Cisco Identity Services Engine (ISE) version 3.3

 

Simplified Operations

 

New Split Update: Upgrading Cisco ISE has never been easier. With the new Split Upgrade feature, customers now have complete control over the upgrade process from the UI, allowing them to upgrade specific ISE nodes in parallel, with multiple iterations, at their convenience without experiencing any downtime. Say goodbye to complex and time-consuming upgrades.

 

Control Application Restart: Minimize Downtime, Maximize Efficiency. Downtime during certification renewals can be disruptive. Cisco ISE 3.3 introduces Controlled Application Restart, which allows customers to plan the renewals of the ISE administrative certificate, eliminating the need to reboot the entire ISE deployment at once without control. Schedule updates during low network usage periods, ensuring a smoother security update process without impacting operations.

 

Navigation improvement: ISE admins use the ISE UI in order to perform their job. ISE 3.3 introduces a new and improved navigation, allowing ISE admin to faster perform their tasks, with fewer clicks and without hiding their screen while navigating throughout ISE pages. Each ISE admin can now save the pages he or she is using most frequently on ISE and reduce the time it takes them to access those pages. 

 

IPv6 Support: in addition to the RADIUS, TACACS+, and ISE management over IPv6, customers can now enable additional services over IPv6: the ISE guest portal can now be accessed over IPv6 address and serve guests on the IPv6 network. profiling of IPv6-enabled endpoints and doing posture checks is also available for IPv6-enabled endpoints. 

 

Enhanced Platform Security

 

TPM Chip: Strengthen Security with the TPM Chip Security is paramount. Cisco ISE 3.3 with SNS-3700 (or virtual machines supporting VTPM) introduces the TPM Chip, a dedicated and secure storage location for sensitive information. With true random number generation for key generation, the TPM Chip enhances the security of stored data, providing you with peace of mind.

ISE Cipher Control: By allowing ISE admins to disable unwanted and weak ciphers manually, ISE 3.3 helps customers to meet compliance and regulations without the need to wait for the next release or a patch. 

 

TLS 1.3 for ISE admins: ISE admins can now connect to ISE UI over TLS 1.3. TLS 1.3 provides enhanced security and improved performance by reducing latency and eliminating outdated cryptographic algorithms, ensuring stronger encryption and more efficient communication between clients and servers. 

Certificate-Based Authentication for API calls: ISE 3.3 supports Certificate-based authentication for API calls. Certificate-based authentication offers stronger security by eliminating the vulnerabilities associated with traditional username and password authentication methods. It provides robust protection against credential theft, unauthorized access, and phishing attacks, ensuring a higher level of trust and authentication for users accessing sensitive systems or resources.

 

Visibility and Compliance

 

AI/ML based Profiling: Effortlessly Identify Unknown Endpoints with AI/ML Profiling Unidentified endpoints on the network can be a challenge. Cisco ISE 3.3 employs AI/ML Profiling and multi-factor classification (MFC) to swiftly identify clusters of similar unknown endpoints. This cloud-based ML engine helps customers categorize these devices accurately, making it easier to determine their nature and apply appropriate policies.

 

Unlock Valuable Insights with Wi-Fi Edge Analytics 

Our exclusive Wi-Fi Edge Analytics feature enables customers, who use the Cisco Catalyst 9800 wireless controllers, to exchange data between ISE 3.3 and the controller and get profiling information from Apple, Intel, and Samsung devices, enhancing endpoint profiling. 

This information includes endpoint-specific attributes such as model, operating system version, and firmware. 

 

Multi Factor Classification: ISE 3.3 introduces a new way to profile endpoints on the network. The profile is no longer a descriptive string of the endpoint. Instead of that ISE uses MFC – Multi Factor Classification which breaks the profile into 4 categories: Manufacturer, Device Type, Model and OS. This allows our customers to build more granular policies, based on the different MFCs. 

 

Posture for ARM based Windows: for customers who move to computers based on ARM processor, ISE 3.3 can now perform posture checks in order to check compliance status before letting those endpoints access to the network. 

 

Cloud Availability 

 

ISE 3.3 is going to be available on all the supported platforms: AWS, Azure, and Oracle Cloud. Release dates depend on the different cloud vendors:

ISE 3.3 on Azure  – Already available

ISE 3.3 on OCI – Already Available

ISE 3.3 on AWS – Already Available

 

ISE 3.3 Resources:

 

ISE 3.3 download page

ISE 3.3 release notes

Cisco Live 2023 – Top 6 announcement

Cisco Networking Cloud
Overview: With simplification at the core of Cisco’s customer-focused momentum, the new Networking Cloud vision sets out how Cisco plans to deliver a single platform experience for seamlessly managing all networking domains. Customers need to shift to a powerful and intelligent platform that can proactively manage the network, eliminate silos, and reduce human workload. At Cisco Live, Cisco will introduce the steps underway to deliver this capability, driven by more unified and consistent experiences, smarter tools, and a simplified portfolio to achieve more robust customer outcomes. News Release: Cisco Showcases Vision to Simplify Networking and Securely Connect the World

Cisco Security Cloud
Overview: Cisco is delivering on its promise of the AI-driven Cisco Security Cloud to simplify cybersecurity and empower people to do their best work from anywhere regardless of the increasingly sophisticated threat landscape. Cisco will announce Cisco Secure Access (a security service edge, SSE, solution) that offers frictionless access across any location, any device, and any application through one platform. Cisco is also previewing the first generative AI capabilities in the Security Cloud, including a generative AI-powered Policy Assistant that enables Security and IT administrators to describe granular security policies and evaluate how to best implement them across different aspects of their security infrastructure, and a SOC Assistant that will support the Security Operations Center (SOC) to detect and respond to threats faster. Cisco is also announcing the Secure Firewall 4200 which provides seamless connected experiences at the office or on the road, alongside Cisco Multicloud Defense, which leads the way to security in any environment. News Release: Cisco Shows Breakthrough Innovation Towards AI-First Security Cloud

Full Stack Observability Platform & DEM Overview: Cisco will announce the launch of a new Full-Stack Observability (FSO) Platform, a vendor-agnostic solution that harnesses the power of the company’s full portfolio. The Cisco FSO Platform is focused on OpenTelemetry and is anchored on Metrics, Events, Logs, and Traces (MELT), enabling businesses to seamlessly collect and analyze MELT data generated by any source. The Cisco FSO Platform is also designed as a unified, extensible platform, allowing developers to build their own observability solutions, empowering an ecosystem of customers and partners. News Release: Cisco Launches Full Stack Observability Platform

Cloud Native Application Security
Overview: Announced today, Cisco’s Cloud Native Application Security solution, Panoptica, will now provide end- to-end lifecycle protection for cloud native application environments, from development to deployment to production. Panoptica will include an integrated and simplified visual dashboard experience with seamless scalability across clusters and multicloud environments. This will allow teams to secure APIs as well serverless, containerized, and Kubernetes environments holistically, with less complexity and more efficiency. News Release: Cisco Accelerates Application Security Strategy with Panoptica

Generative AI – Security & Collaboration
Overview: Cisco will announce it is reimagining the way people work with new, powerful generative AI technology. Cisco will harness large language models (LLMs) across its Security and Collaboration portfolios to help organizations drive productivity and simplicity for the workforce.
News Release: Cisco Unveils Next-Gen Solutions that Empower Security and Productivity with Generative AI

Sustainability
Overview: Cisco is unveiling new partnerships within sustainable data centers, and advanced energy monitoring with Webex Control Hub. In addition, Cisco will unveil new messaging that speaks to its own sustainability journey and the desire to accelerate total sustainable transformation.
Blog: Simplifying How Customers Unleash the Power of Our Platforms

Mike

EoL APIC-EM

This is an amendment to complete the software End-of-life announcement for Application Policy Infrastructure Controller Enterprise Module (APIC-EM) by including end of software maintenance support for all versions of the following APIC-EM applications as of July 31, 2023:

• IWAN Application
• Wide Area Bonjour
• Remote Troubleshooter
• Network Visibility

The End-of-life announcement for the APIC-EM Hardware Appliance is here. The recommended upgrade is Cisco Catalyst Center (formerly Cisco DNA Center), which includes Wide Area Bonjour capabilities, as well as advanced assurance, automation, and zero-trust network security. Please see the Catalyst Center Release Notes for compatibility information.

Mike

Cisco acquired Valtix: What is Valitx?

Valtix is a cloud-native network security company that provides next-generation firewall and web application firewall (WAF) solutions for businesses looking to protect their cloud-based infrastructure. The company was founded in 2018 by seasoned technology executives who recognized the need for a modern approach to network security in the cloud.

Valtix’s cloud-based approach to network security is designed to be both scalable and flexible, allowing businesses to secure their cloud-based infrastructure without having to worry about the complexities of managing hardware or software. By leveraging cloud-native security technologies, Valtix enables businesses to deploy security policies that can be enforced consistently across their entire infrastructure, regardless of the cloud provider or network topology.

One of the key benefits of Valtix’s approach to network security is its ability to provide real-time threat detection and response capabilities. Using advanced machine learning algorithms, Valtix can analyze network traffic in real-time, identifying potential threats and responding quickly to mitigate any risks. This helps businesses stay ahead of the constantly evolving threat landscape and ensure their infrastructure remains secure.

In addition to its advanced threat detection and response capabilities, Valtix also provides businesses with granular control over their network security policies. This allows businesses to tailor their security policies to their specific needs, ensuring that their infrastructure is protected in the most effective way possible. With Valtix, businesses can easily manage their security policies from a centralized dashboard, making it easy to enforce policies consistently across their entire infrastructure.

Valtix’s cloud-based approach also makes it easy for businesses to scale their network security as their needs evolve. Whether they need to protect a small cloud environment or a large, complex infrastructure, Valtix can provide the necessary security solutions to meet their needs. This flexibility allows businesses to focus on growing their business, rather than worrying about managing their network security.

Finally, Valtix’s cloud-native approach to network security is designed to be highly automated, which helps businesses reduce the burden of managing their network security. By automating many of the routine tasks associated with network security, Valtix enables businesses to free up their IT resources to focus on more strategic initiatives.

In conclusion, Valtix is a cloud-native network security company, recently acquired by Cisco that provides businesses with advanced threat detection and response capabilities, granular control over their security policies, and the flexibility to scale their security solutions as their needs evolve. With its cloud-based approach and automated processes, Valtix helps businesses stay ahead of the constantly evolving threat landscape while reducing the burden of managing their network security.

https://valtix.com/blog/ciscos-intent-to-acquire-our-journey-and-why-it-matters/

Mike

Apronomics: March, 2023

Apronomics, is a play on the word ‘macroeconomics’ which seeks to provide a general perspective in three specific domains. Cloud, Digital Transformation, and Web3. This is monthly and sometimes twice a month TL;DR “too long; didn’t read” digital glance that serves as a quick consumption style for those looking for hot topics in Cloud, Digital Transformation, and Web3.

Apronomics-March-2023Download

CLOUD

• Google: Announces the general availability of Dataplex data lineage — a fully managed Dataplex capability that helps you understand how data is sourced and transformed within the organization. (Link)
• Google: Opens access to Bard, an early experiment that lets you collaborate with generative AI. Bard is powered by a research large language model (LLM), specifically a lightweight and optimized version of LaMDA. (Link)
• Azure: Announce that GPT-4 is available in preview in Azure OpenAI Service. AI models—including GPT-3.5, ChatGPT, and DALL•E 2. (Link)

DIGITAL TRANSFORMATION

• Cisco: Announce its intent to acquire Lightspin Technologies Ltd. a privately-held cloud security software company. Lightspin’s lightweight agentless solution quickly scans your AWS, Azure, and GCP environments and Kubernetes clusters covering virtual machines, containers, and serverless. (Link)
• SAP: SAP and DataRobot announced a joint partnership to enable customers to train ML models on their data residing in SAP HANA Cloud and SAP Data Warehouse Cloud. As a result, enterprises can now get powerful insights and predictive analytics from their business data. (Link)
• OpenAI: Released GPT-4, a newer natural language processing (NLP) model that can render both images and text and produce text outputs. GPT-4 still suffers from similar limitations as earlier GPT models. Most notable is that it “hallucinates” facts and makes reasoning errors. (Link)

WEB3

• Web3 Games Collective: The members of W3GC include Yield Guild Games (YGG), Game7, Magic Eden, and Fenix Games formed the Web3 Games Collective to leverage their expertise in creating a wave of breakout blockchain games. (Link)
• Chainlink: A web3 services platform, is launching a self-service, serverless platform to help developers connect their decentralized applications (dApps) to any Web 2.0 API, like an AWS or Meta service. (Link)
• Bitcoin NFTs: Bitcoin supports on-chain (native) support for NFTs, known as ordinal NFTs. Ordinals use an arbitrary but logical ordering system called ordinal theory to give each individual Bitcoin satoshi a unique number. (Link)

Mike

Apronomics: January, 2023

Apronomics, is a play on the word ‘macroeconomics’ which seeks to provide a general perspective in three specific domains. Cloud, Digital Transformation, and Web3. This is monthly and sometimes twice a month TL;DR “too long; didn’t read” digital glance that serves as a quick consumption style for those looking for hot topics in Cloud, Digital Transformation, and Web3.

apronomics-jan-2023-1Download

CLOUD

• AWS: Expected to reach 100B in 2023, despite economic uncertainty. AWS will announce its fourth-quarter earnings on Feb 2, 2023. A breakdown of AWS 12mo earnings in 2021, Q1:18.44B, Q2:19.74, Q3:20.54, Q4:17.78. (Link)
• Azure: Multiyear, Multibillion dollar partnership with OpenAI, best known for ChatGPT, to accelerate AI breakthroughs. As the exclusive cloud provider powering OpenAI, Azure will look to commercialize OpenAI and offer the technology in its native Azure services. (Link)
• Snowflake: Acquires Myst, a time series forecasting company. Myst offers an AI platform that helps index a sequence of data points over a period of time. This allows historical data to forecast future behaviors. (Link)

DIGITAL TRANSFORMATION

• Meta: Confirms that it is acquiring Luxexcel, a smart eyewear company. Meta will likely leverage the company’s technology to produce AR glasses. This acquisition aligns with Meta’s corporate strategy when it comes to AR and VR advancements. (Link)
• Amazon: Sidewalk, Amazon’s long-range, low-bandwidth IoT mesh network has four new device manufacture partners to bring smart devices to offer developers. (Link)
• Microsoft: Acquires Fungible, a company that offers scale-out capabilities for data center infrastructure with low processing power also known as low-power data processing units (DPU). (Link)

WEB3

• Ava Labs: Has partnered with AWS to support its Web3 node operations. Ava Labs makes it simple to deploy high-performance solutions for Web3. (Link)
• Polygon: $MATIC Completes a hard fork upgrade to minimize gas fees. Although gas fees will continue to increase during peak demand, they will be aligned with Ethereums gas dynamics. (Link)
• U.S. Gov: The U.S. government seeks to set a basis for legislative and regulatory control of cryptocurrencies. One way the U.S. government considers jurisdiction over cryptocurrencies is through the Commodity Futures Trading Commission, not the SEC. (Link)

Mike