Our future network: insights and automation

Insights and automation will power our future network. Think of it as a circular process: collect data from network infrastructure. Analyze it for insights. Share those insights with teams to help them improve service. Use the insights to automatically reprogram infrastructure where possible. Repeat. The aim is to quickly adapt to whatever the future brings—including new traffic patterns, new user habits, and new security threats.

Now I’ll dive into more detail on each block in the diagram.

Insights

Data foundation. Good insights can only happen with good data. We collect four types of data:

◉ Inventory data for compliance reporting and lifecycle management

◉ Configuration data for audits and to find out about configuration “drift”

◉ Operational data for network service health monitoring

◉ Threat data to see what parts of our infrastructure might be under attack—e.g., a DDoS attack on the DMZ, or a botnet attack on an authentication server

Today, some network data is duplicated, missing (e.g., who authorized a change), or irrelevant. To prepare for our future network, we’re working to improve data quality and store it in centralized repositories such as our configuration management database.

Analytics. With a trusted data foundation, we’ll be able to convert data to actionable insights. We’re starting by visualizing data—think color-coded dials—to make it easier to track key performance indicators (KPIs) and spot trends. Examples of what we track include latency and jitter for home VPN users, and bandwidth and capacity for hybrid cloud connections. We’re also investing in analytics for decision support. One plan is tracking the number of support tickets for different services so we can prioritize the work with the biggest impact. Another is monitoring load and capacity on our DNS infrastructure so that we can automatically scale up or down in different regions based on demand. Currently, we respond to performance issues manually—for instance, by re-routing traffic to avoid congestion. In our future network we’ll automate changes in response to analytics. Which leads me to our next topic: automation.

Automation

Policy and orchestration. February 2022 marked a turning point: we now fulfill more change requests via automation than we do manually. As shown in the figure, we automatically fulfilled more than 7,500 change requests in May 2022, up from fewer than 5,000 just six months earlier. Examples include automated OS upgrades with Cisco DNA Center Software Image Management (SWIM), compliance audits with an internally developed tool, and daily configuration audits with an internal tool we’re about to swap out for Cisco Network Services Orchestrator. We have strong incentives to automate more and more tasks. Manual activities slow things down, and there’s also the risk that a typo or overlooked step will affect performance or security.

In our future network, automation will make infrastructure changes faster and more accurate. Our ultimate goal is a hands-off, AIOps approach. We’re building the foundation today with an orchestrator that can coordinate top-level business processes and drive change into all our domains. We are working closely with the Cisco Customer Experience (CX) group to deploy Business Process Automation solution. We’re developing workflows that save time for staff by automating pre- and post-validation and configuration management. The workflows integrate with IT Service Management, helping us make sure that change requests comply with Cisco IT policy.

Release management. In the past, when someone submitted a change request one or more people manually validated that the change complied with policy and then tested the new configuration before putting it into production. This takes time, and errors can affect performance or security. Now we’re moving to automated release pipelines based on modern software development principles. We’re treating infrastructure as code (IaC), pulling device configurations from a single source of truth. We’ve already automated access control list (ACL) management and configuration audits. When someone submits a change to the source of truth (typically Git), the pipeline automatically checks for policy compliance and performs tests before handing off the change for deployment.

The Road Ahead

To sum up, in our future network, the only road to production is through an automated pipeline. Automation helps us adapt more quickly to unexpected change, keeps network configuration consistent worldwide, and reduces the risk of errors. We can’t anticipate what changes our business will face between now and 2025—but with insights and automation, we’ll be able to adapt quickly.

Source: cisco.com

Continue reading

Get Brilliant Results by Using Cisco 700-760 ASAEAM Practice Test

Cisco 700-760 ASAEAM Exam Description:

The Advanced Security Architecture Express for Account Managers (ASAEAM 700-760) is a 90-minute exam for the required knowledge across the Cisco Security portfolio for a registered partner organization to obtain the Security specialization in the AM role.

Cisco 700-760 Exam Overview:

• Exam Name- Cisco Security Architecture for Account Managers
• Exam Number- 700-760 ASAEAM
• Exam Price- $80 USD
• Duration- 90 minutes
• Number of Questions- 55-65
• Passing Score- Variable (750-850 / 1000 Approx.)
• Recommended Training- Cisco SalesConnect
• Exam Registration- PEARSON VUE
• Sample Questions- Cisco 700-760 Sample Questions
• Practice Exam- Cisco Security Architecture Practice Test

Cisco 700-760 Exam Topics:

1. Threat Landscape and Security Issues- 20%
2. Selling Cisco Security- 15%
3. Customer Conversations- 15%
4. IoT Security- 15%
5. Cisco Zero Trust- 15%
6. Cisco Security Solutions Portfolio- 20%

Continue reading

People: A cornerstone for fostering security resilience

Security resilience isn’t something that happens overnight. It’s something that grows with every challenge, pivot and plot change. While organizations can invest in solid technology and efficient processes, one thing is critical in making sure it translates into effective security: people.

What impact do people have on security resilience? Does the number of security employees in an organization affect its ability to foster resilience? Can a lower headcount be supplemented by automation?

In a world where uncertainty is certain, we recently explored how people can contribute to five dimensions of security resilience, helping businesses weather the storm.

Through the lens of our latest Security Outcomes Study – a double-blind survey of over 5,100 IT and security professionals – we looked at how people in SecOps teams can influence organizational resilience.

Strong people = successful security programs  

SecOps programs built on strong people, processes and technology see a 3.5X performance boost over those with weaker resources, according to our study. We know that good people are important to any organization, and they are fundamental to developing capable incident response and threat detection programs.

Why are detection and response capabilities important to look at? Because they are key drivers of security resilience. In the study, we calculated a ratio of SecOps staff to overall employees for all organizations. Then, we compared that ratio to the reported strength of detection and response capabilities.

Effect of security staffing ratio on threat detection and incident response capabilities

What we can clearly see is that organizations with the highest security staffing ratios are over 20% more likely to report better threat detection and incident response than those with the lowest. However, the overall average highlights that organizations not on the extreme ends of the spectrum are more likely to report roughly equal levels of success with SecOps — indicating that headcount alone isn’t a sure indicator of an effective program or resilient organization. It can be inferred that experience and skills also play a pivotal role.

Automation can help fill in the gaps

But what about when an organization is faced with a “people gap,” either in terms of headcount or skills? Does automating certain things help build security resilience? According to our study, automation more than doubles the performance of less experienced people.

Effect of staffing and automation strength on threat detection and incident response capabilities

In the graph above, the lines compare two different types of SecOp programs: One without strong people resources, and one with strong staff. In both scenarios, moving to the right shows the positive impact that increasing automation has on threat detection and incident response.

Out of the survey respondents, only about a third of organizations that lack strong security staff, and don’t automate processes, report sound detection and response.

When one of three security process areas (threat monitoring, event analysis, or incident response) is automated, we see a significant jump in capability among organizations that say their tech staff isn’t up to par. Automating two or three of these processes continues to increase strength in detection and response.

Why does this matter? Because over 78% of organizations that say they don’t have adequate SecOps staffing resources still report that they are able to achieve robust capabilities through high levels of automation.

A holistic approach to security resilience

When it comes to security resilience, however, we have to look at the whole picture. While automation seems to increase detection and response performance, we can’t count people out. After all, over 95% of organizations that have a strong team AND advanced automation report SecOps success. Organizations need to have the right blend of people and automation to lay the foundation for organization-wide security resilience.

As your business continues to look towards building a successful and resilient SecOps program, figuring out how to utilize your strongest staff, and where to best employ automation, will be a step in the right direction.

Source: cisco.com

Continue reading

Is It Possible to Pass the Cisco 300-730 SVPN Exam At First Attempt?

The Cisco Security Certification is one of the industry's most renowned career certifications. The CCNP Security concentration exam 300-730 SVPN, also known as called Implementing Secure Solutions with Virtual Private Networks, is designed for individuals looking to cultivate crucial skills required for implementing secure remote communications with the help of VPN solutions. The exam is affiliated with two Cisco certifications, namely CCNP Security and Cisco Certified Specialist-Network Security VPN Implementation certifications.

Cisco 300-730 SVPN is a 90-minute exam available in the English and Japanese languages. The exam cost is $300. If you crack this CCNP Security concentration exam, you will prove your proficiency in working with VPN solutions, qualifying for security job positions like Network Engineering, Network Architect, and Network Administration.

Is It Possible to Pass the Cisco 300-730 SVPN Exam At First Attempt?

If you are aspiring to take up CCNP Security 300-730 SVPN exam, you have to chart out a strategy for exam preparation that will ease your preparation process. Make sure you strictly follow every tip outlined, and it will help you excellently in passing the Cisco SVPN exam quickly! Let's begin.

1. Know the Cisco 300-730 SVPN Exam Objectives

The first step in your Cisco 300-730 exam preparation is to become acquainted with the exam topics. Make sure you have the exam objectives handy because they serve as the definitive guide. They will also help you create your strategy because you will know what you are anticipated to learn. As a result, you will not go off the track of your whole preparation time.

2. Take an Official Instructor-Led Training Course

An official training course is an excellent way to gain the skills and knowledge for any Cisco exam. The official training course prepares you with the knowledge, skills, and hands-on practice you need to carry out the tasks at the workplace.

3. Watch Online Videos

If you have spare time, try to explore the internet and find videos related to Cisco 300-730 SVPN exam. Learning from watching the videos is the most enjoyable way. And you won't be unhappy with the videos you can find, particularly on YouTube. These are updated videos that are carefully prepared by seasoned people who want to support exam candidates.

4. Participate in Online Communities

It is extremely crucial to get immersed in an online community discussion as it helps you incorporate your knowledge and skills with your co-workers. In most circumstances, a Cisco community is the best option for filling your knowledge gaps with fellow counterparts.

It is a variety of skills, concepts, and techniques striving for you to comprehend the main concepts evaluated in the Cisco SVPN exam. Furthermore, you can share study resources, tips, and other valuable information to boost exam preparation.

5. Evaluate Your Preparation Level with Cisco 300-730 SVPN Exam

Once you have obtained the essential skills and knowledge, it is time to evaluate yourself. To solve this purpose, Cisco 300-730 SVPN practice tests from nwexam are the best means to decide if you have soaked up the information to crack the exams. Practice tests familiarize you with the actual exam environment and the same exam structure and question types as the actual exam.

Reasons Why You Must Pass Cisco 300-730 SVPN Exam And Achieve CCNP Security Certification

There are many reasons CCNP Security certification is the answer to achievement in the network security field:

Amazing Job opportunities

CCNP Security certification satisfies the standards for many different positions like IT executive; manager of computers and information systems; network engineer; computer systems and network administrators; computer system designer or engineering projects, to list a few.

Acknowledgment of Skills

Getting a CCNP Security certification is a means to disclose your superior information and skills in the field of computer networking. Professionals by good reputation organization similar to Cisco means you will be acknowledged as the best-qualified person in the field.

Radiant Career Growth

Earning a CCNP Security certification not simply helps you in discovering excellent networking jobs; it also places you at the top of the list when it arrives time for internal promotions and career advancements. If you are looking to switch jobs, Cisco 300-730 certification will promote you to obtaining a high-level job without having to begin at an entry-level and climb up the career ladder.

Boosts Self-Confidence

Passing Cisco 300-730 SVPN exam can boost your confidence and self-esteem. Rather than being scared to apply for a job because of fewer qualifications and experience, you boost confidence by understanding that you have a certification from a leading vendor - Cisco.

Conclusion

Nowadays, having a Cisco certification is a synonym for having great career opportunities. There are many ways to pass the Cisco 300-730 SVPN exam, And the Essential Step Is thorough Preparation. All the study resources, official training courses to practice tests from the nwexam website will give you a greater possibility of passing the exam on the first try.

Continue reading

Perspectives on the Future of Service Provider Networking: Mass Network Simplification

Traditional service provider networks have become very complex, creating significant overhead across engineering and operations teams tasked with building, expanding, and maintaining them. This results in higher costs, reduced agility, and increased environmental impact. Built on multiple technology layers, domains, protocols, operational silos, and proprietary components that have been stacked over years or decades, service provider networks must go through mass simplification to couple with our society’s increasing business and sustainability demands. Simplification is key to allow service provider networks to continue supporting exponential traffic growth and emerging demands for service agility while reducing the cost of services and power, as well as footprint requirements.

In some sense, talking about why networks need to be simplified is like talking about the importance of exercising for our health and well-being – both can start small and deliver clear, unquestionable long-term benefits, yet we can always find an excuse not to do them. And like many people that struggle to start an exercise routine and maintain it over the long run, many operators struggle to embrace simplicity as a long-term network design principle that benefits the health and well-being of their network.

Intuitively, a leaner network with less moving parts will be simpler, more efficient, consume less resources, and allow for a smoother operation, thus lowering its total cost of ownership. Similarly, using common design, protocols, and tools across the end-to-end network improves agility. Such simplifications can be achieved through small, consistent changes from network design to operations. Over time, networks will achieve compounded benefits in cost savings, lower power use, and improved environmental impact. Operations will be more agile too, directly impacting customer experience.

Mass network simplification is about taking a holistic approach to apply modern network design and operational practices, embracing simplification opportunities across every network domain, and automating everything that can be automated. It’s also about making simplicity part of the engineering and operations culture.

There are several potential areas of simplification to aim for, from the end-to-end network architecture all the way down to the network device level. The following table provides some examples:

Network Level	Mass network simplification opportunity	Examples
End-to-end Architecture	Removing legacy technologies and converging services towards modern IP networks	Moving TDM-based private line and dedicated wavelength services onto IP/MPLS networks using circuit emulation and, thereby, eliminating the need for dedicated legacy SONET/SDN or OTN switching equipment
	Integrating technologies to remove redundancy and lower interconnect costs	Integrating advanced DWDM transponder functions into pluggable optics that go directly into router ports using Digital Coherent Optics (DCO) technology
	Collapsing technology layers, removing functional redundancy, and converging services and network intelligence at the IP/MPLS layer.	Adopting Routed Optical Networking solution which converges L1, L2 and L3 services and advanced network functions, e.g., traffic engineering and network resiliency, at IP/MPLS layer while simplifying the DWDM network requirements as routers are connected hop-by-hop and the IP/MPLS network is self-protected
	Using common technologies end-to-end, avoiding technology and operational silos	End-to-end unified forwarding plane using Segment Routing over IPv6 (SRv6) and an end-to-end unified control plane using M-BGP including EVPN across core, edge, aggregation, access networks and data center fabrics – distributed to the edge or centralized
Device	Adopting modern network platforms with simpler and more efficient hardware architectures	State-of-the-art Network Processor Units (NPUs) based on System on a Chip (SoC) multi-purpose architecture, allowing simpler, more scalable, and more efficient routing platforms
Protocols	Reducing the number of protocols required to run the network	IETF’s Segment Routing and EVPN standard technologies reduces the number of protocols in an IP/MPLS network from 6 or 7 down to 3 (50% reduction) while improving network resiliency and service ability
Management & Automation	Building management and automation solutions based open software frameworks	IETF’s ACTN framework, ONF Transport-SDN framework and OpenConfig gNMI
	Consolidating software interfaces to open APIs and data models	YANG model-driven APIs using NETCONF and/or gNMI , T-API interfaces

Let’s look at two examples of how these network simplifications can be introduced in small steps as part of a long-term initiative – one at the IP/MPLS network protocol level and another at the end-to-end network architecture level.

Mass network simplification in practice

IP/MPLS networks provide unmatched multi-service capabilities. They support Layer 1 services through circuit emulation, Layer 2 services (point-to-point and multipoint, i.e., E-Line, E-LAN, E-Tree services), Layer 3 VPN services as well as various internet services. The technology required to support those services was developed and standardized over many years and as a result traditional IP/MPLS networks require many individual protocols – typically six or seven. Segment routing (SR – IETF RFC 8402 and related) was developed at the Internet Engineering Task Force (IETF) specifically to improve this scenario. By embracing a software defined networking (SDN) framework, segment routing combined with Ethernet VPN (EVPN – IETF RFC 7432) can reduce the number of protocols required in the IP/MPLS network by 50% or more, down to three protocols – segment routing, the interior gateway protocol (IGP) routing protocol, and border gateway protocol (BGP) as a service protocol. Resource reservation protocol (RSVP) and label distribution protocol (LDP) can be eliminated, as can other transport and service signaling protocols.

Segment routing also simplifies network devices because it doesn’t require them to maintain state about traffic engineering tunnels otherwise required by the RSVP-TE protocol. Instead, segment routing embraces an SDN architecture where traffic engineering is supported by network controllers.

Segment routing was created with smooth network migrations in mind. EVPN implementations have also been enhanced to allow for smooth migrations. To achieve that, both allow co-existence of the old and new protocol stack. Co-existence means both traditional IP/MPLS protocols and segment routing are enabled on the same network, or traditional networks can be connected to segment routing networks through routers that provide “interworking” functions to allow traffic to smoothly cross them. Besides that, segment routing was also created with operational simplicity in mind. It’s enabled by using simple configurations since there are less protocols involved. As a result, network operators have been migrating their networks to segment routing for quite some time and have fully transitioned their networks to this much simpler architecture.

At the end-to-end architecture level, service providers also had to stack multiple technology layers. This multi-layer architecture typically has at least four key technology components: IP/MPLS for packet services, OTN switching for TDM grooming and private line services, DWDM transponders for mapping grey signals to DWDM channels, and DWDM ROADMs to cross-connect DWDM channels across multiple fibers. Each technology layer has its own management system and runs its own complex protocol stack. Multiply this for each network domain (WAN, metro, access, etc.) and add a multi-vendor component and the result is a very complex architecture that’s hard to plan, design, deploy, and operate. It’s also very inefficient as it’s hard to optimize all the network resources mobilized for any given service as well as troubleshoot network faults.

Technology innovations made possible the emergence of routed optical networking, a much simpler and cost-effective end-to-end network architecture. These are key improvements promoted by routed optical networking:

◉ Full services convergence at the IP/MPLS layer, including private line services through private line emulation (PLE) technology

◉ Elimination of OTN switching – OTN services are supported by PLE technology

◉ Integration of advanced transponder functions into pluggable optics using digital coherent optics (DCO) technology that goes directly into the router ports

◉ Centralization of network intelligence at the IP/MPLS layer for traffic engineering and network resilience removes the dependency on complex transport control planes (e.g., WSON/SSON)

◉ Use of industry-defined open interfaces and data models for management and automation with segment routing to further simplify the end-to-end network

Even such a breakthrough network transformation like routed optical networking can start small. The first step can involve simply replacing transponders with DCO pluggable optics as you adopt 400GE in your IP/MPLS network, while maintaining your existing DWDM network. In parallel you can start your path towards segment routing adoption. Over time, you can embrace more automation and start migrating TDM services to the IP/MPLS layer, until you eventually adopt all the innovations and deploy a full featured routed optical network. As we speak, many service providers have already started these network transitions.

Source: cisco.com

Continue reading

Cisco 700-651 CASE Exam | Best Collaboration Architecture Sales Essentials Practice Test

Cisco 700-651 CASE Exam Description:

The 700-651 CASE exam tests a candidate's knowledge of the skills needed by an account manager to design and sell Cisco collaboration architecture solutions.

Cisco 700-651 Exam Overview:

• Exam Name- Cisco Collaboration Architecture Sales Essentials
• Exam Number - 700-651 CASE
• Exam Price- $80 USD
• Duration- 60 minutes
• Number of Questions- 45-55
• Passing Score- Variable (750-850 / 1000 Approx.)
• Recommended Training- Cisco SalesConnect
• Exam Registration- PEARSON VUE
• Sample Questions- Cisco 700-651 Sample Questions
• Practice Exam- Cisco Collaboration Architecture Practice Test

Related Article:-

Get Ready to Take Cisco Collaboration Architecture Sales Essentials 700-651 CASE Exam

Continue reading

Metrics that Matter

In large, complex organizations, sometimes the only metric that seems to matter is mean time to innocence (MTTI). When a system breaks down, MTTI is the tongue-in-cheek measure of how long it takes to prove that the breakdown was not your fault. Somehow, MTTI never makes it into the slide deck for the quarterly board meeting.

With the explosion of tools available today—observability platforms for gathering system telemetry, CI/CD pipelines with test suite timings and application build times, and real user monitoring to track performance for the end user—organizations are blessed with a wealth of metrics. And cursed with a lot of noise.

Every team has its own set of metrics. While every metric might matter to that team, only a few of those metrics may have significant value to other teams and the organization at large. We’re left with two challenges:

1. Metrics within a team are often siloed. Nobody outside the team has access to them or even knows that they exist.

2. Even if we can break down the silos, it’s unclear which metrics actually matter.

Breaking down silos is a complex topic for another post. In this one, we’ll focus on the easier challenge: highlighting the metrics that matter. What metrics does a technology organization need to ensure that, in the big picture, things are working well?  Are we good to push that change, or could the update make things worse?

Availability Metrics

Humans like big, simple metrics: the Dow Jones, heartbeats per minute, number of shoulder massages you get per week. To get the big picture in IT, we also have simple, easily-understandable metrics.

Uptime

As a percentage of availability, uptime is the simplest metric of all. We would all guess that anything less than 99% is considered poor. But chasing those last few nines can get expensive. Complex systems designed to avoid failure can cause failure in their own right, and the cost of implementing 99.999% availability—or “five nines”—may not be worth it.

Mean Time Between Failures (MTBF)

MTBF is the average time between failures in a system. The beauty of MTBF is that you can actually watch your boss start to twitch as you approach MTBF: Will the system fail before the MTBF? After? Perhaps it’s less stressful to throw the breakers intentionally, just to enjoy another 87 days!

Mean Time To Recovery (MTTR)

MTTR is the average time to fix a failure and can be thought of as the flip side of MTBF. Both Martin Fowler and Jez Humble have quoted the phrase, “If it hurts, do it more often,” and that principle seems like it could apply to MTTR as well. Rather than avoiding changes—and generally treating your systems with kid gloves to try and keep MTBF high—why not get better at recovery? Work to reduce your MTTR. Paradoxically, you could enjoy more uptime by caring about it less. 

Development Metrics

For years, an important improvement metric used by developers was Product Owner Glares Per Day. Development in the 21st century has given us new ways to understand developer productivity, and a growing body of research points to the metrics we need to focus on. 

Deployment Frequency

The outstanding work of Nicole Forsgren, Jez Humble, and Gene Kim in Accelerate demonstrates that teams that can deploy frequently experience fewer change failures than teams that deploy infrequently. It would be a brave move to try and game this metric by deploying every hour from your CI/CD pipeline. However, capturing and understanding this metric will help your team investigate its impediments.

Cycle Time

Cycle time is measured from the time a ticket is created to the healthy deployment of the resulting fix in production. If you needed to fix an HTML tag, how long would it take to get that single change deployed? If you need to start calling meetings about the deployment outages, you know that the value of that metric, for your organization, is too high.

Change Failure Rate

Of all your organization’s deployments, how many need to be rolled back or followed up with an emergency bugfix? This is your change failure rate, and it’s an excellent metric to try to improve. Improving your change failure rate helps developers to proceed more confidently. This will improve the deployment frequency rate im turn.

Error Rate

How many errors per hour does your code create at runtime? Is that better or worse since the last deployment? This is a great metric to expose to stakeholders: Since many demos only show the UI of an application, it’s helpful to see what is blowing up behind the scenes.

Platform Team Metrics

Metrics often originate from the platform team because metrics help raise the maturity level of their team and other teams. So, which metrics are most helpfu? While uptime and error rate matter here too, monthly active users and latency are also important.

Monthly Active Users

Being able to plan capacity for infrastructure is a gift. Monthly active users is the metric that can make this happen. Developers need to understand the load their code will have at runtime, and the marketing team will be incredibly thankful for those metrics.

Latency

Just like ordering coffee at Starbucks, sometimes you need to wait a little while. The more you value your coffee, the longer you might be willing to wait. But your patience has limits.

For application requests, latency can destroy the end-user experience. What’s worse than latency is unpredictable latency: If a request takes 100ms one time but 30s another time, then the impact on systems that create the request will be multiplied.

UX Metrics

Senior and non-technical leadership tend to focus on what they can see in demos. They can be prone to nitpicking the frontend because that is what’s visible to them and the end users. So, how does a UX team nudge leadership to focus on the achievements of the UX instead of the placement of pixels? 

Conversion Rate

The organization always has a goal for the end user: register an account, log in, place an order, buy some coins. It’s important to track these goals and see how users perform. Test different versions of your application with A/B testing. An improvement in conversion rate can mean the difference between profit and loss.

Time on Task

Even if you’re not making an application for employees, the amount of time spent on a task matters. If your users are being distracted by colleagues, children, or pets, it helps if their interactions with you are as efficient as possible. If your end user can complete an order before they need to help the kids with their homework or get Bob unstuck, that’s one less shopping cart abandoned.

Net Promoter Score (NPS)

NPS comes from asking an incredibly simple question: On a scale of 1 to 10, how likely is it that you would recommend this website (or application or system) to a friend or colleague? Embedding this survey into checkout processes or receipt emails is easy. Given enough volume of response, you can work out if a recent change compromised the experience of using a product or service.

If you can compare NPS scores for different versions of your application, then that’s even more helpful. For example, maybe the navigation that the marketing manager insisted on really is less intuitive than the previous version. NPS comparisons can help identify these impacts on the end user.

Security Metrics

Security is a discipline that touches everything and everyone—from the developer inadvertently creating an SQL injection flaw because Jenna can’t let the product launch slip, to Bob allowing the physical pen tester into the data center because they smiled and asked him about his day. Fortunately, several security metrics can help an organization get a handle on threats.

Number of Vulnerabilities

Security teams are used to playing whack-a-mole with vulnerabilities. Vulnerabilities are built into new code, discovered in old code, and sometimes inserted deliberately by unscrupulous developers. Tackling the discovery of vulnerabilities is a great way to show management that the security team is on the job squashing threats. This metric can also show, for example, how pushing the devs to hit that summer deadline caused dozens of vulnerabilities to crop up.

Mean Time To Detect (MTTD)

MTTD measures how long an issue had been in production before it was discovered. An organization should always be striving to improve how it handles security incidents. Detecting an incident is the first priority. The more time an adversary has inside your systems, the harder it will be to say that the incident is closed.

Mean Time To Acknowledge (MTTA)

Sometimes, the smallest signal that something is wrong turns out to be the red-alert indicator that a system has been compromised. MTTA measures the average time between the triggering of an alert and the start of work to address that issue. If a junior team member raises concerns but is told to put those on ice until after the big release, then MTTA goes up. As MTTA goes up, potential security incidents have more time to escalate.

Mean Time To Contain (MTTC)

MTTC is the average time, per incident, it takes to detect, acknowledge, and resolve a security incident. Ultimately, this is the end-to-end metric for the overall handling of an incident.

Signal, Not Noise

Amidst the noise of countless metrics available to teams today, we’ve highlighted specific metrics at different points in the application stack. We’ve looked at availability metrics for the IT team, followed by metrics for the developer, platform, UX, and security teams. Metrics are a fantastic tool for turning chaos into managed systems, but they’re not a free ride.

First, setting up your systems to gather metrics can require a significant amount of work. However, data gathering tools and automation can help free up teams from the task of collecting metrics.

Second, metrics can be gamed, and metrics can be confounded by other metrics. It’s always worth checking out the full story before making business decisions solely based on metrics. Sometimes, the appearance of rigor in data-driven decision-making is just that.

At the end of the day, the goal for your organization is to track down those metrics that truly matter, and then build processes for illuminating and improving them.

Source: cisco.com

Continue reading