Cisco Adds Intrusion Prevention to ACI
Cisco is integrating its FirePower threat prevention software and ACI network virtualization platform, while also adding a new security partner.Cisco Systems is growing the security features in its ACI network virtualization by integrating intrusion prevention technology the company acquired when it bought Sourcefire in 2013 for $2.7 billion. Cisco officials on April 29 at the Interop 2015 show in Las Vegas announced that the FirePower threat protection software will be integrated with the vendor's Application Centric Infrastructure (ACI), Cisco's answer to the software-defined networking (SDN) trend that brings together open and optimized hardware and software that are designed to ensure that workloads get the networking resources they need. The combination of ACI with the FirePower Next Generation Intrusion Prevention System—which will be available in June—will give businesses improved visibility not only before a cyber-attack occurs, but also during and after the attack, according to company officials. Users will be able to detect and deal with advanced security threats inside the data center through both FirePower's threat detection and advanced malware protection and such ACI capabilities as microsegmentation, advanced security service insertion and Layers 4-7 policy automation, according to Gary Kinghorn, senior solution marketing manager for network virtualization and SDN at Cisco. The rapid changes occurring in the data center are impacting how enterprises need to think about security, Kinghorn wrote in a post on the company blog.
"Perimeter security solutions that block all malicious traffic coming into the data center are great, but they can't help threats from propagating inside the data center," he wrote. "In a shared, multi-tenant environment where trust between users and applications can no longer be assumed, security solutions have to be in place to protect every workload from every other one, and to protect all tenants from each other. This is several orders of magnitude more complexity than we previously required. This trend has led to the implementation of fine-grained security policies, enforced between individual application workloads (microsegmentation)."