This year’s event, hosted by the Hayes Mansion in San Jose, California, USA, opened with a keynote speech from Ravi Chandrasekaran, SVP, Enterprise Networking Business, Cisco, with the theme: The Network is the Business”.
Chandrasekaran said that digital is driving disruption, citing Uber, data/entertainment streaming, and others as examples. All industries are disrupting and changing. He said this shift was about connecting users with data and apps, and that the network is fundamental to this.
He said the network is growing massively, with 127 new devices connecting to the Internet every second; there will 26b devices connected by 2020. Challenges are that changes to the network ae still mostly manual, resulting in policy errors caused by human error. The consequent costs are high network opex and troubleshooting.
For him, the solution is to re-imagine how we do networking. It needs to be software driven, automated, secure. This requires a controller and lifecycle automation – these are key to configuration & operations, optimisation & compliance, patching and maintenance. The network needs to tell you what the situation is in event of problems, remediation, he said, and it needs to understand users and things, and be proactive not reactive.
Security is critical. Today’s threats are new and completely different. One big logistics company lost $188m due to a breach, and it took months to get back on track, yet it took only four minutes to bring whole company down. What happens is that bad actors get inside the company – this happens every day. Network complexity means our reactions need to be different but the network is not prepared – eg not segmented which reduces the attack surface. Yet on average it takes 200 days to find each breach and 60 days to fix it.
The solution is to segment the network. TO do that you need full visibility of things, people, apps, and cloud. One you know who talks to whom, this leads to policies, using software-defined access. Cisco has closed loop automation for this which executes policies / rules for particular events, security.
AI is an element of the solution, Chandrasekaran said. There’s a parallel with the industrial revolution, which enabled us to go beyond our physical capabilities, AI does the same for our mental capabilities.
The system creates alerts – for minimums and maximums for particular parameters / metrics. But you need more granular bands – green bands either side of hard minima and maxima. For example, more traffic can be enabled at particular times of day, using previous trends as a guideline. Using machine learning, you can reduce thousands of superfluous alerts to a manageable number. It looks at unencrypted data, each packet, size, content, send it to threat intelligence in the cloud, and can identify traffic very quickly.
Cisco also uses AI in machine reasoning. This is about capturing human knowledge to run the network, and automates troubleshooting and root cause analysis to guide you towards remediation and close the intent-based loop. In this way, the network remains business relevant.
Keynote panel session
Chair: Jeremiah Caron, Global Head of Research & Analysis – Technology Group, GlobalData
Panellists: Ravi Chandrasekaran, SVP, Enterprise Networking Business, Cisco; Nick McMenemy, CEO, Renewtrak; Prof David Cheriton, Stanford Professor, Investor, Entrepreneur.
Caron said new research all about AI showed only 47% of business see AI in the future of their companies. Cheriton pronounced himself an AI sceptic. Caron asked if AI was a matter of definitions? Cheriton said he had seen over the years a bunch of AI / ML intelligence cycles, expert systems, neural networks. McMenemy agreed it is a catch-all term: “I’m also a bit of a sceptic but it can free up humans to do what we prefer to do, what we’re better at.” Chandrasekaran said: “AI is a tool to do things we can’t otherwise do – we do applied AI, it’s tool.” Cheriton said: “we need to ask whether AI is the relevant tool for the job. Also it’s not as smart as people think – it can be very easily fooled.”
Caron asked what AI does for the army of Cisco specialists out there? Chandrasekaran said they can be freed to do less routine jobs – right now they can’t keep up, so it’s not about replacing people.
Caron asked whether customers understand value of AI. McMenemy said customers were 100% sceptical but didn’t understand it fully – but now know they have to predict what IT systems will do.
AI’s limitations? Cheriton said: we don’t need more regulation but need to be reminded that we can’t just have a magic black box and defer decisions to that. Example: analysis found that an AI system recognised wolves from dogs because they were photographed in snow while dogs had grass behind them, same with zebras. “We’re not as far along as we think,” he said. Chandrasekaran said AI has interesting side-effects – it needs to defer to a higher intelligence.
Debate I – The CyberSecurity Threat Landscape
Chair: Vikram Phatak, Founder, NSS Labs
Panellists: Paul Kraus, VP Engineering, NetScout Systems Inc.; Ted Ross, CEO & Co-Founder, SpyCloud; Thomas Edwards, Special Agent in charge at US Secret Service, San Francisco Field office; Michael Levin, CEO & Founder, Center for Information Security Awareness.
Phatak said World Economic Council data showed cybercrime cost $600b in 2018 rising to $3tn by 2020. Spending on security was $124bn in 2019, rising to $188.4bn by 2023. as for the state of cybersecurity, there is a big skills shortage, we need trained experts but new attack vectors get people to expose themselves. Security is harder than people think – people who are incompetent don’t know they are – ie perception is not matching reality. AV isn’t good enough. We’re making things worse by connecting the physical world to the virtual (IoT) using insecure technology.
Phatak asked what the panellists had to deal with day to day. Edwards said cyber-criminals are all about profit – it’s all about the money, ransomware, c/card data, personal data.
How to stop it? Ross said we have 13k breaches in our database right now, and the criminals are very organised. They target people who are high value.
What role does education play? Levin said the issue is how to create a culture of security in an organisation. He said we’re doing a terrible job. Corporate executives are doing nothing or box-checking. We know phishing testing will reduce risk but hackers mostly just need to find the open windows such as admin passwords on servers. That’s human error and laziness, due to none or not enough training. Education can be very effective plus processes such as two-factor authentication.
What protection can we provide? Kraus said it’s about visibility – you need to know what assets you have, what they touch, look at changes and monitor. Put a value on each asset. But physical monitoring doesn’t scale.
Ross said people forget about the human element when installing equipment and software. People need training on zero-trust. Kraus said 90% of organisations are multi-cloud – but do they understand it? Edwards said we try to build links with organisations nationally and internationally – it takes a lot of players and we need to share information. Criminals go for whales yes, but they’ll attack minnows too. Ross noted that the Nigerian prince emails are becoming more capable, they’re training us. Levin said cyber-crime goes hand in hand with social engineering – over the phone, in person, soc media etc. so we need mechanisms and reminders for people.
What triggers us? Levin said criminals try to give us a sense of urgency – do it now. So we need to get people to slow down and think about the risks associated with opening every email and attachment. Edwards said employees need to be unafraid to come forward – and organisations need open lines of communication, an open culture is essential.
Debate II – Welcome to the Multi-Cloud: One provider can’t fit all
Chair: Peter Burris, Chief Research Officer and General Manager, Wikibon
Panellists: Mansour Karam, CEO & Founder, Apstra; Jean-Luc Valente, VP, Product Management, Cloud Platforms and Solutions Group, Cisco; Galeal Zino, CEO, NetFoundry; Jon Mittelhauser, VP, Oracle
In his opening presentation, Burris said this is about putting data to work – the role of data is the difference between business and digital business. All businesses are shifting from a product to a services engagement model. The cloud needs to move towards the data – and this raises three issues, which he put to the panel:
- What are the impacts of data emerging as a major asset? Mittelhauser: for most companies, data is their major asset. Segal: what do you do with data? It’s only as valuable as the intel you can derive from it so services and apps are intertwined with it. So IT needs to gain visibility into the assets. What’s importance of networking? Karam said it’s very important – it’s all about connecting processing workloads. So you need policy compliance and performance, which requires software automation to operate networks and enforce policies remotely.
- What is the relationship between multi-cloud and networking? Valente said the problem is how to leverage different clouds. We need to change how we do networking and use technology such as containers. For Zino the important issue is how the multi-cloud is managed with agility. Mittelhauser said the challenges are different across each architecture. Some customers must use multi-cloud by regulation. It’s a complicated endeavour. Segal said multi-cloud begins in the datacentre.
- What about the coming software explosion – it’s not just a data explosion. Karam said we take a software-first approach. You need to decide on what the apps are not the hardware to run them on – so you need to partner strategically with a software vendor not a hardware vendor. Mittelhauser said what was missing is not just networking but standards. Segal said software complexity is going to increase which changes how we think about service chaining, so visibility is going to become the issue.
Debate III – 5G in the North American Market: Trials, Mis-direction and Incompatible Technology
Chair: Dave Bolan, Core Industry Analyst, Dell’Oro
Panellists: Kelly Ahuja, CEO, Versa Networks; Jeff Lipton, Vice President of Strategy and Corporate Development, Aruba-HPE
Bolan described the current 5G roll-outs in the US: AT&T offers a business-only service, in 20 cities plus AT&T Stadium in Dallas. Now in 9 cities in 2.6GHz band. T-Mobile is in six cities in millimetre waveband. Verizon launched in October 2018, runs a home service trial in five cities. By October 2019 it will be in 13 cities and 13 NFL stadium in mm waveband. 13 more cities will be up and running by the end of 2019.
Device limitations: Galaxy S10 5G is limited with no time division or dynamic spectrum sharing. And the 5G footprint is v small compared to 4G. But footprint can be enlarged by sharing across LTE. We will see 5G handsets in 2020.
He asked the panel, how to manage 5G networks. Ahuja said 4G network architecture was very centralised and simple. 5G is about higher speed and a greater distribution of the network. Ahuja described how to his company helps detect traffic and send it where it needs to go.
Where does 5G stand relative to WiFi? Lipton said the aim here is to connect more things. You can use 5G, ZigBee, WiFi 6 etc. But 5G vs WiFi 6? We looked at a range of issues and they’re close to macro area coverage, high speed mobility / hand-offs – but it takes 3-4x the bandwidth cost on 5G.
Bolan said WiFi is now going where Ethernet is – they can replace wired network with wireless.
Conference Debate Session IV – NetEvents Shark Tank Session
Lead Judge: Hiro Rio Maeda, Managing Director, DNX Ventures
VC panellist: Peter Kuper, Managing Director, ClearSky; Neil Weintraut, Partner, Motus Ventures
Three start-ups, voted by the press to be the top candidates to be recipients of virtual venture capital, pitched the VCs on the panel for their cash.
They were: Galeal Zino, CEO, NetFoundry (Cloud / Datacentre category); Alice Wang, VP Hardware, EverActive (IoT category); and Noa Shafir, Founder and Chief Product Officer at Odo Security over an audio link from Israel (CyberSecurity category). While the VC judges were deliberating over their choice out of the three, the audience voted using a show of hands overwhelmingly for EverActive, whose technology promises IoT energy harvesting from the environment. The judges however disagreed, and voted to put their their virtual funds injection into Odo Security.