Product Watch: Cisco Unveils New Security Architecture

SAN FRANCISCO -- RSA Conference 2011 -- Cisco today launched its SecureX Architecture, a highly distributed, "context-aware" architecture designed to support its Borderless Networks approach.

Borderless Networking is Cisco's networking road map, which defines methods for enabling users to access corporate data with equal security regardless of the location or device they are using.

SecureX is a highly distributed architecture that manages enforcement elements, such as firewalls, Web proxies, and intrusion prevention systems, with higher-level policy language that is context-aware, according to Cisco.

"These next-generation scanning elements are independent of the physical infrastructure and can be deployed as appliances, modules, and cloud services," Cisco says. "Better suited to address today's security challenges, they are designed to know exactly who a user is, what role that user plays in the organization, and whether that user should be allowed access."

The context-aware concept means IT systems will understand who a user is, what department they are in, how they are connecting to the network, and where they are at the time of access, says Ambika Gadre, senior director of the Cisco Security Technology business unit. Using this context, the network can make better decisions on who the user is and whether they should be allowed to connect to the network, she says.

SecureX includes new context-aware policy language that helps manage the context-aware enforcement elements, the company says. It also includes Cisco AnyConnect, which tethers any device, from anywhere, into the security fabric. It supports Cisco's virtual data center switching capabilities and includes Cisco Security Intelligence Operations, a cloud-based service that provides global context and threat intelligence.

The network will gather the context through TrustSec, which tags packet streams with information about where they come from and how they were generated, Gadre says.

Aside from SecureX, Cisco says it is adding context-aware capabilities for the Cisco Adaptive Security Appliance, the company's firewalling and policy enforcement technology. By combining local context using Cisco TrustSec, global context from Security Intelligence Operations, and mobile insight from AnyConnect, the Cisco ASA allows businesses to gain visibility into their network infrastructures and create better policies that correspond to business rules, Cisco says.

Cisco also is enhancing AnyConnect to include real-time, client-based threat telemetry for Security Intelligence Operations. "Telemetry from existing Cisco security services for email, Web, intrusion prevention, firewall, and cloud security services will enable powerful global context and threat intelligence, ensuring fast and focused protection against a full range of malicious activity," Cisco says.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.