The manufacturing industry is experiencing seismic shifts, from the departure of skilled workers creating a talent gap to rising interest rates prompting constant budget re-evaluations. These factors, coupled with constant pressure to drive outcomes demands that we are business first, and technology second.

​[[{"value":"

As if the wireless technologies for manufacturing couldn’t have more options….here is 5G!  Wireless is clearly the future technology for the manufacturing and specifically the OT side of manufacturing.  It is flexible, highly customizable, and extremely cost effective when compared to traditional network drops.  There are so many options today, and many of which manufacturers are already heavily invested in, with great results, so where does 5G fit into the picture?

It depends!

The manufacturing industry is experiencing seismic shifts, from the departure of skilled workers creating a talent gap to rising interest rates prompting constant budget re-evaluations. These factors, coupled with constant pressure to drive outcomes demands that we are business first, and technology second.

We all know where we need to go, but the road to get there can be a little challenging and bumpy.  It needs to start with a traditional “crawl-walk-run” strategy to drive a business payback on the investment, then leverage that technology across the enterprise.  What I mean is that if you find the right use case for a 5G implementation, then forge ahead and drive it forward.  Once that project is done, then start to leverage other use cases in your operations that can lean into this new network for even more business value.

Cisco’s Perspective

Azita Kia, our Technical Lead at the Cisco Mobility CTO Office offered her thoughts and perspective on this topic:

Indeed, manufacturing has been going through a seismic shift, and in the heart of that shift is the “network” that connects everything to everything else. Consider a thing to be a person, a tool, an application, a data base, an assembly line, a whole factory, a yard, a port, you name it. Connectivity is the bloodline of automation which is a foundational driver for evolution of manufacturing.  We need a powerful network not only to automate but also to apply new world applications such as AI and AR/VR to factory operations. Everything runs over the network.

While better connectivity has been developed and is in use, say speed of light with fiber optics or hundreds of gigs with wireless ala 5G, application of these modalities for manufacturing remains nascent and slow to grow primarily due to complexity of manufacturing processes and contexts. It may be possible to deliver 100s of gig as mobile broadband or long-haul transport, but to bring this type of speed together with necessary reliability to ensure safety and process control are two separate topics.

In the case of 5G, 3GPP group started with a vision of defining a wireless methodology to replace industrial ethernet to untether manufacturing processes from wires and cables and enable a more flexible factory floor. This vision, which is one of the components of Industry 4.0, persists and if and when fully realized can truly shake up how factories are built and managed. There are innumerable benefits from untethering which many groups have described in “factories of future” designs.

To realize these visions, we need mature 5G equipment, UE/Radio/PacketCore, as well as factory level tools, applications, network, and security systems that can integrate these new modes of communication at a cost point that factory operators are willing to spend. We have made leaps of progress in the past few years towards availability of basic equipment for 5G and integration into factory network designs and work continues as new releases of 3GPP, particularly R16 which delivers Ultra Low Latency for industrial use cases, becomes available in UE and radio offers.

Use Cases

We have seen many cases, where deploying a mobility strategy on the plant floor has driven up productivity for the plant.  Bringing the data and solutions closer to the employee can help reduce unscheduled downtime and increase communications for the teams.  Instead of the traditional point to point radios on the plant floor, what if it looked different?

If you had smartphones with a Webex client on them, then everything becomes more tightly connected.
You may need to reach out to a remote expert outside of the plant.
You could communicate with multiple people on multiple teams to address any problems or challenges.
You could have analytics built into the system to better understand what is happening (or not happening!) in the operations.
User manuals, troubleshooting guides, and experienced teams are at everyone’s fingertips to engage.

Technology: 5G to the rescue!

The inherent challenge with mobility is coverage.  We run into these problems even in our daily life using our phones, and you cannot let your plant have any network issues with any kind of mobility strategy.  The key is to make sure the site assessment is done extremely well, and you use partners like Cisco to develop and enable this critical technology with our world class wireless IoT team.  Security needs to be addressed up front and not as an afterthought in any type of network design, so that is top priority for you in these discussions.

We focus on network and security for a living…you need to make sure you are working with a trusted partner in this critical phase of your journey.

Resources

Cisco Portfolio Explorer for Manufacturing

See Cisco Private 5G in Action

Cisco Private 5G Solution Overview

5G: Enabling Change For Manufacturers

"}]]  The manufacturing industry is experiencing seismic shifts, from the departure of skilled workers creating a talent gap to rising interest rates prompting constant budget re-evaluations. These factors, coupled with constant pressure to drive outcomes demands that we are business first, and technology second.  Read More Cisco Blogs 

Explore Cisco's efforts in Africa to promote digital equality, tech access, and gender equity. Then, join the learning community.

​[[{"value":"

When you think of the term sustainability, chances are you think of the environmental kind. But improving the environment doesn’t happen in a void—you need technological access and people with the know-how to manage it all.

This requires a strong foundation of sustainable communities, calling for digital divide solutions that incorporate intersectional considerations like education and gender equity.

The need for educational initiatives to foster environmental resilience in Africa

We could talk about the need for educational initiatives around the globe to support environmental resilience. But let’s start with Africa, a continent disproportionately affected by climate change. Though it emits only 10% of global greenhouse gases, more than 110 million Africans were directly affected by climate-related hazards in 2022, causing more than $8.5 billion in damages.

Despite the urgency of climate change, many African countries are hampered by inadequate digital infrastructure, widespread energy poverty, and difficulties in implementing digital solutions, such as urban farming technology and creating locally relevant digital content. This scenario is further compounded by the fact that only about 36% of Africa’s population has broadband internet access, which restricts the opportunities for online educational resources and hinders progress toward developing innovative solutions to climate-related challenges.

From learning to leading: Cisco’s education programs paving the way for a more sustainable future

Enter Cisco’s purpose of powering an inclusive future for all—which, in part, means providing training to close the digital divide worldwide. In Africa, Cisco supports a number of free or low-cost projects that open up a world of opportunity in the evolving digital economy. This is primarily done through Cisco Networking Academy, one of the longest-standing IT skills-to-jobs programs in the world.

Founded in 1997, Cisco Networking Academy delivers information technology education and practical and theoretical skills in networking, cybersecurity, programming, and the Internet of Things (IoT) through 11,700 school-affiliated programs. So far, it has educated more than 20 million people in more than 190 countries.

Networking Academy allows people to prepare for professional certifications that are valid worldwide, allowing them to get better employment and, in turn, helping their communities become more sustainable. Cisco plans to expand the program and reach even more learners, with a goal of training 3 million people in Africa by fiscal 2032.

And the education works. As a first-year Information and Communication Engineering student at Covenant University in Ota, Nigeria, 2023 Cisco Networking Academy Future Leader Award winner Ireoluwatonde Fasanu found the field too broad to narrow down a career path. Then, her mother passed away, causing her to almost give up on her dream of finishing her degree.

Despite her devastating and heartbreaking loss, Fasanu wanted to prove to herself that no situation should be a hindrance to her dreams. She wanted to be a role model to others. “I didn’t just do this for myself; I did it so that I would have a story to tell others who might have fallen in such time of adversity, or anyone who might be faced with such in the future,” Fasanu says.

Fasanu began taking Cisco Networking Academy CCNA and Cybersecurity courses and found her path forward. By her senior year, Fasanu had built a cross-functional team that designed and created an IoT-based Air Quality Monitoring System for people with asthma. It reads air quality status and sends warning messages via a mobile app. Her exemplary leadership abilities and skill set are a testament to the effectiveness of the Networking Academy education, demonstrating its potential to benefit not just her but countless others.

Other digital divide solutions in Africa and across the world

Beyond the ever-expanding Networking Academy, Cisco also supports a number of programs that work with partners to provide a broad spectrum of education to African students. Starting in the primary level, these organizations offer support in reading, math, and digital creation, building a foundation for students to pursue STEM careers, and thus helping to bridge the digital divide.

Code.org: Provides Africa, Asia, and Latin America with computer science curricula, as well as investment for platform architecture upgrades for low-bandwidth and offline learners.
Raspberry Pi Foundation: Brings Code Club to three million students annually, with an emphasis on female participation and engagement in Kenya, South Africa, and India.
Cisco Connected Disability Action Network (CDAN)/EMEA (Europe, Middle East, Africa region): Partners with Lexxic to help develop neurodiverse-friendly workplace environments.
The World Possible partnership, a nonprofit co-founded by Cisco employees, creates mini networks using remote area servers, expanding internet access in remote areas in over 53 countries.

Additionally, Cisco U. provides online access to certification education with free and paid content, regardless of whether people are associated with a school, further democratizing access to networking education.

Get involved with digital literacy

Cisco’s commitment to providing certifications and ongoing technology access, particularly to women, lays the groundwork for a more sustainable future. These initiatives are crucial to ensuring nobody gets left behind in the digital future.

Interested in getting involved with networking education and digital literacy in general?

Support digital education initiatives by teaching at Cisco Networking Academy.
Partner with Cisco Networking Academy to bring more education initiatives to life.
Sign up for free essential computer skills classes.
Join the Cisco Learning Network community, where you can ask questions and share ideas.
Sign up for Cisco U. Free.

For more information about all the work Cisco does to power an inclusive future for all, read the FY23 Purpose Report.

Sign up for Cisco U. | Join the  Cisco Learning Network today for free.

Follow Cisco Learning & Certifications

X | Threads | Facebook | LinkedIn | Instagram | YouTube

Use  #CiscoU and #CiscoCert to join the conversation.

Read next:

Promoting Sustainable Livelihoods in South America and the Amazon

"}]]  Explore Cisco's efforts in Africa to promote digital equality, tech access, and gender equity. Then, join the learning community.  Read More Cisco Blogs 

The Federal Operational Security Stack is a centralized framework offering efficiencies when deploying SaaS solutions and services to the U.S. Federal market.

​[[{"value":"

Synopsis: The Cisco Federal Operational Security Stack streamlines the process for Cisco SaaS solutions on their FedRAMP journey, bringing a myriad of benefits. It revolutionizes product engineering team workflows by offering a centralized and integrated suite of tools and services that cover a significant number of FedRAMP security requirements. This efficiency decreases engineering team effort, enabling them to focus on enriching solution features and accelerating their FedRAMP readiness.

In 2023, the FedRAMP Authorization Act was passed, codifying FedRAMP into law as the authoritative and standardized approach to security assessment and authorization of cloud products and offerings for Government agencies to use. The US General Services Administration (GSA) administers FedRAMP in collaboration with the Department of Homeland Security (DHS) and Department of Defense (DoD) and is based off NIST 800-53.

FedRAMP requires that cloud providers serving federal agencies implement a set of security controls, thoroughly document them, and then undergo an audit by a third-party assessment organization (3PAO) to ensure compliance. Upon completing the assessment, a series of reviews will then occur by a sponsoring agency, as well as the FedRAMP PMO itself to achieve an Authority to Operate (ATO) status; otherwise known as “FedRAMP Authorized”. For more on the FedRAMP authorization process – please refer to here. Upon achieving a FedRAMP Authority to Operate (ATO), a CSP is recognized as meeting the necessary security control requirements to handle federal data. Consequently, Cisco SaaS solutions must obtain FedRAMP ATO to conduct business with U.S. Federal agencies.

Meeting rigorous U.S. Federal Government standards

For Cisco to continue to serve the U.S. Federal market with technology innovation, meeting these rigorous government standards is not just beneficial, it’s imperative. The U.S. Federal Government mandates cloud solutions inlcuding Cisco’s own Cloud solutions obtain authorizations for FedRAMP and the Department of Defense (DoD) Impact Levels (IL) to sustain business relations with U.S. federal agencies. Yet, this obligation comes with its own set of stringent requirements, such as:

Limitations on supporting tooling usage.
Specific encryption methods around using FIPS 140-2/3 and hardening requirements.
Monthly continuous monitoring reporting guidelines to validate vulnerabilities are being reviewed and remediated in a timely manner.

This can significantly extend the time required to obtain product ATOs and IL authorizations — at times exceeding 24 months to establish FedRAMP Moderate, as an example. As such, to streamline these efforts, Cisco has developed a centralized solution – Cisco’s Federal Operational Security Stack or Fed Ops Stack.

A centralized solution to meet federal requirements

For CSPs with multiple SaaS offerings, like Cisco, it is crucial to devise a strategy that provides these solutions with the agility to be competitive, while upholding the elevated standards of application and operational security measures required by the U.S. Federal Government. To that end, we’ve developed and implemented the Federal Operational Security Stack or Fed Ops Stack — a centralized solution to increase efficiency while minimizing the time and effort required by engineering teams to deploy our solutions and services in this highly-regulated market.

The Fed Ops Stack comprises of a comprehensive suite of tools and services, hosted on a central infrastructure and designed to deliver foundational capabilities that encompass approximately 50% of FedRAMP Moderate requirements. Cisco’s SaaS solutions can subscribe to Ops Stack’s package, and leverage these centralized tools and services, by integrating with the Fed Ops Stack to streamline the time and effort needed to attain a FedRAMP ATO. The diagram below illustrates its services and key features:

Accelerating FedRAMP Authority to Operate

Through the Fed Ops Stack, SaaS solution teams inherit identity and access management, security monitoring, testing, application sustainment, and customer support by authorized personnel. Without it, meeting these requirements for each solution individually can be quite costly, time-consuming, and unsustainable.

The Fed Ops Stack accelerates the readiness process for SaaS solutions on their FedRAMP journey, by offering an integrated and centralized suite of tools and services, bring efficiency by reducing engineering team effort, enabling them to focus on enriching solution features and accelerating their FedRAMP readiness.

Over the next couple of months, Cisco is in process to receive agency authorization (NIH) for Fed Ops Stack, followed by a full authorization post-FedRAMP Program Management Office review. This will allow for Cisco’s offerings to utilize a driver-subscriber model by leveraging Fed Ops Stack’s authorization and centralized tooling and processes, streamlining go-to-market plans.

The journey map below shows how Cisco provides a clear process and resources for delivering SaaS solutions into regulated federal environments. It displays the steps for solution teams to move their SaaS solutions throughout the process, while partnering with U.S. federal agencies and teams along the way.

What’s on the horizon

In the future, Cisco plans to encompass higher levels of federal and DoD accreditations into the Fed Ops Stack, including FedRAMP High and DoD Impact Level. We also intend to broaden our reach to other countries’ public sectors by constructing specialized stacks tailored to meet specific compliance requirements, such as the Australian Infosec Registered Assessors Program (IRAP) and Germany’s BSI Cloud Computing Compliance Criteria Catalogue (C5), among others. We aspire to establish a unified deployment pipeline capable of integrating both commercial and federal environments, streamlining operations, and continuing to deliver efficiencies for Cisco’s SaaS solutions.

Reach out to our team at ciscoccf@cisco.com with questions and to learn more.

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social Channels

InstagramFacebookTwitterLinkedIn

"}]]  The Federal Operational Security Stack is a centralized framework offering efficiencies when deploying SaaS solutions and services to the U.S. Federal market.  Read More Cisco Blogs 

Through an interactive story map, learn more about Cisco’s commitment to address homelessness, progress made over the last six years, what’s next, and how you can help.

​[[{"value":"

In 2018, Cisco made a historic pledge and bold commitment to address homelessness in Santa Clara County. We committed $50 million in grant funding over five years – the largest corporate donation of its kind at the time – with the aim to:

Make homelessness rare, brief, and non-recurring in Santa Clara County
Develop a model that could be replicated outside of Silicon Valley, and
Encourage other companies to step up and join us in combating homelessness

Fast forward to 2024. What has been accomplished?

Click on the picture below to go to an interactive story map showcasing all the great progress made in addressing homelessness across Santa Clara County and beyond. Dive deep into our work with Destination: Home, Covenant House, Habitat for Humanity, Westhab, LifeMoves, and others. Find out how we’re deepening and scaling our impact, and how you can help.

Cisco’s six-year housing journey by the numbers (full article)

"}]]  Through an interactive story map, learn more about Cisco’s commitment to address homelessness, progress made over the last six years, what’s next, and how you can help.  Read More Cisco Blogs 

Join Cisco's mission to empower young readers by registering for the Chapter One online reading volunteer program. Your commitment can spark a lifetime love for reading in a child's life

​[[{"value":"

For the past two years, I have had the privilege of leading Cisco’s Partnering for Purpose program. A global initiative designed to simplify and enhance the collaboration between Cisco, our partners, customers, and suppliers worldwide, Partnering for Purpose amplifies and accelerates our collective positive impact on people, the planet and the communities in which we live and work.

A key part of this collaborative work is identifying local examples of impactful initiatives that can be:

Shared globally for greater visibility and awareness
Scaled to drive greater impact

Making a Difference

A standout example of Partnering for Purpose in action is our work improving literacy amongst children in UK schools.

Since 2019, Cisco UKI has partnered with Chapter One, a nonprofit organization whose mission is to create a world where all children have the literacy skills needed to thrive. Chapter One provides one-to-one reading support through a network of corporate partners and volunteers at a critical point in children’s literacy journeys.

As part of our partnership, a group of Cisco UKI employees volunteer 30 minutes each week during the school term as online reading partners. They support 5-7-year-old pupils in primary schools across England, providing assistance at a crucial stage in their literacy development.

If students don’t develop a strong literacy foundation at an early age, they are unlikely to become proficient readers in later school years. Without these skills, children’s self-confidence and self-esteem can suffer significantly, making it difficult for them to reach their potential. The negative impact can span generations. Providing children with the right support at the right time can transform their futures.

This is where being an online reading volunteer makes a difference.

Driving Greater Impact

I have been a volunteer reader with Chapter One since the 2020/21 academic year, supporting a pupil each year. I live by the African proverb, “It takes a village to raise a child,” and when I first saw the call from our UKI Corporate Social Responsibility (CSR) team for Chapter One volunteers, I knew immediately that I wanted to get involved. Two years ago, when we started to develop the Partnering for Purpose initiative, I knew Cisco UKI ’s work with Chapter One would be an excellent example of where we could scale and drive greater impact.

Through the Partnering for Purpose initiative, we have extended Chapter One’s impactful volunteering opportunity to our UKI channel partner community. In the 2023/24 academic year, 17 partner employees from six of our channel partner organizations joined forces with 34 Cisco employees, delivering 349 hours of reading support to 51 children. Collaborating with World Wide Technology (WWT), CGI, Stone Group, Computacenter, Virgin Media O2, and TCS, we have successfully amplified our impact by over 62%.

“I just wanted to say thank you for helping me out.  I enjoy reading much more. Right now, I am reading the Train to Impossible Places by PG Bell. I just wanted to say thank you again, so much” – Connor, now aged 9

The Chapter One online platform makes it easy and flexible to support your assigned child from anywhere. I have had sessions while mobile, and even while on holiday. This flexibility has also been of great value to Bea Brewer from CGI, who said, “It’s a great platform and a lovely way to give back and connect with the community with such ease.”

By supporting children’s literacy development at such a crucial stage, we are investing in their life outcomes and our shared future. Our collective efforts not only enhance literacy skills but also nurture a brighter future for these young learners, who will be tomorrow’s leaders.

Looking ahead to the next academic year, we are once again collaborating with our UKI channel partner community to amplify our collective impact. If you are interested in participating in this initiative, click here to join us.

As James Hampson of Virgin Media O2 reflects, “I honestly think my student’s achievements have made my list of highs more than my own this year.  If anyone is thinking of participating, I couldn’t encourage it more.”

Register to join our Chapter One online reading volunteer program!

Visit the Partnering for Purpose SalesConnect

Read our stories and Partnering for Purpose blogs

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with #CiscoPartners on social!

Cisco Partners Facebook  |  @CiscoPartners X/Twitter  |  Cisco Partners LinkedIn

"}]]  Join Cisco's mission to empower young readers by registering for the Chapter One online reading volunteer program. Your commitment can spark a lifetime love for reading in a child's life  Read More Cisco Blogs 

Artificial Intelligence (AI) Appreciation Day, celebrated on July 16th every year, recognizes the positive contributions of AI technology to humanity and encourages discussions about its ethics. This event is an opportunity to celebrate AI's history and evolution, with Cisco playing a significant role.

​[[{"value":"

Artificial Intelligence (AI) Appreciation Day, celebrated on July 16th every year, recognizes the positive contributions of AI technology to humanity and encourages discussions about its ethics. This event is an opportunity to celebrate AI’s history and evolution, with Cisco playing a significant role.

AI Beginnings

AI’s story spans several decades, beginning in the 1930s with Alan Turing’s visionary work which laid the foundation for modern computers. Turing’s 1948 report titled “Intelligent Machinery” further contributed, with the term “artificial intelligence” formally coined at a conference at Dartmouth College in 1956. Over the decades, AI has evolved from predicting, classifying, and automating tasks by analyzing historical data to the emergence of Generative AI as a relatively new branch of the field.

AI Evolution and Economic Impact

AI’s journey reflects a fascinating blend of theory, innovation, perseverance, and prospect. Still early in its lifecycle, Gen AI is a multi-billion-dollar opportunity for the channel ecosystem. This year alone, it is expected to amount to a $15.4 billion (US) opportunity, with projections to grow to $158.6 billion (US) by 2028.

Cisco’s Leadership in AI

As a recognized leader in AI, Cisco helps partners and customers with new AI-powered innovations and investments to scale their AI maturity, unlocking a more connected and secure future. Cisco isn’t just dipping its toes in the AI pool; it’s diving in headfirst. Helping partners meet the moment, Cisco’s comprehensive AI strategy is woven throughout its entire portfolio, offering a future-proof network that practically manages itself.

Cisco’s cutting-edge AI approach supports technology leaders who are tired of network headaches and crave proactive solutions that optimize performance and security before issues arise.

What Sets Cisco AI Apart

Self-Healing Networks: Imagine a network that identifies and resolves issues before they impact your business. Cisco AI’s anomaly detection and automated remediation capabilities make this a reality. No more scrambling to diagnose and fix network problems—your network takes care of itself, freeing your IT team to focus on strategic initiatives.
Unparalleled Network Visibility: Cisco AI provides a holistic view of your network traffic, empowering you to make data-driven decisions. Gain insights into user behavior, application performance, and potential security threats. This deep visibility allows you to optimize network resources and ensure exceptional Quality of Service (QoS) for all users and applications.
Enhanced Security: Cybersecurity is an ever-evolving battleground. Cisco AI stays ahead of the curve by analyzing network activity for malicious patterns. This proactive approach allows you to identify and neutralize threats faster, minimizing risk and protecting your valuable data.
Streamlined IT Operations: Cisco AI automates repetitive tasks such as configuration management and troubleshooting. This frees your IT staff from mundane tasks, allowing them to focus on higher-level activities that contribute directly to business goals.

Benefits of Cisco AI

Increased Efficiency: Self-healing networks minimize downtime, ensuring business continuity and maximizing productivity.
Reduced Costs: Automated tasks and optimized resource allocation translate to significant cost savings.
Improved Security Posture: Proactive threat detection and mitigation minimize the risk of costly cyberattacks.

Responsible AI

As we celebrate AI Appreciation Day, it’s important to reflect on the ethics of AI and Cisco’s commitment to using the technology responsibly. Cisco believes that our customers, stakeholders, and the world at large will benefit from the responsible and ethical use of AI. In 2012, Cisco published its Human Rights policy, aligned with UN guiding principles for Business and Human Rights. In 2022, we published Cisco’s Responsible AI Framework, which we continuously evolve to help our teams and customers adopt AI with the speed and scale needed to maximize value while ensuring safety and security to mitigate risk and bias.

Take Your Network to the Next Level

Don’t wait for network problems to disrupt your business. Contact a Cisco account team today to learn more about how you can harness the power of AI and embrace the future of networking.

Learn more about Cisco’s Responsible AI Framework 

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with #CiscoPartners on social!

Cisco Partners Facebook  |  @CiscoPartners X/Twitter  |  Cisco Partners LinkedIn

"}]]  Artificial Intelligence (AI) Appreciation Day, celebrated on July 16th every year, recognizes the positive contributions of AI technology to humanity and encourages discussions about its ethics. This event is an opportunity to celebrate AI's history and evolution, with Cisco playing a significant role.  Read More Cisco Blogs 

An email and a dream brought Senior Development Engineer Mustafa H. to Cisco where he's realizing his dreams, empowered through trust, and helping others.

​[[{"value":"

I woke up early and started to check my emails. While scrolling quickly, I noticed an email from Cisco Meraki. It was an invitation to a phone screening. I couldn’t believe it. I thought I was still asleep.

But I wasn’t. It was real. I completed all the steps of the interview process, and recently, I completed my first two years as a Cisconian, where I am a Software Engineer on the Customer Solutions Marketing Web Experience team, developing solutions for our web assets using different programming languages and managing some parts of the security side of our assets.

I wrote my first code when I was 11 years old with a good old Commodore 64, a gift from my dad. Then, years later, in my native Turkiye, I co-founded a web hosting company where we created a small data center. That’s when I became aware of Cisco technology, its reliability, and its reputation. Seeing how Cisco was on the leading edge of technology sparked my dream to work here one day.

I got closer to my dream when I won the Green Card lottery in 2018 and moved to the U.S. in 2019.

The first two years in this country were challenging for me and my wife, including driving for rideshare services and updating my skills at a software boot camp. It was a learning process for us, and I’m glad for that because learning is an endless journey in life. That journey brought me to Cisco.

I couldn’t sleep the night before my Cisco onboarding. I had to be reminded, “You’re on mute,” the next day because I was so excited to be here. I haven’t been on mute since because our collaborative and supportive culture encourages us to speak up and share our ideas, knowledge, and thoughts to learn from one another and help each other grow. Cisco is made up of good people who create the diverse and inclusive community we have here. My coworkers gave me a virtual hug when I started. I felt at home, and that feeling was priceless.

When I look back at my two years here, I have learned a great deal. On the technical side, I have taken many different courses, trainings, webinars, and had valuable team conversations. Instructor-led and on-demand learning helps improve my skills and innovate our work. I’m so lucky as a Cisconian that we have so many different opportunities for training and growth.

I’ve learned even more about how to help others. Through our Time2Give benefit (80 hours of paid time off in addition to regular paid time off), I work with Austin Habitat for Humanity doing construction to help provide affordable housing for others. I slept out last year in Houston for Covenant House, Cisco’s annual event, where participants come together all over the world and give up their beds for one night, raising money to fight youth homelessness. If I hadn’t had these opportunities and others, a piece of my soul might be missing.

Trust is also an incredible motivation for me — more than money, more than a bonus, more than recognition. As an experienced engineer with expertise in different areas, my managers, leaders, teammates, and friends recognize what I bring to Cisco, and their trust in me is my critical fuel. And mostly, I hear the following from my leaders, “We trust you; you can do it. Even if you’re in another country or on an aircraft.”

Thanks to that unwavering trust, support, and flexibility, I have seamlessly merged my passion for exploration with my professional commitments, working remotely. It has opened up a world where deadlines and dreams ride side by side, allowing me to fulfill my responsibilities efficiently while feeding my soul with the endless beauty of the open road, where I take too many photos in my Cisco swag (I have more than the Cisco Store!) in other parts of the world, like Turkiye, Mexico, different parts of the U.S., on a motorcycle, in our R.V., on the lake, and at the airport. The world is my office, and every destination holds a new lesson, a fresh perspective, and a chance to recharge, especially with our four additional company-wide paid days off — Days for Me — to spend time with our family, dog, and hobbies. Our fur baby, Smoky, is always happy and grateful for those days because I have more time with him.

This might sound like an interview answer, but I aim to touch others’ lives at work, with my code, with my hands, and with my ideas. Cisco is the perfect place to reach that goal, with its technology, culture, and people.

Let me start my last words with an “if” statement as if I were a developer: If Cisco is a dream for you, don’t stop chasing it. Follow it to our careers site. Opportunities are waiting, and one of them fits your skills. You, too, might just receive that life-changing email — an email that transforms your dreams into reality.

Subscribe to the WeAreCisco Blog.

"}]]  An email and a dream brought Senior Development Engineer Mustafa H. to Cisco where he's realizing his dreams, empowered through trust, and helping others.  Read More Cisco Blogs 

The regreSSHion vulnerability has taken the internet by storm. Learn how Secure Workload can protect your organization from this and other vulnerabilities.

​[[{"value":"

On July 1, 2024, the Qualys Threat Research Unit (TRU) disclosed an unauthenticated, remote code execution vulnerability that affects the OpenSSH server (sshd) in glibc-based Linux systems.

[For more information visit Qualys Security Advisory and our Cisco Security Advisory on regreSSHion (July 2024).]

Now we have seen how CVE-2024-6387 has taken the internet by storm, making network security teams scramble to protect the networks while app owners patch their systems.

Secure Workload helps organizations get visibility of application workload traffic flows and implement microsegmentation to reduce the attack surface and contain lateral movement, mitigating the risk of ransomware.

Below are multiple ways in which Secure Workload can be leveraged to get visibility of affected application workloads and enforce segmentation policies to mitigate the risk of workloads being compromised.

1. Visibility of SSH Traffic Flows

According to the Qualys Threat Research Unit, the versions of OpenSSH affected are those below 4.4p1, as well as versions 8.5p1 through 9.8p1, due to a regression of CVE-2006-5051 introduced in version 8.5p1.

With Secure Workload, it is easy to search for traffic flows generated by any given OpenSSH version, allowing us to spot affected workloads right away and act. By using the following search attributes, we can easily spot such communications:

Consumer SSH Version
Provider SSH Version
Figure 1: Visibility of OpenSSH version from Traffic Flows

2. Visibility of OpenSSH Package Version in Workloads

Navigate to Workloads > Agents > Agent List and click on the affected workloads. On the Packages tab, filter for the “openssh” name and it will search for the current OpenSSH package installed on the workload.

Figure 2: OpenSSH package Version

3. Visibility of CVE-ID Vulnerability in Workloads

Navigate to Vulnerabilities tab, and a quick search for the CVE ID 2024-6387 will search the current vulnerabilities on the workload:

Figure 3: Vulnerability ID Information Per Workload

4. Mitigating Risk of regreSSHion

Once the relevant workloads are spotted, there are three main avenues to mitigate the risk: either by microsegmenting the specific application workload, implementing organization-wide auto-quarantine policies to proactively reduce the attack surface, or performing a virtual patch with Secure Firewall.

Microsegmentation: Microsegmentation policies allow you to create fine-grained allow-list policies for application workloads. This means that only the specified traffic flows will be permitted, denying any other traffic that might be generated from the workload.
Figure 4: Microsegmentation Policies For Affected Application WorkloadAuto-Quarantine: You can choose to implement organization-wide policies to reduce the attack surface by quarantining workloads that have installed a vulnerable OpenSSH package or are directly affected by the CVE ID.
Figure 5: Organization-Wide Auto-Quarantine PoliciesVirtual Patch: If quarantining a workload is too disruptive to the organization (e.g., business-critical applications or internet-exposed applications), you can perform a virtual patch with the help of Cisco Secure Firewall to protect the application workloads against the exploit while still maintaining connectivity for the application.
Figure 6: Virtual Patch with Secure Firewall ConnectorFigure 7: Vulnerability Visibility and IPS Signature in FMC

5. Process Anomaly and Change-In Behavior Monitoring of regreSSHion

Even in the scenario where a workload is compromised, Secure Workload offers continuous monitoring and anomaly detection capabilities, as shown below:

Process Snapshot: Provides a process tree of existing runtime processes on the workload. It also tracks and maps running processes to vulnerabilities, privilege escalation events, and forensic events that have built-in MITRE ATT&CK Techniques, Tactics, and Procedures.
Figure 8: Process Snapshot of Affected WorkloadsForensic Rules: Secure Workload comes with 39 out-of-the-box MITRE ATT&CK rules to look for techniques, tactics, and procedures leveraged by adversaries. It is also possible to create custom forensic rules to track certain process activities, such as privilege escalation performed by processes. The system can also generate alerts and send them to the Secure Workload UI and SIEM systems.
Figure 9: Example Manual Forensic Rule Creation (left) and Built-In Mitre ATT&CK Rules (right)

Learn more about Cisco Secure Workload

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social Channels

InstagramFacebookTwitterLinkedIn

"}]]  The regreSSHion vulnerability has taken the internet by storm. Learn how Secure Workload can protect your organization from this and other vulnerabilities.  Read More Cisco Blogs 

Cisco plays a pivotal role in the evolution and implementation of the PCI DSS 4.0.1 standards, offering a suite of compliant products and advisory expertise to assist customers in navigating the significant security updates and phased rollout through March 2025.

​[[{"value":"

The Payment Card Industry data security standards have evolved since 2002 when the first version was released. The most recent update, version 4.0.1, was released in June 2024. This updates the PCI 4.0 standard, which  has significant updates to both scope and requirements. These requirements are being phased now and through March 2025.

Cisco has been involved with PCI since the outset, having a seat on the board of advisors and helping craft the development of PCI standards through different evolutions. Cisco has consulted extensively with customers to help meet the requirements and provided extensive user friendly documentation on how customers can meet the requirements, both in minimizing the scope of the assessment as well as in ensuring security controls are present. We have released systems that are PCI compliant in control aspects as well as data plane aspects, and have built-in out-of-the box audit capabilities in a number of infrastructure based, and security based, solutions.

The purpose of this blog is to walk into the PCI DSS 4.0 with a focus on architects, leaders, and partners who have to navigate this transition. We will discuss what is new and relevant with PCI DSS 4.0, its goals and changes. We will then explore products and solution that customers are actively using in meeting these requirements, and how our products are evolving to meet the new requirements. This will be targeted to teams who already have been on the PCI journey. We’ll transition to an expansion into PCI DSS in more detail, for teams that are newer to the requirements framework.

One thing that is important to note about the 4.0 update, is it will be a phased rollout. Phase 1 items (13 requirements) had a deadline of March 31, 2024. The second phase is much larger and more time has been given, but it is coming up soon. Phase 2 has 51 technical requirements, and is due May of 2025.

Implementation timelines as per PCI At a Glance

What’s new in PCI DSS 4.0, and what are its goals?

There are many changes in PCI DSS 4.0. these were guided by four overarching goals and themes:

Continue to meet the security needs of the payments industry.

Security is evolving at a rapid clip, the amount of public CVE’s published has doubled in the past 7 years (source: Statista). The evolving attack landscape is pushing security controls, and new  types of attack require new standards. Examples of this evolution are new requirements around Multi-Factor authentication, new password requirements, and new e-commerce and phishing controls.

Promote security as a continuous process

Point in time audits are useful but do not speak to the ongoing rigor and operational hygiene needed to ensure the proper level of security controls are in place in a changing security environment. This step is an important step in recognizing the need for continual service improvement vis-a-vis an audit. This means that process will be have additional audit criteria in addition to the application of a security control.

Provide flexibility in maintaining payment security

The standard now allows for risk based customized approaches to solving security challenges which is reflective to both the changing security environment, and the changing financial application environments. If the intent of the security control is able to be met with a novel approach, it can be considered as fulfilling a PCI requirement.

Enhance validation methods and procedures for compliance

“Clear validation and reporting options support transparency and granularity.” (PCI 4.0 at a glance).  Clarity in the measurements and reporting is articulated. This is important for a number of factors, you can’t improve what you don’t measure, and if you’re not systematically tracking it in well-defined language, it is cumbersome to reconcile. This focus will make reports such as the attestation report more closely aligned to reports on compliance and self-assessment questionnaires.

How Cisco helps customers meet their PCI Requirements.

Below is a table that briefly summarizes the requirements and technology solutions that customers can leverage to satisfy these requirements. We will go deeper into all of the requirements and the technical solutions to these.

PCI DSS 4.0 Requirement
Cisco Technology/Solution
1. Install and Maintain network security control.
Cisco Firepower Next-Generation Firewall (NGFW), ACI, SDA, Cisco SDWan, Hypershield, Panoptica, Cisco Secure Workload
2. Apply secure configurations to all system components.
Catalyst center, Meraki, Cisco SDWan, Cisco ACI, Cisco CX Best Practice configuration report
3. Protect stored cardholder data
Cisco Advanced Malware Protection (AMP) for Endpoints
4. Protect cardholder data with strong cryptography during transmission over open, public networks
Wireless Security requirements satisfied with Catalyst Center and Meraki
5. Protect all systems and networks from malicious software
Cisco AMP for Endpoints
6. Develop and Maintain secure systems and software
Meraki, Catalyst Center, ACI, Firepower, SDWan. Cisco Vulnerability Manager
7. Restrict access to cardholder data by business need-to-know
Cisco ISE, Cisco Duo, Trustsec, SDA, Firepower
8. Identify users and authenticate access to system components
Cisco Duo for Multi-Factor Authentication (MFA), Cisco ISE, Splunk
9. Restrict physical access to cardholder data 
Cisco Video Surveillance Manager, Meraki MV, Cisco IOT product suite
10. Log and monitor all access to system components and cardholder data
Thousand Eyes, Accedian, Splunk
11. Test security of systems and networks regularly
Cisco Secure Network Analytics (Stealthwatch), Cisco Advanced Malware Protection, Cisco Catalyst Center, Cisco Splunk
12. Support information security with organizational policies and programs
Cisco CX Consulting and Incident Response, Cisco U

A more detailed look at the requirements and solutions is below:

Requirement 1: Install and Maintain network security control.

This requirement is will ensure that appropriate network security controls are in place to protect the cardholder data environment (CDE) from malicious devices, actors, and connectivity from the rest of the network. For network and security architects, this is a major focus of applying security controls. Quite simply this is all the technology and process to ensure “Network connections between trusted and untrusted networks are controlled.” This includes physical and logical segments, networks, cloud, and compute controls for use cases of dual attached servers.

Cisco helps customers meet this requirement through a number of different technologies. We have traditional controls include Firepower security, network segmentation via ACI, IPS, SD-Wan, and other network segmentation items. Newer technologies such as cloud security, multi cloud defense, hypershield, Panoptica and Cisco Secure Workload are helping meet the virtual requirements. Given the relevance of this control to network security, and the breadth of Cisco products, that list is not exhaustive, and there are a number of other products that can help meet this control that are beyond the scope of this blog.

Requirement 2: Apply secure configurations to all system components.

This requirement is to ensure processes for components are in place to have proper hardening and best practice configurations applied to minimize attack surfaces. This includes ensuring unused services are disabled, passwords have a level of complexity, and best practice hardening is applied to all system components.

This requirement is met with a number of controller based assessments of infrastructure, such as Catalyst center being able to report on configuration drift and best practices not being followed, Meraki, and SDWan as well. Multivendor solutions such as Cisco NSO can also help ensure configuration compliance is maintained. There are also numerous CX advanced services reports that can be run across the infrastructure to ensure Cisco best practices are being followed, with a corresponding report and artifact that can be used.

Requirement 3: Protect stored account data.

This requirement is application and database settings, and there isn’t a direct linkage to infrastructure. Analysis of how account data is stored, what is stored, and where it is stored, as well as cursory encryption for data at rest and the process for managing these, are covered in this requirement.

Requirement 4: Protect cardholder data with strong cryptography during transmission over open, public networks

This requirement is to ensure encryption of the primary account number when transmitted over open and public networks. Ideally this should be encrypted prior to transmission, but the scope applies also to wireless network encryption and authentication protocols as these have been attacked to attempt to enter the cardholder data environment. Ensuring appropriate security of the wireless networks can be done by the Catalyst Center and Meraki in ensuring appropriate settings are enabled.

Requirement 5: Protect all systems and networks from malicious software

Prevention of malware is a critical function for security teams in ensuring the integrity of the financial systems. This requirement focuses on malware and phishing, security and controls, across the breadth of devices that can make up the IT infrastructure.

This requirement is met with a number of Cisco security controls, Email security, Advanced malware protection for networks and for endpoints, NGFW, Cisco Umbrella, secure network analytics, and encrypted traffic analytics are just some of the solutions that must be brought to bear to adequately address this requirement.

Requirement 6: Develop and Maintain secure systems and software

Security vulnerabilities are a clear and present danger to the integrity of the entire payments platform. PCI recognizes the need for having the proper people, process, and technologies to update and maintain systems in an ongoing basis. Having a process for monitoring and applying vendor security patches, and maintaining strong development practices for bespoke software, is critical for protecting cardholder information.

This requirement is met with a number of controller based capabilities to assess and deploy software consistently and at speed, Meraki, Catalyst Center, ACI, Firepower and SD-Wan, all have the ability to monitor and maintain software. In addition, Cisco vulnerability manager is a unique capability to take into account real world metrics of publicly disclosed CVE’s in order to prioritize the most important and impactful patches to apply. Given the breadth of an IT environments software, attempting to do everything at equal priority means you are systematically not addressing the critical risks as quickly as possible. In order to address your priorities you must first prioritize, and Cisco vulnerability manager software helps financials solve this problem.

Requirement 7: Restrict access to cardholder data by business need-to-know

Authorization and application of least privilege access is a best practice, and enforced with this requirement. Applied at the network, application, and data level, access to critical systems must be limited to authorized people and systems based on need to know and according to job responsibilities.

The systems used to meet this requirement are in many cases, shared with requirement 8. With zero trust and context based access controls we include identification in with authorization, using role based access controls and context based access controls. Some of these can be provided via Cisco identity services engine, which has the ability to take into account a number of factors outside of identity (geography, VPN status, time of day), when making an authorization decision. Cisco DUO is also used extensively by financial institutions for context based capabilities for zero trust. For network security enforcement of job roles accessing the cardholder data environment, Cisco firepower and Software Defined access have the capabilities to make context and role based access decisions to help satisfy this requirement. For monitoring the required admin level controls to prevent privilege escalation and usage of root or system level accounts, Cisco Splunk can help teams ensure they are monitoring and able to satisfy these requirements.

Requirement 8: Identify users and authenticate access to system components

Identification of a user is critical to ensuring the authorization components are working. Ensuring a lifecycle for accounts and authentication controls are strictly managed are required. To satisfy this requirement, strong authentication controls must be in place, and teams must ensure Multi-factor authentication is in place for the cardholder data environments. They also must have strong processes around user identification are in place.

Cisco ISE and Cisco Duo can help teams satisfy the security controls around authentication controls and MFA. Coupled with that, Cisco Splunk can help meet the logging and auditing requirements of ensuring this security control is acting as expected.

Requirement 9: Restrict physical access to cardholder data

“Physical access to cardholder data or systems that store, process, or transmit cardholder data should be restricted so that unauthorized individuals cannot access or remove systems or hardcopies containing this data.” (PCI QRG). This affects security and access controls for facilities and systems, for personnel and visitors. It also contains guidance for how to manage media with cardholder data.

Outside the typical remit of traditional Cisco switches and routers, these devices play a supporting role in supporting the infrastructure of cameras and IOT devices used for access controls.  Some financials have deployed separate air gapped IOT networks with the cost efficiencies and simplified stack Meraki devices, which simplifies audit and administration of these environments. The legacy proprietary camera networks have been IP enabled, and support wired and wireless, and Meraki MV cameras offer cost affordable ways to scale out physical security controls securely and at speed. For building management systems, Cisco has a suite of IOT devices that support building physical interface capabilities, hardened environmental capabilities, and support for IOT protocols used in building management (BACNET). These can integrate together and log to Cisco Splunk for consolidated logging of physical access across all vendors and all access types.

Requirement 10: Log and monitor all access to system components and cardholder data

Financial institutions must be able to validate the fidelity of their financial transaction systems and all supporting infrastructure. Basic security hygiene includes logging and monitoring of all access to systems. This requirement spells out the best practice processes for how to conduct and manage logging of infrastructure devices that allow for forensic analysis, early detection, alarming, and root cause of issues.

Cisco and Splunk are the world leader in infrastructure log analytics for both infrastructure and security teams. It is deployed at the majority of large financials today to meet these requirements. To compliment this, active synthetic traffic such as Cisco Thousand Eyes and Accedian help financials detect failures in critical security control systems faster to satisfy requirement 10.7.

Requirement 11: Test security of systems and networks regularly

“Vulnerabilities are being discovered continually by malicious individuals and researchers, and being introduced by new software. System components, processes, and bespoke and custom software should be tested frequently to ensure security controls continue to reflect a changing environment.” (PCI QRG)

One of the largest pain points financials face is the management of applying regular security patching across their entire fleet. The rate of CVE’s released has doubled in the past 7 years, and tools like Cisco Vulnerability management is critical prioritizing an infinite security need against a finite amount of resources. Additional Cisco tools that can help satisfy this requirement is: Cisco Secure Network Analytics (11.5), Cisco Advanced Malware protection (11.5), Cisco Catalyst Center (11.2), Cisco Splunk (11.6).

Requirement 12: Support information security with organizational policies and programs

People, process, and technology all need to be addressed for a robust security program that can satisfy PCI requirements. This requirement focuses on the people and process that are instrumental in supporting the secure PCI environment. Items like security awareness training, which can be addressed with Cisco U, are included. Cisco CX has extensive experience consulting with security organizations and can help review and create policies that can help the organization stay secure. Finally, having a Cisco Incident Response program already lined up can help satisfy requirement 12.10 for being able to immediately respond to incidents.

In summary,

This blog is a bit longer than most, and is intended of a very high level summary of PCI, the requirements, and the solutions to help meet them.

To learn more about how Cisco can help you on your PCI journey, contact your account team.

To learn more about PCI, I recommend reviewing the Quick Reference Guide below for a next level view into PCI and more extensive discussion of requirements, and the PCI Standard itself can clarify any points of interest in specific areas.

References:

https://insights.integrity360.com/what-is-new-in-pci-dss-4.0
First Look at PCI DSS v4.0 – English Subtitles
https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Supporting%20Document/PCI_DSS-QRG-v4_0.pdf
https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Supporting%20Document/PCI-DSS-v4-0-At-A-Glance.pdf
https://east.pcisecuritystandards.org/document_library?category=pcidss&document=pci_dss

"}]]  Cisco plays a pivotal role in the evolution and implementation of the PCI DSS 4.0.1 standards, offering a suite of compliant products and advisory expertise to assist customers in navigating the significant security updates and phased rollout through March 2025.  Read More Cisco Blogs