Cisco is looking to provide threat protection for data centers and clouds by integrating acquired security technology with its programmable, policy-based networking portfolio.
Cisco this week announced that it is combining the FirePOWER threat protection services software obtained from the 2013 acquisition of Sourcefire with its Application Centric Infrastructure (ACI) automated policy fabric. ACI is Cisco’s response to software-defined networking.
The result will be intrusion prevention and malware protection delivered to data center and cloud applications via ACI’s group-based policies.
MORE ON NETWORK WORLD
ACI’s existing policy segmentation, security service insertion and Layer 4-7 policy automation capabilities will now include FirePOWER threat protection. Application-specific security policies, aligned to individual tenants, can be deployed across multiple vendors’ security devices in cloud networks, Cisco says.
Cisco’s ACI security partners include Check Point, Fortinet, Infoblox, Intel Security, Radware, and Symantec. Both physical and virtual security services can inserted into the application traffic flow, Cisco says.
Cisco says data centers have often relied solely on perimeter security solutions to block malicious traffic from entering; but once an intrusion occurs, the threat is free to propagate throughout the data center. And shared multi-tenant clouds require data center security to protect every workload from every other workload, and protect all tenants from each other.
Cloud environments need to quickly and automatically update and configure security policies across all devices, both physical and virtual, to support the agility required of cloud architectures, Cisco says.
According to a 2015 survey of IT security personnel commissioned by Cisco and conducted by Enterprise Strategy Group, 57% reported a security incident had compromised their data center services within the last 24 months. Sixty-eight percent reported that it is somewhat to extremely difficult to remove expired or out-of-date access control lists or firewall rules because it is so time-consuming and entails many manual processes.
Cisco ACI security will be available in June.
Cisco also announced that third-party auditors validated ACI for deployment in payment card industry compliant networks. They conducted their assessments in Cisco labs.