So many newsworthy hacks in recent years have had a staggering impact on literally millions of consumers and businesses. While these hacks have perhaps made us numb to their effects, the reality is these breaches represent the new normal in today’s digitized world. And given that attackers are growing in number, sophistication and intensity, many global businesses must continuously evaluate their cybersecurity strategies just to keep up.

 The Need for a Simpler and Integrated Security Solution

What stands out in many breaches is not that adversaries were able to penetrate the network through a known vulnerability. Rather it is the fact that the security breaches made their way into the network interior, then were not detected for months after the initial infiltration! While we do not know if this lag is due to poor processes, technology shortcomings or both, what we do know is this confirms the alarming industry trend that it takes businesses on average between 98 to 200 days to detect cybersecurity attacks that have entered their networks. So, the delay in publicly announcing many recent breaches, coupled with long detection times means hackers have many months to laterally move and steal our most valuable personal data.

Recent breaches also make it evident that organizations’ security strategies (or lack thereof) are not robust enough to identify and contain security threats in a timely manner. Forward thinking security executives understand that implementing a strong security strategy is essential to maintaining the health and integrity of their businesses. In fact, according to our recent cybersecurity report, 74 percent believe their tools are very or extremely effective in blocking known security threats. [1]

However, many security leaders mistakenly believe that just having security tools that focus on visibility and blocking at the point of entry is sufficient enough to protect their networks. The truth is with the proliferation of threats far outpacing these network defense tactics, the subsequent gap can never fully be closed. Businesses need more than just point-in-time detection technologies because attackers design threats specifically to elude initial detection. If a single file goes undiscovered or if it evolves and becomes malicious after entering the environment, you need to quickly trace its steps to identify the behavior and have controls that limit these viruses from spreading across the network.  Hence organizations need to be able to immediately detect, block and defend attacks when they are happening as well as the means to quickly scope, contain and remediate those threats.

Contain Your Security Breaches with TrustSec

While building those additional security capabilities may seem straightforward, the process can be quite complicated. For example, if organizations were to contain security breaches through traditional segmentation and access control methods, they would likely be overwhelmed with having to manually reconfigure the expanding networks of VLANs and dACLs which could require a significant amount of time and costs. By the time this effort is completed, cybersecurity attackers may have already accomplished the objectives of their attack while leaving significant damage in its wake.

Cisco is uniquely positioned to address these aforementioned issues through its proven, disruptive software-defined segmentation technology: Cisco TrustSec.

TrustSec enables companies to apply software-defined segmentation dynamically across their networks through business/security policies that are abstracted from IP addresses and VLANs. It does this by organizing device endpoints and users into logical groups, security group tags (SGTs), that describe the permissions on the network, thereby making it easier to assign new policies without having to spend time and money reconfiguring existing networks.[2]  Given that TrustSec is embedded within Cisco’s portfolio of network technologies, policies can be centrally created and quickly distributed across the network thereby ensuring that assets are protected during an attack while providing the right users with unobstructed access to the right resources at the right time.

TrustSec is especially potent when it is combined with Cisco Identity Services Engine (ISE). When malicious attacks (i.e. successful breaches) occur, ISE provides the contextual identity of the infected devices and enforces segmentation policies through TrustSec to quickly isolates those infected sources from moving laterally across the network.

This results in a secure access that is role-based, a greatly reduced “attack surface”, and the avoidance of significant financial loss. This software-defined approach to segmentation has proven operational efficiencies and therefore yield major cost savings; approximately an 80% cost reduction vs. the traditional ways of performing segmentation.

While cybersecurity threats represent the new normal and will only get more sophisticated as time goes on, Cisco will always be at the forefront with game changing solutions that will help businesses redefine their security strategy.

Click here to learn more about Cisco TrustSec. You can also learn how ISE and TrustSec can address ransomware like WannCry here.

[1] Cisco 2017 Annual CyberSecurity Report

[2] Cisco TrustSec 2.0: Design and Implementation Guide


Ed Cho

Product Marketing Manager

Security Product Marketing Organization