When it comes to the network, it’s not just what the network can do for you, or how easily you can manage it that is important. Having the right security posture is critical to the success of the network. When I look at it, I boil it down to three important considerations:
- Can you see all the users, devices, and traffic on your network?
- Can you segment your network quickly and easily?
- Can your network capabilities match the speed of business?
Without one or all of these, then you risk over-reliance on perimeter security. While if you have all three, and you apply them, then this becomes a powerful combination, that secures your network, from the inside.
Want to know more? Here’s how it works.
It all starts with ISE, our Identity Services Engine.
ISE helps you understand who, what, where, when and how someone or something is attaching to the network. This enables you to decide whether that user or device should be allowed on the network. And what they should have access to. It also includes threat information from the likes of Cisco’s AMP cloud and Cognitive Threat Analytics. Along with vulnerability information from the leading vulnerability assessment systems.
This gives you deep visibility into users and devices, enabling you to have a policy-based approach to defining access privileges. For example: now you can define that a mortgage broker on a corporate device can access financially regulated applications, while an enterprise IOT device, such as a badge reader, cannot.
Next up is TrustSec software-defined segmentation. So now you can define a policy with a push of a button. Instead of needing a network operator to manually redesign the network.
Finally, Flexible Netflow and Stealthwatch combine to analyse every communication on your network. To detect and prevent anomalies.
And all this can now be managed holistically in the new DNA Centre.
Encrypted Traffic. The virtual elephant in the room.
The problem of how to ensure security when traffic is encrypted is getting bigger. In fact, Gartner predicts that 80 percent of web traffic will be encrypted by 2019*. And if you can’t see what it is, it’s hard to do anything about it.
That’s all changing. Stealthwatch security analytics can now analyse the behaviour of encrypted traffic. And it can recognise malicious traffic patterns. Which means the likelihood of malicious activity can be predicted, without having to see inside it. Which is really good news.
Right. Sounds Awesome. Where do I start.
You will be able to get this visibility if you have our 1000 series ASRs, 4000 series ISRs and the new Catalyst 9000 series switches with Cisco ONE software.
So now when you are planning your network you can be planning a key part of your security posture at the same time.
To find out more check out our Enterprise Network Security page. For a technical introduction join one of our Cisco Tech sessions coming to a venue near you in October.
*Gartner: Security Leaders Must Address Threats from Rising SSL Traffic