Using Automation with your Security Products

Guest Author: Chris Johnson, Cybersecurity Technical Solutions Architect, DoD – Cisco Systems

For network engineers, automation is changing the way we interact with the network devices that are a key part of our responsibilities. This is a fundamental change in the way that we’re used to controlling these devices. And if you’re a network engineer, it’s natural that you might be hesitant to use automation because you think it might reduce the number of engineers required to maintain devices. But I challenge you to think first about the increased efficiency that it will provide.

Three reasons to embrace network automation

It’s important to remember that network automation is not just another “flavor of the month” but the future of our industry. So now is a prime opportunity for you to lead rather than follow. I suggest you embrace it and by doing so become a better engineer. And as you begin, understand that there are three key reasons you should implement network automation:

To reduce configuration errors. Automating the repetitive configurations used in the network will help reduce your error rates caused by manually configuring the devices.
Improve network management. Many processes you perform regularly on your devices may not get done, or experience a delay, due to the manual nature of the tasks. Automating them is a great way to ensure they get done.
Free up your IT Staff for critical tasks. By using automation for less critical tasks, it allows your team to focus on performing the critical tasks that ensure the network is running at peak efficiency.

Four tools for network automation

Now, let’s look at four tools you can use for automating your network:

Python is quickly becoming one of the most used languages for automation. It’s a much more human readable language.
Github is a great repository for code used for automation. Plus, there are numerous Cisco supported repositories on Github. So you can download these to jump start your automation journey.
Postman is a great tool to get you going with interacting with your network devices.
Ansible is a great network automation platform.

Cisco DevNet and network automation

Next we need to look to Cisco DevNet (https://developer.cisco.com/). Cisco has announced new certifications around network automation, and they’ve put countless hours into developing a world class training and development environment:

Plus, they continually host special events to help you grow your skills. Check out https://developer.cisco.com/events/ to find one near you.

A closer look at the Security Dev Center

By visiting the site, you can check out all the API’s for the Cisco Security Products. You can also leverage the page as a long-term learning resource, and take a deeper dive on topics you’re interested in as time allows. Here you can learn about a variety of trending issues, like controlling threats with Firepower, Cisco’s NGFW, or automating your security with pxGrid.

Next stop: my favorite area, the Sandbox. Once inside, try clicking on the Security Sandbox. Once you do, you’ll gain access to a variety of sandboxes to explore. A few of the more popular ones are Stealthwatch, Firepower Management Center, and Identity Services Engine (ISE).

At Cisco, we will continue our work to build-out a world class environment for network engineers to make the transition to network automation. I hope you’ll join our community and become an active part of our ongoing conversation on Twitter (@CiscoDevNet). By doing so, we can all become better engineers.