Cisco Blogs


Cisco Blog > Security

ISE 2.0 Extends Greater Visibility, Usability and Control

More employees need access to more enterprise resources from more devices than ever, and attacker ingenuity and persistence have reached new heights. As a result, organizations are losing sight of who and what is accessing the network – and the threats that may take hold. And the problem is only going to grow as 500 billion new devices are expected to be connected to the network by 2030.

How can you protect what you can’t see?

In the face of an ever-increasing number of attack vectors and advanced threats, Cisco is committed to helping organizations extend security everywhere – in effect, to wherever employees are and wherever data is – without sacrificing operational efficiency. Cisco ISE 2.0 extends security further into the network with new capabilities that help you see and control what’s on your network like never before and accelerate threat mitigation.

Introducing Cisco ISE 2.0

The newly redesigned Cisco ISE security management platform provides greater visibility, usability, and control.

Deeper Visibility Provides Superior Network Insight and Control

Expanding ISE’s Reach and Scope within Diverse Network Environments. Customers can now deploy ISE services such as Profiling, Posture, Guest, and BYOD with 802.1x NADs manufactured by non-Cisco vendors. This extends the reach and scope of advanced authorization capabilities in ISE to ensure endpoint compliance across a more varied range of networks.

Access Policy become geo-location driven! Create and enforce access policy controls based on specific geo-location information thanks to the integration with the Cisco Mobility Services Engine (MSE). For example, a healthcare organization can control a doctor’s access to patient records only while in the hospital, a corporation can grant executives’ access to confidential information for a board meeting while only in the board room, a school can control a student’s ability to stream content only when physically inside the classroom.

Read More »

Save money with branch security

Trends like bring-your-own-device, mobility, and cloud computing are creating a surge in the number and types of devices connecting to the network and driving demand for WAN bandwidth. Remote and branch office employees expect fast, secure connectivity but most enterprises don’t have spare operational budget to increase their WAN bandwidth to backhaul all traffic to headquarters in order to keep it secure.

Enter Intelligent WAN, or IWAN. With IWAN, the Internet becomes a reliable, cost-effective way to supplement the WAN. Cisco’s IWAN also enables secure direct Internet access (DIA). Instead of backhauling branch office Internet traffic across the WAN, traffic is redirected to the Cisco Cloud Web Security (CWS) proxy, located in one of our data centers around the world, for inspection.

Now Cisco CWS is available on even more Integrated Services Routers (ISRs) for improved IWAN capabilities and additional deployment flexibility. Enterprises can use Cisco’s newest branch routing platform, the ISR 4000 Series, to redirect traffic to a CWS proxy using Generic Routing Encapsulation (GRE) over IPsec.

Read More »

Tags: , , ,

Extending Security Everywhere

Just a few months ago at Cisco Live U.S., we announced both our strategy and several new offerings for Security Everywhere Across the Extended Network. We believe that our vision of delivering Security Everywhere – from the cloud to the network to the endpoint – is essential to reduce risk, gain competitive advantage and make security a growth engine for organizations. Today we are extending Security Everywhere with new capabilities and services that deliver greater visibility, context and control from the cloud to the network to the endpoint, for organizations of all sizes.

Extending Security Deeper into the Network and Endpoints

Employees need access to more enterprise resources from more devices than ever and attacker ingenuity and persistence has reached new heights. As a result, organizations are losing sight of who and what is accessing the network – and the threats that may take hold. Controlling and detecting lateral movement of these threats inside a network is a major challenge most organizations face. Cisco is further improving its market leading capabilities to meet this challenge by simplifying the deployment of software based segmentation, leveraging more of the network’s intelligence, and extending flow based visibility for detecting insider and advanced persistent threats beyond the network to one of the most commonly deployed endpoint agents in the world.

  • Cisco Identity Service Engine (“ISE”) 2.0 provides several new capabilities that extend the visibility and control of the network for security. The new integration with the Cisco Mobility Services Engine (MSE) provides geo-location for access control. For example, it can grant specific access to top secret resources required for confidential conversations in the boardroom, but then change that level of access as soon as participants leave the meeting to prevent ongoing access. A new work center for TrustSEC deployments dramatically simplifies the deployment of software based segmentation across the network along with new expanded support for third party network access devices. ISE is also an amazingly valuable source of contextual information for security systems that can help any system execute its role better. With ISE 2.0, we are further expanding our industry leading partner community to include several new vendors including Check Point, Infoblox, and Invincea while expanding partners ability to take real time action in the network with new adaptive network control capabilities to augment the rapid threat containment integrations with Lancope Stealthwatch and FireSIGHT Management Center.
  • Cisco AnyConnect, our world-class VPN for secure mobility that is deployed by organizations across the globe, now delivers deep endpoint visibility into application flows, allowing security administrators to extend visibility down to the device and track behavior off and on premise and quickly spot and scope internal threats arising from compromised systems or inappropriate insider behavior.

Extending Security Further with the Cloud

Enterprises of all sizes are adopting the cloud. From productivity to line-of-business to vertical applications, SaaS and public cloud are enabling the Digital Economy. At the same, more than half the employees in the enterprise today are working outside of the network perimeter. To accelerate this transformation, Cisco is extending security further into the cloud with the following new offerings:

Read More »

Tags: , , , , , , , ,

Cisco pxGrid Caps First Year in Market with Nine New Ecosystem Partners and More Security Standards Work

An often overused yarn of our day is that “we live in an increasingly more connected world.” While overused, I can’t think of any better way to describe what Cisco is doing in our security ecosystem with Cisco Platform Exchange Grid (pxGrid). And it has been quite an active first year since release of pxGrid for use in customer deployments, from building an ecosystem of 30 partners to work in multiple security standards groups in the IETF.

Cisco pxGrid is an information grid that security and other IT platforms can integrate with to share relevant contextual information with any other platform connected to it. Cisco platforms can exchange information with Cisco platforms. Partners can exchange information with Cisco platforms. Partners can exchange information with other partners. It is one of the main methods used by technology partners to create use-case focused product integrations within the Cisco Security Technical Alliance Ecosystem Program.

Read More »

Tags: , , , ,

Trustworthy Systems: A Peek Behind the Curtain

In a recent post, “Evolution of attacks on Cisco IOS devices”, we discussed how threats against network devices have evolved. There was no evidence that a remote attack vector or vulnerability in Cisco IOS was related to these attacks. This reinforces the value of creating more hardened and resilient systems.

The strategy for creating more secure technology has an unending goal, yet it’s a journey worth sharing.

Much has been written about and shared on our secure development lifecycle and our efforts to ensure security in the supply chain. However, there are two lesser-known initiatives that have had significant impact on Cisco product security: 1) the use of Common Security Modules and 2) sophisticated attack-focused penetration testing.

Read More »