Hello, everyone. Welcome to another Itentual webinar. My name is Rich Martin, director of technical marketing. And today, our topic is how to use Itential, our platform, our m p MCP server, and an AI LLM of choice in order to generate config compliance templates for both security, networking, really anything in your environment. This is a big deal because it really impacts just about everybody that runs a network in their business. And so in order to talk about it, I need an expert, and that expert, of course, is Ankit Bansali. Ankit, say hello and give us a quick intro. Hello, Rich and everybody. Name's Ankit Bansali. I'm a principal solution architect. And, Rich, thank you for having me. Absolutely. Now there's an old Chinese proverb that says the, the journey of a thousand miles starts with the first step. Okay? Now I'm pretty sure you can you can check me on this, but I'm pretty sure what whoever that Chinese, wise person was was probably thinking about config compliance, in modern day when he came up with that. Because when you think about it, it's really difficult to get started down this route, especially when you think through, maybe one of these one of these policies that that defines the governance and of how your IT infrastructure has to be configured. So what are some of the ones that we we currently run into when you talk to customers, let's say, in the in the different verticals and markets? What are some of the ones that that always come up that they're that they're bound to have to conform to? Yeah. There's there's a popular one, and and, I mean, we talk to a lot of people, and compliance is always there. It's it's a reoccurring, event that happens every six months, quarterly depending on on on the businesses. But there's PCI, HIPAA, SOX, NIST, ISO. So there's a bunch of crazy words Yeah. Which which everybody I know loves hearing when when they are being called on to work on. Yeah. I I used to do, many years ago, some consulting, and we did some PCI consulting for network. Infrastructure. Yeah. And I can tell you what, though just those three words or the three letters, PCI or PCI DSS now, strikes fear in the hearts of many network engineers. And the reason why is pretty straightforward. Have you ever looked at one of those documents that defines all the things you have to do? I I looked at your video on LinkedIn, and and you show how many documents when you scroll over and it's Yeah. The current PCI DSS spec is, like, is, like, almost four hundred pages. I know. It's pretty And so think about what you have to do. Just and that's just one spec. Like, you could have multiple policies that you have to adhere to or maybe a whole different set of policies if you're in health care or something like that. Like, HIPAA would would cover that. And each one of them has their specs. Now there's probably a lot of similarities around those, but the the point of the matter is you have to go through and read through that and then kind of turn that into a set of configurations that's very unique to your own network infrastructure, the the vendors you're using, the models you're using, all of that kind of stuff, firewalls, because it all needs to be done. And, really, when you think about it, that could be a full time job. Even though there might be a once or twice a year type audit or review, that could be a full time job. And I think that's really what a lot of folks are up against, especially a lot of the folks that you talk to on a day to day basis on Git. Correct. And and to your point that this is very overwhelming, right, that information. You gotta know the the the background, the governance piece of it, but it's, again, very continuously changing. You these these requirements change. They have to be adaptable for the new infrastructure, especially with AI and cybersecurity around networks, especially when we hear AWS talking about how AI is impacting, firewalls and and the the point of attack is not just humans anymore. Right? It's it's machines with brains, basically. And and there's a lot of, compliance wise needs to go into security or network and and rightly so because even though it's a lot of work, this is making sure businesses and their networks stay healthy, especially with with the data which they they, capture along with their transactions and things like that. Yeah. No. That's a great point, and that really brings us to some of those challenges. So number one, there's probably a lot of devices in your network. Right? And not it's just your network. Remember, comply these compliance specs are network, firewall, servers, everything that really holds up your applications and your business. And so not only are there lots of devices, because of the the scope, there's lots of people that have to be involved as well. Correct. And making all of that those configurations consistent with, and in compliance to these specifications is really, really difficult. And to your point just a moment ago, changes, changes, changes. Those those there's like a multidimensional set of changes. There's changes to the standards that could occur year to year. Right? There's changes to the devices that can occur hour to hour, day to day by those many different people, both in the hardware and the software side, device configurations change. All of these impact your ability to maintain compliance to those standards. And and like you said, we live in a in a in a day of AI everywhere, and that's unfortunately being leveraged to increase the number of attack attacks and the sophistication of attacks. Yep. And to that point, how much time do we actually have to respond nowadays? Yeah. Right? So so the automation is like both sides. One side is automating trying to get in. We have to we have to use the same techniques and automation to be as proactive as possible and then to be as responsive as possible. Correct. And and, what we have heard in the industry too, like, this is very important. And, I think something from Google, they are also releasing models for the future for, security ops. So they are making sure, they're they are focusing LLMs mostly on the security side of the world, which is, again, very unique compared to how how generous generalizing LLMs have become. But but Google is trying to go for this domain for security ops, which tells you that there is a lot to be learned, and things change fast, which means we have to adapt faster. That's right. Which leads us right into what we're gonna be taking a look at today. How we can now leverage, your AI model of choice. In this case, we're using Claude, along with the iTential solution in order to really get that first step going for a lot of organizations or to maintain it over time. Mean meaning, how do we generate a set of configurations given the standard that we would have to adhere to, that huge document that nobody wants to read through, and then generate a set of configurations based off of what our infrastructure, our network infrastructure, our security infrastructure looks like today composed of all the different stuff that we have. Alright? And and so let walk walk us through what we're gonna be taking a look at today and and what the output is going to look like for one of our prospects or customers that that that's doing this. Absolutely. And and to your point, this is a good place to start here, especially leveraging AI to build things, especially when when the context is that hard to understand. Not not hard to understand. It's it's not everybody's cup of tea. Right? And and you have to understand there's there's a lot of context and understanding of just the network, the compliance, the the the the red tapes around how you wanna do compliance, and and that those are all outlined in these, compliance frameworks. So, what what we are going to do is leverage AI where it's best. It's it's best at at reading text documents because we saw a lot of Chad GPT, Claude, and and Google, AI trying to show how multimodal they are. They can ingest a lot of different kinds of, information in different format, which means now once they know how to process that information, with MCP, we can also now interact with systems using AI. Right. In this case, what we are leveraging is is the MCP server from Mytential. So it understands how Mytential functions and and how to talk to Mytential when when you're trying to build things in the platform. So what we're gonna do is we're gonna use the the prompt to tell Claude to first go research on your crazy document. And then then based on that, set up the right requirements to build a compliance framework inside of the I tential that is pretty much tied to that compliance requirement. And and at the end, we'll also see how how that looks like, how it thinks through this process, and how it how how it generates the the whole whole flow. Are you ready for the live demonstration? Yeah. Let's take a look. Let's do it. So let me share my screen real quick. So what you're seeing right now is is the cloud client, here, by Entropic. And and what we are doing is gonna gonna put in that prompt which which we talked about. Okay. In this prompt, we are focusing on mostly PCI DSS. Right. And there's few things we are we are asking it to do here. And I'll just paste the prompt here so I I can read it out loud. So what I'm gonna do is, just gonna keep instructions simple. I can be very robust and and comprehensive in terms of what I want, but what I'm asking it is to go research. So I'm gonna enable the research mode. So what I want it to do is go out, research the PCI DDS documentation, which was three hundred, four hundred pages, understand what the requirements are, and then build a golden configuration tree inside of the platform for Cisco iOS devices, and and we'll see this in action. Is there any any comments, from you be before we hit the No. So so I think just to point out that in this particular case, we're doing PCI DSS. This could be NIST. This could be, HIPAA. This could be any number or all of them, right, in order to generate this along with and this is what really makes us unique is really two things. It's the standard you wanted to adhere to, the set of network or firewall that is vendor specific to what you're using, right, in this case, Cisco iOS, and we could have gotten really specific with it. But, you know, this is good enough for a demonstration. And, the fact that it's building it within our own within the Itential platform in a way that's directly usable. And that that kind of magic right there is is by using the MCP server that's attached to the Itential platform that you're using. So the the the AI can understand the format and how to how to operate within our platform to build these configuration templates. And, again, think about all the time this is going to save somebody, especially if they if they have to do this multiple times for multiple specs or multiple audits a year. Yeah. And and what I mean, I I know you have done this a lot of time in in your previous jobs, where you have to do compliance. So you know for a fact that this is not a single person effort. Right? No. It's not. So it's it's a team that goes behind the scene, and there's a lot of folks that are being called. So if if you can see, we put in the request already, and and it's gonna start, processing information. Mhmm. Let's I think we had an error, but what we'll do is we'll try to send this one more time. Okay. So I'll stop Claude. I'll maybe change the interface. Let me try it one more time with the new chatbot. There you go. So same requirements, and, there you go. So this time it's working. And like I said, the live demos. Right? So guess what it did? It it went out, and it reviewed ten different websites, and you can see from a requirement standpoint. This is crazy because if I asked you to do it, I'm sure you're gonna do it. The team can do it, but you'll have to spend hours, not just hours. It's gonna be multiple months to understand a list of requirements, build a plan, associate the tool set, and and then build an execution plan for your auditors to have those reporting capabilities because somebody has to ship this information back to the auditors. And and while I'm talking, it basically ran through all of these ten websites, and then it's trying to start building things already in matter of, like, minutes. So if you could if you can look, it's pretty much processing and and trying things out by itself, using the iTential MCP servers with the PCI DSS four point o requirements. Yeah. And and I'm reading right here that it's actually going to structure it in a modular way. So I'm excited to see what that looks like once it builds everything. Right. Because, yeah, in my in my previous life, like I said, I I I did some PCI auditing, as a consultant. And, you know, the documentation was always a very time consuming piece of it, not only the research and the and generating the documentation as well. Wow. That is awesome. And and you have seen see I mean, this is awesome, but you have seen the real pain of doing it by hand and Yeah. Selecting the tool set and everything. Right? But if if you look at this, it basically ran through all of these ten links, the documentation around it, the guide. I mean, it went through the whole PCI DSS four point o dot one twenty twenty five guide real time while we are talking, and it it created the tree. And if you remember, I told it to call it AI demo as my tree name, and that's exactly what it did. And it's it's pretty much trying to add child node based on on the capabilities, which is, again, making it very modular and and and very, design friendly for for maintaining this tree going forward. So, Rich, you will not believe, it did a pretty damn good job, and excuse my language here, but this is so awesome. Like, we gave requirements, go go out on the Internet, read through the documents, try to figure out the requirements for PCI DSS. And we said the target device is going to be Cisco iOS device from a network perspective. And we also suggested that we wanna make sure you modularize and design it in a way which is easy to maintain. Going towards this, it was able to then read the documents, create a bunch of notes, which is child node inside of the platform from the information that it got from a standard. And it just keeps going on, and it tells you how modular things are from a design perspective. And and, Rich, this is the best part. Once I click on this document, it gives a complete summarization of what happened and how it designed it and why why it chose this design. This is, this is exactly the kind of use case that's, AI is is optimal for when it comes to how it intersects with audits, security, network, firewall. The ability to not only generate the golden configurations is a time consuming task we've talked about, but think through how much documentation time has just been saved as well to the point where it matches up one for one to not only the section policy that it's covering, to the configuration it's it's implemented. I mean, I don't think in the history of me or the people I worked with doing this kind of compliance audits or customers that have to suffer through an audit, I don't think in the whole history they've ever generated a report that would make the auditor happy. I think maybe we we just might have done that right here. An auditor could look at this and see how it corresponds not only the the the very specific sections of the PCI DSS spec, but also here's what it looks like, turned into a set of config comp golden config compliance templates inside the iTential platform that ultimately get used to generate real time, audits and reports on the network. That's super exciting. You I I think you said something. This I guarantee you, this is definitely a world record on creating compliance template on one of your compliance framework, which is PCI d s, DSS. And it's I I hundred percent believe that's the case because I have done this so many times building things. Right? You gotta learn. You gotta research, and you gotta understand and then build it. And don't forget the network configuration that comes with the template. Like, we still have to show you the identical side of the world Yeah. Yeah. From the documentation side. Like, it it is totally, mind blowing here, that that how accurately it it understood the task and build something which is very valuable to organization, which would takes months and months. And, again, don't don't forget this is not a one time thing. You're gonna have to do this again tomorrow. Right? Right. Which means we made it so easy with the ITential that by just running bunch of commands, you are generating a compliance report a compliance structure templatized in the platform for that, new new requirements without having to learn anything new from from that whole document which which we have to study otherwise. Yeah. No. Well, I think the point needs to be made is the fact that this was impossible to do a week later or a day later. Right? But now it's possible to do this, because it doesn't take an army of people anymore. It takes, you know, all of the the the pieces and parts that we put together here. It's the iTential platform plus the MCP server plus a language model and the prompting. And boom, you could generate this every week if you really wanted to, which, like I said, would have been impossible up until now. Yeah. So before I move into the platform, you got any comments? No. I'm just awestruck by how how great this is. So let's go into the platform and see the magic that it's done there. Yeah. Because I I think that would help us understand, and and we'll see how good it actually designed it. Because on the documentation side, so far it looks good. And and you have to also understand, I did not click. It understood the task, and it did it by itself. So let's let's take a look. Let me stop sharing. I'll share one more time. K. There you go. Let me know if the attentional platform is coming through. Yep. I see it. Perfect. So now moment of truth, we go to config manager. Let me zoom out a bit. Let me go to config manager. And, you know, ITential talks to multi vendor and all all good bits, but our focus here is golden configuration. Boom. And if if you remember, we talked about naming our tree as AI demo. So let's look into it and boom. Oh, this is amazing. So if if people aren't familiar with with the configuration manager application, it's an application inside of our platform that does config compliance, device configuration, backups, and basically how to manage your configuration, throughout the lifetime of whatever devices. We support all the major vendors, all the major, CLI formats, and we support API so that we can do things like talk to controllers and do configurate golden configurations for, you know, JSON representations of configurations or something in AWS or Azure or any cloud. If it's an a if it's got an API, we can do the same thing here. So when you really couple the flexibility of, of this application in our platform and its ability to go across all the infrastructure, whether it's virtual, cloud, physical, CLI, API, along with what we've just shown here, you can really start to imagine the value that this will have for basically everybody out there that has to maintain compliance across the board according to some sort of specification. But okay. So let's dig a little deeper into this because this is really awesome. Yeah. So if you look at the breakdown. Right? So when it went out and understood the requirements, when we suggest that we want modular design, it it started categorizing things into into something, that is directly related to PCI, which is there's a network security control, secure configuration, data protection, strong, cryptography. We have authentication, logging monitoring. So this is where I think a combination of a network engineer with AI and iTential creates this amazing triangle where you can get the expertise from the network engineers to review the, design and and the configuration templates built by AI in the iTential platform. And it makes it it makes it easier for organization to not just maintain this, but also run it at scale because now once this is baked in and and and and you have it ready, you can keep scheduling compliance reports pretty much every day or at the end of the business day just to make sure things are working accurately and and your network is healthy. And and you don't have to have that surprise panic attack whenever somebody asks for a compliance report, especially the auditors. So now you're much more prepared and in in advance, and you have requirements that's been generated from an actual documentation for that particular year. So there's a lot of good baits and I mean, it took longer for us to talk through this than for AI to understand the the requirements and build the GC with the configurations, which are embedded inside of this. So can we take a little deeper look into the generated configurations? Yeah. Let's take a look at the do you have any preference? Or No. No. No. Just walk us through. Okay. Perfect. So I just picked, this one network segmentation and boom. If you look at this thing, it is a templated with variable eyes, and it's it's giving you an example of what a good configuration should be with respect to the PCI audit, and you can see it's already variableized things for you. So now if if if you also see it also gave a list of variables that that are pretty much defined across the tree, and it's giving you some understanding of what's possible here. So you can see the configuration where VLAN, in this case, three hundred is management VLAN. There's a DNC VLAN, and and it's telling you which VLAN is is the DMC VLAN on the interface. So it's giving you that template construct without having to reinvent the whole process. You can fine tune this now, which will be much more accurately represented of your network and just run the compliance on it. I'll I'll click into a few things. Sure. From an ACL perspective, how many times we have heard we need compliance around ACL because that's very critical. I think logging and authentication are are very, important piece too because you do not want authentication to be local triple a. You you want it with the tac acts, and and not those local accounts. You want the, privilege mode to be accurately represented from from best practices in your organization across your devices. So you you see it it starts thinking about all of those aspects which are directly tied to PCI d, DSS compliance framework. Yeah. No. This is this is super exciting because I think what you just said there is important. There's two things going on here that that our platform is really helping them with. Once this is generated, number one, all of these variables. These variables help you to define the specific things that are unique in your environment. Where is the syslog server? Where is the NTP server? That's that's critical. And, of course, because of the we the way we use workflows and modularity, this is also how we can make this, applicable to, you know, basically all kinds of devices in your network to run those scheduled compliance, audits and reports. The second thing is the ease the ease of tuning this. Right off the bat, I see things that I might have forgotten when I was building these things by hand for customers. Did I turn off the broadcast store broadcast storm correctly? Did I set, you know, timeouts correctly? What were the timeouts again according to the PCI spec? You know, those kind of little things are easy to miss, human error, right, or just forgetfulness. I look at this and I go, oh my gosh. It's all there. It's all consistent. It's all ready to go. And to your point, I can go and just modify this to fit the environment. Maybe we have several DMZs instead of one. Right? I can add that in very quickly, or or or maybe it's giving me something else, and I can change and modify that. The amount of time it saved me as a single network engineer working on this by myself cannot be understated. This is an amazing amount of time saving work. It is literally one of the perfect use cases for AI plus iTential. And and and the impact it could have for an organization on the security, compliance, performance, all of that, just passing an audit without any problems and having the back end documentation match everything that's just just been generated here, the just like I like I said, I'm I'm just struck by how how how much time because it it's been personal for me. I know. This is amazing. Yeah. And it's a team effort. It's not an individual effort when you're doing it for organization. Right? Now imagine your team can now start giving guidelines rather than having to sit through this whole process, which which would take months. And we have talked to a lot of customers. When they go global, they have auditors from different regions that want auditing reports, and their requirements are different. So now you have to set up these kind of sessions, which are, like, three days, seven day sessions across the board with bringing all your engineers, spending time building these reports, and then shipping those reports, so that it's accurate accurately, representative of that region and and the device structure. There's there's one more thing, Rich, because this is only Cisco iOS. Right? And we know we have large customers with multi vendor devices. Right. Imagine getting a NIST across your, vendor portfolio or or PCI across your network portfolio. That's that's just game changing because now you do not spend time building everything by hand. You leverage the right tool for the right job. And in this case, to your point, and you keep making that point is AI is very good at this. So why should we not leverage this? Because we are not changing the network, if you understand, in in this concept. Right? Because especially from an infrastructure and network perspective, a lot of our leaders are very skeptic when when launching that AI on the network. Right? In this case, I tend to being that software platform middle layer. You can start leveraging AI in in the platform to build things and then accurately run it against your network having that consistent, and definitely with with really good guardrails, which which gives you that visibility across each each run-in processes. Yeah. Yeah. Great point. This is like I said, this is a great way to leverage a tool like AI in a way that's, I would say, responsible, safe, and impactful. Right? It's not running around making tons of changes on the network, but it's guiding the the the governance based off of all of the amount of documentation that somebody would have to go through and now generating it in a way that makes breezing through this. And and the different people now now the participation across the team, across the different vendors, you're not thrown for a loop. Oh my gosh. We're deploying in Europe. That's a different standard. You're not thrown for a loop. Oh my goodness. We're, you know, we just bought another company and they're using a different vendor. We don't know how to generate things like that for a Juniper and Arista. No. Actually, you can do it no matter what with this kind of technology and iTential. Yeah. I I think it scales up the collaboration with AI network engineers and and organizations because network engineers can now leverage AI to to build something like this and organize can get that benefit with the potential platform, which is multi vendor, multi domain. So imagine you now do this for your PCI. You do it for NIST, SOC, and and do it for, operating system. Right? And and what you can do is next is couple a lot of these things together with compliance plan because as an organization, I mostly care about what my network is, with respect to my configuration and and all the standards that are in place. So with compliance plan, you can bring these individual trees as standards and then just expose the plan as a service, which could be multi vendor in in in this case. And, at the end of the session, I will just give you a quick once you have built this and you run this, you should get a very predefined report, which shows you what what's missing and what's out of compliance and which is great to understand because now your team can go fix it, rerun this whole process one more time by just running the plan and and make sure things are healthy so they can send that report to the auditors. There you go. Yeah. Yeah. And I think along with that too, the ability to integrate with the different systems for the documentation itself. So generating the report, that's fantastic, but it's gotta be stored somewhere. A lot of times, we want to, track things with a ticket ServiceNow or some other Jira or something like that. The ability for iTential to integrate in those systems and then to update all the documentation in one place so that when audit time comes, not only do you have all the reports, but you have all the tracking, the changes, all the other ancillary things they're looking at as well to ensure everything is is, tip top and and secure. Yep. So let me just bring it out the report so you can you can take a look at that. So I'm gonna bring up a previous run report. Right? And that's pretty much a multi vendor idea that I am a Cisco shop. I wanna do iOS, XR, and XOS. We can do multi vendor network where it can go from Cisco, Arista, Juniper. Right? So you have different ways of consuming this, and now you can focus on on what devices and and what what really is out of compliance based on the standard that are defined in the golden configuration. Right. And and in this case too, like, one of the things that you can also do as you kind of advance is being able to auto remediate within a workflow if if that's important. Right? So so certain things like, what was it last year where there was a a rush to make sure all the different Cisco IOS XR devices had HTTPS turned off. Why? Because it was a critical bug. You know, things like that. Now we you know, in some cases, maybe we need to definitely have a process to do remediation and changes during a maintenance window depending on the type of change. But there are cases where we've gotta get these things patched up and done immediately. Remember, the time to respond to something is much lower nowadays because of what's going on in the world and so much so, you know, so many bad actors out there. Right. So the ability to do that within a workflow as well is there. Correct. And remediation with proper change management Right. Makes it so easy. And and and without fear, you can start, making these changes because everything is tracked from a auditing perspective. You're you're only running approved services on the network that are supposed to make a change, and and you're logging all of those activities in the platform. So identifying what's wrong and then trying to fix it with change management, this basically gives you a very healthy network and also identify any out of band changes you might be, going through, which is causing all of this compliance to to not work all the time. Well, Ankit, that that's, this was an awesome demo. I gotta say this is, you know, just looking at it in real time as you've you've done it, it is amazing to me. Like, I you know, it I am not always left without words, but now it's hearkening back to many decades ago when we did this by hand I know. Right? How long it took. And, really, it took an army and and weeks of time to where we were we felt we were kinda ready for the audit. Yeah. And now we we have the kind of tools at our disposal that can make this, I mean, almost effortless. Really and truly almost effortless. And it's an amazing time we live in, an amazing set of technology. And for network engineers out there that are looking to really put a very, very colorful feather in their cap, to use a an old expression, This is something you should probably be a champion of in your in your organization because it's gonna make a tremendous impact, not just for the networking team, but security team and the entire organization as a whole, the whole business as a whole. Yeah. And, no. Thank you for having me, but I really wanted to make sure people could see the potential, especially on the networking infrastructure side because there's a lot you can leverage AI with. And it's not about just chat bots, which what people have been talking about. There's there's more good ways to implement AI in your day to day, processes. An organization can pretty much I mean, you saw the level of effort here and the time we spend. Right? Now imagine just spending couple of days to fine tune this, and and we have a standard that's ready to go and send reports to auditor instead of months to to less than a week, to be honest. Absolutely right. Well, again, thanks again, Ankit. I really appreciate it. Any parting words? I'm looking forward to the next thing we we get to do together. Oh, I absolutely. Yeah. And and I was really, to be honest, I I wanted people to see the the capabilities from the platform and AI and and to be very serious about this technology because it is it it is game changing for real. Yeah. It truly is. It truly is. And it's awesome to be a part of a company like iTential that's, you know, tied into it and looking at the most useful ways that we can help our customers and our future customers leverage this in a safe and in a secure environment. And working with folks like you who are always on the cutting edge, looking for those opportunities, those use cases is super exciting. So thanks, Ankit. No. Thank you for having me. Appreciate it, bro. Absolutely. Thank you all out there for tuning in again. If you have if you have any questions or want more information, feel free to contact us here, and, we look forward to talking to you again. Bye bye. Bye bye.