- Cisco's SecureX Architecture
- Cisco Systems
There are three major trends sweeping through the enterprise: the rapid rise of the consumerized endpoint, the onset of virtualization and cloud computing, and the growing use of high-definition video conferencing. Each of these critical technologies is transforming business--and forcing a fundamental shift in how security is developed and deployed.
Today's security solutions are largely centered on protecting the physical infrastructure, and traditional security policy is expressed in terms of a particular device such as "the corporate PC," an IP address, a network port, or an application protocol. In an increasingly mobile, borderless world, this construct is becoming significantly less relevant. To address new network and security dynamics, new security architectures need to be much more sophisticated. We need a sophisticated policy language that can be expressed in terms of who, what, where, when, and how. Security needs to be separated from the physical infrastructure underneath it. And it needs to be highly distributed so it can be deployed globally and can be available wherever and whenever the borderless enterprise touches the public Internet.
Cisco has developed a bold new architecture to meet the needs of borderless networks, allowing organizations large and small to collaborate easily, and their new workforce to roam freely, with confidence. This architecture allows for more effective, higher-level policy creation and enforcement. Since it uses a broad array of parameters for policy, it allows for much more effective security and enables situational awareness. Instead of a great many complex firewall rules, security policy can now be based on context, such as "the VP of sales can access the global sales forecast, but if she is seeking access through a smartphone in China using a strange protocol, and meanwhile she already authenticated herself through the main campus in California two hours ago, this connection is invalid."
This sort of intelligent policy enforcement uses next-generation scanning elements that are meshed into the new Cisco SecureX Architecture. Within this new architecture, the next-generation endpoint is able to automatically find the nearest scanning element somewhere in the virtual security fabric and to make a seamless connection. The behavior of a hacker halfway around the world is noted, that information is shared, and traffic from the hacker's servers is blocked because your network now knows that it comes from someone that it cannot trust. Policy is centrally managed, but intelligence is gathered globally, with highly distributed enforcement.
Download Paper
(Webtorials membership required. Click here to register or if you forgot your username/password.)
Today's security solutions are largely centered on protecting the physical infrastructure, and traditional security policy is expressed in terms of a particular device such as "the corporate PC," an IP address, a network port, or an application protocol. In an increasingly mobile, borderless world, this construct is becoming significantly less relevant. To address new network and security dynamics, new security architectures need to be much more sophisticated. We need a sophisticated policy language that can be expressed in terms of who, what, where, when, and how. Security needs to be separated from the physical infrastructure underneath it. And it needs to be highly distributed so it can be deployed globally and can be available wherever and whenever the borderless enterprise touches the public Internet.
Cisco has developed a bold new architecture to meet the needs of borderless networks, allowing organizations large and small to collaborate easily, and their new workforce to roam freely, with confidence. This architecture allows for more effective, higher-level policy creation and enforcement. Since it uses a broad array of parameters for policy, it allows for much more effective security and enables situational awareness. Instead of a great many complex firewall rules, security policy can now be based on context, such as "the VP of sales can access the global sales forecast, but if she is seeking access through a smartphone in China using a strange protocol, and meanwhile she already authenticated herself through the main campus in California two hours ago, this connection is invalid."
This sort of intelligent policy enforcement uses next-generation scanning elements that are meshed into the new Cisco SecureX Architecture. Within this new architecture, the next-generation endpoint is able to automatically find the nearest scanning element somewhere in the virtual security fabric and to make a seamless connection. The behavior of a hacker halfway around the world is noted, that information is shared, and traffic from the hacker's servers is blocked because your network now knows that it comes from someone that it cannot trust. Policy is centrally managed, but intelligence is gathered globally, with highly distributed enforcement.
Download Paper
(Webtorials membership required. Click here to register or if you forgot your username/password.)
Mobility - enabled by a vast array of new devices - has fundamentally changed our ability to access the network from any place at any time. And the rapid adoption of cloud-based capabilities has likewise exponentially enhanced our options.
However, any time that a new device or service is added to the network, a new point-of-entry needs to be secured.
This paper does an excellent job of addressing Cisco's approach to managing this new world of even further enhanced connectivity, and it's an excellent benchmark regardless of your exact choice of provider(s).