Cisco Blogs


Cisco Blog > Security

Part 1: Why Is Enabling Only Authorized Users So Complex?

In the past, a critical component of preventing threats was understanding and controlling network access and access to network resources based on role, while also denying access for unauthorized users and devices.

However, assuring this secure network access has been increasingly difficult due to:

  • Complexity in understanding more than just who, but how, by what, when and from where users and devices attempt to access network resources
  • Complexity in connecting authorized users to needed services with the explosion of both on premise and remote devices used by a single user
  • Complexity in evolving network architectures where networks have become more “flat” and difficult to manage from a security standpoint
  • Complexity in unifying the number of disparate security systems that need to be configured, managed and visualized

These various aspects of security complexity challenge security practitioners with delivering the right services and purchasing the right solutions to not just handle the complexity, but also reduce it. However, when we take a look at IT security spending, where does the majority of investment go and where do most vendors siphon their money to and why?

If you look across the entire attack continuum, there are three phases that people need to focus on when dealing with threats and attacks: before an attack happens, during the time it is in progress, and even after the damage is done. To properly protect against threats in all stages, organizations need to reinvestigate their security to gain visibility and control across these three phases in order to truly reduce risk.

Read More »

Tags: , ,

The Evolution of Guest Networking

As I’ve described in my previous blogs and documents, the first capability deployed by Cisco IT for Identity Services Engine (ISE) is guest networking. Guest networking replaced an older existing solution, referred to internally as NextGen Guest Networking (NGGN). NGGN relied on about 12 servers globally and had a large access control list (ACL) to manage. Deploying guest networking on ISE is a logical first choice for three reasons:  Read More »

Tags: , , , , , , ,

Cisco IT’s Identity Services Engine Deployment: Project Planning, Personnel, and Progress

Several customers have asked me how Cisco IT does project planning for a large enterprise deployment such as the Identity Services Engine, or ISE. What’s our approach? How do we manage operational costs? How do we measure performance? What personnel are involved throughout the process?  Read More »

Tags: , , , , ,

The Expanding Burden of Security

July 8, 2014 at 6:00 am PST

[ed. Note: This post was updated 7/9/2014 to include new information not available to the author at the time of original publishing]

I just returned from the Gartner Security Summit at the Gaylord Resort in National Harbor Maryland. Each morning I took my run along the Potomac River and passed this sculpture of a man buried in the sand.

KT_sandman

In speaking with many IT executives they expressed specific concerns around their IT security, and this sculpture of the “man in the sand” took on new meaning for me. I could see how they might similarly feel overwhelmed and buried given their limited resources and the abundance of threats to their environments. Yes, I’ve been in this industry too long! Anyway, throughout all of my conversations it was abundantly clear that people were looking for a new way to approach securing their networks and applications. Customers are recognizing that unsecured access to the network is a critical threat vector; however, when leveraged properly, the network itself also provides a significant platform that offers comprehensive protection to close those gaps. So, what do I mean by that?

The network uniformly sees and participates in everything across the threat continuum, whether before, during or after an attack. If we can leverage the insights and inherent control the network provides, IT organizations can truly augment their overall end-to-end security across this continuum. If done correctly, this augmentation can happen without investing a large amount of time, energy, and resources in filling all the gaps to secure their environments -- regardless of legacy network, endpoint, mobile, virtual, or cloud usage models

Cisco strongly believes that the network must work intimately with various security technologies in a continuous fashion to offer protection for networks, endpoints, virtual, data centers and mobile.

The New Security Model

Given Cisco’s breadth and depth of security, we did not have room to exhibit our networking devices. However, within much of our networking (and even security) offerings, we have embedded security capabilities that provide more comprehensive protection across the entire threat continuum.

An example of this is Cisco TrustSec embedded network access enforcement, which provides network segmentation based on highly differentiated access policies. Cisco TrustSec works with Cisco ISE to provide consistent secure access that is mapped to IT business goals. Cisco ISE and TrustSec are part of the Cisco Unified Access solution and leverage a superior level of context and simplified policy management across the entire infrastructure in order to ensure that the right users and devices gain the right access to the right resources at any given time.

Cisco’s integrated approach to security reduces complexity, while providing unmatched visibility, continuous control and advanced threat protection, which, in turn, allows customers to prioritize more efficiently and act more quickly - before, during, and after an attack. Through Cisco’s New Security Model, we help you achieve a more pleasant experience and get you dug out of the sand. To learn more and go beyond just a shovel and pail, go to Cisco’s Security Page.

Tags: , , , , , , , ,

Cisco Meraki, Now with ISE!

We’ve been hearing from some of our customers that they are interested in using Cisco Meraki in their branches alongside their Cisco infrastructure in their main offices, but were worried about having to deal with too many segregated policy management systems.

Good news: Interoperability between Cisco Meraki and ISE is here. Administrators can now define a single user access policy across on-premise and cloud-managed networks.With this interoperability, Cisco infrastructure customers can now deploy Cisco Meraki in their branches in the same network as other Cisco equipment, with all devices across the network managed under ISE for unified access policy management.

Read more about the Cisco Meraki and ISE interoperability in the blog post: Got ISE?

To get a free Meraki wireless access point and learn more about the solution, join one of our online webinars. See the  complete schedule and choose from a range of webinars featuring Meraki customers, product and solution overviews, and topics like BYOD.

Tags: , , , , , , , , , , , , , , , , , , , , , , , ,