The Future of Network Security: Cisco’s SecureX Architecture

Cisco SecureX Architecture uses next-generation scanning elements that blur the lines between a firewall, an IPS, an anti-virus engine, a web proxy, and an access control solution. These next-generation scanning and enforcement elements are built on the solid state, inline technology of the Cisco network infrastructure. They are highly distributed and can be deployed in multiple form factors—as an appliance at the customer headquarters or main campuses, as a module in a branch office router, or as an image in Cisco’s security cloud. However the customer chooses to deploy the scanning elements, they work together to create a security fabric, an array of security enforcement points that pushes security close to the end user, wherever the user may be, and on whatever device that end user might have. What’s more, the Cisco SecureX Architecture is smart. It knows what application is being used or what specific site is being accessed. It knows where in the world a user is tapping into the network, what time of day it is, how the secure network is being accessed (iPad, smartphone, desktop PC, or any other device), whether or not that device has been compromised, and what role that user plays in the organization.

1. What Is the Value of the Cisco SecureX Architecture?

The Cisco SecureX Architecture™  is a context-aware, network-centric approach to security that enables:

  1. Greater alignment of security policies with business needs
  2. Integrated global intelligence
  3. Simplified security delivery
  4. Consistent security enforcement throughout the organization

The result is automated security enforcement, from the endpoint to the cloud, that is seamless to the end user and more efficient for the IT organization. 

2. What Problems Does the Cisco SecureX Architecture Help Solve?

The Cisco SecureX Architecture enables organizations to embrace the new network security landscape while protecting their business assets, critical services, and employees. While increased mobility, the influx of consumer devices, and movement of information to the cloud has created tremendous opportunities for organizations, it has also created complexities for securing the IT infrastructure.Deploying piecemeal security solutions can lead to duplicated efforts and inconsistent access policies, and requires increased integration and staffing to support. And with the increasing sophistication and targeting of network attacks, it’s more important than ever to have a comprehensive security solution.

3. How Does the Cisco SecureX Architecture Work?

The Cisco SecureX Architecture blends the power of the Cisco network with context-aware security to protect today’s organization no matter when, where, or how the network is used. The architecture is built upon three foundational principles:

  • Context-aware policy uses a simplified descriptive business language to define security policies based on five parameters: the person’s identity, the application in use, the type of device being used for access, and the location and time of access. These security policies more closely align with business policies and are simpler to administer across an organization. They help businesses provide more effective security and meet compliance objectives with greater operational efficiency and control.
  • Context-aware security enforcement uses network and global intelligence to make enforcement decisions across the network and to deliver consistent and pervasive security anywhere in the organization. Flexible deployment options, such as integrated security services, standalone appliances, or cloudbased security services bring protection closer to the user, reducing network load and increasing protection
  • Network and global intelligence provides deep insight into network activity and the global threat landscape for fast, accurate, and granular protection and policy enforcement:

Figure : Cisco SecureX Architecture

4.What Are the Benefits?

The Cisco SecureX Architecture:

  • Enables organizations to embrace mobility and cloud technology while protecting critical business assets
  • Delivers granular visibility and control, down to the user and device level, across the entire organization
  • Provides faster, more accurate protection from threats with always-on security and integrated global intelligence
  • Increases operational efficiency with simplified policies, integrated security options, and automatic security enforcement
  • Provides full security coverage with the industry’s most comprehensive security solutions and services.

5.Cisco SecureX: Reimagining Security for  Today’s Networks

Dramatic business and technological trends are driving changes across the enterprise that affect not only how organizations do business, but also how they think about network security within these new paradigms.

The consumerized endpoint and the rise of BYOD: As the endpoint evolves, users are better able to access critical resources from virtually anywhere, utilize a vast array of collaboration and communication tools, and truly customize their work experience. The challenge for the enterprise is keeping track of who and what is on the network, how to control network access for mobile workers and their array of intelligent devices, and what privileges each user and device ought to enjoy.

The growth of virtualization and cloud computing: Today’s enterprise understands that the actual location of data is no longer nearly as important as its availability. The green data center movement has not only driven down energy costs, but also forced organizations to rethink how they manage and control access to data, as well as how and where they store it. And this concern is even more urgent as organizations begin to transition critical infrastructure and data resources to cloud service providers.

The deluge of network traffic: The exponential growth of network traffic is due to many factors, including the emergence of video as a critical collaboration tool, remote user access to critical data center resources, the increase in the use of social media and other online collaboration tools, the steady growth of voice traffic, and the proliferation of cloud-based applications. The growing demand to recognize, analyze, and secure vast amounts of data means that most traditional security solutions will quickly become expensive bottlenecks.

The sophistication of the threat landscape: Users and implementers of new networking and collaboration technologies are often unfamiliar with their risks and requirements. In times like these, when change is occurring in high volume across all areas of the network, the problem is compounded. Criminals are quick to focus on these new technologies and the security gaps that develop when implementing them. At the same time, they continue to increase the sophistication and effectiveness of their more traditional sorts of attack.

One of the biggest challenges that emerges during times of rapid change is the resulting complexity of the environment. IT teams can quickly lose visibility into who and what is on their network, and their ability to control access and behavior are limited by the very environment they are working to create.

In a complex network environment, traditional security implementations are likely to become overwhelmed. Most security tools can only see the network traffic that passes directly in front of them, and cannot compare what they are seeing with what is happening elsewhere on the network. And even when a security device finds a security threat, it has little to no ability to share that information across the network to other devices.

6.Cisco SecureX Solutions

The Cisco SecureX Framework enables consistent security enforcement throughout the organization and across security devices, greater alignment of security policies with business needs, integrated global intelligence, and simplified delivery. The Cisco SecureX Framework is delivered through a set of security solutions that include:

  • Secure Unified Access—Provides persistent, always-on security for mobile endpoint devices (laptops, tablets, smart phones, etc.), including VPN, cloud-based web security, and authentication and integration into the network’s secure access solution. After authenticating users and/or devices, the Cisco SecureX Framework uses the network to provide the enforcement of access privileges along the entire data path from endpoint device to the user’s destination.
  • Virtualization and Cloud—Extends access policy and enforcement into the traditional and virtualized data center and private cloud implementations, and provides secure access to public cloud services. In addition, Cisco SecureX provides several cloud-based security services, including email and web security services. Cisco SIO is another cloud-based offering that provides critical security services such as published security reports, the browsable SIO threat telemetry database, real-time threat alerts and reports, and continuous threat updates pushed to Cisco security appliances.
  • Threat Defense—Provides traditional network, application, data, and content security solutions, such as firewall, IPS, email, and web security. Threat defense solutions participate in and enforce the overall network security policy strategy, and are designed to go beyond traditional security solutions by being able to work as part of a collaborative security system; byproviding appliance, network integrated, and cloud-based services; and by understanding and securing a wide range of critical business services, such as routing and switching services, voice, video, collaboration tools, social media, and Telepresence.
  • Application Visibility and Control—Communication, collaboration, and social media applications and micro-apps can represent a real threat to organizations in terms of data leakage, vulnerability exposure, and productivity loss. Context-based controls allow organizations to categorize and manage access to web and cloud-based applications, and control which and how these applications can be used.

7.The Cisco SecureX Framework:

  • Enforces context-aware policy across a wide range of form factors to deliver security flexibly, when and where you need it.
  • Manages context-aware security policies throughout the network, providing deep

insights into—and effective controls over—who is doing what, when, where, and how.

  • Provides secure access from a full range of devices—from traditional PCs and Mac-based computers, to smartphones, tablets, and other mobile devices—anytime, anywhere.
  • Leverages Cisco SIO for robust, real-time insights into the global threat environment.
  • Enables simplified business policies that will correlate directly between what IT must enforce and the organization’s business rules.
  • Integrates comprehensive, extensible APIs that allow Cisco’s own management systems and partners to