Cisco Introduces 'Context Aware' Security Architecture, Leveraging Client Telemetry

Cisco Systems has unveiled its distributed SecureX architecture, which enables "context aware" security enforcement regardless of infrastructure environment. A key element is inclusion of client information through Cisco's TrustSec technologies, which enable the transport and reading of context about user, device identity and role, to create and enforce granular policy. The announcement is being made at the RSA Conference.

"TrustSec tagging metadata provides contextual information that any firewall switch or router
can read," says Tom Gillis, VP and general manager for the Cisco Security Technology Business Unit. "Cisco draws context information from directories, Security Intelligence Operations [Cisco's threat assessment cloud service]), authentication information from clients, NAC products, and brings it all together."

SecureX includes:

Cisco customers are mixed in their attitude toward use of personal mobile devices. "The cyber environment brings challenges," says Mauricio Guerra, director of global information services for Dow Chemical. "Businesses are asking for mobility, to enable business in a secure way."

"We go with a cautious approach," says Kevin DePeugh, executive director, assessment and response services, at Kaiser Permanente. "Our health care professionals want mobile devices; they can give care more efficiently, but we have to be careful about what we allow on network."

"There's a lot of pressure from our internal entrepreneurial group to be cool and sexy with dealers," says Andre Gold, head of technology operations and security at AutoTrader. "We identify use cases for employees rather than an approach of 'thou shalt not have personal devices.'"Cisco announced that the new context-aware capabilities for the Cisco Adaptive Security Applicance (ASA) combine context from TrustSec, AnyConnect and SIO. Coupled with broad application intelligence, enterprises will be able to formulate and enforce policy based on context elements such as user identity, organization, an application that they are trying to connect to, the device they are using, whether it is managed or personal and location.

Client telemetry from AnyConnect and legacy VPNs will enormously expand the information base of SIO, which uses reputation data, global threat assessment and analysis to Cisco security products. The inclusion of client information will add some 150 million sources to the 700,000 network and security appliances feeding the service, enhancing the visibility and actionable threat intelligence SIO can provide.

"It's a pivot point for SIO," says Ambika Gadre, senior director, Cisco Security Technology Business Unit.

See more on this topic by subscribing to Network Computing Pro Reports Cisco Cements Next-Gen Strategy (subscription required).