• United States
Senior Editor

Cisco software to make networks smarter, safer, more manageable

News Analysis
Jun 11, 20195 mins
Cloud ComputingEnterprise ApplicationsNetworking

Cisco software announced at Cisco Live embraces AI to help customers set consistent network and security policies across their domains and improve intent-based networking.

Credit: bigstock

SAN DIEGO—Cisco injected a number of new technologies into its key networking control-point software that makes it easier to stretch networking from the data center to the cloud while making the whole environment smarter and easier to manage.

At the company’s annual Cisco Live customer event here it rolled out software that lets customers more easily meld typically siloed domains across the enterprise and cloud to the wide area network. The software enables what Cisco calls multidomain integration that lets customers set policies to apply uniform access controls to users, devices and applications regardless of where they connect to the network, the company said.

The company also unveiled Cisco AI Network Analytics, a software package that uses AI and machine learning techniques to learn network traffic and security patterns that can help customers spot and fix problems proactively across the enterprise.  

All of the new software runs on Cisco’s DNA Center platform which is rapidly becoming an ever-more crucial component to the company’s intent-based networking plans.  DNA Center has always been important since its introduction two years ago as it features automation capabilities, assurance setting, fabric provisioning and policy-based segmentation for enterprise networks. 

Beyond device management and configuration, Cisco DNA Center gives IT teams the ability to control access through policies using Software-Defined Access (SD-Access), automatically provision through Cisco DNA Automation, virtualize devices through Cisco Network Functions Virtualization (NFV), and lower security risks through segmentation and Encrypted Traffic Analysis.  But experts say these software enhancements take it to a new level.

“You can call it the rise of DNA Center and it’s important because it lets customers manage and control their entire network from one place – similar to what VMware does with its vCenter,” said Zeus Kerravala, founder and principal analyst with ZK Research.  vCenter is VMware’s centralized platform for controlling its vSphere virtualized environments.

“Cisco will likely roll more and more functionality into DNA Center in the future making it stronger,” Kerravala said.

Together the new software and DNA Center will help customers set consistent policies across their domains and collaborate with others for the benefit of the entire network. Customers can define a policy once, apply it everywhere, and monitor it systematically to ensure it is realizing its business intent, said Prashanth Shenoy, Cisco vice president of marketing for Enterprise Network and Mobility. It will help customers segment their networks to reduce congestion, improve security and compliance and contain network problems, he said.

“In the campus, Cisco’s SD-Access solution uses this technology to group users and devices within the segments it creates according to their access privileges. Similarly, Cisco ACI creates groups of similar applications in the data center,” Shenoy said. “When integrated, SD-Access and ACI exchange their groupings and provide each other an awareness into their access policies. With this knowledge, each of the domains can map user groups with applications, jointly enforce policies, and block unauthorized access to applications.”

In the Cisco world it basically means there now can be a unification of its central domain network controllers and they can work together and let customers drive policies across domains.  

Cisco also said that security capabilities can be spread across domains. 

Cisco Advanced Malware Protection (AMP) prevents breaches, monitors malicious behavior and detects and removes malware. Security constructs built into Cisco SD-WAN, and the recently announced SD-WAN onRamp for CoLocation, provide a full security stack that applies protection consistently from user to branch to clouds. Cisco Stealthwatch and Stealthwatch Cloud detect threats across the private network, public clouds, and in encrypted traffic.

Analysts said Cisco’s latest efforts are an attempt to simplify what are fast becoming complex networks with tons of new devices and applications to support.

Cisco’s initial efforts were product specific, but its latest announcements cross products and domains, said  Lee Doyle principal analyst with Doyle Research. “Cisco is making a strong push to make its networks easier to use, manage and program.”

That same strategy is behind the new AI Analytics program.

“Trying to manually analyze and troubleshoot the traffic flowing through thousands of APs, switches and routers is a near impossible task, even for the most sophisticated NetOps team. In a wireless environment, onboarding and interference errors can crop up randomly and intermittently, making it even more difficult to determine probable causes,”  said Anand Oswal, senior vice president, engineering for Cisco’s Enterprise Networking Business.

Cisco has been integrating AI/ML into many operational and security components, with Cisco DNA Center the focal point for insights and actions, Oswal wrote in a blog about the AI announcement. AI Network Analytics collects massive amounts of network data from Cisco DNA Centers at participating customer sites, encrypts and anonymizes the data to ensure privacy, and collates all of it into the Cisco Worldwide Data Platform. In this cloud, the aggregated data is analyzed with deep machine learning to reveal patterns and anomalies such as:

  • Highly personalized network baselines with multiple levels of granularity that define “normal” for a given network, site, building and SSID.
  • Sudden changes in onboarding times for Wi-Fi devices, by individual APs, floor, building, campus
    and branch.
  • Simultaneous connectivity failures with numerous clients at a specific location
  • Changes in SaaS and Cloud application performance via SD-WAN direct internet connections or Cloud OnRamps.
  • Pattern-matching capabilities of ML will be used to spot anomalies in network behavior that might otherwise be missed.

“The intelligence of its large base of customers can help Cisco to derive important insights about how users can better manage their networks and solve problems and the power of MI/AI technology will continue to improve over time,” Doyle said.