Green Light
All news
Protection with no blind spots
EventsFollow-upCiscoMUK

Protection with no blind spots

Cisco experts on the three lines of defence of the modern network

On 4 June, Tashkent hosted Silk Road 2.0, a closed business conference for IT executives and cybersecurity specialists, organised by Green Light and the distributor MUK Group Uzbekistan. The speakers discussed three important questions: how to build a reliable corporate network, how to manage infrastructure from the cloud, and how to stop a cyberattack before it causes real damage.

Материалы мероприятия

Запросите презентации и материалы «Cisco Conference Tashkent 2026» - пришлём по заявке.

The network as the foundation

Alexander Morgun, TechnicalBDM at MUKGroup, spoke about the corporate network as the foundation of the infrastructure. The corporate network has stopped being just a set of cables and switches; today it determines how well a company can operate amid a hybrid office, distributed applications and a constantly expanding attack surface.

Four trends are changing infrastructure requirements right now:

  1. The workplace has become hybrid: employees work from anywhere and expect the same connection quality everywhere.
  2. Applications no longer live in a single data center. They are distributed across clouds, edge nodes and corporate servers, and the internet has become the new core of the corporate network.
  3. The security perimeter has disappeared. ZeroTrust and cloud-based protection tools are replacing the traditional firewall at the network edge.
  4. Operational management is moving to AIOps: machine learning is taking over observability and automation where a live engineer used to be required.

The CiscoCatalyst 9000 family is the answer to these requirements. It is a single software-defined ecosystem from the access layer to the core, running on a common CiscoIOSXE operating system and managed centrally through CiscoCatalystCenter.

The three-tier campus network model - the access, distribution and core layers - has existed for a long time. But its current implementation is fundamentally different from what was built ten years ago. Catalyst 9000 switches support hot firmware upgrades without losing sessions, and built-in IPsec. Other models in the line, for example the Catalyst 9300X, are equipped with an x86 processor for running Docker applications directly on the hardware.

Post-quantum cryptography is a separate topic. The HNDL attack ("harvest now, decrypt later", HarvestNow, DecryptLater) works like this: an attacker intercepts encrypted traffic today, stores it in an archive and waits for a quantum computer capable of breaking classical encryption. Cisco 8000 SeriesSecureRouters already implement post-quantum cryptography algorithms based on NIST standards. This is concrete protection against a threat that will materialise within a horizon of several years.

Cisco 8000 is a platform for converging networking and security at the WAN edge. The lineincludes a built-in firewall, SD-WAN functions with intelligent routing based on application quality, and support for SASE architecture. Performance has grown several times over compared with the previous generation: the C8300 model, for example, delivers up to 10 times higher IPsec throughput.

Александр Моргун, Technical BDM в MUK GroupProtection with no blind spotsProtection with no blind spots
1 / 4

The cloud instead of the server room

Nodirbek Ikromov, Pre-saleEngineerMUKGroup, focused on the question of management: how to administer a distributed network without an engineer at every site. When a company has dozens or hundreds of branches, a different operating model is needed.

CiscoMeraki manages switches, access points, SD-WAN gateways, IP cameras and IoT sensors through a single browser dashboard. Today the platform serves more than 4 million customer networks and over 14 million active devices in 190 countries. 75% of the Fortune 500 companies use Meraki in their infrastructure.

The Meraki architecture often raises a question: if management is cloud-based, what happens when the internet connection is lost? The answer is that all user traffic goes directly through the customer's network, bypassing the cloud. The cloud is used only for management: delivering configuration, telemetry and analytics. If connectivity is lost, the network continues to operate as normal.

The platform's key principle is zero-touchprovisioning. A new device only needs to be connected to power and the network: it finds the dashboard itself, downloads the configuration and goes live. For companies with an extensive branch network this is not a convenience but an operational necessity - it is enough to ship the equipment to the site and complete the deployment remotely.

Meraki MV cameras remove network video recorders, the video management system and separate storage servers from the video system. Storage is built into the camera itself - the retention period depends on the model and ranges from 60 to 120 days. Analytics run on the device, and video is accessed through the same dashboard that manages the switches and access points. Motion heat maps, people counting and person detection are generated from metadata without additional software.

Нодирбек Икромов, Pre-sale Engineer MUK GroupProtection with no blind spotsProtection with no blind spots
1 / 3

When the attacker is already inside

Baisal Sheraliev, Senior Security Engineer Green Light, spoke about layered defence against targeted attacks. A typical modern attack chain looks like this: a personalised phishing email - the user clicks the link - lands on a malicious site - a foreign process is created on their device. This process connects to other machines on the network or reaches the data directly. Classic security tools see each of these steps as an isolated event and do not link them into a single picture of the attack. Cisco XDR (Extended Detection and Response) is the platform at the centre of the Cisco Breach Protection Suite architecture. XDR collects telemetry from every layer of the infrastructure: the network, endpoints, email, the cloud, firewalls. Machine learning algorithms correlate individual signals and build them into an attack chain. Not a queue of thousands of disconnected alerts, but a single incident card with full context. Incidents are formed from alerts with common indicators: the same host, IP address, file hash or user name. Generative AI summarises the essence of the incident: which assets are affected, the attack timeline, the entry point. The time from detection to understanding is reduced from hours to minutes. Response is automated through built-in SOAR capabilities (Security Orchestration, Automation and Response). The analyst configures the rules once, and from then on the system works at machine speed: it isolates the infected host, blocks the malicious domain, and revokes the compromised credentials. The Breach Protection Suite is made up of several components:

  • Cisco Secure Endpoint is an EDR agent (Endpoint Detection and Response). It analyses all processes and files in real time and isolates the device from the network when a threat is detected.
  • Cisco Secure Email Threat Defense covers the email vector: phishing, business email compromise, account takeover, malicious attachments. It checks the reputation of the sender and URLs, scans files, and detects social engineering - attacks where the file itself is clean but the text of the email is manipulative.
  • Cisco Secure Malware Analytics is a sandbox for unknown files. A suspicious object is run in an isolated environment, the system observes its behaviour and delivers a verdict based on behavioural analysis rather than the hash alone.
  • Cisco Secure Network Analytics is machine learning-based network traffic analytics. The system builds a baseline behaviour model for every host and network segment, then reacts to deviations: an unusual volume of data, non-standard connections, signs of an attacker's lateral movement.
  • Network Visibility Module extends standard NetFlow (a protocol for collecting network traffic data): endpoint context is added to network flows - the user name, the process name, the hash of the executable file, the parent process.
Байсал Шералиев, Senior Security Engineer Green LightProtection with no blind spotsProtection with no blind spots
1 / 3

Three lines of defence - one architecture

The network, management and security are ceasing to be three independent projects with different vendors, teams and consoles. In Cisco's integrated architecture, the Catalyst switch knows who has connected to a port through ISE, the 8000 router shares telemetry with XDR, and the Meraki camera becomes part of the same sensor ecosystem as the access point.

In the event of an incident the difference is fundamental: disconnected products see fragments, whereas an integrated platform sees the full picture of the attack. The time from the first alert to containing the threat is reduced from hours to minutes.

Today, investment in network equipment and investment in cybersecurity are a single architectural task. Green Light is one of the leaders in designing and integrating Cisco solutions in Central Asia. The company employs more than 10 certified engineers, including engineers with the highest level of Cisco certification, Cisco Certified Internetwork Expert (CCIE), who cover the entire Cisco technology stack.

If you want to build a reliable infrastructure with a high level of protection, submit a request or contact us using the details provided - and Green Light specialists will help you select the optimal configuration of Cisco solutions for your business needs.

Материалы мероприятия

Запросите презентации и материалы «Cisco Conference Tashkent 2026» - пришлём по заявке.