Cisco Brings More Security to Its Networking DNA

At the Cisco Live show, company officials unveil new offerings designed to make it easier for enterprises to address increasing security threats.

network security

Cisco Systems executives are using the company's user conference this week to put an emphasis on the need for greater network security as organizations make their way to becoming digital businesses.

On the first day of the Cisco Live 2016 event in Las Vegas, CEO Chuck Robbins and other officials stressed that the rapidly changing data center environment—where more people, devices and applications are accessing the network, which increases the attack surface for increasingly sophisticated hackers—requires a more architectural and more software-based approach to security that not only tries to keep dangers out but also can rapidly detect and address threats when they get inside.

The digitization of the enterprise is driven by an array of industry trends, including greater mobility, the Internet of things (IoT), data analytics and the cloud.

"Perimeter security is important, but it's not enough anymore," David Goeckeler, senior vice president and general manager of Cisco's Networking and Security Business, said July 11 while on stage with Robbins during the CEO's keynote address.

The company unveiled an array of new security capabilities as well as network management offerings that are part of the larger Digital Network Architecture (DNA) initiative that the company rolled out in March. DNA represents a significant realignment of Cisco's approach to the network, creating an open, programmable and software-driven architecture that enables customers to more easily embrace everything from network virtualization to orchestration and analytics throughout the network, from the edge to the data center and cloud.

The goal is to create networks that are more automated, adaptable and software-centric, a change for a company that reached the top of the networking market through its hardware products.

"This is a fundamental shift for both Cisco and our customers as they get the network ready for the digital transformation," Prashanth Shenoy, senior director of enterprise networking and mobility at Cisco, told eWEEK in an interview before the show began. "Changes have been slow to come in networking environments. That's where DNA can help."

The new security and management capabilities are additions to the larger architecture to make networks more secure and less complex, and address what officials see as the intersection between security and networking.

The new security offerings include Umbrella Roaming and Umbrella Branch. Umbrella Roaming, an embedded module in Cisco's AnyConnect VPN solution, is designed to protect employees, regardless of where they work, even when they're roaming. The offering adds greater off-network protection by blocking connections to malicious sites without the need to deploy another agent, officials said.

Umbrella Branch is a cloud-based technology for branch offices that can be deployed through an upgrade to their Integrated Services Routers (ISRs) and give branch officials greater control over their guest WiFi networks through easier content filtering.

In addition, Cisco introduced its Defense Orchestrator management application that offers a cloud-based console through which customers can manage large security infrastructures and policies in distributed locations and across thousands of devices. The security policies can be managed across a variety of Cisco security products, including ASA and ASAv firewalls, Firepower next-generation firewalls and OpenDNS. It helps reduce the growing complexity in network security, officials said.

Cisco also unveiled a cloud-managed unified threat management (UTM) offering to protect against advanced threats in distributed enterprises. Meraki MX security appliances with Advanced Malware Protection (AMP) and Threat Grid offers branch offices malware protection that checks files against a cloud database, which enables it to identify malicious content and block the files before users can download them.

The Stealthware Learning Network License is a component that enables the Cisco ISR to be used as a security sensor and enforcer for branch offices. Through the technology, businesses can detect and track anomalies in network traffic, analyze suspicious behavior on the network and identify malicious traffic.