Cisco Adds Context Capabilities To Security Framework

Cisco is rethinking its long-term security strategy in light of the consumerisation of workplace technology that’s changing work patterns and presenting new security challenges.

Cisco’s new SecureX framework is consolidating a number of formerly separate security technologies, including its ASA firewall appliances, TrustSec service, IronPort scanning, management tools, and Cisco’s suite of cloud services. Cisco unveiled the newly consolidated security product framework during the RSA security conference in San Francisco in mid-February.

Complete view

By combining independent products, Cisco has a complete view of who is trying to access the network, what type of device is being used, where the device is physically located and what services are being requested, Kevin Kennedy, Cisco’s product line manager, told eWEEK.

“We are baking security into the fabric,” he said.

The security model has to adjust to the new reality, in which business users use their own mobile devices to access corporate resources, Kennedy said. Users are logging in from anywhere and anytime. With more cloud and virtualisation deployments, there are more endpoints to protect, he said.

The language of security needs to change from just protecting IP addresses and ports to use a higher-level policy language that correlates to business rules and definitions, Kennedy said. SecureX emphasises context-aware security enforcement elements that are available regardless of what the actual infrastructure looks like. It will be available for both virtual and physical products, he said.

The firewall and a network intrusion prevention system will remain the cornerstrones of network security, according to Kennedy. As part of the SecureX announcement, Cisco added new context-aware capabilities to its ASA firewall appliance which would would combine with information from TrustSec for network information and the Cisco Security Intelligence Operations (SIO) cloud service for threat analysis, Kennedy said.

Cisco SIO is a global service that gathers information from all the customer networks, correlates threat information, and provides actionable intelligence back to the customers, Kennedy said. The service originally started with email security data and then eventually added web threats, firewall and intrusion/prevention information, Kennedy said.

In addition to the new rules from the ASA products, the SIO cloud service will also start receiving information from the AnyConnect VPN client software under the new framework, Kennedy said.

Better protection

“The more data we get, the better we protect our customers,” he said. The collected data will be used to improve rules that are published back to the devices. Cisco currently pushes over 800,000 rules every day, he said, such as botnet traffic rules for the ASA and network traffic patterns.

SIO collects data from Cisco’s Intrusion Prevention System (IPS) and firewall devices and has information on over 700,000 scanning elements, Kennedy said. With AnyConnect, SIO would be collecting data from as many as 150 million endpoint scanning elements, he said. TrustSec collects network intelligence data from Cisco’s Catalyst and Nexus switches.

This is a long-term strategy, as Cisco envisions integrating with more platforms, adding more applications, and expanding capabilities, Kennedy said. It will take “years to fully build out” SecureX, as Cisco tries to figure out how to solve the security problem, said Kennedy.

“We will be providing a management capability that combines both the new context-aware as well as managing existing firewall rules,” Kennedy said.

Cisco envisions third party providers extending and improving SecureX with additional plug-ins and additional platform integration, Kenney said. The SecureX architecture will have APIs available to service providers, a software development kit for developers, and a Cisco-supported developer ecosystem, Kennedy said.