Cisco: Security to Be Integrated Into ACI Fabric

The company's new IT ACI Security Solutions will include new firewall capabilities and will be managed through the APIC tool.

Security will be a key component of Cisco Systems' new Application-Centric Infrastructure initiative, according to company officials.

Cisco executives, including CEO John Chambers, announced the ACI strategy during an event in New York City Nov. 6 that included customer testimonials and plaudits from a range of high-profile tech vendors, from Microsoft and Red Hat to EMC, NetApp and IBM. The thrust of the ACI effort is to unify the physical and virtual infrastructures and create an environment that is automated, scalable, programmable and cost-efficient, and can meet the needs of the application.

Trends like cloud computing, virtualization, greater IT mobility and bring-your-own-device (BYOD) are driving the demand for data center infrastructures that can rapidly adapt to the needs of applications, company officials said.

A key part of this will be security, they said. Just as data center infrastructures must evolve to meet the needs of an increasingly mobile and cloud-based world, so does the security technology that protects it.

"With the advent of all of these new capabilities, we have created a new paradigm for security—it is what I refer to as the 'Any to Any' Problem," Chris Young, senior vice president of Cisco's Security Group, said in a post on the company blog, referring to new technology trends and market transitions, like the Internet of things. "That is, any user on any device increasingly going over any type of connection, to any application, that could be running in any data center and on any cloud. Regardless of how or where our users are connecting, we have to provide the right levels of inspection and protection against malicious actors."

That is what Cisco is looking to do by integrating security capabilities into these new data center environments via its ACI Security Solutions, Young wrote. The offerings include the ASA (Adaptive Security Appliance) 5585-X, which he said can interoperate with the company's new Nexus 9000 switches—the foundational hardware for the ACI—whether the devices are part of an ACI environment or deployed in a traditional infrastructure. The updated 5585-X is scalable up to 640G bps.

In addition, Cisco is rolling out its new ASA Virtual Firewall (ASAv), which offers the same capabilities as any ASA appliance but can work with any virtual switch and support multiple hypervisor platforms, including VMware, Microsoft's Hyper-V, Xen and KVM, according to officials.

All of these security capabilities can be managed via the Application Policy Infrastructure Controller (APIC), a software tool due out in the first half of 2014 that not only will give organizations a single, central place to manage their networks, but most data center resources.

Having security knitted into the ACI fabric will be increasingly important given the growing security challenges organizations face, according to Munawar Hossein, product manager in data center security for Cisco. The ACI Security Solutions will help reduce complexity in security technology, scale as needed and enable organizations to stay ahead of the rapidly evolving threat landscape, Hossein told eWEEK.

Citing numbers from Gartner, he said that 95 percent of firewall breaches are caused by misconfigurations of security tools. In addition, Hossein said that by 2015, the number of network connections per second will grow 3,000 percent, and that more than 100,000 new security threats are found every day.

"Security needs to be intertwined into the networks," he said.

"This is an exciting new model for truly integrating security into the infrastructure, and it will solve many of the problems that we have typically had in deploying security in the data center," Cisco's Young wrote. "As organizations move to application-centric data center, cloud, and networking solutions, the same requirements for security and compliance remain."