Cisco Blogs

Cisco Blog > Security

The Three Pillars to Cisco’s Secure Data Center Strategy: Part 3 Visibility

In this last part of this series I will discuss the top customer priority of visibility.  Cisco offers customers the ability to gain insight into what’s happening in their network and, at the same time, maintain compliance and business operations.

But before we dive into that let’s do a recap of part two of our series on Cisco’s Secure Data Center Strategy on threat defense. In summary, Cisco understands that to prevent threats both internally and externally it’s not a permit or deny of data, but rather that data needs deeper inspection. Cisco offers two leading platforms that work with the ASA 5585-X Series Adaptive Security Appliance to protect the data center and they are the new IPS 4500 Series Sensor platform for high data rate environments and the ASA CX Context Aware Security for application control.  To learn more go to part 2 here.

As customers move from the physical to virtual to cloud data centers, a challenge heard over is over is that they desire to maintain their compliance, security, and policies across these varying instantiations of their data center. In other words, they want to same controls in the physical world present in the virtual – one policy, one set of security capabilities.  This will maintain compliance, overall security and ease business operations.

By offering better visibility into users, their devices, applications and access controls this not only helps with maintaining compliance but also deal with the threat defense requirements in our overall data center.  Cisco’s visibility tools gives our customers the insight they need to make decisions about who gets access to what kinds of information, where segmentation is needed, what are the boundaries in your data center, whether these boundaries are physical or virtual and the ability to do the right level of policy orchestration to maintain compliance and the overall security posture.  These tools have been grouped into three key areas: management and reporting, insights, and policy orchestration.

Read More »

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , ,

The Three Pillars to Cisco’s Secure Data Center Strategy: Part 2 Threat Defense

In part one of our series on Cisco’s Secure Data Center Strategy, we did a deeper dive on segmentation.  As a refresh, segmentation can be broke into three key areas. The first, the need to create boundaries is caused because perimeters are beginning to dissolve and many environments are no longer trusted forcing us to segment compute resources, the network and virtualized attributes and environments. Along with segmenting physical components, policies must be segmented by function, device, and organizational division. Lastly, segmenting access control around networks and resources whether they are compute, network, or applications offers a higher level of granularity and control. This includes role-based access and context based access.  Ensuring policy transition across the boundaries is of primary concern. To learn more on segmentation go here.

Today we will dive deeper into Cisco’s security value-add of threat defense.

Technology trends such as cloud computing, proliferation of personal devices, and collaboration are enabling more efficient business practices, but they are also putting a strain on the data center and adding new security risks.  As technology becomes more sophisticated, so are targeted attacks, and these security breaches, as a result, are far more costly.  The next figure is from Information Weeks 2012 Strategic Security Survey and illustrates top security breaches over the previous year.

Read More »

Tags: , , , , , , , , , , , , , , , , , , ,

The Three Pillars to Cisco’s Secure Data Center Strategy: Part 1 Segmentation

Last week Cisco announced several new products in it’s Defending the Data Center launch. These included the Cisco Adaptive Security Appliance Software Release 9.0, Cisco IPS 4500 Series Sensors, Cisco Security Manager 4.3, and the Cisco ASA 1000V Cloud Firewall, adding enhanced performance, management, and threat defense capabilities. Core to this launch was also Cisco’s new strategy for developing Secure Data Center Solutions, a holistic approach similar to what Cisco previously did with Secure BYOD. This new strategy integrates Cisco security products into Cisco’s networking and data center portfolio to create validated designs and smart solutions. Organizations that lack bandwidth and resources or the know how to test and validate holistic designs can simply deploy template configurations based on pre-tested environments that cover complete data center infrastructures. These designs enable predictable, reliable deployment of solutions and business services and allow customers infrastructures to evolve as their data center needs change.

In developing this strategy we interviewed numerous customers, partners and field-sales reps to formulate the role of security in the data center and how to effectively get to the next step in the data center evolution or journey, whether you are just beginning to virtualize or have already advanced to exploring various cloud models. Three security priorities consistently came up and became the core of our strategy of delivering the security added value. They are Segmentation, Threat-Defense and Visibility.  This blog series, beginning with segmentation, will provide a deeper dive into these three pillars.

Segmentation itself can be broken into three key areas. Perimeters are beginning to dissolve and many environments are no longer trusted, forcing us to segment compute resources, the network, and virtualized environments to create new boundaries, or zones. Along with segmenting physical components, policies must include segmentation of virtual networks and virtual machines, as well as by function, device, and logical association. Lastly, segmenting access control around networks and resources whether they are compute, network or applications offers a higher level of granularity and control. This includes role-based access and context based access.  Let’s discuss even deeper.

Read More »

Tags: , , , , , , , , , , , , , , , , ,

Cisco UCS Establishes #1 Overall VMmark Score with World-record-setting 8-node VMware VMmark 2.1 Benchmark Result

Cisco continues its cloud computing performance leadership with the announcement of Industry’s First VMware vSphere 5.1 Benchmark Result published on September 5th 2012.

With this world-record-setting 8-node VMware VMmark 2.1 score of 42.79@36 tiles, Cisco UCS is best in performance,  best in scalability, and the result is the first to incorporate VMware vSphere 5.1—all critical contributors to effective cloud computing environments.

UCS has established many records for Cisco and for the industry with this benchmark result.

  • Cisco is best in performance, with a result more than double HP’s best result of 18.27@18 tiles.
  • Cisco is best in scalability, outperforming Fujitsu’s result of 36.07@36 tiles by more than 18 percent.
  • The Cisco UCS results show that eight 2-socket Cisco UCS B200 M3 servers outperform four 4-socket Fujitsu servers, contradicting the conventional wisdom that vertical scaling outperforms horizontal scaling.
  • Cisco is the first to publish VMmark benchmark results on VMware vSphere 5.1, demonstrating the speed at which Cisco UCS can adapt to support new environments and surpass the competition

Read More »

Tags: , , , , ,

Anticipate Business Risk When Considering Technology Investments

We could debate whether certain technologies are or are not a commodity, but the fact of the matter is when many enterprises evaluate their technology spend they consider two points: function and cost.  This viewpoint yields initial cost savings when technology investements are awarded solely based on price.  Unfortunately, a major consideration has been left out when evaluating enterprise technology investments mainly on price.  The business risk and increased operating costs associated with multivendor environments, which in the long run may mitigate any initial cost savings.

This message is not new, but what is new is a research paper from Deloitte that details the value of a single-vendor architecture in mitigating business risk and those investing in technology need to consider these risks at the time of evaluation.  This paper is a great lead in for the business architecture discussion that will translate to the technical architecture.  This paper does two things: Read More »

Tags: , , , , , , ,