Cisco Blogs


Cisco Blog > Security

Defending the Data Center

September 12, 2012 at 5:00 am PST

It’s no secret that enterprise data centers are in a state of transformation – they always are. There’s a constant need to scale data center operations to meet the seemingly insatiable demand for connection and throughput speeds, as well as the number of concurrent sessions. In fact, experts anticipate that these performance demands will increase by as much as 30X over the next few years.  While that statistic alone is remarkable enough, that’s just part of the story.  Adding to the dramatic changes is the trend toward virtualization – with over half of all workloads expected to be virtualized by next year; and the fact that employees currently use an average of more than three mobile devices to access enterprise networks.

All of these trends are fundamentally changing data center operations today. And while the obvious impact of these changes is the need for performance scalability to meet the increasing demands, they also inherently change how data centers are secured. It’s this second impact that is often overlooked. While security is certainly important to data center administrators, it isn’t their only concern.  Oftentimes their primary focus is maintaining business-IT alignment and avoiding chokepoints that can degrade performance and jeopardize their SLAs.  As a result, security is frequently put on the backburner while the entire operation continues to upscale – opening the door to the perfect storm for a major security breach.

Unfortunately, most security products are “bolted on” as an afterthought, so they’re not capable of meeting the robust and dynamically changing needs of enterprise data centers. But Cisco handles security very differently than the rest of the industry. By leveraging the SecureX Architecture, Cisco security solutions are built into the network fabric. 70 percent of the world’s Internet traffic and 35 percent of the world’s email traffic flows through Cisco networks, putting Cisco in the best position to see and proactively protect against threats before they affect customers’ networks. Cisco gains intelligence from throughout the network to enable more informed security decisions, and has used that intelligence to integrate security throughout the network infrastructure to provide comprehensive policy enforcement.

To this end, today Cisco made a series of product announcements that help provide modern data centers with what they need to remain secure, while enabling them to meet their business needs:

  • Cisco ASA Software Release 9.0, which is a major release of the core operating system which powers the entire line of ASA security appliances, adding data center-class performance and next-generation firewall capabilities
  • The Cisco ASA 1000V Cloud Firewall, a new multi-tenant edge firewall that uses the same base ASA code that runs the physical ASA appliances, but is optimized for virtual and cloud environments
  • Cisco IPS 4500 Series Sensors, a new series of standalone enterprise-class IPS appliances that provide up to 10 Gbps of IPS throughput in a single blade –four times the performance density of the closest competitor
  • Cisco Security Manager 4.3, which delivers several important capabilities for up to an 80% improvement in operational efficiency, as well as northbound APIs that enable customers to more efficiently deploy comprehensive security solutions

With these new product announcements, in addition to the rest of the SecureX Architecture, Cisco makes security a deployment decision, just like the rest of your network, with consistent security that enables policies to work throughout hybrid environments – physical, virtual, and cloud.  Because we’re part of the network fabric, rather than a bolted-on point product vendor, we deliver security when, where, and how you need it to deliver a flexible, comprehensive security solution. As a result, Cisco can provide high levels of network security, while enabling enterprise data centers to maintain business-IT alignment and avoid chokepoints that can degrade performance and jeopardize SLAs.  And since we enable one layer of security policies to work throughout the hybrid environment, we provide a high level of security while significantly decreasing complexity.

For more information, please visit http://www.cisco.com/go/securedc.

Tags: , , , , , , ,

Firewall Network Threat Defense, Countermeasures, and Controls @ Cisco Live 2012 – San Diego!

The advent of social networking, BYOD implementations, and web interactions has transcended the Internet traffic flows of yesterday. Adversely, the security risks and threat landscape have not only evolved, but become an ever increasing factor in protecting today’s information systems. This continued movement has led to the introduction of a new security topic for the upcoming Cisco Live 2012 conference. This topic and subsequent lab session, “Firewall Network Threat Defense, Countermeasures, and Controls” is part of the “Cyber Aikido” security suite of sessions being offered at Cisco Live 2012, and has been developed around threat defense solutions applicable to Cisco Firewalls. The course is largely based on the upcoming “Cisco Firewall Best Practices Guide“.

The “Firewall Network Threat Defense, Countermeasures, and Controls” instructor-led lab will provide administrators and engineers of Cisco Firewalls the knowledge and understanding to protect their networks against threats and attacks leveraging industry standard and Cisco Firewall Best Practices. This includes understanding control plane, management plane, and data plane architectures, and applying security features and constructs to secure the traffic traversing and interfacing with your devices or hosts.

Read More »

Tags: , , , , , , , , , ,

Firewall, IPS, and Web Security Without Degrading Performance? Yes You Can Have It All!

February 28, 2012 at 4:00 am PST

In an effort to reduce costs and improve operational efficiency, organizations of all sizes have begun compressing their firewall and other security services into smaller form factors and fewer physical units. Many small and midsized companies have opted for UTMs to run all of their security on a single box. Unfortunately, UTMs have failed to deliver on their promise to deliver true multi-service security. Most UTMs do one or two things really well, but add all the other services as “checkbox” items just to say they have it. Read More »

Tags: , , , , , , , , ,

Router Security: Ready for Primetime

I have a confession: I’m a technology late-adopter. On Rogers’ Innovation Adoption bell curve, I probably fall somewhere in the ‘late majority’ —  I like the tried and true.

But with a few years and many advances, I’m back on Facebook (my short experience with it left me with privacy paranoia),  and if you can believe it, I’m now an iPhone user. I appreciate not lugging around my iPod, and having a camera ready whenever I need it, but it’s not only the extra bells on the integrated device that has impressed me -- it’s the realization that I don’t have to compromise functionality to have it all.

Another technology that has made a lot of strides since its entry into the market is integrated router security. Read More »

Tags: , , , , , , , ,

Block a country with my Cisco Router or Firewall

Problem:

We are often asked by customers about how they can prevent traffic from a certain country (let’s say country X) from entering their network. The motivations for doing this could vary. Sometimes a company does not do business with all countries in the world; therefore, the company doesn’t need to be accessible from all countries. Other times it is an issue of trust and security, where an administrator may not want to allow country X to enter their infrastructure. Finally, there are cases where country X has often been incriminated with malicious activity, so an administrator may want to block country X when there is no need for the organization to interact with this country. In this document I present a methodology on how to write a tool that provides the configuration lines to block country X, using your IOS router or ASA/ASASM firewall.
Read More »

Tags: , , , , , ,