CX Cloud—expertise and insights at our fingertips

Over the years Cisco IT has built many tools to manage support. We had one tool to track subscriptions, another to keep tabs on service contracts, and yet another to view asset lifecycle information. The problem? We spent too much time correlating information scattered across the different interfaces. When we received a security alert on one interface, for instance, we had to go into another interface to identify the affected assets.

Supporting the Cisco network is much more efficient now that we use Cisco CX Cloud. Think of CX Cloud as a one-stop destination for all information we need (Figure 1). No more searching across disparate, unconnected tools. Everything is in one place. CX Cloud is saving us time. Revealing issues we didn’t know about. Helping us more quickly respond to vulnerability alerts to keep the network secure. And giving us new insights into network health.

Figure 1. All support information in one place

I asked Chris Groves, Cisco IT director of network services, how CX Cloud makes his job simpler. Here are his top four:

◉ Monitoring case status (Figure 2). “At the top of my list is how easy it is to see open cases,” Chris told me. “In two clicks I can see every TAC case, who opened it, and whether it’s for firewall, remote access, data center, Cisco Virtual Office, etc. Never underestimate the power of the mundane.”

Figure 2. TAC case status at a glance

◉ Time savings. Before, when we received an advisory about a potential security vulnerability we’d start by identifying all assets at risk. That alone took several hours. Next, we’d figure out the right mitigation steps and plot out our strategy. After that we’d track progress. Along the way we’d use several tools. With CX Cloud, we can easily see all affected assets in one place, along with suggestions for mitigation (Figure 3). If an incident affects 500 assets, just being able to see all of them in one place saves us about 15 hours of work.

Figure 3. Selecting an advisory shows all assets at risk

◉ Faster response to vulnerabilities. Chris likes the convenience of seeing all advisories right on the dashboard—sorted by criticality. For example, field notices about less-important issues, like a button prone to sticking, are listed separately. “We can’t patch everything at once, so we check the CX Cloud dashboard to see which advisories have the biggest impact in our network,” he said.

◉ New insights. If Chris sees that a large portion of cases involve the same product or place in the network, he checks if the support team needs help. He might even suggest a product change to the business unit. He can also spot chronic issues and monitor the results of support initiatives.

As Customer Zero, we influenced the product

Cisco IT was Customer Zero for CX Cloud, meaning that we were the first to use it in production so we could provide input on features and share our experiences with other customers. With our feedback, initial setup time dropped from 6 hours to 30 minutes. We also suggested features on the product roadmap, like the ability to tag advisories with recommended actions and to filter cases by team or product group.

Though we’ve just started using CX Cloud, we’re already seeing the business value. Consolidating support information in one place helps us more efficiently manage our network, keeping it secure and available. As Chris summed it up, “CX Cloud is like having high-touch support right at your fingertips.”

Source: cisco.com

Continue reading

Enable Digital Transformation with Cisco SD-WAN

Cisco SD-WAN unlocks new possibilities with our network infrastructure, the new architecture is replacing the long-established role of the wide-area network (WAN), connecting our users at the branch office location to applications hosted on servers in the datacenters.  

Often VPN (Virtual Private Network) tunnels or Multiprotocol Label Switching (MPLS) were implemented for segregation of data and security. This approached worked well for years, but as our customer moved into a mobile digital application world and their data move to the cloud, a new approached was required. 

It’s a multi-cloud world

We live in a multi-cloud world, where using multiple clouds from multiple providers has become the new normal. Cisco SD-WAN has proven effective in helping Cisco partners accelerate their adoption of multi-cloud environments and drive business solutions for their customers. It helps them manage multiple network providers, ISP circuits, and connect branches to clouds. Cisco SD-WAN allows customers to deliver on-demand branch connectivity to their ISP and cloud providers directly from the SD-WAN controller. 

Model-Driven Programmability

Adding Cisco SD-WAN programmability via the vManage REST APIs has opened even more possibilities for extending automation to any task. Such as:

◉ Template-driven infrastructure deployment service, allowing engineers to define building blocks and create abstractions for the deployments of required sets of resources.  

◉ Update or delete the deployed resources with ease without many changes to the configurations. 

◉ Provisions the reference of one resource definition to another, thus enabling the creation of dependencies and controlling the order of creation of resources. 

Many Cisco partners are leveraging these APIs to create custom automated sequences for managing, monitoring, configuring, and troubleshooting the SD-WAN environment based on their specific needs. 

Getting the details via developer experience

The Cisco SD-WAN API allows Cisco partners to focus more and more on their developer experience. Product managers, marketers, and engineers alike have an interest in evaluating and improving how a developer uses APIs and the benefits they bring. That’s why Cisco DevNet is dedicated to delivering an excellent developer experience with SD-WAN.  It’s a dedication that pays off over many developer interactions, as they use the SD-WAN documentation, sandbox, and other resources. 

Are we doing this right though?

A mentor once told me “Feedback is feedback, no matter if this is valuable feedback or bad feedback. Asking the right people for feedback will help you grow.” Hearing from our DevNet Specialized partners is key to improving the quality and content for Cisco SD-WAN API, and programmability in general. So, when it came to feedback on the SD-WAN Dev Center, I took the opportunity to speak with our DevNet Specialized Partners at the recent API Insights webinar. The webinar – offered exclusively to our DevNet Specialized partners – was focused on the Cisco SD-WAN Dev Center, new plans, and upcoming opportunities.

The webinar featured a live presentation and demo of how partners can execute Cisco SD-WAN REST API calls for role-based access control (RBAC), based on the Resource Groups feature, and how this can be used for Cisco SD-WAN deployments. The presentation showed how this feature helps to simplify network administration, restrict blast perimeter, and meet compliance requirements. 

API Insights webinars are available exclusively to partners who have already achieved their DevNet Specialization. I invite partners to learn more about the DevNet Specialization so they, and their teams, can experience these insights webinar events, and see how being DevNet Specialized can benefit your teams, your business, and the business of your customers.

Source: cisco.com

Continue reading

Complete and continuous remote worker visibility with Network Visibility Module data as a primary telemetry source

Navigating the new normal

Organizations are currently facing new challenges related to monitoring and securing their remote workforces. Many users don’t always use their VPNs while working remotely – this creates gaps in visibility that increase organizational risks. In the past, many organizations viewed these occasional gaps in visibility as negligible risks due to low overall volumes of non-VPN-connected remote work. However, today, that’s no longer the case, as organizations and workers have been thrust into a new “work from home (WFH) era.”. This not only led to an explosion in the need for remote access from anywhere and on anything – effectively expanding threat surfaces and concurrently increasing opportunities for attackers – but – as if that weren’t enough – organizations were also hit with a wide-ranging and prolonged employee activity visibility blackout. This left security teams scrambling to adapt as this sudden “visibility blackout” further exacerbated overall organizational security risk levels.

Read More: 300-410: Implementing Cisco Enterprise Advanced Routing and Services (ENARSI)

Nostalgically remembering the good old days…

Back in olden times, circa late 2019 – back in the heydays of employee-activity visibility via on-premises network monitoring, and way, way back when people’s work-week routines involved commuting to the office, clocking in, logging onto the corporate network, and doing work in between water cooler breaks – organizations using Secure Network Analytics had absolute, total visibility into everything that their employees were doing. Back then, before the WFH era – security teams could instantly glean deep insights into practically everything that was being hosted within, interacting with, and connecting to their corporate networks. And despite these being simpler times, security teams still had to be incredibly agile, up to speed with rapidly changing and evolving technologies, and always ready to react to security incident-related fire drills at a moment’s notice.

Amidst the arms race that is network security, SecOps professionals must always be comfortable with high-pressure situations and fast-paced environments. It just comes with the territory. Plain and simple. It’s a job that requires a thick skin and continuous adaptation. I have always been impressed with security professionals’ ability to embrace such complexity and ambiguity, remain calm and collected, and just focus on the task at hand and execute. And I especially admire the ones that are naturally energized by their work and thrive on it. However, last year’s abrupt exodus away from corporate offices marked a paradigm shift that left even the best security teams in the dark and effectively lent a whole new meaning to the age-old adage, “the only constant is change”.

New WFH blind spots

To illustrate, in today’s new WFH era, whenever remote workers don’t use their VPNs, organizations are 100% blind to what their employees are doing. This prevents security teams from successfully establishing baselines of normal worker behavior and continuously monitoring them, concomitantly preventing them from being able to alert on anomalous activity and hindering their ability to detect certain types of threats. As a result, SecOps teams have been left in the dark and have been finding themselves asking questions like, have any of our users visited malicious URLs? Is anyone exfiltrating sensitive proprietary data? Have any users’ devices been unintentionally compromised and are now demonstrating command and control (C&C) activity? Are we facing compliance-related and broader organizational risks due to employees running outdated and vulnerable operating systems that need to be patched?

Obtaining complete and continuous remote worker visibility with NVM data

To adapt to this modern conundrum, Secure Network Analytics recent release 7.3.1 began to address this whole “WFH visibility blackout conundrum” by making endpoint Network Visibility Module (NVM) data a primary telemetry source to provide organizations with continuity in remote worker monitoring and visibility without requiring NetFlow telemetry to be present. But that was just phase 1 – now, with release 7.3.2, we’ve further extended this capability with the Data Store now supporting all NVM telemetry record collection to offer 100%-complete and continuous remote worker visibility. So now, whenever a user either works on-network or remotely – be it at home or a local coffee shop – and thus off-network without tunneling through a VPN, or if they are optimizing their remote work experience through split tunneling, all their activity is stored locally. With Network Visibility Module data being a primary telemetry source, whenever workers do eventually turn their AnyConnect VPNs back on, the NVM module phones home and sends logs of all their user activities back to Secure Network Analytics.

This gives security practitioners the continuity in visibility that they need by allowing them to monitor remote worker activities through the collection and storage of NVM endpoint records. Security teams can now gain visibility into activities that they were previously blind to, such as:

◉ Downloading and hoarding of large amounts of sensitive company data

◉ Data exfiltration or the sharing of sensitive company data to an external source

◉ Visiting malicious IP addresses and/or inadvertently installing trojans or other malicious processes

◉ Running older operating system versions with vulnerabilities that need patching

Et cetera. The list of potentially suspicious activities goes on, regardless of whether they are unintentional or motivated by an insider that has gone rogue.

Additionally, with Release 7.3.2, customers that are using NVM data along with a Data Store deployment are also gaining the following benefits:

◉ NVM telemetry records can be collected, stored, and queried in the Data Store

◉ New NVM reports that are now available in the Report Builder application

◉ The ability to define customized security events based on NVM data-specific criteria

◉ All Endpoint Concentrator functions are now fully managed by the Flow Collector

Figure 1. A Secure Network Analytics deployment enabled with both the AnyConnect Secure Mobility Client and the Data Store. User endpoints generate NVM data with rich and granular device context – such as IP addresses, host and usernames, machine types and models, which operating systems and versions are running, the processes that launched network connectivity, MAC addresses, hash information, and more – that is all collected and stored in the Data Store.

Extend the zero-trust workplace to anywhere on any device

In fact, not only does deploying the NVM module software meet the challenges outlined above by extending visibility beyond the walls of the enterprise network to enable more efficient remote worker monitoring, but it also extends the zero trust workplace to anywhere globally and on any device by providing security practitioners with visibility into who is online and what they’re doing by capturing additional granular user device context such as IP addresses, host/user names, machine types and models, which operating system and version is running, the processes that launched network connectivity, MAC addresses, hash information in case potentially harmful files are being shared and traversing the network, and more.

Drastically comprehensive and context-rich visibility is simply table stakes in our “new normal”

Despite efforts to begin transitioning back to the office, with some organizations embracing hybrid models going forward, a significant paradigm shift has already occurred – WFH is here to stay. Having pervasive visibility into remote worker activities is no longer a negligible risk that could be ignored. Nor should any NDR solution portray it as a “nice to have” rather than a “need to have” capability. Now, in today’s “new normal,” with users capable of connecting to the enterprise network from literally anywhere and on literally any device, the need for continuity in visibility across all remote activity has never been more pronounced.

Modern problems require modern solutions. Nowadays, organizations need NDR solutions that offer an unparalleled breadth and depth of visibility across their modern, distributed networks. Secure Network Analytics delivers the most comprehensive, granular, and continuous visibility into remote worker activities through the Network Visibility Module, as well as best-in-breed and industry-leading behavioral analytics to alert on suspicious and anomalous network activity.

Source: cisco.com

Continue reading

Cisco Nexus Dashboard: Cloud Operational Platform for Observability

One of the things that used to keep me up at night is that troubleshooting a data center network typically involved multiple disparate teams, each having a different view of the network, user interface, and the applications it supports. Historically, it took probing the network manually with complex questions and use the answers derived from custom scripting, spreadsheets, and CLIs for troubleshooting and remediation.

Read More: 300-815: Implementing Cisco Advanced Call Control and Mobility Services (CLACCM)

And with scaling into the multi-cloud in modern data center fabrics, the size and scope of deployments are growing into hundreds or even thousands of devices. This results in operational complexity, and the cost of managing these devices has exponentially grown as it takes longer to troubleshoot issues using multiple tools and methods. These multiple tools result in disparate user experiences that result in a lot of time and manual processing spent on troubleshooting and tracking critical network events across global networks. It often requires time to hone into misbehaving devices or collect and analyze data across multiple devices. That can result in downtime which quickly becomes expensive.

Traditional data center network management tools and approaches assume a velocity and volume of change that is well below what is enabled by the cloud and is unable to meet the demands of cloud native applications and digital business.

Cisco Nexus Dashboard is designed to automate, monitor, and analyze your network infrastructure. Innovative architectural approaches were implemented to provide automation and visibility at scale. Nexus Dashboard Insights simplifies operations for our customers with a modern, stateless microservices architecture that can scale horizontally, leveraging open-source infrastructure code. Insights delivers dynamic correlation, impact analysis, proactive alerts, failure prediction, and remediation, along with operational data visualization. These capabilities help consolidate the number of operational tools needed and reduces application downtime, Mean Time to Identify (MTTI), Mean Time to Resolution (MTTR), and the operating costs. 

Driving automation and visibility at scale 

Here are the key architectural components of the Nexus Dashboard Insights architecture: 

Collectors: Nexus Dashboard Insights incorporates universal telemetry collectors. These collectors support multiple input plugins for collecting software and hardware telemetry data streamed from networking infrastructure devices like routers, switches, firewalls, and load balancers.  

Data lake: Insights pipeline supports data encoded in JSON or GPB, which gets transformed and stored in a data lake for further processing. Telemetry data from legacy devices that do not support streaming telemetry is retrieved using REST API or SSH and then put into the pipeline for transformation.  

Analytics Engine: The analytics engine pipeline uses a serverless compute model. It handles tasks such as data enrichment, anomaly detection, data aggregation, and resource scoring by splitting them into modular tasks with associated task specifications. These tasks are processed independently, and the results are saved in the distributed data lake.  

Nexus Dashboard Operations Intelligence Platform

Architecture for deep visibility and operational simplicity 

Today, we are leveraging best-in-class AI/ML technologies to automate a number of these tasks which were being done manually on CLIs or using custom python scripts. This has led to powerful forecasting and anomaly detection use cases to generate an alert based on analytics of the time-series network data, paving the path towards proactive and predictive capabilities. 

Insights proactively streams software and hardware telemetry from across the fabric. It uses AI/ML technology to create a network-specific baseline for different Key Performance Indicators (KPIs). These baselines are continuously updated to reflect dynamic network behavior. An anomaly alert is generated when the network state crosses the thresholds band set around the baseline. These anomalies can further trigger user-specified actions such as generating email notifications or auto-remediation.  

Insights has been built on the principle that beyond identifying a problem in the network, there is a strong need to make the complex monitoring of IT operations simple. We embarked on an automation journey starting with taking additional steps to identify the impact caused by the issue/s and the resulting remediation steps.  

We address the architectural demands placed on the modern networks by: 

1. Hardware and software telemetry: Deep expertise in analyzing hardware and software telemetry:  Increases the completeness and accuracy of data that helps monitor, troubleshoot in real-time.  

2. Future-proof support: Future-proof support for infrastructure devices using capabilities specified in Industrywide supported open standards (both existing and in planning stages) 

3. Lead with AIOps: Building closed and continuous feedback loop automation into remediation by utilizing AIOps capabilities. Monitor and root cause issues and scale support needs by leveraging a DevOps toolchain to enable development to be very agile resulting in real-time automated pattern discovery. 

This allows us to automate and manage legacy data-intensive processes while simultaneously embracing new cloud-driven data frameworks. 

Cisco Nexus Dashboard Alerts Summary

Stay tuned to the next set of blogs that will delve into upcoming Nexus Dashboard capabilities and use cases based on this new “built from the ground up” architectural approach. 

◉ One view: With Single Sign-On (SSO) and Role-Based Access Control (RBAC), operate your geographically distributed multi-site environment across multiple Cisco Nexus Dashboard clusters from a single point of control.  

◉ Microburst detection: Insights into network microburst and flows. Expose and locate invisible microbursts, locate congestion hotspots, and protect application performance. 

◉ Anomaly analysis: Solving “Needle in a Timestack” problem for CRC/FCS errors. Compare and contrast time-synced data of multiple parameters to derive a deeper understanding of issues and behaviors.

Source: cisco.com

Continue reading

Power of Cloud Application Centric Infrastructure (Cloud ACI) in Service Chaining

It is a reality that most enterprise customers are moving from a private data center model to a hybrid multi-cloud model. They are either moving some of their existing applications or developing newer applications in a cloud native way to deploy in the public clouds. Customers are wary about sticking to just a single public cloud provider for fear of vendor lock-in. Hence, we are seeing a very high percentage of customers adopting a multi cloud strategy. According to Flexera 2021 State of the cloud report, this number stands at 92%. While a multi cloud model gives customers flexibility, better disaster recovery and helps with compliance, it also comes with a number of challenges. Customers have to learn not just one, but all of the different public cloud nuances and implementations.

More Info: 352-001: CCDE Design Written Exam (CCDE)

Navigating the different islands of public cloud

When customers adopt a multi cloud strategy, they often begin with one and then expand to other clouds. Though most public clouds were built with an over-arching goal  of providing access to resources instantly at a lower cost, their individual implementations and corresponding cloud native constructs are different. Hence automation artifacts built for a specific public cloud provider, cannot be re-used for other clouds.  As we see our customers undertake the multi cloud journey, it is increasingly clear that having an automated way to configure the cloud constructs for various clouds is a huge benefit for our customers.

Cisco provides this solution to our customers via Cloud ACI. Cisco Application Centric Infrastructure (ACI) is Cisco’s premier Software Defined Networking (SDN) solution for the data center.  The ACI solution now caters not only to on-premises data center, but the public cloud as well. Thereby, offering a seamless experience to customers to orchestrate and manage consistent policies for their workloads irrespective of where the workload resides. Cloud ACI provides that needed abstraction across multiple public clouds, providing a single policy model for customers to define their intent. Cisco ACI solution takes care of automating the user intent into required cloud native construct of each cloud.

Cloud ACI solution achieves this by deploying the Cisco Cloud Application Infrastructure Policy Controller (Cloud APIC)  in the cloud site, like Amazon AWS or Microsoft Azure. The cloud APIC is registered with the Cisco Nexus Dashboard Orchestrator (formerly Multi-Site Orchestrator) – the master controller for managing different ACI sites. The user defines the policies on the Nexus Dashboard Orchestrator, which pushes it down to the sites where the user policy needs to be applied.The Cloud ACI controller at the site takes care of configuring the right networking and security cloud constructs for that cloud site.

Let us take an example of an enterprise that plans to deploy workloads both in AWS and Azure. Resources in AWS are deployed within a VPC, whereas Azure requires a Resource Group. AWS provides native load balancing services via Elastic Load Balancers, whereas in Azure, you would use an Application Gateway for L7 load balancing and Network Load Balancer for L4 traffic. The native cloud constructs are different and end users have to learn both AWS as well as Azure languages. If the enterprise uses Cloud ACI, configuring a VRF (Virtual Routing context) from the Nexus Dashboard Orchestrator will translate to creating a VPC in a AWS site and a Virtual Network (VNET) in the Azure site. It’s that simple!!!

Load Balancers and More!

Cloud ACI can be particularly powerful when automating your applications behind native load balancing services. Both large web scale applications as well as  smaller enterprise applications are typically deployed behind a load balancer for high availability and elasticity. Hence, all major public cloud players offer load balancing as a native service. Load balancers have a frontend, which is the IP and port to reach the application and a backend with the servers serving that application. Depending on the load, the servers hosting the application can be scaled up/down elastically.

Cloud ACI provides a neat way to automate the creation of the native load balancers as well as configure and manage the lifecycle of the load balancers. The solution provides an innovative way to add the backend servers as targets to the load balancers dynamically. This is done via tagging the servers and creating a service graph in ACI. A service graph represents the flow of data between consumers and providers via one or more service devices. Cloud ACI provides the ability to create load balancers and configures the frontend port based on user configuration. Once a user specifies via a contract the desired provider endpoint group (EPG), the solution takes care of automatically adding the servers that belong to the provider endpoint group as the backend of the load balancer.

This is pretty powerful, with VMs scaling up and down, there is no need to manually add/remove these servers from the load balancer backend. Cloud APIC auto detects the servers and classifies them into the right EPG.  The Cloud APIC then dynamically adds/removes these servers from the backend of the load balancer.

Unleash the power of service chaining

For web applications reachable over the internet, it is paramount that there is additional security built in to protect the application and the backend servers from security attacks. In such cases, it is common for customers to insert a firewall before the traffic hits the load balancer. The firewall could be Cisco’s FTD, or 3rd party firewalls from vendors like Checkpoint, Fortinet, VM-Series Next-Generation Firewall from Palo Alto etc, available in the public cloud marketplace. Cloud ACI provides the perfect automation for this use case by providing users with a way to build a multi node service graph. To provide high availability for the firewall, a load balancer may be placed in front of the firewall like shown in the below picture

Cloud ACI can automate the entire flow by managing the lifecycle of both the front end and the Backend LB. It automates the creation of the load balancers, configuring the frontend port/protocol and adding the right backend targets.  As defined by the service chain, it adds the firewall instances as the targets of the Frontend LB. It adds the application servers as the targets of the backend application load balancer (ALB). Cloud APIC also configures the security groups at each layer with the right set of rules based on the contract. This ensures that no un-intended traffic flows between the user and the backend application servers. Can it get better than this! The only configuration that is required from cloud ACI is

◉ creation of the logical devices for the load balancers and firewall

◉ creation of a service graph specifying the location of the service devices in the chain

◉ configuring a contract between the consumer and the backend application server endpoint group

As you can see, this is extremely simple and saves time and reduces configuration complexity for the user. What more, the network admin can be at peace knowing that any dynamic scaling of the backend servers by the application/server admin, will be handled by cloud APIC.

Source: cisco.com

Continue reading

Top 10 CCNA 200-301 Exam Preparation Tips: Key to Success

When applying for any IT job position in comparison with numerous candidates, it is important to confirm extra qualifications for the role. Achieving a relevant certification is believed to be an amazing way to do so. This would be because recruitment manager view them as evidence of skills so signs for more reliable performance. If you are looking for some useful study methods concerning the CCNA 200-301 Exam, we have mentioned them below, but first, let’s explore the exam outline.

Essential Information of the CCNA 200-301 Exam

A vital step in preparing for any exam is to determine the list of the themes to be included. And the more comprehensive it is, the more consideration you should pay to this chapter. Regarding Cisco 200-301 exam, you can find a complete outline on Cisco’s official website. On the whole, the areas you’ll be evaluated on involve networking basics, IP connectivity and IP services, programmability, network access, and so on. At this step, it’s also essential to know what types of questions you will face, how much time you’ll be given, and how to ace the exam.

Continue reading

Cisco Secure: Supporting NIST Cybersecurity Framework

Extending the alignment to include more Cisco products

Why should you care? With so many security frameworks, it can be difficult to know where to start from. While many organizations are challenged with managing and improving their cybersecurity programs against the dynamic threat landscape, it’s not easy to pick one framework over another. So where do they start from – ISACA COBIT 5? ISO27000 series? CIS CSC? NIST CSF? SABSA? Or something else? National Institute of Standards and Technology (NIST) developed the Cybersecurity Framework (CSF) exactly for this reason. It’s a simple, best-practices approach to Cybersecurity leveraging the specific standards that are widely used and already working well today.

Basics First

NIST CSF is a voluntary framework based on existing standards, guidelines and practices for reducing cyber risks. It enables organisations to discuss, address and manage cybersecurity risk.

More Info: 350-901: Developing Applications Using Cisco Core Platforms and APIs (DEVCOR)

◉ It is used to manage cybersecurity risks in a cost-effective way while protecting privacy

◉ It references the globally accepted standards (COBIT, ISO/IEC, ISA, NIST, CCS)

◉ It enables all organizations (large or small) to improve security and resilience

◉ 3 pillars – People, Process, and Technology – Each of these are important

◉ Only half of the CSF Categories are addressed by technology

◉ It emphasizes the importance of two other main pillars of Cybersecurity – People and Process

The Cybersecurity Framework consists of three main components: the Core, Implementation Tiers, and Profiles but for today’s discussion, we will focus only on Core which is a ‘set of activities and outcomes using a language that is easy to understand.

How CSF Core makes lives easier?

The CSF Core consists of four components as shown in the table below. The CSF Core provides a set of activities to achieve specific cybersecurity outcomes. It also gives guidance on how to achieve those outcomes. The table below lists each of these components with a short description and example:

The CSF Core is comprised of five functions – Identity, Protect, Detect, Respond, and Recover. These functions when considered together, provide the lifecycle of an organization’s cybersecurity risk

How Cisco Security Products align to NIST CSF?

Extending the work already done with the existing whitepaper, below is the updated alignment that includes a few more products (highlighted in Orange box) and how each of these products map to different NIST CSF Categories:

Source: cisco.com

Continue reading