Getting on Top of Information Security at Cisco Live 2015

It’s that time of year again. Project and implementation rollouts across the country are placed on a temporary pause and […]

By zivaro|June 17, 2015|0 Comments

It’s that time of year again. Project and implementation rollouts across the country are placed on a temporary pause and the masses of Cisco technology wizards descend upon Cisco Live US (#CLUS), this year held again in San Diego, CA. Every year Cisco brings a new set of products, services and platform improvements to discuss with the netizens, and this year was no different.

Attendees have the option of which Cisco Live sessions are most relevant to them, related to their current work or chosen field of study. Having previously attended Cisco Live before, when I focused primarily on wireless technologies, my attention this year was given to information security.

This year, I was afforded the opportunity to start the week off with a bang and pursue the CCIE – Security Techtorial sessions with program manager Zia Hussain and team. The eight-hour Sunday session provided an in-depth look at the exam, covering tips and techniques to utilize when attempting the CCIE – Security Lab exam. Finer points were given on the depth of each Security Domain that would be covered by the exam, and tips on understanding the overall grading strategies showed how each section of the exam was designed to build on one another. (Remember kids, always go back and check your configurations on each section! There just might be a strong correlation between sections, and components that were fixed in one solution, might just break another section that was previously configured to work!)

Overall, it was well worth the extra time and expense, along with the sacrifice of a sunny weekend day in Southern California.

Evolution of TrustSec – Identity and Access Management

Once the main conference began on Monday, the masses arrived in earnest to learn from the best, and Cisco Distinguished speaker Aaron Woland and Craig Hyps did not disappoint!

Getting ready for the Cisco Live Keynote. Getting ready for the Cisco Live Keynote.

For those who are venturing into the world of the Cisco Identity Services Engine (ISE) platform, sessions ranged from an introductory/high level overview, to BYOD policies, to high availability, and advanced tips and tricks when deploying in large scale environments. Special emphasis was given to the importance of proper X.509 Certificate usage and the care that should be undertaken when implementing a variety of client supplicants into an 802.1x environment.

Each session’s presenter did an excellent job of providing an overview of the topics to be presented in the following two hours; should it be either too basic or advanced, the opportunity was given to jump into another session best suited for the attendee.

The product focus of each session was primarily given to ISE release 1.3, as it has been on the market for the past year. However, it should be noted that several slides were updated from previous conferences this past year (Milan, Melbourne, San Francisco) to include references to version 1.4 (which was released to the public only slightly more than one month prior to the conference in San Diego).

Another important refresh to the BRKSEC sessions was given to Secure Group Access (SGA)/Security Group Tagging (SGT). This TrustSec feature, although not as well-known as the Identity Services Engine, provides another valuable tool to utilize when classifying traffic and providing a robust security solution for larger organizations.

Security Group Tagging provides an additional layer of security context to your network by utilizing a similar Label mechanism for the LAN, tucked inside the Ethernet frame, which MPLS uses for the WAN. Security policies can then be created with standard ACLs to enforce traffic flow within your network.  With the use of SGT eXchange Protocol (SXP) to leverage both legacy and TrustSec equipment, Cisco is giving its customers the ability to implement this in their environments today.

To steal a quote from the Cisco Security Team, “If security is not everywhere in your network, It’s nowhere.”  Smart words from some brilliant folks if you ask me!

Wrap Up

Last but not least to be mentioned is that all presentations, in both PDF and video formats, are available online to conference attendees (both past and current). Missed sessions or didn’t write take enough notes? Cisco has you covered and then some.

All in all, Cisco Live San Diego was another successful event pulled off by the entire Cisco Live team. From the opening keynote, announcing that this was John Chambers last event as active CEO, to the Customer Appreciation Event with Aerosmith, to the culminating speech from Mike Rowe of CNN’s “Dirty Jobs,” another world class effort was given to the 25,000+ attendees gathered in San Diego.

Cisco Live Customer Appreciation Event with Aerosmith Cisco Live Customer Appreciation Event with Aerosmith

Given the truly world class effort by the Cisco Live speakers and session presenters, this event is not one to be missed. Whether your goal is to gather an intermediate level introduction to the technologies or an expert level deep dive into the nuts and bolts, each member of the team presented in a professional manner expected of an organization such as Cisco Systems.

See ya next year in Las Vegas!

Learn how Zivaro’s managed SIEM solutions can help your business stay protected

learn more

Subscribe to updates

learn more

Want to learn more?