DevNet Ignite Security Workshop Overview
In today’s rapidly evolving digital landscape, security teams are challenged to protect complex, hybrid environments against sophisticated threats—while maintaining efficiency and agility. This workshop is designed to provide both foundational knowledge and hands-on experience in leveraging automation to strengthen security operations across multiple domains. Through five dedicated tracks—Introduction to Security Automation, Network Security, Breach Protection, User Protection, and Cloud Protection—attendees will learn how to implement, orchestrate, and optimize security solutions using Cisco’s advanced tools and APIs.
Each track focuses on real-world use cases, demonstrating how automation can accelerate threat detection and response, reduce manual workload, and ensure consistent enforcement of security policies. Participants will leave equipped with practical skills and strategies to integrate security automation into their organizations, improving accuracy, speed, and resilience in the face of today’s most pressing cybersecurity challenges.
Agenda
1. Introduction to Security Automation
This learning module provides a comprehensive introduction to the principles and practicalities of security automation, covering the use of scripts, APIs, and industry-standard tools like Python, Terraform, and Ansible. Participants will discover how to automate well-defined, repeatable security processes to reduce errors and accelerate response times, with a special focus on Cisco’s XDR Automate and the role of prompt engineering in leveraging generative AI for automation workflows. The session highlights the integration of Cisco security solutions, showing how APIs enable seamless orchestration and management of complex security environments.
2. Network Security
The Network Security module introduces participants to automated deployment and configuration of network security controls using Cisco Firepower Threat Defense (FTD) within AWS. Through a hands-on lab, attendees will learn how to use Terraform for deterministic, repeatable firewall deployment, implement autoscaling solutions, and leverage Ansible scripts for streamlined configuration management. This track demonstrates how automation improves repeatability, consistency, and operational efficiency in securing modern network infrastructures.
3. Breach Protection
This session delves into Cisco’s Breach Protection Suite, which unifies threat detection, investigation, mitigation, and hunting across endpoints, email, network, identity, firewall, and cloud environments. Participants will explore how Cisco XDR acts as an integrated threat hunting and response platform—leveraging APIs, advanced analytics, and automation to correlate data from Cisco and third-party solutions. The track shows how automated workflows can rebuild attack chains, prioritize incidents, and enable swift, coordinated response actions to mitigate breaches and reduce business impact.
4. User Protection
Focused on the critical importance of identity and device security, the User Protection track equips participants with the skills to automate user and device management using Cisco’s User Protection Suite APIs. Attendees will explore practical use cases for Cisco Duo and Secure Access, learning to orchestrate authentication flows, enforce zero trust policies, and streamline user protection in remote and hybrid workforces. The session demonstrates how automation reduces risk from user-targeted attacks and ensures consistent, policy-driven access controls.
5. Cloud Protection
The Cloud Protection module addresses the unique challenges of securing cloud and hybrid environments with Cisco’s Cloud Protection Suite. Participants will gain hands-on experience configuring and managing integrated, cloud-native security controls that provide unified visibility, reduce attack surfaces, and automate threat response. The lab emphasizes automation’s benefits—faster incident response, reduced manual overhead, and consistent policy enforcement across diverse cloud ecosystems—empowering organizations to scale security with agility and confidence.
Hands-On Labs
|
Labs |
Description |
|
Cisco Security APIs |
Exploring API documentation on DevNet |
|
Open API Specification |
Using API Explorer and Swagger to test APIs |
|
Terraform |
Beginner lab to introduce Terraform concepts |
|
Ansible |
Beginner lab to introduce Ansible concepts |
|
Automating Firewall Deployment |
Automate and orchestrate Secure Firewall in AWS using Terraform |
|
Autoscaling Secure Firewall in AWS |
Automatically scale FTDv instances in cloud to effectively handle changes in network traffic. |
|
Policy as Code |
Automate and manage security policy using Ansible |
|
Breach Protection - XDR |
Automate threat intelligence and incident response actions in Cisco XDR |
|
DUO |
Automate user and endpoint security using Duo APIs. |
|
Secure Access |
Automate Network Tunnel group and policy using Secure Access APIs |
|
Secure Workload |
Use Secure Workload API to monitor workloads and vulnerabilies |
|
Multicloud Defense |
Automate Cloud Security policy using Multicloud Defense Terraform Provider |
|
Isovalent eBPF |
Getting started with eBPF and Cilium |
|
Isovalent Tetragon |
Runtime Security Visibility and Enforcement with Tetragon |
Agendas
| 8:00am |
Registration |
| 9:00am |
Introduction |
| 9:30am |
Security Automation Overview |
| 10:00am |
Security Automation Labs |
| 10:30am |
Network Security Overview |
| 11:00am |
Network Security Labs |
| 12:00pm |
Lunch |
| 12:30pm |
Breach Protection Overview |
| 1:00pm |
Breach Protection Labs |
| 2:00pm |
User Protection Overview |
| 2:30pm |
User Protection Labs |
| 3:30pm |
Cloud Protection Overview |
| 4:00pm |
Cloud Protection Labs |