WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
Cisco is rolling out a new security framework this week at the RSA security conference in San Francisco. The new framework, called SecureX, goes beyond the self-defending network architecture that Cisco has pushed at RSA in years past with additional context aware network intelligence.
As part of the SecureX launch, Cisco is delivering new features for its ASA firewall hardware as well as improvements to the AnyConnect mobile VPN client. The overall goal of SecureX is to make networks more aware of policy and threats, no matter where the threats or the endpoint reside.
"SecureX is about making security more distributed and ingrained in the network fabric and bringing in context-aware scanning," Kevin Kennedy, product line manager at Cisco, told InternetNews.com.
Kennedy noted that SecureX is a response to changes in the market for how security needs to be implemented. He said that cloud, virtualization and mobility deployments have changed the nature of technology usage as well as the associated risks and threats. Instead of thinking about network security in terms of IP addresses and ports, Kennedy said that the language of security needs to change. In other words, security policies need to correlate more closely with business rules and definitions.
Cisco's previous security architecture the self-defending network was more of a static environment, according to Kennedy. Though the way that security has now shifted, the core hardware underpinning of having a firewall and network IPS still remain in place.
"The firewall is still the most deployed element for security and so we are bringing context-aware capabilities into our ASA firewall," Kennedy said. "That brings together rich context notions and combines information from TrustSec for network information and brings in global context from Cisco Security Intelligence Operations (SIO)."
Cisco last updated its ASA firewall lineup in October of 2010, with the ASA 5585-X Adaptive Security Appliance, which can provide up to 35Gbps of large packet throughput for firewall performance and up to 350,000 connections per second.
TrustSec is a network layer security feature that Cisco first began talking about in 2007 as a way to bring in more intelligence on top of network access control (NAC). TrustSec has since been expanded to Cisco's Catalyst and Nexus switches. Cisco SIO is an intelligence gathering networking that helps to correlate threat information and provides mitigations back to users.
Cisco is now also connecting its AnyConnect VPN client to the SIO service providing client telemetry to the service. Kennedy noted that to date only Cisco's IPS and Firewall devices have been providing information to SIO. Those endpoints totaled 700,000 scanning elements. Now by adding in AnyConnect, as many as 150 million endpoint scanning elements could be contributing data to SIO.
The SecureX architecture will, over time, be adding new capabilities to other components of Cisco's networking portfolio as well. One new item that Kennedy hinted is an enhanced management capability.
"We will be providing a management capability that combines both the new context-aware as well as managing existing firewall rules," Kennedy said.
Additionally part of the SecureX architecture is a set of APIs that will enable third parties to plug-in and integrate with the system. Kennedy noted that there will be a software development kit (SDK) as well as a developer ecosystem that will be supported by Cisco.
"The biggest challenge in delivering SecureX is that it brings together a lot of pieces, which is also an opportunity," Kennedy said.
Keep up with security news; Follow eSecurityPlanet on Twitter: @eSecurityP.