Cisco Blogs

Cisco Blog > Security

Save money with branch security

Trends like bring-your-own-device, mobility, and cloud computing are creating a surge in the number and types of devices connecting to the network and driving demand for WAN bandwidth. Remote and branch office employees expect fast, secure connectivity but most enterprises don’t have spare operational budget to increase their WAN bandwidth to backhaul all traffic to headquarters in order to keep it secure.

Enter Intelligent WAN, or IWAN. With IWAN, the Internet becomes a reliable, cost-effective way to supplement the WAN. Cisco’s IWAN also enables secure direct Internet access (DIA). Instead of backhauling branch office Internet traffic across the WAN, traffic is redirected to the Cisco Cloud Web Security (CWS) proxy, located in one of our data centers around the world, for inspection.

Now Cisco CWS is available on even more Integrated Services Routers (ISRs) for improved IWAN capabilities and additional deployment flexibility. Enterprises can use Cisco’s newest branch routing platform, the ISR 4000 Series, to redirect traffic to a CWS proxy using Generic Routing Encapsulation (GRE) over IPsec.

Read More »

Tags: , , ,

Extending Security Everywhere

Just a few months ago at Cisco Live U.S., we announced both our strategy and several new offerings for Security Everywhere Across the Extended Network. We believe that our vision of delivering Security Everywhere – from the cloud to the network to the endpoint – is essential to reduce risk, gain competitive advantage and make security a growth engine for organizations. Today we are extending Security Everywhere with new capabilities and services that deliver greater visibility, context and control from the cloud to the network to the endpoint, for organizations of all sizes.

Extending Security Deeper into the Network and Endpoints

Employees need access to more enterprise resources from more devices than ever and attacker ingenuity and persistence has reached new heights. As a result, organizations are losing sight of who and what is accessing the network – and the threats that may take hold. Controlling and detecting lateral movement of these threats inside a network is a major challenge most organizations face. Cisco is further improving its market leading capabilities to meet this challenge by simplifying the deployment of software based segmentation, leveraging more of the network’s intelligence, and extending flow based visibility for detecting insider and advanced persistent threats beyond the network to one of the most commonly deployed endpoint agents in the world.

  • Cisco Identity Service Engine (“ISE”) 2.0 provides several new capabilities that extend the visibility and control of the network for security. The new integration with the Cisco Mobility Services Engine (MSE) provides geo-location for access control. For example, it can grant specific access to top secret resources required for confidential conversations in the boardroom, but then change that level of access as soon as participants leave the meeting to prevent ongoing access. A new work center for TrustSEC deployments dramatically simplifies the deployment of software based segmentation across the network along with new expanded support for third party network access devices. ISE is also an amazingly valuable source of contextual information for security systems that can help any system execute its role better. With ISE 2.0, we are further expanding our industry leading partner community to include several new vendors including Check Point, Infoblox, and Invincea while expanding partners ability to take real time action in the network with new adaptive network control capabilities to augment the rapid threat containment integrations with Lancope Stealthwatch and FireSIGHT Management Center.
  • Cisco AnyConnect, our world-class VPN for secure mobility that is deployed by organizations across the globe, now delivers deep endpoint visibility into application flows, allowing security administrators to extend visibility down to the device and track behavior off and on premise and quickly spot and scope internal threats arising from compromised systems or inappropriate insider behavior.

Extending Security Further with the Cloud

Enterprises of all sizes are adopting the cloud. From productivity to line-of-business to vertical applications, SaaS and public cloud are enabling the Digital Economy. At the same, more than half the employees in the enterprise today are working outside of the network perimeter. To accelerate this transformation, Cisco is extending security further into the cloud with the following new offerings:

Read More »

Tags: , , , , , , , ,

#CiscoChampion Radio S2|Ep 29. Cisco Cloud Web Security (CWS)

CiscoChampion200PXbadge#CiscoChampion Radio is a podcast series by Cisco Champions as technologists. Today we’re talking about Cisco Cloud Web Security (CWS), which provides industry-leading security and control for the distributed enterprise. Users are protected everywhere, all the time when using CWS through Cisco worldwide threat intelligence, advanced threat defense capabilities, and roaming user protection. Our SME is John Davis, Cisco Technical Marketing Engineer.

Listen to the Podcast.

Learn about the Cisco Champions Program HERE.
See a list of all #CiscoChampion Radio podcasts HERE.
Ask about the next round of Cisco Champions nominations. EMAIL US.

Cisco SME
John Davis, Cisco Technical Marketing Engineer

Cisco Champion Guest Hosts
Jake Gillen, @jakegillen, Senior Security Engineer
Ed Walsh, @vEddieW, Senior Consultant

Brian Remmel (@bremmel)

What is Cisco Cloud Web Security (CWS)
CWS and AUP Service
CWS security data processing
CWS Essentials and Premium
Advantages of CWS for more robust protection
CWS management tools and reports for end users


Tags: , , ,

The Network as a Security Sensor and Enforcer

The Digital Economy and the Internet of Everything means everything is now connected. Digitization is fundamentally transforming how we conduct business. It creates new opportunities to develop services and engage with employees, partners, and customers. It’s important to understand that digitization is also an opportunity for the hacking community, presenting new services, information, data, devices, and network traffic as attack targets. To take full advantage of the digitization opportunity, security must be everywhere, embedded into and across the extended network – from the data center to the mobile endpoints and onto the factory floor.

Today, Cisco is announcing enhanced and embedded security solutions across the extended network and into the intelligent network infrastructure. These solutions extend security capabilities to more control points than ever before with Cisco FirePOWER, Cisco Cloud Web Security or Cisco Advanced Malware Protection. This is highlighted in Scott Harrell’s blog. We are also transforming the Cisco network into two roles: as a sensor and as an enforcer of security.

The role of the Network as a Sensor The network provides broad and deep visibility into network traffic flow patterns and rich threat intelligence information that allows more rapid identification of security threats. Cisco IOS NetFlow is at the heart of the network as a sensor, capturing comprehensive network flow data. You can think of NetFlow as analogous to the detail you get in your monthly cellular phone bill. It tells you who talked to whom, for every device and user, for how long, and what amount of data was transferred – it’s metadata for your network traffic.

Visibility to network traffic through NetFlow is critical for security, as it serves as a valuable tool to identify anomalous traffic on your network. Watching NetFlow, we gain an understanding of the baseline traffic on the network, and can alert on traffic that is out of the ordinary.  The network is generating NetFlow data from across the enterprise network all the way down to the virtual machines in the data center.  This gives us visibility across the entire network, from the furthest branch office down to the east-west traffic in the data center.  Read More »

Tags: , , , , , , , , , ,

Is Your Network Cloud Ready?

Is your network cloud ready? We at NetCraftsmen, a Cisco Gold Partner, are hearing this question more often. Let’s discuss how to tell if your network is cloud ready, and how to get there if you’re not. Even if your organization already has a public cloud presence, I hope you’ll find some ideas in the following material.

Is Your Network Cloud Ready

Read More »

Tags: , , , , , ,