Cisco didn’t invent the term; rather, it claims to be adding enhancements that allow the network to better serve as that sensor. Monday’s basket of security announcements, launched at Cisco Live in San Diego, did include some new equipment. But the larger point was that established network tools can be used in new, integrated ways to improve security.
“We haven’t created yet another piece. We’ve just embedded security into our customers’ infrastructure,” said Inbar Lasser-Raab, vice president of enterprise solutions, during a Monday press conference at Cisco Live.
It’s an approach prompted by the rise of mobile devices, wearables, and the Internet of Things. The number of attack vectors is increasing. Security needs to be applied everywhere, and “the one thing that is everywhere is the network,” she said.
Cisco‘s stance is not surprising. Security itself is no longer one function, but a collection of related functions spread throughout the network. That’s leading to radical approaches; for instance, startup Illumio has a networkwide security architecture that’s actually oblivious to the network.
More crucially for Cisco, the company’s sales strategy is now based on architectures rather than pieces of equipment. The network-as-a-sensor concept would feed that strategy.
Mashup: NetFlow, ISE, and StealthWatch
At the heart of the network-as-a-sensor is the correlation between Cisco’s NetFlow and Identity Services Engine (ISE). Both tools have existed for a while, but both have their limitations; NetFlow shows you all conversations on the network, providing no context, while ISE can only tell you who was on the network and on what device. Combining the two is analogous to having a call record with caller ID information attached, Lasser-Raab said.
Cisco is integrating those pieces with Lancope StealthWatch, which monitors the network and, in conjunction with ISE, can help it better identify anomalous behavior.
Cisco is also touting the ability of the network to be a security enforcer, using policy and SDN to contain attackers who get through the defenses. This has been a strong theme for VMware, which found network security — based on this kind of containment — to be a popular use case for the NSX network virtualization platform.
Security and FirePower
Other security pieces being announced at Cisco Live include:
- A hosted identity service. Cisco will operate ISE for you, using it to determine how users can access the network and what rights they’re granted. Cisco is pitching the service as a way to move security to an operations model as opposed to an equipment-based model.
- The Firepower 9300, a new piece of service-provider equipment based on the Sourcefire acquisition. It’s a carrier-grade, modular chassis meant to be packed with compute blades (specifics weren’t immediately available). It’s also open, in the sense that Cisco will let third-party software run on the platform.
- Sourcefire integration. Sourcefire’s FirePower threat defense service, part of a $2.7 billion acquisition in 2013, is being added into Cisco’s Integrated Services Router (ISR) line of campus and branch-office routers. FirePower is also integrated with Cisco’s Application-Centric Infrastructure (ACI), as the company announced last month.
- The ability to distribute Cisco’s advanced malware protection (AMP) via AnyConnect, Cisco’s VPN client.
Photo: Lasser-Raab and Cisco customer Kevin Phillips, director of IT operations for K&L Gates.