Cisco Adds Threat Awareness, Cloud Access Security Broker Offerings

Cisco's Security Everywhere strategy now extends deeper into the cloud, on-premises and everywhere in between.

Cisco security strategy

For Cisco, the correct answer to the question of where to place security in an enterprise is: everywhere. Cisco announced that it is expanding its Security Everywhere initiative with a cloud access security (CAS) broker offering, an update to its Identity Services Engine (ISE) and the Threat Awareness Service.

"Cloud Access Security provides the ability to connect to commonly used cloud applications, in a way that gives visibility into what is being used and offers control over what users are doing within those applications," Ben Munroe, security product marketing manager at Cisco, told eWEEK.

The Cloud Access Security (CAS) broker product benefits from a Cisco partnership with Skyhigh Networks and Elastica, both of which are CiscoPlatform Exchange Grid (pxGrid) partners. In April, Cisco announced a reseller deal with Elastica for its cloud access security broker (CASB) technology. The pxGrid program was announced in June 2013 as a mechanism to enable Cisco partners to integrate with and extend Cisco technologies.

CAS together with Cisco's Identity Services Engine (ISE) can enable an organization to set a more granular policy for improved cloud access control. CAS also integrates into the Cisco Cloud Web Security (CWS) user interface to provide additional control and insight into Web and cloud application use.

For Cisco customers that have an integrated services router (ISR), there is also a connector for the CWS service, so they can redirect traffic from the router to the cloud and then also benefit from the CAS capabilities, Munroe said.

There are multiple vendors in the CAS market, including Adallom, which Microsoft recently acquired, as well as Imperva Skyfence and Netskope. Elastica and Skyhigh networks are both leaders in the industry, and Cisco's engineers spent time to figure out which CASB technologies were compatible with Cisco's offerings, Munroe said.

"We're not limiting ourselves with these two vendors [Elastica and Skyhigh], but you have to start somewhere," Munroe said. "We're impressed with the capabilities that both Elastica and Skyhigh offer for visibility and control."

In addition to CAS, Cisco is updating its Identity Services Engine (ISE) technology to version 2.0. ISE debuted at Cisco in 2011 as part of Cisco's SecureX context-aware security architecture. ISE offers unified identity management and centralized policy capabilities. ISE can now integrate with the Cisco Mobility Services Engine to enable location-based security policy controls and enforcement.

As an example of how the location-based policy system can work, Munroe explained that doctors could get different levels of access to patient records, depending on where they are standing. As such, a doctor standing in a patient's room can get access to the patient's data, but if the same doctor tries to pull up the patient's information in a public area of the hospital, the data access can be restricted.

The new Threat Awareness Services is another piece of Cisco's Security Everywhere effort, though it is specifically focused for small and midsize businesses. The Threat Awareness Service is able to give smaller organizations visiblity into potential threats that might represent a risk, and it is a lightweight offering that doesn't require any hardware deployment at a customer site, Munroe said.

"Security everywhere is for everyone," he said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.