These are the slides used in the Live Webinar August 3, 2016 at 10:00 am Pacific Time / 1:00 pm Eastern Time. You can listen/watch the replay of that show at techwisetv.com. Just click on 'workshops.' The TechWiseTV Episode is also on that site or on YouTube at https://youtu.be/zZHRLsaKD3U
Demos to checkout:
ISE Streamlined Visibility: https://communities.cisco.com/videos/15260
ISE Context Visibility: https://communities.cisco.com/videos/15264
ISE EasyConnect: https://communities.cisco.com/videos/15285
ISE Threat-centric NAC (AMP): https://communities.cisco.com/videos/15269
ISE Threat-centric NAC (Qualys): https://communities.cisco.com/videos/15270
TechWiseTV Workshop: Cisco Stealthwatch and ISERobb Boyd
Replay the live event: http://cs.co/90008z2Ar
Learn how your existing Cisco network can help you to know exactly who is doing what on the network with end-to-end visibility, differentiate anomalies from normal behavior with contextual threat intelligence and stop threats and mitigate risk with one-click containment of users and devices.
It’s time for the network to protect itself. Please make time for this important workshop.
Resources:
Watch the Cisco Stealthwatch and ISE full episode: http://cs.co/90008z24M
Network as a Sensor-Enforcer on CCO:
http://www.cisco.com/c/en/us/solutions/enterprise-networks/enterprise-network-security/net-sensor.html
Cisco ISE Community
http://cs.co/ise-community
Replay the Live Event: http://cs.co/90068G6ln
Get an inside look at how Stealthwatch Learning Network License can transform your branch network router into a powerful security sensor and enforcer: one capable of quickly detecting threat activity and mitigating attacks, with little to no hands-on management needed.
Don’t miss this opportunity to hear from our security experts.
See the Stealthwatch Learning Network License TechWiseTV Episode: http://cs.co/90048G6WY
Cisco Network Insider: Three Ways to Secure your NetworkRobb Boyd
These are the slides from our Tuesday Jun 14, 2016 webinar featuring three building block technologies for quickly adding a ton of value to your security efforts.
Watch the Replay: http://bit.ly/1UhUZ1J
We covered:
- Identity Services Engine (ISE)- visibility and control…along with a solid set of sharing capabilities. Using ISE you can see the device types and control access to the network – and share what they see with Stealthwatch.
- Stealthwatch - Visibility with even more network elements…work in conjunction with ISE but adds behavioral analysis Using Stealthwatch you can see the behaviors of the devices and determine if they are infected with malware or ransomware – and then use the network to take action to contain from a single screen.
- Cisco Defense Orchestrator (CDO) - Cloud platform that analyzes security policy configurations for Cisco ASA Firewalls and OpenDNS. It identifies and resolves policy inconsistencies, models policy changes to validate their impact, and orchestrates policy changes to achieve consistency and clarity of your security posture.
Watch the TechWiseTV Episode: http://cs.co/9001Bvqpz
Watch the workshop replay: http://bit.ly/2bAsxby
See how the latest evolution of Cisco TrustSec helps protect critical assets by extending and enforcing policies anywhere in your network. Go in-depth with how Cisco TrustSec simplifies your network security with software-defined segmentation.
TechWiseTV Workshop: Cisco Stealthwatch and ISERobb Boyd
Replay the live event: http://cs.co/90008z2Ar
Learn how your existing Cisco network can help you to know exactly who is doing what on the network with end-to-end visibility, differentiate anomalies from normal behavior with contextual threat intelligence and stop threats and mitigate risk with one-click containment of users and devices.
It’s time for the network to protect itself. Please make time for this important workshop.
Resources:
Watch the Cisco Stealthwatch and ISE full episode: http://cs.co/90008z24M
Network as a Sensor-Enforcer on CCO:
http://www.cisco.com/c/en/us/solutions/enterprise-networks/enterprise-network-security/net-sensor.html
Cisco ISE Community
http://cs.co/ise-community
Replay the Live Event: http://cs.co/90068G6ln
Get an inside look at how Stealthwatch Learning Network License can transform your branch network router into a powerful security sensor and enforcer: one capable of quickly detecting threat activity and mitigating attacks, with little to no hands-on management needed.
Don’t miss this opportunity to hear from our security experts.
See the Stealthwatch Learning Network License TechWiseTV Episode: http://cs.co/90048G6WY
Cisco Network Insider: Three Ways to Secure your NetworkRobb Boyd
These are the slides from our Tuesday Jun 14, 2016 webinar featuring three building block technologies for quickly adding a ton of value to your security efforts.
Watch the Replay: http://bit.ly/1UhUZ1J
We covered:
- Identity Services Engine (ISE)- visibility and control…along with a solid set of sharing capabilities. Using ISE you can see the device types and control access to the network – and share what they see with Stealthwatch.
- Stealthwatch - Visibility with even more network elements…work in conjunction with ISE but adds behavioral analysis Using Stealthwatch you can see the behaviors of the devices and determine if they are infected with malware or ransomware – and then use the network to take action to contain from a single screen.
- Cisco Defense Orchestrator (CDO) - Cloud platform that analyzes security policy configurations for Cisco ASA Firewalls and OpenDNS. It identifies and resolves policy inconsistencies, models policy changes to validate their impact, and orchestrates policy changes to achieve consistency and clarity of your security posture.
Watch the TechWiseTV Episode: http://cs.co/9001Bvqpz
Watch the workshop replay: http://bit.ly/2bAsxby
See how the latest evolution of Cisco TrustSec helps protect critical assets by extending and enforcing policies anywhere in your network. Go in-depth with how Cisco TrustSec simplifies your network security with software-defined segmentation.
This session explains how the combination of IEEE 802.1AE (data link encryption) with the power of Session Group Tags achieves trusted security in a network. It covers the protocols details as well as use case and more importantly how CTS can be deployed in a network. This session is targeted mainly to enterprise customers.
Threats have never been more relevant than they are today. Nation states, adversaries, corporate and government espionage, hackers, etc. are all on the hunt for valuable information. The information they seek includes enterprise and individual details. Networks are only as secure as their weakest components. With the hyper-growth in connected devices including smart phones, tablets, wearables and Internet of Things (IoT) devices, networks are very vulnerable.
Replay the Live Event: http://cs.co/90098Be7h
See firsthand how Cisco Tetration Analytics uses unsupervised machine learning and behavior analysis, along with advanced algorithmic approaches, to provide unprecedented insight into IT infrastructure.
Don’t miss this chance to get an up-close look at the analytics platform that lets you see and know exactly what’s happening in any application, any flow, anywhere in your data center—all in a matter of seconds.
See the Tetration Analytics TechWiseTV Episode: http://cs.co/90048BefC
Cisco Trustsec & Security Group TaggingCisco Canada
This presentation covers the protocols and functions that create a trusted network. We will discuss the best practices when deploying this tagging ability using campus switches including migration techniques from non-SGT capable to devices to a fully SGT capable network deployment. For more information please visit our website here: http://www.cisco.com/web/CA/index.html
TechWiseTV Workshop: OpenDNS and AnyConnectRobb Boyd
Join this in-depth look and detailed demonstration of the OpenDNS Umbrella integration with AnyConnect and how it really can stop most threats before they become serious problems, protecting users anywhere they go, even when the VPN is off.
Watch the workshop replay: http://bit.ly/2bPT1ax
Watch the Video: http://bit.ly/2c60obv
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentCryptzone
Managing tightly-controlled user access in AWS is complex. And complexity leads to errors and sloppiness. There are six main reasons why this operational complexity is the biggest security threat to your AWS Environment. Paul Campaniello at Cryptzone discusses in this eBook.
Your network holds the key to defending your organization. The Cisco switches, routers, and wireless solutions you deploy can complement and empower your security systems. Cisco provides a broad portfolio of capabilities to improve your defenses across the entire attack continuum. This presentation outlines how you can use your network as a sensor to protect your data, your customers, and your reputation.
Register to Watch Webcast: http://cs.co/9003CRsH
Join the Conversation: http://cs.co/9008CRt6
The Software-Defined Perimeter: Securing Network Access for the Modern WorkforcePerimeter 81
With the rise of cloud computing, Wi-Fi hotspots and the mobile workforce, the way we work has fundamentally changed. The complex, hardware-based and distributed legacy VPN technology of the past, is no longer relevant for today. Luckily, the emergence of cloud-based VPN and software-defined perimeter technology offers businesses the ability to protect critical company resources—based on-premise and in the cloud—in a simple and seamless way.
This session explains how the combination of IEEE 802.1AE (data link encryption) with the power of Session Group Tags achieves trusted security in a network. It covers the protocols details as well as use case and more importantly how CTS can be deployed in a network. This session is targeted mainly to enterprise customers.
Threats have never been more relevant than they are today. Nation states, adversaries, corporate and government espionage, hackers, etc. are all on the hunt for valuable information. The information they seek includes enterprise and individual details. Networks are only as secure as their weakest components. With the hyper-growth in connected devices including smart phones, tablets, wearables and Internet of Things (IoT) devices, networks are very vulnerable.
Replay the Live Event: http://cs.co/90098Be7h
See firsthand how Cisco Tetration Analytics uses unsupervised machine learning and behavior analysis, along with advanced algorithmic approaches, to provide unprecedented insight into IT infrastructure.
Don’t miss this chance to get an up-close look at the analytics platform that lets you see and know exactly what’s happening in any application, any flow, anywhere in your data center—all in a matter of seconds.
See the Tetration Analytics TechWiseTV Episode: http://cs.co/90048BefC
Cisco Trustsec & Security Group TaggingCisco Canada
This presentation covers the protocols and functions that create a trusted network. We will discuss the best practices when deploying this tagging ability using campus switches including migration techniques from non-SGT capable to devices to a fully SGT capable network deployment. For more information please visit our website here: http://www.cisco.com/web/CA/index.html
TechWiseTV Workshop: OpenDNS and AnyConnectRobb Boyd
Join this in-depth look and detailed demonstration of the OpenDNS Umbrella integration with AnyConnect and how it really can stop most threats before they become serious problems, protecting users anywhere they go, even when the VPN is off.
Watch the workshop replay: http://bit.ly/2bPT1ax
Watch the Video: http://bit.ly/2c60obv
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentCryptzone
Managing tightly-controlled user access in AWS is complex. And complexity leads to errors and sloppiness. There are six main reasons why this operational complexity is the biggest security threat to your AWS Environment. Paul Campaniello at Cryptzone discusses in this eBook.
Your network holds the key to defending your organization. The Cisco switches, routers, and wireless solutions you deploy can complement and empower your security systems. Cisco provides a broad portfolio of capabilities to improve your defenses across the entire attack continuum. This presentation outlines how you can use your network as a sensor to protect your data, your customers, and your reputation.
Register to Watch Webcast: http://cs.co/9003CRsH
Join the Conversation: http://cs.co/9008CRt6
The Software-Defined Perimeter: Securing Network Access for the Modern WorkforcePerimeter 81
With the rise of cloud computing, Wi-Fi hotspots and the mobile workforce, the way we work has fundamentally changed. The complex, hardware-based and distributed legacy VPN technology of the past, is no longer relevant for today. Luckily, the emergence of cloud-based VPN and software-defined perimeter technology offers businesses the ability to protect critical company resources—based on-premise and in the cloud—in a simple and seamless way.
Punahou school maintains a secure and open campus with cisco - case studyCisco Mobility
The new solutions in place at Punahou School connect people, processes, data,
and things better than ever. This is the Internet of Everything (IoE). The original
Cisco Wireless network has grown to more than 300 access points. Cisco Unified
Communications solutions, including Cisco Unity® voicemail and Cisco Unified
IP phones are also connected, giving the school complete visibility to a common
platform. Wireless door locks and the accompanying software are connected to
the network, helping the school manage operations more efficiently. The school
can access and manage its photovoltaic sensors, which generate solar power
for the school from the network. Campus lighting and heating, ventilating, and
air conditioning (HVAC) systems connect through a VPN and Cisco firewalls for
secure remote controllability.
Learn more: http://www.cisco.com/web/about/success-stories/docs/punahou-school.html
onePK is an easy-to-use toolkit for development, automation, rapid service creation and more. It enables you to access the valuable data inside your network via easy-to-use APIs.
Build or extend applications across your routers and switches, to servers and new business platforms. Automate current services or create new ones on demand, when and where you need them and faster than ever. onePK makes your network more powerful and flexible while giving you the control you need.
http://ebrahma.com
El sistema de certificaciones de Cisco SystemsEducática
Presentación gráfica y sintética, no exhaustiva, del sistema de certificaciones de Cisco Systems, sus pre-requisitos y el esquema de recertificaciones.
Sugiero que en todos los casos complete la información y la actualice ingresando al sitio oficial de Cisco: www.cisco.com/go/certificationes
Presentación Guía Preparación CCNA R&S 200-120 versión 5.1Educática
Power Point utilizado en la presentación de la versión 5.1 de la Guía de Preparación para el examen de certificación CCNA R&S 200-120 de Oscar Gerometta.
Para mayor información consultar en: http://librosnetworking.blogspot.com.ar/2015/01/guia-de-preparacion-ccna-r-200-120-v51.html
Internet of Everything Case Study: Punahou SchoolCisco Mobility
Maintaining a Highly Secure and Open Campus
Honolulu-based Punahou School is the largest coeducational, independent K-12 school on a single campus in the United States.
Challenge
- Continue to extend and enhance safety on campus
- Expand deployment of IP video security cameras while improving coverage and image quality
- Continue public use of the campus without compromising safety
Solution
- Cisco Connected Safety and Security Solutions
- Video surveillance software on Cisco Unified Computing System (UCS)
- Solutions built on the existing Cisco switched and wireless networks
Outcome
- Improved communication, safety, and emergency response
- Improved processes, operational efficiency, and access to data through the Internet of Everything
- Retained the accessibility and openness of the campus while simultaneously enhancing breadth and depth of security measures
Learn more: http://www.cisco.com/web/about/success-stories/docs/punahou-school.html
Are you facing some, or all, of these challenges?
-Host Mobility (w/o stretching VLANs)
-Network Segmentation (w/o implementing MPLS)
-Roles-based Access Control (w/o end-to-end TrustSec)
-Common Policy for Wired and Wireless (w/o multiple tools)
Using Cisco technologies already available today, you can overcome these challenges and build an evolved Campus network to better meet your business objectives.
Gartner report on Cisco TrustSec assessing technical components, interoperability considerations, Cisco’s progress in implementing support across product lines and customer deployment experiences.
Enterprise-Grade Trust: Collaboration Without CompromiseRobb Boyd
In today’s agile work environment, customers need to collaborate in real time with partners, vendors, and customers, and they want the best collaboration tools possible. At the same time, they’re cognisant of potential accidental or intentional misuse of data and malicious attacks – and the ramifications they can have for their company’s finances and reputation.
Cisco provides best-in-class collaboration tools with true end-to-end encryption that enable secure cross-company collaboration. Find out more about the six considerations for collaboration security and the new Cisco Webex Extended Security Pack – which provides a full-functionality Cisco Cloudlock cloud access security broker for Webex Teams with native Webex anti-malware capabilities powered by Cisco Talos ClamAV.
Resources:
TechWiseTV: http://cs.co/9009DzrjN
TechWiseTV Workshop - Q&A - Cisco Catalyst 9600: Deep Dive and Design Conside...Robb Boyd
Cisco Catalyst 9600 Series Switches are the next-generation purpose-built 40/100G modular core/aggregation platform, providing resiliency at scale with the industry’s most comprehensive security while allowing the business to grow at a low total operational cost.
The Cisco Catalyst 9606R is a 6-slot 8RU chassis ready to support a wired switching capacity of up to 25.6 Tbps, with up to 6.4 Tbps of bandwidth per slot. Some salient features of the Cisco Catalyst 9606R chassis are:
- Supports a nonblocking 40/100G Quad Small Form-Factor Pluggable (QSFP+, QSFP28) line card
- Supports a line-rate 1/10/25G SFP and Enhanced SFP (SFP, SFP+, SFP28) line card
- Optimized for the enterprise with efficient side-to-side airflow
- Front accessibility for all removable components, such as the supervisor, line cards, power supply, and fan tray
- Dual accessible fan tray for easy removal
- Embedded RFID tag for easy asset tracking
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design ConsiderationsRobb Boyd
Cisco Catalyst 9600 Series Switches are the next-generation purpose-built 40/100G modular core/aggregation platform, providing resiliency at scale with the industry’s most comprehensive security while allowing the business to grow at a low total operational cost.
The Cisco Catalyst 9606R is a 6-slot 8RU chassis ready to support a wired switching capacity of up to 25.6 Tbps, with up to 6.4 Tbps of bandwidth per slot. Some salient features of the Cisco Catalyst 9606R chassis are:
- Supports a nonblocking 40/100G Quad Small Form-Factor Pluggable (QSFP+, QSFP28) line card
- Supports a line-rate 1/10/25G SFP and Enhanced SFP (SFP, SFP+, SFP28) line card
- Optimized for the enterprise with efficient side-to-side airflow
- Front accessibility for all removable components, such as the supervisor, line cards, power supply, and fan tray
- Dual accessible fan tray for easy removal
- Embedded RFID tag for easy asset tracking
Resources:
TechWiseTV: http://cs.co/9009DzrjN
With users expecting an immersive experience, and with IoT becoming the new mobile, we are more dependent on Wi-Fi than ever before. The Cisco Catalyst 9100 Access Points, powered by Wi-Fi 6 (802.11ax) technology and supporting Cisco’s intent-based networking architecture, are ready for the growing user expectations, IoT devices, and next-generation cloud-driven applications. Cisco’s first Wi-Fi 6 access point can handle the increased mobile traffic as well as support IoT at scale. It has superior RF innovations and will expand wireless access with intelligence to provide a secure, reliable, high-quality wireless experience for all networks.
TechWiseTV Workshop - Q&A - Application Hosting on the Cisco Catalyst 9000 Sw...Robb Boyd
Enterprise networks are now dealing with massive volumes of data, with a critical need to collect and analyze this data to respond faster and deliver insightful context. Traditional approaches, in which data is processed in remote servers, will no longer work. Data can burden the network unless some context is known. Edge computing can greatly reduce the data sent to the cloud or a remote server. Collecting and analyzing the data at the edge and making decisions locally rather than in centralized servers significantly reduces the latency and bandwidth of the network.
Powered by an x86 CPU, the application hosting solution on the Cisco Catalyst 9000 switching family provides the intelligence required at the edge. Native Docker engine support on the switches will enable users to build and bring their own applications without additional packaging. Cisco DNA Center will provide consistent workflows to manage the entire application lifecycle across multiple Cisco Catalyst 9000 switches through the App Hosting dashboard.
With users expecting an immersive experience, and with IoT becoming the new mobile, we are more dependent on Wi-Fi than ever before. The Cisco Catalyst 9100 Access Points, powered by Wi-Fi 6 (802.11ax) technology and supporting Cisco’s intent-based networking architecture, are ready for the growing user expectations, IoT devices, and next-generation cloud-driven applications. Cisco’s first Wi-Fi 6 access point can handle the increased mobile traffic as well as support IoT at scale. It has superior RF innovations and will expand wireless access with intelligence to provide a secure, reliable, high-quality wireless experience for all networks.
Resources:
Watch the related TechWiseTV episode: http://cs.co/9006ELWE6
TechWiseTV: http://cs.co/9009DzrjN
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series SwitchesRobb Boyd
Watch the REPLAY right now: http://bit.ly/2YoLbt3
Enterprise networks are now dealing with massive volumes of data, with a critical need to collect and analyze this data to respond faster and deliver insightful context. Traditional approaches, in which data is processed in remote servers, will no longer work. Data can burden the network unless some context is known. Edge computing can greatly reduce the data sent to the cloud or a remote server. Collecting and analyzing the data at the edge and making decisions locally rather than in centralized servers significantly reduces the latency and bandwidth of the network.
Powered by an x86 CPU, the application hosting solution on the Cisco Catalyst 9000 switching family provides the intelligence required at the edge. Native Docker engine support on the switches will enable users to build and bring their own applications without additional packaging. Cisco DNA Center will provide consistent workflows to manage the entire application lifecycle across multiple Cisco Catalyst 9000 switches through the App Hosting dashboard.
Resources:
Watch the related TechWiseTV episode: http://cs.co/9001EIbih
TechWiseTV: http://cs.co/9009DzrjN
Today’s WAN is a messy place. Users are more distributed. Internet of Things (IoT) devices want to connect. Applications are moving from the data center to the cloud. And not just one cloud, but multiple clouds. More businesses have realized that their traditional WAN architecture has become an impediment to achieving successful digital transformations. As organizations rearchitect their networks to enable software-defined WAN, they need consistent security across branches, clouds, and users.
That’s where Cisco SD-WAN Security comes in. As a leader in both SD-WAN and network security, Cisco integrates a full security stack and highly secure SD-WAN fabric to protect branch users, connected devices, and application usage at all direct Internet access breakouts and all traffic across the WAN. Cisco SD-WAN Security delivers four new layers of protection:
• Enterprise firewall with AppAware
• Intrusion prevention
• URL filtering
• Advanced Malware Protection along with cloud sandbox capabilities with Threat Grid
• DNS/web layer security
To learn more about SD-WAN Security and to see a demo, join Robb Boyd and Cisco product experts for this special TechWiseTV Live episode.
Technical Overview of Cisco Catalyst 9200 Series SwitchesRobb Boyd
TechWiseTV's Cisco Container Platform live workshop took place on July 18th.
For the first time in the industry, a single family of fixed, stackable, and modular switches are running on the same IOS-XE operating system along with a common ASIC.
Cisco’s Catalyst 9200 rounds out the lower end of its incredible Catalyst 9000 family of switches. The 9200 is designed for small, medium, and branch deployments, providing greater modularity, redundancy, and stackability than the Catalyst 2960 it replaces.
Register now.
TechWiseTV's Cisco Container Platform live workshop took place on July 17th. Explore new features of the Cisco Container Platform that make deploying and managing clusters more secure, versatile, and intuitive than ever before. This way, you can focus on running applications, not the underlying infrastructure.
Register now.
TechWiseTV Workshop: Improving Performance and Agility with Cisco HyperFlexRobb Boyd
Find out how organizations like yours are deriving business value from the HyperFlex HCI solution. Join us for a deep dive and Q&A at the TechWiseTV workshop.
TechWiseTV Hyperflex 4.0 Episode: http://cs.co/9009EW2Td
Today’s multicloud WAN environment is not only complicated–it can expose your business to an ever–expanding threat landscape. Learn how to provide consistent security across clouds, branches, and users. http://bit.ly/2DWBBX8
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless ControllerRobb Boyd
A new addition to the Catalyst 9000 family, the Cisco Catalyst 9800 Series Wireless Controllers are the next generation of controllers that bridge Cisco’s intent-based networking portfolio. Powered by the Cisco IOS XE operating system, the 9800 Series Wireless Controllers are always on, secure, and can be deployed anywhere.
Software updates with no disruptions and rolling access point upgrades completely change the definition of “always on.” “Secure” translates to increased threat detections in encrypted traffic and automated macro and micro segmentation. Finally, the ability to deploy in either a private or public cloud promises you the freedom that no other controller currently offers.
In this session we’ll cover the following aspects of Catalyst 9800:
Overview of the Cisco Catalyst 9800 Series Wireless Controller and its features and functionalities
Cisco Catalyst 9800 security, always-on functionality, and the ability to be deployed anywhere, and why these features create a stronger, more efficient wireless network
How the new 9800 controllers fit into the Cisco Catalyst family
Q&A
Protect Kubernetes Environments with Cisco Stealthwatch CloudRobb Boyd
TechWiseTV Workshop airing live on Wednesday Feb 13, 2019. Catch the replay (and more) at www.techwisetv.com
Description:
Kubernetes is the go-to orchestration solution for automating and scaling a container deployment, be it on premises or in the public cloud. While Kubernetes helps organizations reduce costs and become more agile, it can be difficult to gain east-west visibility into network traffic within containers. This creates visibility gaps that threats could use to avoid detection
Cisco Stealthwatch Cloud provides visibility, analytics, threat detection, and policy monitoring within containers, pods, and nodes. It easily integrates with Kubernetes deployments on premises, in private clouds, or in a public cloud, including Amazon Web Services (AWS), Google Cloud Platform, and Microsoft Azure.
Stealthwatch Cloud provides an unprecedented level of access into inter-pod and intra-pod communications with your distributed containerized applications.
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIsRobb Boyd
Learn more on getting hands-on with Cisco DNA Center Platform APIs. Join us as we go over the brand new DNA Center Platform and show you how to start integrating and developing your own applications on DNA Center. The possibilities are endless!
Watch the replay: http://cs.co/9000DCie4
In today’s digital economy, getting ahead means crunching a lot of data. That’s why businesses of all sizes and industries are investing in high-performance computing. However, the last thing IT needs is another tech silo to manage.
Fortunately, the new Cisco UCS C4200 Series chassis and C125 M5 server node help you scale out compute-intensive workloads with ease—with the network fabric you already have. This TechWiseTV Workshop will get you up to speed fast.
Resources:
Watch the related TechWiseTV episode: http://cs.co/9006DAVPC
TechWiseTV: http://cs.co/9009DzrjN
Watch the replay: http://cs.co/9000DCie4
In today’s digital economy, getting ahead means crunching a lot of data. That’s why businesses of all sizes and industries are investing in high-performance computing. However, the last thing IT needs is another tech silo to manage.
Fortunately, the new Cisco UCS C4200 Series chassis and C125 M5 server node help you scale out compute-intensive workloads with ease—with the network fabric you already have. This TechWiseTV Workshop will get you up to speed fast.
Resources:
Watch the related TechWiseTV episode: http://cs.co/9006DAVPC
TechWiseTV: http://cs.co/9009DzrjN
The fourth-generation Cisco ASR 9000 Aggregation Services Routers series is our best yet. Not only does it sport high-density, 100-GE-port line cards; it also offers a flexible, pay-as-you-grow consumption model. Service providers can now use only the bandwidth they need and increase it at any time to meet traffic demands.
Learn the business and technical considerations of our latest ASR 9000, including:
• The pay-as-you-grow consumption model commercial terms
• Software license portability and permitting capacity
• Real-life customer case studies
Resources:
Watch the related TechWiseTV episode: http://cs.co/9008Dfyik
TechWiseTV: http://cs.co/9009DzrjN
TechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google CloudRobb Boyd
Cisco and Google Cloud experts join TechWiseTV to demonstrate how you can use the Cisco Hybrid Cloud Platform for Google Cloud as a DevOps platform that works consistently across data center and public cloud environments. You’ll learn how to take advantage of containers, microservices, public cloud toolsets, and other modern cloud development innovations while having the flexibility to deploy your applications wherever they run best.
With integrated connectivity, security, management, and control, your applications will operate consistently from prem to cloud and back again.
Resources:
Watch the replay: http://cs.co/9007DawLd
TechWiseTV: http://cs.co/9009DzrjN
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
This cover slide should be updated with current information and left on screen as people log in.
- Replace ‘Topic’, ‘Guest Speaker’ , ‘Date’
Gain awareness of everything hitting your network
Get more context about your network users than just an IP address: Who is accessing your network, what they are using it for, where users are, how users gain access
ISE provides a more comprehensive set of probes to get contextual awareness needed to profile correctly, giving visibility to user name, time of access, location, device type and access type
ISE can be utilized as the single source to segment and enforce policy across your entire network because it can both share and receive context information from various platforms
Use context to guide access policy decisions. Differentiate which end users can access what, and use information on the device they login with to determine if they can access sensitive material
Provide more context than just an IP address to your network solutions. With over half of employees working outside the office and 75% of employees using multiple devices, ISE’s unsurpassed analytics that drive enhanced device authentication is essential
Know what devices are connecting to your network
Gain granular visibility into what your end users are connecting to your network. See device details such as whether they are corporate or non-corporate assets, mobile or desktop, Android or iOS device, and more
Provide access consistently and efficiently
Deliver appropriate access based upon device, role, location, and other attributes
Use a wide range of access control lists (ACLs) to determine what your various network users can access
Roll out highly secure network access without manually configuring endpoints for authentication and authorization
Utilize pre-configured profile templates and multiple-level guest access to get up-and-running quickly
ISE uses standard RADIUS and TACACS+ protocols for authentication, authorization, and accounting (AAA)
Enforce wired, wireless, and remote policies from a single platform
ISE provides end users with consistent access no matter how they are connected to your network. Policies are seamlessly cascaded across all types of access points
Use dynamic visual tools that offer real-time previews of the portal screens that end users experience
Relieve the stress of complex access management
Manage ISE service on non-Cisco solutions through one central location
ISE provides 802.1x authentication support for Cisco and 3rd Party networking devices
ISE enables advanced use cases for Cisco and 3rd Party networking devices
Maintain up-to-date policies and compliance on all devices with TrustSec
Use access control lists (ACLs) to deliver policy updates to entire segments of users, eliminating manual processes
As a software-defined security controller, ISE provides greater flexibility in policy enforcement and policy-creation from a centralized location
The unified secure access control alleviates tedious access management, enabling compliant devices to access the network regardless of connection type
Enable your end users to onboard their own devices
Alleviate the device-onboarding burden from your IT staff with self-service onboarding. End users are able to register and provision new devices according to the business policies defined by the IT administrators
With ISE 2.1 we are introducing a feature called Easy Connect, which offers a quick, easy, and flexible method for user authentication that applies when endpoints don’t support 802.1x. We understand that 802.1x can be hard to deploy, and requires touching each endpoint. And we understand that users often complain about additional app authentications. We listened to the need for an option that doesn’t require 802.1x roll out and that doesn’t require touching each endpoint. Easy Connect addresses all of those concerns.
Unlike competitors who use a MAC address to give devices network access, Easy Connect permits access to the network with user information behind it. Easy Connect finds devices based on the user, and gives differentiated access with no 802.1x involved. The moment a user authenticates with Easy Connect, ISE maps the user’s identity and pushes a tag to the endpoint to enable policy enforcement, even if the network isn’t configured with TrustSec. ISE can be an SXP speaker that directly points back from the endpoint, enabling tags to be passed along for enforcement so that TrustSec can work with a broad set of devices (e.g. third-party devices like a non-supported access switch). ISE also publishes information using pxGrid.
ISE 2.1 delivers integration of TrustSec and ACI security policy groups, enabling consistent enterprise-wide policies that leveraging user roles and device type together with application context. The complementary group-based policy approaches of TrustSec and ACI vastly simplify security design, operations and compliance. Policy challenges such as compliance and breach prevention are not simply constrained to the datacenter or campus – these are end-to-end challenges. With this new integration, we’re helping customers address these challenges more cohesively and we’re making it easier to do so.
With the integration, TrustSec Security Groups can be used in ACI contracts. External endpoint groups (EPGs) are automatically created in APIC by ISE, and group information is automatically updated by ISE. Similarly, ACI EPGs can be used in enterprise network security policies. Security Group Tags created by ISE automatically describe the assets in ACI, and intelligent application classifications from ACI can be used in TrustSec policies. This avoids moves/adds/changes in the Enterprise security policies.
This integration streamlines many enterprise security objectives. For instance, if a retail bank needs segmentation in the datacenter and at branches to separate PCI-compliant infrastructure, and also wants to provide access to a user group such as auditors, TrustSec-ACI integration enables the bank to do this by using a single set of enterprise-wide groups. The ACI groups take care of the datacenter piece, while the TrustSec groups address the user piece and the bank can rest assured that there is total consistency.
In addition to the campus and branch scenario, TrustSec group-based policies can work together across datacenters, and a TrustSec-enabled datacenter can link to an ACI datacenter.
ISE 2.1 offers greater flexibility in terms of how customers can implement security policy changes when using TrustSec. Specifically, ISE 2.1 introduces new change management capabilities that enable you to stage TrustSec policy changes using a Staging Matrix so that impact can be verified before deployment. You make changes in the staging matrix, test them, edit them and can invoke an approval workflow so that only approved changes can get deployed. Another important new capability is that you can now choose to deploy changes to selected devices. This is useful if you want to make policy changes, but you want to enable them in different locations or datacenters in a controlled way, and don’t want a set of policies activated everywhere at once.
If you are considering TrustSec, these new capabilities mean you can roll out TrustSec across your current IT environment in a methodical, staged way – no need for a “big-bang” roll out approach.
With ISE 2.1, we expanding ISE device administration capabilities to include not only TACACS+ support, but also additional network access device administration functionality.
Before, we controlled user access to the network, meaning ISE could check for guest and employee rights to make sure they were granted the right access. Device administration and TACACS+ is relevant for device administrators themselves, so that you can make sure that network administrators only have access to the network devices, and the security team only has access to the security devices, like firewalls. With ISE, you can enable role-based access control for administrative access, so that administrators have the right access—and the only the right access—to do their job. Plus, ISE offers a device administration workspace, which is a clean, modular, isolated space that doesn’t tie to the other areas of ISE. This provides a contained workspace so that an administrator with a specific role (network administrator, for example) can do authentication, authorization and accounting from a single location, helping them work more efficiently and effectively.
The migration from Cisco Secure ACS to Cisco ISE 2.1 has been made as simple as possible with a built-in tool that automatically migrates ACS configuration data to ISE. However, it will not migrate monitoring and troubleshooting data.
Additional note on RADIUS & TACACS+
ISE has used RADIUS for AAA administration in the past, but with ISE 2.0, we added TACACS+. TACACS+ supports a lot of the same use cases as RADIUS, but TACACS+ is a protocol that wasn’t available at all on ISE, until the ISE 2.0 release. With ISE, you now have RADIUS and TACACS+ in the same interface.
Migration benefits include:
Eliminate complexity and management time with unified policy management
Build richer contextual policies
Discover, identify, and monitor all IP-enabled endpoints
Enforce dynamic access control
Improve your Cisco security and network solutions
Share contextual data on devices and users across platforms with pxGrid
Cisco pxGrid context sharing enables ISE and other platforms to gather more information such as user name, time of access, location of access, device type and type of access and share it with other platforms in your network
ISE collects data from other Cisco network devices in order to update and enhance policy
Strengthen security across your Cisco solutions with shared Security Group Tags (SGTs) from TrustSec
ISE provides better user visibility into context details for many other Cisco security solutions through pxGrid technology. Link WSA, StealthWatch, AnyConnect, or the FireSIGHT Console with ISE to better protect you before, during and after an attack.
Differentiate access automatically based on ISE identity data using TrustSec. Policies created in ISE integrate seamlessly with Cisco networking infrastructure such as routers and switches to automatically segment access
ISE adds to mobile device management (MDM) functionality by providing greater insight into the posture of mobile devices and enforcing appropriate network access policies
Strengthen your non-Cisco security solutions
Standardize policy enforcement on partner platforms via pxGrid
ISE shares user and device details with partner platforms to make them user, device, and network aware and enables enhanced and consistent policy enforcement
ISE collects large amounts of contextual information from a wide variety of partner sources that permit ISE to prevent inappropriate access and detect and minimize the spread of network threats
Help customer IT environments integrate into Cisco networks, decreasing time, effort and cost to responding to security and network events
Enhance 3rd party network devices with ISE capabilities
ISE shares details with, and collects information from non-Cisco devices in order to inform user and device policy and share across your network
ISE provides 802.1x authentication support for 3rd Party networking devices.
ISE enables advanced use cases for 3rd Party networking devices
ISE delivers comprehensive authentication and authorization against multi-forest Microsoft Active Directory domains
Make better decisions with user and device insights
Allocate network resources more effectively with user and device data
Gain user details beyond IP such as user name, login time, location, and access type to analyze network usage. Track users’ network activities, including where they have been, and bandwidth usage to ensure resources are allocated securely and effectively
ISE 2.0 offers enhanced reporting with improved filtering for live log and reports that inform business decisions
Analyze and present context data to justify network upgrade spends
Inform access management with user and device behavioral trends
Utilize network usage reports to refine access policies based on a variety of trends, including device traits, access locations, and more. For example, a hospital can restrict access to patient files to doctors and nurses to only when they are in patient rooms, their office, or the laboratories. A network administrator can also restrict access from iPads with a specific software update that poses a threat to the network
ISE 2.1 now supports dashboard customizations based on user preferences. Users can customize their main screen to reflect the metrics and reports that they care about most by leveraging drag & drop “dashlets” (dashboard components) or selecting from pre-made layout templates. Customizable tabs, dashlet placement and order ensure that everything the user needs is just a click or two away. And users can export reports to Excel and PDF.
ISE 2.1 also adds task-oriented Work Centers for BYOD, posture, and profiling, in addition to existing Work Centers for TrustSec, device administration, guest and network access. Work Centers ease day-to-day configuration and management burdens, centralizing work associated with a given task to a single pane. Easily flip back and forth between tasks without having to jump around to disjointed data sources.
ISE 2.1 comes with several enhancements to the Streamlined Visibility Wizard, delivering a new level of visibility by making data more consumable. It includes a redesigned graphic user interface (GUI) that enables you to get set up and gain insights faster and more easily than ever before. First, the wizard itself – it’s now as simple as plugging in a toaster, making deployment much more convenient – you can deploy in as little as 10 mins. You can set up, go to lunch, and in a few hours the wizard pulls the information it needs from your network – you can start seeing value right away.
Second, you get to the data you’re looking for more quickly and easily. The reporting you receive is now more easily and quickly consumable thanks to the UI improvements. This means you can get a lot of the information about what’s on your network right from day 1. This is especially important as we move into the world of IoT, with more and more devices accessing the network.
In addition to the rich data and greater convenience of the Streamlined Visibility Wizard, ISE 2.1 also comes with enhancements to Context Visibility. With ISE 2.1, you gain the ability to aggregate, store and search high volumes of endpoint data, giving you greater visibility. ISE 2.1 collects data from multiple sources into one place, and its enhanced database stores more historical data than ever.
With ISE 2.0, you could log 250K endpoints – with ISE 2.1, you can now store data on 1.5M endpoints across 50 attributes, meaning you get a much deeper level of insight and can use ISE data in more scenarios. Instead of being limited to information on endpoints currently on the network , you can perform forensic analysis and get information on an endpoint that was on the network in a previous week.
Another benefit is that all of this information is in one place – the database pulls in data from logs, sys logs, reports – data that was scattered in many different places. Now, it’s all aggregated, and gives you a much deeper historical view. The UI a lot simpler and easier to use, so you can hone in on the information you need much more easily.
With pxGrid, Cisco is committed to an open, platform-based framework that allows us to improve the efficacy of Cisco's industry-leading offerings, such as the combined solution of Rapid Threat Containment with Firepower and ISE. The pxGrid framework also enables Cisco to integrate with ecosystem partners, enabling customers to use integrated, cross-vendor solutions that best fit their existing infrastructure.
Threat-Centric NAC:
New partner: Qualys - Qualys provides CVSS vulnerability scores, supplementing threat information from AMP and contextual awareness from ISE.
Cloud Access Security Broker:
New partner: NetScope
User Behavior Analytics:
New partner: Niara
Rapid Threat Containment: Utilizing integration via pxGrid Adaptive Network Control, Cisco ISE enables security ecosystem partners from a broad variety of technology areas to take network mitigation and investigation actions in response to security events.
New partners: RedShift Networks, TrapX, Attivo, Intelliment, ThreatTrack, and LemonFish
Existing ecosystem partner – expanding integration to new use case: FortScale
Identity Access Management:
New partner: Situational
Network Visibility:
New partner: Lumeta
Mobile Device Management:
New partner: Microsoft
One big challenge enterprises face is that it can be really difficult to obtain important data related to the devices and users accessing your network. Even when you know the contextual data you’re looking for is out there somewhere, but it is often opaque or hidden from view. And then, to complicate things even further, even when the location of critical data is clear, it is often only available within a limited silo of your network. For example, you might have access to a device name through the device manager, but the user name you’re looking for exists within the identity store, and meanwhile all of your application information would be somewhere else. Getting comprehensive visibility across all of your users, devices, locations, destinations and applications, especially when that data is in separate silos, is not easy. For that reason, it often requires multiple solutions to get a truly holistic view.
With the AnyConnect Network Visibility Module introduced in ISE 2.0, AnyConnect enhances the forensic capabilities available to you by effectively using the network as a sensor and extending the sensor capability all the way to the endpoint. It provides deeper visibility into the intelligence you need across endpoints, users, and applications, and makes it available in a single location. AnyConnect consolidates all netflow traffic being generated from an endpoint, enabling that data to be sifted through by collectors (such as Splunk) to identify anomalous behavior and trends that could indicate a compromised endpoint or that a user is using a device inappropriately.
You can exclude select context variables to meet privacy requirements.
With the increased ability to collect contextual information across the network, you gain auditing intelligence that enables greater insight and more informed action. Network admins can look at user and application behavior to make informed improvements in network design, overall capacity, etc. Security admins can look for behavior anomalies that could help them prevent the extraction of sensitive data. Desktop admins can leverage forensic analysis to aid their ability to minimize the spread of network threats across the rest of the network.
With a more holistic view of your network, your teams can collaborate to improve network operations and more effectively defend across wired, wireless, and VPN networks.
Another important capability is that AnyConnect NVM is “always-on”. If a user with AnyConnect on their endpoint isn’t on VPN, AnyConnect simple stores the information until AnyConnect VPN is re-enabled and sends the information to the NVM for analysis. This reduces blindspots.
We introduced AnyConnect NVM in a previous release. Our latest release includes refinements to the AnyConnect NVM capability – it’s now more flexible in terms of deployment and other capabilities. For example, NVM now offers a flexible collection policy – you can choose to collect data on only the attributes you care about, instead of collecting data on a fixed set of attributes. As another example, NVM now enables cached data throttling – you can choose how much data AnyConnect NVM will collect once a user who’s not connected via VPN gets back on the VPN.
Ease security policy setting
Set initial access policies quickly
ISE ships with predefined device profile templates for a variety of devices, but also allows administrators to create their own device templates based upon business needs
Create custom guest experiences with advertisements and corporate branding from one convenient place for free
ISE Deployment Assistant (IDA) reduces the time to design and deploy ISE with network assessment capabilities, network device configuration, and the ability to troubleshoot failed authentications
Update, maintain, and create new policies with ease
Create organization-specific policies with ease. For example: If there is a security threat on the most recent software update of an Android device, create a policy to block Android access and protect your network in minutes
Ensure all endpoints conform to the organization’s posture policies with a client-based agent, a temporary web agent, or a query to an external MDM/EMM system
Remove the hassle of certificate management by easily deploying an internal certificate authority that simplifies certificate management, and automatically revokes certificates of stolen devices
Limit unnecessary network exposure
Reduce the risk of threats spreading with simple segmentation through TrustSec
Since ISE is a software-defined security controller, it can enable networks to mitigate risks automatically
TrustSec provides a simple, scalable way to implement segmentation across the network
Use access control lists (ACLs), pre-configured profile templates, and multiple-level guest access to provide access on a strategic need-to-know basis, protecting critical segments of your network
Apply uniform policy across network solutions
Utilize your unified network as an enforcer to implement policy centrally and cascade it across your entire network
Ensure consistent security across your entire network by sharing user and device profiles from ISE with other network solutions
Prevent threats from compromising your network in real time
Contain threats with automated user and device quarantining
ISE integrates with Cisco FireSIGHT Management Center (FMC) to deliver Rapid Threat Containment. ISE automatically changes the Security Group Tag to suspicious, triggering policy enforcement which contains the device for remediation
Remove compromised users and devices
Instantly remove an endpoint’s access to the network based on preset standard or custom policies
Monitor and change the authorization of an endpoint without having to modify an overall system policy
With Threat-Centric NAC, we’re adding new vectors that enable better classification. That means you’re now able to go a step beyond contextual details on who, what, when, where and how – with ISE 2.1, you’re stopping threats by directly identifying them with vulnerability data from Qualys and threat intelligence from AMP informed by Talos, Cisco’s security intelligence arm. It starts with visibility – you’re able to see Qualys vulnerability scores and AMP threat intelligence data along with other contextual information. This information allows you to adjust policies in response.
You can also enable intelligent, automated policy updates (change of authorizations) based on Qualys vulnerability data, ensuring that your policies are always up to date based on the latest vulnerability levels. Qualys uses standard CVSS scores to assign a 1-10 score to each vulnerability, helping you investigate the most important items. Similarly, information from AMP is grouped by threat assessment – e.g. distracting, painful, etc.
ISE 2.1 now integrates with Cisco Firepower Management Center 6.1 to deliver better rapid threat containment, which basically enables the network itself to inspect and act as an enforcer of user access. By working with the pxGrid framework, FMC is able to download additional user data, device type data, device location data and SGTs from ISE. Besides the added visibility that ISE provides, this data is also actionable intelligence because it extends network control by enabling policy creation based on SGTs, device type, or other contextual data. The integration of FMC 6.1 and ISE 2.1 means you get to leverage the latest enhancements in both solutions.
In the use case included here, Firepower Management Center is able to scan the activity of authorized users across all approved devices that are connected to the corporate network. Whenever suspicious activity, malware, or any other potential threats are detected, FMC alerts ISE using pxGrid, and the Security Group Tag is automatically changed to “suspicious”. Based on that new SGT, network enforcers informed by pxGrid automatically enforce policy on the network. According to policy, the device is contained for remediation or mitigation. You can set things up so the user receives a notification informing them that they have been blocked from the network due to infection. You can also automatically redirect infected users to a remediation portal where the threat is addressed and the user is seamlessly let back onto the network.
Through the automated inspection and enforcement of network access policy, FMC and ISE together provide greater network security through early threat detection and rapid threat containment.
Finally, customers have the ability to leverage Cisco’s growing partner ecosystem to implement the rapid threat containment solution that is best for their current infrastructure and business needs. Cisco has a rapidly growing ecosystem of partners that leverage ISE and pxGrid to deliver rapid threat security. We’ll talk in a moment about our growing partner ecosystem