Top Tips to Pass CCNP Enterprise 350-401 ENCOR Exam

With the constant evolution in technology, every organization worldwide requires an IT professional to help them remain at the top of the most advanced trends, increase their security, and boost overall performance. If you are presently creating your career in IT, you know how difficult it can be to obtain a Cisco certification. Yes, having one of these will unlock plenty of professional opportunities for you, but not every person tends to do this. The following section will focus on the CCNP Enterprise 350-401 ENCOR exam and explain everything you require to know.

CCNP Enterprise 350-401 ENCOR Exam Information

After passing the CCNP ENCOR exam, an applicant will hold the skills of troubleshooting, configuring, and operating wireless and enterprise wired networks. It is why this exam measures one’s skill in infrastructure, architecture, virtualization, automation, network assurance, and security.

The exam comprises 90 to 110 questions. The questions type is multiple-choice, and the exam takers have 120 minutes to answer them. You have to obtain 750-850 to pass the exam.

When it comes to candidates eligible for this exam, they require to hold relative knowledge and experience working on Cisco networks. It is why it is suggested that applicants hold some working experience. This isn’t a formal requirement, but it will be helpful if they are already familiar with the fundamentals. This CCNP ENCOR certification is the best fit for System Engineers and Integrators, Network Consultants, and Cisco Channel Partners. If you don’t hold this knowledge, you will first need to acquire all the skills evaluated on the CCNP Enterprise certification.

Top Tips to Pass CCNP Enterprise 350-401 ENCOR Exam

Let’s explore some tips for this Cisco exam preparation. Cisco certification exam passing ratio is very less, indicating that you will have to invest a lot of time and effort. It will expect you to dedicate four to five months for exam preparation. Yes, we perceive how frightening this may look, which is why you should enforce the following tricks.

Concentrate on the CCNP ENCOR Exam Topics

The first thing you have to do is find the complete list of CCNP ENCOR exam topics. Finding this syllabus is moderately simple. You just need to google search, and several results will give you. But without doubt, you should only visit Cisco’s official page and other trusted websites.

 Each of the topics is marked by percentage, so you will understand which requires more time and focus. You should study all of them.

Create a Study Schedule to Organize Your Studies

The key to passing this 350-401 ENCOR is organizing your studies. We understand that we have possibly devastated you a bit, but you will be good if you have sufficient time to commit yourself to this task and plan out every study session. So, make sure to investigate when the date of the exam is, and therefore, this is the first thing you have to learn.

Furthermore, think about your everyday life, and find a few hours a day to study. Yes, this can be a challenge if you have a full-time job and a large family, but you have to do it. Even two hours per day will be sufficient. But, keep in mind that you require to concentrate completely, which means no disturbances. Make a realistic study schedule and follow it no matter the temptation.

Collect the Relevant Study Resources

The next step to take in your CCNP ENCOR exam preparation is obtaining essential study resources. You should start with the Cisco 350-401 study guide. And make sure you read it at least two times. This study guide will equip you with all the essential information about the exam and includes exam questions.

Best Study Resources for Cisco 350-401 ENCOR Exam Prep

Moreover, it may also be great to make short notes after going over each topic. Some people don’t like this approach, but it can be helpful. Not only will you be able to determine how much you have grasped, but these notes will be a superb tool for the final revision.

Cisco 350-401 ENCOR Practice Test

Taking the CCNP ENCOR practice test is the best way to gauge your learning. You can find many websites providing online practice tests for Cisco exam preparation, such as NWExam.com. At the same time, you can perform practice tests to gauge your skills during the whole process of prepping. This way, you will comprehend whether you have to go over definite topics again.

Online Training Courses

If it appears to you that you cannot be prepared for this exam by self-studying approach or simply that you won’t be very effective on your own, there are always online courses you can take up. Yes, you will have to pay some money for online training courses, but keep in mind that they will ultimately pay themselves off. You will get a tone of other study resources and collaborate with experts who will help you master every tough topic.

Online Communities

If you like to study in a group, there are a large number of online communities and blogs where you will get in touch with people who are preparing for the same exam as you are. You can connect with other applicants to study and solve each other's doubts. What’s more, this way, you will also meet the professionals and people who have passed Cisco 350-401 ENCOR exam, so you will get first-hand information.

Conclusion

Passing the 350-401 exam and achieving the chosen Cisco certification helps you boost your career. Becoming Cisco certified will allow you to get better-paid jobs in international organizations due to your new coveted skills.

Continue reading

[New] Cisco 300-735 CCNP Security Questions and Answers with 300-735 Exam Topics

 

Cisco 300-735 SAUTO Exam Description:

The Automating and Programming Cisco Security Solutions v1.0 (SAUTO 300-735) exam is a 90-minute exam associated with the CCNP Security, Cisco Certified DevNet Professional, and Cisco Certified DevNet Specialist - Security Automation and Programmability certifications. This exam tests a candidate's knowledge of implementing Security automated solutions, including programming concepts, RESTful APIs, data models, protocols, firewalls, web, DNS, cloud and email security, and ISE. The course, Implementing Cisco Security Automation Solutions, helps candidates to prepare for this exam.

Cisco CCNP Security 300-735 Exam Overview:

• Exam Name- Automating and Programming Cisco Security Solutions
• Exam Number- 300-735 SAUTO
• Exam Price- $300 USD
• Duration- 90 minutes
• Number of Questions- 55-65
• Passing Score- Variable (750-850 / 1000 Approx.)
• Recommended Training- Implementing Automation for Cisco Security Solutions (SAUI)
• Exam Registration- PEARSON VUE
• Sample Questions- Cisco 300-735 Sample Questions
• Practice Exam- Cisco Certified DevNet Specialist Security Automation and Programmability Practice Test
  

Must Read:-

1. How to Breeze Through CCNP Security 300-735 SAUTO Exam?
2. Tips to Get Flying Score in CCNP Security 300-735 SAUTO Exam

Practice Now:-

Continue reading

Relevant and Extended Detection with SecureX, Part Two: Endpoint Detections

In part one of this series we introduced the notion of risk-based extended detection with SecureX – the idea that a user can prioritise detections into incidents based on their idea of what constitutes risk in their environments and then extend those detections with enrichments from other products. In subsequent posts we are diving deeper into different Cisco Secure detection technologies and how their respective detections can be prioritised, promoted to SecureX as incidents and extended. In this post we will look at detections from Cisco Secure Endpoint: what makes them relevant and important, the new automatic promotion feature and the triaging of endpoint events in SecureX.

What Makes an Endpoint Detection?

We’re digging into Endpoint Detections first for a Reason: Endpoint Detection and Response (EDR) solutions, like Cisco Secure Endpoint, have been central to Security Operations and Incident Response teams for years. In fact, when performing research with many of our security operations customers earlier this year we found that a majority of customers treat detections from their EDRs as their highest fidelity level and automatically put endpoint derived detections at the front of their incident response queues.

There are multiple reasons for why Endpoint Detections are so valuable to SecOps:

◉ Endpoint Detections are high fidelity:

   ◉ The nature of residing on an endpoint allows the detection system to be accurate in describing what is being seen. The observables and Indicators of Compromise (IOCs) in an endpoint detection (ex. Filename, file hash, hostname, URL) are typically accurate in what they are observing and explaining

◉ Endpoint Detections are explainable:

   ◉ Many of the detections generated by endpoint solutions link back to a file hash and threat intelligence with an explanation of what that file is and does, what the risk is to the asset that it is on, and the level of risk to the organization as a whole.

◉ Existence of Endpoint data itself provides insight:

   ◉ This intuitively obvious statement derives from the fact that the reason there is an endpoint detection in the first place is that it came from an agent that was installed on an owned asset. You don’t tend to go to the effort of installing and managing agents on unowned or non-valuable assets and on top of that in the very nature of installing the agent the asset became more valuable.

Just because an EDR can detect something, doesn’t mean that all detections are equal: understanding what the threat is, its risk to the device it’s on, the risk to the data on the device and the risk to the rest of the organization all are factors in determining how important the detection is. One of the most common, yet most overlooked components of what makes an endpoint detection important is security policy, for example forbidden applications. Applications can be forbidden for numerous reasons, from internal policy to government regulations, but those custom detections can be the most informing and actionable to a security operations team. In the example Simple Custom Detection from Cisco Secure Endpoint below we can see adding the SHA-256 of tor.exe to a simple custom detection on the left and the occurrence of that detection on the right.

Figure 1 – Configuration of Simple Custom Detection to detect tor.exe

Figure 2 – Occurrence of detection of tor.exe

In the detection occurrence figure above, at the top right, you might notice the label “Medium” indicating the severity of the threat detected. The notion of Severity was introduced to Cisco Secure Endpoint in the fall of 2018, providing a new setting for an analyst to leverage in prioritising events.

In Cisco Secure Endpoint there are four severity tags that can be applied to a given event; these severity tags are assigned by Cisco threat research team based on the global threat landscape knowledge and are continuously tuned to maintain a high level of accuracy. Since their introduction, we have found the below security events to be very useful in allowing Cisco Secure Endpoint customers to prioritise events and sort their inboxes using the severity tag and what it indicates:

◉ Critical – involving known malware families identified with very high precision

◉ High – generic malicious behaviors and generic malware, not attributed to a particular family

◉ Medium and Low – possibly malicious or risky detections, that could indicate about a potential compromise or degraded security posture

A new feature of both Cisco Secure Endpoint and Cisco SecureX is the ability to have Critical and High Cisco Secure Endpoint events automatically promoted as Incidents in Cisco SecureX Threat Response, allowing for the extension and prioritisation of Cisco Secure Endpoint detections.

Extending an Endpoint Detection:

In addition to the ability to automatically promote Critical and High Secure Endpoint events into Threat Response as Incidents is the creation of the notion of a High Impact Incident in Threat Response. The High Impact Incident List, an example seen below, are Incidents that are perceived to be of the highest criticality and importance to a security operations center. You will note in the screenshot below that there are two Incidents that appear in the High Impact Incident List and an additional 6,063 as Other Incidents: this is the process of identifying those incidents that are deemed to be the most critical, highest risk to the organization. In its first iteration the incidents that make their way onto the High Impact Incident list are those that are promoted from Cisco Secure Endpoint. As previously mentioned, we’ve found that Security Operations Centers tend to prioritise endpoint detections for numerous reasons.

In the above figure you might notice that labels “Enriched” and “Enriching” next to the two Incidents in the High Impact Incident list. Another recent enhancement is the automatic enrichment (or extension) of the incidents that are in the High Impact Incident List. What is happening behind the scenes is Cisco Threat Response is searching all integrated products for additional details about the attributes in the incident.

As we explored in the first part of this series, in the Orient stage of the OODA loop you are enriching or extending a detection. Potentially more important than the details about the file involved in the endpoint detection are the external factors such as:

◉ What role does this device have in my organization?

◉ Who is the user on the device?

◉ What other devices might be involved in the incident?

◉ What external knowledge is there of the threat?

◉ How often is this threat seen?

And, any other detail that might be used to assess the business risk of the detection.

By automatically enriching these High Impact Incidents with data from other integrated products we are shortening the Orient step portion of the OODA loop considerably, speeding up that mean-time-to-respond.

Once it has finished enriching, if we click on the top Incident in the High Impact Incident list and then on Linked References, we can see the Snapshot that was created during the enrichment process and that there were nine different observables investigated across multiple data sources integrated with SecureX Threat Response.

Opening the automatically created Snapshot takes us to an investigation in Cisco SecureX Threat Response. We can quickly see that not only the original device – w7-hoser – is involved but also another device on the network – w7-darrin – and that both have communicated to the same known malicious external IP addresses. If you look closely at the SHA-256 in the centre of the image you might notice that it is the same SHA-256, for tor.exe, that we used earlier to create a Simple Custom Detection.

From here we have a wealth of information for a given High Impact Incident:

◉ We know the hosts involved

◉ We know they are using banned applications

◉ We know some external threat intelligence

And, we can use that information to quickly make a decision that would frame our response action, quickly tightening our OODA loop.

In this post we’ve reviewed some concepts behind what makes an endpoint detection, why they’re valuable, and how to leverage Cisco SecureX to automatically extend the detection and create a High Impact Incident in SecureX Threat Response. Future posts in this series will explore the different integrated products in SecureX and how their detections can be promoted, enriched, and extended in SecureX. In the next post in this series, we will begin with the automatic promotion and triaging of behaviour detections from Cisco Secure Network Analytics into Cisco SecureX.

Source: cisco.com

Continue reading

Cisco and Intel: Next-Gen Wireless Client Visibility with Intel Connectivity Analytics!

Introducing Intel Connectivity Analytics

Cisco and Intel present a new analytics solution, Intel Connectivity Analytics, that gives granular driver-level wireless client insights for any client using the latest Intel driver and wireless chipsets while connected to a supported Cisco wireless network (visit Intel Connectivity Analytics FAQ for the SW/HW compatibility matrix). This feature significantly impacts the enterprise PC vertical, where Intel Wi-Fi 6/6E chipsets make up the majority of the market share. With the Intel Connectivity Analytics capability built directly into the Intel wireless drivers, it eliminates the need to install any client-side agent, enabling this feature to be leveraged in even non-corporate settings.

More than just telemetry, Intel Connectivity Analytics provides intelligent reports that allow network administrators to understand what to do next for any problem and ensure a great user experience in even the most complex wireless deployments by addressing the use cases in Figure 1 below.

Figure 1. Intel Connectivity Analytics Use Cases

Six Intelligent Reports to Solve All Your Problems

Intel Connectivity Analytics generates six reports (Figure 2) in real-time based on information forwarded by wireless clients to the AP and then Cisco Catalyst controller or Meraki Dashboard that directly addresses the use cases depicted in Figure 1.

Note: Station information, Neighboring AP, and Failed AP reports are generated at client association, while others are triggered when the situation arises.

Figure 2. Intel Connectivity Analytics Reports Details

Identifying out-of-date Driver, Validating New Drivers, and Identifying Hardware issues:

The Station Information report provides network administrators with driver-level client information that would not have been available in typical telemetry. This additional information allows network administrators to pinpoint the specifications such as software driver or hardware model that clients experiencing poor Wi-Fi are on and target just them.

Figure 3. Identifying Hardware Issues with Intel Connectivity Analytics

Figure 4. Station information or Device Classifier WebUI Output on the Catalyst 9800 Controller

Outdated wireless drivers can also be a common culprit for a poor wireless experience. The station information report gives network administrators peace of mind when rolling out software updates knowing they have complete visibility on the Catalyst or Meraki controller.

Figure 5. Identifying Out of Date Drivers (Left) & Validating New Drivers (Right) with Client Connectivity Analytics

Troubleshooting Roaming:

When a client roams, it’s entirely a wireless client’s decision to do so, and the network has little to no visibility into the reason. Thanks to Intel Connectivity Analytics, we have reports that will share these insights with reason codes such as Low RSSI, 11v Recommendations, Missed Beacons, and Better AP. Based on these insights, a network administrator can determine whether the suspicious client roam was for a legitimate reason or not.

Figure 6. Troubleshooting Roaming with Client Connectivity Analytics

Figure 7. Roaming Scenario Report WebUI Output on the Catalyst 9800 Controller

Identifying Poor Connectivity:

When a wireless client’s RSSI falls below a certain threshold, a Low RSSI report will be generated to alert network administrators about possible coverage holes. These issues can then be proactively addressed by increasing the Tx power on an AP, deploying additional APs, and monitoring if more Low RSSI reports are generated.

Figure 8. Identifying Poor Connectivity with Client Connectivity Analytics

Identifying Misbehaving APs:

Intel Connectivity Analytics supported clients will report if an AP is broadcasting invalid IEs in their beacons, probes, and association responses that would cause connectivity and security concerns. In fact, failed AP reports will even go deeper at the packet level and highlight problematic authentication frames, association frames, or missing response frames.

Intel Connectivity Analytics can even detect rogue AP behavior with the Unknown AP report, which is used to identify and flag rogue BSSID’s (BSSIDs that are not part of an earlier neighbor report)

Figure 9. Identifying Misbehaving APs with Client Connectivity Analytics

Figure 10. Unknown AP Report CLI Output on the Catalyst 9800 Controller

How Does It Work?

Intel Connectivity Analytics uses a Cisco Catalyst 9800 series controller and Catalyst 9100 access point topology from the Cisco Enterprise Network side. The controller enables the features by default on a per WLAN basis. Intel Connectivity Analytics supported client sends the driver-level telemetry back to the access point, which is then processed and presents users with intelligent reports and insights.

Figure 11. Intel Connectivity Analytics Topology

For a technical understanding, refer to the following points:

1. All Intel Connectivity Analytics packet exchanges are protected using PMF for security purposes.

2. Cisco network running IOS XE 17.6.1 or later with the feature enabled will advertise Intel Connectivity Analytics feature support in the Beacon frames.

3. Supported Intel clients will detect and begin forwarding telemetry periodically via a protected Action frame.

As you can see, Intel Connectivity Analytics provides network administrators with granular client-side telemetry in an agentless package at a level never seen in the past. With its wide range of use cases, minimum day 0 requirements, there’s no reason why you wouldn’t leverage such a powerful wireless analytics solution! Take the wireless experience of your network to the next level with Intel Connectivity Analytics today!

Source: cisco.com

Continue reading

Building a Scalable Security Architecture on AWS with Cisco Secure Firewall and AWS Gateway Load Balancer

Comprehensive cloud support is essential when agile and efficient security at scale is required. With Cisco Secure Firewall Threat Defense 7.1, we have added support for the AWS Gateway Load Balancer (GWLB) to drive simple, agile, and efficient security in the cloud. This integration simplifies insertion of Cisco Secure Firewall in AWS with Geneve protocol (RFC 8926) encapsulation. It makes architectures more scalable, in part by removing the need for source network address translation (SNAT) in the traffic path. Let’s consider a few common use cases where this new capability makes a difference.

Use-case: Ingress and Egress traffic inspection

Figure 1 below shows a scalable architecture for protecting ingress traffic using Cisco Secure Firewall and AWS Gateway Load Balancer. This architecture recommends creating an appliance VPC with an AWS Gateway Load Balancer and Cisco Secure Firewall virtual appliances in the backend pool of the gateway load balancer. Gateway load balancers talk to these firewalls using Geneve encapsulation, eliminating the need for SNAT, as packets have embedded virtual network interface (vni) information.

The Internet user sends traffic destined to the elastic-IP-address of a workload. Traffic hits the Internet gateway, and then it is redirected to the AWS Gateway Load Balancer Endpoint (GWLBe). The GWLBe sends traffic to the GWLB, and then to the firewall for inspection. Following inspection, the packet is then forwarded to the destination workload via GWLBe.

◉ Ingress Traffic Flow:

User -> IGW -> GWLBe -> GWLB -> Secure Firewall -> GLWB -> GWLBe -> Workload

Figure 1: Centralized AWS Gateway Load Balancer deployment (ingress traffic flow)

Figure 2 shows a scalable architecture for protecting outbound traffic using Cisco Secure Firewall and AWS Gateway Load Balancer. In this Cisco Validated Design, we recommend creating an appliance VPC with a Gateway load balancer and Cisco Secure Firewalls in the backend pool of gateway load balancer. Gateway load balancers talk to these firewalls using Geneve encapsulation.

The workload sends traffic to the Internet. Based on the route table, traffic is routed to GWLBe. Once traffic reaches the gateway load balancer endpoint, it forwards traffic to the gateway load balancer in the appliance VPC. The gateway load balancer then forwards the traffic to Cisco Secure Firewall. Once inspection is complete, the firewall forwards the traffic back to the GWLB. Once the traffic reaches the GWLB, it sends it back to the GWLBe, directing the traffic to the Internet.

◉ Egress Traffic Flow:

Workload-> GWLBe -> GWLB -> Secure Firewall -> GLWB -> GWLBe -> Internet

Figure 2: Centralized AWS Gateway Load Balancer deployment (egress traffic flow)

IGW1-RT: This route table is associated to Internet Gateway (IGW1) and there is a route for application subnet (10.81.100.0/24) point to the gateway load balancer endpoint (GWLBEP).

GWLBEPsubnet1-RT: This route table is associated to GWLBEPsubnet1 and there is a default route that points to the Internet Gateway (IGW).

AppSubnet1-RT: This route table is associated to AppSubnet1 and there is a default route that points to the gateway load balancer endpoint (GWLBEP1).

Firewall Configuration:

◉ Enable Firewall interface

◉ Associate security zone to firewall interface

VNI Interface configuration:

◉ Enable VNI interface and add a name for VNI interface

◉ Create and associate for Security Zone on VNI interface

◉ Enable AWS proxy

◉ Enable VTEP Interface

Use-case: Centralized deployment with AWS Transit Gateway (East/West traffic flow)

Figure 3 shows centralized security deployment architecture. In this design, AWS Transit Gateway connects application VPC to appliance VPC. Transit gateway receives traffic from application VPC and forwards the same to GWLBe (endpoint). GWLBe sends traffic to GWLB, GLWB sends the traffic to Cisco Secure Firewall. Post firewall inspection, traffic is forwarded back to the GLWB and then to the destination VPC via transit gateway.

Figure 3: Centralized deployment with AWS Transit Gateway (east/west traffic flow)

Use-case: Centralized deployment with AWS Transit Gateway (east/west traffic flow)

Figure 4 shows east/west traffic flow between customer’s Data Center and appliance VPC.

Figure 4: Centralized deployment with AWS Transit Gateway (east/west traffic flow)

Source: cisco.com

Continue reading

Cisco and Wipelot – First UWB-Based Location System with App Hosting!

Cisco and Wipelot present the first real-time location system (RTLS) with an app hosting solution using Ultra Wide-Band (UWB).

The new normal makes sensitive location detection more critical than ever before, so that your business can operate more effectively and use resources more efficiently, thus reducing costs and improving the bottom line. Imagine how powerful it would be to have a centralized dashboard showing —with 1-meter accuracy — a Real-Time Location System (RTLS) of inventory and equipment in your warehouse or manufacturing floor. The ability to evaluate how equipment is used, avoid loss or theft, and cut down on time hunting for missing items would completely change the game for any business.

While you imagine this, let me introduce to you Cisco and Wipelot’s new RTLS enterprise wireless IoT solution powered by Cisco Application Hosting and Eagle Eye. This integration is Cisco’s first Ultra-Wide-Band (UWB) solution and leverages a UWB dongle for a precise RTLS with the Cisco Catalyst 9100 series access point (AP) product line. As a background, UWB technology is radio frequency (RF) that is incredibly accurate when used for location services and can allow for approximately sub 1-meter location detection accuracy.

Leveraging UWB Technology

Cisco Catalyst 9100 Series AP with a
Wipelot UWB dongle

To leverage this UWB technology, this solution requires the following:

1. Cisco DNA Center – Used to manage the deployment and serviceability of Wipelot’s RTLS IOx Application.

2. Wiplot’s RTLS IOx Application – Deployed to the Catalyst 9100 Series AP through Cisco DNA Center to allow the AP to control the UWB dongle and communicate to the Wipelot Mobile Tag and send data to the Wipelot web dashboard.

3. Wipelot’s UWB Dongle – Inserted into the Cisco Catalyst 9100 Series AP and emits UWB RF.

4. Wipelot’s Mobile Tag – Attached to equipment or people and sends UWB location data to the Wipelot UWB dongle.

5. Wipelot’s Web Dashboard – Web UI used to visualize the location of Wipelot’s mobile tags.

When Wiplot’s RTLS IOx application has been deployed to the AP, the following topology can be referenced for how location data is sent from the mobile tags to the UWB dongle, then through the IOx application to the Wipelot web dashboard. Data structure is private and it is binary data with timing information of tags and anchors.

Data flow topology of the Eagle Eye Solution

The Wipelot web dashboard is an intuitive software that requires only minimal setup, such as uploading a floor map, entering the floor dimensions, placing the APs onto the map (highlighted in red below), as well as entering the IDs of the Wipelot mobile tags. Upon properly configuring your Wipelot web dashboard, you’ll immediately observe icons on the map (highlighted in orange below), which represent the location of your mobile tags. When your mobile tags are not moving, you’ll be able to observe an incredible 20cm location accuracy.

The web dashboard even allows for a location playback of any mobile tag, giving you the history of exactly where the tags were for any time in the past. Even while moving, this solution still guarantees an incredible 45cm location accuracy!

Since this solution is powered by Cisco Application Hosting on the Catalyst 9100 series access points, it reduces the overall cost of ownership by eliminating the need for an additional IoT overlay network specific to this solution. Powered by Cisco DNA Center, a user can have peace of mind thanks to its advanced application management capabilities, ranging from the runtime status of individual applications, detailed error logs and much more.

The Eagle Eye application hosting solution changes the RTLS IoT game by becoming Cisco’s very first integrated UWB solution in the market!

Source: cisco.com

Continue reading

Miercom study validates performance of Cisco’s SASE solution with advanced security features

Infrastructure plays an important role when it comes to transforming your branch, datacenter and cloud with SD-WAN (Software-defined WAN). This allows enterprises to leverage a combination of transport services delivering a high-quality experience from the WAN edge to cloud and increase business productivity. Any customer would want a solid infrastructure in place with no bottlenecks pertaining to network performance. Additionally, it is an icing on the cake for customers if the edge and hub devices can provide robust security features and integrated network services on demand while making the whole SD-WAN experience seamless.

Miercom recently did an independent study validating the on-box throughput performance, security features and integrated network services on the ISR 1000 series routers that are a part of Cisco’s Viptela SD-WAN solution, offering customers a single powerful device with a plethora of capabilities.

Miercom validated the on-box throughput tests on Cisco’s ISR 1000 series SD-WAN routers and its competitive counterparts in the same environment and in an unbiased fashion. Cisco’s SD-WAN routers performed consistently better by showcasing superior on-box throughput than the competition in different scenarios. Key features such as IPSec, Zone-Based Firewall, QoS and NAT were tested and validated during performance testing.

Performance of Cisco SD-WAN ISR 1000 series routers vs competition

One of the key findings during performance testing was that the competition lacked advanced security features on their SD-WAN gear offering only basic zone-based firewall with primitive allow/deny rules. Conversely, Cisco offers advanced security features including zone-based firewall, Advanced Malware protection, URL Filtering, IPS and TLS/SSL Decryption etc. making it a truly robust and powerful box to secure your WAN edge to cloud deployments. Cisco SD-WAN is all powered by the threat intelligence from Talos and is consistent with security stack in cloud with Cisco Umbrella.

vManage dashboard showcasing the advanced security policies in Cisco’s SD-WAN solution

Cisco SD-WAN routers also offer integrated Wireless services like Mobility Express for Wi-Fi, in-built LTE capabilities, Cisco Stealthwatch integration etc., making it a true full stack capable solution. Cisco ISR’s built-in Mobility Express feature allows routers to act as a virtual wireless controller with the capacity of managing 50 access points with advanced features like application visibility, rogue detection etc. On the other hand, the competition lacked the integrated Wi-Fi services feature – relying on third-party vendors for this capability.

vManage dashboard showcasing the advanced on-box security features in Cisco’s SD-WAN solution

Cisco SD-WAN also provides on-box LTE capabilities offering on-box SIM card slots on the ISR routers Conversely, the competition has limited SKUs with built-in LTE capabilities and must rely on third-party vendors which makes it more complex for the customer in terms of management and cost. Customers have a broader range of choice and management with Cisco SD-WAN’s additional wireless features that reduce cost and complexity. Another notable feature Cisco SD-WAN offers is Stealthwatch integration for visibility, threat analysis and network compliance using machine-learning detection. Competition fails to offer such advanced capabilities in a single box. Also, Cisco is the only SD-WAN provider to offer voice services on their ISR router platform.

Cisco’s simplified licensing structure eliminates the need for numerous add-on licenses and support contracts to activate features. Its tiered model reduces time, complexity, and cost for customers. Miercom validated Cisco’s tiered model as easy to activate, consume and renew. The competition’s approach to their licensing model is highly complex with expensive enablement of individual add-on features. Also, it does not provide the option for both consumption-based and subscription licensing like Cisco does.

Source: cisco.com

Continue reading