Managing Firewall complexity and Augmenting Effectiveness with AIOps for Cisco Firewall

Firewalls are a critical line of defense for any organization’s network security. But as companies grow and the threat landscape evolves, managing these firewalls becomes increasingly complex.

Security teams often find it challenging to stay updated with the ongoing changes and adjustments required for firewall settings and rules to adapt to new threats, network changes, and compliance requirements. Often this leads to security gaps and vulnerabilities if not managed correctly.

One of the main risks associated with firewall management is misconfiguration. The process of manually reviewing and configuring firewalls is not only laborious but also susceptible to human error, which can create exploitable weaknesses in a network’s defenses. Gartner has forecasted that misconfigurations will account for 99% of firewall breaches by the year 2025, highlighting the need for a more reliable and automated management solution.

Additionally, the cybersecurity industry is facing a skills shortage, making it difficult for organizations to hire professionals who possess the depth of knowledge required to leverage all the features a firewall offers. This shortage can lead to security tools being underutilized, meaning that companies aren’t seeing the full potential return on their investment in these technologies.

Lastly, traditional firewall management tends to be reactive rather than proactive. Security teams often find themselves in a position where they are addressing issues after they have already arisen, rather than anticipating and preventing them. This can lead to costly downtime and security breaches.

These challenges highlight the need for a new approach to firewall management.

What is AIOps for Cisco Firewalls?

Imagine your firewall fuelled by AI and machine learning (ML) that involves correlating data, predicting issues, identifying reasons for failure or potential failure with data, providing recommendations, and then automating tasks to enhance overall efficiency and security. That’s essentially what AIOps for Firewalls is! 

AIOps analyses massive amounts of data like firewall logs, alerts, metrics and network activity patterns using various range of models and can detect complex patterns, guide remediation efforts, and even automate responses to enhance both efficiency and security.

Traditional firewall management is reactive, but AIOps takes a proactive stance. It anticipates problems before they happen, preventing downtime and headaches.

Think of it like this: Imagine your car with advanced driver-assistance systems that warn you about lane departures. AIOps for Firewalls is like having a self-driving car for your cloud and network security. It continuously monitors your configuration and traffic, identifies potential hazards such as usage spikes, misconfigurations, best practices, and security threats, and guides you to take corrective actions to keep your system secure.

Our Approach: The Path to an Autonomous Firewall Future

Like Tesla’s journey towards self-driving cars, Cisco is on a quest to infuse its AIOps for Firewalls with greater intelligence and automation.

You can expect an era of intelligent alerting where the system delivers clear, actionable alerts that cut through the noise, prioritizing the most critical issues and conveying a sense of urgency where needed. This means an end to the flood of irrelevant notifications, enabling security teams to focus on what truly matters. Its smart event correlation will connect disparate events to highlight unusual patterns, improving threat detection.

Furthermore, AIOps will detect anomalous behavior using dynamic baselines and offer forecasting abilities to predict and prevent potential issues using multiple advanced forecasting models.

It will also provide precise remediation suggestions powered by GenAI , assisting in rapid problem resolution. Ultimately, the goal is to achieve self-healing or automated remediations, minimizing the need for human intervention and ensuring consistent network uptime and security.

The Benefits for You

Imagine a world where your business operations are rarely interrupted by network outages/downtime. With near zero downtime, you can say goodbye to those stressful moments scrambling to get things back online. This translates to smoother workflows, happier customers, and a more productive work environment.

But that’s not all, your investment in a firewall is amplified. A well-maintained firewall with maximized effectiveness becomes an impenetrable shield, keeping your business safe from ever-changing threats. Imagine having the peace of mind that comes with knowing your data and operations are constantly protected by a robust security posture. This is the reality that awaits you with the right tools and strategies.

Beyond Management: AIOps for Cisco Firewall

AIOps identifies areas where your defenses could be strengthened and provides Best Practice Recommendations to close any security gaps. It also ensures you’re getting the most out of your firewall investment by providing a clear picture of which features you’re using, and which ones remain untapped. This allows you to maximize your return on investment by leveraging the full potential of your firewall’s capabilities.

It delves deep into your firewall policies and provides optimization recommendations, acting like a security policy editor/auditor. Furthermore, AIOps acts like a real-time traffic cop, constantly monitoring your network. It provides insightful analysis of historical and real-time traffic patterns, helping you identify and resolve any issues quickly.

Best Practice Recommendations & Feature Adoption for Stronger Defense

Imagine an offering that allows you to survey the entire landscape of your security ecosystem through a unified dashboard. This scans your network to identify security lapses and opportunities for optimization, aligning with best practices widely recognized across the industry.

It addresses potential concerns, pinpointing vulnerabilities like misconfigured network translations, excessive logging that clogs your system, or outdated security measures. The dashboard also highlights urgent threats like unaddressed security advisories and missing backups, while flagging inefficient resource usage and potential compliance gaps.

This comprehensive overview empowers you to optimize your network configuration, ensure secure log storage, and streamline your defenses for maximum protection.

Policy Insights with Policy Analyzer & Optimizer

This essential service conducts an in-depth review and enhancement of firewall policies, pinpointing and rectifying redundancies, duplications, overlapping, shadowed, and mergeable rules, as well as those that are expired or inactive. By providing tailored remediation recommendations, it ensures that firewall policies remain streamlined and efficient, significantly cutting down on deployment time.

Traffic & Capacity Insights

Traffic & Capacity Insights offer both real-time and historical analyses of network traffic, aiding in the identification and resolution of problems and forecasting potential problems. Administrators often lack visibility into sudden surges in network usage.

For instance, substantial enduring data transfers, known as Elephant flows, have the potential to burden firewall devices, which can result in dropped traffic, a weakened security posture, and diminished firewall efficiency. By monitoring these extensive network flows, firewalls can predict their impact on resources like CPU and memory.

Utilizing AIOps insights, we can proactively recommend strategies such as rerouting low-risk applications and regulating high-risk ones to streamline network traffic. This proactive approach enables administrators to address issues before they escalate.

Conclusion

By incorporating AIOps into our services, we are advancing beyond mere firewall management by simplifying operations and improving security posture.

We are adopting a more intelligent and proactive methodology to safeguard and optimize the performance and security of your network infrastructure through various insights into traffic, capacity, operations and health. Coming soon from Cisco Security Cloud Control aka Cisco Defense Orchestrator.

Source: cisco.com

Continue reading

Navigating DORA (Digital Operational Resilience Act) with Secure Workload

Over the past decade, the cyber threat landscape has undergone a significant transformation, escalating from isolated attacks by lone wolves to sophisticated, coordinated breaches by state-sponsored entities and organized crime groups. During this period of change, cybersecurity has often been a secondary thought for enterprises, frequently addressed through reactive measures insufficient to counteract such advanced threats. However, we’re witnessing a pivotal shift, predominantly driven by regulatory bodies, toward establishing harmonized guidelines that can keep pace with the dynamic nature of cyber threats.

The Digital Operational Resilience Act (DORA) represents one such proactive stride in this direction. Targeted at the European Union (EU) financial sector and built around five core pillars, DORA advocates for a risk-based framework  that enhances the sector’s capabilities to prevent, respond to, and recover from cyber incidents.

Figure 1: DORA Core Pillars

How can you leverage Secure Workload to prepare for DORA?

While DORA does not dictate precise technical requirements, it provides the groundwork for a risk-based shift in cybersecurity. Secure Workload serves as a pivotal tool in this transition, enabling organizations to understand risk, prevent and mitigate risk, and report risks associated with their application workloads.

1. Understanding Risk

To understand risk, you must have visibility to know what is happening in your environment. Secure Workload delivers in-depth insights into how your workloads communicate and behave, including identifying any vulnerable packages installed. You can quickly answer questions such as:

◉ “Are my workloads utilizing approved enterprise services for common services such as DNS or NTP?”

◉ “Am I vulnerable to a specific vulnerability?

◉ “What is the risk of that vulnerability” Is it easily exploitable?

◉ “Are my workloads using insecure or obsolete transport session protocols and ciphers?”

◉ “Are my financial application workloads communicating to non-production environments?

◉ “How is my financial application communicating to external dependencies?”

◉ “Is it communicating to malicious networks?”

Figure 2: Application Dependency Map and Traffic Flow Search

Figure 3: Vulnerability Risk Information Distribution

2. Preventing and Mitigating Risk

Once the risk is understood, it is time to act. This action can take the form of proactive controls and compensating controls.

◉ Proactive Controls: Secure Workload microsegmentation policies allow you to create fine-grained allow-list policies for applications by discovering their dependencies. Additionally, guardrail policies can be established to restrict communications from risk-prone environments to your production workloads, such as non-production cannot talk to production workloads, or the PCI Cardholder Environment cannot talk to PCI Out-of-Scope or perhaps OT network cannot communicate with the data center, allowing to contain lateral movement and reduce the blast radius.

Figure 4: Proactive Segmentation Controls with Microsegmentation

◉ Compensating Controls: Even in the worst-case scenario, where a new zero-day vulnerability is disclosed or ransomware hits the organization, Secure Workload can rapidly act on this and restrict For example, you can quarantine a workload communication based on multiple attributes, such as CVE information, CVE Score, or even the access vectors access vectotr assestment.You can also choose to leverage Virtual Patch through the Secure Firewall integration to protect your workloads against exploits while the patch is applied. Even in the scenario that a workload changes its behavior (e.g., from trusted to untrusted due to an intrusion event or malware event) you can leverage Secure Firewall intelligence through FMC (Firewall Management Center) to quarantine workloads.

Figure 5: Compensating Control with Virtual Patch

Figure 6: Change-in Behavior Controls

3. Reporting Risk

DORA mandates to report major ICT-related incidents to relevant competent authorities. Because of this, reporting becomes a paramount process within the organization. Secure Workload offers multiple options for reporting, ranging from near real-time visualization dashboard and reports to detailed point-in-time retrospectives of incidents.

• Security Dashboard: Provides a high-level overview of the security posture and hygiene of the environment.
• Vulnerability Dashboard: Displays current CVEs within the environment along with a detailed assessment of their potential impact on confidentiality, integrity, and availability. Additional metrics such as risk score, exploitability, and complexity are also included.
• Reporting Dashboard: Presents a detailed view tailored to specific roles like SecOps and NetOps. An important capability to mention here is how the security summary maps to a modern risk-based approach to detect adversaries MITRE ATT&CK framework. Secure Workload has multiple forensic rules mapped to the MITRE ATT&CK TTPs (Technique, Tactics, and Procedures) allowing one to identify an adversary and follow every single step taken to compromise, exploit, and exfiltrate data.

Figure 7: Security Summary in Compliance Reports

Figure 8: Forensic Event Incident

Key Takeaways

While navigating the requirements of DORA may seem daunting, the right tools can revolutionize your organization’s approach to Cyber Resilience with a risk-centric focus. Secure Workload can be instrumental in facilitating this transformation, enabling your organization to achieve:

• Strategic Cyber Resilience: Secure Workload can be a strategic enabler for aligning with DORA’s vision. Transitioning from a reactive cybersecurity stance to a proactive, risk-based approach, prepares your organization to anticipate and counteract the evolving cyber threat landscape
• Comprehensive Risk Insights: With granular visibility into application workload communications, dependencies, and vulnerabilities, coupled with the implementation of robust microsegmentation and compensating controls, Secure Workload equips you with the capabilities to not only understand but also to effectively mitigate risks before they materialize into breaches.

Source: cisco.com

Continue reading

Demystifying Multicloud Networking with Cisco Multicloud Defense

In today’s modern IT environment, most organizations leverage both the public cloud and private data center to house critical business applications. In many cases, these applications require communication with other applications to execute a particular need for the business. A common challenge among the customers I have spoken with is that they have applications in one environment that need to talk to applications in another environment, but they don’t want to send that data directly over the internet.

I don’t blame them— enterprises want to minimize their internet exposure as much as possible, hiding internal apps away from the internet.

Traditionally, organizations have leaned on dedicated connection (or cloud-native) services like AWS Direct Connect or Azure ExpressRoute to connect applications in the public cloud to the private data center. While these methods are high-speed options that facilitate connections between the public cloud and private data center, these connections are costly at scale, are not encrypted using IPsec, do not facilitate cloud-to-cloud connectivity, and require different configuration depending on the cloud environment.

To solve these challenges, Cisco has released new multicloud networking capabilities enabling scalable, secure site-to-cloud and cloud-to-cloud connectivity. These features use Cisco VPN code on the Multicloud Defense Egress Gateway and BGP routing for better connectivity across your cloud environment.

Figure 1: Applications are deployed everywhere

Why Multicloud Networking?

Customers can leverage multicloud networking from Cisco to build highly secure connections between applications and environments using a simplified architecture and workflow. This means organizations can easily connect applications from one environment to another at scale while also keeping operations in house to reduce cost. Our multicloud networking capabilities use widely adopted route-based VPN and BGP routing for secure connections and automated network advertisements. These multicloud networking capabilities can be described as:

◉ Site-to-cloud networking: Secure connectivity between the data center and the cloud

◉ Cloud-to-cloud networking: Secure connectivity between clouds

A Closer Look

To build site-to-cloud and cloud-to-cloud connections, customers would leverage Cisco Defense Orchestrator for establishing fully orchestrated and automated IPsec tunnels between environments. The platform uses BGP for optimized, resilient routing, allowing for the secure connection between the data center and the cloud (site-to-cloud) and between clouds (cloud-to-cloud).

When building a site-to-cloud connection, customers would use Cisco Secure Firewall (either physical or virtual appliance) at the data center edge and a Multicloud Defense Gateway at the cloud edge for the beginning and the end of the connection. For multicloud deployments that require cloud-to-cloud connectivity, multiple Multicloud Defense Gateways would be used. Site-to-cloud and cloud-to-cloud networking capabilities can be supported in both centralized and distributed security models.

The Multicloud Defense Gateway is based on a single-pass architecture and includes VPN code embedded in the data path pipeline. This enables direct termination of route-based IPsec VPN on the egress gateway. Route-based VPN is used with BGP routing for an automated CIDR advertisement. As soon as the IPsec tunnel is terminated on the egress gateway it advertises and learns all the networks using BGP, enabling automated traffic steering.

Figure 2: Multicloud Networking

Site-to-cloud Networking

Cisco Multicloud Defense and Cisco Defense Orchestrator provide an automated way to build highly secure, full-automated VPN tunnels between data centers and cloud environments.

Figure 3: Site-to-cloud networking (centralized security model)

Figure 3 shows that on-premises Secure Firewall appliances (physical or virtual) are managed by Cisco Defense Orchestrator and the Multicloud Defense egress gateways are managed by the Multicloud Defense Controller.

Cisco Defense Orchestrator orchestrates VPN configuration on the on-premises firewalls as well as talks to the Cisco Multicloud Defense Controller using APIs. This API communication between Cisco Defense Orchestrator and the Multicloud Defense Controller enables the orchestration of VPN configuration on the Multicloud Defense egress gateway(s). This approach provides customers with fully orchestrated secure IPsec connections, enabling secure connectivity between the data center and the cloud.

Figure 4: Site-to-cloud networking (distributed security model)

Figure 4 shows how Cisco also supports site-to-cloud networking in a distributed security model using Cisco Defense Orchestrator, Secure Firewall, the Multicloud Defense Controller, and the Multicloud Defense egress gateway.

Cloud-to-cloud Networking

Cisco Multicloud Defense provides an automated way to build highly secure, full-automated VPN tunnels between cloud environments. IPsec tunnels are terminated on the Multicloud Defense egress gateways.

Figure 5: Cloud-to-cloud networking (centralized security model)

Figure 5 shows the application VPC in AWS and the application VNet in Azure are protected using an egress gateway in the centralized deployment model. The Cisco Multicloud Defense Controller orchestrates IPsec VPN between egress gateways in Azure and AWS.

Figure 6: Cloud-to-cloud networking (distributed security model)

Figure 6 shows how Cisco also supports cloud-to-cloud networking in a distributed security model using Cisco Defense Orchestrator, the Multicloud Defense Controller, and multiple Multicloud Defense egress gateways.

The new multicloud networking capabilities add fully orchestrated VPN tunnels where IPsec tunnels are formed between networks advertised in the BGP domain. In addition to secure connectivity, customers need a way to enable threat-centric policies between source and destination subnets. To solve this challenge, Cisco is enabling common security objects across on-premises Cisco firewalls and Multicloud Defense Gateways with the new Hybrid Segmentation feature.

Hybrid Segmentation

For the site-to-cloud connectivity use case, sharing network objects between Secure Firewall, Multicloud Defense, and Cisco Defense Orchestrator simplifies the hybrid segmentation policy creation process for administrators by pooling objects across into one centralized location. This reduces complexity, minimizes human error when creating new objects, and removes duplicative processes.

Static object sharing

Now static network objects can be shared between Cisco Multicloud Defense and the Cisco Defense Orchestrator.

Figure 7: Hybrid Segmentation (Static Object sharing)

Figure 7 shows objects being shared between CDO and Multicloud Defense controller. Object “db” is imported from the CDO and objects “app1-aws” & “app2-aws” are automatically synchronized from the Cisco Multicloud Cloud Defense Controller.

Now administrator can configure the following policies in CDO and the Multicloud Defense Controller:

◉ Policy on CDO and Multicloud Defense Controller: Allow app1-aws, app2-aws access to db

In addition, to secure VPN connectivity features advanced threat security features can also be enabled on Multicloud Defense Egress Gateway.

Conclusion

Modern enterprises are becoming an increasingly complex spiderweb of connections between on-premises datacenters, branch locations, cloud VPCs, cloud regions, and cloud accounts. The traditional approach of doing direct connections between all the networks, or manually managing IPsec connectivity adds a lot of complexity. Cisco has brought together Cisco Defense Orchestrator, Secure Firewall, and Multicloud Defense to manage creating the connectivity across all the environments—ensuring applications can reach the destinations they require. Through these capabilities, customers achieve greater control while reducing cost by bringing operations in-house. In addition to building secure connections, these solutions together also simplify policy creation for customers by way of network object sharing between environments—reducing risk of human error when building policy and minimizing complexity across environments.

Source: cisco.com

Continue reading

Why IT Leaders Are Evolving the Network into a High-Performance Digital Engine

In 2024, digital methods of payment are outpacing cash. 3D printers are becoming a fixture in implant surgery and AI is adding color to the world for people who are visually impaired, using just a phone—and the network.

Society expects and depends on an ever-increasing fusion of digital and physical experiences for everyday life and business progress. This dependency is apparent in the 2024 Cisco Global Networking Trends Report, which shows a continued correlation between network investment in fueling digital experiences and the benefits felt by organizations.

When the 2,000+ IT leaders surveyed were asked about their network investment and results over the past 12 months, they quickly pointed to a clear uptick in every key business metric: increased customer and employee satisfaction, improved operational efficiency, and business growth.

The road to success has been bumpy.

Driving transformation while on empty

IT is at the helm of delivering digital experiences, and the pressure is more intense than ever. Network architectures are more sophisticated, more complex, and spread across more multiclouds and multi-vendors than ever. IT leaders are also besieged by rising cybersecurity risks, increased demand from new app and workload types, and vastly distributed workforces and infrastructures.

Even more, over a third of respondents use multiple, separate management systems or ad hoc integrations when managing their campus, branch, WAN, data center, and multicloud architectures.

Identifying or solving just one network issue is currently a dizzying swivel-chair operation as IT teams hop between various management systems. Some respondents even admit they currently have no API-driven network ecosystem integrations today, meaning these management systems are working independently and inefficiently.

After years of grappling with point solutions deployed during the pandemic, that in part led to current IT challenges, there have been bright spots.

Over a third (39%) of IT leaders shared that they currently use a platform architecture across some networking domains and strongly support platform adoption. They see the value of a platform approach leading to faster IT and business innovation (43%), improved network performance and security posture (40%), and cost savings (37%). Also clear is that a platform equals the simplicity of having software, policy, open APIs, advanced telemetry, and automation all in one place.

So, it’s no surprise that respondents said 72% of their organizations will adopt a network platform to handle one or more network domains within two years. Even more, 39% of them expect to scale across all networking domains, as shown in the maturity model below.

Figure 1: This graphic compares the status of network maturity today vs. where respondents expect to be in two years.

Blind spots ahead

Deploying and managing digital experiences and ensuring everything is up and working—at scale—is top-of-mind for IT, and it hasn’t proven easy.

Providing service reliability to ensure predictable and consistent user experiences is an area for significant improvement for 41% of respondents. A key factor is the lack of visibility into complete network paths, including internet and cloud networks, according to 35% of respondents. IT leaders feel hampered in assuring the digital experience and achieving digital resilience across owned and unowned infrastructure—more on this from me at Cisco Live 2024.

The alarms are going off

As digital experiences and the network scales, so does the threat landscape. According to the report, 40% of IT leaders cite cybersecurity risks as their number one concern impacting network strategy over the next 12 months. They’re looking to combat these threats in a few ways.

First is integrating network and security processes, technology, and tools, with half of respondents making this their top network security investment over the next two years. Second is moving more security tools to the cloud to protect the increasingly distributed infrastructure and workforce better.

Like cybersecurity, we can’t have a conversation in 2024 without AI.

Speeding ahead with AI

The promise of AI is the needed reprieve for IT organizations struggling with a lack of resources and automation to handle basic operational tasks. Only 5% of respondents believe their teams are equipped to deliver the innovations needed to help steer business strategy, satisfy customers, and optimize operations.

Within two years, 60% expect AI-enabled predictive automation across all domains to manage and simplify network operations.

Data center upgrade plans for greater throughput and scalability to meet the AI need include enhanced Ethernet (56% of respondents). 59% of respondents also plan to simplify their data center network operations with AIOps within two years.

This is just a snippet from the 2024 Global Networking Trends Report. It provides a critical perspective from IT leaders who must ensure the network delivers secure digital experiences for all. One thing is clear: the network continues to be in the driver’s seat for digital experiences and a catalyst for business transformation.

Source: cisco.com

Continue reading

The Crux of Android 14 Application Migration and Its Impact

First I would like to give an overview of the Meraki Systems Manager (SM) application. Systems Manager is Meraki’s endpoint management product. We support management for many different platforms, including iOS, Android, macOS, and Windows. “Managing” a device can mean monitoring its online status, pushing profiles and apps to it, and/or enforcing security policies, among other things. With Systems Manager, this management all happens through Meraki’s online interface called Dashboard. Examples and code snippets mentioned in this blog are more specific to the Android SM application.

Migration of applications to any SDK mainly includes 2 tasks from the developer’s perspective. One is – how the application behaves when installed on a device with an Android version other than the target SDK of the app. And secondly, how the app will behave when the target SDK is changed. Developers need to understand what new features, or updates of any existing feature, and its impact on the application are.

This document focuses on some of the changes impacting developers with Android 14 migration. It also covers migration of the Systems Manager app to Android 14, and challenges encountered during the migration and testing.

Font Scaling

In earlier versions of Android i.e., 13 Non-linear font scaling was supported up to 130% but in Android 14, it is supported up to 200% which can impact the UI of the application. In the application if font dimensions are declared using sp (scaled pixel) units there are chances of minimal impact on the application because Android framework would apply these scaling factors. Because of nonlinear scaling of font density scaling will not be accurate.

Key points

◉ TypedValue.applyDimension() to convert from sp units to pixels.

◉ TypedValue.deriveDimension() to convert pixels to sp

◉ LineHeight units should be specified in sp to manage proportion along with text size.

Background Process Limitation

Android OS is self sufficient to manage the resources efficiently by improvising performance as well. One of the pointers to achieve the same is by caching applications in the background and only when the system needs memory these applications will be removed from memory. All applications should comply with Google Play policy and hence killing of processes of other applications are strictly restricted in Android 14. Hence killBackgroundProcessess() can kill only the background processes of your own application.

Foreground Service Types

In Android 10, a new attribute was introduced to specify service type for foreground services. When using location information in the foreground service it was required to specify the type as “location”. Whereas in Android 11, mentioning service type for usage of camera or microphone in foreground service was mandated. But in Android 14 or above, all foreground services must be declared with their service types.

Some of the new service types were also introduced in Android 14 – health, remoteMessaging, shortService, specialUse and systemExempted. If service isn’t associated with any of the types specified, then it is recommended to change logic to use Workmanager or user-initiated data transfer jobs. MissingForegroundServiceTypeException will be thrown by the system in case service type is not specified.

Service type permissions need to be declared along with specifying the type in service.

      <uses-permission 

android:name="android.permission.FOREGROUND_SERVICE_SYSTEM_EXEMPTED" />

      <service

            android:name=".kiosk.v2.service.KioskBreakoutService"

            android:name=".kiosk.v2.service.KioskBreakoutService"

            android:foregroundServiceType="systemExempted"

            android:exported="false" />

Limitations on Implicit Intent and Pending Intent

Implicit intents are only delivered to exported components. This restriction ensures the application’s implicit intents aren’t used by any other malicious apps. Also, all mutable pending intent must specify a component or package information to the intent, if not the system throws an exception.

Implicit intent should be export similar to this:

<activity

   android:name=".AppActivity"

   android:exported="true"> <!-- This must be TRUE otherwise this will throw 

exception when starting the activity-->

   <intent-filter>

      <action android:name="com.example.action.APP_ACTION" />

      <category android:name="android.intent.category.DEFAULT" />

   </intent-filter>

</activity>

If pending intent should be mutable, then component info must be specified.

val flags = if (MerakiUtils.isApi31OrHigher()) {

   PendingIntent.FLAG_MUTABLE

} else {

   PendingIntent.FLAG_UPDATE_CURRENT

}

val pendingIntent = PendingIntent.getActivity(

   this,

   0,

   Intent(context, KioskActivity::class.java).apply {

      putExtra(ACTION, KioskActivity.BREAK_OUT_SINGLE_APP)

   },

   flags

)

Export behavior to be specified for Runtime-registered broadcasts

Prior to Android 13, there were no restrictions on sending broadcasts to a dynamically registered receiver when it is guarded by signature permission. Whereas in Android 13, aiming at making runtime receivers safe, an optional flag was introduced to specify whether the receiver is exported and visible to other applications. To protect apps from security vulnerabilities, in Android 14 or above context-registered receivers are required to specify a flag RECEIVER_EXPORTED or RECEIVER_NOT_EXPORTED to indicate whether receiver should be exported or not to all other apps on the device. This is exempted for system broadcasts.

ContextCompat.registerReceiver(

   requireContext(), receiver,intentFilter(),

   ContextCompat.RECEIVER_NOT_EXPORTED

Non-Dismissable foreground notifications

In Android 14 or higher, foreground notification can be dismissed by the user. But exceptions have been provided for Device policy Controller (DPC) and supporting packages for enterprise.

JobScheduler reinforces callback and network behavior

Prior to Android 14, for any job running for too long, it would stop and fail silently. When App targets Android 14 and if the job exceeds the guaranteed time on the main thread, the app triggers an ANR with an error message “No response to onStartJob” or “No response to onStopJob”. It is suggested to use WorkManager for any asynchronous processing.

Changes specific to Android Enterprise

Android Enterprise is a Google-led initiative to enable the use of Android devices and apps in the workplace. It is also termed as Android for Work. It helps to manage and distribute private apps alongside public apps, providing a unified enterprise app store experience for end users.

GET_PROVISIONING_MODE intent behavior

For signing in with a Google account, GET_PROVISIONING_MODE was introduced in Android 12 or higher. In Android 14 or higher, DPC apps receive this intent which can carry the information to support either Fully managed mode or work profile mode.

wipeDevice – for resetting device

Scope of wipeData is now restricted to profile owners only. For apps targeting Android 14 or higher, this method would throw system error when called in device owner mode. New method wipeDevice to be used for resetting the device along with USES_POLICY_WIPE_DATA permission.

Newly added fields and methods

ContactsContract.Contacts#ENTERPRISE_CONTENT_URI

ContactsContract.CommonDataKinds.Phone#ENTERPRISE_CONTENT_URI

When cross-profile contacts policy is allowed in DevicePolicyManager, these fields can be used for listing all work profile contacts and phone numbers from personal apps along with READ_CONTACTS permission.

To support setting contact access policy and callerID, below methods are newly added;

setManagedProfileContactsAccessPolicy

getManagedProfileContactsAccessPolicy

setManagedProfileCallerIdAccessPolicy

getManagedProfileCallerIdAccessPolicy

Deprecated methods

Below methods are deprecated and as an alternative methods specified in the previous section should be used.

DevicePolicyManger#setCrossProfileContactsSearchDisabled

DevicePolicyManger#getCrossProfileContactsSearchDisabled

DevicePolicyManger#setCrossProfileCallerIdDisabled

DevicePolicyManger#getCrossProfileCallerIdDisabled

Challenges during Meraki Systems Manager App Migration

• To ensure there was no UI breakage, we had to recheck all the code base of xml files related to all fragments, alert dialog and text size dimensions.
• Few APIs like wipeDevice(), were not mentioned in the Android migration 14. During the testing phase it was found that wipeData() is deprecated in Android 14 and wipeDevice() was supposed to be used for factory resetting the device successfully.
• Profile information which can be fetched along with intent GET_PROVISIONING_MODE was also missed in the migration guide. This was found during the regression testing phase.
• requestSingleUpdate() of location manager always requires mutable pending for location updation. But nowhere in the documentation, it is prescribed about it. Due to this there were few application crashes. Had to figure this out during application testing.

Source: cisco.com

Continue reading

Strengthen Your Security Operations: MITRE ATT&CK Mapping in Cisco XDR

In the intricate dance between cyber attackers and defenders, understanding adversary behavior is the difference between keeping up with sophisticated attacks or falling behind the evolving threat landscape. For security teams, this often feels like trying to navigate a maze blindfolded since adversaries typically have greater insights into defender strategies than defenders have into adversarial attacks. This lack of visibility can lead to reactive cybersecurity with ineffective security operations, poor incident response, and a weak security posture.

However, there’s another approach to cybersecurity that empowers security teams to strengthen their security operations and proactively protect their environments.

Move from Reactive to Proactive Security

Enter MITRE ATT&CK coverage mapping – a groundbreaking capability coming soon to Cisco XDR that enables security teams to turn their reactive operations into a holistic cybersecurity strategy by taking a proactive approach to threats. MITRE ATT&CK coverage mapping uses an interactive heatmap to connect adversary behaviors to detections from Cisco XDR and other integrated security solutions (see Figure 1).

Figure 1: MITRE ATT&CK Coverage Map Dashboard

This helps visualize how your security tools cover every attacker tactic, technique, and procedure (TTP) from the MITRE ATT&CK framework to give you a comprehensive understanding of threats across your entire security environment. You can use the automated MITRE ATT&CK coverage map to strengthen your security operations by enhancing threat detection, identifying and closing gaps in your defenses, and improving incident response.

The MITRE ATT&CK coverage map enhances detection of sophisticated threats across your environment. Understanding the tactics and techniques used by adversaries allows you to improve your security by taking stronger preventative measures. Moreover, it simplifies analysis of potential threats while fostering a proactive cybersecurity mindset that helps your security teams increase alignment with attacker motives and methods. It helps you prioritize incidents based on the impact and relevance of specific adversary behaviors.

Visualizing and mapping attacker TTPs also helps your security teams expose gaps in threat detection. They can use the MITRE ATT&CK coverage map to gain complete visibility into how your current security tools cover the full spectrum of threats. This allows your analysts to spot holes in your security infrastructure and prioritize resources across the most critical gaps. Furthermore, identifying weaknesses in your defenses enables you to deploy new security tools to close coverage gaps and strengthen your overall security posture.

Finally, MITRE ATT&CK coverage mapping improves incident response with a standardized language for your security operations. The MITRE ATT&CK framework provides a common language that makes it easier for security teams to communicate and collaborate on incidents. When combined with a heatmap of product coverage, you can streamline the incident analysis process while reducing the burden on your security team to identify patterns across alerts. This speeds detection and investigation to reduce both mean time to detection (MTTD) and mean time to response (MTTR) for your security operations.

Bolster Your Defenses

MITRE ATT&CK coverage mapping in Cisco XDR provides comprehensive visibility into adversary TTPs, giving you a quick and complete understanding of attackers. These actionable insights empower your analysts to hunt for threats with targeted hypotheses based on MITRE ATT&CK techniques for a proactive approach to security. Your analysts can also use these insights to strengthen your overall security posture and enhance your defenses by identifying, prioritizing, and closing gaps across your security stack.

In the ever-changing world of cybersecurity, staying ahead of adversaries is imperative. With MITRE ATT&CK coverage mapping in Cisco XDR, you can enable proactive security operations, bolster your defenses, and navigate the cyber threat landscape with greater confidence.

Source: cisco.com

Continue reading

Integrating IT and Campus Facilities for Future-Ready Learning Space

Transforming the University on-campus digital experience

Recent discussions with education leaders and industry analysts show a rapidly evolving scenario in the ‘post-COVID era’, where universities face increasing pressure to enhance the on-campus experience for students, faculty, and staff. These stakeholders now have higher expectations for how they digitally engage with their institution, academic life, their peers, and the broader university community.

To meet these demands effectively, universities must modernize their physical and digital infrastructures by integrating Information Technology (IT) with campus facilities strategies. This integration enables leveraging technology to enhance resource and space management, create sustainable environments, foster dynamic teaching and learning, streamline administrative tasks, and provide well-being services through seamless digital interactions.

The integration of IT with campus facilities management not only optimizes operations but also enriches the overall experience for all stakeholders involved. Here are the priority drivers we have heard from education leaders for the Next Generation Campus:

Learning Spaces Physical and Digital Convergence

Physical and digital convergence in university campuses involves more than just offering physical spaces for academic and social activities. It encompasses providing robust connectivity, ensuring cybersecurity, and creating environmentally sustainable environments that promote collaboration, innovation, and well-being. This convergence extends beyond traditional areas like lecture theatres, libraries, and laboratories to include non-traditional learning spaces such as canteens and other open spaces where students can access online course materials, engage in social media, and interact with peers and instructors on and off campus.

Improving User Experience

The campus plays various roles for students, serving as a place to access specialized equipment and a hub for social connection with peers and the institution. Beyond education, living and working on campus are significant aspects of college or university life. Integrating the IT network with campus facilities management enhances the experience for students, faculty, and staff by simplifying tasks and minimizing obstacles. Digital wayfinding systems facilitate navigation through campus buildings, while smart scheduling platforms streamline room reservations and event planning. These technological enhancements simplify tasks, minimize obstacles, and foster a more positive and productive campus experience.

Using Data to Maximize Space and Resource Utilization

Integrating IT infrastructure with campus facilities management generates a wealth of data that can inform strategic planning and decision-making processes. By utilizing the WI-FI network to capture data, universities can gain real-time insights into utilizing campus facilities, analyzing trends in space usage, energy consumption, and facility maintenance. This data empowers informed decision-making on space allocation, usage patterns, and resource optimization. Moreover, predictive analytics can anticipate future needs and challenges, enabling proactive interventions and risk mitigation strategies.

Enhancing Operational Efficiency

Integrating IT with campus facilities management streamlines administrative processes, enhancing efficiency and cost-effectiveness. This integration automates tasks such as remote working for administrative staff, contact center operations, room bookings, and maintenance requests. By reducing manual workloads and improving response times, digital systems optimize resource allocation, minimize overhead costs, and promote agility and responsiveness within the institution.

Supporting Sustainability Initiatives

Digital technologies play a crucial role in supporting sustainability initiatives on campus. Smart IoT sensors in the IT network for energy management systems optimize HVAC controls, lighting schedules, and power usage, reducing carbon emissions and energy costs. Additionally, digital tools facilitate waste management and recycling efforts, promoting sustainability awareness among the campus community.

Enhancing Safety and Security

Integrating IT with campus facilities management strengthens safety and security measures on campus. Digital signage, surveillance systems, access control mechanisms, and emergency notification platforms leverage digital technologies to monitor and respond to potential threats effectively. These systems enhance campus safety by providing real-time insights, communication capabilities, and peace of mind for students, faculty, and staff.

How Cisco Can Help

The integration of IT and campus facilities strategies represents a paradigm shift for universities to transcend traditional silos and foster a holistic approach to optimize campus operations and enhance the student experience. At the heart of this integration lies a reliable, secure, and connected digital infrastructure providing real-time insights into how physical spaces are utilized and services delivered. With combined IT and facilities strategies, universities can create smarter, more sustainable, and student-centric campus environments, with tangible benefits for operational enhancements and brand reputation.

Source: cisco.com

Continue reading