Cisco Adds Context-Aware Features to New SecureX Framework

Cisco's new SecureX security architecture adds context-aware capabilities to the Cisco ASA Firewall and adds the AnyConnect VPN Client to the Cisco Security Intelligence Operations.

Cisco is rethinking its long-term security strategy in light of the consumerization of workplace technology that's changing work patterns and presenting new security challenges.

Cisco's new SecureX framework is consolidating a number of formerly separate security technologies, including its ASA firewall appliances, TrustSec service, IronPort scanning, management tools and suite of cloud services. Cisco unveiled the newly consolidated security product framework at the RSA security conference in San Francisco in mid-February.

By combining independent products, Cisco has a complete view of who is trying to access the network, what type of device is used, where the device is physically located and what services are requested, Kevin Kennedy, Cisco's product line manager, told eWEEK.

"We are baking security into the fabric," he said.

The security model has to adjust to the new reality, in which business users employ their own mobile devices to access corporate resources, Kennedy said. Users are logging in from anywhere at anytime. With more cloud and virtualization deployments, there are more endpoints to protect, he said.

The language of security needs to change from just protecting IP addresses and ports to using a higher-level policy language that correlates to business rules and definitions, Kennedy said. SecureX emphasizes context-aware security-enforcement elements that are available regardless of what the actual infrastructure looks like. It will be available for both virtual and physical products, he said.

The firewall and a network intrusion-prevention system will remain the cornerstones of network security, according to Kennedy. As part of the SecureX announcement, Cisco added new context-aware capabilities to its ASA firewall appliance, which would combine with information from TrustSec for network information and the Cisco SIO (Security Intelligence Operations) cloud service for threat analysis, Kennedy said.

Cisco SIO is a global service that gathers information from the customer networks, correlates threat information and provides actionable intelligence back to the customers, Kennedy said. The service started with e-mail security data and later added Web threats, firewall and intrusion/prevention information, Kennedy said.

In addition to the new rules from the ASA products, the SIO cloud service will also start receiving information from the AnyConnect VPN client software under the new framework, Kennedy said.

"The more data we get, the better we protect our customers," he said. The collected data will be used to improve rules that are published back to the devices. Cisco currently pushes more than 800,000 rules every day, he said, such as botnet traffic rules for the ASA and network traffic patterns.

The SIO collects data from Cisco's IPS (Intrusion Prevention System) and firewall devices, and has information on over 700,000 scanning elements, Kennedy said. With AnyConnect, SIO would be collecting data from as many as 150 million endpoint-scanning elements, he said. TrustSec collects network-intelligence data from Cisco's Catalyst and Nexus switches.

Cisco envisions integrating with more platforms, adding more applications and expanding capabilities, Kennedy said. It will take "years to fully build out" SecureX, as Cisco tries to figure out how to solve security problems, said Kennedy.

"We will be providing a management capability that combines both the new context-aware [function and manages] existing firewall rules," Kennedy said.

Cisco envisions third-party providers extending and improving SecureX with additional plug-ins and additional platform integration, Kenney said. The SecureX architecture will have APIs available to service providers, a software development kit for developers and a Cisco-supported developer ecosystem, Kennedy said.