Cisco Blogs


Cisco Blog > Enterprise Networks

Improve Your Backbone, Improve Your Business

Cisco recently announced the Cisco Catalyst 6840-X backbone switch to address new network backbone needs, especially in space constrained deployments.

According to the Visual Networking Index, Network traffic has grown exponentially over the last several years, and this trend is expected to continue into the foreseeable future. By 2018, there will be over 20 billion networked devices, a 100% increase from 10 billion in 2011. Business IP traffic is expected to reach 13.1 exabytes per month in 2016[1].

While devices grow in number, wireless connectivity speed is increasing. Gigabit wireless (802.11ac) enables a network that is three times faster due to its 1.3 Gbps capacity.  802.11ac Wave 2 more than doubles that.  Thus, the bottleneck is moving “up the network” from wireless AP to the access uplinks. With 1G becoming the standard for access switch ports, access switch uplinks will need to move to ubiquitous 10G and 40G.

To help improve business, networks must be capable of scaling well beyond the needs of today to deal with the traffic of tomorrow while at the same time providing investment protection.  While most Enterprise network engineers agree with this approach, the actual number of enterprises moving in this direction is still relatively small. According to a report published by the Dell’Oro Group, it’s not a technology issue – there are plenty of products on the market to handle 10G – but the economics of the network upgrade remain the key challenges, such as equipment cost, expense of upgrading and future proofing.

Cisco is changing those economics by offering easy, cost effective, network upgrades to support the explosion of mobile devices and video applications. The Cisco Catalyst 6840-X Series Switch is a prime example. Read More »

Tags: , , , , , ,

The Network as a Security Sensor and Enforcer

The Digital Economy and the Internet of Everything means everything is now connected. Digitization is fundamentally transforming how we conduct business. It creates new opportunities to develop services and engage with employees, partners, and customers. It’s important to understand that digitization is also an opportunity for the hacking community, presenting new services, information, data, devices, and network traffic as attack targets. To take full advantage of the digitization opportunity, security must be everywhere, embedded into and across the extended network – from the data center to the mobile endpoints and onto the factory floor.

Today, Cisco is announcing enhanced and embedded security solutions across the extended network and into the intelligent network infrastructure. These solutions extend security capabilities to more control points than ever before with Cisco FirePOWER, Cisco Cloud Web Security or Cisco Advanced Malware Protection. This is highlighted in Scott Harrell’s blog. We are also transforming the Cisco network into two roles: as a sensor and as an enforcer of security.

The role of the Network as a Sensor The network provides broad and deep visibility into network traffic flow patterns and rich threat intelligence information that allows more rapid identification of security threats. Cisco IOS NetFlow is at the heart of the network as a sensor, capturing comprehensive network flow data. You can think of NetFlow as analogous to the detail you get in your monthly cellular phone bill. It tells you who talked to whom, for every device and user, for how long, and what amount of data was transferred – it’s metadata for your network traffic.

Visibility to network traffic through NetFlow is critical for security, as it serves as a valuable tool to identify anomalous traffic on your network. Watching NetFlow, we gain an understanding of the baseline traffic on the network, and can alert on traffic that is out of the ordinary.  The network is generating NetFlow data from across the enterprise network all the way down to the virtual machines in the data center.  This gives us visibility across the entire network, from the furthest branch office down to the east-west traffic in the data center.  Read More »

Tags: , , , , , , , , , ,

New IT Harvest White Paper: How Policy-Based Software Defined Segmentation and Cisco TrustSec Improve Security

IT-Harvest, founded by renowned security expert and industry analyst Richard Stiennon, provides reports, analysis, and advisory services on trends in emerging threats and the technology to counter them. Richard Stiennon is one of the most followed and well-respected IT security analysts and authors in the world. His recent white paper discusses why network segmentation is becoming increasingly critical to protecting networks. Further, it argues that Cisco TrustSec provides the right technology for leveraging the network to provide better security. Read More »

Tags: ,

Cisco ISE 1.3: Welcomed Improvements

I’ve finally had a chance to stop and smell the roses. The roses being Cisco ISE 1.3 that is. It’s been a much anticipated update to Cisco’s core TrustSec component and there are a number of improvements, many dealing with Guest users. So what has Cisco done to improve? Let’s look at 5 areas related to Guest access:

1.     End-User Web Portals
2.     Notifications
3.     Guest Portals
4.     Sponsor Portals
5.     Non-Guest Portals

End-User Web Portals

One of the new features that I really like is how the interface has been modified to centralize the portal configuration tasks and customization into a single location. The first thing you notice when you navigate to Configure Guest Access and Sponsor Access is that the interface is designed to make life easy. Three steps to Guest Access are overviewed and each step is clearly identified. We don’t usually find this information in the user interface. Normally we’re looking for this in an End User Guide or a Lab Guide for one of the courses I teach. So, in my opinion, this is a fresh new approach to making a complex device like ISE much easier to use.

ise-guest-access

Read More »

Tags: , ,

Access Control with Cisco TrustSec: Moving from “IP Addresses” to “Roles and Attributes”

Today’s enterprise is a highly dynamic, and hyper connected environment where IT plays a critical role in connecting the users, devices, resources and corporate IT systems. Today’s employees are also highly mobile in nature and do not necessarily have a single workspace assignment. The IT departments are constantly being challenged by the organization’s Line of Business owners to keep up with the pace of rolling out new services to address market needs, while keeping up with user expectations.

At the same time, IT departments also are responsible for ensuring business continuity and an uninterrupted service. However, the toughest challenge that any IT organization faces is implementing a security architecture which not only satisfies the compliance and industry regulatory requirements, but also provides a sufficient amount of protection against unauthorized access, data breaches, etc.

The traditional way to implement a security architecture in this kind of an environment is by implementing security rules in Firewall for traffic traversing the network’s extranet/intranet or data-center perimeters. For implementing security policies within an organizations network, Identity-Based Networking using IEEE 802.1X is generally used. Read More »

Tags: , , , , , , , , , , , ,