RSA 2011 was a big show for Cisco. We had a 30×30 booth with an in-booth theater, eight demo pods, speakers on several panels, and a keynote. Including speakers, the install and dismantle crew, and all of the booth staffers, we had a crew of around 100 people at the show. Demos included firewalls, virtualization, mobility, web, and security services. With the passing of Cisco Security Monitoring, Analysis, and Response System (MARS), a partner’s SIEM ecosystem display was of note, as were demonstrations of Cisco TrustSec, intrusion prevention, and Cisco Virtualization Experience Infrastructure (VXI). We also demonstrated Cisco AnyConnect running on an iPad, illustrating how Cisco can meet the needs of organizations grappling with the demands of the consumerization of IT and the security concerns that employee liable devices bring.
However, perhaps the biggest news from Cisco was not to be seen at the booth, but rather at Tom Gillis’ keynote where we revealed Cisco SecureX Architecture and Context-Aware Security.
Networks and the organizations they serve are changing. What once was a simple, binary situation where you were either in the office, at your desk, and on the network or you were not has changed into a profusion of shades of grey. Perhaps you were an employee using a corporate laptop at your desk, but now you could be in a meeting room with your laptop, in the break room with an iPad or perhaps even in the restroom tweeting on a smartphone. What of guests, contractors and partners?
The Cisco SecureX Architecture that was announced at RSA is Cisco’s answer to the challenges and vast attack surface of the new borderless network. Forged in a world where virtualization and mobility are not new add-ons but have always been there, and designed for a world where consumerization and the cloud ensure that key pieces of the puzzle don’t belong to IT—classical, static approaches to security simply don’t work anymore.
Gartner’s Neil MacDonald writes in his blog post The Future of Information Security is Context-Aware and Adaptive that “…virtualization and cloud computing forces security policy to move ‘up the stack’ to policies defined on higher level attributes and context – such as the application being run, the identity/group/role of the entity making the request and the content being handled.”
A key part of the SecureX Architecture is the coming of context-awareness to the Cisco Adaptive Security Appliance (ASA). Combining local context from TrustSec, we further enhance the capabilities of the firewall with realtime threat intelligence via Cisco Security Intelligence Operations (SIO). SIO gathers telemetry from hundreds of thousands of network appliances and will combine that data with data from an even larger number of client endpoints all over the world. With correlation and reputation and advanced heuristics, even zero-day exploits have a hard time getting through.
Mobility is a concern for many shops, one which another key aspect of the SecureX Architecture addresses via Cisco AnyConnect—the Cisco secure mobility client. Cisco AnyConnect provides not only VPN connectivity to a Cisco ASA headend, but it also enables security policy enforcement, web filtering, and the collection of information from client devices, all of which are correlated and analyzed to calculate reputation ratings that are used to help determine the level of scrutiny that is placed upon traffic from various origins. Packet from a bad neighborhood? Lots of scrutiny. Traffic from a good neighborhood? Not so much.
We have Tom’s keynote available for your viewing pleasure. It is a good talk and well worth the click. If you are anything like me, you will love the slide with the gloves. Trust me.
We also have the Press Release detailing the Cisco SecureX announcement.