Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cisco plans to embed security everywhere

Jim Duffy | June 10, 2015
Plan includes Campus, Branch, endpoints and sensors for Internet of Everything.

Cisco this week announced a plan to embed security throughout the network -- from the data center out to endpoints, branch offices, and the cloud -- in an effort to avoid pervasive threats.

Cisco says the strategy, announced at this week's Cisco Live conference, will give customers the ability to gain threat-centric security required for the digitized business and the Internet of Everything. The company sees IoE as a $19 trillion opportunity over the next decade while cybercrime is itself a $450 billion to $1 trillion business.

To combat that, Cisco says it is adding more sensors to network devices to increase visibility, more control points to strengthen enforcement, and pervasive threat protection to reduce time-to-detection and time-to-response. The plan includes:

  • Endpoints: Customers using the Cisco AnyConnect 4.1 VPN client now can deploy threat protection to VPN-enabled endpoints to guard against advanced malware
  • Campus and Branch: FirePOWER Services solutions for Cisco Integrated Services Routers (ISR) provides centrally managed intrusion prevention systemand advanced malware protectionat the branch office where dedicated security appliances may not be feasible
  • Network as a Sensor and Enforcer: Cisco says it has embedded multiple security technologies into the network infrastructure to provide threat visibility to identify users and devices associated with anomalies, threats and misuse of networks and applications. New capabilities include broader integration between Cisco's Identity Services Engine (ISE) and Lancope StealthWatch to allow enterprises to identify threat vectors based on ISE's context of who, what, where, when and how users and devices are connected and access network resources.

StealthWatch can also now block suspicious network devices by initiating segmentation changes in response to identified malicious activity. ISE can then modify access policies for Cisco routers, switches, and wireless LAN controllers embedded with Cisco's TrustSec role-based technology.

Cisco has also added NetFlow monitoring to its UCS servers give customers greater visibility into network traffic flow patterns and threat intelligence information in the data center.

Other aspects of the plan include Hosted Identity Services, which is designed toprovide a cloud-delivered service for the Cisco Identity Services Engine security policy platform. The new hosted service provides role-based, context-aware identity enforcement of users and devices permitted on the network, Cisco says.

Cisco security chief David Goeckeler says embedding security everywhere is part of a larger integrated threat defense architecture Cisco wants to develop for its customers.

"We'll integrate this more and more," Goeckeler, senior vice president and general manager of Cisco's Security Business Group, said. "You can deploy it independently (with individual products) as an option. But we'll integrate it as an architecture as more are deployed.

"How do we build the best, most effective protection possible?" he asked. "How do we shrink the time to detect and remediate threats?"


1  2  Next Page 

Sign up for CIO Asia eNewsletters.