In part one of our series on Cisco’s Secure Data Center Strategy, we did a deeper dive on segmentation. As a refresh, segmentation can be broke into three key areas. The first, the need to create boundaries is caused because perimeters are beginning to dissolve and many environments are no longer trusted forcing us to segment compute resources, the network and virtualized attributes and environments. Along with segmenting physical components, policies must be segmented by function, device, and organizational division. Lastly, segmenting access control around networks and resources whether they are compute, network, or applications offers a higher level of granularity and control. This includes role-based access and context based access. Ensuring policy transition across the boundaries is of primary concern. To learn more on segmentation go here.
Today we will dive deeper into Cisco’s security value-add of threat defense.
Technology trends such as cloud computing, proliferation of personal devices, and collaboration are enabling more efficient business practices, but they are also putting a strain on the data center and adding new security risks. As technology becomes more sophisticated, so are targeted attacks, and these security breaches, as a result, are far more costly. The next figure is from Information Weeks 2012 Strategic Security Survey and illustrates top security breaches over the previous year.
Read More »
Tags: Cisco ASA, cisco firewall, Cisco Security, cisco sio, Cisco UCS, cloud, data center, data center security, DC, firewall, intrusion prevention, IPS, it security, network security, pci-dss, security, server, threat defense, virtual, virtualization
Last week Cisco announced several new products in it’s Defending the Data Center launch. These included the Cisco Adaptive Security Appliance Software Release 9.0, Cisco IPS 4500 Series Sensors, Cisco Security Manager 4.3, and the Cisco ASA 1000V Cloud Firewall, adding enhanced performance, management, and threat defense capabilities. Core to this launch was also Cisco’s new strategy for developing Secure Data Center Solutions, a holistic approach similar to what Cisco previously did with Secure BYOD. This new strategy integrates Cisco security products into Cisco’s networking and data center portfolio to create validated designs and smart solutions. Organizations that lack bandwidth and resources or the know how to test and validate holistic designs can simply deploy template configurations based on pre-tested environments that cover complete data center infrastructures. These designs enable predictable, reliable deployment of solutions and business services and allow customers infrastructures to evolve as their data center needs change.
In developing this strategy we interviewed numerous customers, partners and field-sales reps to formulate the role of security in the data center and how to effectively get to the next step in the data center evolution or journey, whether you are just beginning to virtualize or have already advanced to exploring various cloud models. Three security priorities consistently came up and became the core of our strategy of delivering the security added value. They are Segmentation, Threat-Defense and Visibility. This blog series, beginning with segmentation, will provide a deeper dive into these three pillars.
Segmentation itself can be broken into three key areas. Perimeters are beginning to dissolve and many environments are no longer trusted, forcing us to segment compute resources, the network, and virtualized environments to create new boundaries, or zones. Along with segmenting physical components, policies must include segmentation of virtual networks and virtual machines, as well as by function, device, and logical association. Lastly, segmenting access control around networks and resources whether they are compute, network or applications offers a higher level of granularity and control. This includes role-based access and context based access. Let’s discuss even deeper.
Read More »
Tags: Cisco ASA, cisco firewall, Cisco Security, Cisco UCS, cloud, data center, data center security, DC, firewall, intrusion prevention, IPS, it security, network security, pci-dss, security, server, virtual, virtualization
In a blog post earlier this year, I highlighted the Nexus 1010-X virtual services appliance announced at Cisco Live! in London, and why virtual services can be best deployed on a separate UCS-based appliance running NX-OS. The Nexus 1010 and 1010-X are dedicated platforms for hosting virtual service nodes, like the Nexus 1000V virtual supervisor module (VSM), virtual firewalls, and our virtual network analysis module (NAM). All these services run in virtual machines on the Nexus 1010, rather than taking up valuable resources on application servers, and allow for easier manageability by the networking and security teams (rather than the server team).
Continuing on the same theme, this week at Cisco live! San Diego (my how time flies between these shows!), web application firewall (WAF) manufacturer, Imperva, announced that their SecureSphere WAF would soon be available on the Cisco Nexus 1010-X virtual services appliance (Q4 CY 2012). This is the first third-party virtual service announced on either the Nexus 1010 or 1010-X appliance, and provides additional security capabilities on top of Cisco’s virtualization infrastructure for cloud applications. Read More »
Tags: data center security, DCNM, NAM, Nexus 1000v, Nexus 1010, Nexus 1010-X, Virtual Security Gateway, vsg
For anyone who has ventured to a tech conference, flown into an airport or even driven down CA highway 101 this past year, it’s clear that cloud is still top of mind for many technical and business decision makers. We believe this means that enterprises are no longer just talking the talk, but are looking deeper into their networking infrastructure to see if they are ready to meet the challenges of cloud, virtualization and workload mobility. At Cisco, it is our job to help build clouds that can handle elastic demand and efficiently use the networking infrastructure at both a virtual and physical level. This week, we are announcing several key upgrades to the Nexus 1000V family that bring scalability and cloud readiness to the network.
Read More »
Tags: cloud, data center security, gary kinghorn, network virtualization, Nexus 1000v, Nexus 1010, Nexus 1010-X, Tina Feng, virtual networking, Virtual Security Gateway, vPath, vsg, VXLAN
As we start off this New Year, how about including a resolution to improve application delivery? In Best Practices for Application Delivery in Virtualized Networks – Part I , we covered key application delivery challenges that have come up due to the complexities of managing the many types of applications that enterprises use today, and further complicated by data center consolidation and virtualization. We then covered some best practices, courtesy of Dr. Jim Metzler’s 2011 Application Service Delivery Handbook, which recommended taking a lifecycle approach to planning and managing application performance.
A key step to the lifecycle approach is to implement network and application optimization tools, such as WAN Optimization solutions and Application Delivery Controllers, including server load balancers. Of course, these solutions are not new to the market and already address many of the needs that exist with delivering enterprise applications in virtualized data centers -- namely, the need to ensure network reliability, availability and security for users accessing these applications. In this post, we will discuss a recent study by IDC, where IT decision makers across Europe and the US spoke out about their strategies for using server load balancers to deal with emerging challenges.
. What important attributes do you look for in your server load balancers?
Read More »
Tags: ACE, application control engine, application delivery, application delivery controller, application performance, availbility, Cisco OTV, cloud bursting, data center security, DWS, Dynamic Workload Scaling, enterprise application, IDC, jim metzler, load balancer, Load Balancing, network optimization, Network Services, Nexus 7000, OTV, Overlay Transport Virtualization, resiliency, security, server load balancer, server load balancing, Tina Feng, Unified Network Services, virtual machine intelligence, virtual network services, virtualization