Cisco To Integrate Security Into ACI Fabric

Cisco has promised to place security at the heart of its new Application-Centric Infrastructure (ACI) initiative.

Cisco executives, including CEO John Chambers, announced the ACI strategy during an event in New York City 6 November that included customer testimonials and plaudits from a range of high-profile tech vendors, from Microsoft and Red Hat to EMC, NetApp and IBM.

ACI Initiative

The thrust of the ACI effort is to unify the physical and virtual infrastructures and create an environment that is automated, scalable, programmable and cost-efficient, and can meet the needs of the application.

Trends like cloud computing, virtualisation, greater IT mobility and bring-your-own-device (BYOD) are driving the demand for data centre infrastructures that can rapidly adapt to the needs of applications, company officials said.

A key part of this will be security, they said. Just as data centre infrastructures must evolve to meet the needs of an increasingly mobile and cloud-based world, so does the security technology that protects it.

“With the advent of all of these new capabilities, we have created a new paradigm for security – it is what I refer to as the ‘Any to Any’ Problem,” Chris Young, senior vice president of Cisco’s Security Group, said in a post on the company blog, referring to new technology trends and market transitions, like the Internet of things. “That is, any user on any device increasingly going over any type of connection, to any application, that could be running in any data centre and on any cloud. Regardless of how or where our users are connecting, we have to provide the right levels of inspection and protection against malicious actors.”

That is what Cisco is looking to do by integrating security capabilities into these new data centre environments via its ACI Security Solutions, Young wrote. The offerings include the ASA (Adaptive Security Appliance) 5585-X, which he said can interoperate with the company’s new Nexus 9000 switches – the foundational hardware for the ACI – whether the devices are part of an ACI environment or deployed in a traditional infrastructure. The updated 5585-X is scalable up to 640 Gbps.

In addition, Cisco is rolling out its new ASA Virtual Firewall (ASAv), which offers the same capabilities as any ASA appliance but can work with any virtual switch and support multiple hypervisor platforms, including VMware, Microsoft’s Hyper-V, Xen and KVM, according to officials.

All of these security capabilities can be managed via the Application Policy Infrastructure Controller (APIC), a software tool due out in the first half of 2014 that not only will give organisations a single, central place to manage their networks, but most data centre resources.

Security Focus

Having security knitted into the ACI fabric will be increasingly important given the growing security challenges organizations face, according to Munawar Hossein, product manager in data centre security for Cisco. The ACI Security Solutions will help reduce complexity in security technology, scale as needed and enable organisations to stay ahead of the rapidly evolving threat landscape, Hossein told eWEEK.

Citing numbers from Gartner, he said that 95 percent of firewall breaches are caused by misconfigurations of security tools. In addition, Hossein said that by 2015, the number of network connections per second will grow 3,000 percent, and that more than 100,000 new security threats are found every day.

“Security needs to be intertwined into the networks,” he said.

“This is an exciting new model for truly integrating security into the infrastructure, and it will solve many of the problems that we have typically had in deploying security in the data centre,” Cisco’s Young wrote. “As organisations move to application-centric data centre, cloud, and networking solutions, the same requirements for security and compliance remain.”

Do you know the secrets of Cisco? Take our quiz!

Originally published on eWeek.