To enable actionable accountability, establish clear measurement criteria based on roles and responsibilities. Then enable people to act and challenge the metrics to align to a new business model allowing them to measure that progress. Remember that criteria should be cross-functional and applied through organizational lines of authority. In addition, measurements should roll up and be visible from entry-level workers all the way to executive leadership.
This approach is “actionable” because it prioritizes empowering employees to do their jobs in a way that supports digital transformation. And it ensures change is happening as it should—both rapidly and in a way that maximizes value. It’s about “accountability” because places where execution diverges from strategy can be quickly identified enabling the appropriate people to make corrections to stay on track.
At Cisco, we strive to achieve transparency in how our transformation unfolds. This is a daily focus which requires commitment to challenge business-as-usual. At every turn, my partners in finance and operations and I ask: Is a given action improving value for our customers? Is it actually accretive to shareholder value? Is it moving the needle on our main digital transformation KPIs?
Given the accelerating pace of change, measuring accountability with outdated policies, procedures, and tools doesn’t work. Companies that win will measure and manage their transformation in as close to real time as possible. Companies that execute and manage in the rearview mirror will eventually give way to more agile and innovative competitors.
By developing a core managerial and organizational competency of actionable accountability, you will unleash and direct the power of your most vital asset—empowered employees. Clarity drives speed. Empowered employees drive organization innovation.
In my next post, I plan to talk about what leaders need to do to reinvent their operating models and the importance of putting equal focus into portfolio innovation to drive a holistic digital transformation.
Indicators of Compromise (“IOC”) are used to suggest a system has been affected by some form of malware. An Indicator of Compromise can be anything from a file name to the behavior observed while malware is actively running on an infected system.
Where do they look? Social media, new feeds, industry reports, Threat Grid sample analysis reports — all of these are excellent sources for Indicators of Compromise. Artifacts that are left over after the malware has executed are potential IOCs. Even the lack of artifacts can indicate there may be a problem.
Why is this important? Because understanding what IOCs are being observed can help us to protect our systems and our users in several ways:
Proactively
Retrospectively
Incident Response
Proactively: Having the knowledge of what IOCs are out there can help us develop defense methodologies to prevent new malware infections. These can be used to develop signatures (including YARA, open IOC, AV signatures, and even Behavioral Indicators, which are a type of signature-based detection), set firewall rules, and improve defensive mechanisms, in order to prevent malware attacks. By proactively blocking network locations, for example, we are able to both protect ourselves from malicious locations and prevent malware communications with command and control.
Retrospectively: We can use knowledge of IOCs to deny potential threats the ability to gather any information during the reconnaissance phase of the planned attack. This knowledge also helps us to identify threats during the malware delivery, exploitation, and installation phases, and provides important opportunities to deny attackers the ongoing access they desire.
Incident Response: Incident responders can use IOC information to aid in threat triage and remediation. IOCs help to identify specific strains of malware, and provide invaluable information for responders. This information enables responders to better understand how threats were able to infiltrate their systems. By knowing what IOCs to look for, we can quickly and efficiently locate and resolve any damage the threat may have caused to our system and our users.
There are many different defense strategies that can be implemented to protect an organization. In our experience, each organization is like a unique snowflake; no two are alike. Each one requires extensive, detailed knowledge of the infrastructure in question to be able to utilize all the information available. There are many different IOCs. Knowing which ones will be useful, which ones you can consume, and which ones are not useful, is a combination of experience and knowledge of the tools in place that you can leverage to protect your organization.
AMP Threat Grid provides an extensive selection of IOCs that can be leveraged to protect your organization, and only limited by your ability to consume them. Often the simplest IOCs come in the form of malware information feeds.
AMP Threat Grid provides the following feeds to our customers:
Feed
Description
autorun-registry
Contains registry entry data derived from querying registry changes known for persistence
banking-dns
Banking Trojan Network Communications
dll-hijacking-dns
Contains domains communicated to by samples leveraging DLL Sideloading and/or hijacking techniques
Modified Windows Hosts File Network Communications
parked-dns
Parked Domains resolving to RFC1918, Localhost and Broadcast Addresses
public-ip-check-dns
Check For Public IP Address Network Communications
ransomware-dns
Samples Communicating with Ransomware Servers
rat-dns
Remote Access Trojan (RAT) Network Communications
scheduled-tasks
Feed containing scheduled task data observed during sample execution
sinkholed-ip-dns
DNS entries for samples communicating with a known DNS sinkhole
stolen-cert-dns
DNS Entries observed from samples signed with a stolen certificate
For more detailed information on specific threats, we provide users with access to our analysis reports. These reports provide highly detailed information that can be used in each of the three aspects we discussed above. The reports are curated subsets of the complete analysis document. The sample metadata is included in the feeds:
Figure 1: Metadata in each sample
We call out specific behaviors based on their severity and confidence. These behaviors are categorized as malicious, suspicious, and informational. Malicious behaviors are indicated in red
Figure 2: Behavioral Indicators
In addition, we provide detailed descriptions and artifact information associated with the behaviors to aid analysts and responders. Clicking on the “+” sign will open an explanation and detailed view of each behavioral Indicator:
Figure 3: Explanation of the behavioral indicators
We can use these specific behaviors to aid in the discovery of infected systems. We provide detailed network information as well as the complete PCAPs that may be downloaded by the user if further analysis is desired.
This is the network overview:
Figure 4: Network traffic generated by analyzed sample
Again, each of these items can be expanded to gain new insights on the network. This level of detail can provide invaluable knowledge about what the malware is attempting to do.
TCP streams trying to call out – pivot off these to find out if they are malicious (good plug for Chrome extension)
If IP are still connecting to ransomware CNC, can block connection up front
Or if buried in Word Macro, block file hash in A4E
Figure 5: Word document is requesting information
The report shows all the processes that are launched when the sample is executed, and how the malware is being installed and run on the system. This allows responders to see precisely what a particular malware sample is doing on a system. This knowledge aids in speeding remediation, and allows defenders to modify and architect defenses to allow rapid detection and containment of the malware.
Figure 6 Word is executing a DLL
In addition to the process information, we also extract the commands being used to launch the malware. We notice from the behavioral indicators (Figure 1 & 2) that the document in our example appears to be malicious. We can see from the command and the disk artifacts that this is the analysis report for the most recent iteration of the Locky ransomware. Here is a short video showing all all this in action:
You can see from just these few examples where we can find IOCs and what we can do with them once we find them. From signatures for IDS/IPS and WAF, to YARA signatures, firewall rules, AV signatures, or strings to search through logs, the possibilities for finding useful Indicators of Compromise are limited only by one’s ability to creatively use the information to which we have access.
The world is going digital. And networking is going virtual. For service providers, it’s both a challenge and an opportunity.
It all starts with shifting customer demands. Consumers want more video. Businesses want services on demand.
And by 2020 there will be an estimated 24 billion devices connected to the Internet of Things – smart homes, smart cities, smart cars, even entire manufacturing chains.
It’s a future of new models of consumption and expanding revenue opportunities.
But delivering on existing networks will be complex and costly.
So how can you take advantage and experience all the benefits, not just escalating costs?
VIRTUALISATION IS THE ANSWER
At Cisco we believe the future is virtualisation. Smart networks that enable simple, agile and automated creation of new services and applications.
NEW OPPORTUNITIES
It could be consumers creating their own bespoke entertainment packages.
An app store of business applications.
Or virtual networks dedicated and optimised for the Internet of Things.
Virtualisation means you can be ready for the future. Not left behind. Or overtaken by competitors.
WHY CISCO?
Cisco’s unrivaled knowledge of Service Providers means we lead the industry in bridging the gap between physical and virtual networking.
We give you a complete end-to-end solution.
Infrastructure, virtualised network functions and advanced operations.
Simplifying the day-today, increasing performance and lowering your costs.
And it’s the most extensive orchestration ecosystem available.
Meaning you can continuously innovate to deliver new services, all while ensuring pervasive security.
So you can differentiate your business, meet new demands and explore new business models.
LET’S GET TOGETHER
Cisco is already working with market-leading service providers to move forward with virtualisation.
Helping them use the potential of programmable networks to create innovative, business-driving customer propositions.
Together, let’s get your network ready for the future.
A vulnerability (CVE-2016-9244) was recently disclosed affecting various F5 products due to the way in which the products handle Session IDs when the non-default Session Tickets option is enabled. By manipulating the Session IDs provided to affected products, an attacker could potentially leak up to 31 bytes of uninitialized memory. This vulnerability can be used to retrieve potentially sensitive information from affected devices such as SSL session IDs from other sessions, or the contents of uninitialized memory.
Cisco Migrates Thousands of Business-Impacting Apps with Higher Accuracy and Confidence, Saving 70% in Staff Time
Recently, Forbes Insightspublished a survey of hundreds of CIOs about their views on the challenges and the opportunities to migrate to a hybrid IT environment. Not surprisingly perhaps, more than 60% of this executive survey said that adopting a hybrid cloud strategy was critical to their overall IT planning. These leaders were also willing to put their money where their mouths were with more than 70% of these IT executives said that their organizations were planning to expand their hybrid-cloud investments from 10 to more than 60 % within the next two years.
One CIO who has his finger clearly on the pulse of this trend is Guillermo Diaz who is leading the Cisco IT through its multi-year transformation as a foundation for the company’s overall digital business transformation. This includes identifying and migrating thousands of business applications to a hybrid cloud and the implementation of a software defined, zero-trust operations that improves operational efficiency while ensuring better compliance of ever-evolving security policies.
This transformation is an ambitious undertaking. Cisco IT’s data center footprint is global and it manages thousands of applications that directly support end users and strategic corporate initiatives such as M&A. Cisco IT is committed to this transformation through process, technology and culture with the goal of fully digitizing its business and operations like so many Cisco customers. Achieving this goal requires Cisco IT to drive simplicity through automation, gather insights and apply data analytics to improve its operations in a continuous develop-and-deliver model.
It is no wonder Cisco IT was one of the earliest adopters of Cisco Tetration Analytics giving the staff visibility into all network flows within the Cisco data centers, in real time. Specifically, Cisco IT is using Tetration as the enabling platform to map application interdependencies in far less time and with much higher accuracy and confidence than possible without this visibility and insights. This is a key step toward the ultimate goal of placing these apps under the dynamic policy enforcement umbrella of Cisco’s Software Defined Architecture, known as Cisco ACI, that extends compliance across different data centers, even as application and tenant policies are modified.
An example of the Cisco Tetration application dependency map, a key insight necessary to ensure fast and reliable app migrations. Tetration enables this type of mapping in just days, not months, resulting in business benefits such as simplifying migration toward SDN and the cloud as well as improving business continuity and disaster recovery.
The impact Tetration has had on the Cisco IT transformation has already been impressive. Cisco IT has been able to identify and prioritize over 2000 applications including business-critical apps and more than 1000 subnets for migration. The visibility and insights Tetration provided reduced the overall staff time needed to carry out the necessary analysis and establish a zero-trust security model by at least 70%. This translates to time savings of 3,650 skilled staff hours for every 100 applications migrated.
Cisco CIO, Guillermo Diaz, explains the quantifiable business benefits of using Cisco Tetration to migrate business-critical applications to a hybrid cloud to achieve cost savings and operational agility.
Cisco IT will be leveraging the capabilities of the latest Cisco Tetration version that delivers enhanced security, new deployment options, and open platform extensibility. This will help accelerate the Cisco IT transformation even faster giving this world-class organization the means to “know the now” and respond just as quickly in ways that were previously unattainable or even imaginable. In this sense, Cisco Tetration is one of the most strategic platforms in the Cisco portfolio, one that embodies every pillar of the Cisco Analyze, Simplify, Automate, and Protect defined hybrid cloud data center.
Guillermo Diaz will be on-hand at Cisco Live! Berlin to discuss Cisco IT organization’s Tetration deployment and its transformation journey. Specifically, he will be a guest speaker in Ruba Borno’s opening keynote address on Tuesday Feb. 21 (9:30 am local time) and then will speak at the Next-Gen Data Center Innovation Talk later that afternoon (2:15 pm local time).
When the commercial internet was young, IT structure was relatively simple. Today, though, growing complexity is one of IT’s biggest security challenges. The more complex the system, the greater the attack surface. It is much easier now to hide multi-pronged attacks in different layers and parts of the IT infrastructure. Virtual machines, BYOD, “-aaS” environments, hyper-connectivity, automation and professional cybercriminals have created an onslaught of vulnerabilities that yesterday’s cybersecurity cannot address. Organizations need a multi-pronged security approach, and this is best accomplished in the context of teams.
Teamwork: what cybersecurity needs now
Cybersecurity jobs have seen a growth spurt that is reflected in the new federal NICE Cybersecurity Workforce Framework (NCWF) due to its new recommended roles and responsibilities. One of the big takeaways from this latest model is the need for teams. Cybersecurity is much too big a task now for just one lone defender.
These jobs are growing three times faster right now than IT jobs in general, and 12 times faster than the overall job market. In a 10-year period, cybersecurity jobs grew 74 percent. That growth continues to accelerate.
By 2019, just two years from now, organizations will face a global shortfall of 1.5 million cybersecurity trained workers. This crunch has boosted cybersecurity job salaries 9 percent higher than other IT professional positions. Hiring qualified, trained cybersecurity professionals is a huge challenge. That’s why more than one-third of employers ask job candidates for industry certifications.
In the U.S. Department of Defense’s 8750 directive, each job role has a set of certifications designed to help show that a person has the minimal amount of training, knowledge, skills and abilities to perform that role. Security certifications are now also being mapped into NCWF, too.
A significant number of the new categories jobs in cybersecurity reflected in the security specialty areas of the NCWF framework have some operations aspect. In the real world, many jobs may overlap multiple specialty areas, and may be covered at least in part by the same certifications. For example, a Computer / Network Defense job role may include elements of detection, response, forensic investigation, or “clean up” activities, depending on the person’s skills and the size of their team.
While the NCWF framework was developed for the federal government, it may also be suited for large enterprise organizations that can support security departments numbering in the hundreds. For smaller businesses or organizations, this large-scale framework can be overwhelming, especially considering that many of the many of the job roles must be staffed 24/7. This means organizations need multiple people to fill each functional area.
What security teams can look like now
Smaller organizations should look at a simplified model to get a handle on staffing the security team and covering all the bases. A simplified model provides a great starting point to helping management understand how to meet the entire spectrum of their security needs.
The model begins with breaking down security job functions into four teams or groups.
Group One is comprised of CISOs, CSOs, executives, and managers. Their job is to:
Understand regulatory and legal compliance.
Understand business risks, priorities and tradeoffs.
Set budgets, and organizational priorities and policies.
Group Two is staffed by security architects. They:
Set security strategy.
Understand and evaluate new and existing security technologies.
Design security controls to meet requirements and budgets.
Define and revise security architecture and controls.
Define security procedures and best practices.
Frequently also hire and build out the rest of the security team.
Group Three is made up of security engineers, technicians and administrators. Their goals are to:
Deploy new systems using best practices and architect guidelines.
Build out and implement the security architecture.
Respond to requests from the architect and security operations, making changes to existing security controls as needed.
Group Four is security operations. This is frequently the front lines of information security. The job of this group is to:
Respond to and investigate security attacks or events.
Mitigate/clean up after security breaches.
How many team members will an organization need? It will depend on the organization’s specific situation. The common denominator for all organizations, though, is the need for team members to keep their security skills current, and have a training and development program in place for their team members to grow their skills and keep current with the latest threats and security technologies. With the global shortfall of cybersecurity skills, a robust talent development program can incentivize employees to remain on board. A team with the appropriate and up-to-date training and certifications will be an effective team that is equipped to meet present and future security challenges.
Want to learn more about how to get the skill sets needed to meet these challenges? Visit the Cisco Learning Network.
You may be wondering why Cisco AMP for Endpoints was not included in Gartner’s 2017 Magic Quadrant for Endpoint Protection Platforms (EPP). Traditionally, Gartner placed Cisco AMP for Endpoints within their Endpoint Detection and Response (EDR) category of endpoint security tools. But as buyer needs evolve, so does the market category. In fact, looking at Gartner’s parameters for EPP in the recently released report, AMP for Endpoints satisfies and exceeds in many feature categories of EPP. Gartner also added a few AMP for Endpoints competitors to the EPP MQ that they traditionally categorized as EDR, like Carbon Black, Crowdstrike and Palo Alto Networks.
So, where does an EPP end and an EDR begin? The lines are pretty blurred on this, as even Gartner points out in the report. The evolution of the marketplace is driving a convergence of capabilities. This convergence is creating a new breed of endpoint security tools that can no longer be neatly packed into a well-defined box, like EPP or EDR. In fact, Gartner predicts that “by 2019, EPP and EDR capabilities will have merged into a single offering.” This development is a positive one for consumers of endpoint security technology, as it provides a comprehensive set of capabilities within one platform, eliminating the need to manage two different tools and interfaces. It also means tighter integration and correlation between the primary functions of a comprehensive endpoint security strategy – prevention capabilities provided by EPPs, and detection and response capabilities (if something evades preventative measures) provided by EDRs.
We appreciate that Gartner recognizes this changing landscape and convergence of capabilities, as Cisco AMP for Endpoints embodies this evolution. Cisco AMP for Endpoints provides next generation capabilities to prevent attacks (like an EPP is designed to do), as well as capabilities to quickly detect and respond to advanced malware if it evades preventative measures (like an EDR is designed to do).
So how does Cisco AMP for Endpoints do this?
Prevent: AMP for Endpoints blocks malware and helps strengthen endpoints from attack:
Global Threat Intelligence – Prevention starts with strengthening your defenses using the best global threat intelligence so you can block malware as new threats emerge. Cisco’s team of threat researchers continuously feed threat intelligence into AMP for Endpoints so customers are protected 24/7.
Malware Blocking – AMP for Endpoints uses a framework of complementary detection engines, including one-to-one signatures, fuzzy fingerprinting, machine learning, and an AV detection engine—all working together to catch and block malware before it can execute.
File Sandboxing – A built-in sandbox automatically analyzes unknown files against over 700 behavioral indicators to detect malicious files and automatically block and quarantine them.
Proactive Protection – Closing attack pathways before they can be exploited is a key strategy for preventing compromise. AMP’s vulnerable software feature shows you all the software on your endpoints that can be exploited, with the ability use application control to harden against attacks. AMP’s low prevalence capability detects targeted malware and prevents it from slipping under the detection radar.
One of the key tenets of a next generation endpoint security solution is the ability to go beyond prevention, since no prevention method will ever catch 100% of threats, 100% of the time.
Detect: That’s why AMP continually monitors all activity on your endpoints to quickly spot malicious behavior, detect indicators of compromise, and drastically decrease time to detection.
Continuous Monitoring and Analysis – Once a file lands on the endpoint, AMP for Endpoints continues to watch, analyze, and record all file activity, regardless of the file’s disposition. If malicious behavior is detected at some point in the future, AMP can automatically block the file across all endpoints, and show the security team the entire recorded history of the malware’s behavior. You can see where it came from, where it’s been, and what it’s doing across all of your endpoints: PC, Mac, Linux, mobile devices. This helps you understand the full scope the compromise and quickly respond.
Agentless Detection – AMP for Endpoints delivers agentless detection, a unique capability that detects compromise across customer environments, even if a host does not (or cannot) have an agent installed. Using Cisco’s Cognitive Threat Analytics (CTA) technology, AMP inspects web proxy logs to uncover things like memory-only malware and infections that live in a web browser only.
File-less detection – Get visibility into what command line arguments are used to launch executables to determine if legitimate applications, including Windows utilities, are being used for malicious purposes. For instance, see if vssadmin is being used to delete shadow copies or disable safe boots; see PowerShell-based exploits; see into privilege escalation, modifications of access control lists (ACLs), and attempts to enumerate systems.
Respond: AMP for Endpoints provides a suite of response capabilities to quickly contain and eliminate threats across all endpoints, before damage can be done.
Threat Hunting Made Easy: Accelerate investigations and reduce management complexity by easily searching for threats across all endpoints using AMP’s simple, cloud-based UI. Search across the cloud and the endpoint to see file, telemetry, IoC, and threat intelligence data. Uncover artifacts left behind as part of the malware ecosystem. These capabilities let you quickly understand the context and scope of an attack so you can stop it fast.
Surgical, Automated Remediation: When AMP sees a threat, it automatically contains and remediates it across all of your endpoints. Instantly, full-stop. No need to wait for a content update. Also, with just a few clicks, you can block a specific file across all or selected systems; block families of polymorphic malware; contain a compromised application being used as a malware gateway and stop the re-infection cycle; and stop malware call-back communications at the source, even for remote endpoints outside the corporate network.
In my previous blog, I shared the importance of ubiquitous malware defense. Specifically, it’s critical as the Internet of Things (IoT) continues to proliferate, connecting a larger number of devices with vastly diverse capabilities. The answer is fog computing, because fog nodes bring more computing capabilities closer to the end devices and can work together to collectively detect whether a file is infected by malware—and respond as needed.
But what about massive scaling? Consider the crucial question: How can we determine the trustworthiness of the many distributed and remote devices and systems in the IoT? Secure scaling to a large number and many types of devices is possible with what we call Crowd Attestation. This is a new approach that enables a system to attest to its trustworthiness—without requiring every individual device to attest to its own trustworthiness.
This can be accomplished in the fog by allowing a subset of devices in a system to act as attesters. Each attester attests to its own trustworthiness, while also monitoring, evaluating, and vouching for the trustworthiness of selected other devices. The set of attesters collectively cover all devices in the system. In other words, every device, including every attester, is monitored and attested to by at least one attester.
The attesters can treat the monitored devices as:
Black Boxes
The attester is assumed to have no knowledge about the internal characteristics and status of the monitored device and can’t rely on the monitored device’s help for monitoring. Instead, the attester will rely on the monitored device’s externally observable behaviors and characteristics to detect any abnormality.
Gray Boxes
The attester is assumed to be able to obtain measurements of some internal characteristics of the monitored device. Such characteristics may include, for example, profiles of authorized program files, device temperature change patterns, electric current patterns, RAM access and usage patterns, and RF signal patterns.
Flexible Boxes
The attester is assumed to be able to probe the monitored device and cause it to react in ways that can help reveal potential compromises to the device.
The Black Box approach is the most conventional approach. It analyzes a device’s externally observable behaviors and characteristics in the:
Cyber domain (e.g., patterns of network traffic to and from the device)
Physical domain (e.g., video surveillance)
Both cyber and physical domains
Black-box monitoring requires no changes to the monitored devices. However, a compromised device could fake its external behaviors in the cyber domain, physical domain, or both.
The Gray Box approach can also leverage help provided by a monitored device. For example, an agent inside a monitored device can measure a selected set of internal properties of the monitored device and report the results to the attester.
However, a compromised device could falsify such measurements by altering the measurements sent to the attester directly, compromising the agent itself, or falsifying the input to the agent on the monitored device.
The good news is, in many real-world scenarios, an attester can challenge a monitored device in ways that will make it difficult for a compromised device to correctly answer the challenges. This is what we call Flexible-Box monitoring.
Multiple attesters can further collaborate with each other to jointly determine how trustworthy a monitored device is by correlating their observations on different aspects of the monitored device’s behaviors.
As more and more things come online, security continues to be a pivotal concern. Crowd Attestation uses fog computing to provide security services to resource-constrained devices and systems. And is a step in the right direction as we enter a world limited only by our imagination.
In my next blog, I’ll share my thoughts on Dynamic Risk-Proportional Protection with Adaptive Immune Security.
Berlin becomes a whole new city in winter. And February is especially notable, as you can see all kinds of premieres and rub shoulders with the glitterati. This is when famous movie stars make their way down the red carpet for the international film festival Berlinale. For me, the special draw is Cisco Live Berlin and the opportunity to speak German.
A week from now, Cisco Live Berlin will be ready to rock at the Messe Berlin. From a Cisco Data center standpoint ACI,Tetration and ASAP continue to grab the headlines. In particular, Cisco ACI has established itself as the dominant SDN technology with more than 2,700 plus customers and a growing eco-system of 65 partners in just two and a half years. In this blog, I am going to present excerpts of what attendees can broadly expect to see and experience at the buzzing event, and I will take you on a tour of how Cisco Data center is ready to engage and enrich you.
Keynotes
At the outset, I’d recommend that you attend all keynotes to understand Cisco’s strategy for emerging technology trends and market transitions. Join Ruba Borno, Cisco’s Vice President of Growth Initiatives and Chief of Staff to CEO Chuck Robbins on Feb 21, 9.30 am at the opening keynote. Ruba will share Cisco’s vision that the only future-proofed solution for digital transformation is the next-generation secure network. Ruba, an engineer herself, will be joined on stage by some of your peers to discuss their stories of business and personal transformation. They will share what engineers must do to keep pace with the changing face of technology and how the simplicity Cisco provides can help you drive change.
Don’t miss several technology innovation talks occurring throughout the week. Cisco Exec Ish Limkakeng and Liz Centoni’s joint session on Next Gen Data Center is going to be a sell-out. This year we also have Innovation sessions featuring security, collaboration, enterprise networking among hot topics. Make sure to check them out.
Now I want to segue to ACI and Tetration specifics. The last year has been phenomenal from an ACI eco-system momentum standpoint. F5 and Citrix, leading ADC vendors, have developed joint solutions with ACI and we have experienced several customer wins and success stories.
ACI Solution Partners
Citrix is a platinum sponsor at Cisco Live Berlin. This year, Citrix has a signifcant presence in the partner area, at booth P2. At booth P2, see trusted innovators from Citrix that can help you to meet the rapidly changing needs of users and new applications using software-defined networking to modernize data centers and secure delivery of apps and data over any network. Engage Citrix experts on how to securely deliver apps and data over any network with Citrix XenDesktop, XenApp, and NetScaler on Cisco UCS/HyperFlex virtualization infrastructure that result in increased productivity, business agility and differentiation for your business.
There are multiple sessions featuring Citrix NetScaler with Cisco ACI. At the CMAX Theater, we have a presentation (BRKPLT-2000) on Tuesday, Feb. 21 @ 16:15: “Enabling secure delivery of apps and data with superior performance and agility via Citrix and Cisco”, by Raj Gulani, Senior Director, Product Management, Citrix. Accompanying Raj is Christian Reilly, VP/CTO, Citrix in the presentation. There is an Innovation Theater presentation on Wednesday, Feb. 22 @ 14:15: “Delivering the best load balancing, virtual desktops and application delivery networking with Cisco and Citrix.” Citrix has been a regular at Cisco Devnet zone, every year. This year, Citrix is doing a DevNet Theater Presentation on Wednesday, Feb. 22 @ 13:00: “DevOps and Developers – Citrix and Cisco programmatically simplify deploying and managing apps on premise and in the cloud. Lastly, there is another Innovation Theater Presentation on Thursday, Feb. 23 @11:05: “Gain business agility through datacenter transformation with Citrix and Cisco.” As for me, I am presenting at the Citrix mini-theater (inside their booth) on ACI-NetScaler solution benefits.
For your benefit, we also have a detailed white-board video illustrating various ACI and Citrix NetScaler deployment scenarios. There are many other exciting activities to offer, which you can check out at the Citrix Booth P2.
F5 is a platinum sponsor and has a big presence at Cisco Live Berlin this year to delight the attendees. Visit F5 at booth P3 to meet with subject matter experts and watch live demos of F5 and Cisco solutions that enable rapid, secure, and reliable L2–7 services across physical, virtual, and cloud platforms. F5 has 4 key breakouts this year, on diverse topics. Attend F5’s technical breakout session BRKPLT-2004 led by Vincent Ng, for a Technical Deep Dive on real world ACI and F5 BIG-IP F5 Designs & Deployments. Vincent is complemented by Jeffrey Wong in a power-packed session BRKPLT-2300 that takes you on a journey of simplifying Application and Infrastructure deployments using Nexus 9k and BIG-IP. F5 also has big demo presence this year featuring 4 demo pods, predominantly featuring ACI and BIG-IP solution. In addition, there are mini-theater short presentations, Tuesday through Thursday, repeated every 15 minutes. Check out F5’s In-Booth schedule to pick your topic and time of day. I am honored to present at F5’s theater this year on today’s most hot topic of application agility.
AlgoSec, the leading provider of business-driven security policy management solutions, will be showcasing its integrated solution for Cisco ACI, including its new Connectivity and Compliance App in booth E-35-36 at Cisco Live Berlin. Additionally, Anner Kushnir of AlgoSec and Juan Lage of Cisco will be presenting a joint session on accelerating data center application deployments, on Wednesday, February 22 at 11:05 am in the Innovation Theatre, World of Solutions.
The value of the partnership between Tufin and Cisco is centered around achieving greater business agility. Stop by the Tufin booth at E11-E12 to learn more about Cisco ACI – Tufin partnership, see a demo, and learn how Tufin and Cisco can benefit your organization. The Tufin booth will also feature four “Meet the Experts” presentations with Cisco’s Ravi Balakrishnan: Feb 21 – 23, “Orchestrating Application Connectivity with Cisco ACI & Tufin”. Come and learn how Tufin orchestration suite works with Cisco ACI and Cisco Tetration analytics platform and see insightful demos.
Demos and Theater Presentations at WOS
At the World of Solutions (WOS) this year, SDN/ACI, Tetration Analytics, UCS and Cloud take center stage in the Data Center category. There are multiple demos showcasing ACI and Tetration innovations. Let me walk through the highlights.
Tetration is a ground-breaking Cisco innovation in recent times. At the Tetration demo area, customers can learn the details about end-end application visibility and automated white-list policies for granular segmentation. Meet our experts to enquire about the recent innovations such as automatic policy enforcement, Tetration Apps, flexible form-factor based flexible deployment options among major ones. The recent Feb 1 launch of Tetration innovations have attracted terrific endorsements from customers, partners and media. Check out ecosystem partner quotes here. And do not forget to read Tom Edsall’s blog.
On the ACI front, we are illustrating via demos how to manage multiple ACI pods from a single APIC cluster, enabling you to build networks that enable multi-data center applications and disaster avoidance/recovery. We have plenty of excitement for you to see live action at the Cisco App Center demo pod. In particular, we are showcasing the apps developed by our partners and community in areas such as monitoring, troubleshooting, and security. Some of the key apps developed are those from ServiceNow, Infoblox, Splunk and AlgoSec. Stop by, and I will be there to take you on a tour of these demos.
There are ACI security demos as well that show how you can secure workloads across east-west traffic in a mixed environment of heterogeneous hypervisors and bare-metal servers. You will also learn about user-identity based Micro-Segmentation for secure (VDI) access, and Trustsec and ACI identify and group policy integration between Enterprise and ACI data center.
We also have demos featuring the Cisco Cloud Center coupled with Cisco ACI. This demo depicts how ACI can deliver end-to-end provisioning, visibility, and mobility, all from the perspective of what an application needs – a departure from micromanagement of network objects. The demo highlights the ease of application provisioning and application modeling, with a heavy emphasis on cloud governance.
We also have a ”Meet the Engineer” program, which gives you the opportunity to engage with a Cisco engineer in a 1:1 conversation focused on your unique questions and challenges. Click here to setup a 1:1 session. Finally, you have access to our subject matter experts staffing the booth demos. They will give you a real-life demo and explain how these are relevant to your needs.
So stop by the WOS to explore new technologies and get answers to your unique questions.
In addition to the hands-on demos, we also have round the clock mini-presentations at the WOS Cisco Education Zone mini-theater. This year we have several exciting ACI theater topics such as “Secure and Accelerate your Applications with policy-based L4-L7 services”, plus many more. If you are hard pressed for time, these sessions are ideal for you given their short duration nature. They will give you a quick overview on innovative features and architectures of technologies like Cisco ACI, Tetration, Cloud center. Check our WOS Theater roster in the agenda handout.
Breakout Sessions
To your heart’s delight is how I’ll describe Cisco technical breakout sessions. Yes, we have more than 700 breakouts from industry recognized experts at the show. Hall of fame elite speakers Carlos Pereira, Mike Herbert sessions are must-attend. ACI and Tetration breakouts feature prominently, and the legends of the ACI domain including Mike Cohen, Juan Lage, Yogesh Kaushik, Victor Moreno, Jim French, Thomas Scheibe all are presenting stimulating sessions. Visit the sessions catalog to choose from 60 plus ACI and 10 plus Tetration sessions. Search the session catalog to pick your choice sessions. I recommend Yogesh Kaushik’s PSO breakout PSODCN-1800 which takes you on an end-end journey of how real-time Tetration analytics will simplify Data Center administrative challenges including network hardening, application mobility, security, DevOps and disaster recovery. Also BRKACI-1008, an introductory technical session by ACI big guns Jaimin Patel and Azeem will give you an end-end view of the Cisco App Center. You can learn how users can write custom applications and hosts those in Cisco APIC without worrying about Role Based Access Control (RBAC), single sign on and HA issues. Jaimin and Azeem will also go in details of the App Center architecture, types of applications that can be developed, security, how much resources are available as well as distribution of those apps.
There is a Tech Field day event, hosted by Cisco Tetration experts Tim and Remi on Feb 20, 1.45 pm local time. This one hour session on Tetration includes a walk-through of new features like automatic policy enforcement, asset tagging, multi-tenancy and Tetration Apps. We also have a cool demo following that to illustrate all of the above.
As a Cisco Live attendee, you benefit from the opportunity to interact with your peers, Cisco staff and partner technical experts in both structured and informal settings. Our Welcome Reception and Customer Appreciation Event a
