How should network engineers be thinking about and using AI right now, and what to could they expect for the future? Here, we focus on one surprising use case that I found to be a bit exciting: Using AI to peer review your work. Buckle up, and let's check it out.
[[ Join the Cisco Learning Network today for free.
In today's digital landscape, enterprises face the constant threat of [...]
In the era of 5G, cellular and neutral host providers are expanding their radio networks to provide better coverage and data performance in densely populated areas. Municipalities and utilities operating streetlights are making their structures “smart” by incorporating 5G/LTE radios and fiber for connectivity. This has opened up a new world of possibilities.
[[{"value":"
As you drive through Anytown, USA you may notice the number of different streetlights that illuminate the roads that you are traveling. Some are tall to cover large areas while others may be more decorative and located in downtown areas to give the town a unique character. Whatever they look like, municipalities large and small are starting to realize the true value of these structures.
In the era of 5G, cellular and neutral host providers are interested in expanding their radio networks to provide better coverage in densely populated areas for better data performance. As a result, municipalities, utilities, and other private companies that operate streetlights have been making their structures “smart” by incorporating 5G/LTE radios and fiber for connectivity. This has provided an important revenue stream to support the operation of these streetlights; however, that’s not the only value they have.
Imagine a municipality being inundated with requests from residents every day to fix potholes, address illegal parking, tow cars blocking driveways, lack of heat in apartments, dangerous intersections, water backups, and more. Addressing these issues not only cost money and personnel, but also time. For instance, some cities can take a year or more to survey their roads to fix potholes or by the time you call to tow someone’s car that is blocking your driveway, you’re probably already late for an important meeting.
The good news is that Internet of Things (IoT) technology allows governments to improve connections with residents by establishing new and better services. Digitalization, artificial intelligence (AI), and machine learning (ML) are changing how people live by connecting machines, vehicles, infrastructure, and buildings rather than just users. For instance, LIDR (light detection and ranging) technology can be used for 3D recording of crime scenes, forensic examination, and measuring pollution levels, to name a few. LIDR is also being used to enable autonomous vehicles and providing unique uses to avoid fatalities on the road.
Example of a Smart Pole by Aero Wireless Group in a suburban neighborhood.
Today, smart poles or smart infrastructure are retrofitted to include Cisco’s IoT Industrial Networking to provide scalable municipal-wide secure connectivity for these IoT device that are mounted on the poles. These smart pole are also providing Cisco’s Industrial Wireless for connectivity to devices that are not connected physically like electrical, water, and parking meters. They are also being leveraged in municipalities like the City of Ft. Worth, TX for Internet access to residents that lacked access. The smart poles can also be networked together wirelessly, leveraging Cisco’s Ultra-Reliable Wireless Backhaul to provide fiber-like quality and performance where physical fiber may not be available and cost prohibitive.
Regardless of their size, municipalities can leverage streetlight and fiber as strategic assets that can provide their residents improved cellular coverage, utilize fiber for broadband access, and expand government services efficiently by leveraging the power of IoT and AI/ML to solve critical issues. Today, sensors like those with LIDR technology can alert residents of poor air quality, provide early warning system to avoid traffic collision, provide information on poor road conditions, and so many other solutions to make quality of life better for their residents.
Cisco is a proud member of Fiber Broadband Association. We will be speaking at the FiberConnect annual conference in Nashville, July 28-31, 2024. My colleagues at Cisco and I will be speaking at the following sessions and invite you to attend:
Build America Buy America: Delivering a Slice of the American Pie
12:30 pm CST – Robin Olds, Cisco
Out in the Middle: Urban, Suburban, and Rural Middle Mile
1:30 pm CST – Albert Garcia, Cisco
Expo Theater: Rethinking Broadband Access Networks
3:00 pm CST – Bradley Riapolov, Cisco
Build 201: Creating Demand and Mitigating Risk in New Markets
1:30 pm CST – Abel Ramirez, Cisco
Broadband Policy Symposium
3:00 pm CST – Miranda Lutz, Cisco
We also encourage you to follow these hashtags during the event: #FiberBroadband #FBA #FiberConnect24
"}]] In the era of 5G, cellular and neutral host providers are expanding their radio networks to provide better coverage and data performance in densely populated areas. Municipalities and utilities operating streetlights are making their structures “smart” by incorporating 5G/LTE radios and fiber for connectivity. This has opened up a new world of possibilities. Read More Cisco Blogs
As AI took center stage at Cisco Live US, we looked at how intelligent Industrial IoT networks are enabling manufacturers to reduce downtime, increase production throughput and equipment effectiveness, while improving networking operations and reducing their total cost of ownership.
[[{"value":"
Cisco Live US 2024 brought together over 21,000 professionals, business leaders, and partners from around the world to discuss the latest trends, technologies, and solutions in the networking and communications industry.
As AI took center stage throughout the week, I was able to share the implications its advancement is having on the manufacturing industry, specifically how intelligent Industrial IoT networks are enabling manufacturers to reduce their downtime, increase their production throughput and equipment effectiveness, while improving networking operations and reducing their total cost of ownership.
During my Product and Solution Overview session, A Foundation for AI and ML: Cisco Intelligent Industrial IoT Network Drives Uptime, Yield, Security, and Revenue I detailed the evolution of AI and ML in network automation, asset visibility, and threat defense for manufacturers. Check out the full session or read the highlights below.
By utilizing AI-driven insights and machine learning, Cisco’s Catalyst Center can detect and prioritize issues before they impact users, automate routine tasks, and provide actionable intelligence to network administrators. Benefits include:
Constant monitor of network and devices for up-to-date visibility
AI/ML and machine reasoning for root cause analysis, to find anomalies instantly
Correlated insights with telemetry data to accurately pinpoint root cause
Guided remediation allows for single-click resolution, allowing machine reasoning automation to close the loop
Through AI-powered analytics and automation, Cisco’s application-centric infrastructure can dynamically adapt to application behavior, predict potential performance bottlenecks, and automatically adjust resources to meet demand. This intelligent approach to application management helps manufacturers:
Connect IT teams to business results via user experience visibility to lower their total cost of ownership
Monitor application performance and correlate it to application infrastructure to optimize business uptime
Monitor the performance of traditional, hosted hybrid apps, and microservices-based cloud native applications
Manufacturers can revolutionize the way they observe, secure, and optimize applications with Cisco Full-Stack Observability.
Another level of automated visibility in your industrial network is provided via Cisco Cyber Vision which enables full visibility into the security posture of your OT assets. At a time when AI sits at the forefront of manufacturing innovation, forty-eight percent of manufacturers surveyed in a Deloitte survey identified operational risks, including cyberattacks, as the greatest danger to their smart factory initiatives. The integration of AI enhances Cisco’s security solutions to proactively identify and mitigate these potential threats, so IT and OT teams can work together to maintain a robust and adaptive defense against the ever-evolving landscape of cyber threats.
"}]] As AI took center stage at Cisco Live US, we looked at how intelligent Industrial IoT networks are enabling manufacturers to reduce downtime, increase production throughput and equipment effectiveness, while improving networking operations and reducing their total cost of ownership. Read More Cisco Blogs
Exploring the Metaverse? Discover its hidden cybersecurity risks and stay protected. Dive into the evolving world of virtual reality with us, where we uncover and tackle the security challenges of tomorrow
[[{"value":"
The intriguing realm of the metaverse should not make us overlook its cybersecurity hazards.
Metaverse adoption has been steadily increasing worldwide, with various existing examples such as virtual weddings, auctions, and the establishment of government offices and law enforcement agencies. Prominent organizations like INTERPOL and others are investing considerable time and resources, underscoring the importance of the metaverse. While the growth of the metaverse has been substantial, its full potential has not yet been realized due to the slow development of computing systems and accessories necessary for users to fully immerse themselves in virtual environments, which is gradually improving with the production of augmented reality and visual reality solutions such as HoloLens, Valve Index and Haptx Gloves.
As virtual reality tools and hardware evolve, enabling deeper immersion in virtual environments, we anticipate a broader embrace and utilization of the metaverse.
Despite the remarkable growth of the metaverse within a relatively brief period, significant concerns have risen regarding criminal activity within this virtual realm. The World Economic Forum, INTERPOL and EUROPOL have highlighted the fact that criminals have already begun exploiting the metaverse. However, due to the early stage of the metaverse’s development, forensic science has not yet caught up, lacking practical methodologies and tools for analyzing adversarial activity within this virtual space.
Unlike conventional forensic investigations that primarily rely on physical evidence, investigations within the metaverse revolve entirely around digital and virtual evidence. This includes aspects like user interactions, transactions and behaviors occurring within the virtual world. Complicating matters further, metaverse environments are characterized by decentralization and interoperability across diverse virtual landscapes. There are unique challenges related to the ownership and origin of digital assets as users can join metaverse platforms with their anonymous wallets and interact with them in a pseudonymous manner without revealing their real identity. Such analysis requires advanced blockchain analytics capabilities along with large attribution databases linking wallets and addresses to actual users and treat actors. As a result, this new digital realm necessitates the development of innovative methodologies and tools designed for tracking and analyzing digital footprints, which play a crucial role in addressing virtual crime and ensuring security and virtual safety in the metaverse.
The security community needs a practical, real-world forensic framework model and a close examination of the intricacies involved in metaverse forensics.
User activity in the metaverse is immersed in digital environments where interactions and transactions are exclusively digital, encompassing different moving parts such as chatting, user movements, item exchanges, blockchain backend operations, non-fungible tokens (NFT), and more. The diverse and multifaceted nature of these environments presents adversaries with numerous opportunities for malicious activities such as virtual theft, harassment, fraud, and virtual violence, which will only be exemplified with the development of more realistic metaverse environments. The distinct aspect of these crimes is that they often lack any physical real-world connection, presenting unique challenges in investigating and understanding the underlying motives.
Occurrences of violence in metaverse platforms already exist, with the most notable to date involving the British police launching its first ever investigation into a virtual sexual harassment in the metaverse, stating that although there are no physical injuries, there is an emotional and psychological impact on the victim. An extensive list of the potential harms in and through the metaverse can be found in INTERPOL’s metaverse report.
Here are two other theoretical examples that exemplify the importance of metaverse forensics, and the need to distinguish their differences from contemporary forensics.
Robbery from an avatar (a metaverse gift): In the metaverse, a character approaches another avatar to present virtual shoes as a gift. The avatar accepts the gift, but a few hours later discovers that all digital assets associated with their metaverse account and digital wallet have disappeared. This incident involving stealing digital assets occurred because the seemingly innocent gift of virtual shoes was, in fact, a malicious NFT embedded with adversarial code that facilitated the theft of the avatar’s digital assets.
A metaverse conference: In another scenario, a user attends a cybersecurity conference in the metaverse, not knowing it is organized by cybercriminals. Their aim is to lure high-value stakeholders from the industry to steal their data and digital assets. This event takes place in a well-known conference hall in the metaverse. The registration form for the event includes a smart contract designed to extract personal information from all attendees. Additionally, it embeds a time-triggered malicious code set to steal digital assets from each avatar at random intervals after the conference ends. Investigating such incidents requires a comprehensive multi-dimensional analysis that encompasses marketplaces, metaverse bridges, blockchain activities, individual user behavior in the metaverse, data logs of the conference hall and the platform hosting the event, as well as data from any supporting hardware.
Several challenges exist for metaverse investigators. And as the metaverse evolves, additional challenges are expected to surface. Here are some potential issues law enforcement and cybersecurity investigators may run into.
Decentralization and jurisdictions: The decentralized nature of many metaverse platforms can lead to jurisdictional complexities. Determining which laws apply and which legal authority has jurisdiction over a particular incident can be challenging, especially when the involved parties are spread across different countries. As such, it will be exponentially complex or even impossible in some cases for law enforcement to subpoena criminals or metaverse facilitators.
Anonymity and identity verification: Users in the metaverse often operate in an anonymous or pseudonymous manner with avatars with random nicknames, making it difficult to identify their real-world identities. This anonymity can be a significant hurdle in linking virtual actions to criminals. Only few options for unmasking adversarial activity exist, including tracing IP addresses and analyzing platform logs which can be a complex undertake when dealing with truly decentralized metaverse platforms, often leaving blockchain analytics as the only viable analysis methodology.
Complexity and interpolarity of virtual environments: The metaverse can contain a myriad virtual spaces, each with its own set of rules, protocols and types of interactions. Understanding the nuances of these environments is crucial for effective investigation. To compound on the complexity of virtual environments, many metaverse platforms are interconnected, and an investigation may need to span multiple platforms, each with its own set of data formats and access protocols.
Digital asset tracking: Tracking the movement of digital assets, such as cryptocurrencies or NFTs, across different platforms and wallets through blockchain transactions requires specialized knowledge and tools. Without such dedicated tools, tracing digital assets is impossible as such tools contain millions of walled address attributions, ensuring the effective tracing of funds and assets.
Lack of international standards: The absence of global standards for metaverse technology development allows for a wide variety of approaches by developers. This diversity significantly affects the investigation of metaverse platforms, as each requires unique methods, tools and approaches for forensic analysis. This situation makes forensic processes time-consuming and difficult to scale. Establishing international standards would aid forensic investigators in creating tools and methodologies that are applicable across various metaverse platforms, streamlining forensic examinations.
Blockchain immutability: The immutable nature of blockchain ensures that all recorded data remain unaltered, preserving evidence integrity. However, this same feature can also limit certain corrective actions, such as removing online leaks or inappropriate data and reversing transactions involving stolen funds or NFTs.
Correlation of diverse data sources: Data correlation plays a crucial role in investigations, aiming to merge various data types from disparate sources to provide a more comprehensive insight into an incident. Examples of that can be correlating the events of different systems or combining end-host data with associated network data or the correlation between different user accounts. In the context of the metaverse, the challenge lies in the sheer volume of data sources associated with metaverse technologies. This abundance makes data correlation a complex task, necessitating an in-depth understanding of diverse technologies supporting metaverse platforms and the ability to link disparate data sets meaningfully.
Lack of forensic automation: Investigators commonly use various automated tools in the initial stages of their forensic analysis to automate various pedantic operations. These tools are crucial to identify signs of compromise efficiently and accurately. Without these tools, the scope, efficiency, and depth of the analysis can be greatly impacted. Manual analysis requires more time and heightens the risk of overlooking critical signs of compromise or other malicious activities. The emerging and complex nature of metaverse environments currently lacks these tools, and there is no anticipation of their availability soon.
The forensic approach for the metaverse is distinct from traditional approaches, which typically begin with investigations focusing on physical devices for telemetry extraction. Investigating the metaverse is a challenging task because it involves more than just examining various files across multiple systems. Instead, it requires the analysis of diverse systems within different environments and the correlation of such data to draw meaningful conclusions.
An example illustrating metaverse forensic complexities is, a rare digital painting, goes missing from a virtual museum. A forensic system should undertake a comprehensive investigation that includes reviewing security logs in the virtual museum, tracing blockchain transactions, and examining interactions within interconnected virtual worlds and marketplaces. The investigation should also analyze recent data from devices like haptic gloves and virtual reality goggles to confirm any malicious related user activities. The analysis of virtual logs or hardware is dependent on the logs recorded by providers or vendors and whether such logs are made available for analysis. If such information is not present, there is little that can be done in terms of forensic analysis.
In this example, if the metaverse platform and virtual museum did not maintain logs it would be impossible to verify the activities preceding the theft, including information about the adversary. If logs from haptic gloves or reality googles are also not present, the activities described by the user during the adversarial activity would have been impossible to verify. This leaves a forensic investigator unable to perform in-depth analysis apart from monitoring on-chain data and the transfer of the painting between the museum wallet and adversarial wallet addresses.
Metaverse platforms vary in their approach to logging and data capture, significantly influenced by the method through which users access these environments. There are primarily two access methods: through a web browser and via client-based software. Web browser-based access to metaverse platforms, like Roblox and Sandbox, requires users to navigate to the platform using a browser. In contrast, client-based platforms such as Decentraland necessitate downloading and installing a software application to enter the metaverse. This distinction has profound implications for forensic analysis. For browser-based platforms, analysis is generally limited to network-based approaches, such as capturing network traffic, which may only be feasible when the traffic is not encrypted. On the other hand, client-based platforms can provide a richer set of data for forensic scrutiny. The software client may generate additional log files that record user activities, which, alongside conventional forensic methods like analyzing the registry or Master File Table (MFT), can offer deeper insights into the application’s use and user interactions within the metaverse. Regardless of the access method, the potential for forensic analysis can be further expanded based on the types of logs and data recorded by the metaverse environment itself and made available by the provider. This means that within each metaverse platform, the scope and depth of forensic analysis can vary based on the specific logs kept by the environment, offering a range of analytical possibilities.
Forensic systems suited for metaverse environments should start their investigation in the digital realm and use physical devices for their supporting data. These forensic systems must connect to user avatars, their accounts, and related data to facilitate initial triage and investigation. Forensic solutions for the metaverse should be capable of conducting triage, data collection, analysis and data enrichment, paralleling the requirements for examining current software and systems. The following three features would greatly benefit forensic investigators when analyzing the metaverse:
Triage collection: Collection of forensic artefacts start within the metaverse environment or platform, extending to other supporting software and hardware devices enabling users to interface with the metaverse.
Analysis: Processing the captured data to link relevant data and activity based on the reported incident aiming to identify anomalies and indicators of compromise (IOCs). Machine learning can be leveraged to automate the investigation by analyzing relevant telemetry based on the reported indicators of compromise or incident outcomes according to similar past incidences and the analysis and resolution provided by forensic analysts.
Data enrichment: Based on the IOCs identified, forensic systems must be capable of searching diverse sources such as blockchains, metaverse platforms and other associated information to identify relevant data for added context.
Forensic systems for the metaverse should be able to directly interact with a user’s avatar (Figure 6), which may adopt a non-player character (NPC) for assistance. When activated, the NPC avatar should be able to engage with the user’s avatar, requesting access to the avatar’s data, the metaverse platform, and all associated software and hardware implicated in an incident. This includes the metaverse console, IoT devices, networking devices and blockchain addresses. To ensure enhanced privacy and security, NPC forensic analysts should only be able to access user data if they are only activated or requested by a user and should only obtain read-only access.
The forensic NPC avatar should meticulously record relevant logs and document any detected indicators of compromise (e.g., suspicious metaverse interactions) along with the observed impact (e.g., NFT or crypto token theft) and the estimated timeframe of the incident from the user’s avatar. Given the inherent complexity of metaverse environments, these forensic systems should possess the ability to operate on multiple layers to gather data, among others:
Blockchain to analyze transactions and exchanges performed on-chain.
Metaverse Bridges to analyze activities across linked metaverse environments.
Metaverse Platforms, including different apps and digital assets in the metaverse.
Networking, including connections related to the metaverse platform as well as supporting sensors and devices. Supporting devices (haptic gloves, body sensors, computational unit, etc.).
During analysis, malicious or anomalous activities should, optimally, be reported in an automated manner to guide the forensic analysts and speed up investigations. After analysis, any detected signs of compromise, such as cryptocurrency addresses, user activities, or files, should undergo data enrichment. This involves conducting searches across different data sources to find relevant information, which helps provide more detail and context for the analyst.
In the following sections of the blog, we provide a deeper view of how each of the three phases proposed operate, providing the data sources that can be leveraged for each, where applicable.
Forensic systems can analyze various threat types using multiple data sources. As the fields of forensics and the metaverse develop, the demand for new data sources will grow. It’s important to acknowledge that the available telemetry data can vary based on the platform and hardware in use. The absence of international standards and protocols for the metaverse compounds this complexity. With this in mind, we identify the following data sources as potential telemetry that should be logged to allow the effective analysis of metaverse environments. In addition to the telemetry presented below, forensic triage collection should be performed by capturing the memory and disk image from systems involved in an incident.
Authentication and access data:
User login history, IP addresses, timestamps and successful/failed login attempts.
Session tokens and authentication tokens used for access.
Third-party integration data:
Data from third-party integrations or APIs used in the metaverse platform.
Permissions and authorizations granted to third-party apps.
Error and debug logs:
Logs of software errors, crashes or debugging information.
Error messages, stack traces and core dumps.
Script and code data:
Source code or scripts used within the virtual environment.
Execution logs and debug information.
Smart contracts in relevant blockchain wallets.
Marketplace, commerce data and blockchain:
Records of virtual goods or services bought and sold on the platform’s marketplace.
Payment information, such as credit card transactions or cryptocurrency payments.
User account and user behavior:
Profile username, avatar image, account creation time, account status, blockchain address used to open the metaverse account.
User interactions, friendships, groups, locations, and social networks, while preserving privacy.
User activity logs, including participation in events and in-world gatherings.
User device forensics:
User devices for the extraction of supporting data, such as device activity, configuration files, locally stored chat logs, images, etc.
All ingoing and outgoing network activity reaching devices relevant to a metaverse incident.
Asset provenance data:
Detailed asset provenance information with the complete history of ownership and modifications.
Blockchain addresses and wallets, including a copy of their transaction history. Verification of the “from” address (creator or previous owner) and the “to” address (current owner) is required.
If the asset is digital or represented as a token (e.g., an NFT), examine the smart contract that created it. Smart contracts contain rules and history about the asset.
Ensure the asset is not a copy or fake by verifying that the smart contract and token ID are recognized by the creator or issuing authority.
System and platform configuration:
Details of the platform’s architecture, configurations and version history.
Behavioral biometrics:
Behavioral patterns of user interactions and in-game actions to help identify users based on unique behavior. Although such activity can be useful to identify adversaries in the case where very little is known for their activities, such information is not expected to be widely available.
The goal of the telemetry analysis process is to detect unusual or potentially malicious behavior through a semi- or fully automated processing of data and logs, thereby aiding forensic experts and expediting the investigation process.
This can be accelerated by leveraging deep learning techniques to identify harmful patterns using a database of historically analyzed events. Additionally, incorporating reinforcement learning, refined by forensic experts, could enhance the system’s ability to offer better incident response suggestions. For effective training, these machine-learning algorithms would need access to a large repository of forensic strategies and actions taken by professionals in various investigative scenarios, including those spanning across different metaverse environments and artefacts. Utilizing this data allows the algorithms to match current incidents with similar past cases based on the user input provided.
Given the diverse range of threats and types of incidents, along with the emerging state of the metaverse and its insufficient logging features, devising a comprehensive forensic methodology that is universally applicable to all metaverse platforms or systems presents significant challenges. Should metaverse operators provide telemetry data, the analytical process can be simplified by focusing on artifacts that are most pertinent to a specific incident. Nonetheless, the presence of such artifacts in existing metaverse platforms cannot be assured. To overcome this issue and offer practical guidance, we suggest a hybrid forensic strategy that integrates traditional operating system forensics emphasizing Windows-based platforms due to their prevalent use for client-side metaverse platforms, along with specialized analyses that address the unique aspects of the metaverse and blockchain technologies. For better understanding, we categorize each analytical technique as per the divisions used in the triage and artifact collection section of this blog.
Authentication and access data
Metaverse platforms often store records of successful authentication attempts, including the dates, in local log files. If these logs are unavailable, analyzing DNS records and process executions associated with the metaverse platform can provide insights into when a user accessed it.
One approach to uncover such information involves examining browser records (e.g. Chrome) and the history of visited URLs to identify when a user visited and connected to a specific metaverse platform via a web browser. Additionally, routers may maintain by default traffic logs offering further insight into DNS activity.
For process-related investigation, resources like Amcache and Prefetch are valuable for determining the timing of executions for the metaverse platform client. These tools can help trace the usage patterns and activities associated with user interactions with the metaverse.
Third-party integration data
Acquiring such data can be challenging because these operations occur usually on the backend of servers, and logs related to this activity are typically not accessible to users. To obtain this information, which depends on the architecture and API usage of a metaverse platform, one could use network capture tools like Wireshark. This method allows users to monitor any API requests made while using a metaverse platform, and inspect the contents of these communications, provided they are not encrypted. This approach helps in understanding the interaction between the client and the server during the operation of metaverse platforms.
Error and debug logs
Metaverse platforms commonly record client and connectivity issues in local log files. When these logs are not accessible, one can analyze the Windows Application log to identify any errors issued by the application and any software problems that prevent it from either logging in or functioning properly. However, it is important to note that errors occurring specifically within the metaverse environment are not captured by Windows’ native logs, thus remaining invisible to analysts using these tools.
Script and code data
In certain environments, snippets of scripts and other code that serve various functionalities can be accessed through reverse engineering, allowing analysts to determine if a metaverse feature is functioning properly and safely. However, it’s important to note that reverse engineering software may be illegal and is generally advised against.
Despite these limitations in directly analyzing metaverse code, it is still feasible to examine publicly available smart contract code. This code governs on-chain transactions and facilitates exchanges of value between players in metaverse environments. To analyze the smart contract associated with a specific metaverse, one must first identify the blockchain it utilizes. Then, by finding the smart contract’s address, one can inspect its code using a blockchain explorer. For instance, to review the smart contract of UNI (a decentralized exchange) which operates on the Ethereum blockchain, one would use an Ethereum blockchain explorer to locate and examine the contract’s code at the Ethereum address (0x1f9840a85d5aF5bf1D1762F925BDADdC4201F984) used by UNI.
Marketplace, commerce data and blockchain
Transaction records of virtual goods or services exchanged on a metaverse platform can be tracked by examining a user’s account to review the NFTs and other items they possess. Additionally, by conducting on-chain transaction analysis, one can retrieve a complete history of item ownership, including details of items or NFTs bought and sold by users. Thanks to the transparency of public blockchains, this process is straightforward. It only requires the wallet address used by the user to access the metaverse platform. This address can be searched in the relevant blockchain explorer to analyze the user’s historical transactions and items purchased or sold.
User accounts and behavior
Currently, the logging and analytics of user behavior within metaverse environments are largely undeveloped. Basic information like profile usernames and avatar images are stored locally in the metaverse client’s directory. More detailed information about user interactions, friendships, groups, and visited locations can be retrieved from a user’s account, provided the data has not been deleted by the user. Analyzing a user’s social networks may offer deeper insights into their participation in metaverse events and related in-world gatherings.
User device forensics
Various devices enable interaction with the metaverse, including VR headsets, smartphones, gaming consoles and haptic gloves. The extent of data logging varies by device. For example, VR headsets may record details such as connected social networks, usernames, profile pictures and chat logs. It is essential to analyze the specific vendor and device to determine the availability of such logs. As the technology landscape evolves, it is anticipated that more vendors and devices will emerge, further complicating the environment. This dynamic nature will necessitate more sophisticated tools and greater expertise for effective forensic analysis in the future.
Asset provenance data
Detailed information about the provenance of assets in the metaverse, including the complete history of ownership and modifications, can be obtained through on-chain analysis. This process involves examining transactions between blockchain addresses of interest, the non-fungible tokens (NFTs) and other tokens they possess, and their interactions with smart contracts. Because public blockchains are immutable — meaning that once data is recorded, it cannot be deleted or changed — it is relatively straightforward to track asset provenance. By searching for a known wallet address in the appropriate blockchain explorer, one can easily trace the history associated with that address.
When analyzing blockchain data for provenance, it is critical to verify that the addresses interacting with the target address are legitimate. This includes ensuring that entities like metaverse providers or NFT issuers are not misrepresented by posing as the official addresses. Verification can be achieved by visiting the official website of the token or metaverse provider to find and confirm their official blockchain addresses. This step is crucial to ensure that the address in question belongs to the entity it claims to represent. An illustrative case would be investigating the purchase of an expensive plot in the metaverse. Suppose an analysis of a user’s blockchain address reveals an NFT transaction from another address, which purportedly represents a plot identical to the one purchased. However, the source address sending the NFT is not the official one used by the metaverse provider for NFTs. If this discrepancy goes unchecked, it could obscure potential fraud or suspicious activities.
Another key factor in asset provenance is linking blockchain addresses to actual user identities. While blockchain technology typically provides pseudonymity, there are services that offer extensive databases capable of associating specific addresses with various entities and exchanges. This capability enhances an investigator’s ability to trace asset flows more effectively. For instance, WalletExplorer is a website that provides free services for attributing addresses on the Bitcoin network.
System and platform configuration
To effectively investigate a metaverse platform, it’s essential to gather detailed information about its system, architecture, and configuration. However, obtaining this information can be challenging as it is often limited. When available, key sources include official websites, developer documentation, user forums, and community pages. Additionally, valuable insights into the platform’s configuration can often be gleaned from debug and error logs, where these are accessible.
Behavioral biometrics
Behavioral patterns, such as user interactions and in-game actions, are key in identifying users based on their unique behaviors and detecting potential account hijacks. These behaviors can include movement and gesture recognition, voice recognition and the patterns of typing and communication. Additional metrics may involve how users interact with in-game items and other participants.
Currently, most systems used to interact with the metaverse do not extensively log such information, which limits the capacity for in-depth behavioral analysis. What is typically available for analysis includes communication patterns derived from chat logs and basic interaction patterns. These interactions are often analyzed through chats, the groups users join, events they attend, and on-chain analytics for transactions and engagements within the virtual space. This level of analysis, while helpful, only scratches the surface of what could potentially be achieved with more comprehensive behavioral data collection and analysis.
Following analysis, it is crucial to correlate and analyze diverse data types from multiple sources, including blockchain transactions, IPFS storage, internet-of-things (IoT) devices and activities within the metaverse. Drawing from research, a forensic framework could use APIs from diverse data repositories to aggregate pertinent information. Such information can be retrieved from blockchain analytics vendors for the identification of malicious wallet addresses or traditional databases containing threat intelligence for malicious IP addresses and file hashes. The gathered data can then be processed through Named Entity Recognition (NER) to cleanse the data to extract relevant information and diminish data clutter in larger datasets, ensuring analysts receive concise and clear insights. Enriching threat intelligence demands considerably more effort beyond conventional practices, extending beyond mere checks of IPs, URLs, file hashes and online adversarial behavior. It also encompasses the analysis of blockchain transactions, provenance of digital assets, and the scrutiny of entities within the metaverse, such as casinos and conference venues, given that logs are available for analysis.
The insights gained from each case should be meticulously documented in public databases, outlining the tactics, techniques and procedure employed by adversaries within the metaverse. This documentation aids in refining the forensic capabilities of metaverse systems and provides forensic examinators intelligence for more effective and precise attributions. The selection of data sources for threat intelligence augmentation can be tailored based on investigative needs and emerging developments in the field. While it’s crucial to continue employing conventional threat intelligence strategies to address more traditional and legacy aspects of investigations, for metaverse-specific inquiries, relevant data sources might include:
The source code of blockchains or smart contracts (e.g., from GitHub).
IPFS (Interplanetary File System) frameworks.
Blockchain analytics tools.
Social media and community monitoring for discussions and trends on social media.
Metaverse environments are built on different platforms, each with its own set of protocols, standards, and data formats. This heterogeneity complicates the process of collecting and analyzing digital evidence. Additionally, the dynamic and immersive nature of the metaverse, where interactions and transactions occur in real-time within three-dimensional spaces, adds another layer of complexity. Forensic investigators must navigate these virtual spaces, by first understanding the context of interactions, and then identify relevant data points for analysis, which can be a daunting task.
Looking forward, the development of metaverse forensics is likely to focus on the creation of standardized tools and protocols to make metaverse compatibility, interpolarity, and thus forensics, an easier task. Forensic tools should be able to efficiently navigate and extract data from various metaverse platforms. These tools must be capable of not only handling the current diversity of data formats and interaction types but also adaptable to future technologies. Additionally, there is an emphasis on developing collaborative frameworks that allow for cross-jurisdictional cooperation, as the metaverse transcends geographical boundaries.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!
Cisco Security Social Channels
InstagramFacebookTwitterLinkedIn
"}]] Exploring the Metaverse? Discover its hidden cybersecurity risks and stay protected. Dive into the evolving world of virtual reality with us, where we uncover and tackle the security challenges of tomorrow Read More Cisco Blogs
Learn how to make government services strong and adaptable with our key strategies from Cisco Live 2024 – watch the replay now!
[[{"value":"
To successfully leverage the ongoing digital transformation to deliver resiliency, a holistic architectural approach is critical, and we need to think of end-to-end optimization from a risk management perspective. This helps ensure resiliency for the mission and business outcomes of our government, public sector, and critical infrastructure organizations. In addition, enterprise visibility is essential for operational optimization and enterprise security, as is the need to align IT and OT together to deliver mission and business resiliency.
The digital revolution that is currently underway represents a fundamental shift in how government agencies operate and deliver services. A comprehensive approach that considers every aspect of the organization’s mission and business critical operations is required to optimize this transformation. This end-to-end architectural approach should encompass all layers of the technology stack, from infrastructure to applications, from data management to user interfaces, and the interconnections between these layers.
The convergence of Information Technology (IT) and Operational Technology (OT) is critical to modernizing and optimizing government services. Aligning IT and OT can lead to improved operational performance, better resource management, and enhanced decision-making capabilities. However, this alignment also introduces new challenges, particularly in cybersecurity. OT systems, which may control critical infrastructure, were often not designed with cyber threats in mind. As these systems become more connected to IT networks, they become more vulnerable to attacks. Therefore, it’s essential to implement security measures appropriate for this increasingly integrated IT-OT environment.
Ultimately, aligning IT and OT, optimizing operations, and embedding risk management aims to deliver resilient mission and business outcomes. For government clients, this means maintaining essential services and fulfilling their mission, even in the face of challenges such as cyberattacks, natural disasters, or other crises. Achieving this level of resiliency requires ongoing efforts to assess risks, update technologies, train personnel, and refine strategies to respond to an ever-evolving threat landscape.
The ongoing digital transformation in the government sector demands a comprehensive approach that considers the entire system architecture. By focusing on end-to-end optimization through a risk management lens, ensuring enterprise-wide visibility, and aligning IT and OT systems, government agencies can enhance their operational efficiency, strengthen their security posture, and ultimately deliver resilient mission and business outcomes to the public they serve.
If you want to learn more, check out our session from Cisco Live 2024 below. In it, we discussed how to transform government with a secure, resilient digital architecture that optimizes end-to-end operations and unites IT and OT.
"}]] Learn how to make government services strong and adaptable with our key strategies from Cisco Live 2024 – watch the replay now! Read More Cisco Blogs
Look back at Cisco Live 2024, and get a wrap up of the event from the Cisco Customer Experience team's perspective.
[[{"value":"
What an incredible week at Cisco Live! This is my favorite event to connect with partners, customers, and colleagues against a vibrant backdrop, packed with energy, inspiring sessions, networking opportunities, and groundbreaking innovations.
This was my second time attending in person, and it did not disappoint. From the attendees’ excitement to engaging keynotes, product announcements, and special guests, this year was one for the books, and I was honored to be a part of it. If you missed it, you can watch on-demand sessions.
During the keynotes, our leaders and industry experts shared their visions for the future, highlighting how Cisco’s innovations shape the digital experience. Learning about new products and solutions that will empower businesses worldwide using AI and networking, security, and observability was exciting. Learn more about our innovations and investments from this year’s event.
Diversity, equity, and inclusion (DEI) were key themes throughout Cisco Live, and I was honored to participate in a discussion about how DEI can be a business differentiator, not only in our internal culture but in the way we interact with our customers, and the impact it has on our bottom line. It is inspiring to see so many passionate individuals committed to fostering an inclusive culture within the tech industry.
A highlight of the week was our annual Customer Hero Awards ceremony, where we celebrated our outstanding customers who have leveraged Cisco technologies to drive transformation within their organizations and for their industries. Congratulations to all the winners for their dedication and innovative spirit!
AI integration and automation were highly anticipated topics this year, and I had the opportunity to take center stage in the World of Solutions to speak about AI-readiness and implementing AI strategies into your business. I spoke with Nallan Sriraman, CTO at Mass General Brigham, about their infrastructure transformation journey, and how AI is helping them achieve their business goals. Sri’s insight was invaluable, as he shared “while AI is an inflection point in how we do everything, we have to realize that it will not always be appropriate for every problem at hand. First, understand why you want to apply AI, then carry out a small-scale pilot to understand how close we can get to human parity vs. human augmentation.”
Other highlights this year for me included the Tech Talks Daily podcast with Neil C. Hughes. Neil and I discussed the latest trends and how Cisco is innovating to meet the evolving needs of customers.
The CX booth was full of innovation, including AI-driven photos, and some pretty nifty holograms. You have not experienced the future until you’re standing next to a virtual version of yourself.
We wrapped the week with an unforgettable experience in the CX Rock Legend Lounge, relaxing, networking, and celebrating the week – and of course the amazing Elton John.
Cisco Live this year truly demonstrated the power of technology and our company’s innovation. A big thank you to everyone who attended. I can’t wait to see you all again next year!
"}]] Look back at Cisco Live 2024, and get a wrap up of the event from the Cisco Customer Experience team's perspective. Read More Cisco Blogs
AI is changing the way we engage data in industrial operations, and choosing the right model for your desired result is critically important.
[[{"value":"
Artificial intelligence was a central theme at Cisco Live US 2024, and it’s clear AI has already made significant strides in reshaping our world. Cisco’s AI-powered innovations build digital resilience by uniquely combining the power of the network with industry-leading security, observability, and data. They simplify adoption and offer visibility and insight across the entire digital footprint, and for those overseeing critical infrastructure, the potential benefits are clear. Undoubtedly, the latest technology offers the promise of enhanced operations. However, the unpredictability of AI’s outcomes can understandably give pause.
There are multiple kinds of AI, and each plays a role in different operational situations. Some AI models produce consistent and predictable results, while others are well suited to identifying relevant information within huge mountains of unstructured data. Choosing the right AI model to address each operational need can be challenging. Cisco’s acquisition of Splunk provides an increasing number of security AI tools to address operational security needs. The vast ecosystem of Cisco’s partners enables a selection of AI tools for various operational use cases.
At the heart of every AI solution is data movement and processing. This is where Cisco excels. Cisco’s infrastructure is designed to receive data from sensors and ensure its secure and reliable transport to the applications that require it, making it a key player in the AI landscape. Examples of AI solutions in critical infrastructure include failure detection, failure prediction, pothole detection, process optimization, and analysis queries. The video below of Roland Plett’s Cisco Live Session takes a deeper look at each of these examples.
AI is changing the way we engage data in industrial operations. There are multiple kinds of AI models, and the combination of models you need depends on the problem you’re trying to solve. It’s essential to recognize that deep learning AI models, like generative AI, are based on probabilities and don’t have deterministic or repeatable outcomes. This is why choosing the right model for your desired result is critically important.
Is your organization ready for AI? Take Cisco’s AI Readiness Assessment and find out.
Check out Cisco’s On-Demand Library for more sessions from Cisco Live US 2024
Visit Cisco’s Portfolio Explorer for Industries to explore tailored solutions for your sector and ignite your business’s potential.
"}]] AI is changing the way we engage data in industrial operations, and choosing the right model for your desired result is critically important. Read More Cisco Blogs
NIS2 mandates manufacturing organizations to implement stronger cybersecurity measures. Learn more about the directive and how to prepare.
[[{"value":"
October 17 is quickly approaching… this is when your organization is expected to comply with the European NIS2 Directive. You might feel you still have time, or that there will be additional delays, but in fact, it’s time to kick start your compliance journey into high gear and ensure your manufacturing organization is up to speed.
Network and Information Security (NIS2) Directive, the new iteration of European Union’s NIS, elevates the stakes even higher with stricter cybersecurity requirements, incident reporting guidelines, and significant financial penalties for non-compliance. NIS2 makes compliance mandatory for all organizations with revenues over €10 million, so you’re probably impacted.
(Read this blog for more details: “NIS2 compliance for industrial networks: Are you ready?“)
Navigating NIS2 compliance can be challenging, but it serves the greater good as it helps enhance your organization’s digital security, and bolsters the EU’s collective cyber resilience, enabling a united front against potential cyber threats for the benefit of all.
According to IBM, the manufacturing industry saw the highest share of cyberattacks among any industry worldwide in 2023. Maybe you think your company is not a target of cyber attacks? Perhaps you think you will never be audited for NIS2 compliance? Make no mistake: any organization can be hit by malware, and your country’s cybersecurity agency will enforce NIS2 as a high priority.
NIS2 greatly improves your ability to protect against threats, cultivate trust within your organization and stakeholders, and safeguard operations to protect your business. Most NIS2 measures are quite straightforward and considered as mandatory best practices regardless of any regulation. They are key to improving your organization’s resilience and ensuring the success of your manufacturing operations.
Strengthen your factory security and drive NIS2 compliance with the following 3 steps.
You need a detailed inventory of all assets connected to your factory network, their vulnerabilities, their communication patterns, and more to effectively assess OT cyber risks.
Cisco Cyber Vision automatically detects and profiles connected assets and monitors communications activities to detect malicious traffic and anomalous behaviors. It scores risks to help teams prioritize what changes and mitigations will be most impactful for improving the OT security posture. It’s built into switches and routers so it’s easy to deploy at scale without additional appliances or network resources. Cyber Vision helps to assess OT cyber risks and provides a strong foundation for getting started with NIS2. Learn more in this solution overview.
This means restricting network communications within the factory and from outside the factory unless they are specifically authorized to run the industrial process. This can be best achieved via two measures.
Segment the factory networks to avoid malicious traffic to easily spread and compromise your operation. Instead of deploying costly zone-based firewalls throughout your factories, use Cyber Vision to logically group assets into zones of trust. Cisco Identity Services Engine (ISE) or Cisco Secure Firewall can leverage this information to enforce policies restricting communications between zones, hence segmenting the industrial network without complex hardware and cabling modifications.
Take control over remote access to OT assets. Vendors and contractors need to remotely access industrial assets for maintenance and troubleshooting. But how do you make it simple to control who can access what, when, and how? Cisco Secure Equipment Access (SEA) is specifically designed for OT workflows, enabling highly granular zero-trust network access (ZTNA) policies such as which assets can be accessed, by whom, at what times, and using which protocols. It’s simpler to deploy than legacy VPNs and makes it easy for OT team to manage their remote access needs while complying with security policies.
Not only does this mean you need tools to detect them, you also need a platform to manage them. Cyber Vision combines protocol analysis, intrusion detection, and behavior analysis to detect malicious activities on your factory network. Events are aggregated into Cisco XDR and/or the Cisco Splunk security platform, making detection, investigation, and remediation simpler and more powerful by unifying cyber security across IT and OT.
NIS2 emphasizes the use of international standards to ensure that entities within its scope implement effective cyber risk-management measures. Implementing the ISA/IEC-62443 industrial cybersecurity framework goes a long way towards NIS2 compliance, as it includes most requirements such as risk analysis, access control, strong authentication, use of cryptography, continuous monitoring, business continuity and disaster recovery, and more. So, if your organization is already implementing the ISA/IEC-62443 cybersecurity framework (especially parts 2-1, 3-2, and 3-3), you will be well on your way to addressing most of NIS2 requirements.
NIS2 compliance is a journey and change doesn’t happen overnight. Let Cisco guide you step-by-step with an infographic that has all the resources you need to get your compliance journey started: 4 Steps to Prepare Your OT for NIS2
4 Steps to Prepare your OT for NIS2
NIS2 Compliance for Industrial Operations Solution Overview
NIS2 Compliance for Industries White Paper
"}]] NIS2 mandates manufacturing organizations to implement stronger cybersecurity measures. Learn more about the directive and how to prepare. Read More Cisco Blogs
As threats become more sophisticated and regulatory demands become stricter, the new Cisco Secure Cloud Access (SCAZT) Specialist Certification dives into the heart of cloud security, underscoring the importance of a security-first approach.
[[{"value":"
In an era where cloud computing has become the backbone of enterprise IT infrastructure, we cannot overstate the significance of a robust security posture that evolves with emerging technologies.
Cisco recognizes the multifaceted nature of today’s cloud environments and has taken a step forward with three new certifications designed to empower IT professionals across the full lifecycle of multicloud ecosystems. These groundbreaking certifications are created to address the three pillars of cloud mastery: connecting to the cloud, securing the cloud, and monitoring the cloud. In this blog, I’ll focus on the certification that involves securing the cloud.
The new Cisco Secure Cloud Access (SCAZT) Specialist Certification dives into the heart of cloud security. As threats become more sophisticated and regulatory demands become stricter, this certification underscores the importance of a security-first approach.
As Cisco’s first-ever Professional-level cloud security certification, this certification is aimed at network engineers, cloud administrators, security analysts, and other IT professionals. And it validates the skills necessary to secure cloud environments effectively.
While the SCAZT exam contains the basics of cloud architecture (you can find its concepts in most cloud deployments), the thing that makes this certification unique is it uses the Cisco equipment and portfolio that some infrastructures already have in their network to secure their cloud.
Plus, the certification is part of the cloud lifecycle—connecting, securing, and monitoring the infrastructure. Most companies cover a single component. But Cisco covers all three elements. So, when you are certified in the security aspect in conjunction with the other two cloud certifications, you can be assured you’re covering the whole cloud lifecycle.
This new cloud security certification is also part of the CCNP Security certification track. This means you can receive a standalone Specialist certification, or combine this cert with the Implementing and Operating Cisco Security Core Technologies (SCOR) exam to earn the CCNP Security certification, which also counts toward recertification and Continuing Education (CE) credits.
Cisco certification exam topics are designed to group topics logically. When you follow the domains and tasks during your studies, you’ll get a comprehensive understanding, plus it connects the chapters you need to study.
The SCAZT 300-740 exam covers cloud security architecture, user and device security, network and cloud security, application and data security, visibility and assurance, and threat response.
Cisco exam topics emphasize hands-on technical questions, theoretical concepts, and critical thinking, always from a job role perspective. The certification focuses primarily on the following protocols, architectures, technologies, and platforms:
Cisco U. has launched a new Learning Path that’s designed to match the SCAZT exam and provide you with the best possible experience. It requires around 48 hours to complete, eligible for 40 CE credits.
You can watch presentations about concepts, complete hands-on labs, and review designs and examples. At the end of each topic, an assessment is available to test your knowledge.
Since most applications and infrastructures are moving to the cloud, if you’re working in a role where cloud concepts are included (whether in an on-premises or hybrid environment), you’re going to need security in every shape and form.
Network security engineers will especially find this certification valuable because it focuses on protocols, architectures, technologies, and platforms relevant to their jobs.
Possible job roles where this certification applies are:
Cloud Security Architect
Cloud Security Engineer
Cloud Security Advisor
Cloud Solutions Architect
Cloud Architect
Cloud Associate
Cloud Engineer
Security Administrator
Security Architect
Security Consultant
Security Engineer
Security Manager
Systems Architect
Systems Engineer
Network Security Engineer
Security Project Manager
Now’s the time to start preparing for the Cisco Secure Cloud Access Specialist certification. Just download the exam topics, complete the SCAZT Learning Path, and take the exam. What better way to be on your way to a new cloud security career? Get started now >>
Thanks for reading! If you’re interested in this new multicloud security certification from Cisco, let me know in the comments below—and if there is any way that I can help you along in your Cisco certification journey. Happy learning!
Sign up for Cisco U. | Join the Cisco Learning Network today for free.
Use #CiscoU and #CiscoCert to join the conversation.
Navigating the Multicloud Journey with Cisco’s New Certifications [Infographic]
"}]] As threats become more sophisticated and regulatory demands become stricter, the new Cisco Secure Cloud Access (SCAZT) Specialist Certification dives into the heart of cloud security, underscoring the importance of a security-first approach. Read More Cisco Blogs
