The Three Pillars to Cisco’s Secure Data Center Strategy: Part 2 Threat Defense
In part one of our series on Cisco’s Secure Data Center Strategy, we did a deeper dive on segmentation. As a refresh, segmentation can be broke into three key areas. The first, the need to create boundaries is caused because perimeters are beginning to dissolve and many environments are no longer trusted forcing us to segment compute resources, the network and virtualized attributes and environments. Along with segmenting physical components, policies must be segmented by function, device, and organizational division. Lastly, segmenting access control around networks and resources whether they are compute, network, or applications offers a higher level of granularity and control. This includes role-based access and context based access. Ensuring policy transition across the boundaries is of primary concern. To learn more on segmentation go here.
Today we will dive deeper into Cisco’s security value-add of threat defense.
Technology trends such as cloud computing, proliferation of personal devices, and collaboration are enabling more efficient business practices, but they are also putting a strain on the data center and adding new security risks. As technology becomes more sophisticated, so are targeted attacks, and these security breaches, as a result, are far more costly. The next figure is from Information Weeks 2012 Strategic Security Survey and illustrates top security breaches over the previous year.
Many security breaches are caused by external forces such as hackers, organized crime and cybercriminals, and internally, disgruntled employees pose a threat. Businesses must be protected from these threats. Cisco offers two key threat defense options and then supports these with Cisco’s Security Intelligence Operations (SIO).
Cisco understands that along with preventing threats legitimate business cannot be impacted; data transactions cannot simply be blocked, but rather that data needs deeper inspection. Cisco’s new IPS 4500 Series Sensor platform for high performance environments and the ASA CX Context Aware Security Firewall for application control dominate in protecting data center needs against external and internal threats. The data within applications is a high-value target for attackers, yet access to that data is what drives the productivity and success of the enterprise. Cisco IPS 4500 offers protection for demanding data center applications and servers as it defends against targeted attacks, and sophisticated malware. It has high-performance (10Gbps) hardware accelerated inspection in a high port density, expandable chassis, and is designed for PCI compliance. Compared to a top competitor’s similar product the IPS 4520 has 400% higher performance density in 75% less rack space. This IPS has highly effective, out-of-the-box protection and automated threat management that results in critical data center asset protection in minutes.
The ASA CX Context Aware Security Firewall offers extensive application visibility and control spanning thousands of applications and micro-applications. ASA CX not only identifies 1,000+ applications, but also identifies 75,000+ micro applications, like Farmville on Facebook. These micro applications are bucketed into easy-to-use categories so that firewall administrators can easily allow or deny access to the relevant parts of the application.
In addition to micro applications, ASA CX also identifies the application behavior by recognizing the action the user or group takes within that application. This permits contextual policy control. As an example, the Facebook “Videos” category identifies whether the user is uploading, tagging or posting a video. So an administrator may allow users to view and tag videos, but not allow users to upload a video. It also offers granular location based policy control by allowing users and groups access to a sensitive application from a local laptop, while denying access from a remote iPad.
Lastly, Cisco’s threat defense is haloed by Cisco Security Intelligence Operations or SIO, and offers real-time threat intelligence and analysis to protect your network. Traditional security, which relies on layering of products and the use of multiple filters, is not enough to defend against the latest generation of malware, which spreads quickly, has global targets, and uses multiple vectors to propagate. Cisco SIO is the world’s largest cloud-based security ecosystem, using SensorBase data of almost 1.6 million live data feeds from deployed Cisco email, web, firewall, and intrusion prevention system (IPS) solutions, covering 75TB of daily threat telemetry. Cisco SIO weighs and processes the data, automatically categorizing threats and creating rules using more than 200 parameters. Security researchers can also collect and supply information about security events that have the potential for widespread impact on networks, applications, and devices. Rules are dynamically delivered to deployed Cisco security devices every three to five minutes. The Cisco SIO team also publishes security best practice recommendations and tactical guidance for thwarting threats.
That about sums it up for this piece on threat defense. Tune in Friday for our last discussion on ensuring visibility within you network.