Friday, 6 January 2023

Perspectives on the Future of Service Provider Networking: 5G and the future of enterprise wireless networks

Cisco Career, Cisco Tutorial and Materials, Cisco Prep, Cisco Preparation, Cisco Skills, Cisco Job

As part of the Industry 4.0 Initiative, many enterprises are working to improve their efficiency by increasingly digitalizing and connecting their business processes. This evolution calls for the aggressive adoption of networked sensors, robots, autonomous guided vehicles (AGVs), or other IoT devices. 5G, the latest generation of cellular technology, promises to meet the requirements that arise in such enterprise environments requiring extremely low latency and high reliability. But so far cellular networks have predominantly been operated by communication service providers (CSPs). So how can 5G be introduced into an enterprise setting with minimal risk and disruption to existing business processes?

Many enterprises are embarking on an Industry 4.0 journey, aiming to increase business efficiencies and workflow uptime and make informed business decisions. In this journey, existing processes are automated by deploying intelligent robots, AGVs, sensors, or other instruments that are networked together and supported by controllers providing real-time automation, visibility, and control. Examples of such processes in a manufacturing context include:

◉ Flexibly connecting manufacturing assets
◉ Deploying layout-free production lines, including autonomous robots and co-bots
◉ AGVs
◉ UHD cameras on high-speed uplinks combined with machine learning algorithms for predictive quality control and maintenance
◉ Augmented reality training

While this trend in Industry 4.0 promises to increase competitiveness and quality and reduce production costs, the required changes still present major challenges to predominantly risk-averse enterprises. Adjustments to existing processes are often quite intrusive, requiring deployment of new digitalized endpoints. Enterprise networks also need to support connectivity requirements beyond the carpeted space to include outdoor environments and allow partners and customers to participate in a fully digitalized workflow.

5G is emerging as a promising way to address these challenges. The latest generation of 3GPP cellular technology standards take an open architectural approach in addition to offering improvements in radio connectivity between endpoints and base stations. 5G offers deterministic real-time access to the network, broad geographic coverage, low latency, and high bandwidth communication to IoT devices. The figure below illustrates the five architectural pillars of 5G.

Cisco Career, Cisco Tutorial and Materials, Cisco Prep, Cisco Preparation, Cisco Skills, Cisco Job

Cellular technologies have their roots in consumer mobile networks, using regulator-controlled licensed frequencies. Their sophisticated functional components support global roaming, high-speed handoffs between antennas, and detailed billing to name a few. To an enterprise operator, 5G as a technology may seem complex and unfamiliar. A major reason is that operators must consider several system design options in 5G, such as:

◉ Which radio spectrum to use, licensed, unlicensed, or shared (e.g., CBRS) — low-band (<1-GHz), mid-band (“sub-6-GHz”), high-band/mmWave (>24-GHz)?
◉ How to align the level of availability/reliability to the application/service level agreement (SLA)?
◉ How to cover the required area, be it campus (indoor/outdoor), branch offices, distributed remote sites, or industrial?
◉ Where to place the various 5G network functions for radios and the 5G packet core – is the network disaggregation centralized, private/on-prem, or hybrid?
◉ How to ensure security since disaggregation, open APIs, and 5G’s polyglot architecture represent new attack surfaces?
◉ How to meet data sovereignty and regulatory requirements?
◉ How to design for access determinism and what level of determinism is sufficient to meet application requirements?
◉ Ownership vs. partnership models, SLA impact on security, and resiliency models
◉ How to meet the requirements from different endpoint/user-equipment device-types such as phones, modems, sensors, worker wearables, drones, AGV/vehicle controllers, tools, fleet-management routers, industrial routers, etc.?

The introduction of 5G into the enterprise network may seem daunting to an enterprise operator, so it’s natural to look at the community of solution and managed service providers (MSPs) for help!

Three ways service providers can make the most of private 5G


From the perspective of a CSP or MSP, the above challenges that enterprises face in their journey to digitalization present opportunities to extend or enhance their managed service portfolio. Such providers typically have an opportunity to:

1. Offer a generalized 5G service that covers a broad market segment
2. Offer a vertical-specific, turnkey 5G service (e.g., for healthcare or manufacturing)
3. Offer a flexible 5G service integrated into an existing enterprise environment

An example of No. 1 is a CSP that offers 5G service throughout its entire service domain. Such operators could build the service based on their public network by devoting network functions to any subscribing enterprise. This approach is called network slicing in a 5G architecture, and it has the advantage of leveraging the existing technologies (5G packet core, radios) deployed for consumer services in a more service-differentiated manner. The service provider deploys multiple virtual networks on common network infrastructure end to end with control elements that are specific to the business purpose of each service slice.

An example of No. 2 would be an architecture where a systems integrator or MSP creates a turnkey service offer for a particular industry vertical. Dedicated 5G packet core and radios are integrated with vertical-specific endpoints (e.g., robots, AGVs) and deployed on enterprise premises. The systems integrator is typically responsible for the deployment and operation of the entire solution. The 5G network is dedicated to the enterprise’s solution use case and can thus offer the required SLAs. A drawback of such a turnkey solution can be the lack of integration with an existing enterprise network.

Option No. 3 offers a hybrid of the other two alternatives. In this model, the MSP offers a generic 5G access network dedicated to the enterprise without sharing critical resources with other enterprises. Such a network can be generic to multiple use cases, increasing the MSP’s target market. The service can also be tightly integrated into existing enterprise networks, for example by providing links into existing enterprise policy servers or by re-using the installed transport network to connect radios. This possibility of a tight integration with enterprise network operations makes this mode of consuming a 5G managed service particularly attractive.

Why choose an “as-a-service” model?


Each of the above three models have their place in the market and offer advantages. For all three, the “as-a-service” model offers a compelling alternative to a do-it-yourself approach.

We’re active in the public 5G core and transport domains and as such empower any service provider wishing to offer services as in option No. 1. The transport architecture of sliced services will be enabled by new IP routing technologies such as segment routing to address key slice characteristics like bandwidth and path forwarding policy. Core domain network slicing can also be enabled by 5G core orchestrators to govern containerized cloud-native 5G core network functions.

However, most enterprises embarking on the Industry 4.0 journey are looking for dedicated functions as outlined under the latter two options. The ability to retain control over access policies for 5G endpoints or to influence security and quality-of-service policies makes option No. 3 particularly attractive for risk-averse enterprises.

Cisco’s private 5G solution is based on a compelling variation of such an as-a-service approach. It offers critical functions of a 5G access network dedicated to the enterprise and positioned on-premises, but some control functions are also cloud delivered in a software-as-a-service model to the MSP. This allows the MSP to reduce time to market by avoiding deployment and operations complexities of the 5G packet core functions. MSPs can also enjoy the cloud management capabilities that have already been established with the Cisco IoT Control Center platform. We’re already hosting more than 200 million cellular devices on this cloud platform, making it a prime candidate to also extend the approach to the private 5G solution architecture.

Source: cisco.com

Thursday, 5 January 2023

Maximize Network Wide License Utilization with Smart Licensing

How can you accurately track software licenses being consumed across your network and where? Smart licensing is the solution!

Smart licensing was created to simplify the customer experience and provide greater insight into software license ownership and consumption. It establishes a pool of licenses that can be used across your entire organization in an automated manner.

What is smart licensing?


Smart licensing is a flexible software licensing model that simplifies the way you activate and manage licenses across your organization. The smart licensing model makes it easier to procure, deploy, and manage your Cisco software licenses.

Smart licensing eliminates the need for PAK licenses and allows licenses to be easily shared across devices in the same organization. It also gives you the flexibility to use only what you need when you need it.

Cisco Tutorial and Materials, Cisco Career, Cisco Skill, Cisco Jobs, Cisco Prep, Cisco Preparation, Cisco Guides

Why should I use smart licensing?


In today’s world, license portability and a flexible consumption model offer you the capability and flexibility to purchase software capacity as needed. This decreases OpEx and can eliminate stranded licenses. When installing high-density line cards or high-capacity fixed chassis, you don’t always need the full capacity of the hardware from day one and a simplified management tool allows you to fully utilize licenses and the dollars you spend.

Customer Needs IOS XR Flexible Consumption Model (FCM)
Customers want strategic partners who can provide commercial offers permitting them to pay incrementally to expand capacity as demand for their consumer and business services rises.   FCM is a pay-as-you-grow model which enables customers to invest in the network capacity as demand grows. Having this ability to add capacity as and when needed helps customers with their network and capacity planning.
Customers want investment protection with the portability of software across hardware resources to meet demand across any one of their markets.   FCM has a subscription component which includes software portability. This provides investment protection by enabling porting of licenses to next-generation hardware when a customer is ready.
Customers want a software license management experience that enables porting of licenses across the corporation to shift capacity to markets in demand.   FCM permits service providers to pool software licenses and lower initial investments required to incubate new services.

Flexible consumption model benefits using smart licensing

◉ Simplify operations. Two software suites, Essentials Software and Advantage Software, simplify license management while still providing the carrier-class Cisco IOS XR Software feature set.

◉ License pooling: You can efficiently share licenses network-wide with license pooling. This solution improves capacity planning by eliminating “stranded capacity” as you can use available capacity wherever needed in the IOS XR Flexible Consumption Model network. In this manner, you can potentially utilize your capital budgets to consume software innovations in IOS XR.

◉ Software upgrades: Software upgrades provide access to new features and enhancements to existing features.

◉ Software portability: Software portability provides investment protection by enabling porting of licenses to next-generation hardware when you’re ready. During decommissioning of hardware and transitioning to next generation hardware, you retain the ability to not decommission the investment in the software, and instead, port it to a newer hardware provided all necessary conditions are met.


Cisco Tutorial and Materials, Cisco Career, Cisco Skill, Cisco Jobs, Cisco Prep, Cisco Preparation, Cisco Guides

Flexible consumption model and smart licensing are supported on the following products:

◉ Access – NCS 540, NCS 560
◉ Edge – ASR 9000
◉ Core – NCS 5500, NCS 5700, and 8000 Series routers

The flexible consumption model requires Cisco Smart Licensing registration and license usage reporting. A network under IOS XR FCM is considered compliant if the FCM-enabled devices in your network are registered to smart licensing and are reporting the usage. Starting from IOS XR 7.3.1, major and minor XR software upgrades will only be available once you’ve registered the devices and aren’t using more licenses than what was purchased. The registration process is a simple one-time event that can be automated using Cisco EZ-Register, an open-source solution.

Source: cisco.com

Tuesday, 3 January 2023

Security Resilience in the Americas

The past couple of years have brought security resilience to the forefront. How can organizations around the world build resilience when uncertainty is the new normal? How can we be better prepared for whatever is next on the threat horizon? When threats are unpredictable, resilient security strategies are crucial to endure change when we least expect it.

In a previous blog post, we assessed security resilience in Europe, Middle East, and Africa (EMEA). Now, we take a look at organizations in the Americas to find out how they fare across four security outcomes that are critical for building resilience, based on findings from Cisco’s latest Security Outcomes Study. These outcomes include:

1. Keeping up with the demands of the business
2. Avoiding major security incidents
3. Maintaining business continuity
4. Retaining talented personnel

Country-level security performance


Based on the following chart, clear differences emerge when we examine these outcomes at the country level. The chart shows the proportion of organizations in each country that are reportedly “excelling” in the four outcomes contributing to security resilience.

What we see is that 52.7% of organizations in Colombia, for example, say their security programs are excelling at keeping up with the business, while only 35.3% report that they are excelling at avoiding major incidents. You can follow each country’s path through the four outcomes to see how they view their respective performance in certain areas.

Security Resilience in the Americas, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Prep, Cisco Preparation, Cisco Guides
Country-level comparison of reported success levels for security resilience outcomes

What’s really at the crux of these differences in security resilience among countries? Is Colombia that much more resilient than Mexico? Do organizations in different countries have varying definitions of what resilience is, and how they perceive their success? Reasons behind these country-level differences can be attributed to a variety of things, including security maturity, cultural factors and other organizational parameters.

How to improve resilience


Knowing what we know about how organizations across the Americas view their resilience, how can they improve it? The Security Outcomes Study, Volume 2, sheds some light here. In the study, we uncovered five practices proven to boost overall success in security programs, dubbed as the Fab Five:

1. A proactive tech refresh strategy
2. Well-integrated tech
3. Timely incident response
4. Prompt disaster recovery
5. Accurate threat detection

So, how did countries in the Americas rank their implementation of these Fab Five practices? If we look at Colombia, for example, 64% of organizations say their capabilities for accurate threat detection are strong, while only 48.1% of Canadian organizations say the same. There is a lot of movement around the top three countries: Colombia, Mexico and Brazil. The U.S. ranks fourth consistently across the board.

Security Resilience in the Americas, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Prep, Cisco Preparation, Cisco Guides
Country-level comparison of reported success levels for five leading security practices

You may be wondering if implementing these five security practices improved resilience across organizations in the Americas. Our study found that organizations in the Americas that do not implement any of these five practices rank in the bottom 25% for resilience, whereas those that reported strength in all five practices rose to the top 25%.

Security Resilience in the Americas, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Prep, Cisco Preparation, Cisco Guides
Effect of implementing five leading security practices on overall resilience score

Staying strong in the face of change


Resilience is a cornerstone of cybersecurity. The ability to quickly pivot while maintaining business continuity and robust defenses is increasingly important in today’s world.

Source: cisco.com

Saturday, 31 December 2022

Get Hands-on in the Cisco Crosswork Automation Sandbox

Cisco Crosswork Network Automation is a microservices platform that brings together streaming telemetry, big data, and model-driven application programming interfaces (APIs) to redefine how service providers conduct network operations. Cisco Crosswork Network Automation offers a platform to collaborate, and build an application ecosystem around on-box innovation.

The Cisco Crosswork Network Automation product suite is a highly scalable and efficient operations automation framework. It enables service providers to quickly deploy intent-driven, closed-loop operations. You can plan, implement, run, monitor, and perfect your service provider network automation, and gain mass awareness, augmented intelligence, and proactive control for data-driven, outcome-based network automation.

Streamline Network Operation Processes


Automation plays a significant role in helping organizations move more quickly by streamlining operational processes such as:

◉ Executing workflows at machine speed with high operational efficiency and repeatable quality
◉ Bridging and synchronizing business and Information Technology (IT) processes to cut gaps and improve customer experience
◉ Supplying analytics to improve decision-making and shorten fault resolution times

Lab, Test, and Build in the New Sandbox


Now you can lab, test and build with the new Cisco Crosswork Automation Sandbox. This new sandbox lets you:

◉ Monitor key performance indicators (KPIs) in real time
◉ Prepare network changes triggered by changes in KPIs
◉ Roll out these changes automatically
◉ Automated change-impact and security analysis

Cisco Certification, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Tutorial and Materials, Cisco Prep, Cisco Preparation

Production Crosswork Suite within the Sandbox


You will find a “production” Crosswork suite deployed to manage the multi-platform network within the sandbox lab. This network is made up of:

◉ Cisco Crosswork cluster
◉ Cisco Crosswork Data Gateway (CDG)
◉ Cisco Network Service Orchestrator (NSO)
◉ Cisco IOS XE/XR routers

Included in the sandbox is a new use case which will help understanding the Applications of Health Insights and Change Automation.  In this scenario, we want to showcase how to attach and detach the devices from Crosswork Data Gateway (CDG). As a part of the scenario, we will also showcase how to change the credentials at the device level.

Cisco Certification, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Tutorial and Materials, Cisco Prep, Cisco Preparation

◉ Scenario 1: Device Level Management: Showcase how to attach and detach the devices from Crosswork Data Gateway (CDG). As a part of the scenario, we will also highlight how to change the credentials at the device level

◉ Scenario 2: Health Insights Application Overview: See how Cisco Crosswork Health Insights offers real-time, telemetry-based Key Performance Indicator (KPI) monitoring and intelligent alerting.

◉ Scenario 2A: Create and enable KPI profiles: In this scenario, KPIs are provisioned on IOS-XR devices via a KPI Profile. The KPIs can be either GNMI, MDT, or SNMP protocol based. We can then enable the KPIs and verify that the respective data are being collected and visually presented on Health Insights

◉ Scenario 3: Network Automation Application Overview Learn how to codify workflows using parameterized Plays and stitch them into Playbooks for execution in a step-by-step or single-step fashion.

◉ Scenario 3A: Playbook execution. Now we have our code, let us define an automation task to achieve the intended network states in Change Automation using Playbooks

Source: cisco.com

Thursday, 29 December 2022

The 3 Ps for Partner Managed Services: Platform, Preference, and Performance

In case you missed Partner Summit last week, we just want to reiterate: your customers heavily prefer to consume technology as managed outcomes!

We are full steam ahead in supporting our credo The Age of the Partner where vendors, partners, and customers all work together with a consistent set of strategic business imperatives rather than disparate technology stacks. The time is now, and the path forward is through the continued relationship we have built with our partners. Success in this new age of digital transformation necessitates collective evolution, both for Cisco and our partners.

Our strategy for success, guiding our evolution in Partner Managed Services, is centered on our 3 Ps: Platform, Preference, and Performance.

Cisco Certification, Cisco Career, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides, Cisco Skills, Cisco Job

While we introduced this virtually at Partner Summit 2021, we’ve matured it considerably since then and would like to update our partner community on how we are employing this strategy to successfully deliver for our partners in this new age.

Platforms


Our strategy starts by making sure our platforms are capable of best-in-class managed services delivery for partners across Cisco’s architectures. We appreciate there are key technological capabilities partners need to select a technology as a managed services delivery platform:

Cisco Certification, Cisco Career, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides, Cisco Skills, Cisco Job

◉ Telemetry to feed into your Operational Support Systems
◉ Operational capabilities like single sign-on and role-based access control to deliver cost effectively at scale
◉ APIs that enable workflow automation for billing, provisioning, and reconciliation
◉ User Interfaces that provide intuitive and compelling provider operations and end-user experiences
◉ Integrations with leading systems like ServiceNow, Snow, and ConnectWise

MVPR

Our Partner Managed Services team has collaborated with key engineering teams within Cisco to develop a framework designed to articulate these technological requirements through an internal scorecard approach that we coined Minimal Viable Partner Requirements or MVPR. This framework facilitates an open, bidirectional, and iterative dialog with product engineering to form the basis of assessing and developing the technology and the Platform that orchestrates and manages it to meet Provider Partner expectations.

Partner Managed Ready Offer Catalog

We then add to the Platform the elements our Provider Partners need to build managed services with plenty of room to differentiate based on target segments, intellectual property, commercial terms, and/or the type of experience they want to deliver. Our Partner Managed Offer Management team coordinates content and tools aimed to address key care-abouts of core MSP functions:

◉ Product Management needs example service descriptions, market pricing, aligned buying programs and business case tools.

◉ Service Delivery requires Standard Operating Procedure (SOP) templates, lab environments, and technical training.

◉ Sales benefits from playbooks and positioning decks.

◉ Marketing uses messaging blocks and templated digital marketing assets.

◉ Customer Success leverages API guided for adoption measurements and user guides to enable customers on using the higher-value functions.

◉ Operations requires ordering guides and license management guides to support their role.

These are some of the assets we bring to our partners to help them move faster and be more successful with service creation and go-to-market than if Cisco just sold them technology and expected them to figure it out.

A few examples of Partner Managed Ready Offers from our catalog include:

◉ Managed SD-WAN powered by Viptela and/or by Meraki, enables partners to securely interconnect branches, campuses, data centers, and multi-cloud environments.

◉ Managed SASE allows partners to build on their cloud-delivered virtual fabric and intersect secure access for users and devices by delivering policy controlled secure access to applications and networks.

◉ Managed Webex Collaboration provides a cloud-hosted, video-centric, unified collaboration solution which can be delivered over service provider partner networks and is backed by partner managed services to enable and enrich work in a post-pandemic era.

◉ Managed Hybrid Cloud allows partners to deliver application environments that feel like the public cloud but reside where customers want, and often at much better long-term economics, blending cloud-like cost efficiencies with on-premises performance and security.

Preference


We recognize the need to simply the partner experience, and we are working hard to earn your preference as your managed services technology partner daily.

This starts by offering you choice and flexibility across two software buying programs designed specifically for managed service practices.

Managed Services Buying Programs
The first, Managed Services Enterprise Agreement (MSEA), is built on our standard Enterprise Agreement construct, but with MSEA, the partner owns the entitlement and controls the terms with their customers. Partners can enable as-a-Service packaging while getting all EA benefits like True Forward and great Cisco field alignment.

Cisco’s Managed Service License Agreement (MSLA) accounts for variable scale, seasonal demand, and dynamic user counts by providing post-paid utility-like consumption for 17 Cisco software products and growing. This enables additional flexibility for partners and their customers to address multiple business needs across different scenarios.

Payment Solutions Portfolio
We also offer a rich portfolio of payment solutions to help with business concerns and those “good problems” that come with success like cash flow, credit lines, environmental and sustainability targets, and cost-to-revenue alignment as partners continue to grow their managed services practices:

◉ Total technology: Cisco Easy Pay, Cisco Lifecycle Pay
◉ Software: Cisco Enterprise Agreement (EA) Pay, Cisco Partner Pay
◉ Services-focused: Cisco Multi-Year Services Pay – Attach and Renew, Cisco Partner Pay
◉ Consumption: Cisco+ Hybrid Cloud, Cisco Open Pay
◉ Circular IT: Cisco Green Pay, Cisco Lifecycle Pay, Cisco Lifecycle Pay for Secure Firewall

Additionally, we have reinvented the partner-led sales model for the Age of the Partner through our Partner Managed Success Framework:

Cisco Certification, Cisco Career, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides, Cisco Skills, Cisco Job

1. Offer Development begins with the development of a compelling partner managed offer that enables our Provider Partners to address market opportunities with great technology and the content and tools needed for success by key partner roles

2. Partner Engagement allows us to assess and analyze if a particular opportunity is aligned to both Cisco and our partner, or we may collaborate to determine which of several opportunities to pursue

3. Service Creation occurs when a partner formally builds a new service with Cisco support in the form of templates, best practices, cutting edge market research, and best-in-class expertise

4. Sales Acceleration gives us an opportunity collaborate on sales campaigns with potential support via Cisco Provider Market Development Funds (MDFs)

5. Sales Execution provides access to a seasoned team of sales capture professionals to help our partners with operationalizing and scaling sales pipelines

6. Partner Success provides touch points along the lifecycles to help partners strengthen customer value across the lifecycle, find adjacent opportunities, and prepare for renewals

Performance


Performance is the transformation throttle. Cisco is continually looking at the opportunity and determining how we can best help accelerate the pace of partner success. We are incentivizing partners for growth in strategic areas, backed by industry-leading market research, using the Provider role of the Partner Program as the value exchange fulcrum.

Cisco Certification, Cisco Career, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides, Cisco Skills, Cisco Job

Over the past two years, we’ve evolved the Cisco Partner Program substantially by simplifying over a dozen programs into a single, flexibly structured program centered on delivering value to customers. Partners can participate in one or more roles—Integrator, Developer, Advisor, and Provider —each at whatever level fits your business: Select, Premier, or Gold. Additionally, we have focused on aligning our Cisco Powered Services with our Partner Managed Ready Offers and evolving our benefits to suit the Age of the Partner.

We’re working hard to evolve our approach to this critical RTM to give partners a full arsenal of tools to succeed with their managed services practices. As the market evolves, Cisco is evolving and bringing our partners alongside, so no one gets left behind. Our belief is that by bringing these three elements – Platform, Preference and Performance – to bear simultaneously, we’re poised for mutual success in a very bright future. Let’s own it together!

Source: cisco.com

Tuesday, 27 December 2022

Cisco SD-WAN Fabric is SecOps New Best Friend

In this post, we will delve into new capabilities and integrations into the Cisco SD-WAN fabric that provides specific capabilities that support security operations persona.

The Cisco SD-WAN fabric, with all its existing rich security capabilities, enables the convergence of a two-box approach to secure the branch into a single-box solution. From a management perspective, Cisco vManage controller enables a seamless and converged experience for both the networking and security aspects of the SD-WAN fabric. However, the requirements from security professionals to manage the threats and risks in the enterprise are evolving as applications and the workforce become more distributed. To accommodate these changes, the Cisco SD-WAN secure fabric is being enhanced in multiple dimensions to cater to the more specific operational requirements of the SecOps persona.

An SD-WAN Dashboard Tailored for SecOps


Recent innovations in Cisco SD-WAN enable the secure fabric’s WAN functions to be managed by the networking operations team while the security functions are managed by the security operations team. In addition to a NetOps persona, a new SecOps persona is available in Cisco vManage controller. Logging into the controller, the SecOps persona is presented with a security-focused dashboard and management privileges so that the security administrator can quickly gain a comprehensive understanding of the security health of the network. From a management perspective, the SecOps persona will be able to create and associate security policies to specific sites and VPNs in the SD-WAN fabric. SecOps persona will also be able to view SD-WAN operational statistics, but will not be able to create SD-WAN-specific routing policies and configurations.

Security-Focused Visibility for Troubleshooting SD-WAN Fabrics


Logging for the purpose of visibility and troubleshooting is a critical requirement for security persona to be able to defend the far-reaching WAN fabric. The Cisco SD-WAN router generates comprehensive logs for all the security and connection events detected in the SD-WAN router. These logs can be consumed, parsed, and analyzed in real-time by Security Information and Event Management (SIEM) systems to drive timely security remediations, or stored for long-term historical reference. The security event logs are stored in Cisco Secure Analytics and can be filtered and visualized on Cisco Defense Orchestrator (CDO).

Cisco SD-WAN Fabric, SecOps, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides, Cisco Certification
Figure 1. Intrusion Event Logging for SD-WAN Security Persona

In addition, Cisco is partnering with Splunk to enable visualization and analysis of the security and connection-related logs generated from SD-WAN. The Cisco SD-WAN application ingests logs from SD-WAN routers and presents actionable security analytics on a pre-populated dashboard. Example uses cases enabled by the Splunk integration for the security operations persona are:

◉ A holistic view of all the security events captured by the SD-WAN security stack.
◉ Ability to examine any security event at the device level along with traffic patterns occurring when the security event was triggered.

The Cisco SD-WAN Splunk Integration consists of two components:

◉ Cisco SD-WAN Add-on for Splunk – Add-ons are used for data optimization and collection processes. Cisco SD-WAN Add-on for Splunk collects a range of Cisco Logs Data and NetFlow Data and stores them in Splunk indexes.
◉ Cisco SD-WAN App for Splunk – Using data from the Add-On, the Cisco SD-WAN App presents dashboards for Cisco Logs and NetFlow Data with detailed visualization, analysis, and representation.

Cisco SD-WAN Fabric, SecOps, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides, Cisco Certification
Figure 2. Cisco SD-WAN App for Splunk Provides SecOps with Increased Visibility into Threats

Cisco SD-WAN Fabric, SecOps, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides, Cisco Certification
Figure 3. Cisco SD-WAN App for Splunk Provides Detailed Threat Visibility

SecOps Can Rely on Cisco SD-WAN Secure Fabric


There is an abundance of security features in the Cisco SD-WAN fabric now that will become invaluable to SecOps, whether they are hunting for intrusions, assigning security permissions, or detecting threats. Cisco SD-WAN is always evolving to make managing networks simpler and more secure, even as the scale of networks continues to scale and threats increase in complexity.

Source: cisco.com

Saturday, 24 December 2022

Cisco Joins the Launch of Amazon Security Lake

The Cisco Secure Technical Alliance supports the open ecosystem and AWS is a valued technology alliance partner, with integrations across the Cisco Secure portfolio, including SecureX, Secure Firewall, Secure Cloud Analytics, Duo, Umbrella, Web Security Appliance, Secure Workload, Secure Endpoint, Identity Services Engine, and more.

Cisco Secure and AWS Security Lake


We are proud to be a launch partner of AWS Security Lake, which allows customers to build a security data lake from integrated cloud and on-premises data sources as well as from their private applications. With support for the Open Cybersecurity Schema Framework (OCSF) standard, Security Lake reduces the complexity and costs for customers to make their security solutions data accessible to address a variety of security use cases such as threat detection, investigation, and incident response. Security Lake helps organizations aggregate, manage, and derive value from log and event data in the cloud and on-premises to give security teams greater visibility across their organizations.

With Security Lake, customers can use the security and analytics solutions of their choice to simply query that data in place or ingest the OCSF-compliant data to address further use cases. Security Lake helps customers optimize security log data retention by optimizing the partitioning of data to improve performance and reduce costs. Now, analysts and engineers can easily build and use a centralized security data lake to improve the protection of workloads, applications, and data.

Cisco Secure Firewall


Cisco Secure Firewall serves as an organization’s centralized source of security information. It uses advanced threat detection to flag and act on malicious ingress, egress, and east-west traffic while its logging capabilities store information on events, threats, and anomalies. By integrating Secure Firewall with AWS Security Lake, through Secure Firewall Management Center, organizations will be able to store firewall logs in a structured and scalable manner.

eNcore Client OCSF Implementation


The eNcore client provides a way to tap into message-oriented protocol to stream events and host profile information from the Cisco Secure Firewall Management Center. The eNcore client can request event and host profile data from a Management Center, and intrusion event data only from a managed device. The eNcore application initiates the data stream by submitting request messages, which specify the data to be sent, and then controls the message flow from the Management Center or managed device after streaming begins.

Cisco Security, Cisco Career, Cisco Skills, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides

These messages are mapped to OCSF Network Activity events using a series of transformations embedded in the eNcore code base, acting as both author and mapper personas in the OCSF schema workflow. Once validated with an internal OCSF schema the messages are then written to two sources, first a local JSON formatted file in a configurable directory path, and second compressed parquet files partitioned by event hour in the S3 Amazon Security Lake source bucket. The S3 directories contain the formatted log are crawled hourly and the results are stored in an AWS Security Lake database. From there you can get a visual of the schema definitions extracted by the AWS Glue Crawler, identify fieldnames, data types, and other metadata associated with your network activity events. Event logs can also be queried using Amazon Athena to visualize log data.

Get Started


To utilize the eNcore client with AWS Security Lake, first go to the Cisco public GitHub repository for Firepower eNcore, OCSF branch.

Cisco Security, Cisco Career, Cisco Skills, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides

Download and run the cloud formation script eNcoreCloudFormation.yaml.

Cisco Security, Cisco Career, Cisco Skills, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides

The Cloud Formation script will prompt for additional fields needed in the creation process, they are as follows:

Cidr Block:  IP Address range for the provisioned client, defaults to the range shown below

Instance Type:  The ec2 instance size, defaults to t2.medium

KeyName  A pem key file that will permit access to the instance

AmazonSecurityLakeBucketForCiscoURI: The S3 location of your Data Lake S3 container.

FMC IP: IP or Domain Name of the Cisco Secure Firewall Mangement Portal

Cisco Security, Cisco Career, Cisco Skills, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides

After the Cloud Formation setup is complete it can take anywhere from 3-5 minutes to provision resources in your environment, the cloud formation console provides a detailed view of all the resources generated from the cloud formation script as shown below.

Cisco Security, Cisco Career, Cisco Skills, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides

Once the ec2 instance for the eNcore client is ready, we need to whitelist the client IP address in our Secure Firewall Server and generate a certificate file for secure endpoint communication.

In the Secure Firewall Dashboard, navigate to Search->eStreamer, to find the allow list of Client IP Addresses that are permitted to receive data, click Add and supply the Client IP Address that was provisioned for our ec2 instance.  You will also be asked to supply a password, click Save to create a secure certificate file for your new ec2 instance.

Cisco Security, Cisco Career, Cisco Skills, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides

Download the Secure Certificate you just created, and copy it to the /encore directory in your ec2 instance.

Cisco Security, Cisco Career, Cisco Skills, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides

Use CloudShell or SSH from your ec2 instance, navigate to the /encore directory and run the command bash encore.sh test

Cisco Security, Cisco Career, Cisco Skills, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides

Cisco Security, Cisco Career, Cisco Skills, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides

You will be prompted for the certificate password, once that is entered you should see a Successful Communication message as shown below.

Cisco Security, Cisco Career, Cisco Skills, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides

Run the command bash encore.sh foreground

This will begin the data relay and ingestion process. We can then navigate to the S3 Amazon Security Lake bucket we configured earlier, to see OCSF compliant logs formatted in gzip parquet files in a time-based directory structure. Additionally, a local representation of logs is available under /encore/data/* that can be used to validate log file creation.

Cisco Security, Cisco Career, Cisco Skills, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides

Amazon Security Lake then runs a crawler task every hour to parse and consume the logs files in the target s3 directory, after which we can view the results in Athena Query.

Cisco Security, Cisco Career, Cisco Skills, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides

Source: cisco.com