IT Security Refresh: More Practical Tips for a Good Foundation (Part 2)
A number of NetCraftsmen attended Cisco Live 2017 in Las Vegas this past June. While there was a lot to take in for all attendees, a few highlights from the NetCraftsmen attendees are below.
Intuitive intent-based networking automation was the big Cisco announcement at Cisco Live 2017. There are several key aspects (in my own words):
This is ambitious, and it also means Cisco will be putting a lot of resources and energy into making this vision work — and has enough of it built to plan to ship it late this fall.
If there’s one takeaway from this year’s CL2017, it’s that my interest is Sparked.
For the better part of three years, Cisco has been heavily pushing Spark as the future of enterprise collaboration. From various account teams proselytizing the solution to straight-up guerrilla marketing at tech conferences, Cisco continues to market Spark as the face of its cloud-first strategy. While it’s not hard to see the utility of Spark as an app, it is nothing short of a challenge to navigate our customers through the seemingly disjointed suite of “unified” communications, let alone convince them that Spark is just one more “killer app” to unleash on their users.
Thanks to this year’s Cisco Live event, I believe Cisco has finally made a business case for Spark. Spark is not merely a collaboration app; it’s a collaboration platform — a platform that relies heavily on API-based development, for sure, but a platform that can be leveraged by so much as a programming novice. Two days before the official start of the conference, a DevNet Express deep dive session had a room full of engineers (most of whom had never written a single line of Python) accessing the Spark API and writing simple BOTS. In my next blog post, I hope to relay to our audience not only that Spark can be of significant use, but that also it would not take an army of developers to make it work.
One of my goals for attending Cisco Live was to explore Cisco’s security technology offerings and to meet with vendors that have solutions for IoT deployment and security. Based on a technical session on Firepower Threat Defense (FTD) that I attended, my conclusion is that Cisco finally slowly playing catch-up with other next-generation firewall (NGFW)/unified threat management (UTM) vendors, but there is still a lot to catch up on in this category. The revamp of Cisco’s security appliance user interface and bundling of UTM features as suite of applications makes it easier to convince current customers (who have implemented other vendors in this category in their environment) that the Cisco security appliance with its bundled application suite can provide the same features and a similar look and feel.
There is still a lot of work to be done in the IoT environment. Vendors and Cisco seem to be working hard on providing solutions for IoT implementation as primary and security as secondary. Looks like IoT, as with other emerging technology, has put IPv6 deployment on the back burner for a lot companies.
In his Cisco Live 2017 keynote, Chuck Robbins, CEO of Cisco Systems, said they are working to reduce network complexity. What he really meant to say is that they are working to reduce the complexity of the network interface we use on a daily basis. In order to gain efficiencies in the network, we have to increase its complexity, just as the complexity of automobile engines has increased as their efficiency has increased. The additional complexity will be hidden by new, simple abstractions.
Cisco announced a new offering called Encrypted Traffic Analytics (ETA). ETA is new way of identifying malware that is trying to hide from detection by using encrypted communications. This includes most recent malware, and the technique has been growing in effectiveness as the fraction of encrypted traffic across the enterprise continues to grow. ETA works by looking at connection metadata that is available without decrypting the traffic, such as TLS handshaking, inter-packet timing, etc. I spend a lot of time with Stealthwatch now, and I hope to be able to get hands-on with ETA in the near future.
Various forms of traffic pattern analysis have been around (and useful) for years, but even Cisco’s critics seem to recognize that this is a step forward because of the increased visibility that comes from building traffic metadata extraction natively into the network (see “Why it’s okay to be underwhelmed by Cisco ETA” by Vectra). Competition in this space is fundamentally good for customers because vendors will strive to add more value and better differentiate themselves. I expect that the increased visibility made possible by building better telemetry sources into the network will become a requirement for security-conscious organizations in the coming years. Cisco is uniquely well-positioned to move quickly in this space by applying machine learning to the Big Data that will rapidly become available as this is deployed across its customer base. I hope that this offering will be bundled into CIsco’s Security Enterprise License Agreements (ELAs) and be able to live up to the hype surrounding it, which claims a high detection rate and a low false positive rate. For more background on ETA, check out Cisco’s Encrypted Traffic Analytics white paper.
The IT Management (ITM) track at Cisco Live was focused more on organizational transformation, and there were several things I found compelling that I want to learn more about — in particular, the concept of digitizing the employee (or customer) experience and workspace transformation.
Airbnb’s “ITX” (IT Experiences) story is of particular interest. The company adopted an initiative to create amazing network and collaboration services on a global scale. The goal is to create an IT infrastructure that delivers services that can be easily consumed by employees, partners, and customers. Moreover, consumers can easily select which services they use and how they use them. So, my interest in the near future is to read up on more digitization examples (such as Airbnb and Cisco’s own internal Digitization Journey) to determine if/how NetCraftsmen can offer a service to help organizations down that road.
Like any trade show, there is a lot of glitz and corny slogans, and the theme of Cisco Live 2017 was “Calling all Superheroes” (which explained the capes)! However, hidden in the corny slogan was an emphasis on IT as a whole. This was remarkably different from the beginning or even a decade ago when Cisco represented the underlay and was just viewed as a network plumber. The CEO set the tone in the first keynote that Cisco is at the epicenter of our connected age, and new paradigms and methodologies are needed to reach the scale that will be required. He also established a vision on the necessity of integrating security across this connected fabric. When I pressed technologists on intent-based routing and the security-focused future I often heard, “Not today, but….” So, you could conclude some of this is vaporware, but the impression I got was that it is establishing a vision for Cisco to work toward. If they can do it, the next 10 years will be big for Cisco. However, as NetCraftsmen, we will need to be cognizant of the practical reality of today’s products as roadmaps develop toward their version of the future.
The DevNet zone at this year’s Cisco Live showcased the work being done to save the bees and unveiled a way for all of us to work together to benefit folks in the U.S., through the Opportunity Project. The Opportunity Project is facilitated by a team at the U.S. Department of Commerce. The goal is “unleashing the power of data and technology to expand economic opportunity in communities nationwide.” You can sign up to be part of virtual group that focuses on a specific project. Today, those projects are:
Each project typically involves a 12-week development sprint where volunteers will collaborate with a virtual team to design and build a tool or solution that leverages public Federal data to help with some aspect of the problem you’re working on. They are looking for developers, designers, and engineers to team up with others and with policy and user experts. You can get more information or volunteer at the web link above, and find some of the tools already built through the Opportunity Project here.
During Cisco Live 2017, Cisco made promises of significant changes to its security portfolio, including many feature enhancements for its next generation firewall (NGFW) platform, Firepower Threat Defense (FTD). The new features will be released first, in unison with the new 2100 series appliances, which will be the first platform to run the 6.2.1 code. The 6.2.2 code will be a general release, unifying the feature set across all FTD hardware platforms.
While most of these enhancements will be check-box enabled via the GUI, some of them are so nascent, they will have to be enabled via FlexConfig, which is Cisco’s CLI only enablement system. The FTD product line has been languishing in the desert of half-hearted functionality for quite some time now. And for those of us long comfortable with the stability and consistency of the classic ASA architecture, the idea of migrating to Cisco NGFW platform just has not been, well, exciting — until now. Read my full blog post to discover my top 10 reasons why I’m (finally) excited about Cisco’s NGFW platform, Firepower Threat Defense.
My most significant event at this year’s Cisco Live was a collection of moments meeting and networking with people. I really enjoyed renewing old friendships and meeting folks in person that had read my blog posts or NetCraftsmen blog posts, or had interacted with me and our company on Twitter. I made a point to introduce myself to new people at all meals, and was able to make connections with people from all over the world (including Switzerland, France, Brazil, and South Africa).
At a vendor party on Monday night, I was listening to some new friends talk about a recurring network meltdown problem that they and TAC could not resolve over weeks of troubleshooting. After a bit of dialog, I suggested a probable root issue and provided them a sketch on the back of my business card on where to look. By Tuesday I heard that they indeed had the configuration issue I guessed, and were delighted to know a next step they should take to resolve their network meltdown. It is moments like that that really make Cisco Live significant to me.
IT Security Refresh: More Practical Tips for a Good Foundation (Part 2)
New Nexus 9K Items
Nick has over 20 years of experience in Security Operations and Security Sales. He is an avid student of cybersecurity and regularly engages with the Infosec community at events like BSides, RVASec, Derbycon and more. The son of an FBI forensics director, Nick holds a B.S. in Criminal Justice and is one of Cisco’s Fire Jumper Elite members. When he’s not working, he writes cyberpunk and punches aliens on his Playstation.
Virgilio “Bong” has sixteen years of professional experience in IT industry from academe, technical and customer support, pre-sales, post sales, project management, training and enablement. He has worked in Cisco Technical Assistance Center (TAC) as a member of the WAN and LAN Switching team. Bong now works for Tech Data as the Field Solutions Architect with a focus on Cisco Security and holds a few Cisco certifications including Fire Jumper Elite.
John is our CTO and the practice lead for a talented team of consultants focused on designing and delivering scalable and secure infrastructure solutions to customers across multiple industry verticals and technologies. Previously he has held several positions including Executive Director/Chief Architect for Global Network Services at JPMorgan Chase. In that capacity, he led a team managing network architecture and services. Prior to his role at JPMorgan Chase, John was a Distinguished Engineer at Cisco working across a number of verticals including Higher Education, Finance, Retail, Government, and Health Care.
He is an expert in working with groups to identify business needs, and align technology strategies to enable business strategies, building in agility and scalability to allow for future changes. John is experienced in the architecture and design of highly available, secure, network infrastructure and data centers, and has worked on projects worldwide. He has worked in both the business and regulatory environments for the design and deployment of complex IT infrastructures.