The AI Revolution: Transforming Technology and Reshaping Cybersecurity

Artificial Intelligence (AI) is revolutionizing government and technology, driving an urgent need for innovation across all operations. Although historically, local and state government systems have seen only incremental changes with limited AI adoption, today, a significant shift is occurring as AI is integrated across all government sectors.

Benefits of AI Integration

The benefits of these changes are evident. AI-powered systems analyze vast amounts of data, offering insights for better decision-making. Public services become more personalized and efficient, reducing wait times and enhancing citizen satisfaction. Security is significantly bolstered through AI-driven threat detection and response. Consequently, governments are adopting AI and advanced software applications to provide secure, reliable, and resilient services to their citizens, enhancing digital engagement and communication within their communities.

With this rapid growth, cybersecurity operations are among the areas most significantly impacted by advancements in artificial intelligence. CyberOps is at a unique intersection, needing to leverage advanced AI capabilities to enhance effectiveness and resiliency. However, numerous applications and connections are simultaneously challenging it by utilizing emerging AI capabilities to improve their effectiveness and resilience. Despite historically being rigid and resistant to change, CyberOps must adapt to the challenges of an AI-driven digital world.

Whole-of-State / Agency Cybersecurity Approach

Whole-of-State cybersecurity and zero trust governments can be challenged with maintaining digital operations while ensuring sensitive information’s privacy and security. Cisco’s technology allowed agencies to easily meet these requirements through advanced AI-powered security solutions and privacy-preserving AI models. Thanks to techniques like federated learning and differential privacy, sensitive information could be processed and analyzed without compromising individual privacy.

Adopting AI-Driven Services

Adopting AI-driven, easily consumable, on-demand services provides a secure, sustainable, and reliable foundation to build on. Investing in an infrastructure that is secure and flexible allows governments to quickly pivot to the emerging opportunities that the AI revolution brings. No one person could have predicted or prepared for such a transformative shift. Still, the ability to rapidly adapt to the challenges it brought and continue to serve the community and citizens in the ways they deserve is key.

Challenges and Adaptation

Don’t be mistaken, change is often hard. Humans are creatures of habit and comfort and rarely like to be pushed outside our comfort zone. Unfortunately, the AI revolution is doing just that. It is forcing us to adapt and discover new ways to operate and provide what are now seen as even the most basic digital services. The drive and demand for AI-powered services in the government sector are rapidly expanding. We are experiencing one of the most significant catalysts for technological adoption in the state and local government space since the internet became mainstream.

This revolution is driving the necessity for a whole-of-state cybersecurity and zero trust approach. The goal is no longer maintaining the status quo but rather achieving a level of service that provides the foundation for how things can be in an AI-enabled world. Providing enhanced, secure services and support to the community has become the resounding focus of state and local governments.

Cisco’s Role in Supporting Governments

As we navigate this AI revolution, Cisco stands ready to support governments in their journey towards whole-of-state cybersecurity and zero trust adoption. Our comprehensive suite of AI-powered solutions provides the building blocks for a secure and efficient AI-enabled government infrastructure. The shift to a more inclusive, AI-driven government began with specific applications but is rapidly expanding to all sectors and offerings in the state and local government spaces.

Source: cisco.com

Continue reading

Optimizing AI Workloads with NVIDIA GPUs, Time Slicing, and Karpenter

Maximizing GPU efficiency in your Kubernetes environment

In this article, we will explore how to deploy GPU-based workloads in an EKS cluster using the Nvidia Device Plugin, and ensuring efficient GPU utilization through features like Time Slicing. We will also discuss setting up node-level autoscaling to optimize GPU resources with solutions like Karpenter. By implementing these strategies, you can maximize GPU efficiency and scalability in your Kubernetes environment.

Additionally, we will delve into practical configurations for integrating Karpenter with an EKS cluster, and discuss best practices for balancing GPU workloads. This approach will help in dynamically adjusting resources based on demand, leading to cost-effective and high-performance GPU management. The diagram below illustrates an EKS cluster with CPU and GPU-based node groups, along with the implementation of Time Slicing and Karpenter functionalities. Let’s discuss each item in detail.

Basics of GPU and LLM

A Graphics Processing Unit (GPU) was originally designed to accelerate image processing tasks. However, due to its parallel processing capabilities, it can handle numerous tasks concurrently. This versatility has expanded its use beyond graphics, making it highly effective for applications in Machine Learning and Artificial Intelligence.

When a process is launched on GPU-based instances these are the steps involved at the OS and hardware level:

• Shell interprets the command and creates a new process using fork (create new process) and exec (Replace the process’s memory space with a new program) system calls.
• Allocate memory for the input data and the results using cudaMalloc(memory is allocated in the GPU’s VRAM)
• Process interacts with GPU Driver to initialize the GPU context here GPU driver manages resources including memory, compute units and scheduling
• Data is transferred from CPU memory to GPU memory
• Then the process instructs GPU to start computations using CUDA kernels and the GPU schedular manages the execution of the tasks
• CPU waits for the GPU to finish its task, and the results are transferred back to the CPU for further processing or output.
• GPU memory is freed, and GPU context gets destroyed and all resources are released. The process exits as well, and the OS reclaims the resource

Compared to a CPU which executes instructions in sequence, GPUs process the instructions simultaneously. GPUs are also more optimized for high performance computing because they don’t have the overhead a CPU has, like handling interrupts and virtual memory that is necessary to run an operating system. GPUs were never designed to run an OS, and thus their processing is more specialized and faster.

Large Language Models

A Large Language Model refers to:

• “Large”: Large Refers to the model’s extensive parameters and data volume with which it is trained on
• “Language”: Model can understand and generate human language
• “Model”: Model refers to neural networks

Run LLM Model

Ollama is the tool to run open-source Large Language Models and can be download here https://ollama.com/download

Pull the example model llama3:8b using ollama cli

ollama -h

Large language model runner

​

Usage:

  ollama [flags]

  ollama [command]

​

Available Commands:

  serve Start ollama

  create Create a model from a Modelfile

  show Show information for a model

  run Run a model

  pull Pull a model from a registry

  push Push a model to a registry

  list List models

  ps List running models

  cp Copy a model

  rm Remove a model

  help Help about any command

​

Flags:

  -h, --help help for ollama

  -v, --version Show version information

​

Use "ollama [command] --help" for more information about a command.

ollama pull llama3:8b: Pull the model

ollama pull llama3:8b

pulling manifest 

pulling 6a0746a1ec1a... 100% ▕██████████████████████████████████████████████████████████████████ 4.7 GB 

pulling 4fa551d4f938... 100% ▕██████████████████████████████████████████████████████████████████ 12 KB 

pulling 8ab4849b038c... 100% ▕██████████████████████████████████████████████████████████████████ 254 B 

pulling 577073ffcc6c... 100% ▕██████████████████████████████████████████████████████████████████ 110 B 

pulling 3f8eb4da87fa... 100% ▕██████████████████████████████████████████████████████████████████ 485 B 

verifying sha256 digest 

writing manifest 

removing any unused layers 

success

ollama list: List the models

developer:src > ollama show llama3:8b

  Model 

        arch llama 

        parameters 8.0B 

        quantization Q4_0 

        context length 8192 

        embedding length 4096 

  Parameters 

        num_keep 24 

        stop "<|start_header_id|>" 

        stop "<|end_header_id|>" 

        stop "<|eot_id|>" 

  License 

        META LLAMA 3 COMMUNITY LICENSE AGREEMENT 

        Meta Llama 3 Version Release Date: April 18, 2024

ollama run llama3:8b: Run the model

developer:src > ollama run llama3:8b

>>> print all primes between 1 and n

Here is a Python solution that prints all prime numbers between 1 and `n`:

​

```Python

def print_primes(n):

    for possiblePrime in range(2, n + 1):

        # Assume number is prime until shown it is not. 

        isPrime = True

        for num in range(2, int(possiblePrime ** 0.5) + 1):

            if possiblePrime % num == 0:

                isPrime = False

                break

        if isPrime:

            print(possiblePrime)

​

n = int(input("Enter the number: "))

print_primes(n)

```

​

In this code, we loop through all numbers from `2` to `n`. For each number, we assume it's prime and then check if it has any 

divisors other than `1` and itself. If it does, then it's not a prime number. If it doesn't have any divisors, then it is a 

prime number.

​

The reason why we only need to check up to the square root of the number is because a larger factor of the number would be a 

multiple of smaller factor that has already been checked.

​

Please note that this code might take some time for large values of `n` because it's not very efficient. There are more 

efficient algorithms to find prime numbers, but they are also more complex.

Source: cisco.com

Continue reading

Unlock the Potential of AI/ML Workloads with Cisco Data Center Networks

Harnessing data is crucial for success in today’s data-driven world, and the surge in AI/ML workloads is accelerating the need for data centers that can deliver it with operational simplicity. While 84% of companies think AI will have a significant impact on their business, just 14% of organizations worldwide say they are fully ready to integrate AI into their business, according to the Cisco AI Readiness Index.

Read More: 300-610: Designing Cisco Data Center Infrastructure (DCID)

The rapid adoption of large language models (LLMs) trained on huge data sets has introduced production environment management complexities. What’s needed is a data center strategy that embraces agility, elasticity, and cognitive intelligence capabilities for more performance and future sustainability.

Impact of AI on businesses and data centers

While AI continues to drive growth, reshape priorities, and accelerate operations, organizations often grapple with three key challenges:

◉ How do they modernize data center networks to handle evolving needs, particularly AI workloads?

◉ How can they scale infrastructure for AI/ML clusters with a sustainable paradigm?

◉ How can they ensure end-to-end visibility and security of the data center infrastructure?

Figure 1: Key network challenges for AI/ML requirements

While AI visibility and observability are essential for supporting AI/ML applications in production, challenges remain. There’s still no universal agreement on what metrics to monitor or optimal monitoring practices. Furthermore, defining roles for monitoring and the best organizational models for ML deployments remain ongoing discussions for most organizations. With data and data centers everywhere, using IPsec or similar services for security is imperative in distributed data center environments with colocation or edge sites, encrypted connectivity, and traffic between sites and clouds.

AI workloads, whether utilizing inferencing or retrieval-augmented generation (RAG), require distributed and edge data centers with robust infrastructure for processing, securing, and connectivity. For secure communications between multiple sites—whether private or public cloud—enabling encryption is key for GPU-to-GPU, application-to-application, or traditional workload to AI workload interactions. Advances in networking are warranted to meet this need.

Cisco’s AI/ML approach revolutionizes data center networking

At Cisco Live 2024, we announced several advancements in data center networking, particularly for AI/ML applications. This includes a Cisco Nexus One Fabric Experience that simplifies configuration, monitoring, and maintenance for all fabric types through a single control point, Cisco Nexus Dashboard. This solution streamlines management across diverse data center needs with unified policies, reducing complexity and improving security. Additionally, Nexus HyperFabric has expanded the Cisco Nexus portfolio with an easy-to-deploy as-a-service approach to augment our private cloud offering.

Figure 2: Why the time is now for AI/ML in enterprises

Nexus Dashboard consolidates services, creating a more user-friendly experience that streamlines software installation and upgrades while requiring fewer IT resources. It also serves as a comprehensive operations and automation platform for on-premises data center networks, offering valuable features such as network visualizations, faster deployments, switch-level energy management, and AI-powered root cause analysis for swift performance troubleshooting.

As new buildouts that are focused on supporting AI workloads and associated data trust domains continue to accelerate, much of the network focus has justifiably been on the physical infrastructure and the ability to build a non-blocking, low-latency lossless Ethernet. Ethernet’s ubiquity, component reliability, and superior cost economics will continue to lead the way with 800G and a roadmap to 1.6T.

Figure 3: Cisco’s AI/ML approach

By enabling the right congestion management mechanisms, telemetry capabilities, ports speeds, and latency, operators can build out AI-focused clusters. Our customers are already telling us that the discussion is moving quickly towards fitting these clusters into their existing operating model to scale their management paradigm. That’s why it is essential to also innovate around simplifying the operator experience with new AIOps capabilities.

With our Cisco Validated Designs (CVDs), we offer preconfigured solutions optimized for AI/ML workloads to help ensure that the network meets the specific infrastructure requirements of AI/ML clusters, minimizing latency and packet drops for seamless dataflow and more efficient job completion.

Figure 4: Lossless network with Uniform Traffic Distribution

Protect and connect both traditional workloads and new AI workloads in a single data center environment (edge, colocation, public or private cloud) that exceeds customer requirements for reliability, performance, operational simplicity, and sustainability. We are focused on delivering operational simplicity and networking innovations such as seamless local area network (LAN), storage area network (SAN), AI/ML, and Cisco IP Fabric for Media (IPFM) implementations. In turn, you can unlock new use cases and greater value creation.

Source: cisco.com

Continue reading

Blueprint to Cisco 300-445 ENNA Success: A Step-by-Step Guide

The Cisco 300-445 ENNA certification is a pivotal milestone for network professionals aiming to excel in enterprise network assurance. This comprehensive guide will walk you through what the Cisco CCNP Enterprise certification entails, how to start preparing for it, the exam content, and who should consider earning it.

Cisco 300-445 ENNA Exam Overview

The Cisco 300-445 ENNA, or Cisco Designing and Implementing Enterprise Network Assurance, is a certification that validates a professional’s expertise in designing, implementing, and maintaining enterprise network assurance. This certification focuses on ensuring the reliability, availability, and performance of network systems within an enterprise, which is critical for maintaining seamless business operations.

Achieving the Cisco CCNP Enterprise (300-445 ENNA) certification demonstrates that you possess the skills to utilize Cisco's tools and technologies to monitor and manage network performance, troubleshoot issues, and optimize network operations. This certification is part of Cisco's broader professional certification program, which aims to provide network professionals with the knowledge and skills needed to meet the demands of modern IT environments.

300-445 ENNA Exam Info:

• Exam Name: Cisco Designing and Implementing Enterprise Network Assurance
• Exam Price: $300 USD
• Duration: 90 minutes
• Number of Questions: 55-65
• Passing Score: Variable (750-850 / 1000 Approx.)

What's On the Cisco 300-445 ENNA Exam?

The Cisco 300-445 ENNA (Implementing Cisco Enterprise Network Assurance) exam is a critical certification for IT professionals looking to validate their skills in enterprise network assurance. The exam covers a comprehensive array of topics that are essential for maintaining and optimizing enterprise networks. Here is an in-depth look at the key areas covered in the Cisco 300-445 ENNA exam:

1. Network Assurance Principles

Understanding Network Assurance: The exam begins with a foundational understanding of network assurance principles. Candidates need to comprehend methodologies such as performance monitoring, fault management, and Service Level Agreement (SLA) management. These principles are crucial for ensuring that network services meet predefined performance standards and reliability metrics.

2. Cisco DNA Center Assurance

Implementing Cisco DNA Center: A significant portion of the exam focuses on Cisco DNA Center, a centralized management dashboard. Candidates must demonstrate proficiency in configuring, deploying, and troubleshooting network assurance features within Cisco DNA Center. This includes understanding how to utilize the platform for continuous monitoring and maintaining optimal network performance.

3. Network Data Analytics

Leveraging Analytics Tools: Network data analytics is a vital skill assessed in this exam. Candidates should be adept at using various analytics tools and techniques to gather, analyze, and interpret data on network performance. This involves understanding how to convert raw data into actionable insights to improve network operations.

4. Telemetry and Monitoring

Deploying Telemetry Solutions: The exam tests knowledge on the deployment and configuration of telemetry and monitoring solutions. Candidates need to understand how to implement these solutions to ensure continuous network reliability and performance. This includes familiarity with protocols and tools that facilitate real-time data collection and analysis.

5. Automation and Programmability

Enhancing Network Operations: Automation and programmability are increasingly important in modern network environments. The Cisco 300-445 exam requires candidates to incorporate automation into network assurance practices. This reduces manual intervention, enhances efficiency, and ensures consistency in network operations. Understanding scripting languages and automation frameworks is essential.

6. Troubleshooting

Diagnosing Network Issues: Effective troubleshooting is a critical component of network assurance. Candidates must be able to diagnose and resolve network performance issues using Cisco tools and methodologies. This includes being familiar with various troubleshooting techniques and tools that help identify and fix network problems promptly.

7. Security Assurance

Ensuring Network Security: Lastly, the exam covers security assurance as part of the overall network assurance strategy. Candidates must ensure that network security compliance and integrity are maintained. This involves understanding security protocols, implementing security policies, and ensuring that network configurations do not introduce vulnerabilities.

Who Should Earn the 300-445 ENNA?

The Cisco 300-445 ENNA certification is ideal for network professionals who are responsible for ensuring the reliability and performance of enterprise networks. Specifically, it is suitable for:

• Network Engineers
• Professionals who design, implement, and manage enterprise networks will benefit from the skills validated by this certification.
• Network Administrators
• Administrators tasked with maintaining network performance and troubleshooting issues will find the certification invaluable.
• Network Operations Specialists
• Specialists focused on monitoring and optimizing network operations can enhance their expertise through this certification.
• IT Managers
• IT managers overseeing network teams will gain insights into best practices for network assurance, enabling them to lead their teams more effectively.
• Aspiring Network Professionals
• Individuals looking to advance their careers in network engineering and operations can use this certification to demonstrate their capabilities to potential employers.

Top 7 Tips on How to Prepare for Cisco 300-445 ENNA

Preparing for the Cisco 300-445 ENNA exam requires a strategic approach and dedicated effort. Here are the top seven tips to help you successfully prepare for this certification:

1. Understand the Exam Objectives

Start by thoroughly understanding the exam objectives provided by Cisco. This detailed syllabus outlines all the topics covered in the exam. Familiarizing yourself with these topics ensures that your study plan encompasses every necessary area. This understanding forms the foundation of your preparation, helping you to focus your efforts effectively.

2. Gather Study Materials

Collecting Resources: Accumulate a variety of study materials such as official Cisco training courses, study guides, and practice tests. The Cisco website and authorized training partners offer comprehensive resources specifically tailored for the 300-445 ENNA exam. These materials provide a structured learning path and essential information needed to master the exam content.

3. Create a Study Plan

Develop a study plan that allocates sufficient time to each topic area. Consistency is crucial, so establish regular study sessions and adhere to your schedule. A well-organized plan ensures that you cover all topics systematically, reducing the risk of last-minute cramming and enhancing long-term retention.

4. Join Study Groups and Forums

Participate in study groups and online forums where you can interact with other candidates and certified professionals. These platforms offer valuable insights, tips, and peer support, which can help you understand complex topics better. Collaborative learning often provides new perspectives and enhances your overall preparation experience.

5. Hands-On Practice

Practical experience is vital for the 300-445 ENNA exam. Set up a lab environment where you can practice configuring and managing enterprise network assurance solutions. Hands-on practice helps solidify your theoretical knowledge and prepares you for real-world scenarios. This practical exposure is essential for mastering the practical aspects of the exam.

6. Take 300-445 ENNA Practice Tests

Regularly taking practice tests is an excellent way to gauge your readiness. These exams help identify areas where you need further study and familiarize you with the exam format and question types. 300-445 ENNA Practice tests also help build your confidence and time management skills, ensuring that you are well-prepared for the actual exam day.

7. Review and Revise

Consistently review and revise your notes to reinforce your understanding of the material. Focus particularly on areas where you feel less confident and seek additional resources if necessary. Regular revision helps consolidate your knowledge, making it easier to recall information during the exam.

Comprehensive Study Plan for Cisco 300-445 ENNA

Week 1-2: Foundation and Core Concepts

Day 1 to 3: Network Assurance Principles

• Objective: Understand the core principles of network assurance.
• Activities:
• Read Cisco’s documentation on network assurance.
• Watch introductory videos on network performance monitoring.
• Take notes on key concepts such as performance metrics, fault management, and SLA management.

Day 4 to 6: Cisco DNA Center Assurance

• Objective: Learn how to implement and manage network assurance using Cisco DNA Center.
• Activities:
• Go through Cisco DNA Center Assurance deployment guides.
• Set up a lab environment to practice configurations.
• Perform hands-on labs for configuring and deploying Cisco DNA Center.

Day 7: Review and Practice

• Objective: Reinforce the concepts learned in the first week.
• Activities:
• Review notes and highlight important points.
• Take a short quiz on the topics covered.
• Participate in a study group discussion to clarify doubts.

Week 3-4: Advanced Topics and Hands-On Practice

Day 1 to 3: Network Data Analytics

• Objective: Utilize network data analytics tools.
• Activities:
• Study Cisco’s network analytics tools documentation.
• Watch tutorials on data collection and interpretation.
• Practice using network analytics tools in your lab environment.

Day 4 to 6: Telemetry and Monitoring

• Objective: Deploy and configure telemetry and monitoring solutions.
• Activities:
• Read about different telemetry protocols and tools.
• Configure telemetry solutions in the lab.
• Monitor network performance and troubleshoot using telemetry data.

Day 7: Review and Practice

• Objective: Consolidate the second week’s learning.
• Activities:
• Recap key topics and take detailed notes.
• Engage in practical lab exercises focusing on telemetry and analytics.
• Join an online forum discussion to exchange insights and tips.

Week 5-6: Automation, Troubleshooting, and Security

Day 1 to 3: Automation and Programmability

• Objective: Incorporate automation into network assurance practices.
• Activities:
• Study Cisco’s documentation on network automation.
• Explore scripting and automation tools like Python and Ansible.
• Create basic automation scripts to manage network tasks.

Day 4 to 6: Troubleshooting and Security Assurance

• Objective: Diagnose and resolve network issues while ensuring security.
• Activities:
• Read Cisco’s troubleshooting guides.
• Watch videos on common network issues and their resolution.
• Implement security assurance practices in the lab and test for vulnerabilities.

Day 7: Comprehensive Review and Mock Exam

• Objective: Evaluate your overall preparation.
• Activities:
• Conduct a full review of all topics.
• Take a mock exam to simulate the test environment.
• Identify weak areas and revisit those topics.

Week 7: Final Preparation

Day 1 to 3: Focused Revision

• Objective: Deep dive into challenging topics.
• Activities:
• Revisit complex topics based on mock exam performance.
• Participate in focused study sessions with peers.
• Use flashcards for quick revision.

Day 4 to 6: 300-445 Practice Tests

• Objective: Build exam readiness.
• Activities:
• Take multiple ENNA practice tests to build confidence.
• Time yourself to improve speed and accuracy.
• Review explanations for any incorrect answers.

Day 7: Relax and Final Checks

• Objective: Ensure readiness for the 300-445 exam.
• Activities:
• Light revision of key points.
• Ensure all exam logistics are in place (ID, location, etc.).
• Rest and relax to be in the best mental state for the exam.

Benefits of Online Cisco 300-445 Practice Test

Exam Day Strategies for Cisco 300-445 ENNA

• Arrive Early: Plan to arrive at the exam center at least 30 minutes early. This allows you time to settle in, verify your ID, and relax before the exam starts.
• Read Questions Carefully: Carefully read each question and all answer choices. Look out for keywords and phrases that may alter the meaning of the question.
• Manage Your Time: Allocate a set amount of time for each question. If you get stuck, move on and return to it later if time permits. This ensures you don’t miss easier questions.
• Use Elimination Method: If unsure about an answer, eliminate the clearly wrong choices first. This increases your chances of selecting the correct answer from the remaining options.
• Stay Calm and Focused: Stay calm and maintain focus throughout the exam. Deep breathing exercises can help manage any anxiety and keep you centered.

Conclusion

Preparing for the Cisco 300-445 ENNA certification exam is a demanding but rewarding endeavor. By understanding the exam objectives, following a comprehensive study plan, engaging in hands-on practice, and adopting effective exam day strategies, you can significantly enhance your chances of success. This certification not only validates your expertise in enterprise network assurance but also opens doors to advanced career opportunities in the IT industry.

Start your preparation journey today, and remember, consistent effort and dedication are key to achieving your Cisco 300-445 ENNA certification. Best of luck!

Continue reading

Communications Compliance is Taking Center Stage in the Boardroom

Within the modern governance landscape in financial services, communications compliance has emerged as a critical issue, spurred by the staggering fines for unmonitored communications that have surpassed $2 billion USD in the United States alone. In February 2024, an additional 16 firms faced SEC fines totaling $81 million, signaling a zero-tolerance stance by regulators against compliance violations.

The Cisco and Theta Lake partnership, established in 2018, reflects a strategic response to these challenges. Theta Lake enhances the security and compliance features of Cisco’s Webex collaboration suite. This joint solution ensures institutions can safely harness the power of Webex’s functionalities, while significantly reducing the risk of penalties, increasing user satisfaction, and enhancing ROI (return on investment).

Theta Lake’s “Digital Communications Governance, Compliance, and Security Survey” for 2023/24, sheds light on the evolving landscape. With independent responses from over 600 IT and compliance professionals, the Theta Lake report reveals that 40% of firms have now elevated communications compliance to a board-level concern, underscoring the pressing demand for a revamped compliance and security framework for Unified Communications and Collaboration (UCC) tools that are integral to the modern workplace.

Why Are Firms Reevaluating Their Communications Compliance Strategies?

The survey indicates a widespread reassessment of communications compliance strategies in financial services, with 77% of respondents revising their approaches, 17% planning to do so, and 45% considering a complete overhaul. Traditional methods often fail to seamlessly capture, retain, and supervise across diverse communication platforms, leading to inefficiencies and compliance lapses. To counter these challenges, organizations are restricting key features that users want and need, inadvertently pushing employees towards unmonitored channels.

Theta Lake, in partnership with Cisco Webex, offers a purpose-built compliance, supervision, and security solution that integrates seamlessly across the Webex Suite, whether content is displayed, shared, spoken, or written. This solution brings significant value to leading organizations, including some of Webex’s largest customers—six of the top ten North American banks.

Where Should Organizations Begin When Overhauling Their Digital Communications Strategy?

Addressing compliance complexities requires a structured, proactive approach. In a rapidly evolving digital landscape, organizations must anticipate regulatory expectations and strategically overhaul their digital communications governance.

Cisco and Theta Lake recommend a three-point strategy:

• Effective Data Capture: Accurate and reliable record keeping starts by capturing the correct data at its source, along with its context and time of origin. This step is crucial for reconciliation and reporting.
• Record Navigation: With comprehensive record keeping across various channels, searching and navigating records and their interwoven communications becomes both possible and efficient.
• AI-Enhanced Compliance Scaling: AI (Artificial Intelligence) technology, specifically tailored for compliance, helps manage and oversee vast amounts of communication records, enabling institutions to identify and mitigate risks and maintain robust compliance standards.

Theta Lake: A Cisco SolutionsPlus Partner

The Cisco SolutionsPlus program features tested Cisco Compatible products. As a SolutionsPlus partner focused on collaboration and security, Theta Lake’s solution for the Webex Suite is available for purchase through the Cisco price list. This includes fully compliant capture, archiving (in existing systems or Theta Lake’s SEC-17a-4 compliant environment), and built-in policy-based AI-enabled risk detection/remediation/redaction capabilities for:

• Webex Calling & Customer Experience Essentials (New!): Voice Recordings, Business Texts (SMS), and Call Detail Records.
• Webex Meetings & Selective In-Meeting Communications: Video recordings, and selective archiving of any or all meeting components including audio or in-meeting eComms (such as chat, polling, Q&A, transcripts, and closed captioning).
• Webex Messaging: All content, replies, and reactions—including files and rich media (like images and GIFs).
• Polling/Slido: All content including polls, Q&A, surveys, and more.
• Webex Connect: Archiving & supervision support of log exports via SMTP or Rest API for SMS and omnichannel content.

In an era of intense regulatory oversight, Cisco and Theta Lake’s joint solutions have transitioned from a strategic asset to an essential requirement for financial services organizations aiming to ensure robust communications compliance.

Source: cisco.com

Continue reading

Protecting Against regreSSHion with Secure Workload

On July 1, 2024, the Qualys Threat Research Unit (TRU) disclosed an unauthenticated, remote code execution vulnerability that affects the OpenSSH server (sshd) in glibc-based Linux systems.

Now we have seen how CVE-2024-6387 has taken the internet by storm, making network security teams scramble to protect the networks while app owners patch their systems.

Secure Workload helps organizations get visibility of application workload traffic flows and implement microsegmentation to reduce the attack surface and contain lateral movement, mitigating the risk of ransomware.

Below are multiple ways in which Secure Workload can be leveraged to get visibility of affected application workloads and enforce segmentation policies to mitigate the risk of workloads being compromised.

1. Visibility of SSH Traffic Flows

According to the Qualys Threat Research Unit, the versions of OpenSSH affected are those below 4.4p1, as well as versions 8.5p1 through 9.8p1, due to a regression of CVE-2006-5051 introduced in version 8.5p1.

With Secure Workload, it is easy to search for traffic flows generated by any given OpenSSH version, allowing us to spot affected workloads right away and act. By using the following search attributes, we can easily spot such communications:

◉ Consumer SSH Version

◉ Provider SSH Version

Figure 1: Visibility of OpenSSH version from Traffic Flows

2. Visibility of OpenSSH Package Version in Workloads

Navigate to Workloads > Agents > Agent List and click on the affected workloads. On the Packages tab, filter for the “openssh” name and it will search for the current OpenSSH package installed on the workload.

Figure 2: OpenSSH package Version

3. Visibility of CVE-ID Vulnerability in Workloads

Navigate to Vulnerabilities tab, and a quick search for the CVE ID 2024-6387 will search the current vulnerabilities on the workload:

Figure 3: Vulnerability ID Information Per Workload

4. Mitigating Risk of regreSSHion

Once the relevant workloads are spotted, there are three main avenues to mitigate the risk: either by microsegmenting the specific application workload, implementing organization-wide auto-quarantine policies to proactively reduce the attack surface, or performing a virtual patch with Secure Firewall.

◉ Microsegmentation: Microsegmentation policies allow you to create fine-grained allow-list policies for application workloads. This means that only the specified traffic flows will be permitted, denying any other traffic that might be generated from the workload.

Figure 4: Microsegmentation Policies For Affected Application Workload

◉ Auto-Quarantine: You can choose to implement organization-wide policies to reduce the attack surface by quarantining workloads that have installed a vulnerable OpenSSH package or are directly affected by the CVE ID.

Figure 5: Organization-Wide Auto-Quarantine Policies

◉ Virtual Patch: If quarantining a workload is too disruptive to the organization (e.g., business-critical applications or internet-exposed applications), you can perform a virtual patch with the help of Cisco Secure Firewall to protect the application workloads against the exploit while still maintaining connectivity for the application.

Figure 6: Virtual Patch with Secure Firewall Connector

Figure 7: Vulnerability Visibility and IPS Signature in FMC

5. Process Anomaly and Change-In Behavior Monitoring of regreSSHion

Even in the scenario where a workload is compromised, Secure Workload offers continuous monitoring and anomaly detection capabilities, as shown below:

◉ Process Snapshot: Provides a process tree of existing runtime processes on the workload. It also tracks and maps running processes to vulnerabilities, privilege escalation events, and forensic events that have built-in MITRE ATT&CK Techniques, Tactics, and Procedures.

Figure 8: Process Snapshot of Affected Workloads

◉ Forensic Rules: Secure Workload comes with 39 out-of-the-box MITRE ATT&CK rules to look for techniques, tactics, and procedures leveraged by adversaries. It is also possible to create custom forensic rules to track certain process activities, such as privilege escalation performed by processes. The system can also generate alerts and send them to the Secure Workload UI and SIEM systems.

Figure 9: Example Manual Forensic Rule Creation (left) and Built-In Mitre ATT&CK Rules (right)

Source: cisco.com

Continue reading

Maintaining Digital Compliance with the PCI DSS 4.0

The Payment Card Industry data security standards have evolved since 2002 when the first version was released. The most recent update, version 4.0.1, was released in June 2024. This updates the PCI 4.0 standard, which  has significant updates to both scope and requirements. These requirements are being phased now and through March 2025.

Cisco has been involved with PCI since the outset, having a seat on the board of advisors and helping craft the development of PCI standards through different evolutions. Cisco has consulted extensively with customers to help meet the requirements and provided extensive user friendly documentation on how customers can meet the requirements, both in minimizing the scope of the assessment as well as in ensuring security controls are present. We have released systems that are PCI compliant in control aspects as well as data plane aspects, and have built-in out-of-the box audit capabilities in a number of infrastructure based, and security based, solutions.

The purpose of this blog is to walk into the PCI DSS 4.0 with a focus on architects, leaders, and partners who have to navigate this transition. We will discuss what is new and relevant with PCI DSS 4.0, its goals and changes. We will then explore products and solution that customers are actively using in meeting these requirements, and how our products are evolving to meet the new requirements. This will be targeted to teams who already have been on the PCI journey. We’ll transition to an expansion into PCI DSS in more detail, for teams that are newer to the requirements framework.

One thing that is important to note about the 4.0 update, is it will be a phased rollout. Phase 1 items (13 requirements) had a deadline of March 31, 2024. The second phase is much larger and more time has been given, but it is coming up soon. Phase 2 has 51 technical requirements, and is due May of 2025.

Implementation timelines as per PCI At a Glance

What’s new in PCI DSS 4.0, and what are its goals?

There are many changes in PCI DSS 4.0. these were guided by four overarching goals and themes:

Continue to meet the security needs of the payments industry.

Security is evolving at a rapid clip, the amount of public CVE’s published has doubled in the past 7 years (source: Statista). The evolving attack landscape is pushing security controls, and new  types of attack require new standards. Examples of this evolution are new requirements around Multi-Factor authentication, new password requirements, and new e-commerce and phishing controls.

Promote security as a continuous process

Point in time audits are useful but do not speak to the ongoing rigor and operational hygiene needed to ensure the proper level of security controls are in place in a changing security environment. This step is an important step in recognizing the need for continual service improvement vis-a-vis an audit. This means that process will be have additional audit criteria in addition to the application of a security control.

Provide flexibility in maintaining payment security

The standard now allows for risk based customized approaches to solving security challenges which is reflective to both the changing security environment, and the changing financial application environments. If the intent of the security control is able to be met with a novel approach, it can be considered as fulfilling a PCI requirement.

Enhance validation methods and procedures for compliance

“Clear validation and reporting options support transparency and granularity.” (PCI 4.0 at a glance).  Clarity in the measurements and reporting is articulated. This is important for a number of factors, you can’t improve what you don’t measure, and if you’re not systematically tracking it in well-defined language, it is cumbersome to reconcile. This focus will make reports such as the attestation report more closely aligned to reports on compliance and self-assessment questionnaires.

How Cisco helps customers meet their PCI Requirements.

Below is a table that briefly summarizes the requirements and technology solutions that customers can leverage to satisfy these requirements. We will go deeper into all of the requirements and the technical solutions to these.

PCI DSS 4.0 Requirement	Cisco Technology/Solution
1. Install and Maintain network security control.	Cisco Firepower Next-Generation Firewall (NGFW), ACI, SDA, Cisco SDWan, Hypershield, Panoptica, Cisco Secure Workload
2. Apply secure configurations to all system components.	Catalyst center, Meraki, Cisco SDWan, Cisco ACI, Cisco CX Best Practice configuration report
3. Protect stored cardholder data	Cisco Advanced Malware Protection (AMP) for Endpoints
4. Protect cardholder data with strong cryptography during transmission over open, public networks	Wireless Security requirements satisfied with Catalyst Center and Meraki
5. Protect all systems and networks from malicious software	Cisco AMP for Endpoints
6. Develop and Maintain secure systems and software	Meraki, Catalyst Center, ACI, Firepower, SDWan. Cisco Vulnerability Manager
7. Restrict access to cardholder data by business need-to-know	Cisco ISE, Cisco Duo, Trustsec, SDA, Firepower
8. Identify users and authenticate access to system components	Cisco Duo for Multi-Factor Authentication (MFA), Cisco ISE, Splunk
9. Restrict physical access to cardholder data	Cisco Video Surveillance Manager, Meraki MV, Cisco IOT product suite
10. Log and monitor all access to system components and cardholder data	Thousand Eyes, Accedian, Splunk
11. Test security of systems and networks regularly	Cisco Secure Network Analytics (Stealthwatch), Cisco Advanced Malware Protection, Cisco Catalyst Center, Cisco Splunk
12. Support information security with organizational policies and programs	Cisco CX Consulting and Incident Response, Cisco U

A more detailed look at the requirements and solutions is below:

Requirement 1: Install and Maintain network security control.

This requirement is will ensure that appropriate network security controls are in place to protect the cardholder data environment (CDE) from malicious devices, actors, and connectivity from the rest of the network. For network and security architects, this is a major focus of applying security controls. Quite simply this is all the technology and process to ensure “Network connections between trusted and untrusted networks are controlled.” This includes physical and logical segments, networks, cloud, and compute controls for use cases of dual attached servers.

Cisco helps customers meet this requirement through a number of different technologies. We have traditional controls include Firepower security, network segmentation via ACI, IPS, SD-Wan, and other network segmentation items. Newer technologies such as cloud security, multi cloud defense, hypershield, Panoptica and Cisco Secure Workload are helping meet the virtual requirements. Given the relevance of this control to network security, and the breadth of Cisco products, that list is not exhaustive, and there are a number of other products that can help meet this control that are beyond the scope of this blog.

Requirement 2: Apply secure configurations to all system components.

This requirement is to ensure processes for components are in place to have proper hardening and best practice configurations applied to minimize attack surfaces. This includes ensuring unused services are disabled, passwords have a level of complexity, and best practice hardening is applied to all system components.

This requirement is met with a number of controller based assessments of infrastructure, such as Catalyst center being able to report on configuration drift and best practices not being followed, Meraki, and SDWan as well. Multivendor solutions such as Cisco NSO can also help ensure configuration compliance is maintained. There are also numerous CX advanced services reports that can be run across the infrastructure to ensure Cisco best practices are being followed, with a corresponding report and artifact that can be used.

Requirement 3: Protect stored account data.

This requirement is application and database settings, and there isn’t a direct linkage to infrastructure. Analysis of how account data is stored, what is stored, and where it is stored, as well as cursory encryption for data at rest and the process for managing these, are covered in this requirement.

Requirement 4: Protect cardholder data with strong cryptography during transmission over open, public networks

This requirement is to ensure encryption of the primary account number when transmitted over open and public networks. Ideally this should be encrypted prior to transmission, but the scope applies also to wireless network encryption and authentication protocols as these have been attacked to attempt to enter the cardholder data environment. Ensuring appropriate security of the wireless networks can be done by the Catalyst Center and Meraki in ensuring appropriate settings are enabled.

Requirement 5: Protect all systems and networks from malicious software

Prevention of malware is a critical function for security teams in ensuring the integrity of the financial systems. This requirement focuses on malware and phishing, security and controls, across the breadth of devices that can make up the IT infrastructure.

This requirement is met with a number of Cisco security controls, Email security, Advanced malware protection for networks and for endpoints, NGFW, Cisco Umbrella, secure network analytics, and encrypted traffic analytics are just some of the solutions that must be brought to bear to adequately address this requirement.

Requirement 6: Develop and Maintain secure systems and software

Security vulnerabilities are a clear and present danger to the integrity of the entire payments platform. PCI recognizes the need for having the proper people, process, and technologies to update and maintain systems in an ongoing basis. Having a process for monitoring and applying vendor security patches, and maintaining strong development practices for bespoke software, is critical for protecting cardholder information.

This requirement is met with a number of controller based capabilities to assess and deploy software consistently and at speed, Meraki, Catalyst Center, ACI, Firepower and SD-Wan, all have the ability to monitor and maintain software. In addition, Cisco vulnerability manager is a unique capability to take into account real world metrics of publicly disclosed CVE’s in order to prioritize the most important and impactful patches to apply. Given the breadth of an IT environments software, attempting to do everything at equal priority means you are systematically not addressing the critical risks as quickly as possible. In order to address your priorities you must first prioritize, and Cisco vulnerability manager software helps financials solve this problem.

Requirement 7: Restrict access to cardholder data by business need-to-know

Authorization and application of least privilege access is a best practice, and enforced with this requirement. Applied at the network, application, and data level, access to critical systems must be limited to authorized people and systems based on need to know and according to job responsibilities.

The systems used to meet this requirement are in many cases, shared with requirement 8. With zero trust and context based access controls we include identification in with authorization, using role based access controls and context based access controls. Some of these can be provided via Cisco identity services engine, which has the ability to take into account a number of factors outside of identity (geography, VPN status, time of day), when making an authorization decision. Cisco DUO is also used extensively by financial institutions for context based capabilities for zero trust. For network security enforcement of job roles accessing the cardholder data environment, Cisco firepower and Software Defined access have the capabilities to make context and role based access decisions to help satisfy this requirement. For monitoring the required admin level controls to prevent privilege escalation and usage of root or system level accounts, Cisco Splunk can help teams ensure they are monitoring and able to satisfy these requirements.

Requirement 8: Identify users and authenticate access to system components

Identification of a user is critical to ensuring the authorization components are working. Ensuring a lifecycle for accounts and authentication controls are strictly managed are required. To satisfy this requirement, strong authentication controls must be in place, and teams must ensure Multi-factor authentication is in place for the cardholder data environments. They also must have strong processes around user identification are in place.

Cisco ISE and Cisco Duo can help teams satisfy the security controls around authentication controls and MFA. Coupled with that, Cisco Splunk can help meet the logging and auditing requirements of ensuring this security control is acting as expected.

Requirement 9: Restrict physical access to cardholder data

“Physical access to cardholder data or systems that store, process, or transmit cardholder data should be restricted so that unauthorized individuals cannot access or remove systems or hardcopies containing this data.” (PCI QRG). This affects security and access controls for facilities and systems, for personnel and visitors. It also contains guidance for how to manage media with cardholder data.

Outside the typical remit of traditional Cisco switches and routers, these devices play a supporting role in supporting the infrastructure of cameras and IOT devices used for access controls.  Some financials have deployed separate air gapped IOT networks with the cost efficiencies and simplified stack Meraki devices, which simplifies audit and administration of these environments. The legacy proprietary camera networks have been IP enabled, and support wired and wireless, and Meraki MV cameras offer cost affordable ways to scale out physical security controls securely and at speed. For building management systems, Cisco has a suite of IOT devices that support building physical interface capabilities, hardened environmental capabilities, and support for IOT protocols used in building management (BACNET). These can integrate together and log to Cisco Splunk for consolidated logging of physical access across all vendors and all access types.

Requirement 10: Log and monitor all access to system components and cardholder data

Financial institutions must be able to validate the fidelity of their financial transaction systems and all supporting infrastructure. Basic security hygiene includes logging and monitoring of all access to systems. This requirement spells out the best practice processes for how to conduct and manage logging of infrastructure devices that allow for forensic analysis, early detection, alarming, and root cause of issues.

Cisco and Splunk are the world leader in infrastructure log analytics for both infrastructure and security teams. It is deployed at the majority of large financials today to meet these requirements. To compliment this, active synthetic traffic such as Cisco Thousand Eyes and Accedian help financials detect failures in critical security control systems faster to satisfy requirement 10.7.

Requirement 11: Test security of systems and networks regularly

“Vulnerabilities are being discovered continually by malicious individuals and researchers, and being introduced by new software. System components, processes, and bespoke and custom software should be tested frequently to ensure security controls continue to reflect a changing environment.” (PCI QRG)

One of the largest pain points financials face is the management of applying regular security patching across their entire fleet. The rate of CVE’s released has doubled in the past 7 years, and tools like Cisco Vulnerability management is critical prioritizing an infinite security need against a finite amount of resources. Additional Cisco tools that can help satisfy this requirement is: Cisco Secure Network Analytics (11.5), Cisco Advanced Malware protection (11.5), Cisco Catalyst Center (11.2), Cisco Splunk (11.6).

Requirement 12: Support information security with organizational policies and programs

People, process, and technology all need to be addressed for a robust security program that can satisfy PCI requirements. This requirement focuses on the people and process that are instrumental in supporting the secure PCI environment. Items like security awareness training, which can be addressed with Cisco U, are included. Cisco CX has extensive experience consulting with security organizations and can help review and create policies that can help the organization stay secure. Finally, having a Cisco Incident Response program already lined up can help satisfy requirement 12.10 for being able to immediately respond to incidents.

Source: cisco.com

Continue reading