News Release

Cisco Unveils Role-Based Architecture to Advance Enterprise-Wide Security

Novel Cisco TrustSec Architecture Addresses Key Compliance Requirements, Simplifies Security Deployment
Dec 05, 2007

SAN JOSE, Calif., December 5, 2007 - Cisco® today announced Cisco Trusted Security (TrustSec), a new architecture that integrates identity and role-based security measures for scaled implementation across enterprise networks. When implemented enterprisewide, Cisco TrustSec addresses the increasing compliance requirements for a global and mobile workforce, ultimately enabling a more agile and secure infrastructure. Cisco also announced industry relationships with Intel and Ixia to increase interoperability with this architecture.

"Customers are demanding a highly secure way to expand their businesses and compliance policies," said Jayshree Ullal, senior vice president of the Data Center, Switching and Security Technology Group at Cisco. "The Cisco TrustSec architecture delivers a new paradigm for security in role-based user access to applications and resources without compromising business velocity."

Cisco TrustSec creates a trusted enterprise network encompassing Cisco switches along with Cisco routers and Cisco Unified Wireless Network controllers as a foundation for authenticating users, assigning roles, enforcing access policies and delivering integrity and confidentiality to network traffic. Cisco TrustSec includes:

  • Role-Aware Secure Campus Access Control: Anytime, anywhere access to the network is determined by an individual's role in the company. This "role aware" network helps enforce identity-based security policies pervasively across the network regardless of the network access method or device (wired, wireless, mobile, laptop, printer).
  • Converged Policy Framework: Various authentication mechanics are converged into a single central policy engine that dynamically communicates across the entire switch infrastructure. This framework addresses the information technology (IT) challenge of managing policies consistently across the network by greatly simplifying the management of identity policies over disparate authentication methods.
  • Pervasive Integrity and Confidentiality: Helps maintain the integrity and confidentiality of data as it moves through all points in the network. This safeguards against data leakage, supports regulatory requirements and increases the privacy of the network itself.

"Understanding which users do what and where, on networks and on applications, is a key component of the compliance strategy of virtually every enterprise. Doing so requires implementing a security architecture based on the roles and identities of users. In our recent benchmark on security and information protection, enterprise IT executives cited Cisco as the top strategic security vendor relied on to help with these and other security initiatives," said Andreas M. Antonopoulos, senior vice president and founding partner of Nemertes Research.

Standards and Industry Interoperability

Cisco is committed to working with industry leaders for greater interoperability with other devices in the network. Cisco and Intel announced a shared commitment to support the IEEE 802.1AE standard that helps the network intelligently prioritize data in alignment with business objectives while preserving the integrity of the encrypted data.

Cisco is also pleased to announce that Intel has joined those supporting the Cisco approach that enables IEEE 802.1AE-based components to communicate and negotiate the encryption of data, while preserving the full range of network-based services. This will enhance interoperability between Cisco TrustSec capable switches and Intel® Ethernet controllers that support the IEEE 802.1AE standard. Cisco also announced that Ixia, a global provider of Internet Protocol (IP)-performance test systems, will support IEEE 802.1AE encrypted line cards in their Ixia test equipment so that customers may now test with Cisco TrustSec capable switches.

"Communication between devices that support the IEEE 802.1AE standard for encryption and integrity is beneficial for enterprisewide deployment," said Pat Gelsinger, senior vice president and general manger of Intel Corp.'s Digital Enterprise Group. "Intel will support IEEE 802.1AE-based secure connectivity for our customers in its upcoming Intel Ethernet controllers, and we will be working with Cisco to ensure interoperability of this capability with Cisco switches."

Increased Regulatory Compliance

Regulatory compliance requires enterprises to permit or deny users access to information and applications based on the privileges they are assigned, be they employee, contractor or guest. With Cisco TrustSec, enterprises can secure access control based on the identity attributes of users and their role within the organization. It also helps protect investments by using existing hardware capabilities within Cisco Catalyst® switches.

"I see tremendous value in the Cisco TrustSec architecture for providing a scalable topology independent of network access technology and coupled with Layer 2 confidentiality and integrity. This has the potential to provide us with a solution to help address the de-perimeterization and regulatory compliance," said Uwe Fischer, information security officer of E.ON.

Pervasive Identity-Enabled Networking

Cisco TrustSec creates a highly secure identity-enabled network by distributing admission control and access control mechanisms throughout the network. These mechanisms reduce the complex, manual and error-prone nature of policy enforcement, thereby improving operational efficiency. For the end user, Cisco TrustSec provides a consistent experience regardless of the network access method while also providing optional data privacy across new and legacy applications.

Expected Availability

Cisco TrustSec functionality is scheduled to be available across the Cisco switching platforms throughout the next 18 months beginning in the first quarter of 2008. For more information on Cisco TrustSec, visit