Cisco Blogs


Cisco Blog > Security

Judge for yourself: Taking Dell to task on “holistic” security claims

In case you missed it, Network World’s Ellen Messmer published a rather surprising article on how Dell was going to “trump” Cisco in the information security market as a result of some recent acquisitions. Now certainly Dell is entitled to their beliefs. They’re in a difficult position right now, as Michael Dell and Silver Lake maneuver the company through a very complex set of buy-out related transactions. They need to give their customers assurance that they won’t be distracted through this process. And if you want to set a big impression with your customers, you might as well go after the market leader in security.  Be it as it may, we can’t just sit back and let these blatant statements go unchecked. So, in the spirit of “fair and balanced” reporting, we thought we’d issue our own little fact check and let you conclude for yourself.

  • “Cisco is a great competitor but they don’t have our holistic view” – Acquiring assets and bundling them together doesn’t constitute a “holistic” approach.  Those assets must be closely integrated, which is the approach Cisco is delivering with its next generation security architecture. This architecture will be built on top of a multi-function security platform with deep network integration. There are many proof points today that demonstrate we are delivering against this strategy and architecture. Today our customers are deploying Cloud Web Security with their Cisco ISR G2 and ASA Next Generation Firewall through connectors built from Cloud Web Security. In addition we’ve brought market leading application, visibility and control to ASA, embedded deep in the firewall.  But it doesn’t stop here.
  • Now what about Dell’s comment that Cisco “doesn’t have an identity business“?  Cisco’s Identity Services Engine provides the backbone of Cisco’s secure Unified Access solution. The real network security action is in delivering access privileges based on more than just user identity and group which is all Dell can do today with Quest. In the BYOD world customers also require action based on the type of device, posture of the device, and location. Cisco’s Identity Services Engine is the industry leading platform to deliver context based policy controls and then leveraging the network for distributed enforcement consistently across wired, wireless, and VPN access. This is a game-changer for the enterprise and our next generation end-to-end security architecture. Enterprises can now implement context-based policy from the access layer through the data center switching fabric without using brittle and costly network segmentation methods tied to VLANs and ACLs. This is real synergy, and it is delivering a holistic solution as opposed to a holistic press sound bite.  But don’t just take our word for it; check out Gartner’s latest Magic Quadrant for NAC.  Cisco’s ISE combines identity, device, and network with a market leading platform deployed in over 3000 customers.
  • Just weeks ago we announced another key milestone with the introduction of ISE 1.2.  With this latest release we also became the first vendor in the industry to offer automated profiling feeds making us better and faster at identifying new devices and operating systems.  We’ve increased the speed and scalability of ISE to address the increasing demands brought on by the “Internet of Everything”.  And we’ve added a new set of partner APIs enabling integration into key MDM partners – SAP, AirWatch, Citrix, Mobile Iron and Good.  This expands the reach of ISE and enables customers to drive common context and identity management from the network all the way to the end point.  Dell talk’s about their direction to advance the “concept” of embedded security to virtually any type of device.  We’re not just talking about it, we’re doing it. Read More »

Tags: , , , , , , , , , , , , , , , , , ,

Addressing Government Cloud Security Challenges – AFCEA Cyberspace Symposium

Boutelle Press Photo[1]Guest post from Steve Boutelle, VP, Business Development, Global Government Solutions, Cisco.

Cybersecurity and innovative IT solutions play a central role in the National Defense Authorization Act (NDAA) for the 2013 fiscal year, highlighting the military’s increasing reliance on IT. In order to address new and evolving threats today and into the future, the DOD is challenged to develop a strategy to acquire next-generation host-based cyber-security tools and capabilities that go beyond current anti-malware and signature-based threat detection.

Government information systems today are more sophisticated and globally integrated than ever before, and attacks are growing in frequency and complexity. The challenge of data protection is constantly increasing in scope. While government organizations have always needed to secure confidential information, changes in information technology models have introduced new stakeholders, new threats and new regulations. As a result, government organizations need to think beyond the traditional models of securing the perimeter and locking down specific segments of IT infrastructure. For example, the risks of unauthorized access to data in the cloud can be mitigated through the use of next generation technologies.

This year’s AFCEA CYBERSPACE Symposium is themed, “Cyber -- The New Center of Gravity.” The event serves as a key opportunity for interaction between industry and government to explore this new domain that has become the center stage of national defense.

At the event, I will be moderating a panel, “Securing the Cloud,” featuring Bret Hartman, CTO, Security Office, Cisco and leaders from Lockheed Martin, ThreatMetrix and Terremark. The panel session will explore current and future technologies for addressing government concerns about new threats targeting the cloud.

By ensuring the integrity, confidentiality, and availability of critical information that flows through today’s cloud-based infrastructures, new and emerging technologies enable government organizations to reduce risk, demonstrate compliance, enhance agility and pursue strategic goals with greater confidence. This panel will be an opportunity for attendees to learn more about a wide variety of current and future technologies that address cloud security challenges.

More information about AFCEA Cyberspace Symposium and the panel is available here: http://www.afceacyberspace.com/

Tags: , , , , , , ,

Happy New Exploit Kits! (I mean Happy Belated New Year!)

January 22, 2013 at 7:44 am PST

It’s only been a few days since we said goodbye to 2012 and we are already seeing what many predicted for 2013: an increase in the creation, enhancement, and usage of numerous exploit kits by cyber criminals. Cyber criminals don’t take long vacations in December. On the contrary, they “work hard” and make lots of money during the holiday season! These criminals are continuously improving their tools to keep up with us (the good guys) and continue enhancing their “money-making machines.” A real-life example is how cyber criminals were able to quickly incorporate the exploits of the recently found Java vulnerability that I described in a post a few days ago.

Exploit kits make it easy for these criminals because they can easily spread malicious software that exploits well-known and new vulnerabilities. New exploit kits are loaded with some of the most dangerous zero-day exploits and other features that allow criminals to increase their profits.

Read More »

Tags: , , , , ,

Introducing Cisco Domain Ten(SM) – Cisco Services’ Blueprint for Simplifying Data Center and Cloud Transformation

December 5, 2012 at 10:07 am PST

This week at the Gartner Data  Center Conference in Las Vegas, Cisco Services is unveiling Cisco Domain Ten(SM) – Cisco’s Framework for Simplifying Data Center and Cloud Transformation.

Cisco Domain Ten can be applied to a diverse range of data center projects -- from cloud and desktop virtualization to application migration and is equally applicable whether your data center is in enterprise businesses, public sector organizations or service providers.  The video here describes how we apply the Cisco Domain Ten to the private cloud use case, as one example.  We’ll discuss additional use cases in future blogs and associated collateral that I’ll point you to.

Born from our extensive experience over the past years in helping customers transform their data centers, based upon the many cloud deployments -- private and public, enterprise, public sector and service provider -- that we’ve enabled over the past few years, we’ve formulated this comprehensive framework to help you transform your data center and guide new initiatives including cloud, virtual desktop, application migration, and data center consolidation.  The Cisco Domain Ten framework covers ten key areas -- domains -- that -- based upon our experience -- are critical to consider, plan for and address as part of your data center and cloud transformational journey, and is illustrated in the diagram below.  Relating this framework to other key components of Cisco’s data center strategy, you can  think of the Cisco Unified Data Center as the what of the data center, whereas Cisco Domain Ten complements this by guiding you on the how (to transform).

Cisco Domain Ten - Simplifying Data Center Transformation

Read More »

Tags: , , , , , , , , , , , , , , ,

Protection in the Cloud

Physical servers lend the comfort of knowing where your data is located and having control over access and protection of that data. But from a business perspective, there is a lot virtualization can offer. So what’s the compromise with security, and is it worth the switch to a cloud environment?

While the cloud is an “open environment,” with no physical equipment to hold data in a hard-and-fast location, there are security measures that can be taken. Understanding how your technology is being used and who would be interested in accessing stored information is an important step in protecting against security threats. It is also important to consider what type of cloud you are utilizing – public, private, or hybrid. When analyzed thoroughly, you can then integrate security controls into your architecture to view, manage, and control vulnerability and threats.

Finally, you must consider trust. How the technology is used depends on users, devices, applications, and data. Security policies and controls can be determined and installed after establishing how and why the data may be accessed. Vice President and Chief Information Security Officer at Intel explains in more detail the significance of trust and avoiding security breaches. Read what he has to say.

You  may want also to take advantage of our coming webcast to see how industry peers are doing to solve the very challenges Cloud adopters face. Tune in to a webcast on December 6 at 9:00 am PST  to hear from Cisco UCS customers Xerox and FICO Corporation, about how and why they used it in their Cloud environments.

 

Tags: , ,