Cisco Blogs
Share

If you’re transforming to digital you’d better have integrated security. Here’s why.

- June 7, 2016 - 0 Comments

So you’re transforming to a digital network. Are you thinking your current security technologies are going to work?

You might want to think twice, because all those new mobile and IoT devices on your network get infected with advanced threats pretty easily. And your old defenses probably aren’t as good at stopping them. That’s probably why we are seeing ransomware spread like wildfire.

So what are you going to do different so you can be digital and be safe?   Why not plan an integrated, agile, security infrastructure that will grow, change, and even automatically put an end to egregious threats so you can innovate more.

Yesterdays #security isn't enough. #CiscoDNA #network #ciscoenterprise

A video posted by CiscoEnterpriseNetworks (@ciscoenterprisenetworks) on

Secure your edges and your core

Put the kibosh on the malware by stopping them at the edge.  I’d go with next generation firewalls because your old ones can’t stop sneaky malware tunneling inside other applications.  Put them at the data center, internet, enterprise, and branch edges.   Then secure your mobile edge with a single security client that includes VPN, advanced malware protection, and DNS control to keep them off infected web sites when they are roaming off the network.  Make the day-to-day policy changes really easy and consistent with a cloud-based defense orchestrator.  And control their access to your cloud applications using single sign-on technologies.

Secure the core because threats get inside your network. 14% of attacks start on the inside of the network where the firewalls aren’t. But consider this – every communication between every user device must pass through some type of a network device.  And you can use that network device as a sensor to detect bad things, and as an enforcer to stop those bad things.  And you can do that with features embedded in your network devices such as Netflow that you can pair with Stealthwatch to see bad behaviors and TrustSec software defined segmentation to keep malware from freely bouncing from machine to machine.

Making it all work together

Integration is critical here. Everything above integrates and works together. You should really care because the fragmentation of your defenses is an open door to the hacking community.  Let me explain a bit more. Cisco allows you to share and aggregate threat intelligence from many Cisco and partner products you have the information you need in one place to make faster decisions.  And if the decision is to kill the threat you can do it simply from one place, such as Cisco Stealthwatch using the network as an enforcer.  So you have technology integration from the sensors that detect bad behaviors, the products you use to collect and analyze the security intelligence, to the network devices that can stop an attack.  Really fast.  In minutes, not months.

What you can do

Talk to your Cisco sales representative about our Digital Network Architecture  and the new Maturity Modeling program that helps you define what’s usable in your network today and what needs to be improved in a timeframe to keep your digitization on track while optimizing your security and turn your older switches, routers, wireless controllers, and firewalls (which you want to replace because they are from points of compromise) into a rocket-hot digital defense.

List of the Technologies for your digital security

  • ISE (Identity Services Engine) for access control
  • pxGrid for intelligence sharing and actuating network as an enforcer
  • Cisco Stealthwatch for Netflow behavioral analysis
  • Cisco Defense Orchestrator to make it really easy to conduct day-to-day changes on your firewalls
  • Newer Cisco switches, routers, wireless controllers with embedded Netflow and TrustSec to use the network as a sensor and an enforcer
  • Cisco Firepower next generation firewalls for stopping the new threats
  • AnyConnect with OpenDNS Umbrella Mobile to protect from ransomware infections
  • Cisco ISR with ASA Firepower security, Stealthwatch self-learning defense, and OpenDNS Umbrella

Check it out Live

Join our live webinar “Security First for Your Network” on June 14th, 2016 at 10:00 am PT/1:00 PM ET so in we can expand and show you some demos of what I’m talking about here.

 

Tags:

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

Share