Thursday, 29 June 2023

How Secure Network Analytics 7.4.2 delivers world-class NDR

Cisco is dedicated to providing genuine added value to customers, and we believe our new version of Secure Network Analytics (SNA) – software release 7.4.2 – more than drives that point home. Packed with enhancements, including better data ingestion and processing, advanced detection, and hardware integrations, this new SNA implementation delivers the essential, high-demand network visibility and detection needed to safeguard the business efficiently and effectively.

Data Store architecture takes center stage

So, what’s the most notable improvement in 7.4.2? Better Data Store architecture. With the ability migrate existing SNA implementation over to this architecture, users can access enhancements added over multiple iterations — all designed to make gathering and storing info easier.

It starts with flow collectors. This new release aims to minimize the number needed, using a centralized database instead to handle the processing of collected flows – a substantial change designed to improve fault tolerance, add resiliency, and preserve your historical data – even when it’s deployed in more than three data nodes.

Query response times are also faster, and we’ve also added better reporting. So, between these two enhancements alone, charts, graphs, and your top-5 accessed reports will load up within minutes, rather than hours.

On the telemetry front, 7.4.2 is very scalable. It’s already compatible with NetFlow, NVM, FTD, and ASA Firewall telemetry, but it will also be adaptable to future types of telemetry.

And one of the biggest benefits is enhanced maintenance. This architecture delivers a substantial increase in flow processing rates, scaling up to as much as 1 million Flows Per Second (FPS). This is an almost two-fold increase over the previous rate. But now with a centralized primary database to process flows, this makes maintenance easier — and reduces costs – a high priority across many industries.

Here are some of the specific feature enhancements you’ll see with 7.4.2:

Converged analytics meets powerful detection

In one specific deployment model, the Converged Analytics workflow delivers superior intel by using a more robust and efficient threat detection engine, and centralized data is leveraged to create reliable, relevant alerts.

Compared to the original SNA alarms, these are drastically quieter – and more in-tune with what’s happening now – delivering context based on the network and advanced behavioral analytics. In other words, SNA creates a instant baseline, learns what behavior is considered “normal” over time, and only triggers an alert if a user fails to follow that trend.


This new centralized engine can in fact now produce new alerts on additional telemetry types, such as Remote Worker detections leveraging the Network Visibility Module (NVM). This represents an important milestone in the threat detection capabilities for the Secure Network Analytics offering, which can now cover important use cases for the market as the need for remote worker visibility continuously increases. To add to the capabilities of Converged Analytics, the engine can also dynamically provide role modeling detections based on the behavior of assets in the network.


This feature helps provide needed context for the detection engine so it can understand an entity’s behavior and create relevant alerts that are meaningful to each customer’s circumstances.

And one more performance boost to note. Secure Network Analytics now integrates with the latest M6 hardware appliance. This yields better Flow Collector ingestion rates, faster flow search queries, and an overall increase in the throughput for the Flow Sensors. Cisco Telemetry Broker is also integrated, which enables users to redirect traffic from any source to a Secure Network Analytics deployment.

With all the improvements to the data ingestion mechanism, the product can effectively achieve XDR outcomes with its native functionality and integration with SecureX. By leveraging multiple telemetry sources, customers can achieve broad network visibility and easily consume relevant detections for potential threats in their network. The simplified workflow reduces the need for users to understand the meaning and source of an alert, enabling them to respond and remediate faster. Thanks to this, organizations can safeguard their assets in time and prevent attackers from breaching the network.


While there are many more details that showcase the fantastic work by the Cisco team, this summary provides a conceptual overview that illustrates the added value for customers who upgrade to the latest 7.4.2 release. And as the market continues to evolve and organizations need a strong Network Detection and Response solution to protect their business and assets, Secure Network Analytics will continue leading the market with a world-class solution that solves customers’ most prominent and urgent needs.

Source: cisco.com

Tuesday, 27 June 2023

Cisco and Intel Demonstrate Interoperability for Open RAN

Cisco and Intel validate interoperability between Cisco Nexus 93180YC-FX3 Switch and Intel® Ethernet 800 Series Network Adapters that feature enhanced timing capabilities for faster and lower cost Open RAN (Radio Access Networks) deployments.

The emergence of Open RAN (O-RAN) standards and solutions is based on the virtualization of network functions and a multi-vendor ecosystem to grow innovation while driving down 5G network operation costs. But an open ecosystem requires each network element to communicate and interoperate with the others. Cisco and Intel have collaborated on a network solution for communications service providers (CoSPs) that delivers on the O-RAN promise.

To address integration challenges faced by CoSPs when deploying Open RAN network infrastructure, Cisco and Intel have combined forces to validate seamless interoperability between Intel® Ethernet 800 Series Network Adapters with enhanced network timing capabilities and Cisco Nexus 93180YC-FX3 network switches.

The Promise of Open RAN


Radio access networks (RANs) historically have been built from proprietary equipment and systems that relied on hardware-centric, centralized, single-vendor components. These systems locked CoSPs into specific vendors and costly integrations, often limiting their ability to scale and innovate. The O-RAN set of standards specifies open, intelligent, virtualized, and fully interoperable RANs supported by multi-vendor interoperability, with a scalable, secure, cloud-native infrastructure that enables service delivery to the network edge, closer to the user.

Solution disaggregation and the use of open interfaces opened the door for the first time for commercial-off-the-shelf (COTS) servers, routers and other networking equipment. But it also increased the need for interoperability between network systems.

One area where this is critical is fronthaul synchronization (Figure 1). The fronthaul in 5G networks is part of cloud-based RAN connecting standalone radio units (RUs) and distributed units (DUs) installed at remote cell sites with centralized units (CUs) that can aggregate multiple DUs and exist in the cloud. This architecture pushes compute power to the network edge and enables support for applications that require high bandwidth and extremely low latency.

Cisco Career, Cisco Skills, Cisco Jobs, Cisco Prep, Cisco Preparation, Cisco Tutorial and Materials, Cisco Certification
Figure 1 Open RAN fronthaul transport configuration incorporating Cisco Nexus 9300 Series switches.

Fronthaul synchronization involves the network adapter and the network switch to ensure that data packet order is accurate, secure, and consistently delivered between data source and endpoints without data loss or corruption so that products from different vendors can seamlessly communicate.

The synchronization plane (S-Plane) controls timing and synchronization between the DU and the RU, and highly accurate timing and synchronization is required for processes such as multiple input/multiple output (MIMO), time-division duplexing (TDD), and carrier aggregation of multiple O-RUs.

Cisco Career, Cisco Skills, Cisco Jobs, Cisco Prep, Cisco Preparation, Cisco Tutorial and Materials, Cisco Certification
Figure 2. The S-Plane synchronizes between the O-DU and O-RU using PTP and SyncE timing protocols.

Validated Interoperability


In this application (Figure 3), interoperability needs to be considered for these S-Plane functions. To address interoperability challenges faced by CoSPs when deploying Open RAN network infrastructure, Cisco and Intel have combined forces to verify interoperability between Intel Ethernet Network Adapter E810-XXVDA4T and Cisco Nexus 93180YC-FX3 network switches.

This collaboration is part of Intel’s interoperability verification program, which features a dedicated Intel lab that evaluates Intel Ethernet 800 Series Network Adapters connected to a wide range of media types and Ethernet switches. The goal of the interoperability verification program is to test and ensure compliance to IEEE standards and also to quality-assure the PHY functionality of Intel Ethernet Network Adapters.

Cisco and Intel successfully performed the following tests:

Test 1: Cisco Nexus 93180YC-FX3 Switch and the Intel Ethernet Network Adapter E810-XXVDA4T successfully passed 25Gbps line rate radio traffic.
Test 2: Clocking features such as 1588 PTP Telcom Profile 8275.1 and frequency synchronization (SyncE) demonstrated.
Test 3: Clock received by virtual DU over the network using 1588 PTP and SyncE.

Cisco Career, Cisco Skills, Cisco Jobs, Cisco Prep, Cisco Preparation, Cisco Tutorial and Materials, Cisco Certification
Figure 3. Example Distributed Unit (DU) deployment using Intel Ethernet Network Adapter E810-XXVDA4T and Cisco N9K-C93180YC-FX3.

Result: Through this verification and quality assurance of interoperability, Intel and Cisco have worked closely to simplify platform integrations and accelerate validation and deployment to deliver a solution that assures ease of integration for Open RAN deployments. Intel and Cisco plan to continue these interoperability tests with upcoming products from both companies.

Conclusion

Cisco and Intel have a long history of collaboration and their commitment to interoperability for CoSP applications is showcased in their tight integration of network adapters and switch solutions for Open RAN applications eased deployments, faster time-to-market, lower total cost of ownership, and scalability and customizability for CoSPs committed to the advantages of O-RAN.

Source: cisco.com

Saturday, 24 June 2023

Cisco Silicon One Breaks the 51.2 Tbps Barrier

In December 2019, we made a bold announcement about how we’d forever change the economics of the internet and drive innovation at speeds like no one had ever seen before. These were ambitious claims, and not surprisingly, many people took a wait-and-see attitude. Since then, we’ve continued to innovate at an increasingly fast pace, leading the industry with innovative solutions that meet our customers’ needs.

Today, just three and a half years after launching Cisco Silicon One™, we’re proud to announce our fourth-generation set of devices, the Cisco Silicon One G200 and Cisco Silicon One G202, which we are sampling to customers now. Typically, new generations are launched every 18 to 24 months, demonstrating a pace of innovation that’s two times faster than normal silicon development.

The Cisco Silicon One G200 offers the benefits of our unified architecture and focuses specifically on enhanced Ethernet-based artificial intelligence/machine learning (AI/ML) and web-scale spine deployments. The Cisco Silicon One G200 is a 5 nm, 51.2 Tbps, 512 x 112 Gbps serializer-deserializer (SerDes) device. It is a uniquely programmable, deterministic, low-latency device with advanced visibility and control, making it the ideal choice for web-scale networks.

The Cisco Silicon One G202 brings similar benefits to customers who still want to use the 50G SerDes for connecting optics to the switch. It is a 5 nm, 25.6 Tbps, 512 x 56 Gbps SerDes device with the same characteristics as the Cisco Silicon One G200 but with half the performance.

To achieve the vision of Cisco Silicon One, it was imperative for us to invest in key technologies. Seven years ago, Cisco began investing in our own high-speed SerDes development and realized immediately that as speeds increase, the industry must move to analog-to-digital (ADC)-based SerDes. SerDes acts as a fundamental building block of networking interconnect for high-performance compute and AI deployments. Today, we are pleased to announce our next-generation, ultra-high performance, and low-power 112 Gbps ADC SerDes capable of ultra-long reach channels supporting 4-meter direct-attach cables (DACs), traditional optics, linear drive optics (LDO), and co-packaged optics (CPO), while minimizing silicon die area and power.

Cisco Silicon, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Prep, Cisco Preparation, Cisco Tutorial and Materials
Figure 1. Cisco Silicon One product family

The Cisco Silicon One G200 and G202 are uniquely positioned in the industry with advanced features to optimize real-world performance of AI/ML workloads—while simultaneously driving down the cost, power, and latency of the network with significant innovations.

The Cisco Silicon One G200 is the ideal solution for Ethernet-based AI/ML networks for several reasons:

~ With the industry’s highest radix switch, with 512 x 100GE Ethernet ports on one device, customers can build a 32K 400G GPUs AI/ML cluster with a 2-layer network requiring 50% less optics, 40% fewer switches, and 33% fewer networking layers—drastically reducing the environmental footprint of the AI/ML cluster. This saves up to 9 million kWh per year, which according to the U.S. Environmental Protection Agency is equivalent to more than 6,000 metric tons of carbon dioxide (CO2e) or burning 7.3 million pounds of coal per year.

~ Advanced congestion-aware load balancing techniques enable networks to avoid traditional congestion events.

~ Advanced packet-spraying techniques minimize creation of congestion hot spots in the network.

~ Advanced hardware-based link-failure recovery delivers optimal performance across massive web-scale networks, even in the presence of faults.

Cisco Silicon, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Prep, Cisco Preparation, Cisco Tutorial and Materials

Figure 2. Benefits of large radix 51.2 Tbps switches

Cisco Silicon One Innovations


Here’s a closer look at some of our many Cisco Silicon One–related innovations:

Converged architecture

~ Cisco Silicon One provides one architecture that can be deployed across customer networks, from routing roles to web-scale front-end networks to web-scale back-end networks, dramatically reducing deployment timelines, while simultaneously minimizing ongoing operations costs by enabling a converged infrastructure.

~ Using a common software development kit (SDK) and standard Switch Abstraction Interface (SAI) layers, customers need only port the Cisco Silicon One environment to their network operating system (NOS) once and make use of that investment across diverse network roles.

~ Like all our devices, the Cisco Silicon One G200 has a large and fully unified packet-buffer optimizing burst-absorption and throughput in large web-scale networks. This minimizes head-of-line blocking by absorbing bursts instead of the generation of priority flow control.

Optimization across the entire value chain

~ The Cisco Silicon One G200 has up to two times higher radix than other solutions with 512 Ethernet MACs, enabling customers to significantly reduce the cost, power, and latency of network deployments by removing layers of their network.

~ With our own internally developed, next-generation, SerDes technology, the Cisco Silicon One G200 device is capable of driving 43 dB bump-to-bump channels that enable co-packaged optics (CPO), linear pluggable objects (LPO), and the use of 4-meter 26 AWG copper cables, which is well beyond IEEE standards for optimal in-rack connectivity.

~ The Silicon One G200 is over two times more power efficient with two times lower latency compared to our already optimized Cisco Silicon One G100 device.

~ The physical design and layout of the device is built with a system-first approach, allowing customers to run system fans slower, dramatically decreasing system power draw.

Innovative load balancing and fault detection

~ Support for non-correlated, weighted equal-cost multipath (WECMP) and equal-cost multipath (ECMP) load balancing capabilities with near-ideal characteristics help to avoid hash polarization, even across massive networks.

~ Congestion-aware load balancing for stateful ECMP, flow, and flowlet enables optimal network throughput with optimal flow-completion time and job-completion time (JCT).

~ Congestion-aware stateless packet spraying enables near ideal JCT by using all available network bandwidth, regardless of flow characteristics.

~ Support for hardware-based redistribution of packets based on link failures enables Cisco Silicon One G200 to optimize real-world throughput of massive scale networks.

Advanced packet processor

~ The Cisco Silicon One G200 uses the industry’s first fully custom, P4 programmable parallel packet processor capable of launching more than 435 billion lookups per second. It supports advanced features like SRv6 Micro-SID (uSID) at full rate and is extendable with full run-to-completion processing for even more complex flows. This unique packet processing architecture enables flexibility with deterministic low latency and power.

Deep visibility and analytics

~ Programmable processors enable support for standard and emerging web-scale in-band telemetry standards providing industry-leading network visibility.

~ Embedded hardware analyzers detect microbursts with pre- and post-event logging of temporal flow information, giving network operators the ability to analyze network events after the fact with hardware time visibility.

A new generation of network capabilities


Gone are the days when the industry operated in silos. With its one unified architecture, Cisco Silicon One erases the hard dividing lines that have defined our industry for too long. Customers no longer need to worry about architectural differences rooted in past imagination and technology limitations. Today, customers can deploy Cisco Silicon One in a multitude of ways across their networks.

With the Cisco Silicon One G200 and G202 devices, we extend the reach of Cisco Silicon One with optimized high-bandwidth devices purpose-built for spine and AI/ML deployments. Customers can save money by deploying fewer and more efficient devices, enjoy new deployment topologies with ultra-long-reach SerDes, improve their AI/ML job performance with innovative load balancing and fault discovery techniques, and improve network debuggability with advanced telemetry and hardware analyzers.

If you’ve been watching since we first announced Cisco Silicon One in December 2019, it is easy to see that this is just the beginning. We’re looking forward to continuing to accelerate the value addition for our customers.

Stay tuned for more exciting Cisco Silicon One developments.

Source: cisco.com

Thursday, 22 June 2023

The Value of SOC2 and ISO27001 in Enhancing Customer Trust

Cisco Career, Cisco Skills, Cisco Jobs, Cisco Learning, Cisco Tutorial and Materials, Cisco Guides, Cisco Preparation

In an era of ever-evolving cybersecurity threats, a strong security posture for your cloud-based applications is paramount. Certifications such as SOC2 and ISO27001 represent an international benchmark that demonstrate a product’s robustness in security, service resiliency, and sound data management practices. Recently, our product, Secure Email Threat Defense, successfully completed the SOC2 certification process, and I’d like to share our experience to highlight the importance of these certifications for security-conscious buyers.

To gain certification, our team had to show an accredited external auditor that Secure Email Threat Defense met or exceeded the requirements of SOC2 and ISO27001. In obtaining SOC2 Type 2 certification, we validated our adherence to the Trust Services Criteria: security, availability, and confidentiality. ISO27001 further demanded effective processes and controls to protect information systems and contained data.

These combined certifications assure our customers that Email Threat Defense:

◉ Operates in a secure, reliable, and responsible manner.
◉ Protects our customers’ information.
◉ Provides transparency in system development, deployment, and maintenance as evidenced in our SOC2 Type 2 report.
◉ Commits to independent audits that will validate the effectiveness of our controls, both procedurally and from an implementation perspective.

As part of the audit process, Email Threat Defense had to prove its commitment to internal processes and provide evidence of ongoing adherence to internal controls. Our efforts in access management, change management, business continuity, incident response, and vulnerability management were scrutinized.

In the area of access management, we showcased our commitment to best practices and granular access permissions, ensuring that customer data is protected at all times. When it comes to change management, we follow strict policies and require approval for all system changes, enabling us to deliver quality features quickly.

Our business continuity and incident response capabilities were also thoroughly reviewed. We demonstrated our service’s resiliency to upstream service failures within AWS and Azure, as well as our team’s robust incident response capabilities. In a disaster recovery scenario, we showed our ability to restore critical customer data, including Search and Reporting data.

Cisco Career, Cisco Skills, Cisco Jobs, Cisco Learning, Cisco Tutorial and Materials, Cisco Guides, Cisco Preparation

Finally, in the realm of vulnerability management, we proved our ability to remediate vulnerabilities within industry-standard SLAs, thereby mitigating the risk of known and emerging threats.

By obtaining SOC2 and ISO27001 certifications, we have displayed our unwavering commitment to information security and to our customers, providing an additional layer of trust for our users. For security-conscious buyers, these certifications represent a reliable method for evaluating the security posture of cloud-based applications such as Email Threat Defense. These certifications are not merely symbolic badges; they indicate a level of trust that our customers can rely on  in an uncertain cybersecurity landscape. We’re proud of the work we’ve done to achieve this significant milestone and we will continue to prioritize security as we further develop, innovate, and optimize Email Threat Defense.

Source: cisco.com

Wednesday, 21 June 2023

The Cisco DCCOR 350-601 Exam: What to Expect and How to Prepare

Cisco Systems is an internationally renowned company that specializes in internet networking. Its extensive range of networking solutions has greatly benefited businesses in various industries by offering essential services and communication products. The need for skilled professionals who are certified in managing and enhancing IT systems and infrastructure within companies is on the rise. The CCNP Data Center DCCOR 350-601 certification equips individuals with the necessary skills and knowledge to address technical and operational challenges at different stages and devise effective solutions.

Overview of the Cisco DCCOR 350-601Certification

The exam has a duration of 120 minutes, during which candidates will encounter a variety of question formats, including multiple-choice, drag-and-drop, and simulations. The number of questions in the exam can range from 90 to 110. To take the DCCOR 350-601 exam, candidates are required to pay a fee of $400. The exam is conducted in English.

The DCCOR 350-601 exam encompasses a diverse array of subjects pertaining to data center technologies. Several prevalent topics that are addressed in this examination comprise:

  • Network (25%)
  • Compute (25%)
  • Storage Network (20%)
  • Automation (15%)
  • Security (15%)
  • Cisco DCCOR 350-601 Exam Preparation Resources

    To effectively prepare for the Cisco DCCOR 350-601 exam, it is crucial to leverage a combination of study materials and resources. Here are some recommended resources that can enhance your preparation process:

    1. Cisco Official Certification Guide

    The Cisco Official Certification Guide is an authoritative resource covering all exam objectives comprehensively. It offers in-depth explanations, real-world examples, and practice questions to help you grasp the concepts and reinforce your knowledge. Study this guide thoroughly and use it as a reference throughout your preparation journey.

    2. Cisco Learning Labs

    Cisco Learning Labs provides a hands-on experience by offering virtual environments to practice various data center technologies. These labs enable you to gain practical skills and reinforce your understanding of the concepts covered in the exam. Take advantage of these labs to get hands-on experience with Cisco equipment and familiarize yourself with real-world scenarios.

    3. Cisco Online Communities and Forums

    Engaging with online communities and forums dedicated to Cisco certifications can be immensely beneficial. These platforms allow networking professionals to connect, share experiences, and seek guidance. Active participation in discussions will enable you to gain valuable insights, learn from other's experiences, and clarify doubts.

    4. Cisco DCCOR 350-601 Practice Exams

    Practice exams are invaluable resources for gauging your exam readiness. These resources simulate the exam environment and help you identify areas to improve. Regularly practicing with these materials can enhance your time management skills and help you become familiar with the question formats, ensuring a smoother experience on exam day.

    5. Training Courses

    Consider enrolling in an official training course for the Cisco DCCOR 350-601 exam preparation. These intensive programs provide expert-led training, hands-on labs, and comprehensive study materials. The structured approach offered by these courses can significantly streamline your learning process and ensure you cover all the exam objectives effectively.

    Effective Exam Preparation Tips

    1. Create a Study Plan

    Develop a well-structured study plan to make the most of your preparation time. Start by assessing your current knowledge and identifying areas that require more focus. Allocate dedicated study sessions and set realistic goals for each session. Breaking the topics into manageable chunks ensures comprehensive coverage and prevents last-minute cramming.

    2. Follow a Systematic Approach

    Adopting a systematic approach to studying is vital for success. Begin by understanding the foundational concepts and gradually progress to more complex topics. Take notes, create mind maps, and use visual aids to reinforce your understanding. Revise previously covered topics regularly to maintain a solid grasp of the material.

    3. Utilize Active Learning Techniques

    There may need to be more than passive reading to retain information effectively. Employ active learning techniques such as summarizing concepts in your own words, discussing topics with study partners, or teaching the material to someone else. These techniques promote a more profound understanding and long-term retention of the subject matter.

    4. Hands-on Practice

    There must be more than just theory to excel in the Cisco DCCOR 350-601 exam. Devote time to hands-on practice with data center technologies. Set up a virtual lab environment using tools like Cisco Packet Tracer or GNS3 to gain practical experience configuring and troubleshooting network devices. Practical application of the concepts enhances your understanding and builds confidence.

    5. Review and Reinforce

    Regularly reviewing the material you have covered is crucial for retention. Set aside dedicated time for review sessions where you revisit previous topics, answer practice questions, and identify any areas that need further reinforcement. Utilize flashcards or create summary sheets to condense essential information and facilitate quick revision.

    6. Take Care of Yourself

    Exam preparation can be intense and demanding, but prioritizing self-care is essential. Get enough sleep, eat well-balanced meals, and engage in physical activities to keep your mind and body in optimal condition. Taking breaks and managing stress effectively will improve your overall well-being and focus during study sessions.

    Conclusion

    Achieving success in the Cisco DCCOR 350-601 exam requires diligent preparation and leveraging the right resources. Following a well-structured study plan, utilizing recommended resources, and adopting practical exam preparation tips can enhance your knowledge, boost your confidence, and increase your chances of attaining a favorable outcome. Remember, continuous learning and practical application of the concepts are vital to becoming a proficient network engineer in the dynamic world of data centers.

    Start your journey today with Cisco DCCOR 350-601 exam preparation, and unlock new opportunities in the ever-evolving networking field.

    Tuesday, 20 June 2023

    Security automation with Cisco XDR

    Cisco XDR, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Prep, Cisco Preparation, Cisco Learning, Cisco Certification, Cisco Guides

    Security Operations Centers (SOC) continue to face new and emerging threats that test the limits of their tooling and staff. Attackers have simple, affordable access to a plethora of cloud-based computing resources and can move quicker than ever. Keeping up with threats is no longer about adding more people to the SOC to watch logs and queues. It’s about leveraging automation to match the speed of your attackers. This past April, at the RSA Conference in San Francisco, Cisco announced our new eXtended Detection and Response (XDR) product: Cisco XDR. Cisco XDR combines telemetry and enrichment from a wide variety of products, both Cisco and third party, to give you a single place to correlate events, investigate, and respond to automatically enriched incidents. No modern XDR product is complete without automation, and Cisco XDR has multiple automation features built in to accelerate how your SOC battles their enemies.

    Response Playbooks


    Having visibility from an incident is step one, but being able to quickly take meaningful response actions is vital. In Cisco XDR, the new incident manager has what we’re calling the response playbook. The response playbook is a series of suggested tasks and actions broken down into four phases (based on SANS PICERL):

    • Identification – Review the incident details and confirm that a breach of policy has occurred.
    • Containment – Prevent malicious resources from continuing to impact the environment.
    • Eradication – Remove the malicious artifacts from the environment.
    • Recovery – Validate eradication and recover or restore impacted systems.

    Each of these four phases has their own tasks that guide the analyst through completing relevant steps, but the one to focus on from an automation perspective is containment. Let’s say you have a few endpoints you want to isolate but they’re managed by multiple different endpoint detection and response (EDR) products. Two are managed by Cisco Secure Endpoint and another is managed by CrowdStrike. With both of these products integrated into Cisco XDR, all you need to do is click “Select” on the “Contain Incident: Assets” task, select the endpoints to contain, and click “Execute.” We’ll handle the rest from there using an automated workflow in Cisco XDR Automation (explained in more detail in the next section). The workflow will check which endpoints are in which EDR and take the corresponding actions in each product. Improving the analyst’s ability to identify and execute a response action from within an incident is one of the many ways Cisco XDR helps your SOC accelerate its operations.

    Cisco XDR, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Prep, Cisco Preparation, Cisco Learning, Cisco Certification, Cisco Guides

    Automated Workflows


    With automation being a core component of how we achieve XDR outcomes, it should come as no surprise that Cisco XDR has a fully featured automation engine built in. Cisco XDR Automation is a no-to-low code, drag-and-drop workflow editor that allows your SOC to accelerate how it investigates and responds, among other things. You can do this by importing workflows from Cisco or by writing your own. To take automation to the next level in Cisco XDR, we have a new concept called Automation Rules. These rules allow you to define criteria that determine when a workflow is executed. Here are some example rule types and when you might use them:

    • Approval Task – Take response actions after an approval task is approved, or notify the team if a request is denied.
    • Email – Investigate suspicious or user-reported emails as they arrive in a spam or phishing investigation mailbox.
    • Incident – Enrich incidents with additional context, take automated response actions, assign to an analyst, push data to other systems like ServiceNow, and more.
    • Schedule – Automate repetitive tasks like auditing configurations, collecting data, or generating reports.
    • Webhook – Integrate with other systems that can call a webhook when something interesting happens. A message being sent to a bot in Webex, for example.

    Cisco XDR Automation allows you to move data between systems that don’t know how to communicate with each other, use custom or third party tools to enrich incidents as they’re generated, or tailor how your analysts respond to threats based on your standard operating procedures.

    Cisco XDR, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Prep, Cisco Preparation, Cisco Learning, Cisco Certification, Cisco Guides

    APIs


    Finally, the core of what powers much of Cisco XDR is its APIs. Cisco XDR has a robust set of APIs that allow you to extend most of the functionality you see in the product out to other systems. You can use Cisco XDR APIs to scrape observables from a block of text (shown below in Postman), gather intelligence from integrated products, conduct an investigation, take response actions using integrated products, and more. The flexibility to use Cisco XDR via APIs allows your SOC to customize your processes at a granular level. Want to enrich tickets in your ticketing platform with intelligence from your security products? We have APIs for that. Want to allow analysts to approve remediation actions by messaging a bot in Webex? We can do that too. Cisco XDR has a full suite of APIs that can help you take your security operations to the next level.

    Cisco XDR, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Prep, Cisco Preparation, Cisco Learning, Cisco Certification, Cisco Guides

    Conclusion

    The crucial takeaway from this blog is that automation is a key component of modern security operations. The threats we face evolve constantly, move quickly, and many security teams lack enough skilled staff to monitor all of their tools. We need to use automation to keep up and get ahead of bad actors. From an industry perspective, we also recognize that many teams are trying to do more work with fewer people. Automation can help with that too. We want to enable your SOC to automate the things they don’t want to do and accelerate the tasks that truly matter. All of this and more can be done with Cisco XDR.

    Source: cisco.com

    Saturday, 17 June 2023

    The Power of 5G for the Connected Future

    Cisco Career, Cisco Tutorial and Materials, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Guides, Cisco Learning

    Trains, planes, automobiles… they all move fast — their network should, too. Transportation systems depend on a strong, secure network – drivers, passengers, employees, and even autonomous operations all rely on it.

    5G connectivity is key to unlocking next-gen transportation networks and applications. Given the critical importance of safety in the transportation ecosystem, in addition to ensuring a seamless user experience, having ubiquitous and extremely reliable connectivity is mission critical. Managing multi-access technologies such as public 5G, private 5G, and Wi-Fi will play a pivotal role in ensuring reliable and secure connectivity across transportation use cases.

    Traditional networks forced data back to centralized nodes, which increased latency by being further way from where the data originated.  With 5G, these nodes can now be decentralized and distributed in cloud deployments, bringing applications and the internet closer to the vehicle, and allowing unprecedented low latency connectivity. Additionally, 5G provides improved security to aid car manufacturers and fleet managers to meet connected vehicle application security requirements.,

    Next-gen experiences in the connected car


    The connected car has evolved since the early days of sending a signal once the vehicle was in an accident.  Today’s connected vehicle has become a bidirectional communicational channel. It needs to be able to communicate with the internet, other vehicles, roadways, intersections, and more for traffic, safety and even entertainment use cases. Automotive OEMs must navigate how to seamlessly move a vehicle between environments, using multiple access technologies, and maintain network visibility, control, and reporting.

    Connected cars are the most sophisticated Internet of Things (IoT) devices today with use-cases (onboard applications or services) ranging from notifying drivers of upcoming road hazards, emergency vehicles, or pedestrians in intersections, to telematics services that enable predictive maintenance of vehicle components, infotainment services to enable audio and video streaming apps (Netflix, Spotify), on-board Wi-Fi, high-definition maps, and a marketplace for retail use-cases.

    In addition to these use-cases, OEMs are looking at 5G as a critical enabler for autonomous driving with V2X services – where the car communicates with neighboring vehicles, roadway infrastructure, and an edge cloud – which requires periodic mapping updates and predictive intelligence with automated assurance to detect service anomalies and drive corrective actions. Additionally, software defined vehicles require frequent software updates (FOTA/SOTA) which require reliable, high-bandwidth connectivity.

    Webex integration is another application that OEMs are choosing to enable as a new service for their customers by making their vehicle a mobile connected office. Ford and Mercedes Benz AG’s recent partnerships with Cisco to enable WebEx conferencing in their vehicles pave the way for mainstream adoption by other OEMs.

    Commercial Vehicle (CV) OEMs are also leading adoption of autonomous trucking (AT) technologies and building homegrown fleet management solutions. Pervasive connectivity with edge deployments supporting mission critical V2X communications is a pre-requisite for CV OEMs to embrace autonomous trucking. Platooning, considered to be the first commercial AT application, is expected to generate TCO savings of ~45% by the end of this decade. Fleet management solutions for electrified, autonomous trucks will subsequently leverage 5G connectivity for predictive diagnostics and maintenance of vehicle components and powertrain. Figure 1 has an overview of connected vehicle 5G-enhanced use-cases.

    Cisco Career, Cisco Tutorial and Materials, Cisco Career, Cisco Skills, Cisco Jobs, Cisco Guides, Cisco Learning
    Figure 1. Connected vehicle 5G-enhanced use cases

    Cisco’s vision for a 5G connected transportation future

    To achieve this vision of a 5G connected future in transportation, we are enabling vehicle OEMs to take the control needed to deliver a safer and more sustainable fleet. That requires deep integration with networks and a deep understanding of the quality of service (QoS) that comes from it.

    QoS becomes critical for services that depend on specific characteristics or SLAs like safety or autonomous driving. OEMs need to know how vehicles are performing, and to be able to address issues as they arise, not open a ticket with their communications service provider (CSP) and wait for a response. They need a framework where CSPs allow them certain control and configuration privileges, like applying a slice to a network service or deploying additional edge nodes when capacity dictates they are needed.

    This level of control will allow OEMs to provide unique customer experiences, with a reliable QoS to deliver their services. The car becomes a digital extension of the passenger’s journey, whether it’s a privately owned vehicle, or a shared mobility service. And this goes beyond the connected car.

    OEMs and municipalities must work together to build intelligent systems that will power the connected roads and corridors.  They must learn how to bring disparate sources of data together, process them into intelligent decisions and then feed that information back to drivers or infrastructure that can act upon it.

    The next generation of both cars and networks will change transportation and mobile networks in ways we can’t even fathom yet. But unless you have a strategy for how to bring these two together, you will struggle to unlock the power that is just at our fingertips.

    Source: cisco.com