In today's environment, where Internet worms spread across the world in
a matter of minutes or seconds, security systems must react instantly. A
security system that is fully integrated into all aspects of the network can
recognize potential suspicious activity, identify threats, react appropriately,
isolate infections, and respond to attacks in a coordinated way.
The
Cisco Self-Defending Network strategy allows organizations to use their
existing investments in routing, switching, wireless, and security platforms to
create a system that will help to identify, prevent, and adapt to both known
and unknown security threats.
The strategy consists of three systems, or
pillars, each with a specific purpose.
- Secure Connectivity safely transports applications across different network
environments.
- Threat Defense protects against both known and unknown threats.
- Trust and Identity Solutions supply the contextual identity required for
entitlement and trust.
Secure Connectivity
Ensuring the privacy and integrity of
all information is vital to businesses. As companies use the flexibility and
cost effectiveness of the Internet to extend their networks to branch offices,
telecommuters, customers, and partners, security is paramount. Not only must
organizations protect external communications, but they must help ensure that
the information transported across an internal wired and wireless
infrastructure remains confidential. Similarly, companies must secure voice and
video as they use their existing network infrastructure to provide new
business-enhancing services
.
The
following solutions are included in Cisco Secure Connectivity
:
- Site-to-Site VPNs
- Remote Access VPNs
- Voice Security
- Wireless Security
- Solution Management and Monitoring
Threat Defense
The Cisco Threat Defense System brings
together security solutions and intelligent networking technologies to identify
and mitigate both known and unknown threats from inside and outside an
organization. This systems-based approach protects the network through
flexible, customizable deployment of security and network services.
The
elements that comprise a threat-defense system include the following features
and products
:
- Endpoint Security
- Integrated Firewalls
- Network Intrusion Prevention
- Content Security
- Intelligent Networking and Security Services
- Management and Monitoring
Trust and Identity Solutions
Businesses need to effectively
and securely manage who and what can access the network, as well as when,
where, and how that access can occur. Cisco Trust and Identity Management
Solutions can turn virtually every network device into an integral part of an
overall security strategy.
Deploying a complete Trust and Identity
Management solution lets enterprises secure network access and admission at any
point in the network, and it isolates and controls infected or unpatched
devices that attempt to access the network. Businesses can streamline the
security management of remote network devices while taking full advantage of
existing security and network investments.
With the Trust and Identity
Management Solutions, the following essential security functions are provided
:
- Enforcement – Authenticates entities and determines access privileges based
on policy.
- Provisioning – Authorizes and controls network access, and pushes access
policy enforcement to network devices using VLANs and access control lists
(ACLs).
- Monitoring – Accounting, auditing, and forensic tools allow administrators
to track the who, what, when, where, and how of network activity.
The Cisco Trust and Identity Management technology is comprised of
three solution categories:
- Identity Management – Guarantees the identity and integrity of every entity
on the network and applies appropriate access policy. Identity Management also
secures the centralized management of remote devices and provides
Authentication, Authorization, and Accounting (AAA) functionality across all
network devices.
- Identity Based Networking Services (IBNS) – Expands network security by
using 802.1x to automatically identify users requesting network access and
route them to a VLAN domain with an appropriate degree of access privilege
based on policy. IBNS also prevents unauthorized network access from rogue
wireless access points.
- Network Admission Control (NAC) – Allows network access only to trusted
endpoint devices that can verify their compliance to network security policies,
such as having a current antivirus image, OS version, or patch update. NAC can
permit, deny, or restrict network access to any device as well as quarantine
and remediate non-compliant devices.