Cisco Blogs


Cisco Blog > Security

Security Realities of IoT (Internet of Things)

January 23, 2014 at 9:00 am PST

Are you a security professional or IT professional just resolving the security issues with BYOD (bring-your-own-device)? Watch out, BYOD was a precursor or warm up exercise to the tsunami just hitting your shores now.

The SANS Institute just completed a survey on the security viewpoints on IoT, predominantly with security and IT professionals.

78% of respondents were unsure of the capabilities for basic visibility and management of Things they will need to secure or lack the capability to secure them.

It seems that, like BYOD, IoT is driven with minimal IT consultation. And it happens with security as an afterthought, with 46% who do not have a policy to drive the visibility and management of IoT devices.

The top security controls used today for securing IoT were 68% authentication/authorization, 65% system monitoring, and 49% segmentation. That translates into Cisco Secure Access solutions that offer superior visibility, robust intelligent platform of critical context, and highly effective unified secure access control. More importantly, this will also help the 74% that rely on manual processes for discovery and inventory of connected device (from previous SANS research).

Over half (67%) are using SIEM (security information and event management) to monitor and collect data to secure IoT. Cisco ISE (Identity Services Engine) integrates with SIEM to bring together a network-wide view of security events supplemented with relevant identity and device context. This provides security analysts the context they need to quickly assess the significance of security events. More details on the ISE and SIEM integration may be found in this new white paper: Cisco ISE Plus SIEM and Threat Defense: Strengthen Security with Context

The research rightfully points out that, of the many categories of Things, the newest category of single-purpose devices typically connected by wireless (and more likely embedded) software will be the most problematic for security. Due to this difficulty, the SANS community (61%) would like the Thing manufacturers to take more responsibility for providing security. While this is a reasonable request, the question is whether they have the expertise to do this when their focus is on the exciting new IoT market opportunities. Weigh in and tell us your outlook on securing this next wave of Things connecting to your network!

The paper on the SANS survey results is in the SANS reading room.

Tags: , , , , , , , ,

Cisco ISE in the lab.

November 6, 2013 at 7:38 pm PST

My company is in the very early stages of an MDM BYOD project.  As part of that we are looking at the Cisco Identity Service Engine (ISE) as a central piece.  I am about half way through my testing and I thought that I would pass on some of what I have learned so far.  I am far from being an ISE expert and I don’t mention profiling or the advanced features in this post. I have tried them but don’t feel knowledgeable enough to go into these details.

ISE

ISE is an excellent NAC system but it does much more than that.  One of the advantages of trying to configure a new piece of technology yourself is that you learn much more and also other ways to increase the ROI.  The main reason we are interested in ISE is as the enforcement point on our wireless network.  When a device tries to connect to our BYOD network we want ISE to query the MDM server to verify if the device is registered and if not to redirect the device to the MDM provisioning portal.  If the device is registered with MDM ISE will then query AD and verify the user credentials.  This is a core function of ISE and went fairly well. Read More »

Tags: , , ,

Securing Any Device—For the Exceptional Connected Experience

February 11, 2013 at 4:23 pm PST

Secure access continues to be paramount for a connected world. People connect to the Internet for business and for personal use, from wired, wireless or mobile devices—locally and remotely. The Internet is a global system of interconnected networks. User devices, the Internet, and all computer networks are the target of a growing number of increasingly complex security threats. Let’s take a look at some recent trends from the Cisco Connected World Technology Report that speaks to the need for secure access:

  • Three devices is the average per end user with the desire or mandate to work anywhere and anytime—how do we ensure control of all these devices?
  • 71 percent of the next generation workforce will not obey the policies—how do we enforce policy?
  • 60 percent will not be responsible for protecting corporate information and devices—how do we protect sensitive data?
  • Mobile malware is growing; Android malware grew over 2000% from 2012 but is only 1% of the web malware encounter—how do we ensure secure connection from your mobile device and with web intensive users   Read More »

Tags: , , , , , , , ,

Hands on with the Identify Services Engine

September 20, 2011 at 12:40 pm PST

It is so critical that we make it easier for people to get on and off the network in a secure fashion. Cisco has made incredible strides merging access control platforms that have done well over the years yet still required heavier configuration and/or manual intervention.   Not any longer…The Cisco Identity Services Engine or ISE, is a game changer that has already been well received by the market and yet just keeps improving.

We featured the ISE in one of our Fundamentals animations but felt like even more could be done, especially in light of new wireless only pricing recently rolled out. This is a great step forward for a business looking to make incremental steps potentially starting now in an area that is always in need of improvement, guest access.

Read More »

Tags: , , , , , , , , , , , , ,

Identity Services Engine: Your Frequently Asked Questions – Answered!

June 13, 2011 at 9:21 am PST

Your Questions: Answered

This post is the first in a new series we’ll be featuring called Your Questions: Answered. In this series, we track down the answers to partners’ toughest technical questions. You can submit your questions here, post on the Cisco Channels Facebook page, or drop us a note on Twitter.

When Cisco recently introduced the Identity Services Engine (ISE), you likely started fielding questions, with many customers concerned about whether Cisco Network Admission Control (NAC) and Cisco Access Control System (ACS) will cease to be supported or become end-of-life. (Kind of like how I felt when the iPhone 4 came out and I was stuck with the iPhone 3G).

To help you address customer questions, I went out looking for answers on what’s up with ISE, NAC, and ACS. First up, a little about ISE: It has similar functionality to NAC and ACS, combining the functionality of those two existing products onto a new platform. Your customers can gather information from users, devices, infrastructure, and network services to enable organizations to enforce contextual-based business policies across the network, create and enforce consistent policy from the head office to the branch office, and combine authentication, authorization, and accounting (AAA), posture, profiling, and guest management with this single product. And that’s just the beginning--I’ll share details on how to find out more about ISE later in this blog.

Back to the issue at hand — I chatted with Brian Sak, Cisco’s Consulting Systems Engineer and expert on Borderless Networks Security products. He filled me in on the most frequently asked questions that he’s been getting from partners around ISE.

Are NAC and ACS being replaced by ISE?
No, both NAC and ACS have ongoing roadmaps, developments, and new releases planned. If ISE does not meet your customer’s current needs, your customers can still use NAC or ACS. Cisco will not stop innovations on NAC and ACS anytime in the near future.

Should I encourage my NAC and ACS customers to migrate to ISE now?
The answer varies based on your customers and their requirements. Check out this handy chart in the Partner Community Discussion Forum (log in required) to help you determine if ISE is the right fit, right now for your customers.

Read More »

Tags: , , , , , , , , , , , ,