Cisco Blogs


Cisco Blog > Enterprise Networks

“Security Everywhere” – Enterprise Branch Security for Direct Internet Access

Two weeks ago, a leading global medical device manufacturer came to Cisco for advice. In an effort to streamline IT operations and reduce operating costs, the customer had recently migrated from their internal Microsoft Exchange 2010 environment to Office365, Microsoft’s hosted online service.

The migration was initially done for the headquarter users and the feedback was more positive than they expected. However, when they migrated their branch and remote office users, the WAN bandwidth usage almost immediately spiked and user experience suffered as a result.

This customer is certainly not the only company looking to embrace Cloud applications for greater agility, reduced costs and complexity, and increased productivity. Or has had to deal with BYOD issues and the increasing impact of video has on their bandwidth. However, what our customer and those other companies have found is that the current method of backhauling the traffic to the data center is no longer a viable way to handle the increased consumption when faced with a flat or even a declining IT budget. Therefore, many of today’s distributed enterprises are looking to use direct Internet access pathways in an effort to improve the user experience while reducing IT costs.

However, enabling direct Internet access (DIA) at branch offices also forfeits the inherent threat protection that traffic routed through the data center provides. The enterprise-level risks that branch offices face with BYOD issues, compliance requirements, and advanced persistent threats require enterprise-level security. According to Gartner’s “Bring Branch Office Network Security Up to the Enterprise Standard”, “By 2016, 30% of advanced targeted threats — up from less than 5% today — will specifically target branch offices as an entry point.”

Cisco FirePOWER Threat Defense for ISR addresses these issues by extending their industry-leading FirePOWER threat protection beyond its traditional network edge and data center deployments out to individual Cisco ISR routers. Read More »

Tags: , , , , , ,

Security and What Matters Most…

Summer is officially in full swing. My kids have finished with another school year. Our family vacation has been planned. When the family is away on vacation together, I worry a bit about the safety and security of our home, our personal information and of course our physical well-being when traveling. Still, even with ever more creative ways for cyber adversaries to disrupt our lives, for the most part, the systems in place have been successful at helping us avoid major catastrophe.

Family Vacation

Our service provider customers are no different: They also worry about the safety and security of their networks and infrastructures Read More »

Tags: , , , , , , , , ,

Security Everywhere Across the Extended Network

The digital economy and the Internet of Everything (IoE) are creating a host of new opportunities.  With as many as 50 billion connected devices by 2020, this wave of digitization will spell new opportunities for organizations and governments and the consumers and citizens they serve.

Yet, the more things become connected, the more opportunities exist for malicious actors as well. We are now dealing with a new world where more and more devices are creating a broader and more diverse attack surface that can be exploited.

Attackers are becoming stealthier, better organized, collaborating extensively, and are well resourced. According to the Cisco 2015 Annual Security Report, malware is becoming increasingly sophisticated and elusive. Since 2009, we have seen a 66 percent compound annual growth rate of detected security incidents.

In order to respond faster to threats and achieve better outcomes requires a tightly integrated security architecture that is as pervasive as the devices and services we are protecting. For this reason, we believe that the most effective way to confront these challenges is to evolve to an approach that extends security everywhere – both embedded into the intelligent network infrastructure and pervasive across the extended network – from the service provider to the enterprise network infrastructure, data center, IoT, cloud and endpoint. This is essential to protect today’s wide array of attack vectors while positioning security to act as a growth engine to enable companies to seize new business opportunities.

Read More »

Tags: , , ,

Leveraging the Network as a Security Sensor and Policy Enforcer

The topic of cybersecurity has become so ubiquitous that it’s almost a daily occurrence to read or hear about security breaches in the news. Cisco understands this paradigm shift within the nature of computing, that the Digital Economy and the Internet of Everything now requires what we are calling Security Everywhere. Security has to span the extended network in order to protect against an ever growing array of attack vectors. Scott Harrell, Vice President Product Management has written a more detailed blog about this specific topic here .

The key point to note about Security Everywhere is that organizations are under unrelenting attack and breaches are happening every day. Attackers have also created sophisticated malware that can be launched into the network, gather information to intelligently understand exactly what, when and how to attack and then launch an extremely surgical and devastating attack against the network. Our Cisco 2015 Annual Security Report is an excellent resource for detailed research about the nature and frequency of attacks against the enterprise.

Read More »

Tags: , , ,

ISE Ecosystem Expands to Drive Deeper Visibility and Control with Cisco Identity Services Engine

In one of my previous posts, I noted how Network Access Control (NAC) platforms have started evolving into more visibility-focused and context-aware platforms in the face of major business trends such as enterprise mobility, the migration of resources to the cloud, and the ubiquitous Internet of Everything. Consequently, “new NAC” technology has quietly transformed from a complicated set of controls – outdated in a more mobile world – into a powerful business enabler for enterprises.

The Cisco Visual Networking Index (VNI) forecasts that over fifty billion new connected devices will hit networks by the year 2020. With this massive proliferation of network-enabled devices firmly in mind, I am proud to announce that the latest version of the market-leading Cisco Identity Services Engine (ISE) is now available. Cisco Identity Services Engine builds upon the solid foundation of our last release to round out the current platform by focusing on expanding the ISE partner ecosystem with new, exciting categories for context-aware security as well as advancing endpoint security capabilities.

Read More »

Tags: , ,