“Those who cannot remember the past are condemned to repeat it.” – George Santayana
The Prequel
In March 2017, Microsoft released a security update for various versions of Windows, which addressed a remote code execution vulnerability affecting a protocol called SMBv1 (MS17-010). As this vulnerability could allow a remote attacker to completely compromise an affected system, the vulnerability was rated “Critical” with organizations being advised to implement the security update. Additionally, Microsoft released workaround guidance for removing this vulnerability in environments that were unable to apply the security update directly. At the same time, Cisco released coverage to ensure that customers remained protected.
The following month, April 2017, a group publishing under the moniker “TheShadowBrokers” publicly released several exploits on the internet. These exploits targeted various vulnerabilities including those that were addressed by MS17-010 a month earlier. As is always the case, whenever new exploit code is released into the wild, it becomes a focus of research for both the information security industry as well as cybercriminals. While the good guys take information and use it for the greater good by improving security, cybercriminals also take the code and attempt to find ways to leverage it to achieve their objectives, whether that be financial gain, to create disruption, etc.
Posting this blog on behalf of Babi Seal, Senior Manager, Product Management, INSBU and Lukas Krattiger, Principal Engineer, INSBU
Virtual Extensible LAN or VXLAN for short has been around since 2011 as an enabling technology for scaling and securing large cloud data centers. Cisco was one of VXLAN’s lead innovators and proponents and have demonstrated it with a continual stream of new features and functionality. This momentum continues with our announcement of the newest Nexus OS release NX-OS 7.0(3)I7(1), also known as the “Greensboro” release; available for the Nexus 3000 and 9000 family of switches. This release is jam-packed with NX-OS innovations in the areas of security, routing and network management, only to name a few.
The series of blogs will highlight some exciting new VXLAN-related features shipping as part of the Greensboro release. In this blog, we’ll look closely at three individual features: Tenant Routed Multicast, Centralized Route Leaking support, and Policy-Based Routing with VXLAN. In the next blog we give a closer look on VXLAN Ethernet VPN (EVPN) Multi-Site support.
Tenant Routed Multicast (TRM)
This feature brings the efficiency of multicast delivery to VXLAN overlays. It is based on standards-based next-gen control plane (ngMVPN) described in IETF RFC 6513, 6514. TRM enables the delivery of customer Layer-3 multicast traffic in a multi-tenant fabric, and this in an efficient and resilient manner. The delivery of TRM fulfills on a promise we made years ago to improve Layer-3 overlay multicast functionality in our networks. The availability of TRM leapfrogs multicast forwarding in standards-based data center fabrics using VXLAN BGP EVPN.
While BGP EVPN provides control plane for unicast routing ngMVPN provides scalable multicast routing functionality. It follows an “always route” approach where every edge device (VTEP) with distributed IP Anycast Gateway for unicast becomes a Designated Router for Multicast. Bridged multicast forwarding is only present on the edge-devices (VTEP) where IGMP snooping optimizes the multicast forwarding to interested receivers. Every other multicast traffic beyond local delivery is efficiently routed.
With TRM enabled, multicast forwarding in the underlay is leveraged to replicate VXLAN encapsulated routed multicast traffic. A Default Multicast Distribution Tree (Default-MDT) is built per-VRF. This is an addition to the existing multicast groups for Layer-2 VNI Broadcast, Unknown Unicast and Layer-2 multicast replication group. The individual multicast Group addresses in the overlay are mapped to the respective underlay multicast address for replication and transport. The advantage of using a BGP-based approach allows TRM to operate as fully distributed Overlay Rendezvous-Point (RP), with the RP presence on every edge-device (VTEP).
A multicast-enabled data center fabric is typically part of an overall multicast network. Multicast sources, receivers and even the multicast Rendezvous-Point might reside inside the data center but might also be inside the Campus or externally reachable via WAN. TRM allows seamless integration with existing multicast networks. It can leverage multicast Rendevous-Points external to the fabric. Furthermore, TRM allows for tenant-aware external connectivity using Layer-3 physical interfaces or sub-interfaces.
TRM builds on the Cisco Cloud Scale ASIC enabled Nexus-9000-EX/FX Series switches which are capable of VXLAN encapsulated multicast routing. Nevertheless the solution is backwards compatible with earlier generations of Nexus 9000-series of switches. It provides Distributed Anchor Designated Router (Anchor-DR) functionality to translate between TRM capable and non-TRM capable edge-devices (VTEPs). In this co-existence mode, multicast traffic is partially routed (on the TRM capable devices), but primarily bridged. One or more of these TRM capable edge-devices will perform the necessary gateway function between the “two worlds”. Not to forget, the co-existence can also extend to the Nexus 7000 family of switches.
Centralized Route Leaking
While segmentation is a prime use case for VXLAN based data center fabrics, there are also requirements for common Internet access and shared services. Multi-Protocol BGP supports safe route-leaking between Virtual Routing and Forwarding (VRF) instances by defining Route-Target policies for import and/or export respectively. Now Centralized Route Leaking enables VXLAN BGP EVPN with this well-known functionality and the related use cases.
Centralized Route Leaking enables customers to leak routes at one centralized point in the fabric, typically at the border leaf, which reduces the potential for introducing routing loops. Route leaking leverages the use of route-targets to control the import and export of routes. To attract the traffic traversing VRFs to the centralized location, we need to introduce default routes or less-specific subnet-routes/aggregates on the leaf-switches.
For the “Shared Internet Access” or “Shared Services VRF” use case, we allow the exchange of the BGP routing information from many VRF to a single shared VRF. In this case, the shared VRF can either be a named VRF or the already pre-defined “default” VRF. While the pre-defined “default” VRF has an absence of route-targets, Centralized Route Leaking incorporates the ability to leak route from and to the “default” VRF. While we highlighted the one-to-many or many-to-one possibility, Centralized Route Leaking also provides the same function in a one-to-one manner, where one VRF must communicate to another VRF.
All the various use cases have some commonalities, the exchanging of information between VRFs. As routing table can grow, Centralized Route Leaking uses a limit of prefix count as well as import- and export-filters. Not to forget, Centralized Route Leaking is a drop-in or on-a-stick feature; while all your VTEPs can reside on the existing Hardware and Software level, only the leaking point must support the software feature of Centralized Route Leaking.
Policy-Based Routing with VXLAN
Cisco leap-frogged VXLAN routing years ago and extended its capability with a BGP EVPN control-plane. Beyond the traditional routing, there were always use cases that required additional classification for forwarding decisions. While in routing the destination IP network and longest-prefix match is till today the main criteria to forward, more sophisticated routing decisions are sometimes necessary. Policy-Based Routing is an approach to manipulate forwarding decisions by overruling the IP routing table decision. It does a 5-tuple match and uses a connected next-hop for its forwarding decision.
VXLAN enabled Policy-Based Routing (PBR) allows the user to leverage not just the traditional functionalities available to PBR, it provides the flexibility that the next-hop can now exist behind a VXLAN tunnel endpoint. With this approach, routing decision can be influenced to forward across a VXLAN BGP EVPN fabric. Redirecting specific traffic to a Firewall without VLAN or VRF stitching is only one of many Use Cases enabled with this additional support.
.
Stay tuned! In our next blog, we’ll examine the features and benefits of hierarchical VXLAN BGP EVPN based data center fabrics, that allow not only scaling and fault containment within a data center but also enhanced scalability, fault domain isolation, improved administrative controls, and plug-and-play extensibility.
2017 has seen notable anniversaries of iconic products that revolutionized industries. It’s interesting to consider the relationship between these examples. These products are surviving and thriving in the modern, digital economy.
Beatles album cover fair use https://en.wikipedia.org/w/index.php?curid=142096
Ten years ago, Apple’s iPhone completely changed the way we live, work, and play. Along with iTunes and the iPod, it helped transform the way we consume music.
The Beatles’ Pepper’s Lonely Hearts Club Band was itself considered revolutionary. Yet, at 50 years old, it is still selling well and reaching both new and old fans through digital media. And vinyl is making a comeback, appealing to people who prefer the experience it offers.
Despite the advent of wearable technology, desire for high-end watches continues to be strong. The Cartier Tank was designed in 1917, inspired by the first military tanks. One hundred years later, the Tank is still in production. With new models periodically added to the collection, it remains a favorite timepiece among royalty, politicians, celebrities, and business leaders.
These are great examples of products that anticipate how peoples’ needs evolve and adapt to changing preferences
Cisco has been leading IP-based communication and collaboration for almost 20 years. We continue to focus on creating new collaboration experiences, with Cisco Spark and the Cisco Spark Board. At the same time, our established solutions for corporate telephony and Unified Communications remain in high demand, and we continue to enhance their end-user and admin experiences.
It’s challenging for organizations to continue to maintain and evolve their existing communications investments. You need to keep things running smoothly while plotting a path toward future collaboration requirements. Our latest on-premises infrastructure and endpoint releases allow you to do exactly that.
Collaboration System Release (CSR) 12.0
Cisco Collaboration Systems Releases (CSRs) provide a comprehensive set of infrastructure, applications, and endpoints that have been integrated, designed, and tested to deliver a superior user experience. Generally available in September, the latest release 12.0 features the following highlights:
Enhanced mobile experience: Now you can enable an enhanced method for receiving push notifications on Apple iOS devices with Cisco Jabber 11.9. Plan to upgrade your UC environment by June 2018 to take advantage and to ensure continued operation. Additional benefits for iOS include improved battery performance, faster login, and offline login support. Cisco Jabber 11.9 also supports a broader range of Android mobile devices. It provides presence integration for Office for Mac 2016 and has a host of new emojis to help you get your message across.
Stronger security and compliance: Security continues a top-of mind issue for business leaders. With Release12.0, you can choose the minimum version of Transport Layer Security (TLS) allowed across your key Unified Communications interfaces. This will help keep your PCI compliance assessor happy, ahead of new guidelines that come into effect in June 2018.
Improved IPv6 support: Adopting IPv6 as standard? Running out of IPv4 address space? Release 12.0 can help you save tens of thousands of IPv4 addresses by deploying 7800/8800 Series IP phones using IPv6 addressing.
Updated Cisco Spark Hybrid Services: Connect your UC environment to Cisco Spark meeting and messaging services. New hybrid call routing and consolidated virtual machine requirements reduce complexity and use your resources more efficiently.
Simplified administration: A new, centralized instant messaging and presence (IM&P) architecture, new tools for managing IM&P databases, and a “device last seen” report streamline management operations to help you get the most from your UC assets.
Updates to Collaboration Endpoints
Meanwhile, we’re continuing to invest in our on-premises registered endpoint portfolio to improve user experiences and simplify maintenance.
Collaboration Endpoint Software 9.1: Now available, the latest software release for our video conferencing endpoints supports the MX, SX, and DX Series as well as the Cisco Spark Room Series (Room 55, Room Kit, and Room Kit Plus).
Enhancements include a new wake-up experience: Endpoints automatically detect when someone enters the room, wake up, say “hello”, and provide guided instructions. This simple update helps make it effortless to start a meeting.
This release also includes a new user experience for our dual-screen systems. Both screens can now receive video streams in Cisco Meeting Server-based meetings.
IP Conference Phone 8832 and 7832: For meeting spaces that need the room coverage of a dedicated audio conference phone, we have two options. The new Cisco IP Conference Phone 8832 is ideal for midsize to large conference rooms with up to 26 people. It has a new ergonomic design and delvers excellent audio performance. For small rooms and huddle spaces for up to six people, we recently introduced the IP Conference Phone 7832. Starting in September 2017, you will be able to register it to Unified Communications Manager.
8800 Series Key Expansion Modules (KEM): Designed for receptionists, administrative staff, and executives, two new expansion modules simplify call management with the touch of a button. The IP Phone 8851/8861 Key Expansion Module and the IP Phone 8865 Key Expansion Module support up to 28 programmable line/feature keys per module. They support more characters per line label to display contact names. Two user modes are available and you can tailor a user’s experience based on preference or familiarity with previous generation KEMs.
Keep Your Communications Fresh
To ensure that you have the best options for your business, we continue to develop compelling user experiences for on-premises, cloud, and hybrid unified communications and collaboration. The easier it is to communicate with employees, partners, and customers, the easier it is to innovate, connect, and compete.
How will your teams communicate and collaborate in the digital workplace? Talk to your account manager or a partner about plans for refreshing your UC investments.
Everywhere you look, the industry is talking about applications. They generate revenue and run your business. Assuring your applications’ performance requires stable data center resources allocated in just the right size to meet demand.
How does your business allocate resources? Most over provision for peak demand which leads to higher capex and idle resources once demand returns to everyday levels. If this over provisioned workload lives in the cloud, you can see crazy high bills.
Allocating just the right amount of resource for workloads at the right time is a complex problem. Cloud infrastructure, containers, micro services and public cloud services have driven up both the number of workloads and the devices that need to be monitored and managed. It has become too much for humans to handle. A recent Storage Switzerland study indicated that an environment with 3,000 virtual machines would need to make 300 changes per day. That’s one change every 5 minutes!
New solutions are available that solve this problem with advanced analytics and automation. These solutions free humans from these complex decisions and let software do what it does best: manage these decisions in real-time. Watch this entertaining video to explore further.
Cisco Workload Optimization Manager delivers a real-time decision engine that automatically adjusts workload placement and resource allocations in response to changes in demand. Your organization benefits from higher efficiency across your data center stack. It assures performance while minimizing costs. And it does this for any workload, on any platform, at any time.
The latest release of Workload Optimization Manager takes it one step further by integrating with Cisco UCS Director and CloudCenter to deliver true elastic infrastructure at scale. When infrastructure capacity is insufficient to meet demand or house a new project, the solution leverages UCS Director’s workflows to turn up a blade, rack server or data store. It also decommissions idle resources or resizes data stores automatically. Not sure there is adequate capacity to deploy your application? CloudCenter integration automates this verification process preventing applications from being deployed into under powered instances.
When you move a workload to the cloud do you typically move the next instance size? Your not alone. As we already mentioned, on premise workloads are over provisioned to meet peak demand. Moving to the next instance size simply duplicates over provisioning and results in higher bills.
Protect your cloud budget with Workload Optimization Manager’s built in modeling that ensures the right size instance for your workload. As shown below, the modeling capability delivers an understanding of your costs before you migrate.
How do you ensure the performance of your workloads on premise or in the cloud? Download Workload Optimization Manager and experience the power of software to manage your workload performance.
As the summer holiday season in Europe has drawn to an end, and I reflect on the time spent relaxing in the sunshine – I’m reminded of the saying; TIME is a gift, use it wisely! I believe Cisco is a great master at enabling us all to use the time we have more effectively.
As a full-time marketing storyteller in Cisco UK and the mother of two boys, Dylan and Donovan, I certainly have my hands full on a daily basis. Carving time out to do the things I really love can be challenging, and even exhausting at times – but not impossible!
Here’s how Cisco is enabling – and encouraging – me to succeed every day!
Work/Life Balance
Working at Cisco has allowed me to take advantage of our technology capabilities to work full-time around my busy life. So, it’s not unusual to see me at the school gates waiting for children with my headphones on and talking during a conference call or in my sportswear running around the local parks listening to a podcast or WebEx recording – this is normal life for me. Funny as I am often the envy of my friends who just can’t manage to get their banking careers digitized! 😉
It’s not just about having flexible policies in place, either – it’s also about embracing the cultural change to working differently, and truly balance life. At Cisco, I believe we really have the right combination in place to ensure our employee’s success.
Family holiday in Portugal, July 2017
Pursuing My Passions
When I moved from London to Scotland 10 years ago, I took networking for granted. In Cisco London I had access to female role models, career advice, and a great network who still supports my development to date. In Scotland, there was very little female presence in the office, no formal or informal tech networking groups, and within one year of living in Glasgow I started to feel quite isolated and disconnected from the industry in general.
Leveraging my networks from London, I was encouraged and supported by Cisco to create the Scotland Women in Technology (SWiT) group. A group where women from the tech industry can come together and informally network, share experiences, learn from one another – and more importantly – inspire one another. This also helps to influence the future female generations to be a part of our industry – something I am really passionate about!
Seeing the faces of younger girls in schools who you have been inspired with your personal story of working in tech still to this day gives me that warm glow from inside.
Well into its 9th year, SWiT members continuing to grow, our political influence is increasing and the events calendar is becoming busier each month! Making time to keep this well-oiled machine would be difficult if it wasn’t for the volunteer hours Cisco provides each year to employees – five whole days to give back in ways of our choosing, that we are most passionate about.
This initiative allows me to log my hours and half days for the keynotes I do, the schools and universities I work with, and the board meetings I attend so that I can keep SWiT going and continue to work on this passion in addition to my daily role.
Meet the SWiT Board – women in tech from Sopra Steria, JP Morgan, Cisco, IBM, Dufrain, HSBC, HPE
Giving Back
It’s really important to me to have time to give back to the organisations I care about, from charities to the environment.
Inspired by a keynote from one of Cisco’s own, Jean Kerr, and the Pavelka House launch last summer, I worked with SWiT to take on the challenge of climbing Ben Nevis this year, the highest point in Britain. And on June 17th, raising a total of £2,234.63 for our chosen charities – we did just that! Having access to tips, advice, and the hours to actually do the training was really key.
If it wasn’t for Cisco’s program I don’t think I would have ever done something like this! To be able to stretch yourself, grow, and accomplish new challenges you never dreamed of achieving it truly remarkable, and it’s all thanks to Cisco’s encouragement!
Silka and fellow SWiT member at the summit of Ben Nevis – 1,345 metres above sea level
Recognition
Recently, through my SWiT and Board work I was also nominated for an award – and much to my surprise I made it into the Top 100 Asian Stars in UK Tech for 2017, alongside my role models like James Caan and Eileen Buridge and some other very cool names! And, to think, I’m not even in a technical role here at Cisco, but I’ve made it to this list! It’s really such an honour, and so nice to be recognized for the work I’m doing.
Having a lot on my plate works for me as this is often what Cisco encourages us to do, but giving us the tools and support to actually bring ideas and projects to life makes me feel very proud to be associated with such a company like ours.
Where else can you find an organisation that will help you climb a mountain, follow your passions, and get recognition in the process! Thank you Cisco for allowing me – and encouraging me – to be me.
Want to join a company that encourages you to pursue your passions? We’re hiring!
To read more about Silka’s Ben Nevis Climb, click here.
This week, the FDA took the unprecedented step of recalling a medical device – a pacemaker – because it was found to be vulnerable to cyber threats. The recall arose from an investigation by the FDA in February that highlighted a number of areas of non-compliance. While there are no known reports of patient harm related to the implanted devices affected by the recall, the step was taken as a preventative measure. A firmware update has been developed (and approved by the FDA) that can be applied during a patient visit with their healthcare provider.
Medical device vulnerabilities have been on the FDA’s radar for some time. In July 2015, the FDA issued an Alert highlighting cyber risks related to infusion pumps. Then, at the end of 2016, it issued what it called “guidance” on the post-market management of cybersecurity for medical devices. But aside from market pressure, there was no enforcement mechanism for any of these alerts and statements. To make matters worse, a recent study revealed that only 51 percent of medical device manufacturers and 44 percent of healthcare organizations currently follow the FDA guidance to reduce or mitigate device security risks. Many thought leaders in the healthcare security space have been pushing for greater governance of medical devices as more and more security vulnerabilities and back doors to these devices have been discovered.
While “homicide by medical device” may seem like a far-fetched Hollywood-esque scenario right now, it’s not completely out of the realm of possibility. “The potential for immediate patient harm arising from hackers gaining control of a pacemaker is obvious, even if the ability to do so on a mass scale is theoretical,” Fussa pointed out. “For example, imagine a ransomware attack that threatens to turn off pacemakers unless a bitcoin ransom is paid. In this week’s recall alone, 465,000 devices are affected. An attack of this type would pose an immediate risk to all of these patients and would likely overwhelm the ability to respond.”
While it’s good news that the FDA is acting to protect patients from harm due to cyberattack, connected devices continue to pose a threat to both patients and facilities. There’s been no shortage of press on the subject, and most healthcare executives are keenly aware of the problem. However, very few have an effective or scalable solution.
Many hospital systems have in excess of 350,000 medical devices, before you even start to count the implantable ones that leave with patients. Most of these devices were never designed with security in mind, and many have multiple ways in which they can be compromised by a hacker. The fact that we are not aware of any reported patient deaths yet is a good thing, but the industry has a very short window to secure its medical device arsenal before hospitals and patients get held to ransom. Health systems need to be looking at segmentation as a compensating security control to prevent attacks, until the medical device industry catches up.
Do you have a plan in place to secure your facility’s medical devices? Are you able to segment and isolate traffic to them?
Do you have visibility into who and what is communicating with your biomed systems and do you have ransomware protection?
Having specific answers to these questions will be key to a strong, ongoing defense against attacks.
How Customer feedback is leading Cisco to develop better experiences.
In digital marketing, it can be easy to let our hunches and personal preferences pave the way. But as Cisco Digital Marketing’s New Experiences team has discovered, talking to customers can unveil some pretty amazing things – from finding out what they love, to uncovering pain points, or even to unlocking new innovation paths and dreaming up new tools.
The New Experiences team constantly checks in with customers to ask ‘why’ and to see where customer feedback can lead them. It’s actually how the team’s latest project, the Cybersecurity Newsfeed, a third-party content aggregator got started, built, redesigned, and launched.
Time and time again as the team spoke with customers, a common theme rose to the surface. Customers were frustrated that they needed to monitor several sites and feeds constantly in order to do their buying research and to stay up-to-date on the latest security trends, news, and alerts.
This common theme got the team wondering: was there a way to address this customer frustration head on? This customer-first question kicked off an exciting design thinking projectthat led to the creation of a brand-new website tool,The Cybersecurity News Feed, that pulls in content from third party and Cisco resources, and allows users to filter, share, and even bookmark their favorite articles for later.
The new Cybersecurity News Feed
Read on to meet our team and learn more about their customer-focused design thinking process that that guides them and be sure to check out the new Cybersecurity News Feed at http://www.cisco.com/go/security-newsfeed.
Research
Lauren Wright is the Customer Researcher on the New Experiences Team. Here, she discusses design thinking, why she loves talking to customers, and how these conversations help the team to unlock innovation.
1. What is design thinking, and why does your team use it?
To me, Tim Brown from IDEO says it best, “Design Thinking is a human-centered approach to innovation that draws from the designer’s toolkit to integrate the needs of people, the possibilities of technology, and the requirements for business success.” There are five essential steps to Design Thinking: Empathize, Define, Ideate, Prototype, Test. On our team, we like to add that, in addition to it being an innovation methodology, it requires a change in mindset too.
2. Why do you find talking to customers so valuable?
The New Experience Team talking to customers in the Customer Experience Lab at Cisco Live. Melbourne.
Building empathy is the first step in Design Thinking and, in my opinion, the most important one. In order to build empathy, you need to talk and interact with people, to get to know them and their individual perspectives. I absolutely love talking to our customers because I learn so much from them. Talking to them helps me understand their points of view and who they are as a people, as well as their pain points and pleasing moments (with Cisco and with their job). This knowledge and deep understanding is valuable and essential in create improvements to the customer experience.
3. What did you hear from customers that caused you to uncover the need for this type of tool?
When I spoke to customers about their day-to-day and what they do when they’re considering making a purchase, they told me that they spent a lot of time researching. These purchases are important to their jobs and they want to make sure they’re making the right decision. These decisions tend to be complicated, with a lot of moving pieces and parts and more in-depth knowledge is often required. In addition to doing research when making a purchase, our customers need to stay up-to-date on what’s going on in technology. Time, being the scarce resource that it is, and our customers saying they spend a lot of time on researching and staying up to date on trends, we saw a need to create a tool to help customers do their research and stay up-to-date, while saving time – and the Cybersecurity Newsfeed was born!
4. What types of research techniques do you use to get feedback on prototypes along the way?
I primarily use in-depth interviews for getting to know our customers. Once we have built a prototype, I’ll loop back with them to show them the prototype and do more of a usability study (with some follow-up questions). In the future, I would like to do more ethnographic research, and our team is exploring cross-tabulation of quantitative data with our qualitative research.
5. Is there a way for customers to reach out and provide feedback to the team?
Yes, please do! If you’re a past, present, or future Cisco customer, we would love to hear from you. You can reach us at cxlab@cisco.com
Design
Alexa Michael is the UX Designer on the New Experiences Team. Here, she explains why customer feedback is so important to her process, and how it pushes and informs her work.
1. Why is customer feedback so important to you in your design process?
We need lots of detailed feedback feedback from customers – pre–release and post-release, in the form of qualitative and quantitative testing so that we can prove or disprove our assumptions about the project.
2. What did you learn throughout this project that you’ll integrate into your design approach next time?
I learned that having customer research support is extremely helpful (shout out to Lauren!), especially as a newcomer on a new project. I also learned a lot from the A/B Testing team about methodology and the importance of rigorous testing in order to deliver the best possible product to customers.
My biggest takeaway from this project is that the key to successful user design comes from an iterative process of listening to customers and tweaking the design approach, based on real-time feedback–which we did with the Cybersecurity Newsfeed. Next time, we plan to explore a scientific design approach where we start with tons of ideas, eliminate less-promising ones, and eventually throw our arsenal behind the most credible ideas. Once we have our winning ideas, I’d love to go even further and conduct usability testing to explore various design solutions, examining user behavior closely. These measure will help us pinpoint a variety of user problems and improve our outputs. My personal challenge as a designer will be balancing the need for rigorous testing with the need to move quickly and efficiently.
A/B Testing
Christina Wong is an OmniChannel Manager on the New Experiences Team. Here, she discuss the questions that she sought to answer in her testing approach, the insights that the results unlocked, and if testing is ever really done.
1. What were the main questions you were trying to answer in your testing approach?
Once the feed was built, we began our testing to see how our customers interacted with it ‘in the wild’. While a feed seemed super useful and interesting to us, we needed to see how it would impact someone’s usual routine on the site. Observing user behavior with the feed on various places on Cisco.com led to new learnings regarding user intent, content desirability, and the level of customer engagement with the tool. We also ran multiple tests to discover if the tool would inspire repeat return visits to Cisco.com. Gaining insights from our testing has helped us to continuously iterate and improve the feed for our customers. The great thing is that our work isn’t done. There is always more to learn from how our customers naturally interact with the site.
2. What key insights did you discover during A/B testing of the tool?
Before we launched, customers told us that they wanted the Cybersecurity News Feed to have content from third party resources, not just Cisco-authored content. They told us that they wouldn’t trust the feed if it didn’t support outside perspectives from the security industry, in addition to Cisco thought leadership. Knowing this, we implemented several 3rd party news sources based on the recommendations of our customers. When the Cybersecurity News Feed was implemented, it was exciting and validating to see that our highest engaging content source was one that was recommended by customers, with Cisco Security Alerts and Twitter posts with the next highest interaction. We also observed that while users engaged with the feed, and that its addition caused more return visits to Cisco.com overall, users did not re-engage with the tool on their return visits. This was very interesting to see and we want to continue doing testing and customer research to learn more and discover the right placement and design that increases engagement on return visits.
3. Is testing done now that the tool has been launched?
Nope! We will continue to iterate on this feed on both a design and functionality level, whether the feedback comes from customer interviews or A/B testing metrics. It’s just the beginning for the Cybersecurity News Feed and we can’t wait to continuously improve the tool so it’s useful and a must-have resource for our customers!
To learn more and get involved, email Cxlab@cisco.com. We’d love to hear from you, and to add your feedback to our design thinking process for current and future projects.
Today’s federal IT shops face a growing need to serve users and constituents, one that can be hard to stay ahead of. The amount of data to gather, process, and consume is overwhelming, and increases each day.
Agencies have to modernize the infrastructure to support and secure data in order to stay ahead of the ongoing demand for government services in real time.
All the while, IT managers have more and more choices at their disposal, thanks to the availability of regulated software as a service (SaaS) and infrastructure as a service (IaaS) offerings, along with automation and orchestration solutions in the marketplace.
IT leaders have many technology choices.
These capabilities can now truly accelerate the delivery of mission-critical services and offload much of the burden on operations. Further, they complement existing in-house services, helping IT managers to balance their use of technology across the spectrum of private and public offerings and therefore serve employees and constituents effectively and efficiently today and well into the future.
The transition from rigid, monolithic applications to agile, distributed, and scalable services is well underway. Cisco was patient as this market transition progressed, yet persistent in its focus on the network – the true underpinning of digital transformation. The network is the lifeblood of service delivery; it is the nervous system of the secure, intelligent platform that enables digital transformation.
Cisco accelerated its innovation engine over the last several years in anticipation of this profound change, recently introducing the intuitive network – its strategic direction toward a network that constantly learns, adapts, and protects itself and the systems it supports.
This new network turns intent into policy and automates that policy across all systems. It is powered by context; the network analyzes the intelligence within, to provide insights into users, devices, applications, and threats. It then abstracts purpose from interactions on the system, providing assurance of the intent of those interactions.
The network is the lifeblood of service delivery; it is the nervous system of the secure, intelligent platform that enables digital transformation.
The intuitive network extends across the entire infrastructure and into the application environment by way of its Application Centric Infrastructure. The strength of ACI forms the basis for capturing intelligence and applying analytics.
Cisco recognizes that the immense value in the network must be unleashed through analytics in real time – and it has built such a capability organically with Tetration Analytics and via acquisition with AppDynamics. However, as analytics gains prominence in everyday IT system deployment and operations, the ability to rapidly deploy systems and automate services becomes paramount. Cisco provides several key solutions in this regard:
As the sole provider of a fully integrated, hyperconverged infrastructure system, HyperFlex, Cisco recently announced its intent to acquire SpringPath, its exclusive HCI technology partner. HyperFlex combines software-defined networking with computing and storage via its Unified Computing System and the HX Data Platform, enabling the rapid deployment and simplified operations needed for today’s fast IT.
Through its acquisition of CliQr a year ago, now known as Cisco Cloud Center, Cisco provides the on- and off-premise services orchestration needed to manage workloads across multiple physical instances.
Cisco Workload Optimization Manager actively manages workload resources across physical and virtual systems, dynamically scaling and allocating compute and storage capacity without manual intervention.
Each of these solutions interfaces into Cisco UCS Director, an infrastructure management system that allows standard or customized interfaces to deliver maximum flexibility across heterogeneous application environments.
Public sector organizations, as they continue to extend their services footprint beyond premise-based systems, must consider how IT services will be orchestrated, delivered, and consumed, locally and remotely. The myriad of offerings for workload automation and orchestration, performance management, and security can be overwhelming.
What is lacking in the marketplace is a distinct framework for these capabilities, into which each can seamlessly integrate. Most organizations will find that framework right at home and primed to support the ongoing migration to integrated on- and off-premise services.
Cisco’s intuitive network, analytics, orchestration, and optimization solutions provide such a framework that will enable public sector IT for years to come.
Today, Talos is disclosing the discovery of two remote code execution vulnerabilities which have been identified in the Gdk-Pixbuf Toolkit. This toolkit used in multiple desktop applications including Chromium, Firefox, GNOME thumbnailer, VLC and others. Exploiting this vulnerability allows an attacker to gain full control over the victim’s machine. If an attacker builds a specially crafted TIFF or JPEG image and entices the victim to open it, the attackers code will be executed with the privileges of the local user.
