Cisco is rolling out a "Security Everywhere" initiative aimed at embedding security throughout the extended network – from the data center out to endpoints, branch offices, and the cloud. The goal is pervasive threat visibility and control for enterprises and service provider networks. To get there, Cisco is adding more sensors to increase visibility; more control points to strengthen enforcement; and pervasive, advanced threat protection to reduce time-to-detection and time-to-response, limiting the impact of attacks.
Cisco is launching the following set of solutions across the entire networking portfolio:
• Endpoints: With Cisco AnyConnect Featuring Cisco AMP for Endpoints, customers using the Cisco AnyConnect 4.1 VPN client now can easily deploy and significantly expand their threat
protection to VPN-enabled endpoints to continuously and retrospectively guard against advanced malware.
• Campus and Branch: FirePOWER Services solutions for Cisco Integrated Services Rou
ters (ISR) provides centrally managed Next-Generation Intrusion Prevention System (NGIPS) and
Advanced Malware Protection (AMP) at the branch office integrated in the network fabric, where dedicated security appliances may not be feasible.
• Network as a Sensor and Enforcer: Cisco has embedded multiple security technologies into the network infrastructure to provide broad threat visibility to rapidly identify users and
devices associated with anomalies, threats and misuse of networks and applications. New capabilities include:
o Broader Integration between Identity Services Engine (ISE) and Lancope StealthWatch: Enterprises can go beyond just mapping IP addresses to identifying threat vectors based
on ISE’s context of who, what, where, when and how users and devices are connected and access network resources. This provides greater contextual threat visibility with
StealthWatch for accelerated identification of threats.
o NetFlow on Cisco UCS: Extending Cisco’s network-as-a-sensor capabilities to the physical and virtual servers, customers now have greater visibility into network traffic
flow patterns and threat intelligence information in the data center.
Using the new embedded security capabilities, Cisco networks now have the ability to automate and dynamically enforce security policies. Customers can segment applications and
users throughout the network – across the extended enterprise to use policy to define which users can get which applications and what traffic can traverse the network then automate
security operations.
o TrustSec + ISE and StealthWatch Integration: StealthWatch can now block suspicious network devices by initiating segmentation changes, providing rapid response to identified
malicious activity. ISE can then modify access policies for Cisco routers, switches, and wireless LAN controllers embedded with TrustSec technology.
Hosted Identity Services provide a secure, 24/7, cloud-delivered service for the Cisco Identity Services Engine, a security policy management platform that unifies and automates secure
network access control. The new hosted service speeds time to deployment, supporting business growth and providing role-based, context-aware identity enforcement of users and devices permitted on the network, streamlining enterprise mobility experiences.
• pxGrid Ecosystem: Eleven new partners have joined the pxGrid Ecosystem with the addition of several new ecosystem technology categories, including cloud security and network/application performance management. pxGrid is Cisco’s security context information exchange fabric that enables security platforms to share information to drive better threat detection, mitigation and overall security operations.
Cisco is also expanding advanced threat-centric protection for its Evolved Programmable Network (EPN), which is its open network architecture designed to advance the adoption of Software Defined Networking (SDN) and Network Functions Virtualization (NFV). Cisco’s new service provider security solutions include the following:
• Cisco Firepower 9300 Integrated Security Platform is a carrier-grade, high-performance, scalable and modular multi-services security platform purpose-built for service providers, that
can scale security for increased data flows due to accelerated service demands and carrier class requirements.
• Expanded Advanced Orchestration and Cloud Capabilities enable Cisco’s new security solutions to integrate with the Cisco architecture and third-party SDN/NFV solutions, as
well as Cisco’s Adaptive Security Appliance Virtual (ASAv) with Cisco’s Network Service Orchestrator (NSO) and Application-Centric Infrastructure (ACI). These orchestration and cloud capabilities also include open APIs for integration with orchestration, Operation Support Systems/Business Support Systems, and Cloud Security-as-a-Service solutions.
• Advanced features such as secure containers to accommodate future security services and applications. Additionally, Cisco ASA firewall and third-party DDoS mitigation from Radware
are currently supported, with additional capabilities planned for the second half of 2015.
http://www.cisco.com
Cisco is launching the following set of solutions across the entire networking portfolio:
• Endpoints: With Cisco AnyConnect Featuring Cisco AMP for Endpoints, customers using the Cisco AnyConnect 4.1 VPN client now can easily deploy and significantly expand their threat
protection to VPN-enabled endpoints to continuously and retrospectively guard against advanced malware.
• Campus and Branch: FirePOWER Services solutions for Cisco Integrated Services Rou
ters (ISR) provides centrally managed Next-Generation Intrusion Prevention System (NGIPS) and
Advanced Malware Protection (AMP) at the branch office integrated in the network fabric, where dedicated security appliances may not be feasible.
• Network as a Sensor and Enforcer: Cisco has embedded multiple security technologies into the network infrastructure to provide broad threat visibility to rapidly identify users and
devices associated with anomalies, threats and misuse of networks and applications. New capabilities include:
o Broader Integration between Identity Services Engine (ISE) and Lancope StealthWatch: Enterprises can go beyond just mapping IP addresses to identifying threat vectors based
on ISE’s context of who, what, where, when and how users and devices are connected and access network resources. This provides greater contextual threat visibility with
StealthWatch for accelerated identification of threats.
o NetFlow on Cisco UCS: Extending Cisco’s network-as-a-sensor capabilities to the physical and virtual servers, customers now have greater visibility into network traffic
flow patterns and threat intelligence information in the data center.
Using the new embedded security capabilities, Cisco networks now have the ability to automate and dynamically enforce security policies. Customers can segment applications and
users throughout the network – across the extended enterprise to use policy to define which users can get which applications and what traffic can traverse the network then automate
security operations.
o TrustSec + ISE and StealthWatch Integration: StealthWatch can now block suspicious network devices by initiating segmentation changes, providing rapid response to identified
malicious activity. ISE can then modify access policies for Cisco routers, switches, and wireless LAN controllers embedded with TrustSec technology.
Hosted Identity Services provide a secure, 24/7, cloud-delivered service for the Cisco Identity Services Engine, a security policy management platform that unifies and automates secure
network access control. The new hosted service speeds time to deployment, supporting business growth and providing role-based, context-aware identity enforcement of users and devices permitted on the network, streamlining enterprise mobility experiences.
• pxGrid Ecosystem: Eleven new partners have joined the pxGrid Ecosystem with the addition of several new ecosystem technology categories, including cloud security and network/application performance management. pxGrid is Cisco’s security context information exchange fabric that enables security platforms to share information to drive better threat detection, mitigation and overall security operations.
Cisco is also expanding advanced threat-centric protection for its Evolved Programmable Network (EPN), which is its open network architecture designed to advance the adoption of Software Defined Networking (SDN) and Network Functions Virtualization (NFV). Cisco’s new service provider security solutions include the following:
• Cisco Firepower 9300 Integrated Security Platform is a carrier-grade, high-performance, scalable and modular multi-services security platform purpose-built for service providers, that
can scale security for increased data flows due to accelerated service demands and carrier class requirements.
• Expanded Advanced Orchestration and Cloud Capabilities enable Cisco’s new security solutions to integrate with the Cisco architecture and third-party SDN/NFV solutions, as
well as Cisco’s Adaptive Security Appliance Virtual (ASAv) with Cisco’s Network Service Orchestrator (NSO) and Application-Centric Infrastructure (ACI). These orchestration and cloud capabilities also include open APIs for integration with orchestration, Operation Support Systems/Business Support Systems, and Cloud Security-as-a-Service solutions.
• Advanced features such as secure containers to accommodate future security services and applications. Additionally, Cisco ASA firewall and third-party DDoS mitigation from Radware
are currently supported, with additional capabilities planned for the second half of 2015.
http://www.cisco.com