Cisco today announced a variety of hardware, software and services designed to increase network virtualization and bolster security for campus, branch office and cloud customers.
The products, which include a Network Functions Virtualization branch office device and improved security network segmentation software, fall under Cisco’s overarching Digital Network Architecture plan. DNA offers integrated networking software—virtualization, automation, analytics, cloud service management and security under a single suite.
“DNA offers IT leaders a blueprint for building digital ready networks. In just under 18 months we have seen over 1,900 organizations deploy our SDN controller, APIC-EM, in their networks and start laying a foundation capable of enabling their digital transformation,” said Cisco’s Prashanth Shenoy, vice president of marketing, Enterprise Networking and Mobility.
On the hardware side, Cisco rolled out the Enterprise Network Compute System (ENCS) 5400 Series, a 1RU Intel Xeon server that includes an eight-port GE Switch which supports LTE, T1, DSL and more, as well as Dual-Phy Gigabit Ethernet WAN connectivity and 64Gb of memory.
The 5400 a purpose-built branch platform aimed at helping customers accelerate their Enterprise NFV deployments by extending routing, security, WAN optimization and other network services to their branch environments, Shenoy said.
The 5400 is all about the speed and agility in setting up “a branch office rollout that secures virtualized services," Shenoy said. “A branch office that took days to set up and provision previously can now be done virtually in minutes with security, QoS and management capabilities.”
Cisco does offer other SD-WAN packages and the 5400 is another option but one that focuses on customers interested in virtualizing network functions, experts said.
For security, Cisco extended its TrustSec security software across all its network components and offers security segmentation to isolate attacks and restrict threats in the network.
TrustSec 6.1 now extends from the campus to the branch office and the cloud, all in an effort to avoid and prevent pervasive threats Shenoy said.
In that vein, Cisco also enhanced its Identity Services Engine (ISE). ISE 2.2 offers much deeper visibility into applications on endpoints, including detection of anomalous behavior. It also offers more granular control with the ability to define "DEFCON" policy sets that lets customers escalate their response to prolific threats, Shenoy stated.
Together ISE and TrustSec can help turn the network into a sensor and enforcer, Cisco said. ISE provides visibility and control of users and devices on the network, while TrustSec provides software-defined segmentation to isolate attacks and restrict movement of threats in the network.
Rather than changing the authorization of individual users and devices, or implementing policy changes manually, changing DEFCON state changes the TrustSec policies defining how users, devices, and systems can talk to others — essentially raising the “network drawbridges” to protect your critical data and maintaining essential services. For example, you could define DEFCON 4 to kick all guests off the network, DEFCON 3 to kick all BYOD users off the network, DEFCON 2 to restrict peer-to-peer traffic, and DEFCON 1 to severely limit access to your “crown jewels,” wrote Kevin Skahill, director, product management in Cisco’s Secure Access and Mobility Product Group in a blog detailing the new security software.
Sign up for CIO Asia eNewsletters.