing remote access and endpoints.

We all know that the pandemic will not last forever, but as mentioned previously, remote work is a viable way to run many businesses. What are some of the best ways to protect your company’s workforce? Cisco has developed the Secure Remote Worker solution, which incorporates many security components needed to embrace this new work setting.

With Cisco, New Castle Hotels and Resorts was able to secure its remote workforce within hours. According to Alan Zaccario, Vice President of IT and Cybersecurity for New Castle:

“Cisco security has definitely proven to be the correct choice, because Cisco enables a strong security posture for remote work. When the rapid move to remote work happened, my biggest concern was helping people configure local printers and scanners, not scrambling to secure the enterprise.”

One thing that we can all agree on is that sitting alone in your room, working remotely, can be a lonely undertaking. That’s why collaboration tools are key to not only keeping the business on track, but also keeping us connected. However, collaboration can sometimes add more complexity, and that is why we have enhanced our Cisco Secure Remote Worker offering by coupling security with collaboration tools that make remote work more secure.

Finally, the Cisco SecureX platform brings all of our security technology (plus third-party technologies) together to protect users and devices wherever they are. SecureX is built into every Cisco product. It is a cloud-native platform that connects our integrated security portfolio and customers’ security infrastructure to provide simplicity, visibility, and efficiency.

SecureX delivers a unified view of customers’ environments, so they no longer have to jump between multiple dashboards to investigate and remediate threats. It also gives customers the ability to automate common workflows across security products from Cisco and third parties to handle tasks such as threat hunting and identifying device vulnerabilities.

“We really can’t afford a misfire with our security spend,” added Zaccario of New Castle. “We understand the Cisco security integrations, and how Cisco’s platform approach protects our investment.”

The tragedies of the pandemic have taught us many important lessons. From a technology perspective, as we all scrambled to create a fully remote workforce, it is nice to know that the capabilities to do so securely have kept pace with the need to protect the health of our most valuable assets, our co-workers.

Source: cisco.com

Continue reading

DevNet Specialized Partners Gain API Insights for Pandemic Challenges

The network connects everything. It stands at the vortex of IT and business. It has the potential to constantly empower, protect and inform all IT and business processes. As users, devices, and distributed applications have grown in number, the networking environment has become exponentially more complex.

Intent-based networking transforms a hardware-centric, manual network into a controller-led network that captures business intent and translates it into policies that can be automated and applied consistently across the network. The goal is for the network to continuously monitor and adjust network performance to help assure desired business outcomes.

Cisco DNA Center is the network management and command center for Cisco Digital Network Architecture (DNA), and it is at the heart of Cisco’s intent-based network. It enables you to:

◉ Configure and provision thousands of network devices across your enterprise in minutes, not hours.

◉ Deploy group-based secure access and network segmentation customized for your business needs.

◉ Monitor, identify, and react in real time to changing network and wireless conditions.

◉ Enhance the overall network experience by optimizing end-to-end IT processes, reducing total cost of ownership, and creating value-added network.

While our networks are evolving and becoming more complex, the world around us has also become even more complex. As nations continue to struggle with the challenges brought on by the COVID-19 pandemic, the workforce is likely eager to return to the office and at the very least, return to some level of normalcy.

Ensuring a safe return to the workplace

Many essential businesses have remained open during these trying times, and as restrictions begin to ease up, many will begin re-opening their offices soon and offering their employees the opportunity to conduct business in-person once again. As the global workforce emerges from their office exile, it is critically important to ensure strong safety measures are in place to minimize the risk and reduce the likelihood of a viral outbreak in the office.

The unique circumstances that businesses face today call for a new breed of innovation to help get through these modern challenges. Developer APIs built on-top of Cisco’s technology can help facilitate that innovation. While traditional business problems solved through APIs are commonly associated with digital experiences, there is a mind shift brewing that begs the questions, “how can these APIs provide better physical experiences in this pandemic world?”  

Like building a network security policy, companies need to be able to have visibility, consistency, scalability, and adaptability across their infrastructure to reduce the attack surface and minimize the potential risks from threats (regardless of whether that threat is digital, physical, or biological). Programmability and APIs are the tools that arm developers and engineers with the visibility, consistency, scalability, and adaptability they need to help their businesses transform and prepare for a safe return to office life. 

Rich APIs can facilitate this new breed of innovation

While these rich APIs can facilitate this new breed of innovation, it is up to our partners to be able to deliver on that innovation. Cisco’s partners have been uniquely positioned to “be the bridge” that gets the world back to the office safely and deliver these new innovations to their customers.  

When it comes to Cisco customers knowing which partners to trust and deliver on that innovation, look no further than our growing list of DevNet Specialized Partners. 

The DevNet Specialization recognizes Cisco partners with demonstrated software skills and business practices that leverage API capabilities of Cisco products and services to deliver successful outcomes to their customers. A DevNet Specialized partner is one that is fully equipped to build and deliver on the innovations needed to make the return to the office safe and effective. 

While there are many benefits to the DevNet Specialization program, such as Ecosystem Exchange placement to co-market with Cisco and pre-sales consulting opportunities, one of the unique benefits we offer to our specialized partners is the exclusive API Insights webinar series, which provides the latest information on Cisco API releases, industry trends, best practices, and technical deep dives on API-related topics. 

The most recent API Insights webinar – offered exclusively to our DevNet Specialized partners – focused on how DNA Center can be leveraged to perform contact-tracing inside of an office building. It began with an overview of the API capabilities provided by DNA Center, making sure that our DevNet Specialized partners had a base understanding needed to advance the conversation.

Cisco DNA Center “Pandemic Proximity” use case

From there, it dove into the “Pandemic Proximity” use case for DNA Center, covering all the implementation details needed to build and deliver this use case to customers. Partners were provided with a deep dive into the technical aspects of this use case and how Cisco technology can better track in-person interactions across the office, as far back as 14 days. 

If a business ever faces the unfortunate challenge of dealing with a viral outbreak in their office, they can use these capabilities, delivered by a DevNet Specialized partner, to understand where the contagious employee was in the office, and who they might have come into contact with. This can help reduce the impact caused by an outbreak, keep more employees safe, and help reduce the disruption to business that this may cause. It also has the potential to save lives in the process. 

While more information will be available in the future about the “Pandemic Proximity” use case for DNA Center, Cisco’s partners in the DevNet Specialization program are uniquely positioned to deliver on this use case today, having gained the necessary insights and knowledge from Cisco experts through the API Insights webinar. Although this quarter’s API Insights event has already concluded, I am already looking forward to what the API experts have in-store for next quarter, and how, together, we can all better the world through programmability and APIs. 

As a reminder, these API Insights webinars are available exclusively to partners that have already achieved their DevNet Specialization. I invite you to learn more about the DevNet Specialization so that you and your teams can also experience these exclusive insights/webinar events, and ultimately you can see how being DevNet Specialized can benefit your teams, your business and the business of your customers.

Continue reading

Real-Time Translations, Improved Search Performance and More in the Webex App March Update

Webex App March Update

As the saying goes, March comes in like a lion and out like a lamb. So does the Cisco Webex app … at least the lion part. In this month’s release, we bring you the much-anticipated king of features: real-time translations in meetings. In messaging, we deliver a 4x improvement in Webex search performance. In Webex Calling, you’ll see key feature enhancements for media optimization, and in Unified CM, new call recording services among other exciting developments.

Meetings in Webex

◉ In late March, Webex will begin a trial of real-time translation* – from English to 100+ languages. That means, non-native English speakers and/or hearing-impaired participants can choose closed captioning translation from English to one of the 108 additional languages supported. Real-time translation aids understanding and creates a more inclusive meeting, where language no longer be a barrier to great collaboration. Imagine the impact real-time translation could have on a virtual global classroom or a multinational company all-hands where better understanding could result in greater engagement. And we have deeply embedded this capability into the Webex UI, so the user experience will be familiar and effortless. See it in action:

Enterprise customers can reach out to their Cisco sales rep to sign up for the real-time translation trial. The trial will also be enabled on Webex.com with some restrictions. We will open the trial more broadly in May when the feature becomes generally available.

◉ Another long-awaited feature: Q&A is now supported in Webex Meetings. Together with previously released features – such as breakout sessions, co-hosts, and hard mute – you now have all the functionality you need to have a great training experience in Webex Meetings. The Q&A capability allows attendees to post questions in the Q&A panel with answers provided by the host and co-hosts. Multiple co-hosts can be assigned to the meeting, so you can have as many Q&A panelists as needed to conduct a highly effective training session. Teachers and corporate trainers now have powerful tools to conduct interactive and effective training sessions in Webex Meetings.

◉ For scheduled meetings, we’ve improved the attendee join experience in the event they join before a meeting starts. Rather than having to hang up and dial back in, they can now wait in the pre-meeting lobby until the host arrives and even notify the host that they are waiting. This feature is already available for Webex Personal Room meetings, so this is making the experience consistent across Webex meeting types.

Messaging in Webex

With a 400 percent improvement in our search performance time, you will now enjoy lightning-fast results when you search for key words in Webex messaging. Webex will return near instantaneous results, which will make you more efficient than ever before. No more endless scrolling through spaces to find that particular message. You’ll also be able to narrow your search and find messages instantly with the addition of In: (In a space) and From: (From a contact) modifiers. These can be selected from the advanced search menu or typed straight into your search box. Or, speed things up with new keyboard shortcuts:

Command + F: Open search bar

Command + F +Shift: Open search in space

◉ Viewing, sending and navigating files are some of the most frequent actions we take every day as we collaborate. With this in mind, we have made major updates to the content tab including a new ‘list’ view option for reviewing files in chronological order, as well and the ability to drag and drop files into this area to share in the space. This enables you to keep all your project assets easily accessible in a space that is well organized.

◉ Team spaces are great when a team project needs to be broken down into smaller sub-groups, allowing more efficient and precise collaboration. Originally, moderators only had control over the ‘General’ space. Now moderators have full control over all spaces within a Team. This gives them extra control and additional features such as the ability to add and remove participants and control the contents of a space including deleting other users’ messages.

◉ When working across multiple spaces, it can be easy to get distracted and forget what you were working on. We have now added ‘forward and back’ arrows on the Webex app header to help guide you through your spaces and keep track of where you were.

Calling in Webex

◉ Making calls has never been easier in Webex. In the desktop client, you’ll now be able to input the phone number in the global search bar and press ‘Enter’ to make the call. You no longer need to navigate your mouse to click the audio or video call buttons. Or speed things up even more with new keyboard shortcuts:

Audio call:

Option + Command + C

Control + Alt + C

Video call:

Option + Command + U

Control + Alt + V

◉ Webex app with Webex Calling: Media optimization (ICE) allows calls between the Webex app to keep media on premise. This helps businesses decrease bandwidth usage, reduce latency, and improve quality performance. No extra hardware or configuration is required. Backend support will launch by the end of March, and when integrated into the Webex app the first week of April, ICE will automatically improve call performance.

◉ Webex app with Unified CM: More controls are coming to call recording. If you’re set up by your administrator to record calls, you can now start and stop recordings as needed during your call, providing flexibility and greater control. If the call is being recorded, the recording continues if you move the call to another device, merge the call with another active call, or make it a conference call. A visual indicator light will be visible to let you know when a call is being recorded.

Webex App Device Integration

◉ In situations where proximity is not available, you can now pair to a device using a 9-character code. For instance, if you’re on a guest network, simply get the code from the device and enter it into the Webex app device panel. Once paired to the device, you can use the device for audio/video, wireless screen share, and device control enabling you to be able to work the way you want with the device of your choice.

◉ Closed captioning is now available on Webex devices for Webex Assistant for Meetings subscribers. Hosts were already able to turn on Webex Assistant for Meetings from their devices. Now, participants and hosts using Webex devices will also be able to see closed captioning, making the experience more aligned across Webex apps and devices.

Continue reading