SAN FRANCISCO -- Cisco Systems Inc. this week will unveil a refreshed enterprise security strategy that emphasizes the importance of contextual security to ward off threats and prevent data leaks
You have to play to your strengths. For us, that's our presence on the endpoint. We have more than 150 million endpoint client VPN solutions deployed.
vice president and general managerCisco Systems Inc.
In a press conference in advance of its formal strategy announcement Wednesday at RSA Conference 2011, Cisco Security Technology Business Unit executives, including Tom Gillis, vice president and general manager, and Senior Director Ambika Gadre, previewed Cisco SecureX. Cisco described SecureX as a way to combine and implement Cisco products in a distributed way to simplify policy enforcement while offering context-aware scanning for a global enterprise network infrastructure.
Contextual security capabilities
A significant tactical change is involved where the bulk of the technology is deployed. Until now, Gadre said security architectures have focused on securing the endpoint and the network DMZ. With endpoints often residing entirely outside the perimeter and often introduced to the enterprise by end users, SecureX instead emphasizes technology that resides between endpoints and the network DMZ.
"With mobility, virtualization and cloud, clearly this is no longer the two-dimensional dance of action meets reaction," Gadre said. "It's this change that we believe requires us to rethink the entire security architecture."
Supported by existing technologies, like Cisco's IronPort Web security appliances and its ScanSafe cloud security service, SecureX is buoyed by new context-aware capabilities for the Cisco Adaptive Security Appliance (ASA), its multifunction firewall, and a new version of the Cisco AnyConnect VPN client.
The new capabilities in ASA, borrowed largely from the DNA of the TrustSec policy-based management system, AnyConnect and Cisco Security Intelligence Operations (SIC), seek to identify threats using context such as what devices and applications are being used, time of day, location of the device and many others.
Offering an example, Gadre said a typical firewall might not detect a security issue if the average user logs into the network remotely with an iPad to use a CRM application. However, if that same user's badge had been scanned entering a corporate building simultaneously, the new capabilities would detect that as a sign of a potential security issue.
AnyConnect 3.0, the other new element, takes traffic from any device and redirects it to the network fabric, so policy is enforced no matter where a user is and what device he or she is using. That means the same policies and filters could be applied, for instance, to an IM conversation that takes place on a PC directly connected to the corporate network, or on a mobile device thousands of miles away from headquarters.
Cisco security strategy revamped
The updated Cisco security strategy comes at a time when the company's approach to security has been the target of criticism, with its key focus areas, technology development efforts and marketing slogans have been seen by some as difficult to discern.
Gillis reaffirmed Cisco's commitment to security, citing the $2.2 billion in security-related revenue the company brought in during fiscal 2010, and CEO John Chambers' recent comments that security is the No. 1 product engineering priority within the company.
"One of the credos of business, I believe, is as you're trying to create and capitalize on change, you have to play to your strengths," Gillis said. "For us, that's our presence on the endpoint. We have more than 150 million endpoint client VPN solutions deployed."
During a panel discussion among Cisco customers, many echoed the need to implement new technologies to solve vexing problems, like detecting dangerous or insecure application usage or enforcing policy on consumer devices brought into the enterprise.
Cisco customer Rich Mason, vice president and chief security officer of the Honeywell Global Security unit of Melviille, N.Y.-based manufacturer Honeywell International Inc., said he once held a hard line against iPads and iPhones, but the growing demand has made that impossible to do.
"One of the things we've seen as a game changer in the past 12 months is doing market segmentation on our user base," Mason said. He said Cisco's new technology has enabled him to not only deploy different mobile device usage and security policies for different classes of users, but it also allowed information security to position itself as a business enabler in the organization.