Migrating PnP API from APIC-EM to Cisco DNA Center

I have had a number of questions about the best way to migrate from APIC-EM to DNA Center for Plug and Play (PnP) provisioning of devices.  The PnP API was very popular in APIC-EM and both the PnP functionality as well as API have been enhanced in DNA Center. While the older workflow style API still exist in DNAC, they are relatively complex and have no UI component.

Transition approaches

I used to have two answers to the “how do I migrate” question. One approach was to transition (just use the workflow API), and the other was to transform (move to the new “site base” API).

If you had static configuration files for devices (e.g. some other tool to generate them) you would typically choose the first option.  If you were more interested in templates with variables, you would choose the second.

There is now a hybrid option, using the new site-claim API, with a “fixed” configuration template.

PnP API

First a look at the PnP API and how they work.  There are two steps, 1) Add a device and 2) Claim a device.

Step one adds the device to the PnP device table.  This can happen in two ways, unplanned (where the device discovers DNA Center), or pre-planned (where the device is inserted into DNA Center).  This step is unchanged from APIC-EM and uses the /import API endpoint.  All that is required is the model of the device and the serial number.

Once the device is part of the PnP table, it can then be claimed.   In the past, the workflow based API used the /claim API endpoint.  The newer /site-claim API endpoint is now recommended.   This requires a device (from step1) and a site.  There are optional attributes for image upgrade and configuration template.

These steps are seen in the UI.  The first device (“pre-planned”) has been added to DNA Center, but not claimed. The second device was added and claimed to a site.  The source of both devices was “User” which indicates they were pre-planned as opposed to “Network” which indicates an un-planned device.

Using the Scripts

These scripts are available on github. The readme has instructions on installing them. The scripts use the dnacentersdk I described in this post.

The first step is to upload the configuration files as templates.  These should be stored in the “Onboarding Configuration” folder.

$ ./00load_config_files.py --dir work_files/configs

Processing:switch1.cfg: adding NEW:Commiting e156e9e6-653d-4016-85bd-f142ba0659f8

Processing:switch3.cfg: adding NEW:Commiting 9ae1a187-422d-41b9-a363-aafa8724a5b2

Second step is to edit a CSV file contain the devices to be uploaded, and the configuration file. This file deliberately contains some errors (missing config file and missing image) as examples.

$ cat work_files/devices.csv 

name,serial,pid,siteName,template,image

adam123,12345678902,c9300,Global/AUS/SYD5,switch1.cfg,cat3k_caa-universalk9.16.09.05.SPA.bin

adam124,12345678902,c9300,Global/AUS/SYD5,switch2.cfg,cat3k_caa-universalk9.16.09.05.SPA.bin

adam_bad_image,12345678902,c9300,Global/AUS/SYD5,switch2.cfg,cat3k_caa-universalk9.16.09.10.SPA.bin

Third step is to use the script to upload the devices into DNA Center. The missing configuration and missing image are flagged.

$ ./10_add_and_claim.py --file work_files/devices.csv 

Device:12345678902 name:adam123 siteName:Global/AUS/SYD5 Status:PLANNED

##ERROR adam124,12345678902: Cannot find template:switch2.cfg

##ERROR adam_bad_image,12345678902: Cannot find image:cat3k_caa-universalk9.16.09.10.SPA.bin

adam_bad_image,12345678902,c9300,Global/AUS/SYD5,switch2.cfg,cat3k_caa-universalk9.16.09.10.SPA.bin

This will be reflected in the PnP page in DNA Center.

Under the Covers

Using the SDK abstracts the API.  For those that want to understand the payloads in more detail, here is a deeper dive into the payloads.

Templates

The following API call will get the projectId for the “Onboarding Configuration” folder.

GET dna/intent/api/v1/template-programmer/project?name=Onboarding%20Configuration

The result will provide the UUID of the project. It also provides a list of the templates, so could be used to find the template.   A different call is required to get the template body, as templates are versioned.  The “id” below is  the master template “id”

[

    {

        "name": "Onboarding Configuration",

        "id": "bfbb6134-8b1a-4629-9f5a-435a13dba75a",

        "templates": [

            {

                "name": "switch1.cfg",

                "composite": false,

                "id": "e156e9e6-653d-4016-85bd-f142ba0659f8"

            },

A better way to get the template is to call the template API with a projectId as a query parameter. It is not possible to lookup a template by name, the only option is to iterate through the list of results.

GET dna/intent/api/v1/template-programmer/template?projectId=bfbb6134-8b1a-4629-9f5a-435a13dba75a

Templates have versions. There is the master template Id, as well as an Id for each version. The example below only has one version “id”: “bd7cfeb9-3722-41ee-bf2d-a16a8ea6f23a”

{

        "name": "switch1.cfg",

        "projectName": "Onboarding Configuration",

        "projectId": "bfbb6134-8b1a-4629-9f5a-435a13dba75a",

        "templateId": "e156e9e6-653d-4016-85bd-f142ba0659f8",

        "versionsInfo": [ 

            {

                "id": "bd7cfeb9-3722-41ee-bf2d-a16a8ea6f23a", 

                "author": "admin",

                "version": "1",

                "versionTime": 1590451734078

            }

        ],

        "composite": false

    }

To get the body of the template (to compare SHA hash), use the template API call, for the specific version.

GET dna/intent/api/v1/template-programmer/template/bd7cfeb9-3722-41ee-bf2d-a16a8ea6f23a

Will return the body. Templates apply to a productFamily and softwareType. These will be used when creating or updating templates.

{

    "name": "switch1.cfg",

    "tags": [],

    "author": "admin",

    "deviceTypes": [

        {

            "productFamily": "Switches and Hubs"

        }

    ],

    "softwareType": "IOS-XE",

    "softwareVariant": "XE",

    "templateContent": "hostname switch1\nint g2/0/1\ndescr nice  one\n",

    "templateParams": [],

    "rollbackTemplateParams": [],

    "composite": false,

    "containingTemplates": [],

    "id": "bd7cfeb9-3722-41ee-bf2d-a16a8ea6f23a",

    "createTime": 1590451731775,

    "lastUpdateTime": 1590451731775,

    "parentTemplateId": "e156e9e6-653d-4016-85bd-f142ba0659f8"

}

To add a new template, there are two steps. The template has to be created, then committed. The second step is the same as updating an existing template, which creates a new version. Notice the deviceTypes and softwareType are required.

POST dna/intent/api/v1/template-programmer/project/bfbb6134-8b1a-4629-9f5a-435a13dba75a/template

{

     "deviceTypes": [{"productFamily": "Switches and Hubs"}],

     "name": "switch4.cfg",

     "softwareType": "IOS-XE",

     "templateContent": "hostname switch4\nint g2/0/1\ndescr nice  four\n"

}

This will return a task, which needs to be polled.

{

       "response": {

                 "taskId": "f616ef87-5174-4215-b5c3-71f50197fe72",

                 "url": "/api/v1/task/f616ef87-5174-4215-b5c3-71f50197fe72"

        },

        "version": "1.0"

}

Polling the task

GET dna/intent/api/v1/task/f616ef87-5174-4215-b5c3-71f50197fe72

The status is successful and the templateId is “57371b95-917b-42bd-b700-0d42ba3cdcc2”

{

  "version": "1.0", 

  "response": {

    "username": "admin", 

    "rootId": "f616ef87-5174-4215-b5c3-71f50197fe72", 

    "serviceType": "NCTP", 

    "id": "f616ef87-5174-4215-b5c3-71f50197fe72", 

    "version": 1590468626572, 

    "startTime": 1590468626572, 

    "progress": "Successfully created template with name switch4.cfg", 

    "instanceTenantId": "5d817bf369136f00c74cb23b", 

    "endTime": 1590468626670, 

    "data": "57371b95-917b-42bd-b700-0d42ba3cdcc2", 

    "isError": false

  }

}

The final step is to commit the change to the template.

POST dna/intent/api/v1/template-programmer/template/version

{

  "templateId": "57371b95-917b-42bd-b700-0d42ba3cdcc2"

}

To update an existing template, it is a PUT rather than POST. Again, the deviceTypes and softwareType are required.

PUT dna/intent/api/v1/template-programmer/template

{

 "deviceTypes": [ { "productFamily": "Switches and Hubs" } ],

 "id": "57371b95-917b-42bd-b700-0d42ba3cdcc2",

 "name": "switch4.cfg",

 "softwareType": "IOS-XE",

 "templateContent": "hostname switch4\nint g2/0/1\ndescr nice four **\n"

}

Again, a task is returned, which needs to be polled.

{

  "version": "1.0", 

  "response": {

    "username": "admin", 

    "rootId": "52689b1e-e9b8-4a60-8ae9-a574bb6b451c", 

    "serviceType": "NCTP", 

    "id": "52689b1e-e9b8-4a60-8ae9-a574bb6b451c", 

    "version": 1590470080172, 

    "startTime": 1590470080172, 

    "progress": "Successfully updated template with name switch4.cfg", 

    "instanceTenantId": "5d817bf369136f00c74cb23b", 

    "endTime": 1590470080675, 

    "data": "57371b95-917b-42bd-b700-0d42ba3cdcc2", 

    "isError": false

  }

}

The final step is to commit the change, as when first creating the template.  The UI will show two versions of this template.

Site

To find the siteId, a simple lookup is used, with the name as a query parameter.  This is the fully qualified name of the site.

GET dna/intent/api/v1/site?name=Global/AUS/SYD5

This will return the siteId.

{

  "response" : [ {

    "parentId" : "ace74caf-6d83-425f-b0b6-05faccb29c06",

    "systemGroup" : false,

    "additionalInfo" : [ {

      "nameSpace" : "Location",

      "attributes" : {

        "country" : "Australia",

        "address" : "177 Pacific Highway, North Sydney New South Wales 2060, Australia",

        "latitude" : "-33.837053",

        "addressInheritedFrom" : "d7941b24-72a7-4daf-a433-0cdfc80569bb",

        "type" : "building",

        "longitude" : "151.206266"

      }

    }, {

      "nameSpace" : "ETA",

      "attributes" : {

        "member.etaCapable.direct" : "2",

        "member.etaReady.direct" : "0",

        "member.etaNotReady.direct" : "2",

        "member.etaReadyNotEnabled.direct" : "0",

        "member.etaEnabled.direct" : "0"

      }

    } ],

    "groupTypeList" : [ "SITE" ],

    "name" : "SYD5",

    "instanceTenantId" : "5d817bf369136f00c74cb23b",

    "id" : "d7941b24-72a7-4daf-a433-0cdfc80569bb",

    "siteHierarchy" : "80e81504-0deb-4bfd-8c0c-ea96bb958805/ace74caf-6d83-425f-b0b6-05faccb29c06/d7941b24-72a7-4daf-a433-0cdfc80569bb",

    "siteNameHierarchy" : "Global/AUS/SYD5"

  } ]

}

Image

To find the imageid, for upgrading software, search for the image by imageName. NOTE, on some platforms this is different to name.

GET dna/intent/api/v1/image/importation?imageName=cat3k_caa-universalk9.16.09.05.SPA.bin

Returns the imageUuid, and a lot of other information about the image, including model numbers etc.

{

    "response": [

        {

            "imageUuid": "04d69fe0-d826-42e9-82c0-45363a2b6fc7",

            "name": "cat3k_caa-universalk9.16.09.05.SPA.bin",

            "family": "CAT3K_CAA",

            "version": "16.9.5",

            "md5Checksum": "559bda2a74c0a2a52b3aebd7341ff96b",

            "shaCheckSum": "a01d8ab7121e50dc688b9a2a03bca187aab5272516c0df3cb7e261f16a1c8ac355880939fd0c24cc9a79e854985af786c430d9b704925e17808353d70bf923f4",

            "createdTime": "2020-05-26 04:20:42.904",

            "imageType": "SYSTEM_SW",

            "fileSize": "450283034 bytes",

            "imageName": "cat3k_caa-universalk9.16.09.05.SPA.bin",

            "applicationType": "",

            "feature": "",

            "fileServiceId": "94eccf65-a1dd-47ca-b7c4-f5dd1a8cdeb7",

            "isTaggedGolden": false,

            "imageSeries": [

                "Switches and Hubs/Cisco Catalyst 3850 Series Ethernet Stackable Switch",

                "Switches and Hubs/Cisco Catalyst 3650 Series Switches"

            ],

            

Add Device

To add the device, supply a serialNumber, and pid. The name is optional. The aaa parameters are not used prior to DNAC 1.3.3.7. They are used to solve an issue with “aaa command authorization”.

POST dna/intent/api/v1/onboarding/pnp-device/import

[

  {

    "deviceInfo": {

      "serialNumber": "12345678902", 

      "aaaCredentials": {

        "username": "", 

        "password": ""

      }, 

      "userSudiSerialNos": [], 

      "hostname": "adam123", 

      "pid": "c9300", 

      "sudiRequired": false, 

      "stack": false

    }

  }

]

The response contains the deviceId, other attributes have been removed for brevity. At this point the device appears in PnP, but is unclaimed.

{

                 "successList": [

                     {

                         "version": 2,

                         "deviceInfo": {

                             "serialNumber": "12345678902",

                             "name": "12345678902",

                             "pid": "c9300",

                             "lastSyncTime": 0,

                             "addedOn": 1590471982430,

                             "lastUpdateOn": 1590471982430,

                             "firstContact": 0,

                             "lastContact": 0,

                             "state": "Unclaimed",

                         "tenantId": "5d817bf369136f00c74cb23b",

                         "id": "5eccad2e29da7c0008613b69"

                     }

Site-Claim

To claim the device to a site, use the siteId, imageId, templateId(configId) from earlier steps. Notice the master templateId is used, rather than a specific version. The master gets the latest version of the template by default. The type should be “Default”. If you are using a stack, then the type would be “StackSwitch”. Wireless Access points will set the type field to “AccessPoint”.

POST dna/intent/api/v1/onboarding/pnp-device/site-claim

{

  "configInfo": {

    "configId": "e156e9e6-653d-4016-85bd-f142ba0659f8", 

    "configParameters": []

  }, 

  "type": "Default", 

  "siteId": "d7941b24-72a7-4daf-a433-0cdfc80569bb", 

   "deviceId": "5eccad2e29da7c0008613b69", 

  "imageInfo": {

    "skip": false, 

    "imageId": "04d69fe0-d826-42e9-82c0-45363a2b6fc7"

  }

}

The response shows success, and this is reflected in the PnP UI.

{

      "response": "Device Claimed",

      "version": "1.0"

}

More on Stacks

One major innovation in DNAC PnP is support for stack renumbering. Prior to this, it was recommended that stack members be powered on two minutes apart, from top to bottom. This was to ensure a deterministic interface numbering. Stack renumbering is a much better solution to this problem. One of two stack cabling methods can be used, and the serial number of the top-of-stack switch is required.

There are two implications for API calls for the pre-planned workflow. The first is for the add device call. The stack parameter needs to be set to True.

POST dna/intent/api/v1/onboarding/pnp-device/import

[

  {

    "deviceInfo": {

      "serialNumber": "12345678902", 

      "aaaCredentials": {

        "username": "", 

        "password": ""

      }, 

      "userSudiSerialNos": [], 

      "hostname": "adam123", 

      "pid": "c9300", 

      "sudiRequired": false, 

      "stack": true 

    }

  }

]

The second is the site-claim. The type needs to be changed to “StackSwitch” and two extra attributes are required.

Note: The topOfStackSerialNumber has to be the same as the serial number used to add the device. In other words, add the device with the serial number you intend to use for the top of stack. It does not matter which switch in the stack initiates contact, as the stack will provide all serial numbers to DNAC.

POST dna/intent/api/v1/onboarding/pnp-device/site-claim

{

  "configInfo": {

    "configId": "e156e9e6-653d-4016-85bd-f142ba0659f8", 

    "configParameters": []

  }, 

  "type": "StackSwitch",

  "topOfStackSerialNumber":"12345678902",

  "cablingScheme":"1A", 

 

  "siteId": "d7941b24-72a7-4daf-a433-0cdfc80569bb", 

  "deviceId": "5eccad2e29da7c0008613b69", 

  "imageInfo": {

    "skip": false, 

    "imageId": "04d69fe0-d826-42e9-82c0-45363a2b6fc7"

  }

}

Continue reading

Threat Trends: DNS Security, Part 1

Part 1: Top threat categories

When it comes to security, deciding where to dedicate resources is vital. To do so, it’s important to know what security issues are most likely to crop up within your organization, and their potential impact. The challenge is that the most active threats change over time, as the prevalence of different attacks ebb and flows.

This is where it becomes helpful to know about the larger trends on the threat landscape. Reading up on these trends can inform you as to what types of attacks are currently active. That way, you’ll be better positioned to determine where to dedicate resources.

Our Threat Trends blog series takes a look at the activity that we see in the threat landscape and reports on those trends. After examining topics such as the MITRE ATT&CK framework, LOLBins, and others, this release will look at DNS traffic to malicious sites. This data comes from Cisco Umbrella, our cloud-native security service.

We’ll briefly look at organizations as a whole, before drilling down into the number of endpoints connecting to malicious sites. We’ll also look at malicious DNS activity—the number of queries malicious sites receive.

Overall, this can provide insight into how many malicious email links users are clicking on, how much communication RATs are performing, or if cryptomining activity is up or down. Such information can inform on where to dedicate resources, such as topics requiring security training or areas to build threat hunting playbooks.

Overview of analysis

We’ll look at DNS queries to domains that fall into certain categories of malicious activity, and in some cases specific threats, between January and December of 2020. While performing this analysis we looked at a wide variety of threat trends. We’ve chosen to highlight those that an organization is most likely to encounter, with a focus on the categories that are most active.

It’s worth noting that we’re deliberately not making comprehensive comparisons across categories based on DNS activity alone. The fact is that different threat types require varying amounts of internet connectivity in order to carry out their malicious activities. Instead, we’ll look at individual categories, with an eye on how they rise and fall over time. Then we’ll drill further into the data, looking at trends for particular threats that are known to work together.

Organizations and malicious DNS activity

To start off, let’s look at organizations and how frequently they see traffic going to sites involved in different types of malicious DNS activity. The following chart shows the percentage of Cisco Umbrella customers that encountered each of these categories.

To be clear, this does not indicate that 86 percent of organizations received phishing emails. Rather, 86 percent of organizations had at least one user attempt to connect to a phishing site, likely by clicking on a link in a phishing email.

Similar stories present themselves in other categories:

◉ 70 percent of organizations had users that were served malicious browser ads.

◉ 51 percent of organizations encountered ransomware-related activity.

◉ 48 percent found information-stealing malware activity.

Let’s take a closer look at some of the more prevalent categories in further detail, focusing on two metrics: the number of endpoints alerting to malicious activity (depicted by line graphs in the following charts), and the amount of DNS traffic seen for each type of threat (shown by bar graphs in the charts).

Cryptomining

It’s not surprising that cryptomining generated the most DNS traffic out of any individual category. While cryptomining is often favored by bad actors for low-key revenue generation, it’s relatively noisy on the DNS side, as it regularly pings mining servers for more work.

Cryptomining was most active early in the year, before declining until summer. This, and the gradual recovery seen in the later part of the year, largely tracks with the value of popular cryptocurrencies. As currency values increased, so too did the rate of activity. For example,  researchers in Cisco Talos noticed an increase in activity from the Lemon Duck threat starting in late August.

It’s also worth noting that there’s little difference there is between “legitimate” and illicit cryptomining traffic. Some of the activity in the chart could be blocks based on policy violations, where end users attempted to mine digital currencies using company resources. In cases like this, administrators would have good reason for blocking such DNS activity.

Phishing

The amount of phishing-related DNS activity was fairly stable throughout the year, with the exception of December, which saw a 52 percent increase around the holidays. In terms of the number of endpoints visiting phishing sites, there were significant increases during August and September.

This is due to a very large phishing campaign, where we see a 102 percentage-point shift between July and September. More on this later, but for now, take note of the point that dramatically more endpoints began clicking on links in phishing emails.

Trojans

Similar to cryptomining, Trojans started the year strong. The incredibly high number of endpoints connecting to Trojan sites was largely due to Ursnif/Gozi and IcedID—two threats known to work in tandem to deliver ransomware. These two threats alone comprised 82 percent of Trojans seen on endpoints in January.

However, the above-average numbers from January were likely tied to a holiday-season campaign by attackers, and declined and stabilized as the year progressed.

In late July, Emotet emerged from its slumber once again, comprising a massive amount of traffic that grew through September. This threat alone is responsible for the large increase in DNS activity from August through September. In all, 45 percent of organizations encountered Emotet.

Ransomware

For most of the year, two key ransomware threats dominated—one in breadth, the other in depth.

Beginning in April, the number of computers compromised by Sodinokibi (a.k.a. REvil) increased significantly and continued to rise into autumn. The increase was significant enough that 46 percent of organizations encountered the threat. In September, overall queries from this particular ransomware family shot up to five times that of August, likely indicating that the ransomware payload was being executed across many of the impacted systems.

However, this is a drop in the bucket compared to the DNS activity of Ryuk, which is largely responsible for the November-December spike in activity. (It was so high that it skewed overall activity for the rest of the year, resulting in below-average numbers when it wasn’t active.) Yet the number of endpoints connecting to Ryuk-associated domains remained relatively small and consistent throughout the year, only showing modest increases before query activity skyrocketed.

So, while one threat corrals more endpoints, the other is much busier. Interestingly, this contrast between the two ransomware threats correlates with the amount of money that each threat reportedly attempts to extort from victims. Sodinokibi tends to hit a large number of endpoints, demanding a smaller ransom. Ryuk compromises far fewer systems, demanding a significantly larger payment.

Tying it all together

In today’s threat landscape, the idea that ‘no one is an island’ holds true for threats. The most prevalent attacks these days leverage a variety of threats at different stages. For example, let’s look at how Emotet is often delivered by phishing in order to deploy Ryuk as a payload. While the data below covers all phishing, Emotet, and Ryuk activity, as opposed to specific campaigns, a clear pattern emerges.

Remember the 102 percentage-point shift in phishing between July and September? This lines up with a 216 percentage-point jump in Emotet DNS activity. Activity drops off in October, followed by an eye-watering 480 percentage-point increase in Ryuk activity.

Emotet’s operations were significantly disrupted in January 2021, which will likely lead to a drop-off in activity for this particular threat chain. Nevertheless, the relationship presented here is worth considering, as other threat actors follow similar patterns.

If you find one threat within your network, it’s wise to investigate what threats have been observed working in tandem with it and take precautionary measures to prevent them from causing further havoc.

For example, if you find evidence of Ryuk, but not Emotet, it might be worth looking for Trickbot as well. Both Emotet and Trickbot have been seen deploying Ryuk in attacks, at times in coordination, and other times separately.

Sure enough, Trickbot follows a similar pattern in terms of DNS activity—lower in the first half of the year, busy in August and September, then quiet in October. However, Trickbot was active between November and December, when Emotet was not, likely contributing to the phenomenal increase in Ryuk activity during these two months.

Preventing successful attacks

As mentioned earlier, the data used to show these trends comes from Cisco Umbrella, our cloud delivered security service that includes DNS security, secure web gateway, firewall, and cloud access security broker (CASB) functionality, and threat intelligence. In each of these cases, the malicious activity was stopped in its tracks by Umbrella. The user who clicked on a phishing email was unable to connect to the malicious site. The RAT attempting to talk to its C2 server was unable to phone home. The illicit cryptominer couldn’t get work to mine.

Umbrella combines multiple security functions into one solution, so you can extend protection to devices, remote users, and distributed locations anywhere. Umbrella is the easiest way to effectively protect your users everywhere in minutes.

Also, if you’re looking to get more information on the malicious domains that your organization encounters, Umbrella Investigate gives the most complete view of the relationships and evolution of internet domains, IPs, and files — helping to pinpoint attackers’ infrastructures and predict future threats. No other vendor offers the same level of interactive threat intelligence — exposing current and developing threats. Umbrella delivers the context you need for faster incident investigation and response.

Up next

In this blog we looked at the most active threat categories seen in DNS traffic, as well as how evidence of one threat can lead to uncovering others. In part two, we’ll break the data down further to examine which industries are targeted by these threats. Stay tuned to learn more about the impact on your industry!

Methodology

We’ve organized the data set to obtain overall percentages and month-on-month trends. We’ve aggregated the data by the number of endpoints that have attempted to visit certain websites that have been flagged as malicious. We’ve also aggregated the total number of times websites flagged as malicious have been visited. These numbers have been grouped into meaningful threat categories and, when possible, have been marked as being associated with a particular threat.

We’ve also applied filtering to remove certain data anomalies that can appear when looking at malicious DNS traffic. For example, when a C2 infrastructure is taken down, compromised endpoints attempting to call back to a sinkholed domain can generate large amounts of traffic as they unsuccessfully attempt to connect. In cases like these, we have filtered out such data from the data set.

The charts use a variation of the Z-score method of statistical measurement, which describes a value’s relationship to the mean. In this case, instead of using the number of standard deviations for comparison, we’ve shown the percent increase or decrease from the mean. We feel this presents a more digestible comparison for the average reader.

Source: cisco.com

Continue reading

How to Balance IT Stability and Strong Security

Remember the old days of deploying Anti-Virus (AV) across your organization? Most often, it was a “set it and forget it” approach. It worked back then. Until it didn’t.

This leaves us with a perplexing dichotomy. On the one hand, the mindset of the old AV days still persists, where many companies are reluctant to update, upgrade, or even touch their existing security technology. On the other hand, we found in our recent 2021 Security Outcomes Study that most practitioners believe a technical refresh is the most prudent approach to staying ahead of existing and emerging threats.

So where is the problem? What is it that causes organizations to resist upgrading?

Instability as a Source of Insecurity 

The problem is one of stability. After all the configurations have been tweaked to make a deployed product behave as a finely tuned engine, there is nothing more uncertain than having a vendor announce a new product that has the potential to disrupt your harmonious tech orchestration. To state it more bluntly, people have been burned too many times with the promise of the latest and greatest software that ultimately interrupts their workflow and, in some cases, entirely halts production.

This is the classic struggle between operations and security; they do not always line up. Everything might be flowing smoothly, but when an exploit emerges that an attacker could use to compromise the organization, the security team is viewed by the organization as overly paranoid if they want to make changes, threatening the stability of a perfectly functioning environment. In other instances, the security team may not even have the time to stay on top of necessary updates, leading to “upgrade resistance” even among the security ranks.

Why Is Stability Threatened When a New Product Is Introduced?  

According to our Security Outcomes Study, it would seem that the inability to retain skilled security professionals may be part of the problem. Another factor is that even with a staff of skilled professionals, they are often stretched beyond their capabilities and are expected to do too many tasks in the course of a normal workday. Unfortunately, short staffing and an overworked security team can lead to a lack of testing, which can create issues when it comes to effectively implementing software updates.

How to Ensure Success

Proper training

When we think about the tools needed to succeed, one of the best tools for any staff is training. If you offer training to the staff, you end up not only with a stronger, more skilled team but also a team that feels valued and appreciated. As shown below, role-specific training is one of the top success factors that can help a security team keep up with business demands.

Top security success factors for keeping up with the business

I am often reminded of a joke that I heard where a manager asks, “What happens if we spend money on training and the staff then leaves?” To which the other person responds, “What happens if you don’t train them and they stay?”

It is all about instilling confidence in the team and empowering them to make the correct choices when it comes to what’s best for an organization’s overall infrastructure. For example, testing prior to deployment is an absolute necessity towards the success of any project.

Reliable vendors

Another key to ensuring success is to work with reliable and trustworthy vendors. The vendor relationship is important from a technology standpoint as well as a business standpoint.

How can you combat the fear of new security technology in an organization? You can do so by imparting stability into project plans, which can be achieved by elevating your staff’s qualifications and by working with reputable vendors. As shown below, properly managing vendor security is one of the top success factors for creating a strong security culture within an organization.

Top success factors for creating a strong security culture

Automated, integrated technology

Last but certainly not least, technology itself can help with maintaining a stable and secure environment, while not letting software get out-of-date. In addition to protecting an organization’s infrastructure, security technology should ideally empower teams as well. It should provide security professionals with a boost, not a burden.

Seek out security technology that is streamlined, integrated, and automated. Unfortunately, the culture of procuring a new point product for every new security threat has left us with crushing complexity in many cases. Vendors today must simplify their security offerings by making them work together to reduce the manual processes that often slow down security teams.

By lessening the tedious, time-consuming tasks that stand in the way of fast, effective security, an integrated, automated tool set can help security teams more confidently stay on top of technology updates – and implement them more safely and securely. In time, this confidence can extend over to other parts of the organization and lessen overall resistance to change. After all, you cannot properly secure an organization with stagnant technology.

How Cisco can help

Cisco has been on a mission for several years to simplify and streamline its security capabilities. With the launch of Cisco SecureX, we introduced an integrated platform that incorporates greater visibility, efficiency, and automation into security processes. It brings together our entire Cisco Secure portfolio, as well as many third-party technologies, to streamline and strengthen operations not just for security teams, but for IT and networking groups as well.

With SecureX, these various teams can more easily collaborate – viewing and responding to the same data in the same place – to more quickly and effectively identify and troubleshoot potential issues. Additionally, since SecureX is delivered via the cloud, it is easy to add or update security capabilities as needed, further lessening the burden of proactive tech refreshes.

While there are many steps that can be taken to strengthen security, our Security Outcomes Study suggests that proactive tech refreshes, training, strong vendor relationships, and integration and automation can all go a long way.

Source: cisco.com

Continue reading

Meet the Enchanted Virtual Classroom

Cisco Networking Academy enables distance learning

The COVID-19 pandemic has disrupted the traditional education model for millions of students and teachers around the world, including the nearly 12,000 learning institutions worldwide that participate as Cisco Networking Academy schools. 

The Networking Academy curriculum has been delivered via a hybrid model of in-person and online teaching. So when the pandemic hit, and while many schools, teachers, and students experienced widespread disruption and challenges in making the move to a 100 percent online model, the Networking Academy transition was manageable, and students and teachers were already equipped to operate exclusively online effectively.

Beyond the move to a fully online model, the events of 2020 pushed our engineering teams at Cisco to look for new ways to offer both students and teachers more immersive experiences and better learning engagement opportunities.  

Working hand in hand with Networking Academy instructors, our engineers delivered significant enhancements to Cisco Packet Tracer’s physical mode. Combined with significant increases in the availability of our Cisco Webex collaboration suite, our teams have created what we like to think of as an “Enchanted Virtual Classroom.” 

Welcome to a world of enchantment

The concept of enchantment in the digital world – and specifically the notion of “Enchanted Objects” – has been introduced by David Rose, product designer and lecturer at the MIT Media Lab. According to Rose, Enchanted Objects can be brought to life thanks to specific design guidelines for immersive Internet of Things (IoT) environments that align with fundamental human desires including “omniscience, telepathy, safekeeping, immortality, teleportation, and expression.” 

Rose believes that IoT sensors and actuators embedded in our physical environments can lead to enchanting experiences. 

Within Cisco Networking Academy, we are applying this design philosophy to distance learning. 

Fusing Packet Tracer – which invokes senses of safekeeping (a safe place to make mistakes), omniscience (creating networks from scratch), and expression (telling networking stories relevant to their lives), with Webex – which invokes senses of telepathy (insight into how others think) and teleportation (video collaboration as if we were sharing the same physical space doing labs together) enables useful, purpose-driven, even enchanting distance learning experiences. 

We seek to help address issues that arise from the loss of physically co-located instructors, students, and equipment. A simulation-based microworld, like Packet Tracer 8.0, with enhanced physical mode representations, used in tandem with collaboration software such as Webex, may have synergies that lead to effective and delightful experiences. 

The Charm of Packet Tracer

The new version of Packet Tracer (PT 8.0), released last month, approximates the experiences of the real-world job and classroom lab interactions as shown in Figure 1. 

Using the “Geo” mode (Figure 2) students can explore floor plans, maps, and other background images that help provide context heat maps showing Wi-Fi, cellular, and Bluetooth signals, as well as manipulable cables. This representation encourages tracing a packet across various physical locations. 

With the new Packet Tracer capabilities, students can build “What-if” models, following their own inquiry, using Packet Tracer as a “virtual Lego kit.” Students can also be assigned structured design, configuration, and troubleshooting challenges, using activities that were authored via Packet Tracer’s Activity Wizard and which are automatically graded (as shown in Figure 3). 

Students can interact with a shelf (inventory system) at right, having to choose amongst devices. They can also interact with a pegboard, having to choose among cables, place devices at specific locations on tables (centre) and equipment racks (left), as well as power devices and read status LEDs.

The magic of learning through Webex 

Webex is now integrated within the NetAcad.com platform, making relevant features for teaching more readily available to Networking Academy instructors, including:

◉ Whole-class, lecture-style interaction via video and audio

◉ Breakout lab-group style interaction

◉ Screen sharing with remote annotation, desktop mouse and keyboard sharing, and whiteboarding

◉ Attendance, chat, polling, and notes

We believe Webex can enable interactions like “over the shoulder” coaching and peer-to-peer group collaboration within Packet Tracer labs, creating powerful synchronous and asynchronous distance learning experiences.

We know that human-to-human relationships are central to learning. Cisco Networking Academy is pioneering better distance learning by making enchanted virtual classrooms with playful, simulation-based, collaborative educational interactions a reality. And this is just the beginning.

Source: cisco.com

Continue reading

Radically simplifying unified communications with secure connectivity

Unified Communications (UC) has been defined in more than a few different ways. It’s a set of technologies that continue to advance how individuals communicate with one another. As humans, we have preferences in the way we communicate. We send and we receive communications and sometimes it is more effective to communicate using the method the ‘receiver’ prefers. Also, your preferred method may not be as effective as another method for you – perhaps to keep a record of leave breadcrumbs to information you may need to refer back to. Unified Communications can enhance and optimize these interactions while reducing latency and eliminating both device and media dependency.

94% reduction in unplanned downtime

– Business Value of Cisco SD-WAN Solutions: Studying the Results of Deployed Organizations, IDC, April 2019.

Unified communications integrates communication services including voice, extension mobility and single number reach (as well as other advanced calling features), instant messaging, presence information, video conferencing including data and desktop sharing, with non-real-time communication services such as unified messaging (integrated voicemail, messaging, email, and faxing).

Figure 1. Integrating Unified Communications with Cisco SD-WAN

Cisco SD-WAN Solutions with Integrated UC

Cisco has taken this integration to a new level. By integrating UC with our industry-leading Cisco SD-WAN solution onto a single device, we provide our customers and partners with the opportunity to reduce costs by eliminating the need for a second platform for UC, while simplifying deployment and reducing complexity of the overall solution. For large enterprise datacenters, service providers and colocation providers, the reduction in footprint and time to rack and stack can also be massive. For existing customers with Cisco SD-WAN edge devices, Unified Communications has now been fully integrated in the IOS-XE v17.3 release.

Productivity despite adversity – the ‘Branch of One’ Use Case

In 2020, for many, the place you work from changed. Both the user experience and productivity were negatively impacted. Many questioned, “How can I set up a secure connection to my company network and still have productive interactions using various connectivity tools with the performance required to support them – from the kitchen table?” You need your own branch office. And let’s not forget that a significant other may need similar capabilities from the living room…and maybe the kids need to connect for distance learning from their bedrooms. Then the afternoon arrives, and the kids sign off videoconferencing, but are now streaming movies and playing video games. Bandwidth is limited, so you need to prioritize your videoconference over gaming traffic. You start a late videoconference, but the ‘dinner rush’ starts and the kitchen table seem to become a hostile work environment and you need to switch the videoconference to a mobile device and head to the back yard.

Having a Cisco edge platform with integrated UC enables communications while it simplifies, segments, and secures your connectivity.

Cisco SD-WAN Unified Communications and Voice Integration Benefits

Let’s review some of the main benefits from Cisco’s SD-WAN and UC integration:

Telephony Integration

Cisco is the only vendor to natively integrate analog, digital and IP telephony interfaces directly into the Customer Premise Equipment (CPE)

Reduced OpEx and CapEx

With both UC and SD-WAN within a single CPE, there are less support and licensing costs, as well as eliminating the cost of the UC hardware

VoIP Solution Investment Protection

Many customers have large deployments of IP phones and other VoIP solutions. Integration of UC/Voice on Cisco edge devices ensures that existing equipment investments can be leveraged since they are supported in the cloud with Cisco SD-WAN.

Reduced Complexity

Cisco vManage can orchestrate scalable and consistent UC configurations across the entire enterprise via templates and policies can prioritize specific applications links, with fallback capability in case of link failure or degradation.

Telephony Survivability

Prevents internal and external IP phone outages using Cisco unified SIP SRST enabling the edge device as the fall back IP PBX with access to the PSTN.

Middle-mile Optimization

Cisco is the only vendor extensively partnering with colocation and SDCI Partners for optimization with cloud applications (Cisco WebEx, UCM Cloud and more). Cisco’s Cloud OnRamp functionality provides optimal performance for UC applications hosted in a SaaS cloud.

Ensuring security and communication integrity

Cisco SD-WAN also integrates best-of-breed security with cloud-based Cisco Umbrella or Cisco’s on-premise security portfolio, thereby ensuring the security and integrity of your network and Unified Communications.

The Distinguishing Features of Cisco

Cisco’s rich feature set in this integrated solution meets the most demanding needs of the enterprise. Let’s take a closer look at some of the key features:

Application Visibility

Application visibility is an essential element for any SD-WAN solution, not only from a monitoring standpoint, but also for analytics and policy construction. Traditionally, policies for the WAN required administrators to use IP Addressing, Ports, Layer 4 Protocol, DSCP value, and more to define traffic that should receive any special treatment. This worked in the past, but as applications evolved, policy cannot be built on these criteria. In our multi-cloud world, applications are far more dynamic and often cannot neatly fit within the confines of legacy rules. Cisco’s SD-WAN solution addresses this by utilizing both Qosmos and Network Based Application Recognition (NBAR2) to identify the applications to which it is forwarding traffic. Deep-Packet-Inspection (DPI) engines are invoked directly in the Data Plane and evaluate every packet. By using a complex formula of Layer 3, 4 and 7 information, the engines are capable of identifying which WAN application a particular packet belongs to. The data can then be used within a policy to provide intelligent routing for these applications. If an administrator wants to provide priority to Unified Communications traffic such as a videoconference, they are no longer required to specify DSCP values, ports or IP Addresses. They simply select the Unified Communications Application Family. Qosmos and NBAR2 will do the rest!

Application-Aware Routing

Cisco application-aware routing computes the optimal paths for data traffic, helping assure service levels for UC applications as well as voice traffic. These paths are calculated by tracking characteristics including packet loss, latency, and jitter in the data plane tunnels between edge devices. Cloud OnRamp automates the selection of best performing path to cloud-based UC services, including the choice of DIA for remote locations.

Quality of Service (QoS)

Automation of QoS deployments using Cisco vManage to simplify and assure best quality for voice and video. QoS prioritizes bandwidth for UC and voice traffic. The SD-WAN overlay network examines packets that enter at the edge of the network, while the edge devices are configured to provision QoS. The data traffic will then flow automatically over IPsec connections between edge devices.

You can also modify the packet forwarding flow with centralized and localized data policies. The centralized data policy enables control over traffic based on the address, port, and Differentiated Services Code Point (DSCP) fields in the packet’s IP header. The localized data policy controls the flow of traffic into and out of the edge devices’ interfaces.

Each interface has eight queues on edge devices, numbered 0 to 7. Queue 0 is reserved for both control traffic and low-latency queuing (LLQ) traffic; you must configure any class mapped to queue 0 to use LLQ. All control traffic is transmitted. Queues 1 to 7 are available for data traffic.

Per-VPN topology

Virtual Private Networks (VPNs) provide segmentation and enhanced security in the SD-WAN overlay, much like Virtual Routing and Forwarding instances (VRFs). Each VPN is isolated and has its own forwarding table. Each Interface or sub-interface is explicitly configured under a single VPN, using labels in OMP route attributes and the packet encapsulation to identify it. You can create a separate VPN topology for UC traffic (full mesh).

Packet Duplication and Forward Error Correction

Forward Error Correction (FEC) and Packet Duplication enhancements were added to Cisco SD-WAN. Packet Duplication creates a copy of critical application flows across the SD-WAN fabric. FEC drastically improves audio/video quality over a lossy link such as an internet connection by adding correction packets to the flow. If packet loss occurs, these duplicated/FEC flows can be recovered from a secondary link. This does however come with the requirement of up to doubling the bandwidth allocated for a given application. However, for Unified Communications flows, this may be acceptable when considering these traffic flows are generally smaller. Also, CODEC selection can also help to alleviate the burden that Packet Duplication/FEC incurs.

Data Policy-Traffic Engineering

Data policies affect the flow of data traffic through the network based on fields in the IP packet headers and VPN membership. You can use centralized data policies for application firewalls, service chains, traffic engineering, QoS, and Cflowd. Localized data policies allow you to configure data traffic handling at a specific site, including ACLs, QoS, mirroring, and policing. A centralized data policy such as QoS classification or app-route policies may also impact handling on edge devices. You may also route voice traffic based on data policy with Cisco SD-WAN.

Geo-Redundancy

UC traffic routed through geo-redundant network links enable failover and fallback protections.

In today’s business environment, it’s never been more important to reduce costs. Cisco now offers a robust, integrated UC and secure SD-WAN solution on a single platform to both reduce CapEx and decrease support and licensing costs that reduce OpEx.

We are all doing more with less. Cisco vManage helps reduce complexity with the addition of UC orchestration with configuration via templates and policies for consistency across an enterprise datacenter, network operations center of colocation facility.

With middle-mile optimization and telephony survivability, Cisco offers the business resiliency and options to maximize your performance now, and for future needs.

Integrating UC with Cisco SD-WAN provides benefits regardless of if you are a Multi-national conglomerate with many datacenters, a service provider or a Branch of One.

Continue reading

Balancing Safety and Security During a Year of Remote Working

I have not been inside an office building for 12 months. A sentence I did not imagine writing anytime soon. Last February, everything changed. And when we pause to reflect, we have to consider that, of the many dramatic impacts to our lives, to society, and the world, in the realm of the professional, one of the most impactful changes has been the fact that many of us no longer commute to an office to perform our jobs.

It’s been a year, give or take, since organizations had to provision extraordinary numbers of employees to work remotely as a result of the pandemic. Some companies may consider reopening traditional offices again, but the new work-from-home paradigm has many people contemplating a hybrid model (remote-first seems to be a popular option). In a recent Cisco study, not only were many people currently working remotely, but a substantial percentage of organizations also said that more than half of their employees would still work remotely once pandemic restrictions are lifted.

Source: Cisco Future of Secure Remote Work Report

The pandemic brings new security challenges

In security, we lament about how new initiatives are often instituted with threat protection as an afterthought. This is somewhat true as well of this rush to remote working, especially for companies that had not previously entertained the concept of remote work.

Security cannot remain a secondary thought, and it was quickly understood that remote working led to new security challenges. The concept of “Bring Your Own Device” was in full bloom – maybe “Use Your Own Device” is more accurate given that no one has been bringing anything anywhere. 

While we were working to secure this new environment, there was a dark side brewing; the world of cybercrime saw an opportunity to capitalize on the haste to preserve life, and we saw a rise in cyberattacks. In one analysis by Cisco Talos, pandemic-themed phishing scams emerged over the course of just a few months.

Percent of observed emails tracked by Talos containing pandemic themes

Source: Cisco, “Defending Against Critical Threats, A 12 Month Roundup”

While the pandemic raged on, and cybercrime targeted our fears, there was no slowdown in the everyday threats that carried on with broader targets, as shown in this timeline from a recent Cisco report.

Source: Cisco, “Defending Against Critical Threats, A 12 Month Roundup”

Cisco technology for secure, remote work

At the start of the pandemic, Cisco quickly took action to help our customers securely provision for remote workers. Some of the offerings included extended free licenses and expanded usage counts for Cisco Webex, as well as several technologies for securing remote access and endpoints.

We all know that the pandemic will not last forever, but as mentioned previously, remote work is a viable way to run many businesses. What are some of the best ways to protect your company’s workforce? Cisco has developed the Secure Remote Worker solution, which incorporates many security components needed to embrace this new work setting.

With Cisco, New Castle Hotels and Resorts was able to secure its remote workforce within hours. According to Alan Zaccario, Vice President of IT and Cybersecurity for New Castle:

“Cisco security has definitely proven to be the correct choice, because Cisco enables a strong security posture for remote work. When the rapid move to remote work happened, my biggest concern was helping people configure local printers and scanners, not scrambling to secure the enterprise.”

One thing that we can all agree on is that sitting alone in your room, working remotely, can be a lonely undertaking. That’s why collaboration tools are key to not only keeping the business on track, but also keeping us connected. However, collaboration can sometimes add more complexity, and that is why we have enhanced our Cisco Secure Remote Worker offering by coupling security with collaboration tools that make remote work more secure.

Finally, the Cisco SecureX platform brings all of our security technology (plus third-party technologies) together to protect users and devices wherever they are. SecureX is built into every Cisco product. It is a cloud-native platform that connects our integrated security portfolio and customers’ security infrastructure to provide simplicity, visibility, and efficiency.

SecureX delivers a unified view of customers’ environments, so they no longer have to jump between multiple dashboards to investigate and remediate threats. It also gives customers the ability to automate common workflows across security products from Cisco and third parties to handle tasks such as threat hunting and identifying device vulnerabilities.

“We really can’t afford a misfire with our security spend,” added Zaccario of New Castle. “We understand the Cisco security integrations, and how Cisco’s platform approach protects our investment.”

The tragedies of the pandemic have taught us many important lessons. From a technology perspective, as we all scrambled to create a fully remote workforce, it is nice to know that the capabilities to do so securely have kept pace with the need to protect the health of our most valuable assets, our co-workers.

Source: cisco.com

Continue reading

DevNet Specialized Partners Gain API Insights for Pandemic Challenges

The network connects everything. It stands at the vortex of IT and business. It has the potential to constantly empower, protect and inform all IT and business processes. As users, devices, and distributed applications have grown in number, the networking environment has become exponentially more complex.

Intent-based networking transforms a hardware-centric, manual network into a controller-led network that captures business intent and translates it into policies that can be automated and applied consistently across the network. The goal is for the network to continuously monitor and adjust network performance to help assure desired business outcomes.

Cisco DNA Center is the network management and command center for Cisco Digital Network Architecture (DNA), and it is at the heart of Cisco’s intent-based network. It enables you to:

◉ Configure and provision thousands of network devices across your enterprise in minutes, not hours.

◉ Deploy group-based secure access and network segmentation customized for your business needs.

◉ Monitor, identify, and react in real time to changing network and wireless conditions.

◉ Enhance the overall network experience by optimizing end-to-end IT processes, reducing total cost of ownership, and creating value-added network.

While our networks are evolving and becoming more complex, the world around us has also become even more complex. As nations continue to struggle with the challenges brought on by the COVID-19 pandemic, the workforce is likely eager to return to the office and at the very least, return to some level of normalcy.

Ensuring a safe return to the workplace

Many essential businesses have remained open during these trying times, and as restrictions begin to ease up, many will begin re-opening their offices soon and offering their employees the opportunity to conduct business in-person once again. As the global workforce emerges from their office exile, it is critically important to ensure strong safety measures are in place to minimize the risk and reduce the likelihood of a viral outbreak in the office.

The unique circumstances that businesses face today call for a new breed of innovation to help get through these modern challenges. Developer APIs built on-top of Cisco’s technology can help facilitate that innovation. While traditional business problems solved through APIs are commonly associated with digital experiences, there is a mind shift brewing that begs the questions, “how can these APIs provide better physical experiences in this pandemic world?”  

Like building a network security policy, companies need to be able to have visibility, consistency, scalability, and adaptability across their infrastructure to reduce the attack surface and minimize the potential risks from threats (regardless of whether that threat is digital, physical, or biological). Programmability and APIs are the tools that arm developers and engineers with the visibility, consistency, scalability, and adaptability they need to help their businesses transform and prepare for a safe return to office life. 

Rich APIs can facilitate this new breed of innovation

While these rich APIs can facilitate this new breed of innovation, it is up to our partners to be able to deliver on that innovation. Cisco’s partners have been uniquely positioned to “be the bridge” that gets the world back to the office safely and deliver these new innovations to their customers.  

When it comes to Cisco customers knowing which partners to trust and deliver on that innovation, look no further than our growing list of DevNet Specialized Partners. 

The DevNet Specialization recognizes Cisco partners with demonstrated software skills and business practices that leverage API capabilities of Cisco products and services to deliver successful outcomes to their customers. A DevNet Specialized partner is one that is fully equipped to build and deliver on the innovations needed to make the return to the office safe and effective. 

While there are many benefits to the DevNet Specialization program, such as Ecosystem Exchange placement to co-market with Cisco and pre-sales consulting opportunities, one of the unique benefits we offer to our specialized partners is the exclusive API Insights webinar series, which provides the latest information on Cisco API releases, industry trends, best practices, and technical deep dives on API-related topics. 

The most recent API Insights webinar – offered exclusively to our DevNet Specialized partners – focused on how DNA Center can be leveraged to perform contact-tracing inside of an office building. It began with an overview of the API capabilities provided by DNA Center, making sure that our DevNet Specialized partners had a base understanding needed to advance the conversation.

Cisco DNA Center “Pandemic Proximity” use case

From there, it dove into the “Pandemic Proximity” use case for DNA Center, covering all the implementation details needed to build and deliver this use case to customers. Partners were provided with a deep dive into the technical aspects of this use case and how Cisco technology can better track in-person interactions across the office, as far back as 14 days. 

If a business ever faces the unfortunate challenge of dealing with a viral outbreak in their office, they can use these capabilities, delivered by a DevNet Specialized partner, to understand where the contagious employee was in the office, and who they might have come into contact with. This can help reduce the impact caused by an outbreak, keep more employees safe, and help reduce the disruption to business that this may cause. It also has the potential to save lives in the process. 

While more information will be available in the future about the “Pandemic Proximity” use case for DNA Center, Cisco’s partners in the DevNet Specialization program are uniquely positioned to deliver on this use case today, having gained the necessary insights and knowledge from Cisco experts through the API Insights webinar. Although this quarter’s API Insights event has already concluded, I am already looking forward to what the API experts have in-store for next quarter, and how, together, we can all better the world through programmability and APIs. 

As a reminder, these API Insights webinars are available exclusively to partners that have already achieved their DevNet Specialization. I invite you to learn more about the DevNet Specialization so that you and your teams can also experience these exclusive insights/webinar events, and ultimately you can see how being DevNet Specialized can benefit your teams, your business and the business of your customers.

Continue reading