DNA Center Template Labs – Getting Started Series, Part 1

Prologue

Over the years, as new technology has been introduced, there has always been a barrier to adoption. While automation is powerful, we need to test it fully. Delays in getting started are typically caused by the wait on lab equipment. If it’s not lab equipment, it’s licensing or the time required to set up and cable the equipment. This, together with the development time, resources, and scheduling, makes the whole activity painful. This typically causes a gap between the time technology is launched to the time it is adopted. It also means that there is a learning curve which typically adds even more delay to adoption by organizations. This leaves one to ask exactly how do I get started with DNA Center Templates.

But what if there was a better way!

dCLOUD is a Cisco environment that provides curated content labs. dCLOUD allows the user a new way of experiencing the Cisco portfolio. It allows the user to try out the new technology in a safe environment. It also helps to save time, reduce shipping costs, licensing issues, power, and cooling needs. All this and while still allowing an environment to test various features and functions.

Overview

In this ongoing series, we will explain each of the labs. The labs are set up to help you learn more about templating, Plug and Play, and Day N automation. Together with helpful labs and guided examples that can be downloaded and implemented within dCLOUD or modified for use in your own lab environment.

How?

Within dCLOUD, several sandbox-type labs are available. These self-contained environments are there to allow you to use them as you please within the time scheduled. This allows us a place to start practicing various concepts without fear of impacting production environments.

Therefore, to aid customers in the transition toward automation, we have put together a set of small helpful labs within a Github repository. As a result, we hope to demystify some of the complexities of setting up plug-and-play and help guide customers through the complexities and caveats. In this way, these self-guided labs provide a glimpse into the fundamentals of building velocity templates and provide examples that you can download and expand from. The sample templates and JSON files supplied are for easy import into DNA Centers’ template editor for quicker adoption. Lastly, some scripts are ready-made excerpts of code that allow you to build the environment to test.

First, in a practical lab guide, we step by step delve into the concepts of building templates and methodologies for using both Onboarding and DayN templates. Second, we provide answers and explanations to many of the questions that come up during automation workshops. Our hope is that you find the information both helpful and informative. Thus, we hope to give a well-rounded explanation of automation methods and concepts that we can easily expand upon for production purposes.

The lab content is located within the existing DNAC-TEMPLATES repository to give a one-stop-shop for all the necessary tools, scripts, templates, and code samples. Within it are four labs, which build upon the tutorials allowing you to test the methods in a lab environment.

DNAC Template LABS

These labs aim to guide you through the typical steps required to enable the various automation tasks delivered by DNA Center. This lab will give examples of templates used in DNA Center that we can modify for our use and test on equipment within the LAB environment. Additional information within the lab provides a well-rounded explanation of Automation methods with Templates. Lastly, the lab allows for customers to use DNA Center workflows to practice deploying Onboarding, DayN Templates, and Application Policy automation on both Wired and Wireless Platforms.

The goal of this lab is for it to be a practical guide to aid engineers to rapidly begin using DNA Center automation and help them work towards a template strategy. Additionally, this lab will give customers a permanent place to try out the templates and include configurations for various use cases. This environment will enable engineers to reduce the time and effort needed to instantiate the network.

As a result, you will gain experience in setting up Plug and Play onboarding and templates. Additionally, you will use advanced templating methods and troubleshooting tools. These may help during faultfinding to determine what is failing in a deployment.

Please use this menu to navigate the various sections of this Github repository. Within the multiple folders are examples, explanation readme files for reference.

◉ PnP Preparation – This lab explains the overall Plug and Play set up steps

◉ Onboarding Templates – This lab explains in-depth and how to deploy Day 0 templates

◉ Day N Templates – This lab will dive into Day N template constructs and use cases

◉ Composite Templates – This lab will explore how to build a composite template on DNA Center.

We will share additional, labs and content in an ongoing effort to fulfill all your automation needs with DNA Center.

dCLOUD as a LAB

To help customers succeed with DNA Center Automation, you may utilize the above labs as they have been designed to work within dCLOUD’s Cisco Enterprise Networks Hardware Sandbox v2.1 Lab. This allows you to run these labs and gives an environment to try the various code samples. You may choose to develop and export your own code for use in production environments. Also, this gives you an environment where you can safely POC/POV methods and steps without harming your own production environments. This also negates the need for shipping equipment, lead times, and licensing issues needed to get moving rapidly. Please do adhere to the best practices for the dCLOUD environment when using it.

The dCLOUD environment consists of the following:

Software:

DNA Center 2.1.2.5

Identity Services Engine (ISE) 3.0 (Not Configured)

Stealthwatch 7.1

FlowCollector 7.1

Cisco Prime Infrastructure 3.9

Wireless LAN Controller - C9800 running IOS-XE Amsterdam 17.3.3 code.

Windows 10 Jump Host 

Windows Server 2019 - Can be configured to provide identity, DHCP, DNS, etc.

Windows 10 Clients 

Hardware:

ISR 4451 Router - 17.3.3 IOS-XE Code

Catalyst 9300 Switch - 17.3.3 IOS-XE Code with Embedded Wireless Controller (EWC) and ThousandEyes Enterprise Agent

Catalyst 3850 Switch - 16.12.5 IOS-XE Code

4800 Access Points

Silex Controller (2 NIC's)

The environment allows for use with a web-based browser client for VPN-less connectivity, access as well as AnyConnect VPN client connectivity for those who prefer it. You may choose from labs hosted out of our San Jose and RTP Facilities by either selecting US East or US West. Choose the Cisco Enterprise Network Sandbox v2.1 or 3.1. To access this or any other content, including demonstrations, labs, and training in dCLOUD please work with your Cisco Account team or Cisco Partner Account Team directly. Your Account teams will schedule the session and share it for you to use. Once booked follow the guide within Github to complete the tasks adhering to the best practices of the dCLOUD environment.

Source: cisco.com

Continue reading

What’s New for DevNet Specialization?

The DevNet Specialization for Cisco’s Partners is constantly evolving. A couple of weeks ago, Chuck Stickney (DevNet Specialization Lead) together with Markus Lind (CEO, Miradot), had a great discussion in one of the Partner Interactive Webinars in Cisco’s Europe/Middle East/Africa/Russia region. One of the main topics was how Miradot – our first DevNet Specialized Partner – is applying DevNet to their solutions. How DevNet is helping them transform their business and deliver successful outcomes to the customers.

More Info: 300-710: Securing Networks with Cisco Firepower (SNCF)

There are 3 major areas through which DevNet enables business transformation:

◉ Agility, innovation, and speed

◉ Ecosystem innovation

◉ Team and processes

Empowering differentiation through APIs

One of the crucial points on the journey to business transformation is also empowering innovation and differentiation through APIs. During the webinar, attendees learned how APIs can apply to different use cases across different industries, including retail, healthcare, manufacturing, finance, and others. The skillset and knowledge that is reflected by DevNet Specialization can be fantastic proof to your customers that you can deliver innovative solutions that empower automation across their organizations.

Why become Specialized?

Markus Lind, CEO of Miradot, shared with us some insights into how his organization has benefited by achieving the DevNet Specialization. Why was that important? Being a small-sized partner company, they wanted to make sure, they not only have the way to increase their market base, but also to make change. They knew that amongst all the competition in their market, they needed something unique to differentiate themselves – which is when they started their journey to become DevNet Specialized.

How does it help them run the business on a daily basis?

Through the DevNet Specialization, Miradot has managed to have over 50% of their employees become DevNet Certified. They felt that to succeed and differentiate themselves across different partners, they had to find their niche. It turned out that the way to get their customers to have better discussions with them, is to embrace automation in their organization. Since becoming DevNet Specialized, Miradot has helped their customers define and navigate their infrastructure.

Source: cisco.com

Continue reading

5 Acquisition Strategies to Support CIOs Keeping Pace with Innovation

The pace of new technology adoption and innovation to help prevent future disruption while remaining competitive has accelerated beyond all expectations. When the global pandemic first hit, businesses scrambled to get their workforce and operations back online. What would have taken months, suddenly had to happen instantly.

More Info: 300-415: Implementing Cisco SD-WAN Solutions (ENSDWI)

Now, as CIOs continue to drive transformation, there are several ways to get access to the technology needed to recover and grow without having to break your budget.

1. Don’t own it

Pay to use has never been a more attractive model than it is today. With a large proportion of employees in many industries expected to work remotely for the foreseeable future under a hybrid workplace model, the number of office branches is likely to increase. You will need to upgrade your infrastructure so that it can be scaled quickly to support a user experience that keeps employees productive and secure.

Without having to compromise on your priorities, there are options that allow your business to use budget effectively as you plan your recovery. IT-as-a-Service allows businesses to get the technology needed with no upfront costs, and they can pay over time as they use it.  Entire infrastructure solutions can be implemented with supporting technology, software and tools—all paid for using subscription-type models. Not only does this alleviate some of the budgetary pressure, but it also lends itself to an asset-light strategy that many businesses are now striving for.

2. Justifying OpEx over CapEx

As the CIO, you’re trying to lead your organization through digital transformation while making it as painless as possible. With many industries continuing to lean heavily on finance to underpin pandemic related shortfalls in revenue, justifying any CapEx can seem impossible. But, by moving technology costs from CapEx to OpEx you avoid large initial investments, enabling you to shift budget priorities and support key transformation projects. IT financing can simplify accounting by rolling all your technology needs into regular payments, making it easier to track against budgets and allow the business to follow market trends, upscale to evolve, and increase competitiveness.

3. Go green and get more for your money

You can extend available budget and shrink your company’s carbon footprint by using certified remanufactured equipment. This allows you to access equipment at a more competitive price while still receiving the same warranties and product support. In addition, by financing this equipment you can upgrade when you need to and offset the cost against future revenue.

4. Begin with the end in sight. Your CFO will thank you!

Managing technology can be complicated, particularly as we all look to return to some semblance of normal. Creating a lifecycle management plan for the technology needed at this time can help avoid a future of depreciating assets, while also helping you stay ahead with the latest innovations. IT budget planning becomes easier, and you can run your businesses more efficiently with up-to-date infrastructure and the latest software solutions. This helps align OpEx payments with the benefits gained from refresh lifecycles, while managing cash flow and budget needed to further grow your business, as well as removing depreciating assets from your CFO’s balance sheet.

5. True up, true forward. Take the guesswork out of unpredictable usage

As your business evolves and you update your infrastructure to enable the best collaboration and customer experience to remain productive, effective acquisition of the right technology can help you meet your business goals and grow. Forecasting user uptake of new technology is hard enough with all the proper pilots in place, but when new tools are services are stood up in a hurry, predicting capacity can be a huge gamble. However, access to as-a-service, subscription-like models or spreading the cost of your solutions over time allows you to focus on your other priorities and fund other investments.

Cisco is here to support you as you expedite your digital transformation. Along with Cisco Capital, we can help you determine not only what to buy but also how to buy it to match your business requirements and budget strategy. Whatever your plans are, we’re here to meet you where you are.

Source: cisco.com

Continue reading

Establish, Enforce, and Continuously Verify Trust with SD-Access in Simple Steps

To effectively protect precious data resources across campuses from infiltration, exfiltration, and ransomware, Enterprise IT needs deep visibility into everything connecting to the network and the ability to segment devices by access permissions and security policies. The goal is to attain a Zero-Trust Enterprise based on least-privileged access principles that prevents the lateral movement of threats and automatically isolates any offending endpoint or intrusion.

More Info: 200-201: Threat Hunting and Defending using Cisco Technologies for CyberOps (CBROPS)

Today, millions of enterprise endpoints are protected with implementations of Cisco Software-Defined Access (SD-Access), a solution within Cisco DNA Center. Thousands of enterprises are already well along on their journey to obtaining a zero-trust network using endpoint analytics, policy analytics, segmentation, and rapid threat containment capabilities of SD-Access. Now, with the introduction of Continuous Trusted Access with SD-Access Trust Analytics—using AI/ML anomaly modeling and spoofing prevention—the five phases of attaining zero-trust are available to all types of organizations at any stage of their implementation. The complete Cisco SD-Access solution provides inherent flexibility for enterprises to begin or continue the zero-trust journey according to their business priorities and desired outcomes.

This software release will be generally available (GA) in mid-June 2021, or contact your account team for early access.

Existing Networks Benefit from a Flexible Zero Trust Journey

Cisco understands that NetOps and SecOps must build segmentation upon what is already in place, adding capabilities in stages to achieve the desired zero trust outcome for both existing and new network installations. Organizations can use SD-Access to start the journey to zero trust at different stages depending on business priorities.

Adventist Health started its zero trust journey with Cisco AI Endpoint Analytics to find and categorize over 75,000 compute and IoT devices on their multi-state spanning network. Cisco AI Endpoint Analytics uses Deep Packet Inspection (DPI) and advanced AI/ML algorithms to search crowdsourced databases to obtain more granular information about many different device types. Adventist Health even uses the enhanced device visibility from AI Endpoint Analytics to identify devices that are discontinued and no longer supported by manufacturers, which are more susceptible to malware intrusions and other threats. Adventist Health sees AI Endpoint Analytics as an enabling technology that provides the much-needed endpoint visibility and security grouping that will help define their future segmentation policies.

KB Securities needed a more efficient method of managing segmentation access policies as their workforce moved freely among campus buildings. Instead of manually adjusting individual policies, they are using SD-Access segmentation to automatically adjust and apply access policies as the workforce shifts among wired and wireless networks, eliminating time-consuming manual interventions.

One of the largest financial institutions in the world needed a zero trust approach for protecting the organization’s connected endpoints worldwide. IT chose to implement the new SD-Access Trust Analytics to analyze and model normal endpoint behavior to detect anomalies that indicate intrusion attempts before they can cause a data breach of sensitive information.

In SAIC Volkswagen’s new Modularer Elektrobaukasten plant—a modular chassis designed by Volkswagen specifically for electric cars—the production systems need to be on separate networks for reliability and stability reasons. But instead of building distinct networks, SD-Access simply segments the single physical network into multiple logical networks that keep production systems traffic separate, but under the control of one Cisco DNA Center. As a result, the network is more manageable, and IT can more easily connect and secure thousands of IoT and robotic devices throughout the plant. With Cisco SD-Access, SAIC Volkswagen was able to use existing L2 access switches, enabling a smooth migration of services and reducing up-front costs.

Cisco SD-Access provides multiple paths to attaining zero-trust enterprise networks with a faster time to value.

Enterprises Are in Control of Their Zero-Trust Journey

The ability to start the zero trust journey at a point that aligns with the business priority for each enterprise expands the number and types of use cases for Cisco SD-Access. Cisco SD-Access is the only solution in the industry that provides all the capabilities required for Zero-Trust in the workplace with Visibility (endpoint analytics and traffic policy discovery), Segmentation, Continuous Trust Assessment, and Containment that can be implemented in phases to meet each organization’s security goals.

The recent updates to the SD-Access solution lowers the barrier to embark on a zero-trust journey, especially in existing, heterogeneous networks. Each step along the journey adds incremental value as the threat surface diminishes and enterprises gains more control over every endpoint that joins the network by restricting the resources with which they can communicate. For example, a new personal BYOD connecting to the network can be identified, classified, and initially assigned to a security group segment that only has very limited access to enterprise resources until the device and owner are verified.

Implement SD-Access Segmentation Without Routed Access

To support existing estates that use more traditional networking constructs, SD-Access now supports Layer 2 Switched Access including the option of preserving existing VLANs and IP address pools. In this deployment scenario, the SD-Access Fabric originates at the network aggregation layer. The solution offers the flexibility for enterprises to map existing access VLANs to macro/micro segments in the SD-Access Fabric. To minimize lateral movement of threats, enterprises also have the option to extend the micro-segmentation policies to the Layer 2 Switched Access node. These flexible design options enable enterprises to begin their zero-trust journey without re-designing their existing networks.

Cisco SD-Access now supports Layer 2 Switched Access

“Cisco networking devices, Cisco DNA Center, and SD-Access gave us a flexible networking platform that we could adapt to our unique needs. We were able to integrate third-party industrial switches, keep the factory operating efficiently by quickly locating and fixing network issues, and free our highly-trained engineers from day-to-day operational burdens.” – Xiaoqing XU, IT Director, SAIC Volkswagen

Deploy Macro-Segmentation Before Implementing Cisco ISE

The fully automated turnkey fabric-based architecture offered by SD-Access is an attractive alternative to MPLS-based VRF, VRF-lite and other operationally cumbersome legacy segmentation technologies. With Cisco DNA Center release 2.2.2.0, we have disaggregated the capabilities within SD-Access Fabrics. Enterprises now have the option to use SD-Access to rapidly achieve macro-segmentation of networks even in scenarios where Cisco ISE is not currently being used to authenticate endpoints. This option makes it easier for organizations to get started with SD-Access and expand to other use cases at their own deployment pace and schedule.

You Can’t Secure What You Can’t See

One of the early barriers to begin building a zero-trust enterprise is knowing what devices are connecting to the network, which devices and applications they are communicating with, and developing a deep historical perspective to detect anomalies. That’s why many organizations—such as the Adventist Health example—start with Endpoint Analytics to understand the current threat surface and then apply policy analytics to understand the behavior of traffic patterns.

Implementing Continuous Trust Assessment with the new Cisco Trust Analytics enables IT to develop and use models of typical device behaviors, usage, and traffic history to understand “normal” network operations to protect against spoofing attacks. Trust Analytics detects traffic from endpoints that are exhibiting unusual behavior by pretending to be trusted endpoints using MAC Spoofing, Probe Spoofing, or Man-in-the-Middle techniques. When Trust Analytics detects such anomalies, it signals Endpoint Analytics to lower the Trust Score for the endpoint to completely deny or limit access to the network.

Cisco SD-Access Continuous Trust Assessments

Supplementing the network with Cisco Identity Services Engine completes the continuous trust cycle by aggregating device classification, segmentation rules, and trust analytics to monitor, identify, and isolate any detected device anomalies that can indicate a breach or infection. Cisco ISE provides rapid threat containment and remediation by automatically detecting and isolating suspicious devices or people logging in from unusual or unknown locations.

Attaining Zero Trust is a Flexible Journey

While the ultimate goal is a zero-trust state for all devices, applications, and people, each implemented capability of SD-Access enables enterprises to gain greater control over the security of the network. To prioritize desired outcomes, enterprises are in control of the pace of the journey from starting point to end results. The Zero-Trust Enterprise becomes a flexible journey as campus networks grow and adapt to new endpoint devices, IoT technologies, geographic configurations, and applications that can be accessed from anywhere. All these innovations for the flexible journey to zero trust are benefits of Cisco DNA Center release 2.2.2.0. Start your journey to zero trust today with Cisco SD-Access.

Source: cisco.com

Continue reading

Latest Cisco 500-450 Certification Exam Sample Questions and Answers

Cisco UCCEIS Exam Description:

This exam tests a candidate's knowledge of installing and deploying Cisco Unified Contact Center Enterprise (Cisco Unified CCE) solutions. Cisco Unified CCE is part of the Cisco Unified Communications application suite, which delivers intelligent call routing, network-to-desktop computer telephony integration (CTI), and multichannel contact management to contact center agents over an IP network. Skills assessed include install, setup, configure, and troubleshoot the solution.

Cisco 500-450 Exam Overview:

Exam Name:- Implementing and Supporting Cisco Unified Contact Center Enterprise

Exam Number:- 500-450 UCCEIS

Exam Price:- $300 USD

Duration:- 75 minutes

Number of Questions:- 65-75

Passing Score:- Variable (750-850 / 1000 Approx.)

Recommended Training:-

• Administering Cisco Unified Contact Center Enterprise Part 1 (AUCCE1) 2.0
• Administering Cisco Unified Contact Center Enterprise Part 2 (AUCCE2) 2.0
• Deploying Cisco Unified Contact Center Enterprise (DUCCE) 2.0

Exam Registration:- PEARSON VUE

Sample Questions:- Cisco 500-450 Sample Questions

Practice Exam:- Cisco Unified Contact Center Enterprise Specialist Practice Test

Read More:-

• Passing Cisco 500-450 UCCEIS Exam is Now Easy in First Attempt

Continue reading

Unclear on fiber optic breakouts? What you need to know

We often receive questions about fiber optic breakout patch cords for pluggable optic transceivers. If you’re wondering the same thing, the first door to knock on is the fiber cable infrastructure provider for your network. We’ve posted cabling guides for some well-known providers, but there are certainly other options. These guides contain specific part numbers for their breakout patch cords and cassettes for use with many Cisco Optics transceivers.

Why would you use breakouts?

Fiber optic breakouts are useful for many applications. Take for example a 400G port in a switch or router. A breakout structure could make that 400G port equivalent to a high density set of four 100G ports. Breakout connectivity also allows you to upgrade your network hardware one site at a time, so you don’t have to take down the whole network all at once. You could also use breakouts for redundancy in your architecture.

Read More: 300-710: Securing Networks with Cisco Firepower (SNCF)

The fundamental distinction of a breakout application is that it connects network devices (switches, routers, and servers) to other network devices containing ports of different speed without sacrificing port bandwidth. That last part about not sacrificing port bandwidth is key. You could still connect ports of different speed using an adapter. Or you could run a high speed port at a lower speed by filling it with a lower speed optic. For example, 40G QSFP+ optics can work in 100G QSFP28 ports. However, in both of these situations you under-utilize the bandwidth of the higher speed port.

Example of breakout application.

With breakouts, you fully utilize port bandwidth. The most common breakout configuration involves a higher speed QSFP port that connects to four lower speed ports, either SFP lower speed QSFP. For example, Cisco’s QSFP-100G-SR4-S can connect to four different 25G SFP28 ports with a fiber breakout patch cord (or cartridge) and four SFP-25G-SR-S pluggable optic modules. Similar breakouts are possible with some 40G QSFP+ and 10G SFP+ modules.

Which pluggable optics support breakout?

Almost always, a pluggable optic transceiver that uses parallel fiber supports breakout. The Cisco Optics-to-Device Compatibility Matrix online tool shows whether the pluggable optic uses parallel or duplex fiber. Breakout is possible with both SMF (Single-Mode Fiber) and MMF (Multi-Mode Fiber) media type.

In the rare case of an exception, the tool notates if the pluggable optic or network device does not support breakout mode.

Example of rare exception when breakout mode is not supported, indicated in pop-up message in the Cisco Optics-to-Device Compatibility Matrix.

As a baseline reference, these are some of the Cisco pluggable optic transceivers that support 4-channel breakout configurations:

Partial list of Product IDs for Cisco Optics that can be used in breakout configurations.

For a full list and mapping of which optics can connect to each other via breakout, see the Optics-to-Optics Interoperability Matrix. Below is an example.

Cisco Optics-to-Optics Interoperability Matrix example. The far right column indicates whether a fiber optic breakout patch cord is needed.

Fiber optic breakout patch cord pinout diagrams

If your fiber cable vendor doesn’t have a standard breakout patch cord, and you request a custom design, you can use the diagram below as a guide. The patch cord doesn’t depend on the data rate. The main consideration is whether the fiber type is SMF or MMF.

Fiber breakout jumper pinout diagram for SMF. Note the 8 degree angle polish on the MPO connector end face.

Fiber breakout jumper pinout diagram for MMF.

Remember, fiber breakout patch cords or cartridges are for pluggable optic transceivers. If you’re using an AOC (Active Optical Cable) such as QSFP-4X10G-AOCxM or copper cables such as QSFP-4SFP25G-CUxM, the breakout structure may be built into the cable because they are pre-terminated and plug directly into the QSFP or SFP type ports. Therefore, these cables do not need a separate fiber breakout patch cord.

Source: cisco.com

Continue reading

Under Pressure to Secure Your Enterprise? Predict More to Prevent More

Cybersecurity is a top priority for any organization conducting business over the Internet. Protecting your assets encompasses an ever-expanding digital landscape. Any data breach can have a devastating impact on the finances and brand equity of an organization. It’s why cybersecurity is treated as a business risk, rather than merely an IT issue. The importance of security is nothing new, but the global pandemic has made it even more critical.

Rise in Remote Access Authentication

Many of the new security challenges stem from the rapid increase in remote work that occurred almost overnight last year with the global rollout of stay-at-home orders. According to data from Cisco DUO, more organizations across all industries have enabled their employees to work from home, and there’s every indication this could continue for an extended time. Between February and April of 2020, we saw a 60% increase in remote access authentication — a percentage that has held remarkably steady ever since.

For IT Ops, a key challenge was ensuring their business employees could securely access the tools and resources they needed to do their jobs, seamlessly and with no additional friction. At the same time, organizations have had to protect critical information and minimize risk, all while accommodating myriad types of users and devices using unsecured networks. In order to accomplish the above, having visibility and insights into remote work patterns is a must, allowing SecOps and NetOps teams to authenticate and secure enterprise traffic through zero-trust solutions and multi-factor authentication.

Identifying Cyberthreat Patterns

In addition to the expansion of the attack surface due to the shift to remote work, cyber-criminals evolved their attacks to feed on people’s fears around the pandemic. DNS traffic analysis by Cisco Umbrella revealed some startling findings for the first nine months of 2020. For example, among our Umbrella DNS customers:

◉ 91% saw a domain linked to malware

◉ 68% saw a domain linked to cryptomining

◉ 85% saw a domain linked to phishing

◉ 63% saw a domain linked to trojans

In fact, since 2019, trojans and phishing have traded spots in threat ranking. In 2019, trojans were the number two threat at 59%, while phishing was number four with 46% impacted. Over the past year, phishing has risen by nearly 40% in large part due to malicious actors preying on people’s fears about the virus.

If IT teams are to scale and stay ahead of the bad actors in this evolving landscape of cyberthreats, they must be able to proactively monitor and identify malicious traffic and its patterns. It is vastly better to predict and prevent cyberattacks than to try to undo the damage caused by data breaches after the fact.

Threat Targets by Industry

Shifts in the distribution of threat traffic across different business markets since 2019 offer further insight into how to secure your enterprise. In particular, managed service providers (MSPs) have now surpassed financial services as the most impacted markets. In fact, U.S. government agencies have issued recent warnings about the heightened risk of attacks by state actors on MSPs.

Why this jump in MSP threat traffic? MSPs are attractive targets because, unless an MSP has effectively secured its own environment, it is vulnerable to attack by malicious actors who can then hijack remote monitoring management to go after the MSP’s clients. These customers are then at higher risk than the MSP itself. (By contrast, higher education traffic has dropped considerably in the ranking of impacted markets over the past year — from the top spot to the number six spot — most likely due to students being unable to attend classes in person.)

The rise in malware using sophisticated hiding and evasion techniques has made cyber defense teams’ jobs that much harder. In order to secure your data and your enterprise, manual monitoring and intervention is no longer a viable solution. Today’s cyber defenders must have visibility across applications, networks, and devices, along with the ability to leverage machine speed and predictive intelligence to deliver scalable, adaptable protection.

Source: cisco.com

Continue reading