Enhanced Visibility is Key to Improved Cybersecurity at Your Manufacturing Site

Visibility is a key to success across a wide range of disciplines. If you’re a basketball fan like me, you know that visibility is important when a player makes an alley-oop pass to his teammate in an NBA game.  It’s even more important for high-risk operations like landing an aircraft in the fog. Now imagine how essential visibility is for securing a manufacturing site.

When you can’t see what’s happening on your network, keeping your manufacturing site secure and addressing today’s threat detection landscape can be difficult-to-impossible. Visibility into your IT and your operational technology (OT) assets helps to answer these critical questions:

◉ What assets are on your network? What is their level of criticality?

◉ Which assets communicate with other assets and what are they saying?

◉ Which assets are vulnerable and need extra attention?

Essentially, manufacturers need enhanced visibility to see things before they happen, swiftly respond during events and access ongoing insights regarding the state of their environment. Unfortunately, many manufacturers today lack visibility into the assets on their industrial network.

This lack of visibility may severely impact the implementation of cybersecurity best practices and risk mitigation plans.

Visibility Matters

Enhanced visibility includes:

◉ Asset inventory and vulnerability management

◉ Network segmentation to limit threat spreading

◉ Critical event tracking

◉ Focusing threat detection on where it matters

According to a Forrester Study, 55 percent of industrial organizations have little or no confidence that they know what devices exist in their industrial network. In addition, 76 percent of manufacturers believe their current security practices may be inadequate. Many do not believe they could contain, eradicate, and recover from a breach.

This cybersecurity risk expands as industrial systems become further connected, for instance as companies employ digital transformation. For example, 66 percent1 of manufacturers have already experienced a cybersecurity security incident impacting their industrial control systems (ICS). Anyone watching the nightly news can see that there is a growing number of cybersecurity attacks occurring in critical infrastructure.

Unfortunately, manufacturers are getting breached because appropriate cybersecurity practices are not in place. For some, this results from the expansion of manufacturing systems over the years through acquisitions, causing several legacy systems to populate the plant floor. For others, the loss of knowledge as experienced workers leave can contribute to cybersecurity vulnerability. Not to mention the trend toward companies employing remote workers, and facilities now being connected to their supply chains and no longer isolated, only add to the threat surface.

Chuck Robbins, Cisco CEO, during his RSAC 2021 keynote put the risk this way: “If we think about cybercrime like we think about the GDP of companies, it would be the third largest economy in the world after the US and China with $6 trillion in global damages. And we all know the real cost is not being able to run our businesses or the reputational damage that you suffer and the impact on your organization in the future.”

Put simply, how can you secure an environment if you don’t know what’s connected? Gaining visibility is key to building and maintaining a detailed asset inventory, managing vulnerabilities, and segmenting networks to limit threat spreading. Visibility also lets you focus threat detection where it really matters so that you can track critical events before it’s too late.

Leaders in IT and OT security work together help to enhance your visibility

Cisco – a global leader in industrial networking and security – and Rockwell Automation – a global leader in industrial control, power and information systems – continue to combine forces to lead digital transformation for The Connected Enterprise. And now, Rockwell Automation is expanding its threat detection services offerings by adding Cisco Cyber Vision to its portfolio.

“We are excited to continue growing our strategic alliance offerings with Cisco,” said Angela Rapko, director, Portfolio & Business Management–Customer Support and Maintenance (CSM), Rockwell Automation. “The addition of Cisco Cyber Vision to our cybersecurity threat detection services portfolio benefits our customers by expanding the integration between the Rockwell Automation and Cisco ecosystems, particularly around cybersecurity.”

Proactive approach to industrial cybersecurity

To help industrial customers improve their security postures, Rockwell Automation offers a portfolio of world-class industrial cybersecurity services (Figure 1). These services follow the NIST Cybersecurity Framework. At a high level, they help customers build a more secure, robust, future-ready network for their connected enterprises by providing assessment, design, implementation, and monitoring solutions.

Figure 1: Rockwell Automation cybersecurity framework

By leveraging Rockwell services to implement Cisco solutions, our customers can realize ‘best of both world’ benefits.  The OT domain expertise from Rockwell helps to improve security posture in the manufacturing environment while mitigating potential risks to production.  In parallel, leveraging Cisco solutions in the OT space provides for maximized integration into existing Cisco based infrastructure on the IT side, making it easier for IT to manage and maximize investments relative to a holistic Enterprise approach to security.

Rockwell Automation uses Cisco Cyber Vision to deliver improved visibility

To help improve customers’ visibility into their networks, Rockwell Automation has added Cyber Vision as part of its visibility and threat detection services portfolio. Cisco Cyber Vision helps customers maintain the integrity of their plant assets and protect them against cybersecurity threats as part of an overall cybersecurity threat defense. Cyber Vision provides full visibility into industrial control systems including identifying device vulnerabilities, tracking critical events, detecting abnormal behaviors as well as cyber threats. It feeds IT security tools with all this OT context to easily build security policies and accelerate incident response. Whether you are a Rockwell customer, a Cisco customer or a joint customer of ours already, you can benefit from these new solutions and services.

By providing full visibility, Cisco Cyber Vision helps customers build zones and conduits by:

◉ Automatically discovering all the assets connected on a network, as well as the logical relationships between them

◉ Enabling OT users to group assets based on knowledge of the underlying process and overall security requirements

◉ Aggregating traffic flows into conduits, which then receive segmentation policies

By improving visibility, Cisco Cyber Vision also helps customers to detect threat vectors by identifying behavioral changes within the communication patterns on the network.

Improved visibility helps OT, IT, and Security Operations (CISO) work better together:

◉ OT keeps production going and improves uptime.

◉ IT implements cybersecurity best practices.

◉ CISO builds and enforces OT security policies without disrupting production.

Finally, improved visibility helps to establish a more collaborative workflow between IT and OT, creating a more common ground for them to work together and collaborate. IT and OT work on the same representation of the industrial network but from different points of view:

◉ From a network hygiene viewpoint, IT provides cybersecurity best practices and a perspective on threat detection.

◉ With its knowledge of the industrial process, OT understands which assets are the most critical and whether or not a particular event represents a threat within a certain context

In short, IT, OT, and CISO must work together to deliver enhanced security through visibility. Just like two basketball players executing an alley-oop pass, improved visibility is a key to enabling their successful collaboration.

Source: cisco.com

Continue reading

Building a scalable RAVPN architecture in Oracle Cloud Infrastructure using Cisco Secure Firewall

Oracle Cloud Infrastructure (OCI) provides a wide range of cloud-computing services, workloads, and applications to organizations globally. With Cisco Secure Firewall, organizations are able to build a scalable RAVPN architecture on OCI, providing employees secure remote access to their organization’s resources from any location or endpoint.

This scalable architecture brings together Cisco Security and OCI Infrastructure-as-a-service (IaaS) and extends remote access VPN capabilities with the combination of Cisco Duo, Cisco Umbrella, and AMP Enabler, also known as Cisco Secure Remote Worker. Extending this solution to your OCI environment protects multi-region, multi-availability domains.

◉ Cisco AnyConnect Secure Mobility Client – Cisco AnyConnect Secure Mobility Client empowers remote workers with frictionless, highly secure access to the enterprise network from any device, at any time, in any location while protecting the organization.

◉ Cisco Duo – Multi-factor authentication from Duo protects the network by using a second source of validation and authentication.

◉ Cisco Umbrella Roaming Security Module – Cisco Umbrella Roaming Security module for Cisco AnyConnect provides always-on security on any network, anywhere, any time — both on and off your corporate VPN. It enforces security at the DNS layer to block malware, phishing, and command and control callbacks over any port.

◉ Cisco AnyConnect AMP Enabler – Cisco AnyConnect AMP Enabler module protects against malware.

Organizations can deploy Cisco Secure Firewall Threat Defense Virtual (formerly FTDv/NGFWv) and Cisco Secure Firewall ASA Virtual (formerly ASAv) in the OCI environment to enable a secure connection back to the application in the cloud. Traditionally, firewalls scale using clustering but, in the cloud, due to abstraction of layer-2, it is not possible to implement native high-availability and native firewall clustering.

Architects can still design a scalable architecture using cloud components like Oracle’s Network Load Balancer (NLB) and DNS.

◉ Design 1 – Load balance RAVPN sessions to multiple firewalls using OCI DNS service

◉ Design 2 – Load balance RAVPN sessions to multiple Cisco Secure Firewalls using OCI network load balancer service

◉ Design 3 – Load balance RAVPN sessions across multiple regions using OCI DNS and a network load balancer

Note: Each firewall uses a unique VPN pool, and the OCI route table points to the respective firewall for the VPN pool.

Load balance RAVPN sessions to multiple firewalls using OCI DNS service

In this architecture, we have deployed multiple firewalls in multi-availability domains. OCI DNS service provides a mechanism for RAVPN load balancing.

◉ DNS provides an FQDN (example.vpn.com)

◉ DNS has “A” record for each firewall

◉ DNS monitors the health of each firewalls using probes

◉ DNS receives DNS query for FQDN and replies with the public IP address of the Cisco Secure Firewall

◉ The user connects directly to Cisco Secure Firewall

Figure1: Scalable RAVPN architecture using Cisco Secure Firewall and OCI DNS

Load balance RAVPN sessions to multiple Secure Firewall virtual appliances using OCI network load balancer service

In this architecture, we have deployed multiple firewalls in multi-availability domains. OCI NLB provides a mechanism for RAVPN load balancing.

◉ The user uses the IP address of a load balancer as a VPN headend in AnyConnect client.

◉ OCI NLB received an SSL VPN session request, and it load-balances the request using two tuple load hashing.

◉ The user connects to Cisco Secure Firewall.

Figure2: Scalable RAVPN architecture using Cisco Secure Firewall and OCI Load Balancer

 

Load balance RAVPN sessions across multiple regions using OCI DNS and a network load balancer

In this architecture, we have deployed multiple firewalls in multi-availability domains and multi-regions. OCI NLB and DNS provide a mechanism for RAVPN load balancing.

◉ At the region level, OCI NLB load balances traffic using two tuple load balancing (same as Figure 2)

◉ At the multi-region level, OCI DNS load balances traffic using DNS weighted average (same as Figure 1)

◉ DNS provides an FQDN (example.vpn.com)

◉ DNS has “A” record for each firewall

◉ DNS monitors the health of OCI LB

◉ DNS receives DNS query for FQDN and replies with the public IP address of OCI NLB

◉ User connects to OCI NLB, NLB load balances SSL VPN session based on two tuple load balancing method.

Figure3: Multi-Region scalable RAVPN architecture using Cisco Secure Firewall, OCI Load Balancer and DNS

Source: cisco.com

Continue reading

Intelligent Capture: The Magic Goggles for Wireless Troubleshooting

The COVID-19 outbreak has proved that the internet is not a luxury but a basic necessity. The internet has become an ever more crucial link in adapting to the new normal, and Wi-Fi is seeing an inevitable surge of all time. With networks getting so big and complex, the challenges in managing the network are getting more and more difficult. Wi-Fi Troubleshooting is one of the crucial challenges faced by network admins, involving complex data collection from various sources, followed by an intense analysis of the huge data to resolve the problem.

Read More: 350-901: Developing Applications Using Cisco Core Platforms and APIs (DEVCOR)

What if you possess a magic goggle?

A goggle that offers 360 views of the network.

A goggle that offers see-through power to uncover the cause of the problem.

A goggle that offers foresees power to predict an issue even before it occurs.

Introducing Intelligent Capture

Intelligent Capture is a built-in, enhanced issue detection and root-cause-analysis forensic capture solution, which makes the wireless troubleshooting process a lot easier with the ready-to-use packet captures, historical data charts, and self-diagnosed anomaly events.

As the name says, these data are intelligent that it masks all the complexities of Wi-Fi troubleshooting by presenting right and relevant data to root cause the issues faster, even if the client roams between the Access Points.

Solution Components – The Three Gears

Intelligent Capture solution comprises of Cisco DNA Center, Wireless LAN Controllers, and Cisco Access Points.

Design: The Cisco DNA Center offers a centralized, intuitive management system that makes it fast and easy to design, provision, and apply the policies on the controllers.

Deploy: The WLAN Controller deploys and manages the policies across the access points.

Operate: The Access Points operate on the policies by streaming the critical data to the Cisco DNA Center which is correlated with the events from the controller offering 360 views of the network.

The Cisco DNA Center intuitive UI provides end-to-end network visibility and live technical insight into various wireless metrics from both the client and access point perspective

Solution Categories – The Two Faces

Intelligent Capture solution is offered under two categories.

◉ AP Stats Capture: Always-on real-time RF monitoring service, offers an in-depth analytical view of various wireless metrics related to an AP’s radio. The trend view of historical metrics gives insight into why users experience poor signal, low throughout, and onboarding failures

◉ Spectrum Analysis: On-demand service, render charts on Channel and Interference, detailing the spectrum activities in the RF environment surrounding an AP.

◉ Live Capture: On-demand service, needed for troubleshooting a client onboarding failure in live time. This solution captures the management frames when a client joins and leaves the network. In addition to the packet capture, the access point also offers client statistics at a 5-second frequency for easy root cause analysis. This feature can target up to 16 clients at once.

◉ Scheduled Capture: On-demand service, required to triage a client join issue that occurs recursively at a specific time of the day. This solution offers the capability to schedule Live capture for a specific date and time. Furthermore, the user can control the length of the scheduling session from 30 minutes to 8 hours. This feature allows you to schedule up to 12 sessions at once.

◉ Data Capture: On-demand service, used for troubleshooting a client who is experiencing poor network performance with low throughput and onboarding failure. This feature provides the most granular packet capture than live capture offering both management and unencrypted data frames to analyze the issue in detail. This feature runs exclusively for a single client at once.

◉ Anomaly Stats Capture: Always-on service, proactively monitors the network and raises an anomaly in the event of failure. This feature notifies users with an immediate understanding of any client onboarding issue that has occurred, provides analysis, and presents a packet capture depicting the incident as proof.

Going Above and Beyond – The One Intelligence

Time Travel:  The Intelligent Capture solution is not limited to troubleshooting present issues, but it also stretches to the past and into the future.

- Past: Offers the capability to travel up to 14 days in the past to revisit the exact moment when everything went wrong. Pinpoint the cause and take action to prevent it from ever happening again.

- Future: Analytics on the enormous real-time and historical data helps in predicting the problem even before they arise.

Packet Stitching: The Intelligent Capture is not restricted to packet capture, but it also extends to packet stitching. In a client roaming scenario, the Cisco DNA Center manages to capture the packets from all the APs involved in the client movement trail.  The packets from multiple sources are stitched internally and return as a single concatenated file to the Cisco DNA Center for an easy download.

Unlock the Power of Wi-Fi 6

Wi-Fi 6 is opening new possibilities with a more consistent and dependable network connection that will deliver speeds up to four times faster with four times the capacity. Improved speed, capacity, and control will support existing applications with greater performance and drive new innovations.  Wi-Fi 6 began its ramp-up, and the market will soon start seeing large numbers of devices in Wi-Fi 6. Therefore, it is important to prepare your network for the new standard to gain all the benefits that Wi-Fi 6 offers.

Intelligent Capture combined with other Cisco DNA Assurance solutions unlocks the power of the Wi-Fi 6, by offering the exclusive Wi-Fi6 Dashboard which provides a visual representation of your wireless network showcasing the Wi-Fi 6 Readiness, and the efficiency of the Wi-Fi 6 networks compared to non-Wi-Fi 6 networks.

Notes from Hands-On Experiences

Cisco deployments and Pilot programs heavily utilize Cisco DNA Assurance’s Intelligent Capture to troubleshoot their network issues.  One notable experience from the field is where Intelligent Capture resolved the client disconnection/dropout issue by highlighting the missing response from the client for the AP’s request during roaming.

Your Eyes Need It

Instead of scrambling through the data or trying to replicate the issue, pick the magic goggles and with the see-through power find and resolve any complicated wireless issues in record time!

Source: cisco.com

Continue reading

Cisco Strengthens O-RAN Market Position with Open Fronthaul Gateway Public Demo

As Open Radio Access Network (O-RAN) deployments grow in popularity, Cisco has been one of the pioneers in bringing open networking tenets to the RAN space over more than four years through the O-RAN Alliance. In 2018, Cisco spearheaded the multivendor Open vRAN ecosystem at Mobile World Congress. In 2019 we led the architectural design and network build for the world’s first fully software-defined network, and in 2020 we were the first to collaborate with a communication service provider to make a fully packetized phone call over a fronthaul network.

By moving away from legacy proprietary implementations, O-RAN allows operators to deploy more efficient and competitive Radio Access Networks able to support 5G advanced services and beyond. With Cisco leading the recommendation for O-RAN fronthaul, the O-RAN Alliance recently defined the Open Fronthaul Gateway (O-FHGW) specification based on a fully disaggregated software model. This allows operators to deploy a common hardware platform across cell sites to converge their legacy Common Public Radio Interface (CPRI) and Enhanced CPRI (eCPRI) traffic onto an O-RAN specified packet transport network architecture. Open fronthaul gateway supports legacy CPRI to eCPRI conversion, where 4G radio can connect to an open fronthaul gateway over a legacy CPRI interface. Meanwhile between the fronthaul gateway and the Open Distributed Unit there will be an O-RAN defined open interface.

Figure 1. Fronthaul Gateway

Benefits of O-FHGW:

◉ Simplifies D-RAN and C-RAN implementation of non-open interfaces or legacy interfaces over packet-based transport architecture. The close interaction of radio and routing functions allows for complete radio-aware transport.

◉ Reduces the transport bandwidth up to 10x for some interface interworking options and improves the resources at cell sites

◉ Allows for cost-optimized, converged deployment of 4G and 5G cell site radios over common transport infrastructure

◉ Allows operators to deploy common hardware across RAN sites

In February 2020, Cisco extended the NCS 540 portfolio with the innovative NCS 540 Fronthaul router which was optimized for packet-based fronthaul. It enhanced many aspects of the NCS 540 related to 5G including timing, latency, bandwidth, programmability, and security. Support for open fronthaul gateway has now been added to the NCS 540 Fronthaul router.

The NCS 540 Fronthaul enables the transport of O-RAN 7.2x eCPRI, an option adopted by O-RAN fronthaul specifications, and legacy CPRI traffic between a remote radio head and a base-band unit over a converged packet network. It provides rich transport features including segment routing, hierarchical Quality of Service (QoS), and Ethernet Virtual Private Network pseudowire emulation to meet the stringent latency and jitter requirements of packet-based fronthaul. The NCS 540 Fronthaul also complies with the fronthaul requirements for latency, QoS, and timing defined by IEEE 802.1CM standards profiles A and B.

The NCS 540 Fronthaul adds new features such as CPRI to Radio over Ethernet (RoE) mapper, and Time Sensitive Networking (TSN) features to transport legacy network traffic. The platform supports various CPRI bit rates covering CPRI options 3 to 8. Many global operators have already deployed Cisco’s CPRI to the RoE mapper-based packet fronthaul solution to convert CPRI streams to packets based on IEEE 1914.1 and 1914.3 standards. Cisco has patented numerous innovations in this area which are contributing to the standards. This helps facilitate the deployment of CPRI and RoE in the industry.

In terms of management, the NCS 540 Fronthaul has its own interface. It implements several Yet Another Next Generation (YANG) data models, including ones from IETF and OpenConfig. It also has Cisco-specific ones for CPRI and RoE. Using a NETCONF client and an automation tool, an operator can read the data models and check hardware-specific parameters such as temperature and link status, configurations like the RoE mapper type, or packet counters to monitor the network.

Cisco has teamed up with Xilinx and Keysight to demonstrate interoperability testing and integration of O-RAN 7.2x Open Radio Unit, Open Distributed Unit, and legacy CPRI radio traffic on a converged transport network with fully programmable Cisco NCS 540 Fronthaul routers using a CPRI to RoE mapper.

MWC Demo link: https://www.mwcbarcelona.com/exhibitors/products/innovating-the-future-of-open-ran-with-full-integration-of-fronthaul-networks-from-4g-to-5g-nr

This demonstration highlights the ability of the O-RAN compliant NCS 540 Fronthaul router to converge legacy CPRI and new O-RAN interfaces using Ethernet-based fronthaul standards and shows the test and validation methodologies involved.

Source: cisco.com

Continue reading

Cisco SD-Access May Just Be the Vaccine You Need to Combat the Digital Pandemic

The impact of recent events over the last year on the networking landscape cannot be emphasized enough. Organizations have undergone rapid transformation, moving to telework and dissolving the concept of a defined security perimeter. The explosion of distributed endpoints, brought about by employees working remotely, and proliferation of destinations with applications moving to the cloud, has surfaced unprecedented security challenges from a multitude of unknown threat vectors.

More Info: 350-601: Implementing and Operating Cisco Data Center Core Technologies (DCCOR)

The scale and impact of these threats has humbled and humiliated the most powerful corporations on the planet. The Federal Bureau of Investigation reported that 2500 American institutions were victims of cybersecurity attacks last year—a 66% increase from 2019. American organizations paid at least $350 million in cryptocurrency in 2020 year from ransomware attacks. *

Inadequacies in network infrastructure combined with software vulnerabilities have emboldened attackers to target institutions, disrupting their business operations and hurting profits. The recent spate of damaging cybersecurity incidents against JBS Foods, Colonial Pipeline, transportation systems in NYC, United Health Services, and other sectors have demonstrated the impact of such attacks that threaten the day-to-day essential services for millions of people. It should be a wake-up call that no IT infrastructure is completely insulated from threats. All organizations should urgently review existing deterrents and implement best practices to fortify their enterprise from threats.

The Zero-Trust Security Framework is the Antidote to Pandemic of Cyber Attacks

Cisco’s Zero Trust Framework is the remedy for this pervasive malaise. With a “Never Trust, Always Verify” approach, its core focus is to minimize data breaches by stopping east-west infections and reducing the attack surface across the enterprise network by:

◉ Establishing a level of trust by identifying endpoints as they onboard the network, define their roles, and assign access policies

◉ Enforcing trust by segmenting the network to secure network and resource access and prevent the spread of east-west threats

◉ Verifying trust by continuously monitoring each endpoint for anomalous behaviors

Cisco SD-Access Reduces Risk

Cisco DNA Center offers a solution with SD-Access that delivers a zero-trust outcome from the campus workplace to remote workforce, branch sites, and applications. The Cisco DNA Center Endpoint Analytics application uses deep packet inspection and Machine Learning to identify, profile, and group endpoints. Policy Analytics enhances visibility by continuously analyzing traffic flows, making it easy for administrators to define and enforce macro and micro segmentation across the automated fabric. Cisco’s latest innovation around Trust Analytics constantly assesses risk by monitoring endpoint vulnerabilities and anomalous behavior at Day N. This definition of trust and endpoint context can be extended beyond the enterprise through the SD-WAN to data center and cloud networks with policy integrations.

Cisco SD-Access delivers zero-trust outcome for workplace.

SD-Access Provides an Easier Way to Start to Zero-Trust Security

To deliver zero trust, SD-Access depends on a modern network infrastructure with Cisco DNA Center and an automated switching fabric. It’s now easier to embark on the SD-Access journey with existing network designs, including L2 segments and Network Admission Control (NAC) solutions, based on business priorities and desired outcomes.

The segmentation catalog is expanding to offer “multiple journeys” that make it easier to evolve networks in a step-by-step process that aligns with your business outcomes. By decoupling SD-Access constructs, we are enabling organizations to plan their own journey, minimizing business disruptions while at the same time, taking advantage of benefits along the way.

SD-Access Zero-Trust Journey

Preserve Existing VLANs in Layer 2 Access Networks

Integrating existing layer2 switching domains with SD-Access is sometimes challenging. It requires IT to reconfigure VLANs in their infrastructure to match the fabric VLANs—a process that can be a both disruptive and time-consuming.

SD-Access introduces the ability to retain the existing access VLANs when creating macro segments in fabric. IT can now define the VLAN ID in fabric for their Layer 2 access networks so that external switching domains can connect to Edge Nodes. This enables IT to connect external switches without operational inconveniences.

SD-Access now supports Layer 2 Switched Access

SD-Access Trust Analytics Completes a Zero-Trust Journey

Using Endpoint Analytics, Cisco SD-Access establishes an initial level of trust by identifying each endpoint that onboards the network. Now, with the addition of Trust Analytics, IT can monitor trust continuously after the initial onboarding.

To generate a single comprehensive score that reflects an endpoint’s trust level Trust Analytics takes each endpoint’s interactions within the network, evaluates its security posture, assesses its vulnerability to external attacks, and checks its credentials. The Trust score can range from low (1-3), medium (4-7) or high (8-10) depending on the probability of infection. Trust Analytics detects traffic from endpoints that are exhibiting unusual behavior by pretending to be trusted endpoints using MAC Spoofing, Probe Spoofing, or Man-in-the-Middle techniques. When Trust Analytics detects such anomalies, it signals Endpoint Analytics to lower the Trust Score for the endpoint to completely deny or limit access to the network.

Supplementing the network with Cisco Identity Services Engine (ISE) completes the continuous trust cycle by aggregating device classification, segmentation rules, and trust analytics to monitor, identify, and isolate any detected device anomalies that can indicate a breach or infection. Cisco ISE provides rapid threat containment and remediation by automatically detecting and isolating suspicious devices or people logging in from unusual or unknown locations.

Start Securing Your Network Today with a Zero-Trust Security Framework

We are well into a global digital pandemic and companies need to reassess their existing security protocols and revamp their cyber defenses or create one. Cisco’s SD-Access Zero-Trust Security Framework makes it easier to evolve an existing traditional network to a modern, automated, and secure one in a stepwise manner with minimal disruption to the workforce and business operations. To stop the digital pandemic, start with the basics. Start with SD-Access.

Source: cisco.com

Continue reading

Cisco 300-710 SNCF Exam: A Mean to Success in Networking

CCNP Security certification confirms outright information on network security. A CCNP: Security Certified Specialist has the knowledge and skills to get networks acquainted with the organization to sustain execution levels, moderate dangers, lessen security episodes, and diminish support costs. In this article, we will focus on 300-710 SNCF certification.

What is Cisco 300-710 SNCF Exam?

Cisco 300-710 SNCF exam measures an applicant's knowledge of Cisco Firepower Threat Defense and Firepower, comprising integrations, policy configurations, deployments, management, and troubleshooting. In this exam, you will learn how to carry out advanced Next-Generation Firewall (NGFW), and Next-Generation Intrusion Prevention System (NGIPS) features, comprising file type detection, network intelligence, network-based malware detection, and intense packet inspection.

How to Prepare for Cisco 300-710 SNCF Exam?

• The thing you should be familiar with is that the exam questions incorporate several topics; that's why your preparation for the exam should be adequate. Thus, before scheduling your CCNP Security 300-710 SNCF certification exam, get the list of exam syllabus topics.
• To get the most productive preparation, begin with the Cisco official website especially. Here you'll find the most appropriate study material for exam preparation. Cisco provides classroom training, e-learning, practice tests, study groups.
• Find online platforms that provide training courses for Cisco exams. On these platforms, you'll get the details on the exam from the top IT specialists.
• Perform Cisco 300-710 SNCF Practice Tests. The most updated and authentic practice tests will make your revision process smooth. Time management is essential in Cisco exams. No matter how much you have soaked up the concepts, it would all be worthless if you cannot output your knowledge in the assigned time. So make sure to time every exam you do and check whether you can finish answering all questions in time.

Things to Know About Cisco CCNP Security Certification

Job Opportunities

After getting CCNP Security certification, one can qualify for various jobs like Systems Engineer, Security Engineer, Network administrator, Network engineer, Network designer, Consulting systems engineer, Technical solutions architect, Network manager Job positions. CCNP Security certified professionals have high job availability than non-certified professionals.

High Salary

Cisco CCNP Security-certified professionals make at least ten percent more than their non-certified peers. The possibility to get high salary raises and can avail of fantastic job opportunities.
Skill Acknowledgment

Cisco CCNP Security certified notices that you had achieved excellent knowledge and skills in networking. Earning a certification from a renowned organization like Cisco indicates that one has acquired the best skills. Technology is an essential part of our lives today. If you want to advance in your career, it is best to stay updated with the latest technology and trends, precisely what Cisco CCNP certification does.

CCNP Security Certification Add Value to Your CV

CV is the only thing that talks about your education, skills, work experience, the knowledge that one has accomplished in their life. Once your CV is added with the Cisco CCNP Security certification, you will be ready to work with the leading organizations. The organizations believe that such professionals will be an asset to the organization and lead the organization to the top.

Great Confidence Builder

Cisco CCNP Security certification builds up the self-confidence to ace the interview for a new dream job. The knowledge and skills that have been achieved through certifications build the confidence to work with the latest technology.

Growth At Work

When it comes to finding a job in IT or computer networking, then earning Cisco CCNP Security certification puts you on the top of the list for promotion or career advancements. Cisco certified professionals will receive better job opportunities while switching the organization. They will be qualified for the positions that have high growth in the future, as IT is a dynamic world, and the skills they hold will need the update.

Opportunity to Work Globally

The Cisco certifications are globally recognized and offer better job opportunities to work in India, Dubai, Algeria, the USA, UK, and Australia.

Conclusion

Earning CCNP Security certification is not a walk in the park; if the applicant is hard working, no one can come in between their victory. Thus, sitting for the CCNP Security certification exam will pave the way towards this certification. Note that every organization wants to employ Cisco certified professionals to make their networks run efficiently. Take into consideration the benefits you'll get and start your preparation process for the 300-710 SNCF exam.

Continue reading

Should the CISO Report to the CIO?

The Chief Information Security Officer (CISO) is the organization’s senior executive in charge of the cybersecurity and the information technology risk management posture of the enterprise. He or she is a seasoned executive who must be equally adept at leading the myriad technology functions associated with protecting the enterprise’s information and data from misuse and compromise, as well as at managing the deeper business aspects of the role, such as hiring, developing, and retaining qualified and competent personnel; orchestrating Governance, Risk, and Compliance (GRC) requirements and mandates; incorporating a risk-conscious and security-aware culture in an enterprise; and preparing and defending the budget associated with protecting the enterprise’s computing infrastructure from harm.

In many organizations, and in the U.S. federal government in particular, the CISO reports to the Chief Information Officer (CIO). Much has been written over the years about the feasibility of this organizational construct. Lately, some very progressive organizations in the Fortune 500 and the Global 1000 have elevated the CISO to a reporting relationship under, variously, the Chief Risk Officer, the Chief Security Officer, the Chief Financial Officer, the General Counsel, or even the Chief Executive Officer. Where the CISO belongs organizationally in any enterprise is largely a function of the roles and responsibilities of the CISO and the manner in which those roles and responsibilities cleave into the operations and mission of the enterprise.

The role of the CISO

For the sake of simplicity, the CIO is responsible for the information technology spectrum of “power, ping and pipe,” and the CISO is responsible for the cybersecurity spectrum of “identify, protect, detect, respond, and recover.” The two responsibilities are inter-related, and in most cases are complementary, but the question boils down to which set of responsibilities should have primacy over the other, or are they co-equal? Added to this analysis is the general CIO and information technology emphasis on the “3 Fs” of features, functionality, and fast, which are anathema to cybersecurity in general. A growing consensus among information technology and C-level executives is that the CISO’s priorities should not be subsumed under the CIO’s priorities.

Viewed another way, having the CISO report to the CIO relegates cybersecurity to an IT security, or technology, function. However, if the CISO reports higher up the chain of command and has a seat at the C-level table, then cybersecurity is solidly embedded into the overall risk management of the enterprise.

Perhaps an examination of how the U.S. federal government approaches the organizational situation can provide additional perspective. The Federal Information Modernization Act (FISMA) or 2014, which replaced the Federal Information Security Management Act of 2002, is a federal law that requires federal agencies to develop, document, and implement an agency-wide program to provide information security for the information technology and systems that support the agency’s mission. FISMA designates departmental and agencies CIOs as the primary official responsible for their organizations’ IT security. Among the CIOs’ duties under FISMA is designating a senior agency information security officer. Therefore, an act of law determines the organizational placement of the CISO under the CIO in the federal government.

Let’s acknowledge a counterargument right there: if federal law were to unshackle the CISO from the CIO’s chain of command, would information security across the federal government be appreciably improved? Could it possibly be any worse than it is now?

Perhaps Congress concluded that no CISO should be allowed to give his or her unvarnished opinion of the true cybersecurity and risk management posture of the agency’s enterprise as long as the top official responsible for IT does not wish that opinion to be disclosed. Under the current structure, the CIO is free to raid the cybersecurity budget to fund any other priority, or the CIO may feel inclined to overlook a powerful peer’s security deficiencies, or the CIO may disregard security recommendations that interfere with ‘really neat’ functionality. By placing the CIO in a position of superiority over the CISO in federal agencies, the CISO is marching to the CIO’s orders and working off the CIO’s list of priorities, not to mention attempting to receive his or her performance bonus that the CIO must approve. If that’s the situation that FISMA intended, then Congress should simply have given the security job, and the corresponding accountability, to the CIO.

Risk management and the CISO

Back to the commercial world, where there is no legislative mandate, and to the original question about where the CISO should be organizationally positioned. It depends. It depends on many factors, not the least of which is the enterprise’s perspective on risk management. If overall risk management – including financial, programmatic, human, facilities, and information technology – is embedded into the very soul and culture of the organization, with risk appetite and risk tolerance decisions continuously on the radar of the senior executives and the board of directors, then the CISO cannot realistically be buried under the CIO. If, on the other hand, the organization views information technology as its lifeblood and considers the protection of those information technology resources to be the totality of its cybersecurity obligations to its stakeholders, then the CIO should have the CISO within his or her span of control. There is no one-size-fits-all answer, although the prevailing trend is to unshackle the CISO from the CIO.

In the end, it boils down to how an organization approaches its risk management diligence. In most cases where organizations place the CISO in a subordinate role to the CIO, the result is over-leveraging towards cost management as opposed to risk management. In those organizations where the CISO is elevated to a C-level position at least co-equal with the CIO, then risk is more likely to be embedded in the culture of the organization.

Source: cisco.com

Continue reading