Saturday, 30 March 2024

Hiding in Plain Sight: How Subdomain Attacks Use Your Email Authentication Against You

For years, analysts, security specialists, and security architects alike have been encouraging organizations to become DMARC compliant. This involves deploying email authentication to ensure their legitimate email has the best chance of getting to the intended recipients, and for domain owners to be quickly notified of any unauthorized usage of their domains. While together we are making progress thanks to DMARC adoption and reporting services such as Cisco’s OnDMARC offering, there’s an opportunity to do better particularly with on-going monitoring to address new and emerging threats, such as this Subdo campaign.

What’s happened?


Recently a totally new attack type has been seen that takes advantage of the complacency that an organization may have when they approached their DMARC rollout with a ‘ticked the box’ mindset.

The SubdoMailing (Subdo) campaign has been ongoing for about two years now. It sends malicious mail – that is typically authenticated – from domains and subdomains that have been compromised through domain takeover and dangling DNS issues.

These attacks were initially reported by Guardio Labs who reported the discovery of 8,000 domains and 13,000 subdomains being used for these types of attacks since 2022.

Several weeks before that, Cisco’s new DMARC partner, Red Sift, discovered what they initially thought was an isolated incident of bad senders passing SPF checks and sending emails fraudulently on behalf of one of their customers. In the customer’s instance of Red Sift OnDMARC, they noticed email was coming from a sender with a poor reputation and a subdomain that appeared unrelated to their customer’s main domain. But these emails had fully passed SPF checks with the customer’s current SPF record. Upon alerting the customer who then investigated all the ‘includes’ in their SPF record, several outdated CNAME addresses were found that had been taken over by attackers, which is what caused the issue.

What should I look out for?


The bad actors in this campaign are capitalizing on stale, forgotten or misconfigured records that were wrongfully included in DNS to send unauthorized emails. The attackers then send phishing emails as images to avoid text-based spam detection.

It is this oversight that has seen many notable organizations be impacted by these new subdomain attacks in the last few months, solely because they have not been actively monitoring in the right areas.

Proactive steps to start today:


1. Don’t let your domain names expire – these are what provide fraudsters the opportunity to carry out the attack.
2. Keep your DNS clean – Remove resource records from your DNS that are no longer in use and remove third-party dependencies from your DNS when they become redundant.
3. Use a trusted email protection provider – It makes sense to use a vendor for DMARC, DKIM and SPF requirements but be sure to use a trusted vendor with the capability to proactively identify problems, such as when part of a SPF policy is void or insecure.
4. Check for dangling DNS records – Have an inventory of hostnames that are monitored continuously for dangling resource records and third-party services. When identified, remove them immediately from your DNS.
5. Monitor what sources are sending from owned domains – If the domain or subdomain is taken over for sending, then it is important to know if mail is being sent from it as quickly as possible.

What else should I do?


If you are wondering if you have been impacted by SubdoMailing, the best place to start is Red Sift Investigate, this will provide you with a review of your domain such as can be seen below:

Hiding in Plain Sight: How Subdomain Attacks Use Your Email Authentication Against You

Should this valuable tool reveal any ‘SubdoMailers’ – also known as poisoned includes – the Red Sift SPF Checker allows you to visualize them in a dynamic ‘SPF tree’, allowing you to quickly pinpoint where they are and speed up remediation efforts, an example of a dynamic SPF tree can be seen below: –

Hiding in Plain Sight: How Subdomain Attacks Use Your Email Authentication Against You

The OnDMARC Adoption and Reporting Solution that Cisco partners with Red Sift on has already been updated to uncover exactly these issues directly within the tool to ensure our customers are protected.

If you’d like to learn more then sign up for a free SubDo vulnerability scan to get in-depth insight into your current threat landscape, covering email and domain security, and uncover any potential DNS vulnerabilities.

If you’re a Cisco Secure Email customer, find out how you can quickly add Red Sift domain protection to your security suite and better detect that image-based spam.

Source: cisco.com

Thursday, 28 March 2024

SD-Routing: Unlock Agility and Efficiency for the Secure WAN Edge

SD-Routing: Unlock Agility and Efficiency for the Secure WAN Edge

Many Cisco enterprise customers have decades of Cisco Catalyst routing and security capabilities functioning at branch locations. However, many of their traditional network management solutions can’t keep up with the demands of cloud adoption, remote work, and ever-growing user expectations. This translates to poor user experience, sluggish applications, and possible security vulnerabilities. These factors are driving the need for a transformation across applications, networks, and security.

This operational paradigm shift aims to seamlessly connect users anywhere to any application and secure user access by protecting against evolving threats. The answer to these operational challenges is Cisco’s software-defined routing (SD-Routing) solution. It goes beyond traditional per-device-based management by enabling full frictionless lifecycle device management, monitoring, configuration, and troubleshooting—as well as robust, next-generation firewall security integrations—from a single dashboard that doesn’t require any changes to your existing environment.

SD-Routing: Unlock Agility and Efficiency for the Secure WAN Edge
Figure 1. SD-Routing solution overview

Let’s explore some key use cases of SD-Routing that can transform your network:

Frictionless device lifecycle management. Simplify and prepare your network for the future with one management platform. SD-Routing, controlled through the Cisco Catalyst SD-WAN Manager dashboard, can:

  • Unify management: Manage device software upgrades, monitoring, and troubleshooting through the intuitive Catalyst SD-WAN Manager dashboard. This simplifies network operations and empowers you to manage both traditional routing and Catalyst SD-WAN environments.
  • Tame legacy challenges: Simplify complex legacy operations with SD-Routing. Basic troubleshooting tools within the manager help you maintain and optimize performance. Continuous updates ensure your network stays ahead of the curve.
  • Combat configuration drift: Manage and track changes with a unified platform. Use the manager to create configuration templates for standardized deployments and future SD-WAN migration.

Network administrators might be using homegrown automation or third-party vendor tools to solve these problems. You can continue to use these tools, but you don’t need to invest further. Rather, take advantage of SD-WAN Manager, which comes as a part of Catalyst licensing.

Security


Configuring diverse IOS XE security features through the command-line interface (CLI) or customized ad hoc scripts has historically been a complex, labor-intensive process that is prone to errors. This is especially true for defining granular security policies across zones and containers. With the introduction of SD-Routing guided security workflows, customers aiming to implement robust, next-generation firewall (NGFW) security on their on-premises routers will find this a valuable addition, allowing for consistent policy application across deployments. Many customers want Direct Internet Access (DIA) at their branch offices, but security concerns hold them back. SD-Routing can streamline secure DIA deployment on WAN edge routers, offering a simpler approach to securing distributed networks.

Cloud on-ramp for multicloud


Traditional network teams often struggle to securely extend their WANs to cloud providers, where key enterprise applications may reside. SD-Routing simplifies this process, especially for those who are hesitant to adopt it. With SD-Routing, you can securely connect to cloud providers like AWS and Azure following best practices, without months of learning complex, cloud-specific configurations. This empowers you to seamlessly connect to cloud providers and focus on your business outcomes.

As you tackle the modern network challenges, explore SD-Routing to simplify, streamline, secure, and future-proof your WAN environment. The single management platform for Catalyst SD-WAN and SD-Routing saves time and operational expenses with agile and automated workflows that quickly respond to network changes.

Beyond these immediate benefits, SD-Routing also can help strategically position your network for simplified future migrations to SD-WAN, depending on where you are in your digital transformation journey.

Whether you have existing enterprise networking equipment in your WAN or are considering a future purchase of Cisco Catalyst 8000 Edge Platforms, Cisco 1000 Series Integrated Service Routers, Cisco 1000 Series Aggregation Service Routers, or Industrial Routers, SD-Routing can unlock their full potential. Even better, if you’re already using Cisco Catalyst SD-WAN Manager, you can leverage the same platform to manage your SD-Routing deployments.

Source: cisco.com

Tuesday, 26 March 2024

GenAI will Transform B2B Interactions and Solutions in the Year Ahead with New Depth of Context and Control

GenAI will Transform B2B Interactions and Solutions in the Year Ahead with New Depth of Context and Control

Human-like interaction with B2B solutions, bespoke multimodal LLMs for better accuracy and precision, curated workflow automation via LAMs and customized B2B applications will become the norm as GenAI expands in the business sphere.

With the rapid launch of new solutions powered by generative AI (GenAI), the business-to-business (B2B) landscape is being reshaped in front of our eyes. Many organizations have taken a cautious and meticulously planned approach to widespread adoption of artificial intelligence (AI), however the Cisco AI Readiness Index reveals just how much pressure they are now feeling.

Adverse business impacts are anticipated by 61% of organizations if they have not implemented an AI strategy within the next year. In some cases, the window may even be narrower as competitors pull away, leaving very little time to properly execute plans. The clock is ticking, and the call for AI integration – especially GenAI – is now louder than ever.

In her predictions of tech trends for the new year, Chief Strategy Officer and GM of Applications, Liz Centoni said GenAI-powered Natural Language Interfaces (NLIs) will become the norm for new products and services. “NLIs powered by GenAI will be expected for new products and more than half will have this by default by the end of 2024.”

NLIs allow users to interact with applications and systems using normal language and spoken commands as with AI assistants, for instance, to instigate functionality and dig for deeper understanding. This capability will become available across most business-to-consumer (B2C) applications and services in 2024, especially for question-and-answer (Q&A) type of interactions between a human and a “machine”. However, associated B2B workflows and dependencies will require additional context and control for GenAI solutions to effectively elevate the overall business.

The point-and-click approach enabled by graphic user interfaces (GUIs) effectively binds users to a limited set of capabilities, and a restricted view of data that is based on the GUI requirements set by the business at the point of design. Multi-modal prompt interfaces (mainly text and audio) are fast changing that paradigm and expanding the UI/UX potential and scope. In the coming year, we’ll see B2B organizations increasingly leverage NLIs and context to “ask” specific questions about available data, freeing them from traditional constraints and offering a faster path to insight for complex queries and interactions.

A good example of this is the contact center and its system support chatbots as a B2C interface. Their user experience will continue to be transformed by GenAI-enabled NLIs and multi-modal assistants in 2024, but the natural next step is to enrich GenAI with additional context, enabling it to augment B2B dependencies (like services) and back-end systems interactions, like application programming interfaces (APIs) to further boost accuracy and reach, minimize response time, and enhance user satisfaction.

Meanwhile, as the relevance of in-context faster paths to insights increases and the associated GenAI-enabled data flows become mainstream, large action models (LAMs) will start to be considered as a potential future step to automate some of enterprise workflows, most likely starting in the realm of IT, security, and auditing and compliance.

Additional B2B considerations with GenAI


As Centoni said, GenAI will be increasingly leveraged in B2B interactions with users demanding more contextualized, personalized, and integrated solutions. “GenAI will offer APIs, interfaces, and services to access, analyze, and visualize data and insights, becoming pervasive across areas such as project management, software quality and testing, compliance assessments, and recruitment efforts. As a result, observability for AI will grow.”

As the use of GenAI grows exponentially, this will simultaneously amplify the need for comprehensive and deeper observability. AI revolutionizes the way we analyze and process data, and observability too is fast evolving with it to offer an even more intelligent and automated approach from monitoring and triage across real-time dependencies up to troubleshooting of complex systems and the deployment of automated actions and responses.

Observability over modern applications and systems, including those that are powered by or leverage AI capabilities, will be increasingly augmented by GenAI for root-cause analysis, predictive analysis and, for example, to drill down on multi-cloud resource allocation and costs, as well as the performance and security of digital experiences.

Driven by growing demand for integrated solutions they can adapt to their specific needs, B2B providers are turning to GenAI to power services that boost productivity and accomplish tasks more efficiently than their current systems and implementations. Among these is the ability to access and analyze vast volumes of data to derive insights that can be used to develop new products, optimize dependencies, as well as design and refine the digital experiences supported by applications.

Starting in 2024, GenAI will be an integral part of business context, therefore observability will naturally need to extend to it, making the full stack observability scope a bit wider. Besides costs, GenAI-enabled B2B interactions will be particularly sensitive to both latency and jitter. This fact alone will drive significant growth in demand over the coming year for end-to-end observability – including the internet, as well as critical networks, empowering these B2B interactions to keep AI-powered applications running at peak performance.

On the other hand, as businesses recognize potential pitfalls and seek increased control and flexibility over their AI models training, data retention, and expendability processes, the demand for either bespoke or both domain-specific GenAI large language models (LLMs) will also increase significantly in 2024. As a result, organizations will pick up the pace of adapting GenAI LLM models to their specific requirements and contexts by leveraging private data and introducing up-to-date information via retrieval augmented generation (RAG), fine-tuning parameters, and scaling models appropriately.

Moving fast towards contextual understanding and reasoning


GenAI has already evolved from reliance on a single data modality to include training on text, images, video, audio, and other inputs simultaneously. Just as humans learn by taking in multiple types of data to create more complete understanding, the growing ability of GenAI to consume multiple modalities is another significant step towards greater contextual understanding.

These multi-modal capabilities are still in the early stages, although they are already being considered for business interactions. Multi-modality is also key to the future of LAMs – sometimes called AI agents – as they bring complex reasoning and provide multi-hop thinking and the ability to generate actionable outputs.

True multi-modality not only improves overall accuracy, but it also exponentially expands the possible use cases, including for B2B applications. Consider a customer sentiment model tied to a forecast trending application that can capture and interpret audio, text, and video for complete insight that includes context such as tone of voice and body language, instead of simply transcribing the audio. Recent advances allow RAG to handle both text and images. In a multi-modal setup, images can be retrieved from a vector database and passed through a large multimodal model (LMM) for generation. The RAG method thus enhances the efficiency of tasks as it can be fine-tuned, and its knowledge can be updated easily without requiring entire model retraining.

With RAG in the picture, consider now a model that identifies and analyzes commonalities and patterns in job interviews data by consuming resumes, job requisitions across the industry (from peers and competitors), online activities (from social media up to posted lectures in video) but then being augmented by also consuming the candidate-recruiter emails interactions as well the actual interview video calls.   That example shows how both RAG and responsible AI will be in high demand during 2024.

In summary, in the year ahead we will begin to see a more robust emergence of specialized, domain-specific AI models. There will be a shift towards smaller, specialized LLMs that offer higher levels of accuracy, relevancy, precision, and efficiency for individual organizations and needs, along with niche domain understanding.

RAG and specialized LLMs and LMMs complement each other. RAG ensures accuracy and context, while smaller LLMs optimize efficiency and domain-specific performance. Still in the year ahead, LAM development and relevance will grow, focusing on the automation of user workflows while aiming to cover the “actions” aspect missing from LLMs.

The next frontier of GenAI will see evolutionary change and totally new aspects in B2B solutions.  Reshaping business processes, user experience, observability, security, and automated actions, this new AI-driven era is shaping itself up as we speak and 2024 will be an inflection point in that process.   Exciting times!

Source: cisco.com

Saturday, 23 March 2024

Increase Market Share Quickly with Cisco Specializations and GTM Tools

Increase Market Share Quickly with Cisco Specializations and GTM Tools

Your Managed Services opportunity with Cisco is exploding, with a total addressable market of $161 Billion by 2027. Within that, the SMB segment is growing 1.6 times faster than other segments. However, you may not realize how quickly and easily we can help you capture more of this market. Here’s how the Cisco Partner Program and incentives help:

  • Differentiate yourself from your competition by earning more Cisco Powered Services Specializations and pave your way to Gold-level advantages.
  • Use your market development funds for business development, demand generation, funding headcount, and internal training.
  • Leverage ready-made marketing kits and templates and get access to experts to help you grow your business.
  • Earn greater pricing incentives and discounts that help you reach your revenue goals faster. Cisco continuously updates and adds marketing resources, so you can maximize your earning potential as your sales grow.

Growth drivers


Customers want speed and flexibility when achieving their targeted business outcomes, and with managed services as part of your value proposition, you can deliver both. Organizations across all industries face a common set of business challenges: lean IT staffs in complex IT environments, IT skills gaps, and a lack of resources needed to manage, optimize, and automate their networks. On top of that, security issues can arise when policies do not encompass both on-prem and cloud environments. Often, traditional on-prem consumption models do not align with cloud solutions and marketplaces. As a managed service provider, you can close these gaps, address your customer’s business challenges, and help them achieve their goals.

Greater Together


By working together closely and partnering to create unrivaled value for customers around their needs, we can capture more managed services opportunities. Building on Cisco’s industry-leading platforms and technologies like Cisco Powered Services, you can create and deliver your own innovations that help customers accomplish their specific business outcomes. We can achieve more innovation faster than ever across platforms, networking, security, collaboration, and optimized applications. Together we have a unique advantage, the ability to serve customers of every size and industry segment solving their biggest technology challenges.

Create marketplace differentiation with Cisco


With Cisco Powered Services specializations, you can elevate your organization above your competition. These recognized technology credentials help you build greater demand for your services and win new customers. They showcase your ability to build, provision, manage, and support managed services using industry-leading Cisco technologies that deliver the business outcomes your customers need. Grow your organization’s skills efficiently by building repeatable and scalable managed services. In addition, Cisco Powered Services give you:

  • Proven blueprints: Validate your competency in areas including Power Hybrid Work, Secure the Enterprise, Transform Infrastructure, and Reimagine Applications.
  • Quicker path to advancement: Meet specialization training requirements with up to 40 percent cost reductions. Role-share using CCIEs and CCNPs helps you meet Provider-level requirements faster.
  • Showcase capabilities: Once you achieve these specializations, you gain access to industry-recognized logos and exclusive go-to-market resources to build successful solutions and services for Managed SD-WAN, Meraki, SASE, FSO, and many more.
  • Sales acceleration: Expand your Cisco Powered Services portfolio and earn greater rewards within the Provider role, including exclusive upfront discounts and market development funds.

New resources available


You don’t need a large marketing team to reach current and potential customers. Cisco provides a variety of marketing materials and creative assets to help you highlight your unique capabilities. These ready-made materials will help you build targeted campaigns quicker and reach your customers faster. Newly added assets within Marketing Velocity Learning include a video and a companion guide with step-by-step guidance to help you grow your managed services business more quickly.

Source: cisco.com

Thursday, 21 March 2024

Transforming the Economics of Superfast Broadband with Cisco Routed PON

Transforming the Economics of Superfast Broadband with Cisco Routed PON

Today marks the launch of Cisco Routed PON, a truly disruptive solution that enables agile, differentiated broadband services through a software-defined broadband network. It’s part of our ongoing mission to transform the economics of networking for the benefit of communication service providers and communities worldwide. Routed PON drastically improves the cost of broadband deployment in rural, suburban, and urban areas, to help bring reliable, superfast connectivity to both residential and business customers.

In July 2016, the United Nations declared the internet a basic human right. Recognizing the importance of high-speed internet access in improving people’s lives and growing the digital economy, governments worldwide are investing heavily in broadband builds. The $42.45 billion Broadband Equity, Access and Deployment (BEAD) fund in the U.S. is just one example. Its goal is to ensure that every American can reap the benefits of high-speed internet access.

Communication service providers have welcomed initiatives like this because of the high cost of building new infrastructure and declining ARPU. Yet, bridging the digital divide and meeting both consumers’ and businesses’ growing bandwidth demands requires more than just public funding. It calls for a complete rethink of how broadband networks are built. That’s why we developed Cisco Routed PON—to help communication service providers and municipalities to deploy broadband networks in a better and simpler way.

Why can’t we just keep doing things the old way?


In today’s hyperconnected world—where hybrid work is the new normal, artificial intelligence (AI) innovation is accelerating, and new bandwidth-hungry applications continue to emerge—rolling out and managing profitable, high-performance broadband access networks is difficult and complex. And, it’s going to become even more difficult as bandwidth growth continues—from 10G, 25G and to 100G, and beyond.

The challenges are about connectivity and the services that broadband solutions enable. Our customers want to deliver services in an agile and cost-effective way, but they are increasingly constrained by traditional broadband architectures with large, dedicated optical line terminal (OLT) chassis that require dedicated space and power. Additionally, these chassis are separate from the access router, so they require separate layer management that can be costly. Traditional broadband architectures also offer less flexibility because they come as an integrated solution from a single vendor.

What sets Routed PON apart?


Unlike traditional chassis-based solutions, Cisco Routed PON enables communication service providers to put a small form factor PON pluggable in a router and converge FTTx access with their end-to-end network. It has three building blocks, all underpinned by a software-defined end-to-end architecture based on the IOS XR operating system.

1. Cisco Routed PON OLT Pluggable – A pluggable 10G OLT that replaces traditional stand-alone OLT chassis and connects the PON network to Layer 3 routing and services through a small form factor pluggable (SFP+) port on the router. The SFP is a cost optimized and power efficient way to deliver 10G symmetrical upstream and downstream data. Open and compliant with the OMCI standard, the OLT pluggable is compatible with any optical network terminal (ONT), helping customers avoid vendor lock-in.
2. Cisco Routed PON Controller – A stateless management controller that runs as a container on the router, configuring and monitoring end points in the PON network. It applies configurations to OLT and ONT devices and collects state information, statistics, alarms and logs from devices, and reports the information to higher layer applications.
3. Cisco Routed PON Manager – A WebUI application that acts as a graphical user interface for the PON network. The PON Manager facilitates device and service provisioning, and enables the management of users, databases, and alarms.

Flexibility, service differentiation, and investment protection


The capabilities of Cisco Routed PON lead to multiple positive business outcomes. The innovative architecture offers customers more flexibility because it’s interoperable with many ONTs. So, communication service providers can decide for themselves which ONT best meets their requirements and cost targets, upgrade to new features as needed, and not be tied to a single vendor’s roadmap.

Cisco Routed PON also makes their end-to-end architecture much simpler to manage, which in turn lowers OpEx. Instead of having separate systems and processes for PON, communication service providers can converge it with other access technologies on IP routers like active Ethernet – all unified by a common operating system, IOS XR, and automation.

At a time when reducing churn and growing revenue is critical, Cisco Routed PON helps customers stand out from competition and monetize their network investments in a smarter way. Thanks to its end-to-end architecture—with powerful IOS XR capabilities, such as segment routing and EVPN—it improves subscriber experience.

These capabilities also enable communication service providers to offer differentiated services for business and residential customers, such as ultra-low latency connectivity or additional security features. Crucially, Cisco Routed PON protects communication service providers’ investments as they build the Internet for the Future – ready for 10G, 25G, 50G, 100G, and beyond. When new higher-bandwidth Cisco pluggable OLTs become available, customers can simply plug them into their router on a port-by-port basis.

I’m proud of how Cisco keeps pushing the boundaries of routing and optical innovation to enable our customers to create more efficient and profitable network architectures. I see Cisco Routed PON as a further demonstration of how we are transforming and simplifying networking like we have done previously with Routed Optical Networking. I look forward to working with our customers as they leverage this new solution to accelerate the deployment of high-speed broadband in cities and rural communities around the world to bridge the digital divide.

Source: cisco.com

Tuesday, 19 March 2024

Complexity drives more than security risk. Secure Access can help with that too.

Modern networks are complex, often involving hybrid work models and a mix of first- and third-party applications and infrastructure. In response, organizations have adopted security service edge (SSE) solutions, such as Cisco Secure Access, to protect users regardless of where they are located or what they are accessing.

This reliance on third-party infrastructure doesn’t only drive security risk, it also increases the likelihood of performance outages and disruptions. Oftentimes, these disruptions are the result of service outages and slowdowns in third-party infrastructure, which make it difficult for IT teams to detect and remediate the problem. Experience Insights, a component of Cisco Secure Access, allows administrators to maintain a positive end user experience by detecting and responding to connectivity problems as soon as they occur, all from the same dashboard they use to manage security capabilities and access policies.

Cisco Secure Access is our flagship Security Service Edge (SSE) product, which provides all the tools you need to enable remote and branch users to securely connect to the Internet, software-as-a-service (SaaS) applications, and private apps. While much of these capabilities are focused on security, it is also important to monitor network performance, ensuring a strong digital experience with minimal outages and connectivity problems.

Experience Insights is powered by Cisco ThousandEyes technology, which enables rapid root cause identification and resolution from device to application and every network in between. According to the Forrester Total Economic Impact report for ThousandEyes, the technology’s end user monitoring capabilities resulted in a 50% productivity boost for IT and network operations and a 50-80% reduction in the time it took to identify intermittent or degraded performance, whether it was global or localized.

Complexity drives more than security risk. Secure Access can help with that too.

Provide a strong user experience and troubleshoot performance issues


Performance problems can originate in many sources, including:

  • Devices, such as laptops
  • Wi-Fi networks
  • Internet service providers
  • Corporate resources, such as VPNs or security tools
  • Applications

For many organizations, it can be a challenge to simply detect these problems, let alone mitigate them. This results in ongoing, undetected connectivity problems, causing a loss of productivity and end user frustration.

Experience insights is a digital experience monitoring (DEM) solution that provides a comprehensive view of endpoint, application, and network performance, making it easier to identify and troubleshoot performance problems as they arise. Ultimately, these capabilities result in a reduced mean time to resolution (MTTR) for performance incidents.

This includes a variety of metrics related to:

  • Device – detailed user and system information, including CPU and memory utilization and Wi-Fi signal strength.
  • Internet and network paths – key metrics regarding the network path from the device to the Secure Access gateway, including latency, packet loss, and jitter.
  • Collaboration applications – automatic performance tests for key collaboration tools, such as Cisco Webex, Microsoft Teams, and Zoom.
  • SaaS applications – insight into the most popular SaaS applications, including the overall health status and details such as HTTP response times and status codes.

Complexity drives more than security risk. Secure Access can help with that too.

Single-dashboard, single-agent


One of the primary benefits of Cisco Secure Access is a single-dashboard experience. The solution combines 12 different technologies and provides unified management, configuration, and troubleshooting capabilities. Experience insights is a core component of Secure Access, which means all its data and alerts are provided in the same management portal as the rest of Secure Access’ capabilities. This prevents administrators from being forced to juggle numerous technologies and management portals, streamlining operations and reducing frustration.

In addition, all Secure Access capabilities, including Experience Insights, rely on the Cisco Secure Client, a single agent on the end-user’s machine. This simplifies administration and deployment while optimizing workflows.

All at no extra cost


We recognize how important it is to be able to identify and troubleshoot connectivity problems in an SSE solution, which is why we are including it in the base Secure Access license at no extra cost. In addition, customers can purchase a full license for Cisco ThousandEyes for more advanced capabilities and broader coverage across their network.

Experience insights is just one capability of an incredible solution


While experience insights is our latest announcement, Secure Access includes many capabilities, including a secure web gateway, cloud access security broker with data loss prevention, firewall-as-a-service, and zero trust network access. It is an all-encompassing solution for securely connecting remote and branch users to the Internet, SaaS applications, and private apps.

Source: cisco.com

Saturday, 16 March 2024

Simplify DNS Policy Management With New Umbrella Tagging APIs

Simplify DNS Policy Management With New Umbrella Tagging APIs

This blog post will show you how you can automate DNS policy management with Tags.

To streamline DNS policy management for roaming computers, categorize them using tags. By assigning a standard tag to a collection of roaming computers, they can be collectively addressed as a single entity during policy configuration. This approach is recommended for deployments with many roaming computers, ranging from hundreds to thousands, as it significantly simplifies and speeds up policy creation.

High-level workflow description

1. Add API Key

2. Generate OAuth 2.0 access token

3. Create tag

4. Get the list of roaming computers and identify related ‘originId’

5. Add tag to devices.

The Umbrella API provides a standard REST interface and supports the OAuth 2.0 client credentials flow. While creating the API Key, you can set the related Scope and Expire Date.

To start working with tagging, you need to create an API key with the Deployment read/write scope.

Simplify DNS Policy Management With New Umbrella Tagging APIs

After generating the API Client and API secret, you can use it for related API calls.

First, we need to generate an OAuth 2.0 access token.


You can do this with the following Python script:

import requests
import os
import json
import base64

api_client = os.getenv('API_CLIENT')
api_secret = os.getenv('API_SECRET')

def generateToken():

   url = "https://api.umbrella.com/auth/v2/token"

   usrAPIClientSecret = api_client + ":" + api_secret
   basicUmbrella = base64.b64encode(usrAPIClientSecret.encode()).decode()
   HTTP_Request_header = {"Authorization": "Basic %s" % basicUmbrella,
"Content-Type": "application/json;"}

   payload = json.dumps({
   "grant_type": "client_credentials"
   })

   response = requests.request("GET", url, headers=HTTP_Request_header, data=payload)
   print(response.text)
   access_token = response.json()['access_token']
   print(accessToken)

   return accessToken


if __name__ == "__main__":
   accessToken = generateToken()

Expected output:
{“token_type”:”bearer”,”access_token”:”cmVwb3J0cy51dGlsaXRpZXM6cmVhZCBsImtpZCI6IjcyNmI5MGUzLWQ1MjYtNGMzZS1iN2QzLTllYjA5NWU2ZWRlOSIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ1bWJyZWxsYS1hdXRoei9hdXRoc3ZjIiwic…OiJhZG1pbi5wYXNzd29yZHJlc2V0OndyaXRlIGFkbWluLnJvbGVzOnJlYWQgYWRtaW4udXNlcnM6d3JpdGUgYWRtaW4udXNlcnM6cmVhZCByZXBvcnRzLmdyYW51bGFyZXZlbnRzOnJlYWQgyZXBvcnRzLmFnZ3Jl…MzlL”,”expires_in”:3600}

We will use the OAuth 2.0 access token retrieved in the previous step for the following API requests.

Let’s create tag with the name “Windows 10”


def addTag(tagName):
   url = "https://api.umbrella.com/deployments/v2/tags"

   payload = json.dumps({
   "name": tagName
   })

   headers = {
   'Accept': 'application/json',
   'Content-Type': 'application/json',
   'Authorization': 'Bearer ' + accessToken
   }

   response = requests.request("POST", url, headers=headers, data=payload)

   print(response.text)


addTag("Windows 10", accesToken)

Expected output:

{
   "id": 90289,
   "organizationId": 7944991,
   "name": "Windows 10",
   "originsModifiedAt": "",
   "createdAt": "2024-03-08T21:51:05Z",
   "modifiedAt": "2024-03-08T21:51:05Z"
}

Simplify DNS Policy Management With New Umbrella Tagging APIs
Umbrella dashboard, List of roaming computers without tags 

Each tag has its unique ID, so we should note these numbers for use in the following query.

The following function helps us Get the List of roaming computers:


def getListRoamingComputers(accesToken):

url = "https://api.umbrella.com/deployments/v2/roamingcomputers"

payload = {}
headers = {
'Accept': 'application/json',
'Content-Type': 'application/json',
'Authorization': 'Bearer ' + accessToken
}

response = requests.request("GET", url, headers=headers, data=payload)

print(response.text)

Expected output:

[
{
“originId”: 621783439,
“deviceId”: “010172DCA0204CDD”,
“type”: “anyconnect”,
“status”: “Off”,
“lastSyncStatus”: “Encrypted”,
“lastSync”: “2024-02-26T15:50:55.000Z”,
“appliedBundle”: 13338557,
“version”: “5.0.2075”,
“osVersion”: “Microsoft Windows NT 10.0.18362.0”,
“osVersionName”: “Windows 10”,
“name”: “CLT1”,
“hasIpBlocking”: false
},
{
“originId”: 623192385,
“deviceId”: “0101920E8BE1F3AD”,
“type”: “anyconnect”,
“status”: “Off”,
“lastSyncStatus”: “Encrypted”,
“lastSync”: “2024-03-07T15:20:39.000Z”,
“version”: “5.1.1”,
“osVersion”: “Microsoft Windows NT 10.0.19045.0”,
“osVersionName”: “Windows 10”,
“name”: “DESKTOP-84BV9V6”,
“hasIpBlocking”: false,
“appliedBundle”: null
}
]

Users can iterate through the JSON list items and filter them by osVersionName, name, deviceId, etc., and record the related originId in the list that we will use to apply the related tag.

With related tag ID and roaming computers originId list, we can finally add a tag to devices, using the following function:

def addTagToDevices(tagId, deviceList, accesToken):
   url = "https://api.umbrella.com/deployments/v2/tags/{}/devices".format(tagId)

   payload = json.dumps({
   "addOrigins":
   })
   headers = {
   'Accept': 'application/json',
   'Content-Type': 'application/json',
   'Authorization': 'Bearer ' + accessToken
   }

   response = requests.request("POST", url, headers=headers, data=payload)

   print(response.text)

addTagToDevices(tagId, [ 621783439, 623192385 ], accesToken)

Expected output:

{
   "tagId": 90289,
   "addOrigins": [
       621783439,
       623192385
   ],
   "removeOrigins": []
}

After adding tags, let’s check the dashboard


Simplify DNS Policy Management With New Umbrella Tagging APIs
Umbrella dashboard, list of roaming computers after we add tags using API

A related tag is available to select when creating a new DNS policy.

Simplify DNS Policy Management With New Umbrella Tagging APIs

Notes:

  • Each roaming computer can be configured with multiple tags
  • A tag cannot be applied to a roaming computer at the time of roaming client installation.
  • You cannot delete a tag. Instead, remove a tag from a roaming computer.
  • Tags can be up to 40 characters long.
  • You can add up to 500 devices to a tag (per request).

Source: cisco.com