Cisco Blogs


Cisco Blog > Security

The Three Pillars to Cisco’s Secure Data Center Strategy: Part 2 Threat Defense

In part one of our series on Cisco’s Secure Data Center Strategy, we did a deeper dive on segmentation.  As a refresh, segmentation can be broke into three key areas. The first, the need to create boundaries is caused because perimeters are beginning to dissolve and many environments are no longer trusted forcing us to segment compute resources, the network and virtualized attributes and environments. Along with segmenting physical components, policies must be segmented by function, device, and organizational division. Lastly, segmenting access control around networks and resources whether they are compute, network, or applications offers a higher level of granularity and control. This includes role-based access and context based access.  Ensuring policy transition across the boundaries is of primary concern. To learn more on segmentation go here.

Today we will dive deeper into Cisco’s security value-add of threat defense.

Technology trends such as cloud computing, proliferation of personal devices, and collaboration are enabling more efficient business practices, but they are also putting a strain on the data center and adding new security risks.  As technology becomes more sophisticated, so are targeted attacks, and these security breaches, as a result, are far more costly.  The next figure is from Information Weeks 2012 Strategic Security Survey and illustrates top security breaches over the previous year.

Read More »

Tags: , , , , , , , , , , , , , , , , , , ,

Managing Security Content That Matters

What might interest you to spend time at a website such as Cisco’s Security Intelligence Operations (SIO) web portal? You might be compelled because of the relevant security content made available to you that matters most. Directly linked to that experiential perspective are the behind-the-scenes efforts that are related to the publishing and presentation of security content, which is a dynamic undertaking because the Internet never sleeps and the next cyber-security event looms just around the corner. Security practitioners, and non-practitioners alike, reap the benefits from the security content that the Cisco SIO content managers orchestrate for the SIO portal. This article provides insights into how they contribute to the publishing of trusted, consistent, and predictable content for you, our customers, on a daily basis throughout the year.

Managing security content is significant in several respects to SIO, where there is an array of options to apply and reap maximum benefit from content within the key security tenets: confidentiality, integrity, and availability. At its core, SIO’s security content transcends diverse communications mediums and is woven into the methods related to how we consume and interact with it. Cisco has a team of dedicated content managers chartered with meeting the demands and challenges of delivering timely, credible, and actionable security intelligence through the editorial and web publishing services that they provide within SIO.

The Security Content Manager needs to be mindful of the content providers and publishing platforms covered while aggregating and distilling security information for use by a global audience over multiple communications channels within the context of their use cases. This approach is integral to facilitating the degree and impact of the security content’s effectiveness and utility.

Read More »

Tags: , ,

The Three Pillars to Cisco’s Secure Data Center Strategy: Part 1 Segmentation

Last week Cisco announced several new products in it’s Defending the Data Center launch. These included the Cisco Adaptive Security Appliance Software Release 9.0, Cisco IPS 4500 Series Sensors, Cisco Security Manager 4.3, and the Cisco ASA 1000V Cloud Firewall, adding enhanced performance, management, and threat defense capabilities. Core to this launch was also Cisco’s new strategy for developing Secure Data Center Solutions, a holistic approach similar to what Cisco previously did with Secure BYOD. This new strategy integrates Cisco security products into Cisco’s networking and data center portfolio to create validated designs and smart solutions. Organizations that lack bandwidth and resources or the know how to test and validate holistic designs can simply deploy template configurations based on pre-tested environments that cover complete data center infrastructures. These designs enable predictable, reliable deployment of solutions and business services and allow customers infrastructures to evolve as their data center needs change.

In developing this strategy we interviewed numerous customers, partners and field-sales reps to formulate the role of security in the data center and how to effectively get to the next step in the data center evolution or journey, whether you are just beginning to virtualize or have already advanced to exploring various cloud models. Three security priorities consistently came up and became the core of our strategy of delivering the security added value. They are Segmentation, Threat-Defense and Visibility.  This blog series, beginning with segmentation, will provide a deeper dive into these three pillars.

Segmentation itself can be broken into three key areas. Perimeters are beginning to dissolve and many environments are no longer trusted, forcing us to segment compute resources, the network, and virtualized environments to create new boundaries, or zones. Along with segmenting physical components, policies must include segmentation of virtual networks and virtual machines, as well as by function, device, and logical association. Lastly, segmenting access control around networks and resources whether they are compute, network or applications offers a higher level of granularity and control. This includes role-based access and context based access.  Let’s discuss even deeper.

Read More »

Tags: , , , , , , , , , , , , , , , , ,

Cisco IP Phone Certificates and Secure Communications

Securing Cisco IP phone communications is important that helps organizations protect trade secrets and facilitate business and compliance requirements. Cisco IP phones support secure communication for both control and data channels. The security that is incorporated into Cisco IP phones includes the encryption and authentication of signaling communications between the Cisco IP phones and the Cisco Unified Communications Manager. Moreover, Cisco Unified Communications Manager supports encryption, authentication, and anti-replay protection of the voice packets that are exchanged between Cisco IP phones.

Read More »

Tags: , , , , ,

Putting VDI Security Concerns to Bed and……….


………..New Cisco Data Center Security Enhancements

The workplace is changing fast. Workers are becoming increasingly mobile. The introduction of employee-owned consumer devices like tablets, is becoming the norm; in fact, the average number of devices used by knowledge workers is between 3 and 4 and rising. While IT organizations acknowledge the productivity, business agility and cost benefits these developments can bring, they are also concerned by the associated challenges. Not surprisingly, numerous industry research papers point to device, application and data security, and regulatory compliance as the biggest challenges for mobility and BYOD projects.

To address these security concerns many IT organizations are applying desktop virtualization or virtual desktop infrastructure (VDI) technologies to ensure management and protection of the applications, data and content centrally in the data center, regardless of which device is used. But how can IT ensure that VDI deployments themselves are secure?

Today, Cisco announced new data center security enhancements that further protect VDI deployments. These new innovations enable more scalable, secure access to hosted virtual desktops and more robust protection of data center resources. These innovations also ensure that business critical applications and virtual desktops hosted within the data center can be better protected from other virtual desktops that have become compromised or infected. (Read also today’s blog from John N. Stewart , Cisco Sr.VP, Chief Security Officer  “Does Virtualization Improve Security ? “)

Deploying a data center infrastructure that has the built-in security capabilities to address these challenges needs to be an integral part of any VDI design. The Cisco VXI Smart Solution  is a comprehensive, secure desktop virtualization solution that addresses these security concerns in both Citrix XenDesktop and VMWare View deployments; you can find more information on the designs here.

Read More »

Tags: , , , , ,