At a special media event hosted by Cisco at the RSA Security conference in San Francisco this week, the company unveiled a new vision for network security. Cisco is deploying new security technologies adapted to meet the needs of an increasingly diverse and mobile network.
Between the BYOD trend, and the need to allow various partners, suppliers, contractors, and others to access the network in some limited capacity, businesses need finer control over access permissions. The problem is that most of the security tools available today do not provide enough control, so many organizations are being forced into a choice between security and productivity.
Speaking to the media, Chris Young, senior vice president for Cisco’s Security and Government group, explained that Cisco is equipped to meet the security needs of tomorrow by integrating security into the network fabric. Young also stressed that Cisco has a responsibility to incorporate security at the network level due to how much of the critical infrastructure of the nation is riding on Cisco equipment.
The devices used to connect and access information are more diverse, and the ways data is accessed and used may change, but one thing stays the same at the core: the network. Somehow or another, all of the information is still being passed over, on, and through network hardware.
Cisco's own CSO, John Stewart, is also a Cisco customer in many respects, and needs tools to meet evolving security needs just like any other security admin. He said that what he needs from security tools is the ability to be highly nimble. He described scenarios where, whether the need is to allow an activity or device for a business need, or to block an activity or device for a security need, the overriding driver is to respond quickly. He needs security tools to be adaptable and agile.
To meet those needs, Cisco announced TrustSec 2.1 with some new features and functionality. New active scanning provides more accurate device identification to automatically determine what a device is so appropriate policies can be applied. Cisco also introduced new security group access technology features in its Identity Services Engine (ISE) platform that make it simpler to define and assign policies without having to exert so much manual effort to configure the network to enforce it.
In addition, Cisco unveiled a new line of ASA CX firewall appliances, which include the Cisco SecureX Framework for context-aware security. Cisco explained that many network security appliances can identify mobile or Web apps, but that often the controls are too blunt. For example, an organization may want to allow Facebook, but not FarmVille, or sharing video clips with friends.
Cisco is promising to provide very granular, context-sensitive control over what is acceptable. The ASA CX software provides visibility not just that iTunes is being used, but which devices are being used to connect to iTunes, and what types of content on iTunes is being accessed. Armed with that information policies can be built to block or allow activity at that level as well.
Instead of assigning access rights simply by group or even for an individual user, Cisco envisions granting access based on context and state. A user might have one set of access rights from the desktop PC at work, a different level of access when connecting over VPN from a home PC, and more limited rights when connecting from a smartphone or tablet over a public Wi-Fi network.
The demonstrations given by Cisco were impressive—but I always take such events with a grain of salt. How a product works in a managed scenario on stage, and how it works on your network in the real world are often too very different things. The new Cisco products are available starting today. Check them out and judge for yourself.