White Paper

Cisco SecureX: Reimagining Security for Todays Networks

Dramatic business and technological trends are driving changes across the enterprise that affect not only how organizations do business, but also how they think about network security within these new paradigms.

The consumerized endpoint and the rise of BYOD: As the endpoint evolves, users are better able to access critical resources from virtually anywhere, utilize a vast array of collaboration and communication tools, and truly customize their work experience. The challenge for the enterprise is keeping track of who and what is on the network, how to control network access for mobile workers and their array of intelligent devices, and what privileges each user and device ought to enjoy.

The growth of virtualization and cloud computing: Todays enterprise understands that the actual location of data is no longer nearly as important as its availability. The green data center movement has not only driven down energy costs, but also forced organizations to rethink how they manage and control access to data, as well as how and where they store it. And this concern is even more urgent as organizations begin to transition critical infrastructure and data resources to cloud service providers.

The deluge of network traffic: The exponential growth of network traffic is due to many factors, including the emergence of video as a critical collaboration tool, remote user access to critical data center resources, the increase in the use of social media and other online collaboration tools, the steady growth of voice traffic, and the proliferation of cloud-based applications. The growing demand to recognize, analyze, and secure vast amounts of data means that most traditional security solutions will quickly become expensive bottlenecks.

The sophistication of the threat landscape: Users and implementers of new networking and collaboration technologies are often unfamiliar with their risks and requirements. In times like these, when change is occurring in high volume across all areas of the network, the problem is compounded. Criminals are quick to focus on these new technologies and the security gaps that develop when implementing them. At the same time, they continue to increase the sophistication and effectiveness of their more traditional sorts of attack.

One of the biggest challenges that emerges during times of rapid change is the resulting complexity of the environment. IT teams can quickly lose visibility into who and what is on their network, and their ability to control access and behavior are limited by the very environment they are working to create. In a complex network environment, traditional security implementations are likely to become overwhelmed. Most security tools can only see the network traffic that passes directly in front of them, and cannot compare what they are seeing with what is happening elsewhere on the network. And even when a security device finds a security threat, it has little to no ability to share that information across the network to other devices. The result is that IT teams are trying to see and secure a broad, interactive, and collaborative environment that includes remote users, the new network infrastructure, and the virtualized data center and cloud services through a series of portholes. And they have to do it for more kinds of users, more devices, and a higher volume of traffic than ever before.
2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 5

The question is, how long can this continue before progress grinds to a halt or real security is compromised?

The Cisco SecureX Framework

Because todays security solutions are largely centered on protecting the static, physical infrastructure, and traditional security policy is expressed in terms of particular devices (such as a corporate PC, an IP address, a network port, or an application protocol), current solutions are not well suited to address the dynamic changes occurring in the network. To address new network and security dynamics, security implementations need to be much more sophisticated. Organizations need to adopt a context-based approach that recognizes and addresses security in terms of who, what, where, when, and how. Security needs to be separated from the networks physical infrastructure and instead live as close as possible to the users and devices being protected. The solution must be highly distributed so it can be deployed globally to be available wherever and whenever the borderless enterprise touches the public Internet. And it needs to maximize visibility by using network and global security intelligence to ensure that it remains tuned against the latest threats while sharing critical security intelligence with the network and other security technologies. The Cisco SecureX Framework is a security solutions framework designed to better meet the needs of the mobile and dynamic network, allowing organizations of all sizes to collaborate easily, apply new computing models, and enable their workforce to roam freely. It does this by blending the power of the Cisco network with context-aware security technologies, uniform policy creation and distribution, and professional and technical services to protect todays organization no matter when, where, or how people use the network. The Cisco SecureX Framework is built upon three foundational principles:

One of every three college students and young employees believes the Internet is as important as air, water, food, and shelter. Two of five said they would accept a lower-paying job that had more flexibility with regard to device choice, social media access, and mobility than a higher-paying job with less flexibility. Regarding security-related issues in the workplace, seven of ten employees admitted to knowingly breaking IT policies on a regular basis, and three of five believe they are not responsible for protecting corporate information and devices. 2011 Cisco Connected World Technology Report

Security intelligence and telemetryCisco Security Intelligence Operations (SIO) provides global insight into real-time security events, as well as a comprehensive database of threat telemetry information spanning more than 10 years. Threat data is gathered by a series of Cisco security operations centers across over 750,000 network, web, and email collection points, and from more than 150 million mobile endpoint devices. This critical, real-time security data is processed through a team of dedicated Cisco engineers and sophisticated analysis tools to create security reports and heat maps, threat analysis and remediation alerts, and millions of actionable security updates which are then fed to Cisco security devices throughout the day in order to keep them finely tuned against the latest threat landscape. In addition, the Cisco network infrastructure itself gathers and analyzes local contextual information such as identity, device, posture, location, and behavior to establish and enforce access and data integrity policies.

2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.

Page 2 of 5

Context-aware policy and enforcementCisco SecureX ties organizational security policies to business operations such as security and network infrastructure, user identity, resources, and IT operational processes. Administrators can create security policies based on five parameters: the users identity, the application in use, the access device, the user and device location, and the time of access. In addition, assigned security policies are allowed to adapt as context parameters change, and the policies can be applied uniformly across all access methods (wired, wireless, and VPN). Once a device (or user) has been authenticated and determined to meet policy, Ciscos role-based access control solutions provide access policy enforcement not just at the access edge, but also along the entire data path, from source to destination. Network devices along the data path are able to identify the policy associated with the datas owner and device by reading automatically attached security policy tags, and then enforcing that policy to protect critical resources.
Today, your millennial employeesthe people you want to hire because of the fresh ideas and energy they can bring to your businessshow up to their first day on the job toting their own phones, tablets, and laptops, and expect to integrate them into their work life. They also expect others namely, IT staff and chief information officersto figure out how they can use their treasured devices, anywhere and anytime they want to, without putting the enterprise at risk. Security, they believe, is not really their responsibility: They want to work hard, from home or the office, using social networks and cloud applications to get the job done, while someone else builds seamless security into their interactions. Cisco 2011 Annual Security Report

Integrated network and security managementStarting with the secure, trusted network, Ciscos suite of management solutions brings together network operations and security operations management considerations into a set of simple yet powerful management offerings. Flexible management options allow organizations to deploy specialized security management technologies where needed, as well as providing windows into security controls from more network-based management tools.

These three principles of the Cisco SecureX Frameworkglobal intelligence, context-aware policy and enforcement, and integrated managementare delivered through a complete set of security solutions focused on functional areas of the network: access and mobility, the data center and cloud, and the network edge and branch office. In addition, Ciscos portfolio of security services use Cisco intellectual capital and best practices to support development, implementation, and operation of the Cisco SecureX Framework. Cisco and our partners help customers assess the business and security needs of their networks, develop a comprehensive design plan, and deploy a robust security solution.

Cisco SecureX Solutions

The Cisco SecureX Framework enables consistent security enforcement throughout the organization and across security devices, greater alignment of security policies with business needs, integrated global intelligence, and simplified delivery. The result is intelligent security enforcement from the most remote endpoints, across the network infrastructure, and out to the data center and cloud, in a way that is seamless to the end user and more efficient for the IT organization. The Cisco SecureX Framework is delivered through a set of security solutions that include:

Secure Unified AccessProvides persistent, always-on security for mobile endpoint devices (laptops, tablets, smart phones, etc.), including VPN, cloud-based web security, and authentication and integration into the networks secure access solution. After authenticating users and/or devices, the Cisco SecureX Framework uses the network to provide the enforcement of access privileges along the entire data path from endpoint device to the users destination.

2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.

Page 3 of 5

Virtualization and CloudExtends access policy and enforcement into the traditional and virtualized data center and private cloud implementations, and provides secure access to public cloud services. In addition, Cisco SecureX provides several cloud-based security services, including email and web security services. Cisco SIO is another cloud-based offering that provides critical security services such as published security reports, the browsable SIO threat telemetry database, real-time threat alerts and reports, and continuous threat updates pushed to Cisco security appliances.
The Cisco SecureX Framework: Enforces context-aware policy across a wide range of form factors to deliver security flexibly, when and where you need it. Manages context-aware security policies throughout the network, providing deep insights intoand effective controls overwho is doing what, when, where, and how. Provides secure access from a full range of devicesfrom traditional PCs and Mac-based computers, to smartphones, tablets, and other mobile devices anytime, anywhere. Leverages Cisco SIO for robust, real-time insights into the global threat environment. Enables simplified business policies that will correlate directly between what IT must enforce and the organizations business rules. Integrates comprehensive, extensible APIs that allow Ciscos own management systems and partners to

Threat DefenseProvides traditional network, application, data, and content security solutions, such as firewall, IPS, email, and web security. Threat defense solutions participate in and enforce the overall network security policy strategy, and are designed to go beyond traditional security solutions by being able to work as part of a collaborative security system; by providing appliance, network integrated, and cloud-based services; and by understanding and securing a wide range of

critical business services, such as routing and switching services, voice, video, collaboration tools, social media, and Telepresence.

Application Visibility and ControlCommunication, collaboration, and social media applications and micro-apps can represent a real threat to organizations in terms of data leakage, vulnerability exposure, and productivity loss. Context-based controls allow organizations to categorize and manage access to web and cloud-based applications, and control which and how these applications can be used. For example, an organization may want to permit, or even encourage, the use of social media sites, but block the ability to upload and transfer files or play online games. Ciscos new application visibility and control solutions provide granular visibility and control to protect organizations as they take advantage of new web and cloud-based tools and applications.

Moving Beyond the Edge

Todays evolving workplace requires us to change the way we think about security. Our legacy security devices were not designed to provide the sort of security required by todays networks. By reimagining security, Cisco is allowing organizations to transform the role of security from one of being a static gatekeeper to that of a dynamic and powerful enabler that allows them to securely and transparently adopt and benefit from new technologies. In this environment, security becomes a competitive weapon. Not for what it keeps out, but for what it lets inthe advances and tools of today and the future. For more information on the solutions, products, and services that comprise the Cisco SecureX Framework, please visit http://www.cisco.com/go/security, and http://www.cisco.com/go/securex.

2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.

Page 4 of 5

Printed in USA

C11-700887-00

02/12

2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.

Page 5 of 5