Cisco's new SecureX security architecture adds context-aware capabilities to the Cisco ASA Firewall and adds the AnyConnect VPN Client to the Cisco Security Intelligence Operations.
Cisco is rethinking its
long-term security strategy in light of the consumerization of workplace
technology that's changing work patterns and presenting new security
Cisco's new SecureX
framework is consolidating a number of formerly separate security technologies,
including its ASA firewall appliances, TrustSec service, IronPort scanning,
management tools and suite of cloud services. Cisco unveiled the newly
consolidated security product framework at the RSA security conference in San
Francisco in mid-February.
By combining independent
products, Cisco has a complete view of who is trying to access the network,
what type of device is used, where the device is physically located and what
services are requested, Kevin Kennedy, Cisco's product line manager, told
"We are baking security into
the fabric," he said.
The security model has to
adjust to the new reality, in which business users employ their own mobile
to access corporate resources, Kennedy said. Users are logging in
from anywhere at anytime. With more cloud
deployments, there are more endpoints to protect, he said.
The language of security
needs to change from just protecting IP addresses and ports to using a
higher-level policy language that correlates to business rules and definitions,
Kennedy said. SecureX emphasizes context-aware security-enforcement elements
that are available regardless of what the actual infrastructure looks like. It
will be available for both virtual and physical products, he said.
The firewall and a network intrusion-prevention
system will remain the cornerstones of network security, according to Kennedy.
As part of the SecureX announcement, Cisco added new context-aware capabilities
to its ASA firewall appliance, which would combine with information from
TrustSec for network information and the Cisco SIO (Security Intelligence
Operations) cloud service for threat analysis, Kennedy said.
Cisco SIO is a global
service that gathers information from the customer networks, correlates threat
information and provides actionable
back to the customers, Kennedy said. The service started with
e-mail security data and later added Web threats, firewall and
intrusion/prevention information, Kennedy said.
In addition to the new rules
from the ASA products, the SIO cloud service will also start receiving
information from the AnyConnect VPN client software under the new framework,
"The more data we get, the
better we protect our customers," he said. The collected data will be used to
improve rules that are published back to the devices. Cisco currently pushes
more than 800,000 rules every day, he said, such as botnet traffic rules for
the ASA and network traffic patterns.
The SIO collects data from
Cisco's IPS (Intrusion Prevention System) and firewall devices, and has
information on over 700,000 scanning elements, Kennedy said. With AnyConnect,
SIO would be collecting data from as many as 150 million endpoint-scanning
elements, he said. TrustSec collects network-intelligence data from Cisco's
Catalyst and Nexus switches.
Cisco envisions integrating
with more platforms, adding more applications and expanding capabilities,
Kennedy said. It will take "years to fully build out" SecureX, as Cisco tries
to figure out how to solve security problems, said Kennedy.
"We will be providing a
management capability that combines both the new context-aware [function and
manages] existing firewall rules," Kennedy said.
Cisco envisions third-party
providers extending and improving SecureX with additional plug-ins and
additional platform integration, Kenney said. The SecureX architecture will
have APIs available to service providers, a software development kit for
developers and a Cisco-supported developer ecosystem, Kennedy said.