Building a Security Strategy
The chapter covers the following topics:
Cisco Borderless Network Architecture
- Borderless Security Products
Cisco SecureX Architecture and Context-Aware Security
- Cisco TrustSec
- TrustSec Confidentiality
- Cisco AnyConnect
- Cisco Talos
Threat Control and Containment
Cloud Security and Data-Loss Prevention
Secure Connectivity Through VPNs
Security Management
Cisco Borderless Network Architecture
Traditional approaches to network security used well-defined borders to protect inside networks from outside threats and malware. Employees used corporate computers secured with antivirus and personal firewalls. Perimeter-based networks were protected using network-scanning devices (firewalls, web proxies, and email gateways).
Today, network borders are dissolving as users want to access to resources from any location, on any type of endpoint device, using various connectivity methods. Cisco has addressed this with the Borderless Network Architecture, which integrates the following components:
Borderless end zone |
The zone offers deployment flexibility and strong security services in multiple dimensions as users connect to the network. End-user access is based on the security posture of the connecting endpoint using the Cisco AnyConnect SSL VPN Client. Infrastructure protection is provided using firewalls, intrusion prevention systems (IPSs), web security, and email security. |
Borderless Internet |
Implemented by performing Layer 2 through Layer 7 scanning engines managed by enterprises and cloud providers. Scanning engines assume the role of firewalls, intrusion detection/prevention systems (IDSs/IPSs), network proxies, and web gateways. |
Borderless data center |
Layers virtualized components on top of existing infrastructure components to provide security solutions for the cloud. |
Policy management layer |
The security policy is managed in central locations and then enforced throughout the network based on context-specific variables. It provides the following:
|
Borderless Security Products
The architectural approach to security found in the Borderless Network Architecture results in distinct categories of Cisco products, technologies, and solutions:
- SecureX and context-aware security
- Threat control and containment
- Cloud security and data-loss prevention
- Secure connectivity through VPNs
- Security management