Founded more than 25 years ago, Cisco Networking Academy continues to be one of the longest-standing IT skills-to-jobs programs of its kind, in the world. But how can a 25-year-old program address today’s digital skills hiring trends?

Now, more than ever, ‘disruption’ is at the top of mind for businesses around the globe. A program such as Networking Academy, which was set up at its foundation to provide learners with the most up-to-date and in-demand technical skills, is well-placed to address the needs of the current and future global digital skills market.

Change has always been at the core of the Networking Academy program’s offerings.

A exact WEF Future of Jobs Report found that more than 85 percent of organizations surveyed said that transformation of their organization will be driven by increased adoption of new and frontier technologies and broadening digital access.

Networking Academy, through it’s extensive ecosystem of education partners and flexible learning options, is training those change agents, today.

About the Be the Bridge and Golden Bridge Awards

Cisco Networking Academy’s Be the Bridge Awards were launched during Networking Academy’s first-ever virtual Global Partner Conference in May 2021 (fiscal 2020) to recognize the exemplary efforts of Networking Academy partners who lead in their dedication to achieving student success. Every Be the Bridge Award winner has excelled in one or more of the following categories: Inclusive Futures, Global Reach, Impacting Lives, Learning Innovation, and Partnerships.

Additionally, in each of Cisco Networking Academy’s geographic regions, a prestigious Golden Bridge Award is presented to the individual or institution that showed exceptional commitment to prioritizing student success over the previous year.

The success of Cisco Networking Academy is powered by the dedication and passion of people who work towards providing equitable access to education for all. Our united purpose remains the same: to impact the lives of learners, educators, and communities through the power of technology, education, and career opportunities.

It was my absolute pleasure to present the majority of our Golden Bridge Award winners for 2023 in-person at various Partner Conferences held from May to June. Each Be the Bridge winner in each region received a certificate of achievement, a trophy, and were entered as finalists in the annual Golden Bridge Awards, with an opportunity to celebrate their achievement through blogs and other social marketing materials. In addition, Golden Bridge Award winners receive a trophy and publicity on Cisco.com.

I am thrilled to share the five Cisco Networking Academy Golden Bridge Award Winners for 2023.

2023 Golden Bridge Award winners

University of Information Technology and Management, Poland

This award recognizes the outstanding response and partnership to support Ukrainian refugees in building their digital skills and employability through the Start IT educational program Cisco4Ukraine. University of Information Technology and Management’s (UITM) ability to scale at speed from 700 people in the pilot phase to 5,000 new registrations with the official launch of the program on February 1, 2023, shows how the partnerships with Networking Academy are impacting lives. Thank you to everyone behind this initiative.

Learn more in this video.

As a result of Russia’s invasion of Ukraine in late February 2022, millions of Ukrainian civilians were forced to flee to other countries, mainly to Poland. According to figures from the UN refugee agency, 90 percent of these refugees were women and children. Poles opened hearts and homes to host Ukrainian refugees and help them to overcome many challenges and establish a new life.

UITM is based in Rzeszów, a city in southeastern Poland and close to the Ukrainian border. As an educational institution, UITM already had long-standing relations with Ukraine. And as a Cisco Networking Academy Support Center and Instructor Training Center, UITM was well experienced in developing and delivery of educational projects for different types of learners. With the Networking Academy partnership and a Cisco Foundation training grant, UITM was able to transform the initial humanitarian support provided to the refugees into a more programmable approach, addressing the need to build digital skills, upskilling, and reskilling newcomers, and to open new opportunities for displaced Ukrainians. UITM started with a pilot program, hiring Ukrainian Networking Academy instructors to deliver the courses, and adjusted the project to the specific requirements of the Ukrainian refugees.

UITM used a range of communication channels to reach the refugees, including social media, PR activities, partnerships with local governments in Poland and Ukraine, and collaboration with non-government organizations that support Ukrainian citizens.

“So far, over 4,300 refugees from Ukraine have taken part in various trainings. We expect the first graduates of the full pathway in September 2023. They will then be offered the opportunity to participate in advanced training, which will last for the next few months. Meantime many learners complete the short courses and collect the digital badges offered on the Skills for All platform. 

The employment process is very individual and depends on many factors. Start IT Cisco4Ukraine not only gives an opportunity to learn new tech skills, reskill, upskill, and prepare for their first tech jobs but also empowers learners and creates a pipeline of talent who want to develop and achieve more. We invite the course graduates to enroll in Cisco Talent Bridge Matching Engine platform to access the opportunities advertised by the Cisco ecosystem and we provide the resources to prepare for the recruitment processes and job market demand.

We are proud that the Cisco Networking Academy community appreciated our commitment to supporting refugees from Ukraine. We feel honored, but at the same time, this distinction strengthens our motivation for further action. We are very happy that the first results of this project are already visible – although the training is ongoing and the full path of training has not been completed yet, we observe that thanks to the Start IT Cisco4Ukraine project individuals are open to new opportunities and better equipped with skills critical in the digital economy. We believe that granting this award to our university will also help in the further promotion of the project and convince new learners to join our free training in the field of cybersecurity and programming.”
~Lucjan Hajder, IT Director, UITM

National Information Technology Development Agency, Nigeria

This award recognizes National Information Technology Development Agency’s (NITDA) partnership, under the Ministry Communications Technology and Digital Economy, in championing digital skills implementation and digital literacy and skills development programs, with the aim of reaching a 95 percent digital literacy level in the Federal Government of Nigeria by 2030. Thank you for your ongoing commitment to the success of these initiatives. We would particularly like to highlight your partnership with Cisco Networking Academy to train over 2,000 students in Cisco Certified Networking Associate (CCNA) towards industry certification, and over 10,000 service providers in Cybersecurity. Your support, engagement with Networking Academy instructors, and free internet data for the students engaged in the training is positively impacting lives.

“It is always a delight to receive awards in recognition of our efforts as they inspire us to do more. It offers the next level of motivation which could have profound impacts on us and the society at large. This award in particular serves as a confidence booster as it helps us track the success of our desired trajectory in trying to achieve a digital Nigeria. Not only did receiving this award feel gratifying by validating our efforts and the digital transformation agenda, it is also a testimony that we are on the right track towards transforming Nigeria into a leading digital economy, providing quality life and economic prosperity for all.”
~Muhammad Kabir Salihu (MNSE, COREN), Deputy Director, IT Infrastructure Solutions Department, Information Solutions Department (ITIS), National Information Technology Development Agency (NITDA)

Read more about NITDA.

Fundación Omar Dengo, Costa Rica

The Fundación Omar Dengo (FOD) is credited with this well-deserved recognition by celebrating its impact through the Cisco Networking Academy program on young people and adults from different provinces of the country. As a key partner of the program in Costa Rica, FOD demonstrates its excellence in its areas of performance, overcoming challenges and barriers that they have encountered along the way and creating their own routes to success, in an innovative and autonomous way. As part of its management, the FOD collaborates in the creation of complementary content designed specifically for its audiences, developing programs for the community and for the underserved.

In fiscal 2023, FOD receives the Golden Bridge Award for contributing to the acceleration of learning digital skills in the local ecosystem by closing the digital divide and promoting employability programs in courses such as programming, cybersecurity, networks and Internet of Things, among others. Congratulations to all involved.

“The Omar Dengo Foundation has promoted workforce development for 35 years through educational proposals that are based on the use of new technologies. It is an honor for us to receive this award, which recognizes the role we have played in closing digital gaps, mainly in promoting employability programs in areas such as programming, cybersecurity, networks, and the Internet of Things.”
~Elena Carreras, Director, Innova Educational Development, Fundación Omar Dengo

EdCreate Foundation, India

This award recognizes a significant milestone for EdCreate of reaching more than 100,000 students in India, making EdCreate our largest Networking Academy partner in India. We are in awe of how many underserved communities EdCreate serves in their educational focus – up to 70 or 80 percent! We are also excited to see employer partnerships in India successfully placing students in IT companies, to further create career opportunities for them.

You can read more from a exact blog.

“The challenges to educate underserved students in rural Indian areas are many and include infrastructure in the colleges, lack of well-equipped laboratories, workshops, and classrooms, which hinders the effective delivery of any technical education program. Regulatory challenges such as compliance with regulatory frameworks, accreditation processes, and frequent policy changes can also be a challenge for technical education institutions. Navigating these requirements while ensuring quality education becomes very demanding. We are constantly juggling the quality of the faculty, industry/academia gaps, lack of research and innovation, access and affordability, as well as the rural/urban divide.

When we began our partnership with Cisco, we underestimated the magnitude of impact Cisco Networking Academy program can bring in people’s lives. There is a profound effect on millions of students and their families when we create a world-class, employable, digital workforce, far beyond what the individuals, themselves, had originally anticipated, too. The journey so far has been very transformative.”

Thanks to Cisco India Team and the global leadership for this continued support and their belief in our work. We are truly honored and humbled to receive the Golden Bridge Award for the second year in a row. It is a validation of the hard work and dedication that went into developing our organization as the largest Cisco Networking Academy partner in the world today. Looking to the future, EdCreate Foundation aims to expand in all Indian geographies, as it plans to “go global”. “With the help of our wonderful team, tech adoption and our strategic alliances with multiple governments, we will scale faster in our commitment to create a digital and employable workforce.”
~Manas Deep, co-founder, EdCreate Foundation

Ivy Tech Community College, Indiana, United States

Through the Ivy Tech’s Valparaiso campus Routing Switching Certificate program, Ivy Tech Community College  participates in the State Earn and Learn (SEAL) Program. This ten-month program is a part of the Indiana Department of Workforce Development. It is an industry-driven, high-quality career pathway where employers can develop and prepare their future workforce. Individuals can obtain paid work experience and receive progressive wage increases, classroom instruction, and a portable, nationally-recognized credential. SEAL programs are certified by the State of Indiana. Applicants work in collaboration with employers to achieve certification.

The Golden Bridge Award recognizes Ivy Tech for providing students with the skills needed to work in the IT field and the ability to earn industry-recognized certifications. We’re also excited to see apprenticeship opportunities expanding with local business community partnerships, impacting the lives of students and the organizations they will ultimately work for.

“Ivy Tech Community College is honored to be a recipient of the Cisco Networking Academy Golden Bridge Award for 2023. Ivy Tech’s vision is that our students will earn 50,000 high-quality credentials each year aligned with the needs of Indiana’s workforce and communities. Our partnership with Cisco and the Cisco Networking Academy is vital in reaching this vision and our commitment to our students. This also aligns with one of the goals of the Cisco Networking Academy, to “provide skills training through strong public-private partnerships, high-quality curriculum, and inclusive workforce development programs.”
~Ben Marrero – Cisco Academy Support Center, Interim Dean, School of IT, Valparaiso Campus

“Internships are crucial to the student’s learning process and eventual success. Within internships, classroom concepts suddenly become fundamental tools of the trade as you interact and learn in a professional setting. Our Routing and Switching SEAL program gives our students real-world experiences. Also, internships help build résumés and teach instrumental, career-developing qualities. Internships help develop your professionalism and encourage character growth and characteristics like integrity, commitment, and self-motivation, which are several traits learned through an internship.” says Mr. Marrero.

This is the first Ivy Tech School of IT program to be credited by the Indiana SEAL program, with future plans to expand to other IT programs, such as Cybersecurity and Programming.

“I have been attending Ivy Tech for three years to obtain my Associated Degree in Network Infrastructure. Throughout my studies, I have taken many of the networking courses that Ivy Tech provides through Cisco, and they have all helped me get the current job I have. The most beneficial course Ivy Tech has from Cisco was the Infrastructure Design – Logical and Physical (SEAL program), it has helped me with my current job where I have had to build labs and make my own cables. I have said to Ben Marrero multiple times that I would be happy to take the class again because learning about fiber optic cabling and making those cables was fun and interesting to learn about.”
~Lawrence De Rozairo, Student at Ivy Tech Community College

2023 Be the Bridge Award winners

Europe-CIS

IFOA, Italy

Universidad Miguel Hernández, Spain

Middle East and Africa

Department of Higher Education South Africa

African Advanced Level Telecommunications Institute, Kenya

Latin America

Edutek, Guatemala

SENAI – SP, Brazil

Asia Pacific, Japan, and China

Bachkhoa Academy, Vietnam

Electrical and Information Engineering, Universitas Gadjah Mada, India

United States and Canada

Montgomery County Community College

Western Academy Support and Training Center

Previous Be the Bridge Awards winners

2022 Cisco Networking Academy announces Golden Bridge Award winners while celebrating 25 years of impact – Cisco Blogs

2021 Cisco Networking Academy recognizes top partners and instructors – Cisco Blogs

View original content here.

Microsegmentation is table stakes for CISOs looking to gain the speed, scale and time-to-market advantages that multicloud tech stacks provide digital-first business initiatives.

Gartner predicts that through 2023, at least 99% of cloud security failures will be the user’s fault. Getting microsegmentation right in multicloud configurations can make or break any zero-trust initiative. Ninety percent of enterprises migrating to the cloud are adopting zero trust, but just 22% are confident their organization will capitalize on its many benefits and transform their business. Zscaler’s The State of Zero Trust Transformation 2023 Report says secure cloud transformation is impossible with legacy network security infrastructure such as firewalls and VPNs. 

Defining microsegmentation

Microsegmentation divides network environments into smaller segments and enforces granular security policies to minimize lateral blast radius in case of a breach. Network microsegmentation aims to segregate and isolate defined segments in an enterprise network, reducing the number of attack surfaces to limit lateral movement. 

It’s considered one of the main components of zero trust and is defined by NIST’s zero-trust framework. CISOs tell VentureBeat that microsegmentation is a challenge in large-scale, complex multicloud and hybrid cloud infrastructure configurations and they see the potential for AI and machine learning (ML) to Boost their deployment and use significantly.

Gartner defines microsegmentation as “the ability to insert a security policy into the access layer between any two workloads in the same extended data center. Microsegmentation technologies enable the definition of fine-grained network zones down to individual assets and applications.”  

Microsegmentation is core to zero trust 

CISOs tell VentureBeat that the more hybrid and multicloud the environment, the more urgent — and complex — microsegmentation becomes. Many CISOs schedule microsegmentation in the latter stages of their zero-trust initiatives after they’ve achieved a few quick zero trust wins. 

“You won’t really be able to credibly tell people that you did a zero trust journey if you don’t do the micro-segmentation,” David Holmes, Forrester senior analyst said during the webinar “The time for microsegmentation is now,” hosted by PJ Kirner, Illumio cofounder and advisor. 

Holmes continued: “I recently was talking to somebody [and]…they said, ‘The global 2000 will always have a physical network forever.’ And I was like, “You know what? They’re probably right.’ At some point, you’re going to need to microsegment that. Otherwise, you’re not zero trust.”

CIOs and CISOs who have successfully deployed microsegmentation advise their peers to develop their network security architectures with zero trust first, concentrating on securing identities often under siege, along with applications and data, instead of the network perimeter. Gartner predicts that by 2026, 60% of enterprises working toward zero trust architecture will use more than one deployment form of microsegmentation, up from less than 5% in 2023. 

Every leading microsegmentation provider has active R&D, DevOps and potential acquisition strategies underway to strengthen their AI and ML expertise further. Leading providers include Akamai, Airgap Networks, AlgoSec, Amazon Web Services, Cisco, ColorTokens, Elisity, Fortinet, Google, Illumio, Microsoft Azure, Onclave Networks, Palo Alto Networks, Tempered Networks, TrueFort, Tufin, VMware, Zero Networks and Zscaler.

Microsegmentation vendors offer a wide spectrum of products spanning network-based, hypervisor-based, and host-agent-based categories of solutions.

How AI and ML simplify and strengthen microsegmentation

Bringing greater accuracy, speed and scale to microsegmentation is an ideal use case for AI, ML and the evolving area of new generative AI apps based on private Large Language Models (LLMs). Microsegmention is often scheduled in the latter stages of a zero trust framework’s roadmap because the large-scale implementation can often take longer than expected. 

AI and ML can help increase the odds of success earlier in a zero-trust initiative by automating the most manual aspects of implementation. Using ML algorithms to learn how an implementation can be optimized further strengthens results by enforcing the least privileged access for every resource and securing every identity.   

Forrester found that the majority of microsegmentation projects fail because on-premise private networks are among the most challenging domains to secure. Most organizations’ private networks are also flat and defy granular policy definitions to the level that microsegmentation needs to secure their infrastructure fully. The flatter the private network, the more challenging it becomes to control the blast radius of malware, ransomware and open-source attacks including Log4j, privileged access credential abuse and all other forms of cyberattack.

Startups jumping into the space

Startups see an opportunity in the many challenges that microsegmentation presents. Airgap Networks, AppGate SDP, Avocado Systems and Byos are startups with differentiated approaches to solving enterprises’ microsegmentation challenges. AirGap Networks is one of the top twenty zero trust startups to watch in 2023. Their approach to agentless microsegmentation shrinks the attack surface of every connected endpoint on a network. Segmenting every endpoint across an enterprise while integrating the solution into a running network without device changes, downtime or hardware upgrades is possible.

Airgap Networks also introduced its Zero Trust Firewall (ZTFW) with ThreatGPT, which uses graph databases and GPT-3 models to help SecOps teams gain new threat insights. The GPT-3 models analyze natural language queries and identify security threats, while graph databases provide contextual intelligence on endpoint traffic relationships. 

Prime areas for AI and ML

AI and ML can deliver great accuracy, speed and scale in microsegmentation in the following areas:

Automating policy management

One of the most difficult aspects of microsegmentation is manually defining and managing access policies between workloads. AI and ML algorithms can automatically model application dependencies, communication flows and security policies. By applying AI and ML to these challenges, IT and SecOps teams can spend less time on policy management. Another ideal use case for AI in microsegmentation is its ability to simulate proposed policy changes and identify potential disruptions before enforcing them.

More insightful, real-time analytics

Another challenge in implementing microsegmentation is capitalizing on the numerous sources of real-time telemetry and transforming them into a unified approach to reporting that provides deep visibility into network environments. Approaches to real-time analytics based on AI and ML provide a comprehensive view of communication and process flows between workloads. Advanced behavioral analytics provided by ML-based algorithms have proven effective in detecting anomalies and threats across east-west traffic flows. These analytics Boost security while simplifying management.

More autonomous asset discovery and segmentation

AI can autonomously identify assets, establish communication links and identify irregularities and distribute segmentation policies without manual intervention. This self-sufficient capability diminishes the time and exertion needed to execute microsegmentation and maintains its currency as assets alter. It additionally mitigates the potential for human error in policy development.

Scalable anomaly detection

AI algorithms can analyze extensive amounts of network traffic data, allowing for the identification of abnormal patterns. This empowers scalable security measures while maintaining optimal speed. By harnessing AI for anomaly detection, microsegmentation can expand across extensive hybrid environments without introducing substantial overhead or latency. This ensures the preservation of security effectiveness amidst the expansion of the environment.

Streamlining integration with cloud and hybrid environments

AI can Boost microsegmentation’s integration across on-premises, public cloud and hybrid environments by identifying roadblocks to achieving optimized scaling and policy enforcement. AI-enabled integration provides a consistent security posture across heterogeneous environments, eliminating vulnerabilities attackers could exploit. It reduces operational complexity as well.

Automating incident response

AI allows for automated responses to security incidents, reducing response times. Microsegmentation solutions can use trained ML models to detect anomalies and malicious behavior patterns in network traffic and workflow in real-time. These models can be trained on large datasets of normal traffic patterns and known attack signatures to detect emerging threats. When a model detects a potential incident, predefined playbooks can initiate automated response actions such as quarantining affected workloads, limiting lateral movement and alerting security teams. 

Enhanced collaboration and workflow automation

AI streamlines team collaboration and automates workflows, decreasing the time required for planning, analysis and implementation. By enhancing collaboration and automation, AI has optimized the entire microsegmentation lifecycle, allowing for a quicker time-to-value and ongoing agility, thereby enhancing the productivity of security teams.

Essential to zero trust architecture 

Microsegmentation is essential to zero trust architecture, but scaling it is difficult. AI and ML show potential for streamlining and strengthening microsegmentation in several key areas, including automating policy management, providing real-time insights, enabling autonomous discovery and segmentation and more. 

When microsegmentation projects are delayed, AI and ML can help identify where the roadblocks are and how an organization can more quickly reach the results they’re after. AI and ML’s accuracy, speed and scale help organizations overcome implementation challenges and Boost microsegmentation. Enterprises can reduce blast radius, stop lateral movement and grow securely across complex multicloud environments.

In large metropolitan areas, tourists are often easy to spot because they’re far more inclined than locals to gaze upward at the surrounding skyscrapers. Security experts say this same tourist dynamic is a dead giveaway in virtually all computer intrusions that lead to devastating attacks like data theft and ransomware, and that more organizations should set simple virtual tripwires that sound the alarm when authorized users and devices are spotted exhibiting this behavior.

In a blog post published last month, Cisco Talos said it was seeing a worrisome “increase in the rate of high-sophistication attacks on network infrastructure.” Cisco’s warning comes amid a flurry of successful data ransom and state-sponsored cyber espionage attacks targeting some of the most well-defended networks on the planet.

But despite their increasing complexity, a great many initial intrusions that lead to data theft could be nipped in the bud if more organizations started looking for the telltale signs of newly-arrived cybercriminals behaving like network tourists, Cisco says.

“One of the most important things to talk about here is that in each of the cases we’ve seen, the threat actors are taking the type of ‘first steps’ that someone who wants to understand (and control) your environment would take,” Cisco’s Hazel Burton wrote. “Examples we have observed include threat actors performing a ‘show config,’ ‘show interface,’ ‘show route,’ ‘show arp table’ and a ‘show CDP neighbor.’ All these actions supply the attackers a picture of a router’s perspective of the network, and an understanding of what foothold they have.”

Cisco’s alert concerned espionage attacks from China and Russia that abused vulnerabilities in aging, end-of-life network routers. But at a very important level, it doesn’t matter how or why the attackers got that initial foothold on your network.

It might be zero-day vulnerabilities in your network firewall or file-transfer appliance. Your more immediate and primary concern has to be: How quickly can you detect and detach that initial foothold?

The same tourist behavior that Cisco described attackers exhibiting vis-a-vis older routers is also incredibly common early on in ransomware and data ransom attacks — which often unfurl in secret over days or weeks as attackers methodically identify and compromise a victim’s key network assets.

These virtual hostage situations usually begin with the intruders purchasing access to the target’s network from dark web brokers who resell access to stolen credentials and compromised computers. As a result, when those stolen resources first get used by would-be data thieves, almost invariably the attackers will run a series of basic commands asking the local system to confirm exactly who and where they are on the victim’s network.

This fundamental reality about modern cyberattacks — that cybercriminals almost always orient themselves by “looking up” who and where they are upon entering a foreign network for the first time — forms the business model of an innovative security company called Thinkst, which gives away easy-to-use tripwires or “canaries” that can fire off an alert whenever all sorts of suspicious activity is witnessed.

“Many people have pointed out that there are a handful of commands that are overwhelmingly run by attackers on compromised hosts (and seldom ever by regular users/usage),” the Thinkst website explains. “Reliably alerting when a user on your code-sign server runs whoami.exe can mean the difference between catching a compromise in week-1 (before the attackers dig in) and learning about the attack on CNN.”

These canaries — or “canary tokens” — are meant to be embedded inside regular files, acting much like a web beacon or web bug that tracks when someone opens an email.

The Canary Tokens website from Thinkst Canary lists nearly two-dozen free customizable canaries.

“Imagine doing that, but for file reads, database queries, process executions or patterns in log files,” the Canary Tokens documentation explains. “Canarytokens does all this and more, letting you implant traps in your production systems rather than setting up separate honeypots.”

Thinkst operates alongside a burgeoning industry offering so-called “deception” or “honeypot” services — those designed to confuse, disrupt and entangle network intruders. But in an interview with KrebsOnSecurity, Thinkst founder and CEO Haroon Meer said most deception techniques involve some degree of hubris.

“Meaning, you’ll have deception teams in your network playing spy versus spy with people trying to break in, and it becomes this whole counterintelligence thing,” Meer said. “Nobody really has time for that. Instead, we are saying literally the opposite: That you’ve probably got all these [security improvement] projects that are going to take forever. But while you’re doing all that, just drop these 10 canaries, because everything else is going to take a long time to do.”

The idea here is to lay traps in sensitive areas of your network or web applications where few authorized users should ever trod. Importantly, the canary tokens themselves are useless to an attacker. For example, that AWS canary token sure looks like the digital keys to your cloud, but the token itself offers no access. It’s just a lure for the bad guys, and you get an alert when and if it is ever touched.

One nice thing about canary tokens is that Thinkst gives them away for free. Head over to canarytokens.org, and choose from a drop-down menu of available tokens, including:

-a web bug / URL token, designed to alert when a particular URL is visited;
-a DNS token, which alerts when a hostname is requested;
-an AWS token, which alerts when a specific Amazon Web Services key is used;
-a “custom exe” token, to alert when a specific Windows executable file or DLL is run;
-a “sensitive command” token, to alert when a suspicious Windows command is run.
-a Microsoft Excel/Word token, which alerts when a specific Excel or Word file is accessed.

Much like a “wet paint” sign often encourages people to touch a freshly painted surface anyway, attackers often can’t help themselves when they enter a foreign network and stumble upon what appear to be key digital assets, Meer says.

“If an attacker lands on your server and finds a key to your cloud environment, it’s really hard for them not to try it once,” Meer said. “Also, when these sorts of actors do land in a network, they have to orient themselves, and while doing that they are going to trip canaries.”

Meer says canary tokens are as likely to trip up attackers as they are “red teams,” security experts hired or employed by companies seeking to continuously probe their own computer systems and networks for security weaknesses.

“The concept and use of canary tokens has made me very hesitant to use credentials gained during an engagement, versus finding alternative means to an end goal,” wrote Shubham Shah, a penetration tester and co-founder of the security firm Assetnote. “If the aim is to increase the time taken for attackers, canary tokens work well.”

Thinkst makes money by selling Canary Tools, which are honeypots that emulate full blown systems like Windows servers or IBM mainframes. They deploy in minutes and include a personalized, private Canarytoken server.

“If you’ve got a sophisticated defense team, you can start putting these things in really interesting places,” Meer said. “Everyone says their stuff is simple, but we obsess over it. It’s really got to be so simple that people can’t mess it up. And if it works, it’s the best bang for your security buck you’re going to get.”

Further reading:

Dark Reading: Credential Canaries Create Minefield for Attackers
NCC Group: Extending a Thinkst Canary to Become an Interactive Honeypot
Cruise Automation’s experience deploying canary tokens

Cisco Systems Inc. may have reported its strongest annual revenue growth in a decade, but it’s headed down a much more anemic path this fiscal year — and even early traction with artificial intelligence won’t save it from that fate.

On Wednesday, the networking giant reported a better-than-expected fiscal fourth quarter, including a 16% boost in revenue that helped bring its annual growth rate to 11%. But Cisco CSCO, +0.94% also delivered a dim outlook for its current fiscal year, which translated to expectations for revenue growth ranging from a flat performance to a roughly 2% increase.

Capitalizing on malware-free tradecraft to launch undetectable breaches, attackers rely on legitimate system tools and living-off-the-land (LOTL) techniques to breach endpoints undetected. Malware-free attacks trade on the trust of legitimate tools, rarely generating a unique signature and relying on fileless execution. 

Across all malicious activity tracked by CrowdStrike and reported in their 2023 Threat Hunting Report, 71% of detections indexed by the CrowdStrike Threat Graph were malware-free. A total of 14% of all intrusions relied on remote monitoring and management (RMM) tools based on activity tracked by Falcon OverWatch. Attackers increased their use of RMM tools for malware-free attacks by an astounding 312% year-over-year. 

With FraudGPT signaling the start of a new era of weaponized AI and enterprises at risk of losing the AI war, the integration of AI, machine learning (ML) and generative AI into Extended Detection and Response (XDR) needs to be fast-tracked to thwart malware-free and new AI-driven attacks. XDR delivers the consolidation CISOs have been asking for. 

XDR improves the signal-to-noise ratio 

By relying on APIs and platforms designed to integrate at scale, XDR platforms make the most of every available data telemetry source to detect and respond to potential intrusions and breach attempts in real time. These platforms are proving effective in reducing noise across networks and finding the signals signifying a potential intrusion or attack. 

XDR is an effective consolidation strategy for CISOs: 96% plan to consolidate their security platforms, with 63% saying(XDR is their top solution choice, according to Cynet’s 2022 survey of CISOs. 

Nearly all CISOs surveyed said they have consolidation on their roadmaps, up from 61% in 2021. Gartner predicts that by year-end 2027, XDR will be used by up to 40% of enterprises to reduce the number of security vendors they have in place, up from less than 5% today.

An attribute all XDR leaders have is deep talent density in AI and ML across their teams. Leading XDR platform providers include Broadcom, Cisco, CrowdStrike, Fortinet, Microsoft, Palo Alto Networks, SentinelOne, Sophos, TEHTRIS, Trend Micro and VMWare.   

Getting XDR right: Start with endpoints

Endpoints are the stealth on-ramp of choice for large-scale breach attempts: Attackers use stolen identities more than 62% of the time to gain access and are constantly fine-tuning the tradecraft to find gaps in identity and endpoint security, the weakest area of an endpoint.  

Insurance, financial services and banking CISOs tell VentureBeat that endpoints are the most challenging threat surface to protect. It’s common for IT and security teams not to know how many endpoints they have, where each endpoint is and its software bill of materials (SBOM). Cleaning up endpoint agent sprawl and automating patch management are the goals many CISOs begin with. 

CISOs say it’s common to discover that endpoints are overloaded with agents to the point of being inoperable from a security standpoint. Software conflicts leave endpoints more vulnerable to attack, make them more difficult to manage remotely and can reduce performance. 

The Absolute Software 2023 Resilience Index used anonymous telemetry data of its 500 million endpoint devices to see how many endpoints, on average, their customers have. They found that the typical enterprise device has 11 security agents installed, with 2.5 for endpoint management, 2.1 for antivirus/antimalware and 1.6 on average for encryption. Absolute device telemetry data found 67 applications installed on the average enterprise device, with 10% of those devices having more than 100 installed.

Automating endpoint patch management

The CIO of a leading manufacturer told VentureBeat that while patching is always a high priority, she doesn’t have enough staff to keep all patches current. CISO colleagues agree that patch management only gets attention when it’s an emergency — after an intrusion or breach. That conclusion is consistent with Ivanti’s State of Security Preparedness 2023 Report. Ivanti found that 61% of the time, an external event, intrusion attempt or breach reinitiates patch management efforts. 

“Patching is not nearly as simple as it sounds,” said Srinivas Mukkamala, chief product officer at Ivanti. “Even well-staffed, well-funded IT and security teams experience prioritization challenges amidst other pressing demands. To reduce risk without increasing workload, organizations must implement a risk-based patch management solution and leverage automation to identify, prioritize, and even address vulnerabilities without excess manual intervention.” 

Mukkamala told VentureBeat that he envisions patch management becoming more automated, with AI copilots providing greater contextual intelligence and prediction accuracy.

“With more than 160,000 vulnerabilities currently identified, it is no wonder that IT and security professionals overwhelmingly find patching overly complex and time-consuming,” he said. “This is why organizations must utilize AI solutions … to assist teams in prioritizing, validating and applying patches. The future of security is offloading mundane and repetitive tasks suited for a machine to AI copilots so that IT and security teams can focus on strategic initiatives for the business.”

AI Strengthening XDR resilience with self-healing endpoints

Getting cyber-resilience right in a zero-trust world starts with the endpoint. Boards of directors and the CISOs briefing them say cyber-resilience is now considered a must-have for risk management. Absolute Software’s 2023 Resilience Index reflects the challenge of excelling at the comply-to-connect trend. Balancing cybersecurity and cyber-resilience is the goal. 

CISOs tell VentureBeat that self-healing endpoints are the cornerstones of a solid cyber-resilience strategy. Endpoints that heal themselves provide a reliable, real-time stream of telemetry data to train AI and ML models and strengthen XDR platforms. They’re also more difficult to evade and breach compared to their previous-generation constraint and rules-based counterparts. AI and ML-based endpoints detect and respond to potential attacks in milliseconds, which is table stakes for today’s enterprises, given the rapid rise in machine-to-machine attacks.  

Leading self-healing endpoint providers include Absolute Software, Akamai, BlackBerry, CrowdStrike, Cisco, Malwarebytes, McAfee and Microsoft 365. VentureBeat has interviewed customers of each vendor and found that Absolute’s approach to being embedded in the firmware of over 500 million endpoint devices is the most reliable in providing SOC teams with the real-time telemetry data they and their XDR platforms need. 

Absolute’s approach is unique in its reliance on firmware-embedded persistence as the basis of self-healing, providing an undeletable digital tether to every PC-based endpoint. Absolute Software’s Resilience, the industry’s first self-healing zero trust platform, is noteworthy for its asset management, device and application control, endpoint intelligence, incident reporting and compliance.

XDR: The first line of defense against weaponized AI   

The era of weaponized AI is here, and XDR platforms need to step up and take on the challenge of getting all the value they can out of AI and ML technologies if the cybersecurity industry and the many organizations they serve are going to stay safe. No one can afford to lose the AI war against attackers who see the gaps in identities and endpoints as an opportunity to take control of networks and infrastructure.

What’s most troubling is that legacy perimeter-based systems assumed unlimited trust in every identity, endpoint and connection, providing attackers with unchecked access to any system once they compromised an endpoint. Getting XDR right needs to start with endpoints. Cleaning up agent sprawl helps Boost endpoint visibility and performance, and automating patch management with AI and ML techniques that learn instead of waiting for the next breach saves IT teams from fire drills and wasted time. 

Self-healing endpoints are the cornerstone of cyber-resilience. Getting these areas strong is a prerequisite for making the most of an XDR architecture that can deliver on its potential to protect an organization’s core business functions and customers.

LogicMonitor Inc., a veteran player in the application observability market, is revamping its platform today with new features, expanded integrations with key software platforms, and a fresh lick of paint to spruce up the user experience.

The company’s LM Envision platform provides companies with an array of tools they can use to monitor the health of their software applications and the infrastructure they run on.

Observability refers to the practice of collecting data such as application logs and other metrics that can indicate if an app has any problems and show where a fix might be needed. This data is aggregated, collated and then presented to application teams in an easy to consume dashboard where it can be explored further.

The headline update is a new event management tool called LM Dexda, which uses advanced machine learning algorithms to try and help filter through the noise caused by thousands of daily alerts. It works by prioritizing alerts so teams can move towards automating prioritized credible actions, LogicMonitor said.

Key attributes of LM Dexda include “adaptive correlation,” with alerts being automatically reclustered when a more optimal option is detected, and user-defined correlation, which enables administrators to fine-tune the underlying machine learning models to their particular needs. LM Dexda is also “ServiceNow-ready,” meaning that alerts can be enriched with ServiceNow data to provide additional context to alerts.

LogicMonitor also announced a series of new and enhanced integrations, including one for Red Hat Inc.’s Ansible platform. Jointly developed with Red Hat, the integration is said to assist with auto-remediation and auto-troubleshooting, and allows users to trigger remediation workflows directly within Ansible, acting in accordance with predefined rules.

With its improved VMware Inc. vSphere support, LM Envision now enables the discovery and monitoring of new ESXi Hosts and mission critical virtual machines, while the Cisco Meraki and Catalyst SD-Wan integrations are brand new, making it simpler for customers to monitor Cisco Systems Inc.-based environments. LogicMonitor is also delivering improved monitoring for Kubernetes deployments, with greater coverage and deeper visibility into the cloud environments that host it.

The new Datapoint Analysis features, meanwhile, rely on machine learning algorithms to surface related metrics and patterns across different infrastructure resources, helping expedite issue diagnosis and reduce the mean-time-to-resolution.

Finally, LogicMonitor is changing the look and feel of its platform to create a more unified and consistent experience for users, saying this can aid in reducing the complexity of observability operations. Its user interface has been optimized to present information from complex, hybrid environments in a more intuitive way, the company said, with consistency across devices, services and networks.

It’s also adding new components such as “bulk actions,” enabling teams to do more tasks at once, plus better search and filtering capabilities. In addition, it’s debuting 20 new, out-of-the-box dashboards for Amazon Web Services and Microsoft Azure, providing service-specific views to supply users more insights into health, performance and availability, the company said.

Announcing today’s updates, LogicMonitor Chief Executive Christina Kosmowski said they address the reality that businesses are coming under tremendous pressure to deliver exceptional digital experiences to their users. “To efficiently do that, our customers look to us to contextualize the overwhelming amount of data within their complex IT environments,” she said.

Image: LogicMonitor

“India has been one of the highest-performing markets in the APJC region for the company quarter-on-quarter in FY23, contributing significantly to overall growth. This is propelled by the immense and rapid adoption of technology we’re seeing across sectors and even in Tier 2 & 3 markets,” Chittilapilly said.

For over 27 years, Cisco India has been at the forefront of growth and innovation with a wealth of business vision, engineering talent, and skills. India is a key market for Cisco both in terms of revenue and R&D– it is the largest R&D center and engineering footprint outside the US for the company.

“The engineers here are instrumental in helping mobilize our business model transformation towards software and subscriptions. India is also fast emerging as a Centre of Excellence for AI, automation, and security for Cisco, and we are leveraging these learnings across our portfolio,” Daisy Chittilapilly, President, Cisco India & SAARC tells Financial Express Online.

Adding, “We believe cybersecurity, AI, infrastructure modernization, workplace transformation, small businesses, and 5G will be key growth drivers in India over the next five years, and Cisco remains well-positioned to capitalize on the tremendous opportunities ahead.”

Following are excerpts from an interaction on the eve of India’s Independence Day:

Elaborate on Cisco’s growth in India vis-à-vis Cisco globally over the years.

India has been one of the highest-performing markets in the APJC region for the company quarter-on-quarter in FY23, contributing significantly to overall growth. This is propelled by the immense and rapid adoption of technology we’re seeing across sectors and even in Tier 2 & 3 markets.

Businesses – regardless of size – are looking for best-in-class cloud-delivered security and collaboration solutions, strong AI and compute capabilities, and next-generation networking infrastructure to become more agile and resilient. In fact, Forrester anticipates tech spends in India to increase by over 10% in 2023, and we are keeping pace with this rising demand. For instance, as cybersecurity becomes the top priority for companies, we are introducing innovative risk-based security capabilities, expanding our security data center footprint, and continuing to build a dedicated security engineering workforce in India to help organizations fortify their defences and catalyse their transformation in the digital age.

These trends, coupled with the ongoing push for the government’s Digital India vision, is catalyzing our growth. We believe this will only gain momentum, and our outlook for Cisco in India is optimistic.

How is Cisco working with the Indian government and other stakeholders in the region?

At Cisco, we work closely with various government and industry bodies to create a positive impact at speed and scale. 

For instance, through our Country Digitization Acceleration Program, we have already completed 120 investments, spanning key areas like 5G, transportation, logistics, and city management, many in partnership with the government. Our collaboration with the Ministry of Housing and Urban Affairs (MOHUA) for the City Innovations Exchange (CIX) Acceleration program is catalyzing startups to deliver solutions that can augment cities’ problem-solving capacity. Cisco is a part of the mentoring and tech panel. Additionally, our memorandum of understanding (MoU) with the Ministry of Agriculture has unlocked the benefits of Internet of Things (IoT) sensors and data analytics to empower farmers in Haryana and Madhya Pradesh.

In addition, as we work with telecom service providers across the nation to reinvent the 5G network to make it predictive, simplified, and trustworthy, we are also further simplifying the constructs of the internet with our Routed Optical Networking solution aimed at collapsing IP and Optical networks.

With the announcement of manufacturing plans in TamilNadu, Cisco is placing strategic emphasis on the Indian market. Could you share more on how Cisco’s ‘Make in India’ initiative contributes to the nation’s journey towards technological self-sufficiency and global competitiveness?

The new manufacturing facility is a part of Cisco’s strategy to create an even more diverse and resilient global supply chain and support India’s vision of becoming a global manufacturing hub. With this latest investment, Cisco will cater to the rising demand from customers in India and globally and aims to drive more than US$1 billion in combined domestic production and exports in the coming years.

As organizations in India and across the globe fast-track their digitization, their technology needs are evolving rapidly. The manufacturing facility will build Cisco’s best-in-class technology, designed to provide flexible, cost-effective delivery of next-generation services and applications and support complex cloud computing environments. This investment will enable us to bring state-of-the-art technologies to more people and businesses and help accelerate India’s transition into a leading digital economy.

How does Cisco plan to leverage India’s talent pool and research capabilities to create products for both domestic and international markets?

With one of the youngest populations in the world, India’s talent, especially in the engineering space, is a key competitive advantage. We have over 15,000 employees in India, of which a majority is digitally-savvy engineers who are helping Cisco innovate powerful solutions across the globe.

We believe our edge comes from having the best people. Therefore, we are focusing on building a future-ready, agile, and skilled workforce that can envision and bring to life new possibilities of digital technologies like AI & ML, cybersecurity, automation, etc. To make this happen, we continue to invest in robust learning and development programs that help our employees stay updated with the latest technological advancements.

In addition, to help bridge the gaps in digital skills and prepare India’s workforce for the jobs of the future, the Cisco Networking Academy is equipping learners with skills in emerging technologies such as networking, infrastructure automation, and cybersecurity and has trained over 1.29 million learners so far, of which about 31 percent are women.And as a cloud-first, hybrid economy takes shape, we have committed to train 500,000 people with cybersecurity skills over the next three years across the nation.