Cisco Extends Sourcefire Integration

Cisco made a slew of security announcements at Cisco Live Monday, touting its ability to secure every part of the extended enterprise -- the campus, branch offices, the data center, and edge.

"The attack surface is ever increasing. The threats can come from everywhere, and so the security has to come from everywhere," Inbar Lasser-Raab, Cisco VP of enterprise solutions, said in media briefing at Cisco Live in San Diego.

Several of the announcements focused on integrating the Sourcefire technology it acquired in 2013 for $2.7 billion into more parts of its portfolio. For example, customers using Cisco AnyConnect 4.1 VPN clients can now implement Sourcefire Advanced Malware Protection (AMP) for endpoint protection. Cisco said the integration provides early threat detection.

For the campus and branch, Cisco now offers FirePower services it acquired from Sourcefire embedded with its Integrated Services Routers (ISR) for centrally managed next-generation intrusion prevention and malware protection. Rob Westervelt, analyst at IDC, said in an email interview that the integrated platform can help organizations avoid having to pipe traffic back to a central security point, which isn't very secure or efficient.

Cisco previously announced integration of FirePower into its Application Centric Infrastructure (ACI) at Interop Las Vegas in April. The integration provides automated IPS and malware protection inside the data center. The idea is to use ACI's policy-based approach to catch threats early and quickly mitigate them.

At Cisco Live, the company unveiled additional security capabilities for ACI via integration with its TrustSec technology for identity-based segmentation and access control. Planned for next year, the integration will enable coordinated group-based policies across the enterprise.

Pumps up partnerships

Conceding that it can't do everything on the security front, Cisco is adding 10 more security vendors partners to its Platform Exchange Grid (pxGrid) ecosystem, including cloud security vendors SkyHigh Networks and Elastica, security information and event management providers FortScale and Rapid7, and identity and access management and single-sign on vendors NetIQ and SecureAuth. 

Cisco focused on its partnership with Lancope and its StealthWatch security monitoring technology as part of Cisco's "network as a sensor" marketing campaign. Broader integration between Cisco's Identity Services Engine, NetFlow, and StealthWatch provides better threat visibility and speedier identification of threats, Cisco said. ACI integration with TrustSec enables "network as an enforcer," Cisco's other slogan.

"The network has a role to play before, during and after an attack," Lasser-Raab said.

Cisco's partnerships with Lancope and other vendors like Splunk focus on supporting "bi-directional communication of threat data between security products and network infrastructure," which is key, Westervelt said.

"The big challenge is getting organizations to transition to Cisco's Application Centric Infrastructure equipped data center," he said. "Cisco needs to convince organizations of the value of being able to get granular by centrally managing role-based policies to gain actionable intelligence and rapid enforcement capabilities. It's starting to happen, but it's very much still the early days."

At Cisco Live, the company also launched Hosted Identity Services, which provides cloud-based ISE services for secure network access control.