The complex security challenges stemming from mobility, virtualization and cloud computing have prompted Cisco Systems to re-evaluate its entire network security architecture with an eye toward greater context awareness.
At a media event in downtown San Francisco Monday, a group of Cisco's top security bigwigs gathered to unveil Cisco SecureX, a next generation security architecture that includes new scanning elements, policy language and enforcement capabilities, all aimed at improving security in a broader range of contexts.
On top of the physical network infrastructure, Cisco is placing context-aware scanning elements that are completely independent of the architecture, which means they can be packaged as appliances, cloud services or virtual software, according to Ambika Gadre, senior director of Cisco's security technology business unit.
Cisco is embedding these new scanning elements into its line of ASA firewalls, and the data gathered will help Cisco determine who the user is and what organization they're part of, as well as how they're connecting to the network, whether it's from an iPad, iPhone or Windows laptop. This context also determines whether a device is managed or not and if it's behind or outside the corporate firewall, Gadre said at the event.
Bringing together local and global context offers a number of advantages, and chief among them is depth of information. Cisco doesn’t just recognize Facebook, but also the 75,000 applications, from Farmville to Chat, that run on the site, Gadre said.
Cisco has deemed all of this necessary to deal with the flood of consumer devices coming into corporate networks as well as the breakneck speed at which virtualization technology is evolving. "The endpoint is exploding into a thousand little pieces," Gadre said at the event. "We decided to make content foundational to the ASA."
In the first half of the year Cisco will introduce location and user and device identity, with application recognition and content posture coming in the second half, said Gadre. Cisco also plans to offer APIs for partners to plug into the contextually aware data and extend it into their own products.
Cisco has developed a new context aware policy language that’s designed to manage the context aware enforcement elements. AnyConnect 3.0, the next version of Cisco's VPN client, gathers real time telemetry data for Cisco Security Intelligence Operations (SIO), a cloud-based service that channels information on global threats, reputation based services and other security data to Cisco network security devices to speed response times.
Cisco SecureX follows Cisco's move two years ago to integrate telemetry data from Cisco IPS sensors. With 700,000 network security appliances currently contributing data, and some 150 million AnyConnect and legacy VPN endpoints starting to contribute data, Cisco believes context awareness will raise the effectiveness of its security posture.
"We think this is a pivot point for Cisco," Gadre said.