Friday, 14 August 2020

Embrace the Change: How Automation Empowers the Network Engineer

I’m a Cisco SE based in Tel-Aviv, Israel. In this role I am constantly meeting with customers to create real-world solutions. Recently, I was meeting with the CIO, infrastructure manager, and network engineer at a major enterprise to discuss an innovation solution that can accelerate desired business outcomes. As always, questions are raised and we find ourselves on a detour covering several linked topics.

When we reach the portion on automation, I see the network engineer starting to move uncomfortably in his chair. We discuss how the solution can both reduce cost and reduce risk for the company, and we seem to strike a chord with the CIO who’s showing increasing interest. As the CIO’s excitement increases, so does the network engineer’s restlessness and, not a moment too soon, starts a parade of objections .

This network engineer is not alone and this is far from an uncommon situation. There are still network engineers who will try to block automation initiatives. Perhaps perceiving them as a threat. It’s a shame, as the reality is quite the opposite. Far from being a threat, automation is today’s great career enhancement opportunity for network engineers.

Digital transformation is here, and it’s here to stay. Across industries, companies are in a constant pursuit of the latest technology, that becomes a critical core of the company’s strategy – and for a good reason: Companies who master digital will not only drive more revenue but, will on average be 29% more profitable than their peers. This is critical and urgent, as 40% of incumbents are at risk of being displaced.

How does this concern the network engineer? Surprisingly, even in 2020 95% of network changes are still being done manually, and 70% of policy violations are caused by… wait for it … human errors!

Cisco Network Engineer, Cisco Study Materials, Cisco Exam Prep, Cisco Learning

As IoT devices are introduced to the enterprise networks (Gartner expects “only” 20 Billion devices by 2020, other predictions aim for 50B), manual configuration of a network will no longer cut it. Automation will become a mandatory skill for every network engineer.

Network engineers who embrace this innovation will be considerably more efficient, and able to position themselves as a strategic asset in the company’s technological future. Those who fail to understand automation will, eventually, become redundant and irrelevant to the industry.

A quick look in LinkedIn job posts reveals that the job titles are changing from “network engineer” to “network automation engineer.” Thinking about a network engineer role at Facebook? Guess what – Python, Perl, Ruby and shell scripting are strongly preferred. JP Morgan? Shell/Python Scripting, and Splunk. Perhaps Bosch? Python again.

Cisco Network Engineer, Cisco Study Materials, Cisco Exam Prep, Cisco Learning

Cisco Network Engineer, Cisco Study Materials, Cisco Exam Prep, Cisco Learning

Cisco Network Engineer, Cisco Study Materials, Cisco Exam Prep, Cisco Learning

Since 75% of the average network engineer’s time is spent on troubleshooting (“keeping the lights on”), and automation can reduce this time consumption significantly, network engineers will actually have the time to invest in learning new skills such as programmability and automation.

Convinced but not sure where to start?


I personally self-learned network-oriented Python programming, and wrote my first API request in Python less than 5 hours later using Cisco’s DevNet. There are many other resources to learn from, for example: CodeAcademy or LearnPython.

What I loved about DevNet is the orientation to network engineers, as opposed to general Python training. DevNet got me up and running very quickly with the focused knowledge and tools a network engineer needs. In addition, DevNet is much more than a website; it’s an interactive developer community, integrated discussion forums, and includes sandboxes – so you can actually practice your code on actual solutions without breaking anything or affecting a production environment.

Thursday, 13 August 2020

5G Core and Cloud Native are Changing the Mobile Game

Cisco Prep, Cisco Study Materials, Cisco Exam Prep, Cisco Certification

As service providers eye network upgrades to satisfy new demands for 5G, there are several important decisions to ponder. One of the biggest questions is whether to build onto your existing 4G network as a Non-Standalone (NSA) or jump in with a Standalone (SA) network packet core to position yourself as an industry leader well into the future. From a cost perspective, this isn’t an easy choice, but the return on investment could be the difference-maker.

We all understand that 5G is about new use cases and enterprise, but if you want to deliver more and better services you need to consider making the move toward the 5G SA core to meet the new requirements and stringent Service Level Agreements (SLAs).

In the world of 5G evolution we immediately think of New Radio (NR) transforming our access, and lower latency service delivery, but we tend to forget how essential the core is in developing the SA network. Service providers are just starting to plan for this, so it’s important to examine your options carefully, even if you aren’t ready to commit to full-scale deployment just yet.

How Did We Get Here?


As an industry, we have spent more than a decade optimizing how we deploy, operate, and evolve networks. Virtualization was the first step, which largely focused on building adequate data centers and management framework without fully redesigning the network functions. The Evolved Packet Core (EPC) was standardized before Network Function Virtualization (NFV) was invented, and while it evolved over the years (adding Control Plane User Plane Separation (CUPS) and virtualizing the packet core) those efforts were hindered by inadequate underlying capabilities.

The 5G core is an opportunity to enable a fully disaggregated architecture with network functions designed as microservices, exposing distinct network function services via well-defined APIs. With native self-discovery, we gain the flexibility to decide on the placement of the workloads to meet service requirements at a lower cost.

Right now, most 5G deployments are NSA, meaning the 5G NR is controlled by the legacy EPC offering little service innovation opportunity at the core. The 3rd Generation Partnership Project (3GPP) standards defined 5G SA with new capabilities and 2020 saw the introduction of the first 5G SA mobile handsets giving service providers the opportunity of adopting this new technology. We already see early movers such as T-Mobile in the United States. They achieved the first End-to-End (E2E) data session on a multi-vendor, next-generation radio and core network with the Cisco 5G SA solution.

How does Cloud Native Impact 5G?


The industry is adopting a new development framework and moving quickly to a cloud native environment with virtualization, automated deployment, instantiations, and upgrades. This affects not only new services delivered by service providers, but also represents new ways for enterprise customers to consume those services.

The four pillars of cloud native – DevOps, microservices, containers, and continuous delivery – are all in play as we leverage open source technology. In cloud native we are splitting the application into individual microservices and focusing on decomposition when it brings value.

Containers, which allow virtualization and management of these microservices, can be deployed very quickly. They have an operating system that meets all the requirements so it may take only a few seconds to deploy applications versus what would have taken hours. The fast up-launch and healing capacity are really changing the way we view application deployment.

Cloud native applications are deployed as a set of containers with the majority of them being stateless. The only stateful layer in the cloud native software architecture design is the database layer. If one container malfunctions for some reason, you simply launch another one…easy. It allows you to reach continuous delivery, the Holy Grail of the software environment, and our solution packages all your services into one so you’re not stuck trying to mix and match from different vendors.

Let’s take a closer look at some of the benefits inherent in each pillar of cloud native:

Microservices

• Modular, loosely coupled software services
• Individually deployed and lifecycle managed

Containers

• Virtualization and management of microservices
• Highly portable to different deployment targets

Continuous Delivery

• Automated continuous integration, validation, and availability of containers
• In-service software upgrades with automated testing

DevOps

• Automate and manage rapid deployments
• Isolate production changes and deploy once validated

Some of the other benefits of cloud native for service providers include:

• Built-in automation and orchestration
• Fast application launch and healing

Why Consider a 5G Standalone Network?


Whereas cloud native for 5G is very agile and flexible in how it’s deployed, whether it’s on Telco Cloud, in a traditional data center, or on a single server in a closet, non-standalone is a hardened solution. It is important to understand the key drivers to move to 5G SA.

First, 5G SA is the target architecture to deliver edge cloud with CUPS, for example in the case of gaming architecture or collaborative applications like autonomous manufacturing with the need to monitor and strictly manage latency. In that case, managing latency requires moving the core as close to the user as possible. Second, 5G core brings built-in network slicing, which is key to delivering strict SLAs as requested by customers to satisfy their specific use cases and requested SLAs. Third, the 5G core gets rid of the old protocols and is instead introducing an API-based communication paradigm that can be used to connect to external systems. For instance, this is expected to ease the interconnection of an enterprise policy server (e.g. Cisco DNA-C) with the mobile core delivering a consistent experience across different domains.

Many years of experience developing packet cores leaves Cisco best positioned to provide secure and open 5G infrastructure and automation while delivering on the above-mentioned capabilities which are key drivers for 5G SA deployment. We offer an innovative, end-to-end, highly secure system with security at the heart of the solution design. This is complemented by multi-domain automation and orchestration, rendering a complete lifecycle as well as cross-domain slicing.

Tuesday, 11 August 2020

More than connectivity: Wi-Fi as a lens to analyze business impact during a global crisis

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides

The year 2020 has brought about changes in the way people go about their daily lives. The pandemic is reshaping society in ways that are unfamiliar and sudden. To understand what industries can expect when the pandemic slows down and also better prepare for any future crisis, they need to analyze and take measure of how the pandemic changed the customers’ behavior towards businesses and its physical spaces. For example — are there fewer retail customers now as compared to before the pandemic? How has their visit frequency changed and are they spending more time now in-store or less? There is an assumption that market segments like transportation and hospitality would be impacted more than others like Healthcare, but is there real data to prove it?

One of the ways to get answers to these questions and more is to leverage a technology that we are all familiar with – Wi-Fi. Wi-Fi is now an essential service available everywhere, from enterprise workspaces to coffee shops, from universities to malls. Given the pervasiveness of Wi-Fi and the close correlation between wireless client count and visitor/user count in a physical space, we are better able to understand user presence and behavior.

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides
Cisco DNA Center + Cisco DNA Spaces

Cisco DNA Center and Cisco DNA Spaces cover more than 10 million client devices, more than one million access points, and digitize close to 2.8 billion square feet of enterprise airspace. With such a massive anonymized data set (until the end of April 2020) in hand and with the broad coverage of deployments that Cisco has, we set out to analyze how businesses in different market segments were affected by the pandemic. We take some of the observations from the real world and see if the data collected by Cisco also shows similar observations.

Overall impact on wireless client count

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides

While new infection cases were being reported in early February in countries outside of China, such as South Korea and Italy, much of the rest of the world continued along with business as usual. In the beginning of March, the seriousness of the pandemic was being felt throughout the world. News about possible restrictions to mitigate the transmission of the virus were being announced around the second week of March, culminating with a national emergency declaration on March 13th in the United States.

Given the shelter-in-place orders that were mandated in mid-March across many geographies, there was a sudden and severe drop experienced in people density across many businesses and market segments.

If we look at the overall wireless client count from Cisco DNA Center deployments around the world — including all regions and market segments — it began dropping in the week of March 16th with a sharp fall continuing until the end of March:

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides
Total Wireless client count trend

There was a 62.35% drop in client count from March 9th until March 30th.

To understand which regions contributed the most to the fall, look at the overall client count split by regions. Almost every region showed a similar trend of declining count starting from the second week of March:

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides
Client count by region

The data collected by Cisco DNA Spaces also aligns with this observation and shows that the drop in user visits was universal and happened across all geographies. Most countries experienced record drop-offs in the same week despite differing social distancing policies.

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides
Drop in visits during week of March 16th relative to the previous week

People presence in the US also dropped suddenly in a single week beginning Monday the 16th:

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides
Daily trend in visits to out-of-home locations

While the decline has been similar between the different regions, the recovery since the second week of April has been different. While the Americas and Asia Pacific, Japan and China (APJC) are showing a modest increase in client count numbers by 5.58% and 3.22%, Europe, the Middle East, Africa and Russia (EMEAR) region is leading the recovery with an increase of 49.43%. Within the EMEAR region, the biggest contributors to the recovery have been Professional Services, Government and the Financial Services segment.

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides
Wireless clients per market segment (EMEAR)

Impact on user presence in different market segments


Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides

Understandably during stay at home orders, verticals like Hospitality, Transportation and Education were expected to be impacted much more than other more essential verticals like Healthcare, as they had to continue working at the same or higher scale. The data collected from our customers validates this.

To measure the impact of user presence in different market segments, we take the latest client count for that segment and compute the percentage change from the historical average for that market segment. This analysis reveals the top three segments that were most impacted and least impacted:

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides

The Education segment is one of Cisco’s largest, with close to 1.5 million clients reported through Cisco DNA Center. With universities and schools closed down for the academic year two-and-a-half months early, this segment was severely impacted. The client count went down by 77.02% in the last three weeks of March:

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides
Wireless client count trend in Education market segment

While one might suspect that a pandemic would cause user presence to jump in the Healthcare market segment, the data collected shows that it has in fact seen a drop in user presence as well, though it was relatively lower than other segments. The reason for this drop is because people are preferring to do virtual or on-phone appointments with their Healthcare teams during this crisis. Additionally, people were pushing their elective surgeries and non-critical appointments out to a later date. We see this in New York, one of the hardest hit states, as emergency room visits in New York City health and hospital locations were down by 50% in March. In Providence, Rhode Island, the volume of heart attack patients fell by about 50% in March. Physicians suspect that this was because patients with mild heart attacks or strokes were going to family doctors or outpatient clinics instead of visiting the ER.

We filtered out the data for just the Healthcare segment to see if our observation correlates with this.

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides
Wireless client count trend in Healthcare market segment

Notice the dip in the month of March. The fear of visiting hospitals did indeed impact the Healthcare market segment.

Regional differences


Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides

It would be interesting to analyze how the impact on businesses has been different in different countries based on the timelines of the pandemic, their approach to mitigating the impact of the virus, and other unique incidents that happened in their regions.

China


On December 31, 2019 China first reported cases of COVID-19 to the World Health Organization (WHO). By March 19th, China reported that there were no new local transmissions for the first time since the pandemic began.

This timeline is very different from the rest of the world. While the rest of the world was entering the initial stage of the transmission of the virus, China was on its way to a recovery. As a result, we should expect a difference in the data that we see from China as compared to the rest of the world.

The wireless client trend for China shows a dip after 2nd week of January. The steep drop continues until the first week of February (decline of 91.5%) after which it shows a recovery:

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides

We observe that businesses in China started recovering much earlier than the rest of the world. And given the weekly increase in client count after the first week of February, the recovery seen in China appears to be quite aggressive.

Looking at the change in client count (as of April 27) as compared to the historical average across the market segments, we can see that China is showing above average count in all segments except Government and Education:

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides

The Manufacturing segment in China showed an interesting trend. There are two dips seen in the client count trend for Manufacturing. The first dip is understandable — this is when the pandemic was at its worst in China. But the second dip (decline of 41.46%) unexpectedly occurred in April when China should have been out of this crisis.

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides

Looking at this a bit deeper, there is one customer from Guangzhou that had a much bigger contribution to the drop in the Manufacturing segment than the rest. The client count for this deployment dropped in April by 98.1% in two weeks and contributed to the overall drop for this segment. This correlates with the news of an outbreak in Guangzhou and the shutdowns in the region because of this localized outbreak.

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides
Wireless client count trend from a Manufacturing customer in Guangzhou

Overall, looking at the trends of all the market segments, China is showing recovery.

United States


The United States started seeing the first few reports of the infection in January 2020. By March 13th, a national emergency was declared and a number of states went into lockdown after that. After more than a month of severe lockdown measures, a few states started to open up in a phased manner. Given this shifted timeline as compared to China, we should expect to see some interesting insights by analyzing the telemetry data.

In sharp contrast to China, the US shows a steep decline (54% drop) in client count in the second week of March. This correlates with the timeline of the response in the US because of closures and lockdowns on businesses occurred only in the second week of March.

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides

Beginning in April, the client count trend for the US showed some stabilization and a very slow growth in the last few weeks of April. This observation correlates well with the news about businesses coming out of the lockdown in a phased manner at the end of April.

Other than Healthcare, all of the market segments in the US are showing a client count below the average. With social distancing becoming the norm and schools and universities shut down, market segments like Hospitality, Media and Entertainment, Transportation and Education have been hit the worst.

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides

Looking at the week-by-week changes starting on March 9, we can see steep declines in multiple segments. We see a bit of a stabilization when April begins and then after the second week we see a slow increase in client counts across different segments.

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides

We observe that businesses in the US are slowly trying to come out of the lockdown. While it is not as aggressive as China, the progress is still happening.

While China is showing growth with its top customers, the customers in the US with the highest number of unique client counts are still showing decline in count in the last week (as of April 27th). Since most of the large customers (as far as unique client counts goes) in the US are from the Education segment, this is expected. Schools and universities may remain closed until much later this year, so the recovery in this segment will take time.

Retail has been an interesting market segment in the US to analyze. At the end of February 2020, the seriousness of the virus was first being felt in the United States. Infections spiked in Europe and the number of cases were rising in the United States. The fear of lockdown and running out of stock of essentials led to “panic shopping” in a lot of regions in the US. We can clearly see this phenomenon if we zoom into the retail segment in the US and check the client trend:

There are spikes seen in the client count trend for the beginning of March before the lockdowns in the US were announced. After that, near the end of March, the spikes died down, but the trend never really dropped very low. This is because grocery shopping is one of the essential businesses that had to be kept open.

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides

Diving deeper into the retail segment, Cisco DNA Spaces shows interesting insights into sub-categories in this segment.

By looking at percentage change in weekly visits across the sub-categories in Retail between first week of March and last week of April, we see that Convenience and Groceries categories were less affected than other categories.

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides

Wireless client count trend in US Retail sub-categories segment

We also observe that while the number of visits to retail outlets have fallen during this crisis, the time spent by shoppers per visit to the store has remained largely stable.

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides

Another interesting observation in Retail segment is that the drop in visits by customers was agnostic to local social distancing regulations. We looked closely at the visits data from a Lifestyle retailer with stores across four states – California, Florida, Texas, and New York. These states announced shelter-in-place orders at different times and the level of restrictions were also different, but the timing and pattern of decline in visits was identical across all the locations.

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides

Sweden


Sweden, the country that adopted the unique and controversial approach to stopping COVID-19, kept most of its businesses including primary schools and non-essential businesses open while encouraging people to work from home if possible. It relied on ‘herd immunity’ to stop the transmission by letting the stronger population get infected and develop immunity while protecting the high-risk population. What does the data tell us about the impact of this pandemic on Sweden, and on its businesses as a result of this unique approach?

Unlike most of the other countries impacted by the pandemic, Sweden had very minimal impact in the month of March and it shows very aggressive recovery in the last week of April:

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides

In the last few weeks of April, the EMEAR region has shown the fastest recovery (49.43% growth in client count since 2nd week of April) when compared to AMERICAS (+5.58%) and APJC (+3.22%). And within EMEAR, if we take a snapshot of the top few deployments with highest client counts, most of them are from Sweden, and the count is higher than average in the last week of April:

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides
Client count change in Sweden

This makes Sweden kind of an outlier as compared to the other Nordic countries and it could be attributed to their unorthodox approach.

India


On January 30, 2020 India reported its first case of the virus. By mid-March the number of confirmed cases escalated to more than a 100. The government started imposing travel restrictions and states began to issue shutdown orders or asking institutions to work in limited capacities. Finally, on March 24, the government issued an order for complete lockdown of the nation.

This sequence of events can be seen in the overall client trend for India. After the second week of March, there is a rapid decline (a drop of 95.97%) in client count and it bottomed out at the end of March. This is in line with the earlier observation where globally user presence dropped suddenly. After the steep drop, the trend line has remained flat:

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides

The Government of India and all the State Governments took strict measures to make sure no one violates or defies the lockdown restrictions. All market segments were severely impacted because of these stringent measures exercised by the government:

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides
Average client count change in India

A week-by-week analysis shows that user presence in some segments like Technical Services had already started getting significantly impacted starting mid-March.

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Certification, Cisco Learning, Cisco Guides
Client count drops in March for India

There is an explanation for this observation. Out of an ‘abundance of caution’ a lot of employees had already started working from home. Multi-national companies were asking their global teams to work from home even before the Government of India announced the nationwide lockdown because of COVID-19.

One can also notice that after March 30th, there has hardly been any change in the client count. This can be attributed to the fact that the lockdown restrictions are being strictly enforced in India with legal actions taken against violators.

Monday, 10 August 2020

Harvesting Threat Intelligence with the SecureX Threat Response API

Cisco Tutorial and Material, Cisco Exam Prep, Cisco Learning, Cisco Certifications

It is widely known that there are never enough resources to staff every Security Operation Center (SOC). Organizations are struggling to cope with the massive number of new attacks, which makes it ever more important to stay up to date with the vast number of threats that could be just around the corner. Enter Cisco Talos, Cisco’s threat intelligence research group and a well-respected source for threat intelligence information.

What is Threat Intelligence?


According to Wikipedia, “cyber threat intelligence is information about threats and threat actors that helps mitigate harmful events in cyberspace”. Wikipedia also points out that the “sources include open source intelligence, social media intelligence, human intelligence, technical intelligence, or intelligence from the deep and dark web”.

There are different forms of threat intelligence:

◉ Tactical: this type of intelligence can be used to identify the threat actor of a specific attack. Examples can be Indicators of Compromise (IoCs) like IP addresses, domains and file hashes.

◉ Operational: this type of intelligence focuses more on the Tools, Techniques and Procedures (TTPs) of the attacker.

◉ Strategic: this type of intelligence focuses more on high-level cyber risks and can be used to create a strategy for a company.

What is the SecureX Threat Response API?


The SecureX Threat Response platform is a tool that aggregates and correlates the capabilities of many Cisco and third-party security products (called “modules”). This tool can be leveraged for “threat hunting” in a customer’s environment to help keep their environments secure. It does this by connecting to the API’s of the various products, and by doing so is able to retrieve information. This process is called “enrichment.” Enrichment focuses both on internal sightings and external threat intelligence. At the same time, Threat Response can take actions in a subset of the connected products. This process is called “response”.

Some products can only provide enrichment, while others can do both enrichment and response. Cisco Security customers can use Threat Response to quickly identify a root cause of a cyber-attack, by using any text (containing IoCs) as an input. This text can then be enriched both from internal monitoring modules (“Do I have any infected hosts?”), and from threat intelligence modules (“Are these IoCs bad?”). And it enables customers to quickly take response actions to remediate the threat.

Cisco Tutorial and Material, Cisco Exam Prep, Cisco Learning, Cisco Certifications

The SecureX Threat Response relation graph graphically shows how the observables in an investigation are connected.

If you’re a Cisco Security customer, guess what … You have access to Threat Response at no extra cost. The Threat Response APIs can be leveraged to automate a big chunk of the threat hunting process, and mainly the enrichment process.

How to harvest threat intelligence, and hunt the threats?


The internet contains many free sources of threat intelligence that can be used in addition to the Cisco Talos feeds. Using the SecureX Threat Response API, it is possible to harvest this and discover internal security events. This process is what was earlier described as “enrichment”, where both internal and external modules are checked for hits. There is a big community out there that shares new IoCs related to new cyber-attacks and malware campaigns.

So how can I harvest my threats?


Below are two examples that take a free source from the internet (blogs and Twitter) and parse them for IoCs. Both scripts then check for “target sightings” and automatically adds IoCs to SecureX Casebook. If there are any hits on internal targets, it will add a “HIGH PRIORITY” tag to the Case. The scripts will also send a Webex Teams alert to a configured Space (e.g. the Space used by a SOC). Check out the links below to find out more!

1. Searching threat intelligence blogs

The Cisco Talos blog is a perfect example of one of those free sources of threat intelligence that can be found on the internet. Their blog highlights threats and other information they find on a regular basis. However, who has the time to read all these blog posts, search through all their security tools for hits, and take action on them? Using the Threat Intelligence API, I was able to search the Talos blog (and others!) and pull out the exact information I needed to remediate my threat. Find out how on my DevNet Automation Exchange post:

2. Scouring Twitter Hashtags (e.g. #OPENDIR)

You can do a similar things with Twitter. The #opendir Twitter hashtag is used by many threat intelligence researchers to post their findings on new threats. This is a perfect example of one of those free sources of threat intelligence that can be found on the internet. Matching this information source with the connected Threat Response modules, gives you relevant hits to help protect your organization for unwanted threats.

Cisco Tutorial and Material, Cisco Exam Prep, Cisco Learning, Cisco Certifications

Some example Tweets from the #opendir hashtag.

These are just two examples of what you can do with these awesome API’s.

Saturday, 8 August 2020

Cisco and IBM Security Simplified: Mapping the Story

“The more things change, the more they stay the same” can be true even with security.

Although our security tools and workflows have certainly become much stronger over the years, some challenges haven’t changed:

◉ Businesses still worry about their intellectual property being compromised and/or leveraged for nefarious use.

◉ Deploying a secure defense is still complex; many companies can find themselves deploying 50 to 100 different tools from 50+ vendors in an attempt to protect their businesses.

◉ There is still a lack of qualified security personnel, which becomes even more problematic given the large number of vendors and tools that must be managed.

◉ It is still difficult to explain the toolsets and processes required to secure a modern enterprise.

Expanding on that last point, a year ago, we began working with IBM to find a way to explain joint Cisco and IBM security value propositions in a way that is easier for our customers and partners to understand.

We’ve been told by customers that if we can reduce their vendor count from 50+ vendors to “something you can count on your fingers and toes,” it would improve not only technical efficiency for their response teams, but also offer operational efficiency to legal and finance teams through contract simplification. In response, over time and through a number of integrations, Cisco and IBM have jointly developed a comprehensive security story, greatly simplifying your vendor and tools landscape. Now, while I can’t say in good conscience that Cisco and IBM can address all your security concerns, integrated Cisco and IBM tools and services can meet a majority of your security needs and our technology ecosystems can fill in the gaps.

The result of our efforts to better explain these Cisco and IBM security value propositions is what I call “subway map” journeys.

Mapping a customer’s security journey with integrated solutions

Initially, we began by looking at the top three areas of concern for our customers:

◉ Insider threats: threats living inside the network

◉ Ransomware: malicious software that blocks system access

◉ Compliance: the need to meet and maintain compliance requirements

When customers explore how to protect their businesses against these three use cases, they typically deploy a number of tools, which can be viewed as subway stops along the security journey (Figure 1).

Cisco Tutorial and Material, IBM Exam Prep, IBM Study Materials, IBM Guides

Figure 1: Security journey subway map

The three colored lines in this subway map are aligned with each use case. In each journey, the light blue and dark blue stops represent Cisco and IBM products, respectively. Also notice the subway car moving through the stops. The shortage of security personnel means many of our customers rely on services from Cisco and IBM to help transport them to their destination, whether through consulting before an engagement, integration services during deployment, or managed services afterward.

You can look at the briefs for Ransomware, Compliance, and Insider Threats workflows on the IBM and Cisco Security Solutions page, but let’s take a quick look now at Insider Threat and discuss how it’s been impacted by the ongoing pandemic.

Insider threats


In the case of insider threats, the primary concern is that an employee or other insider has gained privileged access to the network and can obtain company secrets or customer data. In response, a security solution must:

◉ Block causes of a potential compromise

◉ Restrict access to limit the scope of loss if the network is compromised

◉ Quickly identify and prioritize threats

◉ Detail the response plan so operators can move quickly to mitigate damage

As shown in Figure 2, the integrated Cisco and IBM defense against insider threats includes the following tools:

◉ Cisco Identity Services Engine (ISE) orchestrates who is using the network and creates policies for where they are allowed to go.

◉ Cisco Firepower Threat Defense (FTD) provides enforcement points and detection through NGFW/NGIPS functionality.

◉ Cisco Stealthwatch provides visibility into traffic on the network—so we know policies are being observed—while also providing insight into what policies could/should be.

◉ Cisco Advanced Malware Protection (AMP) enables file inspection across endpoints, the intrusion prevention system (IPS), email, and the web (ESA/WSA) to reduce points of compromise.

◉ IBM QRadar combines alerts from multiple sources and analyzes user activity to detect malicious insiders.

◉ IBM Resilient helps companies understand and orchestrate a response plan across people, process, and technology.

◉ IBM Guardium activates data loss prevention (DLP) to further the solution through classification of sensitive assets and data protection.

Cisco Tutorial and Material, IBM Exam Prep, IBM Study Materials, IBM Guides

Figure 2.  Insider threats subway journey

Going forward


Stay-at-home orders have created a new set of challenges for many businesses during the pandemic. While the tools mentioned in the previous section remain relevant to combating insider threats, the relative importance of technologies such as Cisco Duo for MFA, Cisco AnyConnect for VPN access, Cisco AMP4EP, and Cisco Umbrella in protecting remote and mobile workers has increased. The changes in the way our customers leverage our tools also impacts the way we focus integration surface between our companies. As you may have guessed, consumption of AMP4EP logs in QRadar has is an area we’ve seen increase and we’ve received great feedback on the recently published Cloud Security app for QRadar (Figure 3) as well.

Cisco Tutorial and Material, IBM Exam Prep, IBM Study Materials, IBM Guides

Figure 3.  Cisco Cloud Security Dashboard in QRadar

In addition, as many of you have heard by now, Cisco has been focusing heavily on improving usability and workflow for customers leveraging our tools. That work has culminated in the recently launched Secure X tool. I’m happy to say that we have integrated Secure X into QRadar, so that customers can get hover-over information from Secure X directly in QRadar and also pivot into Secure X for additional drill-downs and investigation details.

Thursday, 6 August 2020

Cisco Meeting Server 3.0 Feature Release

Premise-Based Conferencing Option with Cisco Meeting Server 3.0


“Going to the cloud” seems to be the talk of the town; however, the cloud is not everyone’s cup of tea. If that’s your case, we hear you, and we care about you. Cisco continues to offer a premise-based conferencing option just for you.

Let me tell you about our latest Cisco Meeting Server 3.0 feature release.

Just because you are not on the cloud, doesn’t mean your platform can’t be like the cloud. Cisco is working hard to align user experiences between Webex and CMS in order to simplify scenarios where customers use both. With this new release, we have a greater number of concurrent web app sessions, new web app in-meeting controls, and branding capabilities to give meetings your companies look and feel.

Better Meeting Experiences


The engineering team has been hard at work delivering agile feature releases every four months, with features you can use now while working remotely or from home. We are also continuously working to keep CMS a user friendly and intuitive platform.

Scalability – CMS extends its industry-leading scale with the web app. The web app scales to the same capacity as SIP calls on the CMS callbridge for internal calls and calls over a VPN.

Web App – Anyone can join a meeting quickly without installing anything by using the web app powered by WebRTC technology. With web app, users can create, join, and manage their meetings using their preferred browsers including Chrome, Firefox, Safari, Edge, or Yandex. New in-meeting features with the latest release include:

◉ Add/drop participants
◉ Mute others or all
◉ Branding
◉ Start a recording or streaming session
◉ Name labels
◉ Lock / unlock
◉ Making participants important

More Advanced Features with the 3.0 Release


The 3.0 release also brings more advanced features like separate windows for video and content to allow users to use two screens or just to optimize how they use their desktop. Below is an example of branding now available with the Meeting Server web app.

Cisco Exam Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Guides

Self-management – Administrators can provision templates allowing users to create their own spaces based upon admin defined templates. Other options include setting PIN’s for hosts or guests and adding additional members to the space.

Smart licensing – This release also changes licensing, where Cisco Meeting Management (CMM) is required with all deployments for licensing usage reporting, plus integration with Cisco Smart Licensing.

Smart licensing is a new way of thinking about licensing. It can be applied to all Cisco products and is now available through CMM for CMS clusters. Smart licensing simplifies managing licensing for CMS, which means no more license files must be applied to servers. It provides key information about software entitlement and utilization in one centralized process. CMM will be mandatory for all new customers. Smart Licensing is required for new customers, optional for existing customers.

TMS - Cisco TMS provides centralized control for on-site and remote video systems and a deployment and scheduling system for your entire video network. TMS for scheduling now supports Oath authentication with O365 & Exchange hybrid deployments. TMS for higher education customers allows CMS recording to be configured when scheduling with the help desk.

In Conclusion


All of these new Cisco Meeting Server features gives your company the tools you need for getting business done, weather meeting in the office, from home or on the road. Existing customers with valid support contracts can find this new version on the software download center.

Cisco Exam Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Guides
Cisco Meeting Server Web App – Feature List Comparison

Tuesday, 4 August 2020

Renown Health: Supporting patients during a global crisis

Cisco Exam Prep, Cisco Prep, Cisco Learning, Cisco Tutorial and Material, Cisco Learning

Last week you read about Reno, Nevada’s Renown Health’s recent upgrade to Cisco Catalyst products including switches, access points, and controllers. When I spoke with Dustin Metteer, IT Manager at Renown Health, he also explained that they’ve developed new safety protocols for COVID-19 and have built out tented testing centers and new field hospitals to support a potential influx of patients from across the state.

No visitors, no problem: filling the gap with technology


With strict protocols to ensure the safety of all in its facilities, no visitors are allowed at Renown Healthcare hospitals. Patients are often quarantined by themselves for extended periods of time and can get lonely. To help combat this loneliness, the hospital purchased hundreds of Apple iPads and handed them out to different departments to allow patients to communicate with their families.

Something I didn’t discuss with Dustin, as it didn’t make any difference in their decision to offer this gesture of kindness, is Cisco’s wireless partnership with Apple. Cisco and Apple have partnered to provide a better overall wireless experience to end users and IT managers, and this equates to better connectivity for users and improved troubleshooting data for engineers to solve issues faster. A win for all.

Standing up testing sites and field hospitals


For hospitals across the world, COVID-19 has meant preparing for a worst-case scenario should they move beyond capacity. To provide safe testing away from the main hospital building, Renown Health started with a single parking lot tent testing site. To connect the tent to the hospital network and its applications, Dustin and team ran a fiberoptic cable out to the tent, plugged in a Cisco Catalyst 9300 UPOE+ switch and instantaneously had connectivity and 90 watts of power per port for Cisco IP phones, Cisco access points, and a handful of desktop computers, with room to add more. This has now been replicated multiple times as needed across their other hospitals and urgent care facilities in the system.

The Big Ask


Following the initial rollout of tented testing centers, Dustin received a call about building out a temporary field hospital.  As Dustin explains, “We got a big ask, they wanted us to convert our parking garages into field hospitals.” This ask included designing a network for a facility that could house up to 2100 beds to care for those infected with COVID. If you’re familiar with a modern hospital room, you know they include lots of connected devices for monitoring, alerting, and communicating with staff. To support this need, the final design consisted of Cisco POE switches, Cisco access points and wireless controllers, and Cisco IP phones. The deadline: two weeks.

With not much time to make this happen, Dustin pulled together some spare equipment, mapped out and designed the network, and worked tirelessly to get the hardware deployed, software updated, and all his policies set. He had 14 days but completed the task in just 10. And while Dustin was working on the network side of things, he didn’t forget to give a shout out to the construction crew and electricians, and especially the Army Corps of Engineers. “They wrapped the entire garage, inflated it, brought in HVAC, all kinds of stuff, just great work.”

Repurposing old equipment gets the job done


The network that Dustin deployed in the parking garage includes five Cisco Catalyst 9300 UPOE+ switches and 30 Cisco Aironet 3702 access points. Giving a nod to his appreciation for the latest gear, Dustin says, “We had to use what was available quickly. I would’ve like to have used the Catalyst 9120 AP’s but we had to make do with what we had.”

Because Renown had recently gone through a refresh at several of their hospitals, they had equipment on hand that was already spun and ready to go. This made the job go a lot smoother and reduced network equipment expenses for the field hospital.

Renown is continuing to support COVID patients and as the disease ebbs and flows, the hospital will adjust its facilities and do its best to make space available to care for its patients across the state. This might include adding new field hospitals, testing sites, and other areas to support patients and staff during the pandemic.

Soapbox time


In closing, I’d like to say that I can’t wait for this horrible disease to be done and over with so we can all get back to our regular lives. That said, I find the work we do together as humans inspiring, especially when we work together for the betterment of mankind. Hearing Dustin’s story gives me hope: to hear what’s possible, to hear that a parking garage can be converted into a fully functioning hospital in less than two weeks, to know we will get past this pandemic and that technology will help play a major role. I’m an optimist, I’m also logical, and I know that it will take a lot of work, dedication, and an enduring effort to get us back to where we once were.

Source: cisco.com