Why Innovation Is Key To Connecting The Next 3 Billion

In the last year, communication networks have emerged as a de facto way for people to stay connected with their family and friends and carry out their professional tasks, as lockdowns and social distancing norms made it impossible to lead normal lives. Telco network became the digital foundation for everything that needed connection for instance eEducation, eHealth, eCommerce, eRetail, etc. However, while people in urban areas have used high-speed broadband and digital platforms to stay connected during these unprecedented times, this is hardly true for rural and remote areas.

While the number of internet users continues to grow, 51% of the world’s population is still not using mobile internet, as per a recent GSMA report. It further says that if the current trends continue, more than 40% of the population in low- and middle-income countries will remain offline in 2025.

The fact is that it is incredibly challenging for the service providers to provide connectivity in rural areas. The high cost of setting up and managing the network coupled with low returns of investment spread over an extended period of time is the key reason for the service providers’ reluctance to set up communications networks in rural and remote areas. In addition, low population density and challenging terrain further add to the challenge.

There is a growing realization among the service providers that the network strategy for the urban markets is not suitable for the remote and rural areas. It is then a moral dilemma for the telcos.

Innovating To Provide Connectivity In Rural Areas

There is a need to innovate and go beyond the traditional network deployment models to provide high-speed broadband connectivity in rural and difficult-to-reach areas.

The telco’s need to relook and reimagine their current network architecture, which is very complex. The conventional network strategy of adding a layer for every new standard is adding to the complexity. Further, the data centers are monolithic, making it challenging for the telco’s to capture the monetization opportunity that is emerging at the edge of the network while they are connecting everything e.g. devices, machines, industries, meters, security cameras, etc, etc., everything that is benefiting from a digital connection.

Moving from monolithic, hardware-centric networks to software and an open network infrastructure can bring down cost and enable telco’s to provide connectivity in remote areas without compromising profitability. In other words, network economics need to change to adapt to this dynamic market opportunity and need.

Open Radio Access Networks (RAN)

Several new-age innovations, including Open Radio Access Networks (RAN), Edge computing and cloud-native architecture, AI/ML, etc. promise to change this and provide high-speed and reliable connectivity at a cost that is viable for unconnected and in far flung / remote areas.

Open RAN specifically is the game-changer. Essentially, it disaggregates the software and hardware components of the network infrastructure, making it easier and more economically viable to provide internet in remote areas. In addition, the disaggregation of the RAN functions helps in bringing down network cost and complexity. Further, Open RAN deployments do away with vendor lock-in and allow service providers to benefit from virtualization.

The expenditure on RAN accounts for a significant chunk of telco’s capital expenditure. With Open RAN, they are able to bring down the cost by leveraging the open ecosystem and cloud economics. Mobile operators operate in an intensely competitive environment and are constantly stressed to increase capacity and reduce costs. The Open RAN approach allows them to address these issues, and the improved cost economics makes it easier to connect the unconnected and bridge the digital divide.

Cloud-native Mobile Networks

The success of Japan’s Rakuten Mobile, a greenfield operator, is showing us the way. It operates the world’s first fully cloud-native mobile network. Rakuten Mobile launched 4G service in April 2020 and followed this by launching 5G Non-Standalone within few months in September 2020. A cloud-native and automated network promises to bring the benefits of connectivity in yet-to-be-connected areas, thus transforming lives and powering economies.

The industry needs a paradigm shift in thinking beyond the traditional network deployment approach to connect the remaining half of the world’s population. Telco’s need to experiment with out-of-the-box solutions to bridge the digital divide. This will not only allow them to add new subscribers to the network but also contribute to the overall economic and social growth.

Source: cisco.com

Continue reading

Revolutionizing Customer Engagement and Collaborative Development

Our customers are looking for ways to simplify management of their Cisco devices and adopt new technologies faster while maintaining strong security across their environment. They are facing challenges in locating the right information necessary for deployment, obtaining access to the right resources, gaining visibility into their assets as well as more automated capabilities to reduce risks, increase uptime, and optimize overall performance.

Cisco CX Cloud was built to address these concerns, alongside the Success Tracks suite of service packages. A cloud-based Software as a Service (SaaS) platform, CX Cloud provides customers with unified access to all of their Cisco portfolio in one pane of glass. Users can view their assets, contract coverage and licenses, access insights into the health of their network infrastructure, be alerted to security advisories, detect risks, open support cases in-app, and take advantage of contextual learning to train their IT teams all within CX Cloud.

Realizing the value of IT investments quickly is critically important to delivering results with agility. Our customers have told us that they want to be able to self-service, but at the same time be able to leverage consultative subject matter experts to help navigate more complex infrastructures. For example, one of our customers mentioned that often once a vendor sells something, they are left to figure out how to set it up, how to use it, and how to make it work to meet their needs. Another received a mandate to eliminate all critical security vulnerabilities across their entire infrastructure in a relatively short time frame, which is traditionally neither fast nor easy to accomplish, and weren’t sure where to begin.

In partnership with our customers, the CX Cloud Insights & Innovation Team aligns CX Cloud’s platform capabilities with our customers’ goals, so value is realized faster. We help customers learn how to use the CX Cloud platform and move through every stage of the adoption lifecycle, removing barriers along the way and identifying how to make the platform exactly what our customers need it to be. We have engaged with many customers and have learned from them the many ways CX Cloud helps them every day.

We engage with customers early and often, learning together and from one another and working together to solve their biggest pain points. Our engagement enriches the customer experience as we collaborate with our customers to determine how they can leverage the platform and how it can be used to help fulfill their responsibilities. As previously mentioned, one customer had to meet a deadline to reduce critical impact security advisories fast. They used CX Cloud Advisories to demonstrate their progress against this goal. It allowed them to identify what assets were vulnerable and then follow the guidance to remediate those vulnerabilities. From their efforts, they were able to reduce their risk by 33% in a matter of a few weeks. Customers say CX Cloud is intuitive and easy to use, and the expert level guidance from our team takes any remaining questions off the table to help them learn how to get the most from CX Cloud fast. The only question to answer is how fast do you want to go

We actively search for solutions to problems customers face on a day-to-day basis while we train and educate them on how to use CX Cloud. Looking again at our customer who needed to tackle security vulnerabilities across their entire infrastructure, they knew immediately this traditionally is neither fast, nor easy to accomplish. With the capabilities delivered by CX Cloud, customers can be efficient and effective in achieving this goal and be proactively notified of critical vulnerabilities before they become an emergency. How is this possible Using the insights and guidance delivered by CX Cloud, customers can skip the investigation required to identify if and where problems exist. Instead, they can move directly to remediation because CX Cloud will do the investigation for them by automatically scanning the environment. As shared by another customer, it takes on average two hours per week for them to investigate potential problems in the network. With CX Cloud monitoring their environment, those two hours can now be spent implementing fixes to known issues instead. What can you achieve with time back each week And what more can you accomplish when reacting to problems is a thing of the past

Our customers have never had as much say in the development of a Cisco product as they do with CX Cloud today. What is very exciting is how customer-centric CX Cloud really is in its development and product roadmap. Cisco is listening more than ever to learn from our customers what they need from CX Cloud and feed ideas directly into product development either through direct engagement or in-app within CX Cloud. Customer ideas are captured every day and reviewed throughout the week. Often our product managers will directly engage with customers to follow up and better understand their ideas and how they might be best implemented. And by submitting ideas online, customer will receive updates on the status of their ideas and will know when they’ve been implemented into production. Finally, in our weekly CX Cloud Club Conversations webinars, we train on, discuss, and learn about the future of CX Cloud with product management, where they also answer customer questions in a live forum.

What do you want CX Cloud to do for you Through expert engagement you’ll learn how to maximize the value of CX Cloud platform, align it with your goals, and customize it to drive efficiency in your organization.

Source: Cisco.com

Continue reading

Miercom Test endorses Cisco SD-WAN’s High Availability and Best Path optimization capabilities.

In order to achieve a resilient network, it is important to maintain high availability not only in control plane, but also at the data plane for traffic to flow smoothly, without any disruptions. In the event of unavailability of control plane, which governs and manages the data plane traffic, the whole WAN infrastructure and subsequent site traffic can go down, causing huge outages. The SD-WAN solution should be intelligent enough to not only ensure continuous data plane operation, but also to provide an optimized path for the application traffic for enhanced user experience.

Cisco SD-WAN provides faster link convergence, whenever the primary link fails, making sure that there is zero downtime on the actual traffic flowing across the network. Once the IPsec Tunnels are up and running, data plane traffic does not have any dependency on the control plane. Which means, that even if the connectivity from the edge devices to control plane is down, traffic between the IPsec established sites will remain up and running.

This has been tested and verified by Miercom, wherein following scenarios were recreated:

Figure 1. Internet link from Site-2 toward control plane was shut down, disconnecting it from controllers.

Figure 2. Internet link toward control plane was shut down, disconnecting both the sites from the controllers.

In both the cases, before bringing down the control connection, Miercom verified that IPSec Connectivity is up and running. Post verification, when the control links were shut down, it was observed that traffic flow was not impacted, and IPSec tunnels remained up and operational. It was observed that Cisco SD-WAN did not require any manual intervention for failover in both the scenarios.

Apart from providing link level resiliency for maintaining continuous flow of data traffic, Cisco SD-WAN also provides best path optimization based upon the SLAs defined in the application policies. It has been tested and verified that if the primary link goes down or if the SLA parameters such as latency, delay, jitter are compromised in comparison to what has been defined in the routing policies, then the application traffic automatically failover to the secondary link.

In comparison to such resilient SD-WAN architecture by Cisco, our competitor failed to provide high availability and disruption-free data flow. The similar scenarios were recreated and tested on our competitor’s solution. It has been observed that there is approximately 10 seconds of traffic disruption during failover testing, causing mission critical applications such as financial or banking application to go offline for a good amount of time.

Moreover, from overall architecture perspective, our competitor has dependency on cloud hosted controller and there are fixed ports in their edge devices to enable such connection. Hence, if the respective ports are taken down for disconnecting the controller communication, the edge devices will also go offline disrupting the whole network.

By comparing the functionality and performance for both the solutions, Miercom concluded that Cisco SD-WAN provides highly scalable network architecture, which enables auto failover of traffic circuits, as and when need arise. This makes sure that end users are not impacted due to any disruptions caused by link flapping or degraded circuit performance. Cisco SD-WAN always ensures that the application traffic is routed through the best optimized path, giving best user experience.

Source: cisco.com

Continue reading

Detect What Others Miss with CESA

With the executive order signed by the US government in the wake of recent cybersecurity attacks like SolarWinds, Colonial Pipeline, Microsoft Exchange server breach that have plagued high-value government entities and private organizations, it is very important to have security ammunition ready that can detect such attacks – one that can provide deep forensic details and visibility into your users and endpoints.

Read More: 350-901: Developing Applications Using Cisco Core Platforms and APIs (DEVCOR)

In the SolarWinds breach, a form of supply chain attack, the attacker spent months performing undetected reconnaissance to gain deep understanding of the inner workings of the trusted IT supplier before targeting them as the means to infiltrate US government targets bypassing ransomware defense in endpoint anti-malware solutions.  The attack went undetected by many security solutions for months. New supply chain attacks are happening regularly, with many of them targeting endpoint security components directly and with many more such new techniques emerging, it is more important than ever to have a defense-in-depth endpoint strategy with forensics capabilities.

Cisco Endpoint Security Analytics (CESA) helps solve this problem and can be that security ammunition in your security infrastructure to act as an early threat warning system by providing behavior-based deep – user, endpoint and network visibility all in one place. The three components that forms the overall CESA solution are

1. Cisco’s AnyConnect Network Visibility Module (NVM) that provides unparalleled endpoint behavioural visibility

2. CESA Collector that acts as an NVM telemetry broker, converting IPFIX NVM data into SIEM consumable Syslogs

3. Analytics platform like Splunk that can transform the endpoint telemetry data into meaningful insights and alerts

Figure 1: CESA Architecture

With the latest CESA 3.1.11 release, we have added the following features that makes it even more secure as well as provide newer user and endpoint telemetry to help you detect advanced forms of attacks.

SecureX Integration

You can now unleash the full power of SecureX threat response and accelerate the time-to-value, through the SecureX CESA Relay module (Figure 2). Through the CESA module, you can perform threat investigations using sightings of observables from CESA and use SecureX for remediation and response actions as shown in Figure 3. For example, if Umbrella had categorized a certain domain with neutral reputation, through CESA, if you observe that the process which originated the traffic to this destination domain has never connected earlier, and hence indicates a malicious activity; you can now view this relationship in SecureX, through the SecureX CESA Relay module. You can then take a response action to block the domain immediately with Umbrella and other security controls in your network.

Figure 2: SecureX CESA Relay

Figure 3: Observables extracted through CESA into your SecureX Threat Response dashboard

Secure NVM Transport

With the introduction of DTLS 1.2 support in NVM, all communications between the client and the CESA collector is now encrypted and secured. Prior to this release the information was sent over plain text UDP which could be susceptible to Man-in-the-Middle (MITM) attack where an attacker had visibility into all NVM traffic between the client and the collector. With the secure DTLS connectivity to the collector, the NVM client first verifies the availability of the collector before sending the telemetry data over the encrypted channel thus preventing network sniffing, spoofing, reconnaissance and MITM type of attacks.

Figure 4: Secure NVM Transport

Trace Path of Malicious Software

CESA can now alert you when an application is being executed from illegitimate or unexpected paths by tracing such suspicious/malicious activity all the way down to the process path of the known, unknown, or modified executable. This helps in Zero-day analysis of attacks based on suspicious activity thus simplifying your investigations. With the new Process Path Investigation dashboard, you can now see the process path from where the process was executed. In the Figure 5 below you can see that that the process “svchost.exe” is being executed from a suspicions path “d1ecfbd***”.

Figure 5: Deep visibility into process path

Find Ultra-Stealthy Threats

CESA can now also provide additional visibility into process command line arguments helping you detect attack methods such as obfuscation or other malicious evasion techniques. You can now detect unusual command line arguments to exploitable executables (eg., /bin/sh, powershell.exe, wmic etc), files given as arguments to other programs as well as whole malicious script in obfuscated form being sent as command line argument to run. With the new Process Path Investigation dashboard, you can see in Figure 6 that an attacker who has compromised the root user is trying to ssh into 10.126.111.235.

Figure 6: Deep visibility into process path arguments

Logged-in User Visibility

Prior to this release, CESA reported console user as the originator of all traffic for all user processes. An attacker could SSH into a compromised endpoint and start performing malicious activity hiding his tracks behind that of the console user of the endpoint. With the new release, CESA reports logged-in user for remote sessions like RDP and SSH for processes launched through such sessions. As you can see below, the user “Raghul” is initiating a “Data hoarding” activity by having remotely logged into the DESKTOP-ONFHG3.

Figure 7: Remote logged-in user visibility

Continue reading

Full Stack Observability Driving Customer Experience in a Multi-Cloud Environment

Application is the Business & Level of Digitalization is the Brand

In our ever-changing world, where the application represents the business itself and the level of digitization it provides is directly related to the perception of the brand; enterprises must ensure they stand differentiated by providing exceptional user experience – both for their customers as well as their employees alike. When the pandemic hit us, expectations by customers and employees initially were driven by empathy, with disruptions to services expected – but 18 months on, today everyone expects the same level of service they got pre-pandemic, irrespective of where people are working from. This drives a higher-level of expectation on the infrastructure and teams alike – towards providing an exceptional digital experience.

It is evident that application services are becoming increasingly distributed and reimagining applications through customer priorities is a key differentiator going ahead. A recent study on Global Cloud adoption by Frost & Sullivan has indicated a 70% jump in multi-cloud adoption in the Financial Services space. This is driven by a renewed focus towards innovation, along with the digitalization and streamlining of the businesses. On average, financial firms have placed more than half of their workloads in the cloud (public or private hosted) and that number is expected to grow faster than other industries over the next five years.

Digital Experience Visibility

In today’s world of applications moving to edge, applications moving to the cloud, and data everywhere – we really need to be able to manage IT irrespective of where we work, as well as where the applications are hosted or consumed from. It’s relatively easy to write up code for a new application; however, the complexity we are solving for in the current real-world scenario is that of deploying that code in today’s heterogenous environment, like that of a bank. Our traditional networks that we currently use to deploy into the data centers, predates cloud, predates SASE, Colo’s, IoT, 5G and certainly predates COVID and working from home.

In today’s world cloud is the new data center and internet is the new WAN – thereby removing the concept of an enterprise perimeter and making identity the new perimeter. To provide that seamless experience, IT needs to not just monitor application performance, but also enable application resource monitoring and application dependency monitoring – holistically. This should enable the organization to figure out the business impact of an issue – be that a drop in conversion rate or a degradation in a service, and decide almost proactively if not predictively the kind of resources to allocate towards fixing that problem and curbing the business impact.

Observability rather than Visibility

In today’s world operations are complex with various teams relying on different tools, trying to trouble shoot and support their respective domains. This visibility across individual silos still leaves the organization miles away; left to collate the information and insights via war rooms, only then being able to identify the root cause of a problem. What is required is the ability to trouble shoot more holistically – via a data driven operating model.

Thus, it is important to use the network as a Central Nervous System and utilize Full Stack Observability to be able to look at visibility and telemetry from every networking domain, every cloud, the application, the code, and everything in between. Then use AI/ML to consume the various data elements in real time, figure out dynamically how to troubleshoot and get to the root cause of a problem faster and more accurately.

A FSO platform’s end goal is to have the single pane of glass, that would be able to:

◉ Ingest anything: any telemetry, from any 3rd party, from any domain, into a learning engine which has a flexible meta data model, so that it knows what kind of data it’s ingesting

◉ Visualize anything: end to end in a unified connected data format

◉ Query anything: providing cross domain analytics connecting the dots, providing closed loop analytics to faster pinpointed root cause analysis – before it impacts the user experience, which is critical

AI to tackle Experience Degradation

AI within an FSO platform is used not just to identify the dependencies across the various stacks of an application, but also to correlate the data, address issues, and right size the resources as they relate to performance and costs across the full life cycle of the application.

It is all about utilizing the Visibility Insights Architecture across a hybrid environment that enables balancing of performance and costs through real time analytics powered by AI. The outcome to solve for is Experience Degradation which cannot be solved individually in each of the domains (application, network, security, infrastructure) but by intelligently taking a holistic approach, with the ability to drill down as required.

Cisco is ideally positioned to provide this FSO platform with AppDynamics™ and Secure App at the core, combined with ThousandEyes™ and Intersight™ Workload Optimizer, providing a true end to end view of analyzing and in turn curbing the Business Impact of any issue in real time. This enables the Infrastructure Operators and the Application Operators of the enterprise, to work closely together, breaking the silos and enable this closed loop operating model that is paramount in today’s heterogenous environment.

Download the report: Agents of Transformation: The Rise of Full Stack Observability, to learn more about Business Observability and the challenges technologists are facing.

Source: cisco.com

Continue reading

How to Pass Cisco 200-901 DEVASC Exam Practice Test

Information technology has transformed our lives entirely in the present day. Both organizations and individuals are excited as regards cloud computing, and leading organizations are interested in engaging skilled IT professionals to enforce the latest technologies to better their business operations. The 200-901 DEVASC is the required exam that you need to take to achieve the Cisco Certified DevNet Associate certification that will confirm your skills in Automation, cloud computing, and infrastructure of networks and will qualify you for job profiles such as software developers, DevOps engineers, and automation specialists. Though, you will be distinctive from other cloud computing professionals as your skills will be confirmed by one of the top vendors of most-sought-after IT certifications in the world - Cisco.

All the Detailed Information of Cisco 200-901 DEVASC Exam

Cisco 200-901 is indeed essential for your career as it can help you acquire advanced skills in software development and Automation. If you register to take this exam, you will be examined on the following topics:

• Software Development and Design (15%)
• Understanding and Using APIs (20%)
• Cisco Platforms and Development (15%)
• Application Deployment and Security (15%)
• Infrastructure and Automation (20%)
• Network Fundamentals (15%)

When it comes to the prerequisites of this exam, they are simple. Cisco does state that applicants should have a profound knowledge of the topics assessed by the Cisco 200-901 exam. Also, your chances of passing the exam are higher if you have work experience of one year working as a software developer and worked with Python programming prior.

When it comes to the peculiarities of this certification, applicants will have to answer 90-110 questions in two hours. Hence, you require to have a solid understanding of all the exam topics if you want to have sufficient time to answer all the questions. That is why it's essential to obtain the 200-901 syllabus topics before you start preparation. This will help you understand what preparation resources you require to use to acquire the right skills to pass your exam.

Cisco 200-901 DEVASC Exam Preparation Options

Understanding the exam objectives and their sun topics is the first step that you should take to in your preparation journey. After knowing these domains and all the topics, the next step incorporates determining what study materials will offer the understanding required for each topic.

Cisco itself provides the training course and other helpful resources to acquire relevant skills to tackle these Cisco exam questions.

Cisco training is important for those aspirants who want to prepare and pass the test on the first attempt. A certified instructor will give you all the required knowledge to ace 200-901 exam questions and get a passing score. Apart from the official course, other useful Cisco DevNet 200-901 study resources, comprising e-Learning, hands-on labs, and online videos. You can also buy Cisco Certified DevNet Associate DEVASC 200-901 Official Cert Guide from Amazon and Cisco-press store.

You can also take advantage of some third-party sources and attempt Cisco 200-901 practice tests. Most applicants choose this option as an excellent addition to their preparation methods to get even more possibilities to crack Cisco 200-901 with an amazing score. With DEVASC 200-901 practice exam, you can perceive what score you can get in the actual exam. If you answer some questions wrong, you can review the correct answers and go back to the topic and work on it and improve this area.

How Will Your Career Benefit from the Cisco 200-901 DEVASC Exam?

There is a massive upswing in Information Technology professionals in today's world; passing the Cisco 200-901 exam and becoming Cisco Certified DevNet Associate has its advantages. Because of the prevalence of Cisco, it is straightforward to perceive why professionals with Cisco certifications are distinguished over those who don't have certification. Other than standing out from the crowd of non-certified professionals, you also get an opportunity to evaluate and confirm your skillset.

On the other hand, after thorough preparation, you will not only perceive software design and development techniques, APIs, Cisco platform, application deployment, security, Automation, and network, but you will also get to authenticate yourself that you are a skilled DevNet professional and give organizations a solid reason to employ you. And if you're already working professionally in the network field, you will see a rise in your salary due to the 200-901 exam and appropriate associate-level Cisco certification. For instance, a Network Engineer with certified Cisco Networking skills can qualify to receive almost $75k a year, as reported by Payscale.com.

Conclusion

Any professionals who hold Cisco certification are reliable to be reassuring better performing and in their careers. The same refers to the applicants who passed the Cisco 200-901 DEVASC exam and achieved the Cisco Certified DevNet Associate certification. So, if you are a software developer, DevOps engineer, system integration programmer, network automation engineer, or any relevant IT professional, do not delay to sit for the Cisco DevNet Associate exam and validate your expertise in working with Cisco network to Cisco APIs to get even higher toward your professional goal.

Continue reading

Threat Intelligence in SecureX: Fast, Free, or Easy (pick any three)

SecureX is Cisco’s free, acronym-defying security platform. (“Is it XDR? Is it SOAR? Does it solve the same problems as a SIEM? As a TIP?” “Yes.”) From the very beginning, one of the pillars of SecureX was the ability to consume and operationalize your local security context alongside global threat intelligence.

And to that end, SecureX includes, by default, a few very respectable threat intelligence providers:

➥ The Cisco Secure Endpoint File Reputation database (formerly AMP FileDB) composed of reputation ratings for billions of file hashes collected from multiple sources including Talos, Cisco Malware Analysis and Secure Endpoint

➥ The AMP Global Intelligence database, aka SecureX Public Intelligence, curated from several internal and open source thereat intelligence sources

➥ And, of course, the TALOS intelligence database, full of all manner of information discovered by the global TALOS research team and their advanced and often custom tooling

Also included is the Private Intelligence repository, which allow you to upload or create your own intelligence for inclusion in SecureX investigations.

But, there is a lot more to the world of threat intelligence than those three sources alone. Every research organization, whether free or paid, open or private, has their own area of focus, their own methods, their own guidelines and policies and practices, and their own view on any given threat. While it’s not true that more automatically equals better, a more complete and holistic view is often more valuable than a narrower view. That is, in fact, one of the primary design considerations for, and motivating reasons for the very existence of, SecureX itself.

And, many of our customers are already using additional sources – we knew that on day one, several years ago now, when we incorporated support for Virus Total into the first version of what would become SecureX threat response.

That was also a driving reason behind the roll out the remote relay modules last summer, that allow users to tie in arbitrary data sources. This design allows SecureX users to “roll their own” modules, deploy the code in their environments, and thereby leverage whatever they want as a resource in investigations.

Then we wrote and published a number of relays that were for specific well-known threat intelligence sources for users to deploy.

Recently, we have internalized these relays and are hosting them ourselves to simplify the way our customers incorporate them into their own SecureX environment. For Cisco-provided 3rd party relays, there is no longer a need to download, configure, and stand up a relay service.

What this does, is drastically decrease the investment in time and effort required in order to benefit from a multitude of available tools. Some of these tools are on-premises and are security controls or detection tools, but many are global threat intelligence providers – and many of those, are free to use.

As I was setting up a few of them myself, I realized how easy and fast this was – a click, perhaps a paste of an API key, another click, and it was done. Then I saw how many more there were. And I wondered… how long would it take to get 10 of these added, and how much would it change the nature of an investigation?

For this experiment, I used the following, chosen somewhat arbitrarily and listed purely in alphabetical order:

➥ APIvoid

➥ abuse IPdb

➥ CyberCrime Tracker

➥ FarSight DNSDB

➥ Google SafeBrowsing

➥ Pulsedive

➥ Shodan

➥ ThreatScore

➥ io

➥ VirusTotal

Several additional providers of threat intelligence options are available, and several of those are also free or at very low cost (literally under $5/mo in one case).

So, how fast can 10 completely free threat intel sources be added into SecureX, and how does it enhance the scope of that investigation? You can see the video detailing the results, here:

Source: cisco.com

Continue reading