Cisco's newly announced Trusted Security (TrustSec) platform is intended to simplify and improve aspects of network security management by adding role-based access control (RBAC) to Cisco's switches.
"The thing you have to think about with existing technologies is what is missing," said John McCool, senior vice president of Cisco's Internet Systems business unit, at a news briefing.
While current network security techniques check data at its ingress point, McCool said, RBAC recognizes data in relation to a user's role and regulates what is and is not allowed, based on that role.
TrustSec helps move network security from threat defense (stopping a virus or an exploit) to managing at the switch level what users can and cannot access, solving a critical problem as system administrators worry less about external threats and more about data leakage and other internal threats that are often posed by users with legitimate network access that is not effectively limited.
Robert Whiteley, a senior analyst with Forrester Research, said the biggest challenge facing network administrators today is the tradeoff between allowing access and maintaining security. Cisco's solution, though not revolutionary, elegantly helps solve that problem, he said.
Whiteley said Cisco was playing to its advantages: a large market share with a typical installation using 100% Cisco switches. Over the next 18 months, TrustSec will be rolled out across Cisco's switching product lines, meaning that older installations will also be able to take advantage of the features – and administrators will have one more reason not to migrate away.
Since TrustSec will be available across Cisco product lines, it can rely on standardized protocols and a consistent system. Whiteley said this pervasiveness, which allowed Cisco to "bake security into the network," was important because networks could rely less and less on firewalls to keep security risks at bay and instead must regulate users both inside and outside the network.
Cisco's competitors are working on similar RBAC techniques, Whiteley said, but they inevitably run into one of two problems: Either their infrastructure must be put at every security "choke point" or their hardware must be used throughout the network. For administrators looking to build a multi-vendor network, neither is a particularly palatable option.
Companies under security or compliance mandates could find the technology useful almost immediately as they seek to better secure and manage access to data in their networks, Whiteley said, and previous investments in Cisco technology would help lower the financial barrier to moving toward RBAC.
He added, however, that moving to TrustSec would involve some "growing pains" as policies are put in place and administrators get used to RBAC. But at the end of the tunnel, cost savings would be likely to result because data leaks and breaches – which Whiteley said were some of the most expensive threats – could largely be mitigated.