Cisco Blogs


Cisco Blog > Security

Security Drives Major Transition in the Network and Data Center

Today, rapid changes in the world we live in, driven by technology trends, business model changes and market transitions, like the Internet of Everything, profoundly impact our networks and our data centers. With the advent of all of these new capabilities, we have created a new paradigm for security—it is what I refer to as the “Any to Any” Problem. That is, any user on any device increasingly going over any type of connection, to any application, that could be running in any data center and on any cloud. Regardless of how or where our users are connecting, we have to provide the right levels of inspection and protection against malicious actors.

Today, Cisco is announcing the new Application Centric Infrastructure (ACI) designed to seamlessly integrate layer 4 through layer 7—and security, in particular—into next generation Data Center environments. As part of this framework, we are announcing ACI Security Solutions, which support next generation Cisco ASA physical and virtual firewall technologies by stitching them directly into the ACI network fabric, and can be managed using the ACI Policy Infrastructure Controller management tool.

The Cisco ASA 5585-X Series Next-Generation Security Appliance has been updated and certified to interoperate with the new Nexus 9000 switches—whether they are deployed in traditional or ACI modes. The new Cisco ASA Virtual Firewall (ASAv) performs the same functions as any ASA appliance. However, unlike an ASA 1000v Cloud Firewall, the ASAv maintains its own data path. This allows it to work with any virtual switch and it will be available on multiple hypervisors.  Read More »

Tags: , , , , ,

SUMMARY Chris Young: Cisco Closes Sourcefire Acquisition; Delivers Threat-Centric Security Model

October 8, 2013 at 5:38 am PST

Chris Young, SVP of Cisco’s Security Business Group, posted an official announcement this morning on Cisco’s The Platform blog heralding the close of the Sourcefire acquisition.

 “I am excited to announce that Cisco has completed the acquisition of Sourcefire. With this acquisition, we take a significant and exciting step in our journey to define the future of security. As one company, we offer an unbeatable combination that will greatly accelerate our mission of delivering a new, threat-centric security model”, said Young.

Young also goes in-depth regarding the new capabilities immediately available to current Cisco customers as well as what the acquisition means for Cisco Security roadmap:

  • Leverage current ASA and FirePOWER hardware for future solutions
  • Give Cisco customers immediate access to Sourcefire’s NGIPS, NGFW, and AMP solutions
  • Committing to support open-source projects like Snort, ClamAV, and others
  • Broader solution sets incorporating the newly acquired technologies

This year, Cisco has increased investment in security innovation to provide market-leading threat-focused capabilities.

Young also promised Cisco Security will focus on a “threat-centric” security model moving forward – which means a priority focus on the threats themselves versus policy or controls. “Through our threat-centric model,” he said “we will provide broad coverage across all potential attack vectors, rapidly adjust to and learn from new attack methods, and implement that intelligence back into the infrastructure after each attack.”

Read the full post with all the exciting details here:  http://blogs.cisco.com/news/cisco-closes-sourcefire-acquisition-delivers-threat-centric-security-model

Tags: , , , ,

RSA 2013: That’s a Wrap

RSA 2013 ends and I both miss it and breathe a sigh of relief that it’s over. Let me explain. As a security guy, it’s nice to be around other security like-minded people.  We all speak the language. You needn’t really justify why you are worried about things most people have never heard of. It’s exciting to see so many people try so many different things, be it startups, big companies, or inspired individuals. It’s great to see government employees, corporate executives, and pony-tailed security geeks all talking to one another.  In a slightly strange way, it’s therapeutic.

That said, RSA is an incredibly intense week, and this year’s conference was no exception. In four-and-a-half full days (and this is just my schedule), I had:

  • Eight customer meetings
  • Eight dinners (working out to 1.78 dinners per day.)
  • Four press interviews: two on-record, one background, 1 live videocast via Google+
  • Four bizdev/company review meetings
  • Two panels
  • Two  analyst interviews
  • Two partner meetings
  • One customer breakfast talk along with with Chris Young

And this doesn’t include the countless run-ins with friends, a quick word here or there, and emails that all have to be managed along the way. In some respects, you don’t get enough time with really good friends (if there really is such a thing as enough time for such people in our lives), and in the end, it’s a huge blur from meeting to meeting.

I posed a question in my blog earlier this year: Are we making progress in cyber security? I say yes, yet not nearly enough, and now I am thinking hard about how to change it before RSA 2014.

Tags: , , , , , ,

Defense in Depth with Software Defined Networking

Last week at the RSA Conference in San Francisco, I had the pleasure of speaking to thousands of security professionals about the opportunities and risks associated with using Software Defined Networking (SDN) for security, which will be the underlying fabric of our next generation data centers and networks. SDN-enabled security will provide a better way to secure our most valuable applications, users and data, now and in the future.

Each vendor has a different definition of how the network is changing, and there are many different terms being used, such as software defined data center and software defined storage. Cisco calls this Application Centric Networking, for example, because we are introducing programmable APIs with a focus on distributed control plane intelligence so that applications can get value directly from the network.

It’s obvious why the networking industry is embracing SDN: lower operational costs and the ability to deploy applications and network services in a quicker, more scalable manner. Cloud bursting, which is about flexible compute in the cloud, is another SDN benefit that gives us the ability for applications to interact directly with the network in ways that do not happen today.  For example, applications will be able to query the network for location of users to manage Quality of Service and deliver highly targeted content.

So why should the security industry care about SDN? As the threat landscape evolves, the opportunity is to make Security a key application for SDN. We can use SDN to build a Network-based Threat Defense System. I see three key elements to this system:

Read More »

Tags: , , , , , ,

Acquisition of Cognitive Security Bolsters Cisco’s Cyber Threat Defense Capabilities

In a world where malware and advanced cyber threats are enterprises’ greatest concern, the need for innovation in security is at an all-time high. Mobility and cloud are drastically changing the IT security paradigm, and our attackers are radically increasing the sophistication of their attack methods. Cisco has been listening to our customers’ concerns and we are investing in threat intelligence and defense.

As part of our investment to strengthen the network with more analytics and intelligence to target today’s complex and disruptive threats, Cisco has announced the intent to acquire Cognitive Security, a privately held company headquartered in Prague, Czech Republic. Cognitive provides security software that is focused on applying artificial intelligence techniques to detect advanced cyber threats.

When Cognitive’s technology is combined with traditional firewalls, network security, content security, and Intrusion Detection and Prevention Systems, it provides a complete detection and mitigation solution that enables customers to protect against advanced attacks and zero day attacks in near real-time.

Why is this important? Well, think of this simple use case: An employee’s own personal device is infected outside the perimeter of the enterprise. Once the employee brings that device on to the network, the enterprise’s perimeter defense solution cannot protect against the threat because the device has already been infected. This can cause a full range of negative impacts on the enterprise and the data center. With Cognitive’s technology integrated in to existing security tools, unknown abnormal network behavior is quickly and automatically identified and subjected to further analysis and enforcement.

The Cognitive software will be integrated in to Cisco’s Security Intelligence Operations (SIO), bringing together global security intelligence from the cloud with local intelligence on a customer premise to protect against advanced cyber threats.

The acquisition of Cognitive supports Cisco’s focus and investment in security and is integral to all three key components of our security strategy: 1) Cloud-based threat intelligence and defense; 2) Common policy management and context; and 3) Network enforced policy – where we truly make the Network part of the security paradigm, as opposed to sticking yet another security “box” in the network and expecting it to do all the work for us.

I am delighted to welcome the Cognitive team to the Cisco family and look forward to working with them to ensure that we are delivering always on, integrated security that empowers our customers to realize the benefits of a mobile, cloud enabled business.

Tags: , , , ,