SAN DIEGO, CA, June 8, 2015 – Cisco today announced new offerings to embed security throughout the extended network – from the data center out to endpoints, branch offices, and the cloud – for pervasive threat visibility and control. By integrating security everywhere, enterprises and service providers gain the ability to deliver the threat-centric security requirements demanded by today's dynamic threat landscape and capture emerging business opportunities created by the rise of the Digital Economy and the Internet of Everything (IoE).
The IoE market is expected to generate $19-trillion in value to organizations over the next decade, and represents a $1.7-trillion opportunity to service providers (Cisco Consulting Services, 2013). Additionally, according to the 2015 Cisco Visual Networking Index™ (VNI) Forecast, the number of IP-connected personal devices and M2M connections online will grow from 14 billion in 2014 to more than 24 billion by 2019. However, cybercrime is simultaneously becoming increasingly sophisticated and industrialized such that the financial opportunity for cybercriminals also is rising and valued at an estimated $450-billion to $1-trillion (Cybersecurity: Assessing Our Vulnerabilities and Developing an Effective Response, Hearing before the Committee on Commerce, Science, and Transportation, U.S. Senate, March 19, 2009).
Security Everywhere for Enterprises and Service Providers
To minimize the complexity of managing security across a distributed organization and to increase threat visibility into the farthest reaches of the enterprise and global service provider infrastructures, Cisco is embedding security throughout the extended network. Cisco is adding more sensors to increase visibility; more control points to strengthen enforcement; and pervasive, advanced threat protection to reduce time-to-detection and time-to-response, limiting the impact of attacks. With security everywhere, Cisco provides scalable threat protection covering the broadest range of attack vectors and throughout the entire attack continuum – before, during and after an attack.
Expanding Security Solutions for Enterprise Organizations
Cisco is launching the following set of solutions across the entire networking portfolio:
- Endpoints: With Cisco AnyConnect® Featuring Cisco AMP for Endpoints, customers using the Cisco AnyConnect 4.1 VPN client now can easily deploy and significantly expand their threat protection to VPN-enabled endpoints to continuously and retrospectively guard against advanced malware.
- Campus and Branch: FirePOWER Services solutions for Cisco® Integrated Services Routers (ISR) provides centrally managed Next-Generation Intrusion Prevention System (NGIPS) and Advanced Malware Protection (AMP) at the branch office integrated in the network fabric, where dedicated security appliances may not be feasible.
- Network as a Sensor and Enforcer: Cisco has embedded multiple security technologies into the network infrastructure to provide broad threat visibility to rapidly identify users and devices associated with anomalies, threats and misuse of networks and applications. New capabilities include:
o Broader Integration between Identity Services Engine (ISE) and Lancope StealthWatch: Enterprises can go beyond just mapping IP addresses to identifying threat vectors based on ISE's context of who, what, where, when and how users and devices are connected and access network resources. This provides greater contextual threat visibility with StealthWatch for accelerated identification of threats.
o NetFlow on Cisco UCS®: Extending Cisco's network-as-a-sensor capabilities to the physical and virtual servers, customers now have greater visibility into network traffic flow patterns and threat intelligence information in the data center.
Using the new embedded security capabilities, Cisco networks now have the ability to automate and dynamically enforce security policies. Customers can segment applications and users throughout the network – across the extended enterprise to use policy to define which users can get which applications and what traffic can traverse the network then automate security operations.
o TrustSec + ISE and StealthWatch Integration: StealthWatch can now block suspicious network devices by initiating segmentation changes, providing rapid response to identified malicious activity. ISE can then modify access policies for Cisco routers, switches, and wireless LAN controllers embedded with TrustSec technology.
In addition to the solutions above, Cisco also is announcing:
- Hosted Identity Services provide a secure, 24/7, cloud-delivered service for the Cisco Identity Services Engine, a security policy management platform that unifies and automates secure network access control. The new hosted service speeds time to deployment, supporting business growth and providing role-based, context-aware identity enforcement of users and devices permitted on the network, streamlining enterprise mobility experiences.
- pxGrid Ecosystem: Eleven new partners have joined the pxGrid Ecosystem with the addition of several new ecosystem technology categories, including cloud security and network/application performance management. pxGrid is Cisco's security context information exchange fabric that enables security platforms to share information to drive better threat detection, mitigation and overall security operations.
Securing Evolved Programmable Networks for Service Providers
Cisco's service provider security solutions represent a unique approach designed for service providers' business requirements. It offers threat-centric security that protects workloads as they are provisioned — and elastically distributed — across physical, virtual, and cloud environments.
To address service provider needs for an open, flexible and programmable infrastructure, Cisco is expanding advanced threat-centric protection for its Evolved Programmable Network (EPN). The Cisco EPN is the foundation for its open network architecture, designed to advance the adoption of Software Defined Networking (SDN) and Network Functions Virtualization (NFV) and to accelerate time to revenue, while reducing the costs and complexities of deploying new services.
Cisco's new service provider security solutions include the following:
- Cisco Firepower™ 9300 Integrated Security Platform is a carrier-grade, high-performance, scalable and modular multi-services security platform purpose-built for service providers, that can scale security for increased data flows due to accelerated service demands and carrier class requirements.
- Expanded Advanced Orchestration and Cloud Capabilities enable Cisco's new security solutions to easily integrate with the Cisco architecture and third-party SDN/NFV solutions, as well as Cisco's Adaptive Security Appliance Virtual (ASAv) with Cisco's Network Service Orchestrator (NSO) and Application-Centric Infrastructure (ACI). These orchestration and cloud capabilities also include open APIs for integration with orchestration, Operation Support Systems/Business Support Systems, and Cloud Security-as-a-Service solutions.
- Advanced features such as secure containers to accommodate future security services and applications. Additionally, Cisco ASA firewall and third-party DDoS mitigation from Radware are currently supported, with additional capabilities planned for the second half of 2015.
Supporting Quotes
"To protect against today's threats and increase agility for organizations to seize new growth opportunities and implement new technologies, security must be pervasively embedded across the entire network infrastructure. By integrating ‘Security Everywhere' throughout the extended network and through cloud-delivered services, Cisco is protecting a wider array of attack vectors. This also provides enterprises and service providers with the confidence that they have the continuous and retrospective visibility and control to support new technologies and business opportunities in the Internet of Everything and the Digital Economy."
-- David Goeckeler, Senior Vice President and General Manager, Security Business Group
"Our global business – and that of our clients around the world – now moves faster than ever. In addition, security has never been more critical for our clients than it is today. Cisco recognizes that for businesses to get the most out of their investments, security must be embedded and integrated into the entire network infrastructure. With easier deployment, cost-effective solutions, and reduced complexity and risk, we have the power to build the highest level of security into our entire enterprise across five continents."
-- Kevin Phillips, Director, IT Operations, K&L Gates LLP
"We are delighted with this partnership to offer DDoS mitigation powered by Radware as an integrated service on Cisco's new Firepower 9300 appliance. This approach allows service providers to select pre-integrated ‘best-of-breed' security applications, which our robust DDoS protection solution exemplifies, combined with Cisco's threat-centric security solutions, to realize unprecedented performance and scaling, deep threat correlation and integration, and advanced orchestration and management from a single service-rich, multi-vendor security platform."
-- Jack Sorci, Vice President, Business Development, Radware
Supporting Resources
Watch Cisco Live New Innovation Talks & Keynote on the Cisco Security Community
Security Everywhere Across the Extended Network – Scott Harrell (blog)
Leveraging the Network as a Security Sensor and Policy Enforcer - Sanjay Raja (blog)
Enterprise Solutions Group Security – Pankaj Gupta (blog)
About Cisco
Cisco (NASDAQ: CSCO) is the worldwide leader in IT that helps companies transform the opportunities of tomorrow by proving that amazing things can happen when you connect the previously unconnected. For ongoing news, please go to http://thenetwork.cisco.com.
# # #
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.