JNT Visual - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Cisco product improvements complement ACI security

At Cisco Live, Cisco introduces product enhancements that fit within its overall ACI security strategy.

SAN DIEGO -- Cisco has launched several network security improvements experts believe will steer customers to the software-defined networking platform that is a key element of the company's product strategy.

At the Cisco Live customer conference Monday, Cisco introduced security enhancements for the data center, campus and wide-area networks. Collectively, the announcements are meant to nudge customers toward Cisco's Application Centric Infrastructure (ACI).  

ACI is an SDN platform tied to Cisco hardware. The company wants to make ACI security a competitive advantage in the SDN market, which is expected to grow from less than $1 billion last year to $8 billion in 2018, according to IDC.

Cisco CEO John Chambers has made security a priority for the company. In the quarter ended in April, security sales grew 14% year over year. Chambers is stepping down July 26 and will be replaced by Chuck Robbins, a Cisco veteran in charge of global sales. Robbins has said he will continue to invest heavily in security.

The Cisco Live announcements also described broader uses for FirePower Services, Cisco's Identity Services Engine (ISE) and NetFlow. These product improvements are in line with enterprises migrating from a layered security approach to a centralized architecture in which policies are pushed out to firewalls, intrusion prevention systems (IPS) and other defenses against network breaches, said IDC analyst Pete Lindstrom.

"Cisco is building out its capabilities to support this migration," Lindstrom said. "Eventually, the hub will be ACI."

FirePower extended to ISR

Cisco has also extended the reach of FirePower Services, an appliance-based next-generation firewall (NGFW), to its Integrated Services Routers (ISR). ISR lets companies connect branch networks to the Internet and the WAN separately for better application performance.

The FirePower integration will let Cisco provide extensive cloud-based security services, including file analysis and URL reputation protection, said IDC analyst Robert Westervelt.

The announcement came two months after Cisco said its Application Policy Infrastructure Controller (APIC), the heart of ACI, would support Cisco's FirePower IPS. As a result, the same APIC console used to configure data center switches would also be used to set rules governing FirePower physical and virtual appliances.

ISE gets closer to Lancope StealthWatch

Cisco has deepened integration between ISE and Lancope's StealthWatch, a network analyzer that monitors user activity. ISE is a network administration tool for creating and enforcing access policies for endpoint devices connecting to a company's routers and switches.

The improved integration lets different products use each other's data to bolster network security. This kind of "bi-directional" communication is unusual. "In most security deployments right now, security products -- especially those from different vendors -- typically can communicate in one direction or another, but not share data in both directions," said Westervelt.

In 2013, Cisco launched a bi-directional communication framework called pxGrid that lets security products collect contextual information from ISE. Such information can include user, device, network connection and location. Security vendors use the information to improve their own analytics and to send instructions to ISE to revoke or modify network access.

New pxGrid partners

At Cisco Live, the company announced that 11 more companies have agreed to support pxGrid. The companies include Skyhigh Networks, Elastica, Fortscale, Rapid7, Centrify and NetIQ. Overall, the new members cover cloud security and network and application performance management.

Cisco also announced a cloud-based version of ISE called Hosted Identity Services. "Cisco should consider extending their hosting capabilities to provide 24/7 support and management over security partner products as well," said Westervelt.

Finally, Cisco has extended the NetFlow protocol to its Unified Computing System (UCS), which is all-in-one hardware that includes computing, networking and storage resources. Cisco developed NetFlow to collect and monitor network traffic from routers and switches.

Next Steps

What's needed to run Cisco ACI, VMware NSX

Will network engineers choose Cisco or VMware SDN?

Bright boxes challenging Cisco ACI

Dig Deeper on Network Security