Avatar

As IT organizations look to the cloud to become more efficient and achieve the agility their business demands, one of the biggest security challenges they typically face is right at the heart of any enterprise – the data center. In cloud environments, where applications have to be location-independent and mobile, it can be overwhelming to manage traffic that needs to go to specific security services when you have applications that are mobile, but physical security that’s not. To secure these virtual and mobile applications, a new security framework must be deployed – one that works equally well within the physical and virtualization layer of the data center, and addresses additional requirements of scalable, multitenant environments.

At the end of April at Interop, we announced the integration of Cisco’s Application Centric Infrastructure (ACI) with FirePOWER security. Let’s take a closer look at this integration and how it can help enterprises overcome some of their toughest data center security challenges to protect both physical and virtual workloads before, during, and after an attack.

attck_continuum

Cisco ACI with FirePOWER helps IT and security organizations:

Extend security deeper into the Data Center across both physical and virtual environments: It was once thought that the perimeter devices traditionally used to secure our data centers would work for virtual environments as well. After all, the traffic was scanned coming in, so why worry about where it went once it was on the inside? As they often do, security breaches soon showed us that we did need to worry about all that East-West traffic and be able to stop attacks from propagating laterally within the data center. By combining the granular application visibility and control, threat detection, and Advanced Malware Protection (AMP) capabilities of the FirePOWER platform with ACI microsegmentation, advanced security service insertion, and L4-7 policy automation, the Cisco ACI + FirePOWER solution enables real-time detection, mitigation and remediation for advanced security threats inside the data center.

Reduce complexity to deliver consistent policy enforcement and drive cost efficiencies: Implementing network security controls can be a tedious and time-consuming task. If handled manually, these tasks not only consume a massive number of man-hours to implement and maintain, but also open the door for misconfigurations that can lead to security breaches or outages. The integration of ACI and FirePOWER security leverages ACI policy-driven application profiles to automate provisioning of our industry-leading NGIPS and AMP solutions to secure workloads in the data center. This couples the intelligent ACI network fabric with the most effective threat protection, automating deployment to minimize complexity, enforce consistent policy, and drive cost efficiencies.

Better protect all workloads: As enterprises continue to embrace cloud-based operating models within the data center, security professionals not only need more efficient ways to provision and manage network security controls; they also need to secure and isolate individual workloads and tenants simultaneously across shared resources. With ACI’s microsegmentation and automated configuration capabilities, the security policies needed across multiple workloads can now be easily assigned – all auto-configured with their own unique security requirements – and each workload can be securely accessed by the appropriate users even in a shared environment.

With this new integration of ACI with FirePOWER, Cisco delivers security to more control points across that extended network than ever before. Now customers can maximize current and future investments by leveraging the Cisco intelligent network switching and routing infrastructure already deployed, with the orchestration benefits of ACI to apply threat-centric security with FirePOWER services, across the extended enterprise.

Learn more about how Cisco FirePOWER security services for Cisco® Application Centric Infrastructure (ACI) deliver intelligent, next-generation protection for users, hosts, and applications across your network.



Authors

David C. Stuart

Director, Network Security Product Marketing

Security Business Group