Session Presentation

Secure Your Enterprise Apps! A journey in automating application security and deploying policy control in a cloud world Scott Ryan – Global Technical Solution Architect @saryan210 BRKCLD-2431

#CLUS Agenda

• The Changing Landscape and Security Threats

• The Journey to Automating Policy to Securely Deploy Applications and Services

• Application and Service Deployment Rationalization

• Operational Shifts “People, Process, and Tools”

• Securing the Application Development Lifecycle

• Automating Policy to Securely Deploy Applications and Services

• Conclusion

Questions? Use Cisco Webex Teams to chat with the speaker after the session How 1 Find this session in the Cisco Live Mobile App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space

Webex Teams will be moderated cs.co/ciscolivebot# BRKCLD-2431 by the speaker until June 16, 2019.

Devices / Users Devices Network NetworK Users Anywhere / Anything As-a-Service Model Identity-as-a-Service Software Defined Unmanaged IOT Devices As-Code

Storage Applications Storage Applications Anywhere Data Protection Secure SDLC Regulations (GDPR) Cloud Native & Data Virtualization Microservice Storage-as-a-Service Compute Architecture Compute

Serverless Compute Containers

• Average total cost of a data breach: $3.86M

• Average cost per lost or stolen record: $148

• The mean time to identify (MTTI) was 197 days

• The mean time to contain (MTTC) was 69 days

• Average cost of a breach with Automation $2.88M

• Without automation, estimated cost is $4.43M

• $1.55M Net Difference

#CLUS BRKCLD-2431 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 Application Security Trends Application Microservices Devices Vulnerabilities NetworK Vulnerabilities Serious application security Users More vulnerabilities per line of vulnerabilities continues to code than traditional applications increase at a rate that makes remediation nearly impossible

Reusable Software Mobile Applications Vulnerabilities Storage Applications Vulnerabilities 70% of applications comprised 85% of mobile apps of reusable software (3rd party, violated one or more of Open Source) that inherit these the OWASP Mobile Top 10 vulnerabilities Compute Embed Security Testing Embed security within the SDLC process with monitoring to achieve significantly better application security and **Reference – “2018 Application Security Statistics Report” compliance

• Manual and complex identity and access management for users/devices and applications from anywhere

• Limited Realtime Visibility, Monitoring, and Enforcement consistency

• Mapping Business Policy to Application Deployment Policy

• Not all applications are equal “Cloud Enabled vs. Cloud Native”

• Lack of automating security testing and embedding security into the Application Development Lifecycle

• Changing the Operational organization, process, and culture

#CLUS BRKCLD-2431 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 Journey to Securing Enterprise Applications in a Cloud World Journey to Securing Enterprise Applications in a Cloud World

Current State Future State

• Manual and complex identity and access management for • Deploy segmentation and automate Identity and users/devices and applications from anywhere Access Control

• Limited Security Visibility, Monitoring, and Enforcement • Automate realtime visibility and monitoring tools consistency into the Application Development Lifecycle

• Automating security into the Application Development • Automate security enforcement into the Lifecycle Application Development Lifecycle

• Mapping Business Policy to Application Deployment • Integrate ITSM tools to automated business policy Security Policy into security enforcement policies

• Not all applications require the same security “Cloud • Deploy the proper security architecture and Enabled vs. Cloud Native” enforcement for your cloud applications

• Complex SECOPS and NETOPS process and culture • Align your operational Process, People and Tools to provide the agility and security needed to support a DevOps and SecDevOps environment for cloud applications.

• Automation The beginning of the Journey is different for • Orchestration many

• Intent / Policy

• Driving consistency in securing applications deployed anywhere and Benefits and Drivers accessed from anywhere

• Securing Enterprise Cloud Applications with an Intent Driven Process and Architecture

BRKCLD-2431 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 Align your The Journey Organizations and Culture Automate Visibility and Application Automate Monitoring Tools & Services Segmentation Deployment Rationalization

Automate Policy Enforcement Automate Identity and Access Control Deploy consistent Application & Security Architectures #CLUS BRKCLD-2431 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 The Journey to the Future State • Simplify • Rationalization • Define Classification • Define Policy • Define Policy Enforcement

• Automate within the How do you get there!!! Deployment Lifecycle • Align Organization and Culture to an Intent Based process and architecture

Application and Service Deployment Rationalization Application and Service Deployment Options

As-a-Service Multicloud Cloud Enabled

Cloud Native

Data Center Edge Branch Enterprise IOT Mobile Office Campus

HTTP HTTP

API Gateway

Presentation Layer RPC HTTP AMQP HTTP Service Service Service Service Database Access AMQP

Monolith Microservice Policy Enforcement “Cloud Enabled” “Cloud Native”

#CLUS BRKCLD-2431 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 Application and Service Deployment Rationalization Automating Application and Service Lifecycle for NetOPS and SecOPS

SecDevOps Approach - Continuous Integration and Delivery Pipeline (CI/CD) Build Deploy Operate

Component Commit/ Integration E2E Acceptance Design Code Unit Test Deploy Test Merge Test Test Sanity Test

TLP Security Security Secure Secure Security Secure Security Vulnerability Integration Solution Deploy Design Coding Test Case Pipeline Sanity Tests Check Tests Tests

DevOps + Security Model = SecDevOps

Multicloud Where?

Data Center Edge Branch Enterprise IOT Mobile Office Campus

Secure Coding

App Vulnerability Checking Multicloud

Segmentation What?

Realtime Visibility and Analytics

Identity and Access Control

Data Center Edge Branch Enterprise IOT Mobile Office Campus

Multicloud Policy Enforcement

Data Center Edge Branch Enterprise IOT Mobile Office Campus

Identity and Segmentation Realtime Access Control Visibility and Analytics Application Secure Vulnerability Coding Checking and Programming

“People, Process, and Tools” Security is beyond architecture and technology

Security is beyond Tools & architecture and technology Technology

Process

People Development

Roles & Responsibility Operations

Security

Business Developers Operations Team Security Team

Speed to Market Freedom to access One consistent Visibility and control while while retaining the best platforms environment to across one hybrid brand trust and and tools for eliminate silos and environment without compliance increased agility drive efficiency slowing innovation

#CLUS BRKCLD-2431 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 27 People Changing Organization Structures to align with new Development and Organization Changes Operational Models

Simplifying Responsibility People

Functional Abstraction Organization Changes

Intent Based

Process Software Development Defining Intent Process

CI/CD Pipeline

BRKCLD-2431 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 30 Securing Enterprise Application Deployment Lifecycle Software Development Lifecycle Continuous Integration (CI) / Continuous Delivery (CD)

Plan Code Build Test Release Deploy Operate

DevOps

Continuous Delivery

Continuous Integration

Agile Development

Plan Code Build Test Release Deploy Operate

DevOps • Who did what, when, and where? • WhatContinuous changed? Delivery • How did you validate the change?

Continuous• How wasIntegration the changed distributed & packaged? • What executed on the node? Agile •DevelopmentAre we in compliance?

Plan Code Build Test Release Deploy Operate

DevOps

• IdentityContinuous & DeliveryAccess Control & Policy Enforcement • Design Code & Review • Code & Binary Scan Continuous• Embedded Integration Security Testing • Component Vulnerability & Compliance Agile Development

http://www.soa4u.co.uk/2015/04/a-word-about-microservice-architectures.html

• Frictionless Security, Rugged Securing DevOps, Security At Speed Enterprise Application • Process of integrating secure development best practices and Deployment methodologies into development Lifecycle and deployment processes

• Security-as-a-Service

• Security As Code

BRKCLD-2431 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 39 Securing Enterprise Application Deployment Lifecycle SecDevOps Approach - Continuous Integration and Delivery Pipeline (CI/CD)

Build Deploy Operate

Component Commit/ Integration E2E Acceptance Design Code Unit Test Deploy Test Merge Test Test Sanity Test

TLP Security Security Secure Secure Security Secure Security Vulnerability Integration Solution Deploy Design Coding Test Case Pipeline Sanity Tests Check Tests Tests

DevOps + Security Model = SecDevOps

Build Operate Monitor

• Security Standards and • Data Encryption & Protection • Policy and Compliance Architectures • Assessment Activities • Transparency to Enable Customers • Threat Analysis and Protection • Intrusion Detection & • Quality Management Prevention Systems • Secure Cloud Supply Chain • Common Secure Services • Security Governance • Application Layer Data & Event Monitoring • Analytics & Real Time Feedback

Centralize Security Extensible Policy Based Testing Services UI & API’s ”Intent Based”

Modular Cloud Based Architecture Offering

#CLUS BRKCLD-2431 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 42 Securing Enterprise Application Deployment Lifecycle Mapping Security Tools to a SecDevOps Approach Build Deploy Operate

Component Commit/ Integration E2E Acceptance Design Code Unit Test Deploy Test Merge Test Test Sanity Test

TLP Security Security Secure Secure Security Secure Security Vulnerability Integration Solution Deploy Design Coding Test Case Pipeline Sanity Tests Check Tests Tests

• Qualys Vulnerability Scanning • CIS Docker Host Hardening Validation • Qualys WAS testing (OWASP top 10 testing) • Docker Bench Security Tool • Qualys Compliance Check Scanning • Docker Image Vulnerability Scanning • Black Duck / Whitesource Open Source Vulnerability • Infrastructure Hardening Validation • CIS OS Server Benchmarks & Hardening • Nmap/sslyze Crypto Tests • Visibility/Monitoring – AppD, Tetration, Stealthwatch • Credentials brute-force testing

#CLUS BRKCLD-2431 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 43 Automating Securing the Enterprise Application Lifecycle Automating Securing the Enterprise Application Lifecycle Evolution of Security for SecOps and DevOps teams

Identity and Segmentation Realtime Access Control Visibility and Analytics Application Secure Vulnerability Coding Checking and Programming

Secure Coding

App Vulnerability Checking Multicloud

Segmentation What?

Realtime Visibility and Analytics

Identity and Access Control

Data Center Edge Branch Enterprise IOT Mobile Office Campus

#CLUS BRKCLD-2431 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 46 Automating Securing the Enterprise Application Lifecycle Changing Identity and Access Controls for the Application Lifecycle

Any User Any Device Any App In Any Location Employee Corporate-Issued Data Center On-Premises Contractor Bring-Your-Own Multicloud On-VPN Vendor IoT SaaS Off-Network

#CLUS BRKCLD-2431 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 47 Automating Securing the Enterprise Application Lifecycle Changing Identity and Access Controls for the Application Lifecycle

Location ≠ Trust Trust Erosion Restrict Access Automate Policy Don’t grant access to Don’t rely only on Prioritize enforcing Adjust access using data based on where one-time verification the least privileges dynamic context requests originate in of user, device, for the least time for to improve policy the Network, Data and workload trust your high-risk data efficacy and Center, and/or Cloud simplicity

#CLUS BRKCLD-2431 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 48 Automating Securing the Enterprise Application Lifecycle Changing Identity and Access Controls for the Application Lifecycle

Threat-Centric Trust-Centric Basic level of security maturity Good security practice to verify before to prevent attacks via an granting access via a identity-based intelligence-based policy — then policy — for any user, any device,

detect, investigate, and remediate any app, in any location Dynamic Context

Authentication Sources Credential Types

• Microsoft AD • User Names & Passphrases • Open LDAP • PKI / Certificates / Tokens • IdP • IDaaS – SAML/OIDP • SmartCard, Biometric • Cisco ISE • Cisco DUO Encryption SSL vs. TLS Applications Applications

Authentication & Authorization Users/Devices Users/Devices Identity Protocols (SAML, Oauth)

IDaaS - SAML Providers API’s • Shibboleth • Bitium • Microsoft AD FS • CA SSO • Microsoft Azure AD • Radiant Logic • G Suite (Google) • F5 • Okta • Juniper • Oracle • OneLogin Applications • SecureAuth • Many more! IDaaS - OIDC (OpenID Connect) Providers Cloud Native • G Suite (Google) • Microsoft Azure Cloud Enabled

#CLUS BRKCLD-2431 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 51 Automating Securing the Enterprise Application Lifecycle Segmentation – Reduce the Attack Surface within Application Deployments

ACI

ISE/TrustSec Endpoint Groups (SGT) (EPG) Private Apps

App Access

Single Sign-On

Public Apps

Guest devices Workforce devices IoT devices User+Device HR VPCs PCI servers Developer servers

Realtime Application Analyze East-West Cluster groupings traffic and score CVE-1 using machine Visibility and Behaviour vulnerabilities learning

Workloads

Default deny Generate whitelist Micro-segmentation

Visibility and forensics Policy

Application Policy insight simulation

Neighborhoo Application Security Operations d graphs Cisco Tetration™ segmentation

Process Compliance inventory

Access mechanism

Web GUI REST API Event notification Cisco Tetration apps

Analytics engine

Third-party Bring your own sources data (configuration data) (streaming telemetry)

Data collection layer Embedded network Software sensor and ERSPAN sensors sensors enforcement (telemetry only) (telemetry only)

Stealthwatch Cloud

Public Cloud

• VPC Flow Logs • NetFlow • Other data sources • Mirror port • Other data sources

• Dynamic Entity Modeling

Collect Input Perform Analysis Draw Conclusions

IP Meta Data Role What is the role of the device?

System Logs What ports/protocols does the device Group continually access? Security Events Dynamic What connections does it Passive DNS Consistency Entity continually make? Modeling External Intel Does it communicate internally only? Rules What countries does it talk to? Vulnerability Scans How much data does the device normally Forecast Config Changes send/receive?

#CLUS BRKCLD-2431 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 57 Application Security Visibility and Monitoring - Integrate Realtime Telemetry and Analytics • Integrate RealTime Network Telemetry to provide context for policy enforcement to control application communication with Stealthwatch. • Monitor and Enforce Network Policy through ISE

• Integrate RealTime Application Telemetry to provide context for policy enforcement to control application communication Tetration. • Dynamically Discover and Profile Applications during the Application Lifecycle. • Monitor and Enforce Application Deployment Policy

Developers As-a-Service Portal Business Operations

ISE User/Device/App Access Control

APIC

Stealthwatch Tetration Network and Security Analytics Application Insights and Enforcement

Service Access and Entitlement Trusted App/Services

Group-Based Policies Public/Private POLICY Cloud Policy CloudEnforcement

INTENT Destination

On EnforcementPrem on every PIN on Premise Move from Static to Dynamic

• Define Classification

• Define Policy

• Define Policy Enforcement

Data Center

Infrastructure/ Applications/Dat Users/Devices Groups Security Services Groups a

Public Apps Private Apps

• Group membership are not shared between domains

Security Groups Network Security Groups Security Groups Security Groups

ACI StealthWatch Endpoint Groups Tetration Object Groups / host-groups ISE/TrustSec (EPG) Analytics Port Groups Secure Groups (SGT) Platform • Cloud environments and vendor-specific domains are increasingly using group- based policies

ServiceNow/ A - Z Remedy

Customer Data Lake Identity ITSM Tools System of Record CI/CD Tools Service Catalog Custom Tools

USERS/RBAC API Automation Workflows Catalog Dashboard

Segmentation Policy Assurance

Policy Visibility Policy Troubleshooting

MULTI-DOMAIN POLICY ORCHESTRATOR

DN A C e nter ACI

SD-WAN HUB Cloud Center/CCP

Enterprise rd Networking Data Center Security Multi-Cloud 3 Party/Brownfield #CLUS BRKCLD-2431 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 64 Automating Securing the Enterprise Application Lifecycle Identity, Segmentation, Visibility & Analytics Recommendations • Simplify and Strengthen Identity and Access Control by deploying ISE and DUO

• Integrate real time telemetry into the entire Application Lifecycle to provide proper context for identity and policy enforcement with Tetration and Stealthwatch • Provide Dynamic Application Profiling in a Application Development environment • Provide Realtime Network and Security Analytics

• Simplify Key Management by deploying centralize KM or move to a KMaaS

• “No Trust” Policy from an API’s perspective - Secure all API’s with Strong Auth, Key/Certs, and Encryption (Prefer TLS)

#CLUS BRKCLD-2431 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 65 Automating Securing the Enterprise Application Lifecycle Application Vulnerability Checking Scan Based Integrate/Plugin Approach

Black Duck Protecode Whitesource Palamida OpenLogic Contrast Security

#CLUS BRKCLD-2431 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 66 Automating Securing the Enterprise Application Lifecycle Application Vulnerability Checking Build Deploy Operate

Component Commit/ Integration E2E Acceptance Design Code Unit Test Deploy Test Merge Test Test Sanity Test

TLP Security Security Secure Secure Security Secure Security Vulnerability Integration Solution Deploy Design Coding Test Case Pipeline Sanity Tests Check Tests Tests

Manual Code & Best Practices Reviews DAST

Centralized Build Revision Automated Code Scrum Code Automation Control QA Consolidation Repository SAST / IAST

#CLUS BRKCLD-2431 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 67 Automating Securing the Enterprise Application Lifecycle Application Vulnerability Checking • Manual Code and Best Practices Reviews

• SAST – Static Application Security Testing “White Box Testing” • Byte or Binary Code is Analyzed for weaknesses

• DAST – Dynamic Application Security Testing “Black Box Testing” • Analyze Applications in Real-Time

• IAST – Interactive Application Security Testing

• Examples: • AppSensor, OWASP Java Encoder, OWASP HTML Sanitizer

#CLUS BRKCLD-2431 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 68 Application Vulnerability Checking Common Vulnerabilities and Exposures (CVE) • Dictionary of publicly-known information

• Tools use CVE to cross- reference vulnerabilities

• Cisco has blocks for reporting new vulnerabilities

• Used in vulnerability alerting including Tetration

#CLUS BRKCLD-2431 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 69 Application Vulnerability Checking Common Weakness Enumeration (CWE) • Unified, measurable set of software weaknesses • Encourages more effective discussion and description • Use software security tools and services to find weaknesses • Better understanding and management architecture and design weaknesses

• Global organization

• Security of Web software

• Group of open projects

• Secure design and test

• OWASP Top 10

• Application Security Verification Standard (ASVS) • Three-tired Standard on how to achieve Basic Wed-Service Securities, which Level 1 is the new minimum standard.

• List of application security requirements or tests that can be used by architects, developers, testers, security professionals, and even consumers to define what a secure application is.

• Introduced June 2008

• Current version: v4.0.1 (March 2019)**

**Reference Documents: https://github.com/OWASP/ASVS/tree/master/4.0

#CLUS BRKCLD-2431 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 73 Application Vulnerability Checking OWASP Application Security Verification Standard (ASVS) • ASVS Level 3 – for applications that „shoot missiles” ;) • ASVS Level 2 – for applications that contain sensitive data • ASVS Level 1 – for all software “Testable”

#CLUS BRKCLD-2431 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 74 OWASP Security Recommendations OWASP Application Security Verification Standard (ASVS) - Updates • NIST 800-63 Compliance

• IOT ASVS Preview Chapter

• Support for server-less, ontainers, API’s, DOM, and Templates

• Level 1 is now completely testable using pentest techniques • It’s the only level that is completely penetration testable

Top 10 is NOT ENOUGH

• Application Security Verification Standard (ASVS) should be what you targeting

• ASVS Level 1 is the new minimum!!

• Embed into your Secure Software Development Lifecycle

• ASVS is a control based standard and weaknesses are not controlled, but ASVS does support the largest mapping of CWE’s today.

• Ensure that you are securing your CSP Identity and Authentication

• “Trust” Exposed API’s

• “Trust” Client-side Validation

• Insufficient Data Format Validation

• Assuming strings are properly terminated, or data length fields carry proper values

• Character length versus Byte length

• Missing range checks

• Implicit and/or flexible data typing

Input Validation Define Modular Boundaries Continuously Secure Standard Frameworks / Process & Expose Secure API’s Test & Validate Input Libraries

Coverity, Jtest, Xcode SA AppScan, WebInspect OWASP Java Encoder & HTML Sanitizer AppSensor

#CLUS BRKCLD-2431 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 78 Automating Securing the Enterprise Application Lifecycle Secure Coding and Programing Recommendations • Validate Authenticity of the Tools, OS, Code • Validate from the source (GitHub), Secure Repository, Signed Images • Validate hardened OS - Follow Latest CIS Hardening Recommendations

• Secure Coding and Programming Best Practices • Realistically implement the 200 OWASP Application Security Verification Standards

• Embed SAST, IAST, and DAST into the CI/CD process and fully use. • AppScan, WebInspect, AppSensor, OWASP Java Encoder, WASP HTML Sanitizer

• Integrating and embedding security checks into the IDE (Integrated Development Environment)

Current State Future State

• Manual and complex identity and access management for • Deploy segmentation and automate Identity and users/devices and applications from anywhere Access Control

• Limited Security Visibility, Monitoring, and Enforcement • Automate realtime visibility and monitoring tools for consistency the entire application lifecycle

• Mapping Business Policy to Application Deployment • Integrate ITSM tools to automated business policy Security Policy into security enforcement policies

• Not all applications require the same security “Cloud • Deploy the proper security architecture and Enabled vs. Cloud Native” enforcement for your cloud applications

• Automating security into the Application Development • Automate security enforcement into the Lifecycle Application Development Lifecycle

• Changing the SECOPS and NETOPS process and culture • Align your operational Process, People and Tools to provide the agility and security needed to support a DevOps and SecDevOps environment for cloud applications.

• Deploying the foundational capabilities and functions needed to delivery consistent application security within the Application Development Lifecycle • Identity and Access Control – ISE/SDA and DUO • Segmentation - Implement a Segmentation strategy via ACI or TrustSec • Application Visibility and Monitoring – Tetration and Stealthwatch • Security and Network Operational Team Changes – Leverage DevOps and SecOps Approach • Drive Business Policy and Business Logic (ITSM) into Application Development Lifecycle

• Leverage a SecDevOps Approach • Embed & Automate Security Testing, Validation, and Tracking • Security-as-a-Service Model / Security As Code • Automate Tracking and Fixing Security Issues via Integrated Collaboration Tools

• Automate Security into your Enterprise Application Lifecycle • Automate Identity and Access Control - Deploy ISE and DUO • Automated Segmentation - Deploy ACI and/or TrustSec • Automate Application Profiling and Enforcement - Deploy Tetration • Automate Network and Security Analytics – Deploy Stealthwatch

• Leverage a DevOPS and SecDevOPS approach to optimize process with the tool/technologies to align to the proper organization changes

• Integrate and Automate security into the Platforms • Hyperflex, Cisco Container Platform, Public Cloud (Azure, AWS, Google)

• Integrate and Automate Intent into Application Deployment • ACI, Cloud Center, and NSO

#CLUS BRKCLD-2431 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 84 Complete your online session • Please complete your session survey after each session. Your feedback evaluation is very important.

• Complete a minimum of 4 session surveys and the Overall Conference survey (starting on Thursday) to receive your Cisco Live water bottle.

• All surveys can be taken in the Cisco Live Mobile App or by logging in to the Session Catalog on ciscolive.cisco.com/us.

Cisco Live sessions will be available for viewing on demand after the event at ciscolive.cisco.com.

Demos in the Walk-in labs Cisco campus

Meet the engineer Related sessions 1:1 meetings

#CLUS #CLUS