What is the primary inspection point for security in an enterprise? In Cisco’s view, the network is the platform. The vendor is pushing a new vision at its Cisco Live conference in San Diego this week.
Brian Korn, Senior Director of Product Management for Enterprise Solutions Group at Cisco, explained that Cisco’s ISR and ASR routers as well as Catalyst switches should be thought of as key tools in an organization’s defensive posture.
“In additional to perimeter security and advance malware protection, we want to take the massive install base we have of routers and switches and start leveraging it,” Korn said. “We’re trying to leverage the network to get visibility over the traffic.”
Korn explained that the strategy involves leveraging Netflow, which is packet flow-based information on the network, which is now being integrated with the Cisco Identity Services Engine (ISE). Cisco currently has an on-premises version of ISE and at Cisco Live announced a new hosted version as well.
“With ISE, an enterprise can get context for Netflow information, so instead of just getting IP addresses, there is visibility into the user or device behind the address,” Korn said.
Additionally, Cisco is now integrating with Lancope’s Stealthwatch technology to help rapidly discover threats on the network.
“As an enforcer, it’s all about segmentation and what an enterprise can do to contain an attack,” Korn said.
Korn noted that simple VLANs as well as ACLs (Access Control Lists) are well known and used tools to segment a network. Cisco nows wants to move the segmentation conversation to TrustSec, which is a technology Cisco first introduced in 2007. TrustSec, in some respects, is an evolution of Network Access Control (NAC) technology and leverages the IEEE’s 802.1x and 802.1ae standards for access control.
“We’re now taking TrustSec’s ability to segment a network and we’re integrating it with ACI (Application Centric Infrastructure), ” Korn said. “ACI provides access control in the data center, TrustSec is in the enterprise, and now, integrating the two from a policy perspective, there is consistent policy across an entire network.”
The integration of TrustSec and ACI is not set for availability until 2016. Korn said that Cisco is announcing the integration now so customers will understand where Cisco is taking policy and access control.
While Cisco is now pushing to use intelligence from existing network asset, the company is announcing new hardware, too. The Cisco Firepower 9300 is a new top-end carrier-class Intrusion Prevention System (IPS) that has a terabit backplane.
Sean Michael Kerner is a senior editor at Enterprise Networking Planet and InternetNews.com. Follow him on Twitter @TechJournalist.