Cisco Blogs


Cisco Blog > Security

New White Paper from Enterprise Strategy Group on the Evolution of and Need for Secure Network Access

Mention Network Access Control (NAC) to some security or network operations engineers, and they just might grimace.  Why?  Most people still associate NAC with a set of technologies that were complicated to deploy and implement effectively.

Today, however, those nightmare assumptions are far removed from the reality.  In this newly released white paper, Jon Oltsik, Senior Principal Analyst for the Enterprise Strategy Group, discusses how NAC is transforming into something more—a technology he calls Endpoint Visibility, Access, and Security or EVAS. Mr. Oltsik discusses how the NAC market has changed to reduce complexity in both deployment and usage. Through this advancement, this evolved technology has become an increasingly more critical component in securing enterprise networks.  In addition, Mr. Oltsik discusses how Cisco and the Cisco Identity Services Engine (ISE) are in the best position to meet IT security challenges in terms of what EVAS should be and how it helps.

Download the white paper on Cisco.com:
http://www.cisco.com/c/dam/en/us/products/collateral/security/cisco-evas-white-paper.pdf

Tags: , , , ,

Security Realities of IoT (Internet of Things)

January 23, 2014 at 9:00 am PST

Are you a security professional or IT professional just resolving the security issues with BYOD (bring-your-own-device)? Watch out, BYOD was a precursor or warm up exercise to the tsunami just hitting your shores now.

The SANS Institute just completed a survey on the security viewpoints on IoT, predominantly with security and IT professionals.

78% of respondents were unsure of the capabilities for basic visibility and management of Things they will need to secure or lack the capability to secure them.

It seems that, like BYOD, IoT is driven with minimal IT consultation. And it happens with security as an afterthought, with 46% who do not have a policy to drive the visibility and management of IoT devices.

The top security controls used today for securing IoT were 68% authentication/authorization, 65% system monitoring, and 49% segmentation. That translates into Cisco Secure Access solutions that offer superior visibility, robust intelligent platform of critical context, and highly effective unified secure access control. More importantly, this will also help the 74% that rely on manual processes for discovery and inventory of connected device (from previous SANS research).

Over half (67%) are using SIEM (security information and event management) to monitor and collect data to secure IoT. Cisco ISE (Identity Services Engine) integrates with SIEM to bring together a network-wide view of security events supplemented with relevant identity and device context. This provides security analysts the context they need to quickly assess the significance of security events. More details on the ISE and SIEM integration may be found in this new white paper: Cisco ISE Plus SIEM and Threat Defense: Strengthen Security with Context

The research rightfully points out that, of the many categories of Things, the newest category of single-purpose devices typically connected by wireless (and more likely embedded) software will be the most problematic for security. Due to this difficulty, the SANS community (61%) would like the Thing manufacturers to take more responsibility for providing security. While this is a reasonable request, the question is whether they have the expertise to do this when their focus is on the exciting new IoT market opportunities. Weigh in and tell us your outlook on securing this next wave of Things connecting to your network!

The paper on the SANS survey results is in the SANS reading room.

Tags: , , , , , , , ,

Cisco ISE in the lab.

November 6, 2013 at 7:38 pm PST

My company is in the very early stages of an MDM BYOD project.  As part of that we are looking at the Cisco Identity Service Engine (ISE) as a central piece.  I am about half way through my testing and I thought that I would pass on some of what I have learned so far.  I am far from being an ISE expert and I don’t mention profiling or the advanced features in this post. I have tried them but don’t feel knowledgeable enough to go into these details.

ISE

ISE is an excellent NAC system but it does much more than that.  One of the advantages of trying to configure a new piece of technology yourself is that you learn much more and also other ways to increase the ROI.  The main reason we are interested in ISE is as the enforcement point on our wireless network.  When a device tries to connect to our BYOD network we want ISE to query the MDM server to verify if the device is registered and if not to redirect the device to the MDM provisioning portal.  If the device is registered with MDM ISE will then query AD and verify the user credentials.  This is a core function of ISE and went fairly well. Read More »

Tags: , , , ,

Securing Any Device—For the Exceptional Connected Experience

February 11, 2013 at 4:23 pm PST

Secure access continues to be paramount for a connected world. People connect to the Internet for business and for personal use, from wired, wireless or mobile devices—locally and remotely. The Internet is a global system of interconnected networks. User devices, the Internet, and all computer networks are the target of a growing number of increasingly complex security threats. Let’s take a look at some recent trends from the Cisco Connected World Technology Report that speaks to the need for secure access:

  • Three devices is the average per end user with the desire or mandate to work anywhere and anytime—how do we ensure control of all these devices?
  • 71 percent of the next generation workforce will not obey the policies—how do we enforce policy?
  • 60 percent will not be responsible for protecting corporate information and devices—how do we protect sensitive data?
  • Mobile malware is growing; Android malware grew over 2000% from 2012 but is only 1% of the web malware encounter—how do we ensure secure connection from your mobile device and with web intensive users   Read More »

Tags: , , , , , , , ,

Hands on with the Identify Services Engine

September 20, 2011 at 12:40 pm PST

It is so critical that we make it easier for people to get on and off the network in a secure fashion. Cisco has made incredible strides merging access control platforms that have done well over the years yet still required heavier configuration and/or manual intervention.   Not any longer…The Cisco Identity Services Engine or ISE, is a game changer that has already been well received by the market and yet just keeps improving.

We featured the ISE in one of our Fundamentals animations but felt like even more could be done, especially in light of new wireless only pricing recently rolled out. This is a great step forward for a business looking to make incremental steps potentially starting now in an area that is always in need of improvement, guest access.

Read More »

Tags: , , , , , , , , , , , , ,