Rural connectivity is the next digital opportunity

Connectivity to the internet is now critical: it empowers communities and businesses to connect from any location, forever changing our economy, our relationships, and our lives. The digitalization of society is rapidly accelerating, but unfortunately, not everyone can participate equally. In Ethiopia, for example, we’re working with WebSprix to bring high-speed broadband access to its population of 115 million, were less than 270,000 currently have fixed broadband access.

In the United States of America, roughly 14.5 million people still reside in areas without access to the current Federal Communications Commission (FCC) benchmark of 25Mbps for high-speed broadband internet. Rural communities are disproportionately affected when broadband access is expected to be ubiquitous. At Cisco, we believe everyone deserves the opportunity to connect and participate in online communities and economies, and only when everyone is connected can we capture the full potential of an inclusive future for all.

Any digital divide will exacerbate income inequalities and limit opportunities to participate in the larger community. We must empower Communication Service Providers (CSP) to support rural areas with improved services and bridge the digital divide for these underserved areas.

Managing core transport networks is no easy task for CSPs. The infrastructure must be able to carry existing wired and wireless traffic while being aware of application and service performance requirements. It also needs to support new applications like distance learning, IoT-enabled smart farming, green (solar/wind) energy production and management, and telemedicine, each with its own Quality of Service (QoS) requirements. To be successful, CSPs need to simplify their operations and optimize Capital Expenditures (CapEx) to the point where serving these rural areas can be justified and makes economic sense.

Scalability through access router innovation

Recent updates to our Converged Software-Defined Networking (SDN) Transport architecture allow network architectures to scale without the associated costs of inefficient designs and complex operations. Innovations for the best-selling NCS 540 and NCS 560 access routers provide tools to support rural areas and offer CSPs the following benefits:

◉ Configurations that support 80Gbps to 900Gbps of total bandwidth, with 25Gbps optimized solutions

◉ A single, modular network operating system (IOS XR) from the access router to the core router that supports Open APIs can reduce operational complexity

◉ Compact and powerful designs for deployment in space or power constrained locations and embedded safeguards for surge protection and capital investment protection

◉ Temperature hardened and conformal coated configurations for deployments in adverse environmental conditions

◉ Simplified network management and traffic control using Segment Routing and Ethernet Virtual Private Networking (EVPN) to enable network slicing and ensure service performance

◉ Model-driven APIs and streaming telemetry to automate network operations and reduce time managing the network

◉ Pay-As-You-Grow (PAYG) Flexible Consumption Model (FCM) to help CSPs better manage their CapEx/OpEx by only paying for needed bandwidth rather than idle capacity

Making rural investments easier to justify

The innovations built across the NCS 540 and NCS 560 product portfolio provide a foundation for a flexible and scalable network architecture that is ideally suited for rural communities. These routers are specifically designed to support the strict timing needs, ultra-low latency, and Common Public Radio Interface (CPRI), eCPRI, and Radio over Ethernet (RoE) options for mobile networks. This gives CSPs the flexibility to deploy Wi-Fi 6, public 5G, and/or private 5G service offerings in areas where last-mile access routes are more difficult to economically justify.

The NCS 540/560 helps support the convergence of service and network layers by supplying enhanced visibility and automation tools to improve network uptime and resiliency. For high availability, the NCS 560 operates as a fully redundant platform with support for 50ms In-Service Software Upgrade (ISSU). When serving rural communities where dispatching technicians is costly and time-consuming, CSPs must consider solutions that can be highly automated and minimize hands-on time. Automation tools like secure Zero Touch Provisioning (ZTP) can reduce operational costs by building consistency in both initial deployments and system updates, which reduces truck rolls to remediate human errors.

To further improve the economic justification in serving rural areas, the NCS 540/560 support 100G/200G/400G ZR/ZR+ optics, integral tools required for transmission over long distances without the need for additional optical equipment. For use cases where more than 10G is needed, the NCS 540/560 router configurations can support 25Gbps ports, and the NCS 540 also supports Bidirectional (BiDi) transceivers. Using different wavelengths for ingress and egress traffic in the same fiber strand, BiDi allows CSPs to optimize their existing and planned fiber investment, as well as the associated fiber ports and space.

Closing the digital divide

Closing the digital divide is a top agenda for many governments and organizations around the world. Cisco is excited to leverage its expertise and experience to help these organizations expand their networks to service unconnected and underserved areas.

Source: cisco.com

Continue reading

TrustSec – 9800 vs 8540 Wireless LAN Controller deployment

To protect business critical data, the network needs to be segmented. But traditional methods are complex. Cisco TrustSec provides a simple way to segment and apply polices uniformly across the network.

More Info: 300-715: Implementing and Configuring Cisco Identity Services Engine (SISE)

Traditional network segmentation approaches use IP address-based access control lists (ACLs), VLAN segmentation, and firewall policies that require extensive manual maintenance. Therefore, every device in the network that needs to enforce security policies would require manual configuration. For instance, any change to policies would mean manually updating the ACLs for all the devices uniformly which is error prone. With IOT and BYOD the scale factor will make it very difficult to use traditional ACLs.

Having a single centralized security policy database would be easy to maintain and policies can be uniformly enforced. This is where trustSec becomes relevant. TrustSec provides an end-to-end secure network where each entity is authenticated and trusted by its neighbors. Above all, it provides consistent policy set across the network.

This blog provides an overview of how trustSec as a solution is deployed on 9800 and 8540 Wireless LAN Controller. In addition, some key feature differentiators is also highlighted.

Terminology

Security Group

Used for grouping users and endpoints that should have a similar access control policy.

Security Group Tag (SGT)

It is a unique security group number that gets assigned to the security group.

TrustSec Capable Device

Devices that are capable of understanding SGT (hardware or software based).

Protected Access Credential (PAC)

Shared credential used to mutually authenticate Trustsec capable devices with ISE.

Environment (Env) Data

ISE provides ENV data information to a trustSec capable device. It consist of : Server list, expiry/refresh timeout and device SGT.

◉ Server list – It provides the list of radius servers which can be used for authentication and authorization.

◉ Expiry/Refresh timeout – Configurable timer on ISE which will let the administrator know how often the device should refresh the environment data.

◉ Device SGT – This is the SGT assignment for the device.

Security Group Access Control List (SGACL)

Access and permission are provided based on the SGT information.

With increase in number of source and destination the ACL size could grow exponentially making it difficult to maintain. In other words, it takes a lot of effort for an administrator to manually update ACL across network devices. For example, here is a pictorial representation of how trustSec as a solution can make things easy for an administrator.

Key components

There are three components within TrustSec domain.

1. Classification: Client classification at ingress by centralized policy database (ISE) and assigning unique S-SGT to client based on client identity attributes.

2. Propagation: Propagation of IP to SGT binding to neighboring devices using SXPv4 or inline tagging.

3. Enforcement: SGACL download at enforcement point for (S-SGT, D-SGT) and enforcing the policy.

Given below are some details about trustSec implementation on 8540 and  9800 Wireless LAN controllers.

Classification

It happens on ISE at the ingress and the clients get the SGT based on client identity attributes. So, the ISE acts as the central policy manager providing SGT for the clients.

Propagation and Enforcement

There are two modes for SGT propagation:

SXPv4

SXP is a control protocol which propagates IP address to Security Group Tag (SGT) binding information across network devices. Using the SGT and SGACL information, the endpoint device(WLC or AP) can enforce traffic.

8540 Central switching

The controller can act ONLY as a speaker. This means that the SGT information of the wireless client is  propagated to the enforcement point by the controller. But enforcement happens at the AP for the traffic towards the client.

9800 Central switching

The controller can act as Listener, Speaker and both mode. In listener mode, controller can enforce traffic. Whereas controller in both mode can enforce and as well as propagate SGT information to the enforcement point.

An important difference between 8540 and 9800 controller in central switching deployment – On 8540, the enforcement happens on the AP. Whereas, on 9800 enforcement happens on the WLC.

Local switching

The Access point acts as Listener, Speaker and both modes. In listener mode, the access point can enforce traffic. On the other hand, access point in both mode can enforce and propagate SGT information to the enforcement point. This functionality is common between 8540 and 9800 deployments.

Inline tagging

Inline tagging involves tagging each packet egressing the controller by inserting a CMD header.

For inbound packets (towards client), the CMD header is stripped if present. The client S-SGT is used to find SGACL associated with (S-SGT, D-SGT) for enforcement.

8540 Central switching

WLC performs inline tagging for all packets sourced from wireless clients that reside on the WLC by tagging it with Cisco Meta Data (CMD) tag. For packets inbound (towards client), WLC strips the packet of the CMD header and pushes the SGT information to the AP for enforcement. Note that the enforcement doesn’t happen on WLC.

9800 Central switching

The WLC performs inline tagging for all packets sourced from wireless clients. For the inbound traffic (towards client), WLC strips the CMD and learns the SGT information from the meta data header. WLC will enforce the traffic using the SGT information.

 

Local switching

AP performs inline tagging for all packets sourced from wireless clients that reside on the AP by tagging it with Cisco Meta Data (CMD) tag. On the other hand, for packets inbound (towards client) AP will strip the CMD header and act as an enforcement point. This functionally is common between 8540 and 9800 deployments.

In a nutshell, propagation and enforcement happens on the WLC or AP depending on the deployment method (Central and Flex local switching) and the type of controller (9800 or 8540) deployed in the network.

TrustSec – Key feature comparison

Source: cisco.com

Continue reading

Enjoy Incredible Benefits by Passing Cisco 300-425 ENWLSD Exam

Cisco is an international organization widely known for producing specialized gadgets and systems. The organization is presently the best designer in the best-in-class system administration equipment list. Therefore, obtaining the certification of this vendor is an excellent solution for the career of any IT professional. One of the current and popular tracks offered by Cisco is CCNP Enterprise. That is why, in this blog, we will check out the details of the Cisco 300-425 ENWLSD exam, which is one of the certification examinations needed for earning this professional-level certificate, and explore the benefits it can bring. So, let's dive into it!

A lot of professionals want to earn this certificate and get it to validate their skills in delivering enterprise networking solutions. This brings us to what we require to obtain this certification.

Essential Information About Cisco 300-425 exam

The CCNP Enterprise certification track, which the Cisco CCNP 300-425 ENWLSD Exam is a part of, doesn't need any formal requirement. Hence, everyone can sit for this exam and its associated certification. The only crucial thing is to master all the skills evaluated in this exam. Certainly, you can have tremendous knowledge behind your back with three to five years of experience, but this is not a compulsory requirement.

Cisco 300-425 ENWLSD is a certification exam designed for IT professionals who want to obtain CCNP Enterprise. To obtain this certification, they should pass one core exam (350-401 ENCOR) and one concentration exam (to choose their supplementary knowledge domain). Cisco 300-425 is from the concentration exam group. Other exams that you can take instead of this one are as follows:

• Cisco 300-410 (Implementing Cisco Enterprise Advanced Routing and Services);
• Cisco 300-415 (Implementing Cisco SD-WAN Solutions);
• Cisco 300-420 (Designing Cisco Enterprise Networks);
• Cisco 300-430 (Implementing Cisco Enterprise Wireless Networks);
• Cisco 300-435 (Automating Cisco Enterprise Solutions).

The 300-425 ENWLSD exam is geared towards demonstrating one's knowledge of wireless network design, comprising wired & wireless infrastructure, Mobility & WLAN high availability, and site surveys. This is an excellent certification exam for the mobility network engineers and wireless site survey engineers who are typically engaged in implementation, network design, and planning. It is also apt for those professionals who want to build a career in the IT sector, especially in wireless enterprise networking.

Cisco 300-425 ENWLSD Exam Structure

The Cisco CCNP 300-425 ENWLSD syllabus includes four topics from which most or all of the exam questions are taken. These objectives cover Mobility (25%), Wireless Site Survey (25%), WLAN High Availability (20%), and Wired and Wireless Infrastructure (30%). These are the subjects that the applicants should master to pass this exam. You can get mastery over them by enrolling in a training course offered by Cisco's official website. In addition, you can get some valuable and reliable prep resources from many websites: these resources involve study guides, practice tests, videos, and Cisco blogs.

Cisco 300-425 ENWLSD exam comprises 55-65 questions, which need to be completed in a 90-minutes. To pass the exam, you need to obtain a score of 750-850 out of 1000. The exam cost is $300.

Also Read: 300-425, ENWLSD Certification: Study Guide & Career Benefits

You can take the exam in English only. To schedule this exam, you must visit the Pearson VUE platform. You can register for this exam from the official Cisco certification webpage by clicking on the link offered at the bottom of the page.

Your path to Success for CCNP Enterprise 300-425 ENWLSD Certification Exam

What Are the Benefits of Passing the Cisco 300-425 ENWLSD Exam?

There are so numerous benefits of passing the Cisco 300-425 ENWLSD exam. Let's look at them closer.

Acquiring Advanced Skills and Knowledge

The Cisco 300-425 ENWLSD exam equips the applicants with the relevant knowledge and skills to adequately represent the systems of wireless network design for producing a network design solution. It also reveals how the Enterprise Composite Network Model can competently streamline the complications of modern networks. The exam also equips you with the ability to design the enterprise campus in wired and wireless infrastructure modular fashions. It will also allow you to design an enterprise WAN network along with a network addressing plan.

Additionally, this exam is intended to help the applicants know how to choose the ideal routing protocols for a network. Furthermore, CCNP Enterprise 300-425 certification equips them with the expertise to evaluate security solutions for a network. All of these abilities are an essential part of the correct working process of the whole organization. Therefore, organizations want to employ those professionals who own this knowledge.

Enjoy Brilliant Career Opportunities with Cisco 300-425 ENWLSD Certification

Being a Cisco certified professional is something that creates new opportunities for you within your country and overseas. The hiring managers will find your resume appealing, and you will hold a higher chance of acquiring a well-paid job position or get a promotion in your existing company. Adding the CCNP Enterprise certification to your CV will make you stand out from the group. And even if you choose to continue your current job, the skills you will get through Cisco 300-425 exam preparation will help you become more productive in your job role.

Some of the job positions you can follow after passing the Cisco 300-425 exam include the following:

• System Engineer;
• Network Administrator;
• Senior System Administrator.

Conclusion

Cisco 300-425 ENWLSD can be a difficult certification exam if you don't study thoroughly. We recommend that you go through all the details and learn all the topics before sitting for it. Make good use of available study resources to pass this exam and earn the sought-after CCNP Enterprise certificate.

Continue reading

How to Prepare for Cisco 300-410 (ENARSI) Certification?

Cisco ENARSI Exam Description:

This exam certifies a candidate's knowledge for implementation and troubleshooting of advanced routing technologies and services including Layer 3, VPN services, infrastructure security, infrastructure services, and infrastructure automation. The course, Implementing Cisco Enterprise Advanced Routing and Services, helps candidates to prepare for this exam.

Cisco 300-410 Exam Overview:

• Exam Name:- Implementing Cisco Enterprise Advanced Routing and Services
• Exam Number:- 300-410 ENARSI
• Exam Price:- $300 USD
• Duration:- 90 minutes
• Number of Questions:- 55-65
• Passing Score:- Variable (750-850 / 1000 Approx.)
• Recommended Training:- Implementing Cisco Enterprise Advanced Routing and Services (ENARSI)
• Exam Registration:- PEARSON VUE
• Sample Questions:- Cisco 300-410 Sample Questions
• Practice Exam:- Cisco Certified Network Professional Enterprise Practice Test

Related Articles:-

• Cisco 300-410 ENARSI Exam and Practice Tests: Details Not to Be Missed
• Preparing for the Cisco 300-410 Exam: Study Resources
• Upgrade Your Career with New CCNP Enterprise 300-410 Certification
• Sharpen Your Confidence With Practice Test – and Passing Cisco 300-410 Exam Will Be Super Easy

Continue reading

CX Cloud—expertise and insights at our fingertips

Over the years Cisco IT has built many tools to manage support. We had one tool to track subscriptions, another to keep tabs on service contracts, and yet another to view asset lifecycle information. The problem? We spent too much time correlating information scattered across the different interfaces. When we received a security alert on one interface, for instance, we had to go into another interface to identify the affected assets.

Supporting the Cisco network is much more efficient now that we use Cisco CX Cloud. Think of CX Cloud as a one-stop destination for all information we need (Figure 1). No more searching across disparate, unconnected tools. Everything is in one place. CX Cloud is saving us time. Revealing issues we didn’t know about. Helping us more quickly respond to vulnerability alerts to keep the network secure. And giving us new insights into network health.

Figure 1. All support information in one place

I asked Chris Groves, Cisco IT director of network services, how CX Cloud makes his job simpler. Here are his top four:

◉ Monitoring case status (Figure 2). “At the top of my list is how easy it is to see open cases,” Chris told me. “In two clicks I can see every TAC case, who opened it, and whether it’s for firewall, remote access, data center, Cisco Virtual Office, etc. Never underestimate the power of the mundane.”

Figure 2. TAC case status at a glance

◉ Time savings. Before, when we received an advisory about a potential security vulnerability we’d start by identifying all assets at risk. That alone took several hours. Next, we’d figure out the right mitigation steps and plot out our strategy. After that we’d track progress. Along the way we’d use several tools. With CX Cloud, we can easily see all affected assets in one place, along with suggestions for mitigation (Figure 3). If an incident affects 500 assets, just being able to see all of them in one place saves us about 15 hours of work.

Figure 3. Selecting an advisory shows all assets at risk

◉ Faster response to vulnerabilities. Chris likes the convenience of seeing all advisories right on the dashboard—sorted by criticality. For example, field notices about less-important issues, like a button prone to sticking, are listed separately. “We can’t patch everything at once, so we check the CX Cloud dashboard to see which advisories have the biggest impact in our network,” he said.

◉ New insights. If Chris sees that a large portion of cases involve the same product or place in the network, he checks if the support team needs help. He might even suggest a product change to the business unit. He can also spot chronic issues and monitor the results of support initiatives.

As Customer Zero, we influenced the product

Cisco IT was Customer Zero for CX Cloud, meaning that we were the first to use it in production so we could provide input on features and share our experiences with other customers. With our feedback, initial setup time dropped from 6 hours to 30 minutes. We also suggested features on the product roadmap, like the ability to tag advisories with recommended actions and to filter cases by team or product group.

Though we’ve just started using CX Cloud, we’re already seeing the business value. Consolidating support information in one place helps us more efficiently manage our network, keeping it secure and available. As Chris summed it up, “CX Cloud is like having high-touch support right at your fingertips.”

Source: cisco.com

Continue reading

Enable Digital Transformation with Cisco SD-WAN

Cisco SD-WAN unlocks new possibilities with our network infrastructure, the new architecture is replacing the long-established role of the wide-area network (WAN), connecting our users at the branch office location to applications hosted on servers in the datacenters.  

Often VPN (Virtual Private Network) tunnels or Multiprotocol Label Switching (MPLS) were implemented for segregation of data and security. This approached worked well for years, but as our customer moved into a mobile digital application world and their data move to the cloud, a new approached was required. 

It’s a multi-cloud world

We live in a multi-cloud world, where using multiple clouds from multiple providers has become the new normal. Cisco SD-WAN has proven effective in helping Cisco partners accelerate their adoption of multi-cloud environments and drive business solutions for their customers. It helps them manage multiple network providers, ISP circuits, and connect branches to clouds. Cisco SD-WAN allows customers to deliver on-demand branch connectivity to their ISP and cloud providers directly from the SD-WAN controller. 

Model-Driven Programmability

Adding Cisco SD-WAN programmability via the vManage REST APIs has opened even more possibilities for extending automation to any task. Such as:

◉ Template-driven infrastructure deployment service, allowing engineers to define building blocks and create abstractions for the deployments of required sets of resources.  

◉ Update or delete the deployed resources with ease without many changes to the configurations. 

◉ Provisions the reference of one resource definition to another, thus enabling the creation of dependencies and controlling the order of creation of resources. 

Many Cisco partners are leveraging these APIs to create custom automated sequences for managing, monitoring, configuring, and troubleshooting the SD-WAN environment based on their specific needs. 

Getting the details via developer experience

The Cisco SD-WAN API allows Cisco partners to focus more and more on their developer experience. Product managers, marketers, and engineers alike have an interest in evaluating and improving how a developer uses APIs and the benefits they bring. That’s why Cisco DevNet is dedicated to delivering an excellent developer experience with SD-WAN.  It’s a dedication that pays off over many developer interactions, as they use the SD-WAN documentation, sandbox, and other resources. 

Are we doing this right though?

A mentor once told me “Feedback is feedback, no matter if this is valuable feedback or bad feedback. Asking the right people for feedback will help you grow.” Hearing from our DevNet Specialized partners is key to improving the quality and content for Cisco SD-WAN API, and programmability in general. So, when it came to feedback on the SD-WAN Dev Center, I took the opportunity to speak with our DevNet Specialized Partners at the recent API Insights webinar. The webinar – offered exclusively to our DevNet Specialized partners – was focused on the Cisco SD-WAN Dev Center, new plans, and upcoming opportunities.

The webinar featured a live presentation and demo of how partners can execute Cisco SD-WAN REST API calls for role-based access control (RBAC), based on the Resource Groups feature, and how this can be used for Cisco SD-WAN deployments. The presentation showed how this feature helps to simplify network administration, restrict blast perimeter, and meet compliance requirements. 

API Insights webinars are available exclusively to partners who have already achieved their DevNet Specialization. I invite partners to learn more about the DevNet Specialization so they, and their teams, can experience these insights webinar events, and see how being DevNet Specialized can benefit your teams, your business, and the business of your customers.

Source: cisco.com

Continue reading

Complete and continuous remote worker visibility with Network Visibility Module data as a primary telemetry source

Navigating the new normal

Organizations are currently facing new challenges related to monitoring and securing their remote workforces. Many users don’t always use their VPNs while working remotely – this creates gaps in visibility that increase organizational risks. In the past, many organizations viewed these occasional gaps in visibility as negligible risks due to low overall volumes of non-VPN-connected remote work. However, today, that’s no longer the case, as organizations and workers have been thrust into a new “work from home (WFH) era.”. This not only led to an explosion in the need for remote access from anywhere and on anything – effectively expanding threat surfaces and concurrently increasing opportunities for attackers – but – as if that weren’t enough – organizations were also hit with a wide-ranging and prolonged employee activity visibility blackout. This left security teams scrambling to adapt as this sudden “visibility blackout” further exacerbated overall organizational security risk levels.

Read More: 300-410: Implementing Cisco Enterprise Advanced Routing and Services (ENARSI)

Nostalgically remembering the good old days…

Back in olden times, circa late 2019 – back in the heydays of employee-activity visibility via on-premises network monitoring, and way, way back when people’s work-week routines involved commuting to the office, clocking in, logging onto the corporate network, and doing work in between water cooler breaks – organizations using Secure Network Analytics had absolute, total visibility into everything that their employees were doing. Back then, before the WFH era – security teams could instantly glean deep insights into practically everything that was being hosted within, interacting with, and connecting to their corporate networks. And despite these being simpler times, security teams still had to be incredibly agile, up to speed with rapidly changing and evolving technologies, and always ready to react to security incident-related fire drills at a moment’s notice.

Amidst the arms race that is network security, SecOps professionals must always be comfortable with high-pressure situations and fast-paced environments. It just comes with the territory. Plain and simple. It’s a job that requires a thick skin and continuous adaptation. I have always been impressed with security professionals’ ability to embrace such complexity and ambiguity, remain calm and collected, and just focus on the task at hand and execute. And I especially admire the ones that are naturally energized by their work and thrive on it. However, last year’s abrupt exodus away from corporate offices marked a paradigm shift that left even the best security teams in the dark and effectively lent a whole new meaning to the age-old adage, “the only constant is change”.

New WFH blind spots

To illustrate, in today’s new WFH era, whenever remote workers don’t use their VPNs, organizations are 100% blind to what their employees are doing. This prevents security teams from successfully establishing baselines of normal worker behavior and continuously monitoring them, concomitantly preventing them from being able to alert on anomalous activity and hindering their ability to detect certain types of threats. As a result, SecOps teams have been left in the dark and have been finding themselves asking questions like, have any of our users visited malicious URLs? Is anyone exfiltrating sensitive proprietary data? Have any users’ devices been unintentionally compromised and are now demonstrating command and control (C&C) activity? Are we facing compliance-related and broader organizational risks due to employees running outdated and vulnerable operating systems that need to be patched?

Obtaining complete and continuous remote worker visibility with NVM data

To adapt to this modern conundrum, Secure Network Analytics recent release 7.3.1 began to address this whole “WFH visibility blackout conundrum” by making endpoint Network Visibility Module (NVM) data a primary telemetry source to provide organizations with continuity in remote worker monitoring and visibility without requiring NetFlow telemetry to be present. But that was just phase 1 – now, with release 7.3.2, we’ve further extended this capability with the Data Store now supporting all NVM telemetry record collection to offer 100%-complete and continuous remote worker visibility. So now, whenever a user either works on-network or remotely – be it at home or a local coffee shop – and thus off-network without tunneling through a VPN, or if they are optimizing their remote work experience through split tunneling, all their activity is stored locally. With Network Visibility Module data being a primary telemetry source, whenever workers do eventually turn their AnyConnect VPNs back on, the NVM module phones home and sends logs of all their user activities back to Secure Network Analytics.

This gives security practitioners the continuity in visibility that they need by allowing them to monitor remote worker activities through the collection and storage of NVM endpoint records. Security teams can now gain visibility into activities that they were previously blind to, such as:

◉ Downloading and hoarding of large amounts of sensitive company data

◉ Data exfiltration or the sharing of sensitive company data to an external source

◉ Visiting malicious IP addresses and/or inadvertently installing trojans or other malicious processes

◉ Running older operating system versions with vulnerabilities that need patching

Et cetera. The list of potentially suspicious activities goes on, regardless of whether they are unintentional or motivated by an insider that has gone rogue.

Additionally, with Release 7.3.2, customers that are using NVM data along with a Data Store deployment are also gaining the following benefits:

◉ NVM telemetry records can be collected, stored, and queried in the Data Store

◉ New NVM reports that are now available in the Report Builder application

◉ The ability to define customized security events based on NVM data-specific criteria

◉ All Endpoint Concentrator functions are now fully managed by the Flow Collector

Figure 1. A Secure Network Analytics deployment enabled with both the AnyConnect Secure Mobility Client and the Data Store. User endpoints generate NVM data with rich and granular device context – such as IP addresses, host and usernames, machine types and models, which operating systems and versions are running, the processes that launched network connectivity, MAC addresses, hash information, and more – that is all collected and stored in the Data Store.

Extend the zero-trust workplace to anywhere on any device

In fact, not only does deploying the NVM module software meet the challenges outlined above by extending visibility beyond the walls of the enterprise network to enable more efficient remote worker monitoring, but it also extends the zero trust workplace to anywhere globally and on any device by providing security practitioners with visibility into who is online and what they’re doing by capturing additional granular user device context such as IP addresses, host/user names, machine types and models, which operating system and version is running, the processes that launched network connectivity, MAC addresses, hash information in case potentially harmful files are being shared and traversing the network, and more.

Drastically comprehensive and context-rich visibility is simply table stakes in our “new normal”

Despite efforts to begin transitioning back to the office, with some organizations embracing hybrid models going forward, a significant paradigm shift has already occurred – WFH is here to stay. Having pervasive visibility into remote worker activities is no longer a negligible risk that could be ignored. Nor should any NDR solution portray it as a “nice to have” rather than a “need to have” capability. Now, in today’s “new normal,” with users capable of connecting to the enterprise network from literally anywhere and on literally any device, the need for continuity in visibility across all remote activity has never been more pronounced.

Modern problems require modern solutions. Nowadays, organizations need NDR solutions that offer an unparalleled breadth and depth of visibility across their modern, distributed networks. Secure Network Analytics delivers the most comprehensive, granular, and continuous visibility into remote worker activities through the Network Visibility Module, as well as best-in-breed and industry-leading behavioral analytics to alert on suspicious and anomalous network activity.

Source: cisco.com

Continue reading