Simplifying control of complex networks is the holy grail of all network management solutions. Every large network is complex in a different way, and each organization must figure out its own path to simplification. Cherry Hospital in Goldsboro, North Carolina, an inpatient regional referral psychiatric hospital, run by the North Carolina Department of Health and Human Services (NC DHHS), found simplicity in accurate identification, detailed profiling, and effective grouping of endpoints in their network.

“AI endpoint analytics has greatly simplified how we manage our network. We get the granular details we need for every device, and with its intelligent grouping of similar devices, we save precious time and reduce complexity by orders of magnitude. We plan to build on this feature to bolster organizational security through our network.”

-Brian Jensen, Network Analyst, North Carolina Department of Health and Human Services

Simplicity through visibility

“The network controls practically everything at Cherry. All sorts of devices connect to our network including healthcare, building automation, IP phones, laptops, desktops, and even wall clocks.”, explained Brian Jensen, Network Analyst at NC DHHS. “The diversity of devices we have in our network makes management difficult, because we can’t always tell what each device is just from its MAC and IP addresses, and therefore don’t know how to fully profile it and what group to put it into and give it the access level it needs.”

After learning how AI endpoint analytics, a feature in Cisco DNA Center available under the Cisco DNA Advantage software subscription, can identify, profile, and group a wide variety of devices, Brian and his team decided to try it out to see if it could help simplify things for them.

Before NC DHHS could deploy AI endpoint analytics, they found that they needed to get over one hurdle. One of the sources that AI endpoint analytics gets data from is deep packet inspection (DPI) of endpoint traffic and its analysis through Network-Based Application Recognition (NBAR). This feature is available in Cisco Catalyst 9000 series of switches.  “Because we rely on an older generation of access switches, we had to span their ports to the new Cisco DNA Traffic Telemetry Appliance (TTA) which did the NBAR analysis instead,” described Brian. “Installing the appliance was super easy. In fact, I had it up and running in no time at all, and we began to see the results in Cisco DNA Center soon afterwards.”

Simplicity through details

Brian described what they needed to do before AI endpoint analytics. “Whenever a new device connected, all the knowledge we had about it was its MAC address, IP address, and the operating system it was running. Given that most devices run on Microsoft Windows, we didn’t get any differentiating information on whether it was an X-ray machine or an HVAC controller. AI endpoint analytics gave us the details we needed.” Indeed, now they had the name, manufacturer, model, and even the version number – enough detail that that they could tell if it was an ultrasound imaging device made by Toshiba, or a computed radiography digital imaging scanner made by Konica Minolta. “How cool is that! This level of detail saves us so much time and we can use profiling rules built right into AI endpoint analytics to quickly and easily place the endpoint into the group it belongs.”

As Cherry Hospital, like other healthcare facilities, continues towards its digitization efforts, the value of operational simplicity through AI endpoint analytics becomes even more apparent. “It used to take us up to 15 minutes to properly add and categorize a new device as it is added. Now we can do all that and more in just a couple of mouse clicks,” Brian said. “And with new devices being added all the time, this has really saved us from all that manual error-prone work. Moreover, now it doesn’t take a highly skilled engineer to add and profile all those endpoints. We can easily delegate the duty and be assured that it will be done properly with no errors.”

Simplicity through group-based policies

Having AI endpoint analytics in place allows Brian to think about what more he can do with this new-found power. “I feel that with this kind of visibility, I can finally take steps towards introducing even more security in my network.” The first thing that he plans to do is to use it to better segment his network using Cisco TrustSec technology, and eventually with Software-Defined Access (SD-Access) solution. TrustSec and SD-Access use group-based policies for which accurate grouping of like endpoints is critical, so that access policies can be applied to groups of devices together instead of to each one separately. Group-based access control can automate management and boost security many fold.

Looking towards the long term, Brian has even more ambitious goals. “Following government mandates, we currently have a separate network for our physical security devices. Not only do we unnecessarily duplicate network devices and thus incur higher costs, I also need to spend extra time and effort in managing it. With AI endpoint analytics and all the downstream security it enables, I can visualize how one day I can converge the two networks into one saving time, money, and effort.”

Simplicity through simple steps

With that insight, Brian has hit upon one of the key benefits of AI endpoint analytics – it is the first step in your bigger security strategy. Group-based policy analytics, another application in Cisco DNA Center takes the groups identified by AI endpoint analytics and maps traffic between them. With the mapping you can define and fine-tune your access and segmentation policies. With Group-based access control in Cisco DNA Center, you can then configure your network devices to enforce these policies.

If you think you can benefit from the AI endpoint analytics and would like to learn more about it, here are some references for you:


Subscribe to the Networking blog