Choosing the right remote work systems for your SMB is easy. We have a large list of customizable solutions that can keep your teams connected and secure. 

​[[{"value":"

Simplify Your Remote Work Security and Systems with These 5 Tips

If you frequent our blog, you know how often we talk about remote work and how it’s here to stay. However, just as you would with any digital platform or piece of technology you add to your SMB, you want to ensure its optimized for maximum effectiveness.

While there are certainly plenty of digital tools you can purchase to help optimize your remote work infrastructure, the most efficient ways to optimize it are through educating your team on the most effective security practices when working remotely, helping your IT team gain complete control over your infrastructure, and streamlining your network to allow for easy collaboration. Below are a few ways you can ensure your team is getting the most productivity out of your remote work system.

Keep Remote Work Security Practices Consistent

One of the most pivotal things to guarantee your remote work network is secure is to ensure everyone in the organization is on the same page when it comes to security. Every company is different – one industry’s telework practices may vastly differ in comparison from another, based on needs. With new employees especially, it’s important to clearly define your remote work security practices, as they may differ from those they may have followed with previous employers.

The best, and quite possibly only, way to achieve this is to maintain consistent and well-defined policies when it comes to remote work. These security policies should be easily accessible to your entire team and reviewed every six to 12 months across the company.

Keep Your Remote Work Security Practices Simple

We’ve already mentioned that your security practices should be easy to access, but they should also be easy to understand as well. While everyone comes with a certain level of technical understanding, just because they work on computers all day or know how to start a Webex meeting doesn’t mean they fully understand IT security (I certainly did not!).

The good news is that they don’t have to take IT 101 to keep your network secure. There are plenty of simple and effective practices every employee should follow anytime they log into work from home or their favorite work spot.

Make sure employees log in to work only on secure devices approved by your organization and installed with the latest security software.
Emphasize the need for employees to guard their hardware when not in use. For example, if an employee likes to work in their favorite coffee shop, they shouldn’t leave their work laptops alone to use the restroom.
Use strong passwords. Passwords should be complex, using a series of numbers, letters, and symbols. They should not include the names of family members, pets, or birth dates that are easy for hackers to look up. Remember, reusing passwords, even if they are complex, is a security threat!
Don’t share passwords with people inside or outside of the organization.

These are just a few ways your team can protect your network remotely without having to be an expert in all things cybersecurity.

Gain Visibility and Control Over Any Network

While remote work is convenient, it increases the risk of cybersecurity threats. While many of the best practices we mentioned above are incredibly helpful, they are completely in your remote workers’ hands. It’s also important for you to have control over your network when your team is working in-office, at home, or on the go.

Utilizing a zero-trust remote work security model is the way to go. Where traditional models would trust anyone on your network, the premise of this model is that it trusts no one. For example, these systems require verification from any user before they gain access to your network and may even ask for additional credentials any time they access certain areas of your network. Things like multi-factor authentication (MFA) are a great example because they require multiple forms of authentication, not a single password, to gain access. Additional forms of “distrust” inside the network also help to limit damage in case someone does manage to hack into your network.

If you’re not sure where to start, checking out Cisco Secure Hybrid Work solutions can help keep your network extra secure by providing end-to-end security from anywhere and throughout your entire network. Inclusions like Cisco Duo will authenticate users before granting access to your network and extend that security across all apps outside of the office.

Meanwhile, Cisco Firewalls will give your IT teams unparalleled visibility into your network and across all your devices to ensure the people on your network belong there. Since no security solution is 100% impermeable, it’s imperative that you have a system in place to detect when a breach occurs and can swiftly deal with it before any major issues arise. With visibility into your network, your IT team can identify any odd user behavior that may signal a cybersecurity breach. Through this, IT teams can prevent any widespread damage or theft – even if a breach has occurred.

Allow Teams to Connect and Collaborate Seamlessly

It used to be that connecting remotely meant sacrificing collaboration. Luckily, times have changed, and it’s easier than ever for teams to connect and collaborate from anywhere.

Virtual meetings can now reliably connect thousands of people on a single call. That amount of collaboration is something SMBs will rarely need, but what they do need is a space where teams can share documents and communicate securely. Beyond that, remote collaboration needs to be affordable, simple to set up, and have plenty of support to stay connected if it’s going to compete with in-person collaboration.

Products like Cisco’s Webex allow teams to call, message, and meet seamlessly under a single subscription so they can stay productive – and you can manage that collaboration with ease.

Since the needs of each SMB are different, you’ll also need the flexibility to customize your collaboration platform. This also helps companies avoid some of the unnecessary utility bloat of some “all-in-one” platforms. Cisco Webex also allows you to select add-ons that align with your SMB’s specific needs, such as events calendars, expanded audio options for meetings, and more.

Prepare for Growth

Finally, no SMB expects to stay the same size for long. When choosing a network and collaboration solution for your business, make sure to pick options that can scale with your company. What makes Cisco unique from any other company on the planet is that we have decades of experience working with companies large and small. When designing Cisco solutions, we draw on that experience to ensure our products grow with your SMB.

Choosing the right remote work systems for your SMB is easy. We have a large list of customizable solutions that can keep your teams connected and secure.  But if you need help selecting, our team of experts have you covered. Contact a Cisco expert today, and our team will help you find the perfect fit to keep your workforce productive.

"}]]  Choosing the right remote work systems for your SMB is easy. We have a large list of customizable solutions that can keep your teams connected and secure.   Read More Cisco Blogs 

The refreshed Support Track content for FY24 is designed to provide Cisco partners with a structured, comprehensive learning path that addresses both foundational and advanced support needs.

​[[{"value":"

At Cisco Black Belt Academy, we’ve consistently placed a high value on our support tracks to guarantee seamless operations for our partners. With our unwavering dedication to superior service, we’re excited to introduce the newly enhanced Support Track for FY24.

This upgrade enriches every level of the program with a profound understanding of the most recent technological advancements. Our goal with these improvements is to arm our partners with the most advanced troubleshooting techniques and the comprehensive know-how required to overcome the challenges of today’s technological environment. Let’s dive into the details of what Support Enablement at Black Belt looks like:

Stage 1: Foundational Support Skills

Self-Diagnosing Issues: Learn to identify and troubleshoot common problems independently, saving time and resources.
Preliminary Steps Before Contacting TAC: Understand the essential steps to take before escalating issues to Cisco’s Technical Assistance Center (TAC).
Cisco Smart Account and Licensing: A cloud-based service that helps customers manage their Cisco software licenses and entitlements. The Support track of the Cisco Black Belt Academy covers how to set up and manage Smart Accounts, as well as how to use the Cisco Software Licensing Portal (SLP) to manage licenses.
Utilizing Cisco Tools and Bots: Get acquainted with Cisco’s suite of tools and bots designed to streamline support processes.
How to Engage TAC: Master the process of effectively engaging with TAC for more complex issues.

Stage 2: Intermediate Support Techniques

Product Portfolio (Intro to Architectures & Solutions): Gain a comprehensive overview of Cisco’s product architectures and solutions.
Basic Troubleshooting: Build foundational troubleshooting skills to address common technical issues.
Best Practices: Learn the best practices for maintaining and supporting Cisco products.
Demo Labs: Engage with interactive demo labs to reinforce learning through practical application.
Log Monitoring and Bug Identification: Develop skills in monitoring logs and identifying potential bugs.

Stage 3: Advanced Troubleshooting and Solutions

Deep Dive into Architecture Troubleshooting: Explore advanced troubleshooting techniques for complex architectural issues.
Cross Architecture Solutions: Learn to troubleshoot issues that span multiple architectures and systems.
Configuration Issues & Upgrades: Address configuration issues and perform upgrades with confidence.
Hands-On Experience Using CTF Missions: Gain practical, hands-on experience through Capture the Flag (CTF) missions that simulate real-world scenarios.

The refreshed Support Track content for FY24 is designed to provide Cisco partners with a structured, comprehensive learning path that addresses both foundational and advanced support needs. By incorporating the latest technology trends and practical insights, we ensure that our partners are well-equipped to deliver exceptional support and maintain smooth operations for their customers.

Visit the Black Belt Academy today to explore the new content and enhance your troubleshooting skills. Stay ahead of the curve with Cisco’s latest support training and ensure your readiness to tackle any challenge that comes your way.

Visit the Cisco Black Belt Support Hub Page today!

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with #CiscoPartners on social!

Cisco Partners Facebook  |  @CiscoPartners X/Twitter  |  Cisco Partners LinkedIn

"}]]  The refreshed Support Track content for FY24 is designed to provide Cisco partners with a structured, comprehensive learning path that addresses both foundational and advanced support needs.  Read More Cisco Blogs 

Stay ahead of sophisticated cybersecurity threats with the trifecta effect of integrating XDR, SIEM, and SOAR. Learn how integrating these technologies can enhance your organization's security.

​[[{"value":"

In the ever-evolving landscape of cybersecurity, the integration of cutting-edge technologies has become paramount to stay ahead of sophisticated threats. One such powerful combination that is revolutionizing security operations is the integration of Extended Detection and Response (XDR), Security Information and Event Management (SIEM), and Security Orchestration, Automation, and Response (SOAR). Let’s delve into the trifecta effect of integrating these technologies and how they can enhance your organization’s security posture.

Security Information and Event Management (SIEM)

SIEM solutions play a crucial role in centralizing and analyzing security event data from various sources within an organization. They provide real-time monitoring, threat detection, and incident response capabilities. By aggregating logs and data from security and non-security disparate systems, SIEM enables security teams to detect anomalies, investigate security incidents, and comply with regulatory requirements.

Extended Detection and Response (XDR)

XDR represents a holistic approach to threat detection and response by consolidating multiple security layers into a unified platform. It provides enhanced visibility across endpoints, networks, and cloud environments, enabling security teams to detect and respond to threats more effectively. By leveraging advanced analytics and machine learning, XDR can correlate and analyze vast amounts of data to identify complex threats in real-time.

Security Orchestration, Automation, and Response (SOAR)

SOAR platforms empower security teams to automate repetitive tasks, orchestrate incident response workflows, and streamline security operations. By integrating with XDR and SIEM, SOAR can enhance the efficiency and effectiveness of incident response processes. It enables teams to respond to security incidents rapidly, reduce manual errors, and improve overall response times.

How XDR, SIEM, and SOAR Complement Each Other

The trifecta effect of integrating XDR, SIEM, and SOAR brings together the best of all three worlds, creating a comprehensive and synergistic security solution. Here’s how the components of each technology complement each other:

XDR and SIEM: XDR’s advanced analytics, machine learning, and threat detection capabilities are integrated with SIEM’s centralized log management and real-time monitoring. This combination enables organizations to detect and respond to both known and unknown threats more effectively, as well as comply with regulatory requirements. SIEM’s pattern recognition capabilities can help XDR identify threats through pattern recognition, while XDR’s API data access and stealth threat detection capabilities can enhance SIEM’s detection capabilities. XDR and SIEM can work together in a security architecture to provide a more robust and mature security posture. For instance, XDR can provide real-time visibility, and SIEM can provide forensic search, data archival, and customization. XDR can reduce the number of contextualized alerts sent to the SIEM for prioritized investigations, enabling security teams to respond to security incidents more efficiently.
XDR and SOAR: XDR’s response integrations can have similar functionality to SOAR platforms, with the potential to make SOAR a native part of XDR platforms in the future. This integration allows for automated threat response, enabling security teams to automatically remediate threats in their environment without human intervention. SOAR’s orchestration and automation capabilities can also enhance XDR’s response capabilities, providing a more proactive defense posture.
SIEM and SOAR: SIEM and SOAR can integrate best-of-breed components without vendor lock-in, allowing for more flexibility in security operations. SOAR’s incident response capabilities, such as use-case-based playbooks, can orchestrate response actions across the environment, assign tasks to personnel, and incorporate user inputs to augment automated actions. This integration can help SOAR platforms focus on incident response, while SIEM solutions can focus on data collection and analysis.

Case Study: Credential Stuffing Attack

Let’s walk through a scenario of a credential stuffing aAttack and model how this trifecta could come into play:

Phase 1: Attack Initiation and Initial Detection

An attacker begins a credential stuffing attack by using previously breached username and password pairs to gain unauthorized access to the organization’s web applications.

XDR Role: XDR monitors the endpoints and detects a high volume of failed login attempts from various IP addresses, which is unusual and indicative of a credential-stuffing attack. XDR can also identify successful logins from suspicious locations or devices, adding this information to the incident details.
SIEM Role: The SIEM system, collecting logs from web application firewalls (WAF), authentication servers, and user databases, notices an abnormal spike in authentication requests and login failures. This complements the XDR’s endpoint visibility by providing a network-wide perspective and helps to confirm the scale of the attack.

Phase 2: Alert Correlation and Confirmation of the Attack

The attack continues as the attacker tries to automate login requests to bypass security controls.

XDR Role: XDR correlates the failed authentication attempts with geographic anomalies (such as logins from countries where the company does not operate) and reports these findings to the SIEM.
SIEM Role: SIEM cross-references the XDR alerts with its log data, confirming the attack pattern. It leverages its correlation rules to identify legitimate accounts that may have been compromised during the attack, which XDR might not be able to determine on its own.

Phase 3: Automated Response and Mitigation

With the attack confirmed, rapid response is necessary to minimize damage.

SOAR Role: Upon receiving alerts from both XDR and SIEM, the SOAR platform triggers a predefined response playbook that automatically enforces additional authentication requirements for the affected accounts, such as multi-factor authentication (MFA), and blocks IP addresses associated with the attack.
XDR Role: XDR can automatically enforce endpoint-based security controls, like updating access policies or locking down accounts that have shown suspicious login activities.
SIEM Role: SIEM supports the response by providing additional context for the SOAR to execute its playbooks effectively, such as lists of affected user accounts and their associated devices.

Phase 4: Post-Attack Analysis and Strengthening Defenses

After blocking the immediate threat, a more in-depth analysis is conducted to ensure all compromised accounts are secured.

SIEM Role: SIEM facilitates a detailed investigation by querying historical data to uncover the full scope of the attack, identifying compromised accounts, and understanding the methods used by attackers.
SOAR Role: SOAR provides workflows and playbooks to automatically reset passwords and notify affected users, while also updating security policies based on the attack vectors used.
XDR Role: The XDR platform assists with forensic analysis by leveraging its integrated view across endpoints, network, and cloud to pinpoint how the attacker could bypass existing security measures.

Phase 5: Continuous Improvement and Monitoring

To prevent future attacks, the organization needs to refine its security posture and implement new controls.

SOAR Role: SOAR can automate the rollout of new security policies across the organization and conduct simulated phishing exercises to educate employees about security best practices.
SIEM Role: SIEM takes charge of long-term data collection and analysis to monitor for new patterns that may indicate a repeat of the attack, ensuring continuous improvement in the organization’s security monitoring capabilities.
XDR Role: XDR continuously monitors for any signs of a resurgence of the attack or similar tactics being used, ensuring ongoing vigilance and quick detection of any new threats.

In this scenario, XDR and SIEM play complementary roles where XDR’s real-time analysis and endpoint visibility are enhanced by SIEM’s ability to provide a broader view of the network and historical non-security context. The SOAR platform bridges the gap between detection and response, allowing for quick and efficient mitigation of the attack. This integrated approach ensures that no aspect of the attack goes unnoticed and that the organization can rapidly adapt to and defend against such sophisticated cyber threats.

Impact of Non-Integrated Approach

Removing either SIEM or XDR from the scenario would significantly affect the organization’s ability to effectively detect, respond to, and recover from a credential-stuffing attack. Let’s consider the impact of removing each one individually:

Removing SIEM

Loss of Centralized Log Management: Without SIEM, the organization loses centralized visibility into the security data generated by various devices and systems across the network. This makes it more challenging to detect patterns and anomalies that are indicative of a credential stuffing attack, especially when they span across multiple systems and applications.
Reduced Correlation and Contextualization: SIEM’s strength lies in its ability to correlate disparate events and provide context, such as flagging simultaneous login failures across different systems. Without SIEM, the organization may not connect related events that could indicate a coordinated attack.
Inefficient Incident Management: SIEM platforms often serve as the hub for incident management, providing tools for tracking, investigating, and documenting security incidents. Without it, the organization may struggle with managing incidents effectively, potentially leading to slower response times and less organized remediation efforts.
Difficulty in Compliance Reporting: Many organizations rely on SIEM for compliance reporting and audit trails. Without SIEM, they may find it more challenging to demonstrate compliance with various regulations, potentially leading to legal and financial consequences.

Removing XDR

Reduced Endpoint and Network Visibility: XDR provides a detailed view of activities on endpoints and across the network. Removing XDR would leave a blind spot in detecting malicious actions occurring on individual devices, which are often the entry points for credential-stuffing attacks.
Weakened Real-time Detection: XDR platforms are designed for real-time detection and response. Without XDR, the organization might not be able to detect and respond to threats as quickly, allowing attackers more time to exploit compromised credentials.
Limited Automated Response: XDR can automate immediate response actions, such as isolating a compromised endpoint or terminating a malicious process. Without XDR, the organization would have to rely more heavily on manual intervention, potentially allowing the attack to spread further.
Loss of Integrated Response Capabilities: XDR often integrates with other security tools to provide a coordinated response to detected threats. Without XDR, the organization may find it more difficult to execute a synchronized response across different security layers.

The Case for an Integrated Approach

The conversation should not be framed as “XDR vs. SIEM & SOAR” but rather as “XDR, SIEM and SOAR.” These three technologies are not mutually exclusive anymore; instead, they complement each other and serve to strengthen an organization’s security posture when integrated effectively.

In essence, the integration of XDR, SIEM, and SOAR technologies is not a competition but a collaboration that brings together the best features of all three worlds.

"}]]  Stay ahead of sophisticated cybersecurity threats with the trifecta effect of integrating XDR, SIEM, and SOAR. Learn how integrating these technologies can enhance your organization's security.  Read More Cisco Blogs