The Portuguese version of this Article can be found at: Navegando de Forma Segura num Ambiente Caótico - Parte I.

For an offline or printed copy of this document, simply choose ⋮ Options > Printer Friendly Page. You may then Print > Print to PDF or Copy & Paste to any other document format you like.

PART I

Preface

Multiple Vendors, multiple Hardware (new and old) and multiple "Things" are a real-world scenario for many Customers, secure these Chaotic Environments is a challenge.

To explore these Chaotic Environments, how they arise, and how to prepare for them, take this journey that will share Knowledge Base Articles, Ideas, Enhancements and practices adopted from various experiences that are best suited for a Chaotic Environment.

To demonstrate the practices adopted in Cisco ISE that are best suited for a Chaotic Environment, the written scripts to automate different tasks (via REST APIs, PowerShell, Shell Script, etc.) and researches in AI to improve operations in a cost-effective manner, a real-world example at Caixa Econômica Federal (a Public Bank founded in 1861 with 85K+ Employees, 115K+ Users, and 150M+ Customers serving the Brazilian territory of 8.5M km2 and 26 States via 53K+ Service Points, 15K+ Switches and 250K+ Endpoints) will be presented !!!

This is a two-part Knowledge Base Article:

• Navigating Security in a Chaotic Environment - Part I: Introduction to Chaotic Environment & AI (Artificial Intelligence)

Discover how to tackle Chaotic Environments head-on and explore the role of AI in navigating this complexity !!!

• Navigating Security in a Chaotic Environment - Part II: Real-World Example, Challenges & Tips

Gain insights from Real-World Examples of Chaotic Environments, uncover Challenges, and equip yourself with Tips to "conquer this War".

NOTE: Readers are highly encouraged to have understanding of Cisco ISE, REST APIs, PowerShell and Shell Script.

Introduction

In November 1999, Bruce Schneier published the following essay:

A Plea for Simplicity - you can't secure what you don't understand.

• " ... whatever the future holds - IP everywhere, Smart Cards everywhere, Video everywhere, Internet Commerce everywhere, Wireless everywhere, Agents everywhere, AI everywhere, Everything everywhere - the one thing you can be sure of is that it will be complex ... The worst enemy of Security is complexity ... "
• " ... The more complex a system is ... the harder it is to analyze. Everything is more complicated: the Specification, the Design, the Implementation, the Use. And everything is relevant to Security Analysis ... "

In November 2007, David J. Snowden and Mary E. Boone published the following article:

A Leader's Framework for Decision Making

• " ... different contexts call for different kinds of responses ... "
• " ... The result is the Cynefin Framework, which helps executives sort issues into five contexts:
  ... Simple contexts ... 'known knowns' ...
  ... Complicated contexts ... 'known unknows' ...
  ... Complex contexts ... 'unknown unknowns' ...
  ... Chaotic contexts ... 'unknowables'...
  ... The fifth context, Disorder ... "
• " ... Conditions of scarcity often produce more creative results than conditions of abundance ... "
• " ... Yet the Chaotic Domain is nearly always the best place for Leaders to impel Innovation ... "

Let's navigate through the "worst enemy of Security", a Chaotic & Complex Context that we call the Chaotic Environment, while sharing the "creative results" and "innovations" produced on this journey !!!

FAIR WINDS AND FOLLOWING SEAS !!!   ;  )

Chaotic Environment

A Chaotic Environment with multiples Vendors, multiples Hardware (new and old) and multiples "Things" is a real-world scenario for many Customers.

Let's explore these Chaotic Environments, understand how they arise, and how to prepare for them.

Reasons of a Chaotic Environment

Chaotic Environments arise from many reasons:

• M&A (Mergers and Acquisitions);
• Bidding (very common in the Public Sector);
• Transition to new Technology.

How to prepare for a Chaotic Environment ?

In a scenario with many variables (like a Chaotic Environment) every day is a "War Room" !!!

To be prepared for this daily War Room you MUST understand:

• The three parts of the "Cybersecurity Awareness Equation":

1. The "MUST part"
   How to do more with less ?
2. The "Proactive part"
   How to predict the risk and prepare for it ?
3. The "Reactive part"
   How to effectively identify, prioritize and manage Business risks during an issue ?

• The Five 9s Metric
• The Uniqueness of your Environment.
• The New Release / New Features "transformative power"

Cybersecurity Awareness Equation

The "MUST Part"

In today's War Room, we MUST do more with less by:

• Simplify
  Communication and Processes must be simple and effective
• Be Agile
  Be Organized and learn to be Flexible
• Be Efficient
  Develop Hard and Soft Skills.
• Join Forces
  Be part of the right Community and Share Knowledge

The "Proactive Part"

Moving from a Reactive Troubleshooting to a Proactive Approach is a MUST !!!

The 1st step to predict risk, be proactive and keep one step ahead is to continuously understanding Cybersecurity Statistics / Challenges (both global and industry-specific) 

• Cybercrime is Global - Attacks are on the rise (new trends and attack types pop up daily)
• Knowledge of Cybercrime is fragmented - proper identification of Key Risks is a challenge
• Responses to Cybercrime are disjointed (Cybercrime is transnational but responses are localized)
• The majority of data breaches are motivated by Financial gain (the Finance Sector has always been an attractive target for Cybercriminals)
• The Top 2 results of a Cyber Attack are: the leak of Confidential Information and the disruption of Core Activity
• Most Users are still practicing behaviors that put the Company at risk (Attackers also target Dormant Accounts)
• Vulnerabilities in Legacy Systems and Outdated Hardware are a major challenge to Cybersecurity Compliance

The 2nd step is to develop Critical Thinking using Hypothetical Scenarios for Problem Solving ... scenarios that mirror real-world Challenges help you practice applying your knowledge to address complex issues ... in other words, develop and test an IRP (Incident Response Plan) !!!

The "Reactive Part"

To manage Business Risks during a Cybersecurity Attack, you MUST 1st identify ALL Threats and then prioritize which one have the greatest impact on your Business ...

... but ... you cannot Secure what you "cannot see" ... what about those Threats that you cannot identify ?

You MUST understand your Business Behaviors (specifics thresholds and patterns) ... you MUST have Historical Reference Data !!!

The Five 9s Metric

New Technologies have expanded the Digital Delivery Chain beyond the Customer Perimeter, adding complexity and making Services more critical.

Five 9s are the Gold Standard and End Goal for Critical Services !!!

Five 9s is a Metric that indicates that a System is fully operational 99.999% of the time (a 5.26 min of downtime per year).

To achieve Five 9s you need:

• High-Quality Hardware:
  Servers MUST have redundant Power Supplies, Network Interfaces, and Storage Systems
• Distributed Architecture:
  Spreading Services across multiple Servers and Data Centers
• Proactive Maintenance:
  Regular Updates and Maintenance

NOTE:

• Four 9s (99.99%) has a 52.60 minutes of downtime per year or 8.64 seconds downtime per day !!!
• Three 9s (99.9%) has a 8.77 hours of downtime per year or 1.44 minutes downtime per day !!!
• Two 9s (99%) has a 3.65 days of downtime per year or 14.40 minutes downtime per day !!!
• One 9 (90%) has a 36.53 days of downtime per year or 2.4 hours downtime per day !!!

The Uniqueness of your Environment

Each Environment has its uniqueness ... a Chaotic Environment is more unique than unique.

In a singular Environment like a Chaotic Environment, having a LAB Environment is a MUST !!!

TOP 3 LAB Environment benefits:

• Gaining Experience by simulating different scenarios and options 
• Testing Critical Changes before implementing them in the Production Environment
• Testing New Releases (Major and/or Minor)

New Release / New Features

Staying up to date (Software & Hardware) is highly recommended on any Environment, but in a Chaotic Environment with multiples Devices from multiples Vendors, it's a MUST to check for New Features in New Releases.

Never underestimate the "transformative power" of New Features !!!  ; )

These New Features are capable of transforming your Chaotic Environment, and making it less chaotic  : )

Sharing Knowledge - The Only Option

As mentioned before ... in today's War Room, we MUST do more with less by Joining Forces (being part of the right Community and Sharing Knowledge).

Here is a sample of experiences lived and shared:

The Right Community

Joining Forces with the right people is a TODAY MUST !!!

The easiest way to find the right people, it to find the right Community that brings these people together !!!

These Communities provide a space to share knowledge and "give their Members a voice":

Cisco Community English and Cisco Community Portuguese

Search Information, Ask Questions & Get Trusted Answers and Learn from your Peers and Cisco Experts.

Cisco Insider User Group - CIUG

Direct access to Product Owners, Roadmap Sessions, Technical Briefings and Beta Programs.

Cisco Insider Advocates

Build Connections, access Industry News (through Channels like Customer Experience, Cybersecurity, and others) and explore Peers (Cisco Customers and Partners) insights.

Cisco Learning Network

A Social Learning Community that provides learning tools, training resources, and industry guidance to anyone interested in building an IT Career through Cisco Certifications.

Cisco CyberSec Tech Day - São Paulo, Brazil

In its 2nd year, held at the Cisco Office in São Paulo, Brazil, bringing technical discussions, lectures and demonstrations on CyberSecurity.

Cisco CyberSec Tech Day - São Paulo, Brazil

Cisco Live

Year after year, experiences have always been shared in a single in-person Event: the Cisco Live US , with:

• Cisco Customer Experience (Cisco CX)
• Cisco TAC
• Cisco Engineers
• Cisco Product Manager
• Cisco Developers (Cisco DevNet)
• other Professionals who shared knowledge in this gigantic Event !!!

To learn more about Cisco Live experience, please take a look at:

Uma Volta pelo Evento Cisco Live 2022 com Marcelo Morais

Viva experiência Cisco Live 2024 com a Nossa Comunidade.

AI (Artificial Intelligence)

Let's Start with the Basics !!!

AI is an Umbrella term for a range of technologies that aims to mimic Human thought to solve tasks for us !!!

ML (Machine Learning) is a specific application of AI that extracts knowledge from Data and learn from it autonomously !!!

LLM (Large Language Models) is a specific type of ML specialized for language understanding and text generation and trained on large amounts of data.

AI Hallucination happen when LLMs create false information to fill in the gaps of missing Data or Data that doesn't support the task.

Gen (Generative) AI is an AI capable of generating various type of content (such as: Text, Image, Data, ...) often in response to a user request and trained on large datasets.

Predictive AI is an AI capable of identifying patterns in Past Events and make predictions about Future Events and trained on smaller Datasets.

To learn more about AI, please take a look at:

Cisco Outshift - Blog.

The "Right AI" for your Business !!!

AI in business has not reached its full potential and AI Companies are still developing solutions that meet the specific needs of each Business.

In other words, it's not always easy to find the "Right AI" for your Business, however, you MUST start asking the "Right Questions" to be prepared for this Technological Advancement.

Quoting Alvin Toffler: "The Right Question is usually more important than the Right Answer to the Wrong Question."

Each Business has its own specificities, but the following questions are a MUST for any Business:

• What is my Business's AI Maturity ?
• Are there any valid AI use cases that I can benefit from ?

AI/ML- An overview of industry trends & Cisco CX Use-Cases

Top 3 Use Cases of AI-Enhanced Networking

Business' AI Maturity

Understanding your Business' AI Maturity is an important step in identifying where you are in your AI Journey:

1. Awareness (Score: 1 - 2):
   Understanding: Basic knowledge of AI and its potential impact on the industry
   Attitude: Openness to learning about AI but no active engagement in AI Projects
2. Exploration (Score: 3 - 4):
   Experimentation: Initial efforts to explore AI through Pilot Projects or Partnerships
   Skill Development: Investing in training for Employees to understand and work with AI Technologies
3. Adoption (Score: 5 - 6):
   Implementation: Integrating AI Solutions into Business Processes
   Strategy Alignment: AI initiatives are aligned with broader Business strategies but may not be fully optimized
4. Optimization (Score: 7 - 8):
   Advanced Integration: AI Technologies are seamlessly integrated into Operations, enhancing efficiency and decision-making
   Innovation: Business actively seeks out advanced AI solutions to drive innovation and maintain competitive advantage
5. Transformation (Score: 9 - 10):
   Culture of AI: AI is deeply embedded in the Company culture, with continuous learning and adaptation
   Leadership in AI: Business is recognized as a leader in AI innovation, setting standards in its industry for AI adoption and application

Note: credits for What is Your Business's AI Maturity Score ?

AI in a Chaotic Environment

AI is designed to help us become more agile, more efficient and more productive, but the AI Journey into the complexity of a Chaotic Environment requires an extremely careful approach.

New Devices "to learn" and Old Devices "to unlearn" are common aspects in a Chaotic Environment (just to name a few).

Keep in mind:

• to invest extra time in the Exploration "step" of the AI Journey
• to invest in people who can think Technically and speak at a Business Level at the same time
• to never left aside IT Modernization during the AI Journey

Stay Updated !!!

Just a few important links to keep you up to date:

Cisco Portfolio for Financial Services: What can we help you solve today ?

Cisco - Security Advisories

Cisco - AI Readiness Index

Cisco Talos - Blog

ThousandEyes - Internet Outages Map

CISA - Cybersecurity Alerts & Advisories

CISA - Report

CISA - Cybersecurity Awareness Month - October

CISA - IRP (Incident Response Plan) Basics 

NSA - Cybersecurity Advisories & Guidance

PART II

Link:

Navigating Security in a Chaotic Environment - Part II