1 00:00:00,000 --> 00:00:02,880 Welcome everybody to the Security in 45 show. 2 00:00:02,880 --> 00:00:06,560 Today is December 11th, 2024. 3 00:00:08,080 --> 00:00:09,500 I'm just gonna go ahead and do this, 4 00:00:09,500 --> 00:00:11,640 even though it's corny, but ho, ho, ho. 5 00:00:11,640 --> 00:00:13,220 Welcome to the show. 6 00:00:14,240 --> 00:00:16,340 As you can see, we've got four Santa Clauses 7 00:00:16,340 --> 00:00:18,280 on the show with you today. 8 00:00:19,840 --> 00:00:22,620 On this show, we of course cover a new security topic 9 00:00:22,620 --> 00:00:25,680 every month in 45 minutes or less. 10 00:00:25,680 --> 00:00:30,260 We've got a Christmas themed presentation today for you. 11 00:00:30,260 --> 00:00:33,240 We'll be talking about segmentation. 12 00:00:33,240 --> 00:00:35,760 Foundational segmentation, something that needs to be 13 00:00:35,760 --> 00:00:38,880 in every network, regardless of size. 14 00:00:38,880 --> 00:00:43,620 And tomorrow you will see the things we're talking about 15 00:00:43,620 --> 00:00:46,480 in practice in a real dashboard. 16 00:00:46,480 --> 00:00:49,300 So kind of a two part show here. 17 00:00:49,300 --> 00:00:50,680 Andres, what can you tell us 18 00:00:50,680 --> 00:00:53,520 about our guest Santa Claus speakers? 19 00:00:53,520 --> 00:00:54,680 Also while we're at it, 20 00:00:54,680 --> 00:00:57,240 did you get your Christmas shopping done? 21 00:00:57,240 --> 00:00:59,560 Ha, ha, I'm still working on that. 22 00:00:59,560 --> 00:01:02,400 I'm probably gonna be last minute like every year. 23 00:01:02,400 --> 00:01:03,880 We were talking about that earlier. 24 00:01:03,880 --> 00:01:07,680 So yeah, I'm pretty sure everybody relates to that. 25 00:01:07,680 --> 00:01:11,220 But no, today's show is going to be awesome. 26 00:01:11,220 --> 00:01:12,960 It's gonna be on segmentation. 27 00:01:12,960 --> 00:01:15,520 We have Chad and we have Sam. 28 00:01:15,520 --> 00:01:19,320 We had him before in previous shows. 29 00:01:19,320 --> 00:01:22,480 And these guys are awesome, super knowledgeable 30 00:01:22,480 --> 00:01:27,160 about segmentation identity and eyes duo 31 00:01:27,160 --> 00:01:30,080 and things that just help a lot. 32 00:01:30,080 --> 00:01:33,000 And basically what we're gonna do is just talk 33 00:01:33,000 --> 00:01:37,080 about proper segmentation from a high level overview 34 00:01:37,080 --> 00:01:39,520 of what it is, how we do it. 35 00:01:39,520 --> 00:01:41,320 And as you mentioned, Mike, 36 00:01:41,320 --> 00:01:43,920 we're gonna have a quick demo tomorrow 37 00:01:43,920 --> 00:01:47,520 showing everything related to segmentation 38 00:01:47,520 --> 00:01:52,520 with some products that we do have that can do segmentation. 39 00:01:54,160 --> 00:01:58,320 So with that, I guess I will give it to you, Chad, 40 00:01:58,320 --> 00:02:00,840 and then Sam too, and choose yourselves if you want. 41 00:02:01,760 --> 00:02:03,040 Awesome, thank you. 42 00:02:04,360 --> 00:02:06,160 Hello everyone, my name is Chad Bui. 43 00:02:06,160 --> 00:02:09,280 I am a solutions engineer here at Cisco. 44 00:02:09,280 --> 00:02:12,080 Been with Cisco for 11 years, 45 00:02:12,080 --> 00:02:16,300 coming up on year 12 this coming January. 46 00:02:16,300 --> 00:02:21,040 So started on the CX side of the house, 47 00:02:21,040 --> 00:02:24,200 started in the lab, working in a lab, 48 00:02:24,200 --> 00:02:26,880 racking and stacking, building and recreate 49 00:02:26,880 --> 00:02:28,080 for tech engineers. 50 00:02:28,080 --> 00:02:30,920 From then I moved on to a tech role, 51 00:02:30,920 --> 00:02:34,120 supporting the ice solution on the AAA team. 52 00:02:34,120 --> 00:02:36,800 I was there for a number of years before coming over 53 00:02:36,800 --> 00:02:38,000 to the sales side of the house. 54 00:02:38,000 --> 00:02:40,160 So a little bit more background about myself, 55 00:02:40,160 --> 00:02:43,280 but I had to be on the show today. 56 00:02:43,280 --> 00:02:45,040 I know I've worked with you guys on a daily, 57 00:02:45,040 --> 00:02:47,720 but to share the stage with you guys is special. 58 00:02:47,720 --> 00:02:49,880 So thanks for having me. 59 00:02:49,880 --> 00:02:50,880 Glad you're here. 60 00:02:52,480 --> 00:02:55,960 Well, hi everyone, my name's Sam Baxter. 61 00:02:55,960 --> 00:02:58,240 I'm a solutions engineer here at Cisco as well. 62 00:02:58,240 --> 00:03:02,040 So I've been at Cisco going on 10 years now. 63 00:03:02,040 --> 00:03:03,860 During that time, I started working 64 00:03:03,860 --> 00:03:05,140 in professional services. 65 00:03:05,140 --> 00:03:08,280 So I was in CX on the opposite side of the house 66 00:03:08,280 --> 00:03:11,400 as tech, where Chad just mentioned. 67 00:03:11,400 --> 00:03:13,880 And I moved into pre-sales. 68 00:03:13,880 --> 00:03:17,000 So in the past years, I've been focused primarily 69 00:03:17,000 --> 00:03:22,000 on dual security and Cisco's identity ecosystem. 70 00:03:22,480 --> 00:03:24,120 Worked with these guys in the past 71 00:03:24,120 --> 00:03:27,000 and it's a pleasure to receive the invite 72 00:03:27,000 --> 00:03:28,240 to come talk to you guys today. 73 00:03:28,240 --> 00:03:30,720 So really looking forward to the conversation. 74 00:03:31,960 --> 00:03:33,960 Awesome, that's great. 75 00:03:33,960 --> 00:03:36,280 Looking forward to it as well. 76 00:03:36,280 --> 00:03:38,440 Some of the best Christmas presents I've ever had 77 00:03:38,440 --> 00:03:40,320 is just the knowledge you guys have helped me out with 78 00:03:40,320 --> 00:03:42,560 when it comes to segmentation, nice and duo things. 79 00:03:42,560 --> 00:03:45,620 So thanks for the early Christmas present on that. 80 00:03:46,640 --> 00:03:48,800 Guys, let's talk a little bit about 81 00:03:48,800 --> 00:03:52,640 when it comes to segmentation, the terminology, 82 00:03:52,640 --> 00:03:56,320 basic principles, maybe like foundational knowledge. 83 00:03:56,320 --> 00:03:59,600 What can you tell us about some of the terms 84 00:03:59,600 --> 00:04:01,200 that we hear and need to know about 85 00:04:01,200 --> 00:04:03,240 and kind of just some high level 86 00:04:03,240 --> 00:04:05,520 basic principles of segmentation? 87 00:04:08,160 --> 00:04:09,260 Yeah, I can jump in. 88 00:04:09,260 --> 00:04:13,000 So yeah, basically segmentation, 89 00:04:13,000 --> 00:04:15,920 there are a lot of different ways to segment a network, 90 00:04:15,920 --> 00:04:19,440 segment your resources, but from my understanding, 91 00:04:19,440 --> 00:04:21,120 it's really taking the network, 92 00:04:21,120 --> 00:04:23,160 dividing it up into different segments 93 00:04:23,160 --> 00:04:24,480 and then within those segments, 94 00:04:24,480 --> 00:04:28,760 you can start controlling those with more granular policies. 95 00:04:28,760 --> 00:04:30,960 But at a high level, segmentation is gonna allow you 96 00:04:30,960 --> 00:04:33,680 to isolate assets from one another. 97 00:04:35,440 --> 00:04:36,760 There are a couple of different ways 98 00:04:36,760 --> 00:04:39,920 you would apply segmentation. 99 00:04:39,920 --> 00:04:43,480 So sometimes you'll think about app to app communication, 100 00:04:43,480 --> 00:04:46,120 you can think about user to app communication, 101 00:04:47,240 --> 00:04:51,840 but it's really just how can we create smaller pockets 102 00:04:51,840 --> 00:04:55,200 within a network if there is some type of risk 103 00:04:55,200 --> 00:04:57,160 or if there is a breach, 104 00:04:57,160 --> 00:05:00,440 how can we limit lateral movement? 105 00:05:00,440 --> 00:05:03,080 So thinking about the East-West traffic 106 00:05:03,080 --> 00:05:04,500 and then also North-South. 107 00:05:04,500 --> 00:05:09,340 So Chad, do you have anything you wanna expand upon 108 00:05:09,340 --> 00:05:11,300 your understanding of segmentation? 109 00:05:11,300 --> 00:05:13,580 Yeah, you get the nail on the head. 110 00:05:13,580 --> 00:05:16,500 Segmentation is just that dividing your network up. 111 00:05:16,500 --> 00:05:19,260 And a lot of times when we talk segmentation, 112 00:05:19,260 --> 00:05:21,280 it's more in the security perspective, 113 00:05:22,260 --> 00:05:24,580 but there is a networking side to it 114 00:05:24,580 --> 00:05:27,420 in terms of performance when it comes to segmentation. 115 00:05:29,420 --> 00:05:31,380 Second up bandwidth is important 116 00:05:31,380 --> 00:05:33,620 in terms of networking performance, 117 00:05:33,620 --> 00:05:36,900 especially when it comes to video and voice traffic, 118 00:05:36,900 --> 00:05:39,220 which is another reason for segmentation, 119 00:05:39,220 --> 00:05:42,060 putting that voice traffic on its own domain 120 00:05:42,060 --> 00:05:43,940 while keeping the data separate 121 00:05:43,940 --> 00:05:47,980 to avoid any issues with this WebEx right now. 122 00:05:47,980 --> 00:05:50,300 Of course, we have to separate that out 123 00:05:50,300 --> 00:05:52,060 to get the best performance. 124 00:05:52,060 --> 00:05:53,820 So a lot of times as security guys, 125 00:05:53,820 --> 00:05:55,720 we're thinking of the security aspect, 126 00:05:55,720 --> 00:05:57,500 this user can access this resource 127 00:05:57,500 --> 00:06:00,500 or this application can't speak to this application, 128 00:06:00,500 --> 00:06:04,540 but it does expand out in terms of network performance 129 00:06:04,540 --> 00:06:05,920 as well. 130 00:06:05,920 --> 00:06:07,420 But yeah, segmentation is just that. 131 00:06:07,420 --> 00:06:10,880 And you can get pretty crazy with segmentation. 132 00:06:10,880 --> 00:06:14,140 Of course, like traditional ways of segmentation 133 00:06:14,140 --> 00:06:17,940 would be like the VLANs and VRS 134 00:06:17,940 --> 00:06:20,460 and having your access control list, 135 00:06:20,460 --> 00:06:23,020 but that's just pretty much like the start of it. 136 00:06:23,020 --> 00:06:25,700 From there, we can get it super granular. 137 00:06:25,700 --> 00:06:28,740 So yeah, that segmentation, dividing your network up 138 00:06:28,740 --> 00:06:30,780 and adding some security around it, 139 00:06:30,780 --> 00:06:32,420 but also increasing performance. 140 00:06:33,300 --> 00:06:35,460 How about RBAC? 141 00:06:35,460 --> 00:06:36,940 We hear that term a lot. 142 00:06:36,940 --> 00:06:39,180 What are we talking about there? 143 00:06:39,180 --> 00:06:40,940 And Mike, that's a good question. 144 00:06:40,940 --> 00:06:43,580 And this is something that came up 145 00:06:43,580 --> 00:06:45,580 when I was in the office a few weeks ago 146 00:06:45,580 --> 00:06:49,940 is just your understanding of RBAC. 147 00:06:49,940 --> 00:06:52,260 A lot of times when I think of RBAC, 148 00:06:52,260 --> 00:06:54,660 and those of you unfamiliar with RBAC 149 00:06:54,660 --> 00:06:57,360 is World Base Access Control, 150 00:06:57,360 --> 00:06:59,860 I always think of like administrative duties. 151 00:06:59,860 --> 00:07:03,380 Like within an application, 152 00:07:03,380 --> 00:07:06,460 if you have an analyst that really shouldn't be involved 153 00:07:06,460 --> 00:07:07,940 in making configuration changes, 154 00:07:07,940 --> 00:07:09,900 but wanna go in and look at logs, 155 00:07:10,820 --> 00:07:12,180 I think of RBAC policies, 156 00:07:12,180 --> 00:07:14,820 like making sure that they're not able to mess anything up, 157 00:07:14,820 --> 00:07:16,860 but also get the information they need. 158 00:07:16,860 --> 00:07:18,340 While you have the administrator 159 00:07:18,340 --> 00:07:22,700 that should have full rights into a system. 160 00:07:22,700 --> 00:07:25,900 But that's not the only use case for RBAC. 161 00:07:25,900 --> 00:07:27,900 It also can apply to network access. 162 00:07:27,900 --> 00:07:30,700 But just curious to think what comes to mind 163 00:07:30,700 --> 00:07:32,580 when you guys think of RBAC. 164 00:07:33,500 --> 00:07:36,100 Yeah, I think of the admin use case as well. 165 00:07:36,100 --> 00:07:39,920 I think my time within Duo kind of helped me understand 166 00:07:39,920 --> 00:07:43,320 specific application use cases for RBAC. 167 00:07:43,320 --> 00:07:45,780 So maybe there's some type of application 168 00:07:45,780 --> 00:07:47,180 that has a billing component 169 00:07:47,180 --> 00:07:51,500 or something that users shouldn't be able to see. 170 00:07:51,500 --> 00:07:53,100 So from the end user perspective, 171 00:07:53,100 --> 00:07:56,940 like obviously the admin is gonna set the policy. 172 00:07:56,940 --> 00:08:00,780 But yeah, I think about it both ways now, 173 00:08:00,780 --> 00:08:04,060 but I think since we're always configuring 174 00:08:04,060 --> 00:08:07,540 from the admin side and we're always in the dashboard, 175 00:08:07,540 --> 00:08:10,360 that's why we typically will think about 176 00:08:10,360 --> 00:08:11,780 the admin use case. 177 00:08:13,220 --> 00:08:15,580 I think that's nice, I have to say. 178 00:08:15,580 --> 00:08:16,940 That's true. 179 00:08:16,940 --> 00:08:17,780 That's true. 180 00:08:17,780 --> 00:08:21,820 And I always look at it on the two different ways. 181 00:08:21,820 --> 00:08:25,380 I know it's easy, like for example, 182 00:08:25,380 --> 00:08:27,340 some of the things that we're configuring 183 00:08:27,340 --> 00:08:31,980 will be related to role-based access control. 184 00:08:31,980 --> 00:08:34,700 And then if we take it up a step further, 185 00:08:34,700 --> 00:08:38,780 I think it's going to be every role in the company. 186 00:08:38,780 --> 00:08:41,620 So it's segmenting that I think. 187 00:08:41,620 --> 00:08:44,120 That's my point of view, I think. 188 00:08:45,260 --> 00:08:46,580 Yeah, that's great. 189 00:08:46,580 --> 00:08:48,460 How about this term, 190 00:08:48,460 --> 00:08:51,780 micro segmentation and macro segmentation? 191 00:08:53,460 --> 00:08:57,540 Yeah, I can jump in that one from the macro side. 192 00:08:57,540 --> 00:09:02,260 Typically, just segmenting your network 193 00:09:02,260 --> 00:09:04,060 based on different zones. 194 00:09:05,500 --> 00:09:07,100 You might have, like Chad said, 195 00:09:07,100 --> 00:09:09,700 with the voice side, you have a voice VLAN 196 00:09:09,700 --> 00:09:11,340 and then you have a data VLAN. 197 00:09:11,340 --> 00:09:13,220 So just segmenting those, 198 00:09:13,220 --> 00:09:15,620 it's gonna be a more broader approach. 199 00:09:15,620 --> 00:09:18,600 And then micro as in the name, right? 200 00:09:18,600 --> 00:09:23,600 We're able to segment applications or segment workloads 201 00:09:25,240 --> 00:09:28,000 down to the individual components of that workload. 202 00:09:28,000 --> 00:09:31,280 So if you have like a database component 203 00:09:31,280 --> 00:09:34,300 in the overall microservices application, 204 00:09:35,560 --> 00:09:37,280 you can start controlling 205 00:09:37,280 --> 00:09:39,840 who can access that database component. 206 00:09:39,840 --> 00:09:42,480 Maybe only the front end can talk to the database 207 00:09:42,480 --> 00:09:45,320 and not the user portion. 208 00:09:45,320 --> 00:09:50,320 So micro segmentation can go a lot further than that, 209 00:09:50,440 --> 00:09:52,600 but those are just a few examples. 210 00:09:54,240 --> 00:09:56,240 And I think that's a great question, Mike, 211 00:09:56,240 --> 00:09:58,900 because that comes up daily in conversations 212 00:09:58,900 --> 00:10:02,560 that I'm having with our customers 213 00:10:02,560 --> 00:10:07,240 is how to go about implementing micro as well as macro. 214 00:10:07,240 --> 00:10:10,680 Of course, I guess start with macro 215 00:10:10,680 --> 00:10:13,200 and then from there, fine tuning things. 216 00:10:13,200 --> 00:10:16,420 But it's important to understand the difference 217 00:10:16,420 --> 00:10:19,820 between the two, but there are specific use cases 218 00:10:19,820 --> 00:10:22,320 that each can take advantage of. 219 00:10:22,320 --> 00:10:23,160 Yeah. 220 00:10:23,160 --> 00:10:25,140 And I'd like that you brought up where to start. 221 00:10:25,140 --> 00:10:27,700 And I know we're gonna ask you guys a little bit late 222 00:10:27,700 --> 00:10:31,620 about recommendations on where to start 223 00:10:31,620 --> 00:10:33,140 with the topic of segmentation, 224 00:10:33,140 --> 00:10:35,740 but yeah, that's a good call starting with the macro. 225 00:10:39,280 --> 00:10:40,580 Andres, you're muted. 226 00:10:40,580 --> 00:10:41,420 I'm muted. 227 00:10:41,420 --> 00:10:42,260 You're muted, Santa. 228 00:10:42,260 --> 00:10:43,100 You're mute, Master. 229 00:10:43,100 --> 00:10:43,940 You're mute, Master Gachi. 230 00:10:43,940 --> 00:10:44,780 There you are, I'm back. 231 00:10:44,780 --> 00:10:48,260 No, I was just saluting to the fact 232 00:10:48,260 --> 00:10:51,620 that we have a lot of terminology on this type, 233 00:10:51,620 --> 00:10:53,180 which is pretty cool. 234 00:10:53,180 --> 00:10:57,100 And I really appreciate that we're breaking it down. 235 00:10:57,100 --> 00:11:01,740 One thing that I will add that I've seen over the years 236 00:11:01,740 --> 00:11:05,200 is that segmentation. 237 00:11:06,620 --> 00:11:08,380 And let's say, for example, 238 00:11:08,380 --> 00:11:11,260 think about the VLANs segmenting traffic 239 00:11:11,260 --> 00:11:12,340 and things like that, 240 00:11:12,340 --> 00:11:16,220 but it actually completes this story 241 00:11:16,220 --> 00:11:18,060 once you start applying policy. 242 00:11:18,060 --> 00:11:20,620 And I know we're gonna talk about a little bit about that 243 00:11:20,620 --> 00:11:25,140 in a few, but I have the next question is, 244 00:11:26,020 --> 00:11:29,860 what have you guys seen as far as the evolution 245 00:11:29,860 --> 00:11:34,340 of segmentation compared right now to 10 years ago? 246 00:11:34,340 --> 00:11:35,500 What do you guys think? 247 00:11:37,140 --> 00:11:39,840 Yeah, so when it comes to the evolution, 248 00:11:39,840 --> 00:11:42,260 based on my experience coming from my background 249 00:11:42,260 --> 00:11:45,620 and working with the identity services in ICE, 250 00:11:47,520 --> 00:11:51,980 I see the transition from performing dynamic segmentation, 251 00:11:51,980 --> 00:11:54,660 whether that's with dynamic VLAN assignments. 252 00:11:54,660 --> 00:11:57,860 So having that static configuration on a switchboard 253 00:11:57,860 --> 00:12:01,040 or the static configuration on an SSID, 254 00:12:01,040 --> 00:12:03,420 but being able to take that user into account 255 00:12:03,420 --> 00:12:07,420 and that machine that that user's logged into account 256 00:12:07,420 --> 00:12:11,620 and be able to put that session on a different VLAN, 257 00:12:11,620 --> 00:12:15,300 whether that VLAN, that new VLAN restricts them 258 00:12:15,300 --> 00:12:17,860 or actually allows access to them, 259 00:12:17,860 --> 00:12:20,700 which again, there's a lot that goes into that as well. 260 00:12:20,700 --> 00:12:23,100 When you throw into things like compliance, 261 00:12:23,100 --> 00:12:25,180 is this a vulnerable endpoint? 262 00:12:25,180 --> 00:12:26,580 Of course, if it's vulnerable, 263 00:12:26,580 --> 00:12:30,040 then we wanna make sure we put it in a quarantine VLAN, 264 00:12:30,040 --> 00:12:33,220 but that dynamic VLAN assignment 265 00:12:33,220 --> 00:12:36,120 and being able to dynamically change the access 266 00:12:36,120 --> 00:12:38,900 that that machine has, whether it's applying 267 00:12:38,900 --> 00:12:41,420 an access control list is pretty much 268 00:12:41,420 --> 00:12:43,900 like the evolution I've seen. 269 00:12:43,900 --> 00:12:47,180 And then this is a journey that customers are still on 270 00:12:47,180 --> 00:12:52,180 and providing an easy way to implement segmentation. 271 00:12:52,780 --> 00:12:56,320 Again, with having those static configurations in place. 272 00:12:58,340 --> 00:13:00,500 Yeah, I think from my perspective, 273 00:13:00,500 --> 00:13:03,700 I see a lot of the movement to the cloud. 274 00:13:03,700 --> 00:13:07,700 So, obviously with the shared responsibility 275 00:13:07,700 --> 00:13:09,620 of the cloud for customers, 276 00:13:09,620 --> 00:13:12,300 you have to implement your own policies, 277 00:13:12,300 --> 00:13:14,980 ensure that you're segmenting the cloud, 278 00:13:14,980 --> 00:13:17,220 just like you would do on-premise. 279 00:13:17,220 --> 00:13:19,780 And then from the old networking, 280 00:13:20,860 --> 00:13:22,940 the protection for old networks, right? 281 00:13:22,940 --> 00:13:26,860 We had inherent trust for what was within the gates 282 00:13:26,860 --> 00:13:28,420 or within our network. 283 00:13:28,420 --> 00:13:31,640 So I think that's changed a lot with the cloud migration. 284 00:13:31,640 --> 00:13:34,640 And then with the cloud piece, right? 285 00:13:34,640 --> 00:13:35,960 They're different constructs. 286 00:13:35,960 --> 00:13:39,000 So now you have strategies for like VPCs 287 00:13:39,000 --> 00:13:43,200 and keeping certain workloads from talking to others. 288 00:13:43,200 --> 00:13:45,880 And then also allowing that outside access 289 00:13:45,880 --> 00:13:48,600 based on the business requirements also. 290 00:13:48,600 --> 00:13:53,440 Something else we're seeing is segmentation of certain apps, 291 00:13:53,440 --> 00:13:58,440 being able to control segmentation using the kernel. 292 00:13:58,440 --> 00:14:02,600 So it could be the Linux kernel, could be using Windows. 293 00:14:02,600 --> 00:14:04,160 So using those host firewalls 294 00:14:04,160 --> 00:14:05,840 is a technique that we're seeing. 295 00:14:06,880 --> 00:14:11,040 And also for the application segmentation, 296 00:14:11,040 --> 00:14:13,520 there's also agents that are in use. 297 00:14:13,520 --> 00:14:17,200 So there is a lot of different ways 298 00:14:17,200 --> 00:14:19,040 to achieve the micro segmentation, 299 00:14:19,040 --> 00:14:21,120 but those are just some of the things 300 00:14:21,120 --> 00:14:22,720 that I've seen recently. 301 00:14:23,800 --> 00:14:25,760 I'm glad you brought up the cloud environments 302 00:14:25,760 --> 00:14:27,480 just because that's something 303 00:14:27,480 --> 00:14:30,920 that I'm continually ramping up on, 304 00:14:30,920 --> 00:14:34,960 getting familiar with the VPCs, the VNets, 305 00:14:34,960 --> 00:14:37,560 depending on the cloud infrastructure you're in, 306 00:14:37,560 --> 00:14:39,760 just because that best segmentation in itself, 307 00:14:41,000 --> 00:14:43,880 having those segments within that cloud environment. 308 00:14:43,880 --> 00:14:44,960 So I'm glad you mentioned that 309 00:14:44,960 --> 00:14:47,560 just because that's something that is on the rise. 310 00:14:47,560 --> 00:14:48,840 Yeah, a lot of times, right, 311 00:14:48,840 --> 00:14:51,360 those environments will talk to each other, 312 00:14:51,360 --> 00:14:55,160 or you'll have like private clouds 313 00:14:55,160 --> 00:14:59,240 or hybrid private clouds that talk to your public cloud. 314 00:14:59,240 --> 00:15:02,040 So we'll get into this a little later, 315 00:15:02,040 --> 00:15:05,200 but you really need to understand the traffic flows 316 00:15:05,200 --> 00:15:08,000 and do some dependency mapping, right? 317 00:15:08,000 --> 00:15:10,480 Understand what are my apps actually doing? 318 00:15:11,520 --> 00:15:13,240 But yeah, that's another topic 319 00:15:13,240 --> 00:15:14,840 when we start talking about the visibility 320 00:15:14,840 --> 00:15:16,520 as the first step. 321 00:15:16,520 --> 00:15:18,040 Yep. 322 00:15:18,040 --> 00:15:20,080 Excellent, yeah, get visibility 323 00:15:20,080 --> 00:15:22,520 and then trying to map it all together, 324 00:15:22,520 --> 00:15:24,760 maybe trying to reduce the complexity 325 00:15:24,760 --> 00:15:27,120 and understanding of it as much as possible. 326 00:15:27,120 --> 00:15:28,160 I know Sam and Chad, 327 00:15:28,160 --> 00:15:30,200 you alluded to that coming up 328 00:15:30,200 --> 00:15:32,000 towards the end of the conversation. 329 00:15:33,240 --> 00:15:35,720 Segmentation, initially I was, 330 00:15:35,720 --> 00:15:37,360 when I first learned about segmentation, 331 00:15:37,360 --> 00:15:41,320 I kind of thought of it as something you do upfront, 332 00:15:41,320 --> 00:15:42,840 like a proactive approach, 333 00:15:42,840 --> 00:15:45,240 but then you start thinking about like, 334 00:15:45,240 --> 00:15:50,240 well, is segmentation more of a reactive benefit as well? 335 00:15:50,240 --> 00:15:53,840 Does it have, would you guys say it has proactive 336 00:15:53,840 --> 00:15:57,200 and reactive components? 337 00:15:58,320 --> 00:16:02,480 For sure, for sure, both proactive and reactive. 338 00:16:02,480 --> 00:16:05,840 The proactive side is plays a part in kind of like this, 339 00:16:05,840 --> 00:16:09,760 this whole trend of zero trust within your environment. 340 00:16:09,760 --> 00:16:12,920 So being sure that me, when I'm on a Cisco network, 341 00:16:12,920 --> 00:16:15,800 I don't have access into the HR records. 342 00:16:15,800 --> 00:16:17,080 And then also on the opposite side, 343 00:16:17,080 --> 00:16:19,600 had making sure an HR employee doesn't have access 344 00:16:19,600 --> 00:16:22,000 to the engineering resources. 345 00:16:22,000 --> 00:16:25,920 So that's the proactive side of it, 346 00:16:25,920 --> 00:16:27,600 but then you have to be reactive. 347 00:16:27,600 --> 00:16:30,320 Like Sam mentioned, whenever there's a threat 348 00:16:30,320 --> 00:16:33,120 or even just like suspicion of a threat, 349 00:16:33,120 --> 00:16:37,120 being reactive, whether that's manually or automated 350 00:16:37,120 --> 00:16:42,120 to quarantine that device or apply an access control list, 351 00:16:42,120 --> 00:16:44,680 that's what your quarantine looks like, 352 00:16:44,680 --> 00:16:46,920 is on the reactive side. 353 00:16:46,920 --> 00:16:49,640 So it all starts with the proactive, 354 00:16:51,040 --> 00:16:53,520 every network starts flat. 355 00:16:53,520 --> 00:16:56,560 So it's the engineer's responsibility 356 00:16:56,560 --> 00:17:01,560 to segment those sections off and apply security around it. 357 00:17:02,160 --> 00:17:04,560 But then also just stop that lateral movement 358 00:17:04,560 --> 00:17:05,600 on the reactive side. 359 00:17:07,440 --> 00:17:09,760 I completely agree with you, Chad. 360 00:17:10,920 --> 00:17:12,920 Yeah, obviously the proactive side, 361 00:17:12,920 --> 00:17:14,840 understanding the types of devices, 362 00:17:14,840 --> 00:17:18,120 the types of users that ties in 363 00:17:18,120 --> 00:17:21,480 with the role-based access control we talked about earlier, 364 00:17:21,480 --> 00:17:25,320 making sure that you're operating from a least privilege. 365 00:17:25,320 --> 00:17:26,720 So when you're designing a policy 366 00:17:26,720 --> 00:17:30,400 to make sure that least privilege isn't in mind. 367 00:17:30,400 --> 00:17:31,520 And then from reactive, 368 00:17:31,520 --> 00:17:33,080 there are tons of different ways, right? 369 00:17:33,080 --> 00:17:35,920 You might wanna do like a change of authorization. 370 00:17:35,920 --> 00:17:38,880 If we determine there's a vulnerability on a machine, 371 00:17:40,160 --> 00:17:42,040 putting someone on another VLAN, right? 372 00:17:42,040 --> 00:17:44,880 Just being very dynamic based on certain attributes 373 00:17:44,880 --> 00:17:47,200 that you're seeing on that endpoint 374 00:17:48,080 --> 00:17:52,040 or some way to achieve that as well. 375 00:17:52,920 --> 00:17:54,400 Sure, sure. 376 00:17:54,400 --> 00:17:57,360 I think about that decrease the blast radius 377 00:17:57,360 --> 00:18:00,360 for the reactive, like something does happen, 378 00:18:00,360 --> 00:18:02,680 it'd be great if it's contained, 379 00:18:02,680 --> 00:18:04,160 so a good reactive. 380 00:18:05,480 --> 00:18:07,200 Everyone's trying to automate those things now, 381 00:18:07,200 --> 00:18:08,160 which makes sense. 382 00:18:08,160 --> 00:18:11,440 I mean, meantime the detection and responding 383 00:18:11,440 --> 00:18:14,120 is critical, it can be critical. 384 00:18:14,120 --> 00:18:18,160 So again, I would say the traditional way 385 00:18:18,160 --> 00:18:19,800 is the manual intervention, 386 00:18:19,800 --> 00:18:22,680 going into a system and manually segmenting 387 00:18:22,680 --> 00:18:24,360 or quarantining an endpoint, 388 00:18:24,360 --> 00:18:27,400 but a lot of times that's not good enough. 389 00:18:27,400 --> 00:18:29,080 Once something gets in and starts spreading, 390 00:18:29,080 --> 00:18:30,600 that happens quick. 391 00:18:30,600 --> 00:18:34,040 In the networking world, things happen fast 392 00:18:34,040 --> 00:18:34,960 in terms of traffic, 393 00:18:34,960 --> 00:18:37,720 so it's important to have those automations in place. 394 00:18:37,720 --> 00:18:38,560 Yeah, that's it. 395 00:18:38,560 --> 00:18:41,480 There's lots of ways to do that as well. 396 00:18:41,480 --> 00:18:43,360 Yeah, that time to reaction is critical 397 00:18:43,360 --> 00:18:46,800 and these attacks are happening much quicker 398 00:18:46,800 --> 00:18:48,240 than us humans can respond to. 399 00:18:48,240 --> 00:18:49,880 Yeah, you're right, you couldn't agree more 400 00:18:49,880 --> 00:18:53,040 about having something automated to perform 401 00:18:53,040 --> 00:18:55,200 that reactive segmentation if you need to. 402 00:18:56,240 --> 00:18:57,920 Yeah, that was good. 403 00:18:57,920 --> 00:19:02,920 There's always an element of when do we react, 404 00:19:04,120 --> 00:19:06,480 so that's always good to know. 405 00:19:06,480 --> 00:19:11,480 Now building up on those things that we started talking about 406 00:19:11,680 --> 00:19:16,680 where we get started, we also want to know, 407 00:19:17,000 --> 00:19:21,440 and if you guys don't mind going over this is, 408 00:19:21,440 --> 00:19:25,200 where do we start enforcing the segmentation? 409 00:19:25,200 --> 00:19:28,720 And I know in some cases, depending on the architecture 410 00:19:28,720 --> 00:19:31,760 of what we're implementing, it's gonna be different, 411 00:19:31,760 --> 00:19:36,280 but what do you guys think we should know 412 00:19:36,280 --> 00:19:38,640 where it gets enforced? 413 00:19:40,760 --> 00:19:42,360 That's a good question. 414 00:19:42,360 --> 00:19:45,080 So going back to where things start, 415 00:19:45,080 --> 00:19:46,680 if we were to look at a flat network 416 00:19:46,680 --> 00:19:48,880 and you start to build your segments out, 417 00:19:48,880 --> 00:19:52,600 your different VLANs, from right there, 418 00:19:52,600 --> 00:19:54,920 through routing and access control list, 419 00:19:54,920 --> 00:19:58,440 we can start doing some segmentation enforcement. 420 00:19:58,440 --> 00:20:00,040 What VLAN can talk to what? 421 00:20:01,080 --> 00:20:03,320 And I think that's a good place 422 00:20:03,320 --> 00:20:06,560 and going back to my CCNA days, 423 00:20:06,560 --> 00:20:09,480 that's what we were taught as the basics of networking 424 00:20:09,480 --> 00:20:12,000 when you start getting into two different segments. 425 00:20:13,240 --> 00:20:18,200 And going back to the evolution, from there, 426 00:20:18,200 --> 00:20:21,960 we have the zone-based firewalls as Sam mentioned as well, 427 00:20:21,960 --> 00:20:24,880 being able to enforce segmentation at the firewall level. 428 00:20:26,080 --> 00:20:28,360 And we know there's different places 429 00:20:28,360 --> 00:20:29,440 you can place a firewall, 430 00:20:29,440 --> 00:20:31,080 you can place it inside your network 431 00:20:31,080 --> 00:20:33,640 to monitor that east to west traffic. 432 00:20:33,640 --> 00:20:34,760 Of course, you're gonna have a firewall 433 00:20:34,760 --> 00:20:37,800 at your edge for the north-south, 434 00:20:37,800 --> 00:20:40,640 but there's segmentation being enforced there. 435 00:20:41,720 --> 00:20:45,800 And then again, going back to my ICE experience 436 00:20:45,800 --> 00:20:49,000 as it relates to software-defined access, 437 00:20:49,000 --> 00:20:51,760 that's when we can get pretty granular. 438 00:20:51,760 --> 00:20:54,280 So of course you have your VLANs, 439 00:20:55,600 --> 00:20:58,160 but doing that inter-VLAN segmentation. 440 00:20:58,160 --> 00:21:01,360 So the devices that are sitting in the same subnet, 441 00:21:01,360 --> 00:21:02,480 we can take things a step further 442 00:21:02,480 --> 00:21:04,960 with using group-based policy, 443 00:21:04,960 --> 00:21:08,480 which opens the door to multiple enforcement points 444 00:21:08,480 --> 00:21:09,360 at the access layer. 445 00:21:09,360 --> 00:21:12,120 Your switches are enforcement points, 446 00:21:12,120 --> 00:21:14,400 your APs are enforcement points. 447 00:21:15,560 --> 00:21:20,200 So there's different ways to enforce segmentation 448 00:21:20,200 --> 00:21:23,480 and everyone does it differently. 449 00:21:23,480 --> 00:21:25,520 There's some people that do it the same 450 00:21:25,520 --> 00:21:28,760 in terms of having a firewall in place 451 00:21:28,760 --> 00:21:29,960 to do some segmentation, 452 00:21:29,960 --> 00:21:33,480 but there are others that organizations 453 00:21:33,480 --> 00:21:36,320 that use access control lists on the switch ports, 454 00:21:36,320 --> 00:21:41,320 session-based access control lists to enforce segmentation. 455 00:21:42,480 --> 00:21:46,640 So it's a mix and it's really finding 456 00:21:46,640 --> 00:21:49,760 which segmentation enforcement model 457 00:21:49,760 --> 00:21:51,840 fits best for your organization. 458 00:21:51,840 --> 00:21:54,040 Yeah, just to expand on that, 459 00:21:54,040 --> 00:21:57,280 I think it depends on the assets as well. 460 00:21:57,280 --> 00:21:59,840 So if you have highly valued assets, 461 00:21:59,840 --> 00:22:02,240 you can start segmenting those. 462 00:22:02,240 --> 00:22:06,800 So doing that zone-based will probably be an easy win there. 463 00:22:06,800 --> 00:22:09,040 Something that a lot of organizations are using 464 00:22:09,040 --> 00:22:12,160 is APs with the guest network. 465 00:22:12,160 --> 00:22:15,440 That's technically a form of segmentation 466 00:22:15,440 --> 00:22:17,760 and we can start layering security controls 467 00:22:17,760 --> 00:22:22,000 on top of that, some of those segmented networks. 468 00:22:22,000 --> 00:22:24,760 But yeah, like Chad said, it's multiple ways. 469 00:22:24,760 --> 00:22:26,960 If you wanna control it at the network, 470 00:22:26,960 --> 00:22:30,040 it depends if you wanna allow that user 471 00:22:30,040 --> 00:22:34,320 to even get to that application or get to that resource. 472 00:22:34,320 --> 00:22:38,120 So a number of different ways to achieve the same goal. 473 00:22:38,120 --> 00:22:40,720 Some are easier, some are more difficult, 474 00:22:41,880 --> 00:22:44,680 but if you think about like dual security, 475 00:22:46,920 --> 00:22:50,400 there may be an application that you have on premises 476 00:22:50,400 --> 00:22:53,320 and all your users can get to that app. 477 00:22:53,320 --> 00:22:57,360 You can easily segment users from even being able to log in, 478 00:22:57,360 --> 00:22:58,880 coming through the front door 479 00:22:58,880 --> 00:23:02,440 using like group base or identity policies. 480 00:23:02,440 --> 00:23:03,880 So that's a form of segmentation 481 00:23:03,880 --> 00:23:05,640 and that's gonna be an easier win 482 00:23:06,640 --> 00:23:09,640 than going out and touching all of your network devices 483 00:23:09,640 --> 00:23:11,880 or touching all of your routers and switches. 484 00:23:13,040 --> 00:23:14,480 And I'm glad you mentioned that, Sam, 485 00:23:14,480 --> 00:23:17,520 just because like there are, 486 00:23:17,520 --> 00:23:21,080 when we're talking about where segmentation is enforced, 487 00:23:21,080 --> 00:23:24,080 again, reaching that application is one thing 488 00:23:24,080 --> 00:23:26,240 where we can segment the network 489 00:23:26,240 --> 00:23:30,440 so that that user doesn't even reach that application. 490 00:23:30,440 --> 00:23:33,120 But then we can also put the segmentation on the application 491 00:23:33,120 --> 00:23:34,280 and using something like a duo. 492 00:23:34,280 --> 00:23:37,920 So we allow network access to that IP address, 493 00:23:37,920 --> 00:23:41,720 but there's an authentication process that happens there 494 00:23:41,720 --> 00:23:43,760 to confirm if you're able to actually get 495 00:23:43,760 --> 00:23:44,920 into that application. 496 00:23:44,920 --> 00:23:48,360 So again, that just speaks to the multiple ways 497 00:23:48,360 --> 00:23:49,560 of enforcing it. 498 00:23:49,560 --> 00:23:52,080 And there's also the discussion about 499 00:23:53,000 --> 00:23:58,000 if it's logical to block as close as the user 500 00:23:59,000 --> 00:24:02,240 or as far as the user, as close as the application. 501 00:24:02,240 --> 00:24:07,240 So yeah, I've seen both and it becomes different 502 00:24:07,960 --> 00:24:10,400 from the architectural perspective. 503 00:24:10,400 --> 00:24:13,480 So that's pretty cool that you guys talk about that. 504 00:24:13,480 --> 00:24:15,560 Yeah, and then like you just mentioned, 505 00:24:15,560 --> 00:24:17,160 like blocking closer to the destination, 506 00:24:17,160 --> 00:24:18,960 that's like a concept of TrustSec, 507 00:24:18,960 --> 00:24:22,000 like looking at security group tags. 508 00:24:22,000 --> 00:24:24,560 This source can talk to this destination, 509 00:24:24,560 --> 00:24:27,160 but the enforcement really happens closer to that destination 510 00:24:27,160 --> 00:24:29,960 where that destination tag is known. 511 00:24:29,960 --> 00:24:33,600 There are ways that you can use SXP 512 00:24:33,600 --> 00:24:35,760 to send the mappings to other devices 513 00:24:35,760 --> 00:24:37,960 to enforce the policies, 514 00:24:37,960 --> 00:24:42,360 but in most cases it's done at that destination 515 00:24:42,360 --> 00:24:43,720 where that tag lives. 516 00:24:46,080 --> 00:24:49,760 Chad, these SGTs, these security group tags 517 00:24:49,760 --> 00:24:53,880 that we talk about when we hear ICE 518 00:24:53,880 --> 00:24:55,640 or identity services engine, 519 00:24:56,720 --> 00:24:58,360 hopefully we'll get to see a little bit of that tomorrow 520 00:24:58,360 --> 00:24:59,960 in the dashboard as well. 521 00:24:59,960 --> 00:25:02,160 So I know that's a big component there. 522 00:25:02,160 --> 00:25:03,000 Sure, for sure. 523 00:25:03,000 --> 00:25:07,520 So that is the concept of TrustSec or group-based policy 524 00:25:08,400 --> 00:25:12,080 where we're assigning tags to the traffic on the network. 525 00:25:12,080 --> 00:25:16,280 So there's a security group tag to an IP mapping 526 00:25:16,280 --> 00:25:18,320 and in the concept of TrustSec, 527 00:25:18,320 --> 00:25:20,760 there are three main components, the classification. 528 00:25:20,760 --> 00:25:24,040 So the tagging of that traffic can be done 529 00:25:24,040 --> 00:25:26,200 through authentication, can be done in line 530 00:25:26,200 --> 00:25:28,760 throughout the network, the propagation piece, 531 00:25:28,760 --> 00:25:32,160 so the passing those tags across the network 532 00:25:32,160 --> 00:25:34,200 and then the enforcement. 533 00:25:34,200 --> 00:25:37,360 And that's where we're able to put in 534 00:25:37,360 --> 00:25:39,040 and enforce the segmentation 535 00:25:39,040 --> 00:25:41,640 according to the policy that's configured. 536 00:25:41,640 --> 00:25:44,360 So something that I can't wait to show you guys 537 00:25:44,360 --> 00:25:46,600 just because it is so useful, 538 00:25:46,600 --> 00:25:48,800 especially if you have a Cisco network 539 00:25:48,800 --> 00:25:50,880 to take advantage of a solution like that, 540 00:25:51,760 --> 00:25:54,320 referred to as adaptive policy on the Meraki side. 541 00:25:54,320 --> 00:25:57,520 So the concept's still the same. 542 00:25:57,520 --> 00:26:01,880 And this is also what makes Cisco special, 543 00:26:01,880 --> 00:26:05,160 being able to enforce in the end segmentation. 544 00:26:05,160 --> 00:26:07,440 TrustSec is something that is available, of course, 545 00:26:07,440 --> 00:26:10,000 in the campus branch networks. 546 00:26:10,000 --> 00:26:13,520 We've added it to our SASE solutions, secure access, 547 00:26:13,520 --> 00:26:16,640 all the way to the public cloud environments, 548 00:26:16,640 --> 00:26:18,600 the data centers within ACI. 549 00:26:20,040 --> 00:26:24,000 It's just a helpful way to have that common policy as well. 550 00:26:24,000 --> 00:26:27,040 So something uniform, the same user, 551 00:26:27,040 --> 00:26:28,840 no matter where they are, has the same experience 552 00:26:28,840 --> 00:26:30,840 no matter where they're connected. 553 00:26:30,840 --> 00:26:34,640 For instance, if I come into a Cisco office in RTP, 554 00:26:34,640 --> 00:26:35,840 I should have the same experience 555 00:26:35,840 --> 00:26:39,320 as when I go to a Cisco office in Atlanta. 556 00:26:39,320 --> 00:26:43,080 And that's thanks to that common policy 557 00:26:43,080 --> 00:26:45,480 provided by our NEC. 558 00:26:47,000 --> 00:26:49,480 Yeah, those SGTs and anybody listening 559 00:26:49,480 --> 00:26:52,120 who wants to explore segmentation, 560 00:26:52,120 --> 00:26:54,720 do yourself a favor and look into what TrustSec is 561 00:26:54,720 --> 00:26:55,920 and just get a basic understanding. 562 00:26:55,920 --> 00:26:56,960 Because I kind of think of it 563 00:26:56,960 --> 00:26:59,080 as a more modernized way to segment. 564 00:26:59,080 --> 00:27:02,280 And I like that it's easier to think about for me, 565 00:27:02,280 --> 00:27:05,680 because I think of a tag following a packet around 566 00:27:05,680 --> 00:27:08,880 wherever it goes, however far it goes in the network, 567 00:27:08,880 --> 00:27:10,240 it still has that tag there. 568 00:27:10,240 --> 00:27:12,400 And I can take a look at that tag 569 00:27:12,400 --> 00:27:14,480 as I want to do some type of policy. 570 00:27:16,480 --> 00:27:18,200 All right, so we've talked about a lot 571 00:27:18,200 --> 00:27:20,880 and we've also talked about various places 572 00:27:20,880 --> 00:27:24,360 where we can do the segmentation and the network 573 00:27:24,360 --> 00:27:27,280 on the device, on the application, 574 00:27:27,280 --> 00:27:28,480 maybe on an access switch, 575 00:27:28,480 --> 00:27:31,840 maybe the network device, on a firewall, on the edge. 576 00:27:31,840 --> 00:27:36,120 So segmentation, I don't think there's like 577 00:27:36,120 --> 00:27:38,360 a super simple easy button for it. 578 00:27:38,360 --> 00:27:41,640 So like, what is it that journey to segmentation look like 579 00:27:41,640 --> 00:27:45,240 in terms of, or am I wrong? 580 00:27:45,240 --> 00:27:46,320 Is there an easy button? 581 00:27:46,320 --> 00:27:48,280 Is it a thing that takes a month long to do? 582 00:27:48,280 --> 00:27:50,720 Where do you, is it a never ending journey? 583 00:27:50,720 --> 00:27:53,200 Where do you go to start with something like this? 584 00:27:54,880 --> 00:27:57,000 It is in fact a journey. 585 00:27:57,000 --> 00:28:01,280 And it all starts with a good design, 586 00:28:01,280 --> 00:28:06,280 which again, goes into, Sam mentioned understanding 587 00:28:06,280 --> 00:28:10,200 one, the assets that are on your network, 588 00:28:10,200 --> 00:28:12,520 the applications, the resources 589 00:28:12,520 --> 00:28:14,360 that these users need access to 590 00:28:14,360 --> 00:28:18,480 and taking that to the drawing board. 591 00:28:18,480 --> 00:28:21,680 I feel like a solid segmentation design 592 00:28:21,680 --> 00:28:23,760 will only set you up for success. 593 00:28:24,680 --> 00:28:27,960 But again, that comes with having the visibility 594 00:28:27,960 --> 00:28:31,080 and understanding of what is present within your network 595 00:28:32,080 --> 00:28:35,320 instead of just jumping in and putting in rules. 596 00:28:35,320 --> 00:28:38,760 That's a quick and easy way to set yourself up for failure. 597 00:28:41,120 --> 00:28:42,080 It's a journey. 598 00:28:42,080 --> 00:28:42,920 It's a journey. 599 00:28:42,920 --> 00:28:47,240 And there are some people that are in the mature stages 600 00:28:47,240 --> 00:28:48,400 of that journey. 601 00:28:48,400 --> 00:28:53,400 So they have a solid macro segmentation design in place 602 00:28:53,760 --> 00:28:56,600 but explore micro segmentation 603 00:28:56,600 --> 00:29:00,120 as they do have these applications dispersed everywhere 604 00:29:00,120 --> 00:29:03,120 whether it's in the private cloud, public cloud. 605 00:29:03,120 --> 00:29:05,680 Again, it goes back to visibility and tying that into 606 00:29:05,680 --> 00:29:08,000 everything that you're doing on the campus side, 607 00:29:08,000 --> 00:29:09,560 campus and branch side as well. 608 00:29:10,680 --> 00:29:12,600 So do you have to answer your question? 609 00:29:12,600 --> 00:29:17,600 It is a journey and it all starts with the right design 610 00:29:17,600 --> 00:29:19,320 in my opinion. 611 00:29:19,320 --> 00:29:22,400 And you'd mentioned don't set yourself up for failure 612 00:29:22,400 --> 00:29:24,600 making it too strict right off the bat. 613 00:29:24,600 --> 00:29:29,600 Like maybe start broad, get some this large group 614 00:29:30,080 --> 00:29:32,760 of things communicating with this large group of users 615 00:29:32,760 --> 00:29:36,440 has or does not have access, maybe not so granular 616 00:29:36,440 --> 00:29:39,040 to very right off the bat. 617 00:29:39,040 --> 00:29:39,880 Exactly. 618 00:29:39,880 --> 00:29:42,440 And I learned that crawl, walk, run approach 619 00:29:42,440 --> 00:29:46,080 about working with the identity services engine. 620 00:29:46,080 --> 00:29:48,760 It is a beast of a solution. 621 00:29:48,760 --> 00:29:52,320 And it's one that you must take that crawl, walk, run 622 00:29:52,320 --> 00:29:56,440 approach to and it only sets you up for success. 623 00:29:56,440 --> 00:30:01,440 One thing that I've seen over the years is that 624 00:30:03,920 --> 00:30:06,520 it is so easy. 625 00:30:06,520 --> 00:30:09,880 Like when we talk about the identity services engine 626 00:30:09,880 --> 00:30:14,640 or ICE, it is so easy to make it super complex 627 00:30:14,640 --> 00:30:18,960 instead of just looking at it from a high level perspective. 628 00:30:18,960 --> 00:30:21,920 So that's the flexibility of the product. 629 00:30:21,920 --> 00:30:25,920 You can make it as easy or as complex as you want, 630 00:30:25,920 --> 00:30:28,440 but yeah, that's one thing to think about. 631 00:30:30,360 --> 00:30:33,760 We talk about complexity being the enemy of security. 632 00:30:33,760 --> 00:30:36,900 Yeah, like I'm a big fan of just keeping it simple. 633 00:30:37,840 --> 00:30:40,960 And I think you can mess a lot up 634 00:30:40,960 --> 00:30:44,320 and you overcomplicate something like segmentation as well. 635 00:30:45,800 --> 00:30:48,880 Or if it is complex, that's okay. 636 00:30:48,880 --> 00:30:51,760 But like, let's kind of conceal that 637 00:30:51,760 --> 00:30:54,480 or let some type of tool worry about the complexity 638 00:30:54,480 --> 00:30:57,280 and let us humans kind of view this in a simplistic way 639 00:30:57,280 --> 00:31:00,600 to make sure we're not cutting someone's access off 640 00:31:00,600 --> 00:31:03,040 or over allowing access. 641 00:31:04,080 --> 00:31:04,920 Exactly. 642 00:31:06,440 --> 00:31:07,280 Yep. 643 00:31:08,160 --> 00:31:11,120 All right, so glad we have you back, Tom. 644 00:31:11,120 --> 00:31:14,480 I know you lost power for a minute there, so. 645 00:31:14,480 --> 00:31:16,200 Oh yeah, sorry about that. 646 00:31:16,200 --> 00:31:18,160 The Grinch was trying to get me, but. 647 00:31:18,160 --> 00:31:23,160 You can't keep sailing away for too long, yeah. 648 00:31:23,160 --> 00:31:25,680 Yeah, dealing with some storms here in North Carolina, 649 00:31:25,680 --> 00:31:28,680 so rainy days. 650 00:31:28,680 --> 00:31:30,280 Yeah, yep. 651 00:31:30,280 --> 00:31:32,200 Now usually it's Andres down in Miami 652 00:31:32,200 --> 00:31:35,720 dealing with high wind and storms and all that. 653 00:31:35,720 --> 00:31:37,440 He's living the good life right now. 654 00:31:37,440 --> 00:31:39,960 What is it, 80 degrees down there and. 655 00:31:39,960 --> 00:31:41,560 It's 70 something. 656 00:31:41,560 --> 00:31:43,920 70 something, sun, no. 657 00:31:43,920 --> 00:31:45,060 Must be nice. 658 00:31:46,120 --> 00:31:48,040 And here in North Carolina fashion, 659 00:31:48,040 --> 00:31:49,760 I mean, it's freezing one day 660 00:31:49,760 --> 00:31:54,760 and then the next day is 67 degrees, so. 661 00:31:54,840 --> 00:31:57,000 Yeah, it's a roller coaster here. 662 00:31:57,000 --> 00:31:58,320 That's crazy. 663 00:31:58,320 --> 00:32:01,320 All right, guys, so I do have the next question 664 00:32:01,320 --> 00:32:05,800 and this one is I guess what everybody's waiting to hear 665 00:32:05,800 --> 00:32:10,760 from the session is, and we have the pros here, 666 00:32:10,760 --> 00:32:15,760 so what are the secret tips or things that you guys know 667 00:32:15,760 --> 00:32:20,760 to make this easy to start that segmentation conversation 668 00:32:23,720 --> 00:32:24,960 inside of the company? 669 00:32:24,960 --> 00:32:29,960 Like what do you see it's the best way 670 00:32:30,040 --> 00:32:33,600 or the best route to start thinking about it? 671 00:32:34,880 --> 00:32:38,880 Yeah, I think the main thing is, 672 00:32:38,880 --> 00:32:41,960 you know, trying to understand your security policy, 673 00:32:41,960 --> 00:32:44,080 really knowing the organization 674 00:32:44,080 --> 00:32:47,920 is appetite for risk and the value of all your assets. 675 00:32:47,920 --> 00:32:50,400 So the visibility part is gonna be key. 676 00:32:51,680 --> 00:32:55,360 Making sure you can have those dynamic policies. 677 00:32:55,360 --> 00:32:58,320 And then also another key tip is, 678 00:32:58,320 --> 00:33:00,080 you don't have to turn everything on 679 00:33:00,080 --> 00:33:02,760 in enforcement mode from the start. 680 00:33:02,760 --> 00:33:04,560 So you don't wanna break anything, 681 00:33:04,560 --> 00:33:06,120 so you definitely wanna start broad 682 00:33:06,120 --> 00:33:10,160 and then start adding granular policies later. 683 00:33:10,160 --> 00:33:12,360 Like if you wanna quarantine, 684 00:33:12,360 --> 00:33:15,280 a device or put them on a quarantine VLAN. 685 00:33:15,280 --> 00:33:18,800 So monitor mode is gonna be crucial 686 00:33:18,800 --> 00:33:22,160 in helping you understand the impact of your policies 687 00:33:22,160 --> 00:33:23,480 before you roll them out. 688 00:33:24,360 --> 00:33:28,320 100%, that's a great pro tip right there. 689 00:33:28,320 --> 00:33:33,320 Monitoring mode and when you go and just toggle that switch 690 00:33:33,800 --> 00:33:37,880 and start blocking things as network administrators, 691 00:33:37,880 --> 00:33:39,720 get ready for some calls. 692 00:33:39,720 --> 00:33:44,720 So that is a great tip in a second there. 693 00:33:46,320 --> 00:33:49,320 What about changes on Friday at 5pm? 694 00:33:49,320 --> 00:33:50,160 Oh yeah, yeah. 695 00:33:50,160 --> 00:33:51,960 Oh my gosh. 696 00:33:51,960 --> 00:33:54,800 Set yourself up. 697 00:33:54,800 --> 00:33:57,240 I love the, I think every tool for, 698 00:33:57,240 --> 00:34:00,000 it's a segmentation tool should have a visibility mode 699 00:34:00,000 --> 00:34:04,360 or discovery monitoring mode without enforcement. 700 00:34:04,360 --> 00:34:05,200 So great. 701 00:34:05,200 --> 00:34:07,000 So I think that's a great tip. 702 00:34:07,000 --> 00:34:10,000 Monitoring mode without enforcement. 703 00:34:10,000 --> 00:34:11,800 Great pro tip on that one. 704 00:34:15,800 --> 00:34:17,560 Try to think that's a good one. 705 00:34:17,560 --> 00:34:18,560 I was trying to think of a second one, 706 00:34:18,560 --> 00:34:23,560 but that's one that I've seen burn our customers in the past. 707 00:34:23,760 --> 00:34:25,320 Just not even thinking about it 708 00:34:25,320 --> 00:34:27,760 and clicking on something, changing the default rule, 709 00:34:27,760 --> 00:34:30,880 then next thing you know, you lose access. 710 00:34:31,960 --> 00:34:33,080 So yeah. 711 00:34:33,080 --> 00:34:34,760 Can we, 712 00:34:34,760 --> 00:34:39,520 you guys are very familiar with ICE and Duo. 713 00:34:39,520 --> 00:34:42,440 Can you do something like that on one of those tools 714 00:34:42,440 --> 00:34:46,480 where we have discovery only without enforcement mode? 715 00:34:46,480 --> 00:34:47,320 You can. 716 00:34:47,320 --> 00:34:49,360 So, and what I was mentioning with TrustSec, 717 00:34:49,360 --> 00:34:51,120 where you have that matrix, 718 00:34:51,120 --> 00:34:53,600 that there is a monitoring mode in that. 719 00:34:53,600 --> 00:34:57,480 So you can get an understanding of what will be blocked, 720 00:34:57,480 --> 00:35:00,920 what will be allowed before you actually put it in place. 721 00:35:00,920 --> 00:35:03,520 Same thing with authentication. 722 00:35:03,520 --> 00:35:05,200 When you put that on switch ports, 723 00:35:05,200 --> 00:35:08,360 there's a monitoring mode, close mode, open mode, 724 00:35:08,360 --> 00:35:11,480 where you can make sure that that switchboard 725 00:35:11,480 --> 00:35:14,800 is getting the access it needs 726 00:35:14,800 --> 00:35:17,240 based on that user, based on that endpoint, 727 00:35:17,240 --> 00:35:19,200 without actually impacting the traffic. 728 00:35:20,240 --> 00:35:23,800 So it's a good start in place to keep your users happy, 729 00:35:23,800 --> 00:35:27,240 but also help you fine tune your security policy. 730 00:35:27,240 --> 00:35:29,400 Yeah, it's the same for Duo as well. 731 00:35:29,400 --> 00:35:33,440 So for certain applications, as you're rolling it out, 732 00:35:33,440 --> 00:35:37,480 you can allow access without the 2FA, 733 00:35:37,480 --> 00:35:38,520 just for visibility. 734 00:35:38,520 --> 00:35:40,520 And in some cases, if you're doing things 735 00:35:40,520 --> 00:35:42,040 like trusted endpoints, 736 00:35:42,040 --> 00:35:44,560 where you wanna look at another system 737 00:35:44,560 --> 00:35:48,400 to verify that this device is something that you know about 738 00:35:48,400 --> 00:35:51,040 or it's within your MDM, 739 00:35:51,040 --> 00:35:54,480 you can get that visibility in monitor mode first, 740 00:35:54,480 --> 00:35:56,520 understand what types of devices 741 00:35:56,520 --> 00:35:58,800 are even trying to connect to your apps. 742 00:35:58,800 --> 00:36:01,400 And then once you have that knowledge, 743 00:36:01,400 --> 00:36:03,360 then you can enforce. 744 00:36:03,360 --> 00:36:05,440 You don't wanna start blocking first. 745 00:36:05,440 --> 00:36:06,640 Oh, that's awesome. 746 00:36:06,640 --> 00:36:08,320 Yeah, I love tools like that. 747 00:36:08,320 --> 00:36:11,480 I can confidently and safely roll out. 748 00:36:11,480 --> 00:36:12,920 Chad, you mentioned those, 749 00:36:12,920 --> 00:36:14,520 you know, when once those calls, 750 00:36:14,520 --> 00:36:16,480 those help desk tickets, 751 00:36:16,480 --> 00:36:18,680 those ones that we got in tack all the time. 752 00:36:18,680 --> 00:36:20,880 Right. 753 00:36:20,880 --> 00:36:23,880 Yeah, that was, especially on a Friday, like Andre said. 754 00:36:23,880 --> 00:36:28,800 Now guys, tomorrow when we're seeing, 755 00:36:28,800 --> 00:36:31,240 you know, the live dashboards, 756 00:36:31,240 --> 00:36:33,520 let's talk a little bit about the role Cisco 757 00:36:33,520 --> 00:36:35,280 has in segmentation. 758 00:36:35,280 --> 00:36:36,280 We've been talking about ICE, 759 00:36:36,280 --> 00:36:37,400 we've been talking about Duo, 760 00:36:37,400 --> 00:36:38,920 on top of my mind I'm thinking like 761 00:36:38,920 --> 00:36:41,160 multi-cloud defense as well. 762 00:36:41,160 --> 00:36:43,440 Tell us a little bit about Cisco 763 00:36:43,440 --> 00:36:46,720 and the role that Cisco plays in segmentation. 764 00:36:49,000 --> 00:36:50,560 And I can jump in. 765 00:36:50,560 --> 00:36:52,120 So like you mentioned, I mean, 766 00:36:53,720 --> 00:36:56,160 there's a lot of products that help 767 00:36:56,160 --> 00:37:01,040 make up our entire segmentation vision and framework. 768 00:37:01,040 --> 00:37:04,240 And it starts with our NAT ICE 769 00:37:04,240 --> 00:37:08,280 being that core of Cisco segmentation, 770 00:37:08,280 --> 00:37:12,040 having that unified or common policy across the board. 771 00:37:12,960 --> 00:37:16,560 But then the way that that solution ties into 772 00:37:16,560 --> 00:37:18,920 the rest of the security stack, 773 00:37:18,920 --> 00:37:20,320 ties into the firewalls, 774 00:37:20,320 --> 00:37:22,200 it ties into the endpoint. 775 00:37:22,200 --> 00:37:25,320 I mentioned it ties into SASE, into the data center, 776 00:37:25,320 --> 00:37:27,880 to do things like rapid threat containment. 777 00:37:27,880 --> 00:37:30,520 Going back to the proactive versus reactive side 778 00:37:30,520 --> 00:37:32,720 and automating things. 779 00:37:32,720 --> 00:37:36,280 ICE has a feature called rapid threat containment, 780 00:37:36,280 --> 00:37:37,920 to where we're using API calls 781 00:37:37,920 --> 00:37:41,320 to from other security solutions to take action. 782 00:37:41,320 --> 00:37:44,000 So the firewall sees something suspicious, 783 00:37:44,000 --> 00:37:46,160 let ICE know so we can take action 784 00:37:46,160 --> 00:37:48,800 at the access layer of the network. 785 00:37:48,800 --> 00:37:50,680 Something happens in your EDR solution, 786 00:37:50,680 --> 00:37:52,880 when you're using secure endpoint. 787 00:37:52,880 --> 00:37:54,640 Endpoint will make your firewall aware of it, 788 00:37:54,640 --> 00:37:56,960 endpoint will make ICE aware of these activity 789 00:37:56,960 --> 00:37:59,920 and automate containment, 790 00:37:59,920 --> 00:38:01,000 automate quarantine. 791 00:38:02,120 --> 00:38:07,120 So there are a number of products that make that possible. 792 00:38:09,840 --> 00:38:11,920 And when you integrate those, 793 00:38:11,920 --> 00:38:14,040 that's what it makes your life easier 794 00:38:14,040 --> 00:38:17,080 when it comes to implement segmentation. 795 00:38:17,080 --> 00:38:21,400 So with ICE, secure firewall, secure endpoint, 796 00:38:21,400 --> 00:38:24,880 multi-cloud defense, secure access, 797 00:38:24,880 --> 00:38:26,520 can all make use of the common policy 798 00:38:26,520 --> 00:38:30,200 to enforce segmentation on the proactive 799 00:38:30,200 --> 00:38:31,800 as well as on the reactive side. 800 00:38:32,760 --> 00:38:37,040 Yep, and also for like for the data center and the cloud, 801 00:38:38,160 --> 00:38:41,240 Cisco also has a couple of different solutions 802 00:38:41,240 --> 00:38:43,240 where we can offer a fabric. 803 00:38:44,360 --> 00:38:47,360 So being able to integrate the network 804 00:38:47,360 --> 00:38:49,520 with those applications is key 805 00:38:49,520 --> 00:38:52,120 and something a lot of the competition 806 00:38:52,120 --> 00:38:53,680 doesn't really offer, right? 807 00:38:53,680 --> 00:38:58,680 So we can ensure that it's an end to end segmentation policy. 808 00:38:58,880 --> 00:39:02,120 But for certain products like multi-cloud defense, 809 00:39:02,120 --> 00:39:06,120 we have a visibility so we can pull in all of the NSGs 810 00:39:07,760 --> 00:39:11,200 or the security groups or any of the rules you have 811 00:39:11,200 --> 00:39:14,120 in your cloud environments 812 00:39:14,120 --> 00:39:16,720 before we start doing any enforcement. 813 00:39:16,720 --> 00:39:18,880 So letting you know what's out there. 814 00:39:18,880 --> 00:39:21,400 And then also we have secure workload, 815 00:39:21,400 --> 00:39:25,560 which allows you to do that application micro segmentation. 816 00:39:25,560 --> 00:39:27,640 And the workload is going to have 817 00:39:27,640 --> 00:39:29,520 multiple enforcement points. 818 00:39:29,520 --> 00:39:33,720 And we'll be able to gather information on the vulnerability 819 00:39:33,720 --> 00:39:37,160 of the types of dependencies on the application, 820 00:39:37,160 --> 00:39:39,880 all of the communication between the different components 821 00:39:39,880 --> 00:39:41,560 of the overall app. 822 00:39:42,760 --> 00:39:45,720 All of that dependency is gonna be automated as well. 823 00:39:45,720 --> 00:39:49,280 And then we can also show you what would have happened 824 00:39:49,280 --> 00:39:52,800 if we turned this on in enforcement mode 825 00:39:52,800 --> 00:39:54,240 in workload also. 826 00:39:55,360 --> 00:39:59,040 And then multi-cloud defense, we can automate that east-west. 827 00:39:59,040 --> 00:40:03,720 So some of that lateral traffic through zones in the cloud. 828 00:40:06,040 --> 00:40:07,840 In addition to everything Chad said, 829 00:40:07,840 --> 00:40:10,480 but that's from the data center and the cloud side. 830 00:40:11,640 --> 00:40:14,600 Multi-cloud defense is becoming one of my favorite products. 831 00:40:14,600 --> 00:40:16,160 Oh man, totally. 832 00:40:16,160 --> 00:40:17,320 Getting the visibility, 833 00:40:17,320 --> 00:40:20,680 especially if you're in a different cloud environment, 834 00:40:20,680 --> 00:40:24,360 you don't have to be proficient in Azure or AWS 835 00:40:24,360 --> 00:40:26,040 to deploy this solution out 836 00:40:26,040 --> 00:40:28,640 and have it tie into everything else you're doing 837 00:40:28,640 --> 00:40:29,480 on premises. 838 00:40:29,480 --> 00:40:31,520 So I do love what we've done with that. 839 00:40:31,520 --> 00:40:33,560 I love that defense. 840 00:40:33,560 --> 00:40:36,600 Like taking something that no one wants to deal with, 841 00:40:36,600 --> 00:40:40,480 cloud complexity segmentation, confusing, 842 00:40:40,480 --> 00:40:41,400 where do I start? 843 00:40:41,400 --> 00:40:44,080 And then like completely making this as simple 844 00:40:44,080 --> 00:40:45,080 as it could be. 845 00:40:45,080 --> 00:40:47,080 Yeah, I could not agree more. 846 00:40:47,080 --> 00:40:47,920 I think that's- 847 00:40:47,920 --> 00:40:49,720 The last thing, oh, go ahead. 848 00:40:49,720 --> 00:40:52,040 No, I was gonna say something silly 849 00:40:52,040 --> 00:40:54,480 that's making a lot of us look like we know 850 00:40:54,480 --> 00:40:55,880 what we're doing in cloud. 851 00:40:57,640 --> 00:40:59,040 Don't be fooled anybody. 852 00:41:00,720 --> 00:41:04,800 Yeah, the last thing I'll mention is the Cisco Secure Access. 853 00:41:05,680 --> 00:41:09,400 So Secure Access, we're able to use resource connectors. 854 00:41:09,400 --> 00:41:13,060 So we can hide applications for hybrid workers. 855 00:41:14,200 --> 00:41:16,240 So you have to come through our stack 856 00:41:16,240 --> 00:41:19,080 to even be exposed to that application. 857 00:41:19,080 --> 00:41:22,080 And then we also have that in Duo as well 858 00:41:22,080 --> 00:41:23,880 with the reverse proxy. 859 00:41:23,880 --> 00:41:27,480 But that's gonna limit the exposure to the app. 860 00:41:27,480 --> 00:41:31,360 And then you can also add posture 861 00:41:31,360 --> 00:41:36,080 and like device identity policies on top of that traffic. 862 00:41:36,080 --> 00:41:39,480 That's a good call about the resource connectors 863 00:41:39,480 --> 00:41:42,800 in Secure Access and then the DNG and Duo. 864 00:41:42,800 --> 00:41:45,120 Yeah, cause that's a good part of segmentation 865 00:41:45,120 --> 00:41:48,360 when you're giving access just through an application, 866 00:41:48,360 --> 00:41:50,000 you don't have that lateral movement 867 00:41:50,000 --> 00:41:53,040 like the IP based lateral movement 868 00:41:53,040 --> 00:41:55,920 that like a traditional remote access VPN would give you. 869 00:41:55,920 --> 00:41:58,620 So yeah, good fundamental approach there. 870 00:42:00,360 --> 00:42:03,160 So I will say this, I think a lot of times, 871 00:42:03,160 --> 00:42:06,080 as technical people we're just in the dashboards 872 00:42:06,080 --> 00:42:09,980 and technical details, but I do say I am, 873 00:42:09,980 --> 00:42:12,400 I was pretty awesome in Cisco with the recent awards 874 00:42:12,400 --> 00:42:15,040 with Gartner and Forrester for both Zero Trust 875 00:42:15,040 --> 00:42:18,080 and Leaders in Micro Segmentation, 876 00:42:18,080 --> 00:42:19,360 including Enterprise Firewall. 877 00:42:19,360 --> 00:42:22,440 So I'm glad to see segmentation 878 00:42:22,440 --> 00:42:24,240 as a primary focus of Cisco there 879 00:42:24,240 --> 00:42:27,920 and kind of shows through those awards there. 880 00:42:28,960 --> 00:42:29,800 For sure. 881 00:42:29,800 --> 00:42:33,540 And it's nice to see so many products 882 00:42:33,540 --> 00:42:35,440 that we create integrating together. 883 00:42:35,440 --> 00:42:39,680 So think about SGTs, Trosik, 884 00:42:39,680 --> 00:42:43,120 how they're expanding to other products. 885 00:42:43,120 --> 00:42:45,800 And that makes a lot of sense. 886 00:42:45,800 --> 00:42:47,440 All right, even non-Cisco. 887 00:42:47,440 --> 00:42:50,480 I mean, you think about like Palo firewalls 888 00:42:50,480 --> 00:42:52,960 can make use of Trosik tags. 889 00:42:52,960 --> 00:42:57,960 So the development, the evolution of Cisco security 890 00:42:58,560 --> 00:43:02,080 is we're seeing some success now 891 00:43:02,080 --> 00:43:04,320 because if a security stack is integrated, 892 00:43:04,320 --> 00:43:06,120 I mean, there's a good chance 893 00:43:06,120 --> 00:43:09,280 that you will have an effective security policy. 894 00:43:09,280 --> 00:43:11,020 Yeah, that's a great call out. 895 00:43:11,020 --> 00:43:14,820 All right, Mike, what do you think? 896 00:43:14,820 --> 00:43:15,940 Man, let's do it. 897 00:43:15,940 --> 00:43:17,900 The moment we've all been waiting for. 898 00:43:19,940 --> 00:43:23,060 All right, so for today, 899 00:43:23,060 --> 00:43:25,660 we have a rapid fire Christmas questions. 900 00:43:25,660 --> 00:43:29,260 And I don't know, how do we want to do this? 901 00:43:29,260 --> 00:43:31,540 But I'm gonna shoot the first one. 902 00:43:31,540 --> 00:43:34,560 Maybe all of us want to answer it. 903 00:43:35,660 --> 00:43:39,580 But what is your favorite Christmas movie? 904 00:43:39,580 --> 00:43:42,520 And before anybody take it from me, 905 00:43:42,520 --> 00:43:44,440 I'm gonna say Home Alone. 906 00:43:44,440 --> 00:43:46,200 Oh, good one, one or two. 907 00:43:47,360 --> 00:43:48,200 One. 908 00:43:49,200 --> 00:43:50,200 Yeah. 909 00:43:51,400 --> 00:43:53,120 Yeah, one's good. 910 00:43:53,120 --> 00:43:54,820 What about you Chad? 911 00:43:55,800 --> 00:43:57,720 I will have to go with Santa Claus. 912 00:43:59,000 --> 00:44:00,980 Santa Claus with Tim Allen. 913 00:44:00,980 --> 00:44:05,980 That is probably one of my favorite Christmas movies. 914 00:44:10,100 --> 00:44:11,380 Santa falls off the roof, 915 00:44:11,380 --> 00:44:14,160 he puts on the Santa suit becomes Santa Claus. 916 00:44:15,380 --> 00:44:16,980 That was Tim Allen, right? 917 00:44:16,980 --> 00:44:18,140 Yeah, that's Tim Allen. 918 00:44:18,140 --> 00:44:19,540 Yeah, yeah, yeah. 919 00:44:19,540 --> 00:44:23,740 Yeah, so that's up there, at least my top three. 920 00:44:23,740 --> 00:44:25,140 It might be my favorite. 921 00:44:25,140 --> 00:44:26,740 Home Alone is up there for sure. 922 00:44:27,740 --> 00:44:28,580 Yeah. 923 00:44:28,580 --> 00:44:29,420 What about you, Phil? 924 00:44:29,420 --> 00:44:32,580 Yeah, I'll have to say the Rudolph the Red Nose Reindeer. 925 00:44:33,580 --> 00:44:35,380 I just like the design. 926 00:44:35,380 --> 00:44:36,420 Like the- 927 00:44:36,420 --> 00:44:37,660 So cool. 928 00:44:37,660 --> 00:44:38,820 Yeah, it's cool. 929 00:44:38,820 --> 00:44:43,500 Like how, you know, the different characters. 930 00:44:43,500 --> 00:44:45,340 Yeah, just how they designed the movie. 931 00:44:45,340 --> 00:44:46,440 This is great. 932 00:44:46,440 --> 00:44:49,340 No, I was gonna say National Lampoon's Christmas 933 00:44:49,340 --> 00:44:52,820 Chevy Chase, but I think I'm actually with Chad. 934 00:44:52,820 --> 00:44:55,340 Edges it out, the Rudolph with the claymation 935 00:44:55,340 --> 00:44:58,840 and how cool that uniqueness is there. 936 00:44:58,840 --> 00:45:00,980 But man, that's tough to beat that National Lampoon's 937 00:45:00,980 --> 00:45:01,820 Chevy Chase. 938 00:45:01,820 --> 00:45:03,020 He also falls off the roof. 939 00:45:03,020 --> 00:45:05,620 He's got all those Christmas lights he's trying to hang up. 940 00:45:06,740 --> 00:45:08,580 What about Die Hard? 941 00:45:08,580 --> 00:45:10,380 Die Hard, oh man, that's good. 942 00:45:11,580 --> 00:45:14,160 You know, I've seen, have you guys seen any like, 943 00:45:14,160 --> 00:45:16,840 of the more like the deeper side of Christmas, 944 00:45:16,840 --> 00:45:19,300 like the scary Santa Claus movies? 945 00:45:19,300 --> 00:45:21,900 I saw one last year where Santa Claus has got to like 946 00:45:21,900 --> 00:45:25,540 send off these people robbing this house and he's got- 947 00:45:25,540 --> 00:45:26,380 Oh no, I haven't seen that. 948 00:45:26,380 --> 00:45:29,340 I haven't seen that either. 949 00:45:29,340 --> 00:45:30,180 I haven't seen that. 950 00:45:30,180 --> 00:45:32,260 It's like the Grinch is up there too, you know, 951 00:45:32,260 --> 00:45:33,100 as a classic. 952 00:45:33,100 --> 00:45:33,980 Oh. 953 00:45:33,980 --> 00:45:36,380 Introduce my daughters to the Grinch and 954 00:45:38,380 --> 00:45:40,780 we watched the real movie and I think that might've 955 00:45:40,780 --> 00:45:41,980 scared them a little bit. 956 00:45:41,980 --> 00:45:45,860 Just like the real people. 957 00:45:45,860 --> 00:45:49,060 But yeah, the Grinch has been on repeat at my house. 958 00:45:49,060 --> 00:45:51,700 Christmas Story with the Red Rider BB gun. 959 00:45:51,700 --> 00:45:53,780 Man, that's so awesome. 960 00:45:53,780 --> 00:45:55,660 Yeah, classic. 961 00:45:55,660 --> 00:45:58,460 Right, I have another one. 962 00:45:58,460 --> 00:46:00,380 We have a few here on the list, 963 00:46:00,380 --> 00:46:02,500 but I'm gonna pick another one that 964 00:46:02,500 --> 00:46:04,900 probably be controversial or not. 965 00:46:04,900 --> 00:46:07,660 What about Christmas tree? 966 00:46:07,660 --> 00:46:12,200 Do you prefer fake Christmas tree or a real Christmas tree? 967 00:46:13,220 --> 00:46:15,660 I'm sure that you won't get canceled if you choose to. 968 00:46:15,660 --> 00:46:16,500 Either way. 969 00:46:16,500 --> 00:46:17,320 It's a fake- 970 00:46:17,320 --> 00:46:18,780 Yeah, I just think fake. 971 00:46:18,780 --> 00:46:21,340 It's just easier and then, yeah, 972 00:46:21,340 --> 00:46:23,940 just not dealing with like bugs and critters 973 00:46:23,940 --> 00:46:24,760 and stuff like that. 974 00:46:24,760 --> 00:46:26,860 I don't know, I've never had a real Christmas tree. 975 00:46:26,860 --> 00:46:28,300 So we've always done fake. 976 00:46:29,700 --> 00:46:33,860 And I always, I've done the real one and the smell, 977 00:46:33,860 --> 00:46:35,500 the smell is really nice. 978 00:46:35,500 --> 00:46:36,580 So yes. 979 00:46:36,580 --> 00:46:37,420 Yeah. 980 00:46:37,420 --> 00:46:38,620 I miss that smell. 981 00:46:38,620 --> 00:46:40,780 I've always had a real tree. 982 00:46:40,780 --> 00:46:43,540 Definitely considered the fake tree just for 983 00:46:43,540 --> 00:46:46,340 ease of setting it up, putting it apart. 984 00:46:47,860 --> 00:46:49,900 There's a lot that comes with the fake or the real tree. 985 00:46:49,900 --> 00:46:52,780 Of course, I mean, you mentioned bugs. 986 00:46:52,780 --> 00:46:55,180 I usually don't have the bugs issue, but like, 987 00:46:55,180 --> 00:46:56,220 when you bring in the Christmas tree 988 00:46:56,220 --> 00:47:00,940 and you got sap all over your hands, you get watered. 989 00:47:00,940 --> 00:47:04,220 But I think it's part of like my family tradition too, 990 00:47:04,220 --> 00:47:07,160 just like going out, picking the perfect tree, 991 00:47:08,620 --> 00:47:10,220 putting it on the car, taking it off. 992 00:47:10,220 --> 00:47:12,900 And to share those experiences with my daughter 993 00:47:12,900 --> 00:47:15,220 is something that will probably keep me doing 994 00:47:15,220 --> 00:47:16,040 the real tree. 995 00:47:16,040 --> 00:47:18,620 But there have been those years where I'm like, 996 00:47:18,620 --> 00:47:19,860 I'm just going with the fake tree. 997 00:47:19,860 --> 00:47:22,180 But they're just like, what about the smells? 998 00:47:22,180 --> 00:47:26,080 Like you get the, the smell of the fish tree. 999 00:47:26,080 --> 00:47:28,740 But I'm a real tree, real tree guy. 1000 00:47:28,740 --> 00:47:31,620 Yeah. I refer to the real tree. 1001 00:47:31,620 --> 00:47:32,940 We do have, we've had a fake one 1002 00:47:32,940 --> 00:47:35,060 for the past couple of years. 1003 00:47:35,060 --> 00:47:36,500 But yeah, man, nothing beats for me, 1004 00:47:36,500 --> 00:47:38,500 that real one with the real smell. 1005 00:47:38,500 --> 00:47:41,680 And I have to go back to the National Lampoon's, 1006 00:47:41,680 --> 00:47:42,980 you know, Chevy Chase Christmas. 1007 00:47:42,980 --> 00:47:43,820 Like they do that. 1008 00:47:43,820 --> 00:47:46,420 They go out in the field and cut down that, 1009 00:47:46,420 --> 00:47:48,980 they try to cut down the tree, but they forgot the sauce. 1010 00:47:48,980 --> 00:47:50,300 So they just rip it out from the roofs 1011 00:47:50,300 --> 00:47:53,580 and put it on the car and, you know, get home that way. 1012 00:47:54,660 --> 00:47:55,500 Oh, that's awesome. 1013 00:47:55,500 --> 00:47:57,280 A lot of fun season. 1014 00:47:58,940 --> 00:47:59,780 Well, all right. 1015 00:47:59,780 --> 00:48:01,060 I have the last one. 1016 00:48:01,060 --> 00:48:06,060 And this one's gonna be your favorite holiday tradition. 1017 00:48:06,180 --> 00:48:07,980 So I'll get started with you Chad. 1018 00:48:09,220 --> 00:48:11,740 Favorite holiday tradition is just getting together 1019 00:48:11,740 --> 00:48:12,580 with my family. 1020 00:48:13,580 --> 00:48:15,100 I have a huge family. 1021 00:48:15,100 --> 00:48:19,140 Like I have tons of cousins, aunts and uncles. 1022 00:48:19,140 --> 00:48:22,820 And we usually get together at my house, my parents' house. 1023 00:48:22,820 --> 00:48:26,700 So, I mean, it's madness, a ton of food, 1024 00:48:26,700 --> 00:48:28,100 a bunch of kids running around, 1025 00:48:28,100 --> 00:48:31,580 everyone's laughing and having a good time playing games. 1026 00:48:31,580 --> 00:48:35,760 So I would say just that family time is, 1027 00:48:35,760 --> 00:48:39,440 that's all I know when it comes to Christmas time. 1028 00:48:39,440 --> 00:48:41,700 So I would say that's my favorite tradition, 1029 00:48:41,700 --> 00:48:44,180 just getting extended family together. 1030 00:48:45,260 --> 00:48:46,620 Nice. 1031 00:48:46,620 --> 00:48:49,540 Yeah, I'll say like the community outreach. 1032 00:48:49,540 --> 00:48:52,940 So always giving back during the holidays, 1033 00:48:52,940 --> 00:48:55,220 it's a tough time for people who are at need 1034 00:48:55,220 --> 00:48:58,340 and we're blessed with our job 1035 00:48:58,340 --> 00:49:00,440 and the things we do for a living. 1036 00:49:00,440 --> 00:49:02,420 So just getting together with family, 1037 00:49:02,420 --> 00:49:05,180 getting together with friends to do some type of give back, 1038 00:49:05,180 --> 00:49:08,840 whether it's an angel tree or donating gifts. 1039 00:49:08,840 --> 00:49:11,060 That brings a lot of joy to me and my family 1040 00:49:11,060 --> 00:49:11,980 during the holidays. 1041 00:49:11,980 --> 00:49:16,980 So definitely say that's my favorite part of the year. 1042 00:49:17,700 --> 00:49:18,540 That's awesome. 1043 00:49:18,540 --> 00:49:19,380 What about you, Mike? 1044 00:49:20,180 --> 00:49:21,780 Man, those are, I could not agree more 1045 00:49:21,780 --> 00:49:23,960 with both of those, family and the giving. 1046 00:49:25,060 --> 00:49:28,060 My favorite thing is we do this like, 1047 00:49:28,060 --> 00:49:29,340 if you guys on the white elephant thing 1048 00:49:29,340 --> 00:49:30,500 where everybody gets one gift 1049 00:49:30,500 --> 00:49:32,140 and you go around in the circle, 1050 00:49:32,140 --> 00:49:35,220 that's really fun to see what everyone's gonna bring. 1051 00:49:35,220 --> 00:49:39,100 I do that with my family and, you know, 1052 00:49:39,100 --> 00:49:41,780 just to see what everybody was thinking about 1053 00:49:41,780 --> 00:49:43,100 in terms of bringing their present 1054 00:49:43,100 --> 00:49:45,700 and you don't know what you're gonna end up with, 1055 00:49:45,700 --> 00:49:47,020 it's pretty cool. 1056 00:49:48,020 --> 00:49:49,340 That's nice. 1057 00:49:49,340 --> 00:49:50,420 How about you, Andres? 1058 00:49:50,420 --> 00:49:51,980 Yeah, that's nice. 1059 00:49:51,980 --> 00:49:56,980 In my house, and I will say in every Latin house, 1060 00:49:58,960 --> 00:50:02,900 we don't open the presents on the 25th. 1061 00:50:02,900 --> 00:50:05,800 We wait until midnight to open the presents. 1062 00:50:08,140 --> 00:50:08,980 Yeah. 1063 00:50:08,980 --> 00:50:11,620 So midnight on the 24th. 1064 00:50:11,620 --> 00:50:13,060 On the Christmas Eve. 1065 00:50:13,060 --> 00:50:14,300 Christmas Eve night, okay. 1066 00:50:14,300 --> 00:50:15,420 Oh, okay. 1067 00:50:15,420 --> 00:50:16,260 Nice. 1068 00:50:16,260 --> 00:50:20,860 So we usually have, so the funny thing is that we have, 1069 00:50:20,860 --> 00:50:25,100 we have the dinner, then probably at six, 7 p.m., 1070 00:50:25,100 --> 00:50:27,660 everybody just goes crazy, starts running around, 1071 00:50:27,660 --> 00:50:29,580 but everybody's waiting until 12. 1072 00:50:30,460 --> 00:50:35,460 And if you have kids and the presents are a bunch of things 1073 00:50:37,100 --> 00:50:39,160 that they can use and they can, you know, 1074 00:50:39,160 --> 00:50:41,860 go outside and mess around, yeah. 1075 00:50:41,860 --> 00:50:45,020 They probably go to bed at like 3 a.m., 4 a.m., 1076 00:50:45,020 --> 00:50:46,700 just because of that. 1077 00:50:46,700 --> 00:50:48,460 I would have loved that as a kid, 1078 00:50:48,460 --> 00:50:51,860 like to be able to open presents as soon as possible. 1079 00:50:51,860 --> 00:50:52,700 Yeah. 1080 00:50:52,700 --> 00:50:53,940 Stay up late, yeah. 1081 00:50:53,940 --> 00:50:55,660 Yeah, stay up late. 1082 00:50:55,660 --> 00:50:56,500 That's awesome. 1083 00:50:57,740 --> 00:50:59,780 Oh man, that's... 1084 00:50:59,780 --> 00:51:00,860 Yeah. 1085 00:51:00,860 --> 00:51:01,700 That's what we do. 1086 00:51:01,700 --> 00:51:02,540 Yeah. 1087 00:51:03,740 --> 00:51:04,740 That's what we do. 1088 00:51:05,620 --> 00:51:07,820 All right, Mike, I give it back to you, I guess. 1089 00:51:07,820 --> 00:51:08,660 Okay. 1090 00:51:08,660 --> 00:51:10,660 Some closing thoughts. 1091 00:51:10,660 --> 00:51:13,740 It's been a, yeah, it's been a great show. 1092 00:51:14,700 --> 00:51:16,540 Chad, Sam, how about just some closing thoughts 1093 00:51:16,540 --> 00:51:17,780 from you guys over you? 1094 00:51:17,780 --> 00:51:19,700 Maybe Sam, I'll hand it over to you. 1095 00:51:21,380 --> 00:51:23,060 Yeah, so as we mentioned, 1096 00:51:23,060 --> 00:51:25,520 there are a number of ways to do segmentation. 1097 00:51:26,820 --> 00:51:29,200 Segmentation is really critical, right? 1098 00:51:29,200 --> 00:51:33,320 You never know when someone's gonna penetrate your network. 1099 00:51:33,320 --> 00:51:36,720 So you definitely have to assume that it's going to happen. 1100 00:51:36,720 --> 00:51:40,940 So when it does happen, how do you limit the blast radius? 1101 00:51:40,940 --> 00:51:43,300 So that goes hand in hand 1102 00:51:43,300 --> 00:51:44,980 with everything we talked about today. 1103 00:51:44,980 --> 00:51:49,000 Some of the techniques are easier, some take more planning, 1104 00:51:49,920 --> 00:51:53,580 but I'll definitely say design is key, visibility is key. 1105 00:51:53,580 --> 00:51:55,980 And Cisco has been doing this for years, 1106 00:51:55,980 --> 00:52:00,220 so we can definitely help you out with that journey 1107 00:52:00,220 --> 00:52:03,580 and make sure you have some support 1108 00:52:03,580 --> 00:52:05,300 while you think about segmentation 1109 00:52:05,300 --> 00:52:07,340 and how you can plan to achieve it. 1110 00:52:09,620 --> 00:52:11,340 So I'll piggyback on that. 1111 00:52:11,340 --> 00:52:15,140 And segmentation is critical, it's key, super important. 1112 00:52:15,140 --> 00:52:17,940 And all of us, we're all resources. 1113 00:52:17,940 --> 00:52:19,780 So for those of you listening, 1114 00:52:20,820 --> 00:52:23,820 we are more than happy to talk things through with you, 1115 00:52:23,820 --> 00:52:27,840 help you with design in any way that we can. 1116 00:52:27,840 --> 00:52:30,080 Cisco has a ton of solutions 1117 00:52:30,080 --> 00:52:33,620 to help you accomplish your segmentation goals. 1118 00:52:33,620 --> 00:52:36,660 And that's where we come in to kind of help you 1119 00:52:38,260 --> 00:52:40,140 put that into action. 1120 00:52:40,140 --> 00:52:42,780 So please don't hesitate to reach out 1121 00:52:42,780 --> 00:52:44,940 and have those conversations. 1122 00:52:44,940 --> 00:52:47,500 Something that I always end calls with, 1123 00:52:47,500 --> 00:52:49,140 whether I'm doing demos on other solutions 1124 00:52:49,140 --> 00:52:52,540 or ice talking segmentation is, 1125 00:52:52,540 --> 00:52:53,840 hey, if anything comes up, 1126 00:52:53,840 --> 00:52:55,460 I'm happy to talk things through with you, 1127 00:52:55,460 --> 00:52:59,060 just because that is a part of that journey, 1128 00:52:59,060 --> 00:53:02,700 is making sure you have the plan and design in place 1129 00:53:02,700 --> 00:53:07,340 to successfully segment your network. 1130 00:53:07,340 --> 00:53:08,180 Yeah. 1131 00:53:08,180 --> 00:53:09,660 And I know you guys mean it too, and that's true. 1132 00:53:09,660 --> 00:53:11,780 I've seen you guys throughout the years, 1133 00:53:11,780 --> 00:53:16,340 helping customers out before, during, throughout, 1134 00:53:16,340 --> 00:53:18,380 and after their segmentation is, 1135 00:53:20,100 --> 00:53:21,740 like you said, the journey of it. 1136 00:53:22,620 --> 00:53:24,900 I like starting off with those concepts. 1137 00:53:24,900 --> 00:53:27,820 We always hear terms like macro and micro segmentation 1138 00:53:27,820 --> 00:53:30,820 kind of differentiating between those. 1139 00:53:30,820 --> 00:53:32,300 The evolution was pretty cool. 1140 00:53:32,300 --> 00:53:35,220 You guys touched on how segmentation now is in the cloud 1141 00:53:35,220 --> 00:53:37,660 and there's concepts we wasn't really thought about 1142 00:53:37,660 --> 00:53:40,460 traditionally about how segmentation has evolved 1143 00:53:40,460 --> 00:53:41,820 over the past 10 years. 1144 00:53:42,740 --> 00:53:47,340 Has proactive and reactive concepts and benefits 1145 00:53:47,340 --> 00:53:50,540 and being enforced at different places. 1146 00:53:50,540 --> 00:53:52,200 Same talk about the application level. 1147 00:53:52,200 --> 00:53:54,700 Chad, you were talking about using ICE 1148 00:53:54,700 --> 00:53:57,100 to segment at the port level. 1149 00:53:57,100 --> 00:54:00,980 So there's firewall segmentation and segmentation 1150 00:54:00,980 --> 00:54:04,740 on the end point itself and of course in the cloud. 1151 00:54:07,500 --> 00:54:08,340 And I do wanna- 1152 00:54:08,340 --> 00:54:10,700 I have to thank you for the docs. 1153 00:54:10,700 --> 00:54:11,540 No problem. 1154 00:54:11,540 --> 00:54:12,620 And I did wanna jump in and just say, 1155 00:54:12,620 --> 00:54:15,460 thank you guys for having me again. 1156 00:54:15,460 --> 00:54:18,100 It's always a pleasure to get on it 1157 00:54:18,100 --> 00:54:19,820 and talk security with you guys. 1158 00:54:19,820 --> 00:54:22,260 Even though we do it on a daily basis, 1159 00:54:22,260 --> 00:54:24,780 every time we do it, I love it. 1160 00:54:24,780 --> 00:54:27,620 So definitely wanna thank you for this opportunity. 1161 00:54:28,620 --> 00:54:29,460 Yeah, I appreciate it. 1162 00:54:29,460 --> 00:54:31,860 Yeah, I love talking with you guys. 1163 00:54:31,860 --> 00:54:34,140 Definitely see you guys as friends and coworkers. 1164 00:54:34,140 --> 00:54:37,600 So appreciate talking security with you 1165 00:54:37,600 --> 00:54:40,300 anytime you wanna invite me again, just let me know. 1166 00:54:42,060 --> 00:54:43,700 Thank you guys so much. 1167 00:54:45,360 --> 00:54:48,100 And likewise, it's pretty special 1168 00:54:48,100 --> 00:54:49,300 that we do get to work together 1169 00:54:49,300 --> 00:54:51,800 and I appreciate you guys being on the show. 1170 00:54:53,080 --> 00:54:55,420 Wearing the Santa hats, amazing. 1171 00:54:56,420 --> 00:54:57,940 And best part about it, Andres, 1172 00:54:57,940 --> 00:55:02,060 we'll see these guys tomorrow at the demo day. 1173 00:55:02,060 --> 00:55:03,540 Yeah, demo day tomorrow. 1174 00:55:03,540 --> 00:55:06,340 So we'll work for you again. 1175 00:55:06,340 --> 00:55:09,560 We'll do this again tomorrow and it's always a pleasure. 1176 00:55:13,260 --> 00:55:14,100 Thanks everybody. 1177 00:55:14,100 --> 00:55:17,420 I hope you enjoyed the show on security in 45 today. 1178 00:55:17,420 --> 00:55:20,540 And yeah, tune in to see all this in action. 1179 00:55:20,540 --> 00:55:22,700 We'll see the ICE dashboard, the duo dashboard, 1180 00:55:22,700 --> 00:55:24,060 who knows what else we'll see. 1181 00:55:24,060 --> 00:55:26,020 Who knows if we'll be wearing these Santa hats 1182 00:55:26,020 --> 00:55:27,940 or something else or if you're listening 1183 00:55:27,940 --> 00:55:28,940 in through Apple podcasts, 1184 00:55:28,940 --> 00:55:31,360 you have no idea what we're talking about. 1185 00:55:31,360 --> 00:55:33,020 We'll see you guys tomorrow. 1186 00:55:33,020 --> 00:55:35,140 Be safe, stay secure. 1187 00:55:35,140 --> 00:55:36,780 Yeah. Have a good one. 1188 00:55:36,780 --> 00:55:59,620 See you.