- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
Network World - SAN FRANCISCO -- Cisco has unveiled a self-described "complicated" security architecture dubbed SecureX that it says provides a context-aware way to safeguard networks increasingly overrun with smartphones, tablets and virtualization.
SecureX, outlined at the RSA Conference in San Francisco, will initially give Cisco firewalls -- and eventually its switches, routers and other products -- the ability to dynamically scan and tag data related to a user's identity and application/device usage in order to have a real-time basis for enforcing identity-based security policies.
Tom Gillis, vice president and general manager of Cisco's security technology business unit, acknowledged the SecureX Architecture is novel and complex, and its evolution in terms of product implementation will only start to slowly roll out later this year.
The SecureX capability is expected to first be evident in the line of Cisco Adaptive Security Appliance (ASA) multipurpose firewalls, which will be outfitted with Cisco TrustSec tagging technology to identify a wide range of information about a user's network usage, such as applications, devices, location and time of day, so that security decisions can be made in a context-aware fashion.
"What will context reveal? Who somebody is, are they part of an organization, what applications are they trying to use, are they using an iPhone and iPad and is it managed by IT," and are they inside or outside the corporate network, says Ambika Gadre, senior director for Cisco's security technology business unit.
The idea is to flag policy violations, block access or warn about security threats. SecureX is seen as augmenting Cisco Borderless Networks strategy, which is intended to support applications, processing cycles and services that are increasingly distributed and virtualized, such as those in cloud computing and software-as-a-service environments.
"It is proprietary," Gillis acknowledged when asked whether the SecureX architecture will ever extend to incorporate third-party security or network gear. But Cisco executives said they are weighing how to create a shared ecosphere for it, likely by making APIs available or approaching a standards body with some fundamental SecureX-related technology.
Cisco is a large player in the network security market, with about $2 billion in sales last year. But the consumerization of the endpoint, with devices such as Apple iPads and iPhones as well as mobile devices running Google Android and other software spilling into the enterprise, "is causing us to rethink how security works," says Gillis. The spread of virtualized systems is also a big part of that mix, he says.
Cisco envisions SecureX as a way to not only give customers a broad view of what computer and mobile device users are doing on the network, but to enforce granular policies such as access to applications on Facebook. There's also the idea that blending some tagged identity and device information data with threat data amassed from Cisco's Security Intelligence Operations, a cloud-based service for analyzing ongoing threat information globally, would advance context-aware security. Cisco also will amass situational telemetry data culled from the actions of more than 150 million AnyConnect and legacy VPN clients its customers use to apply this to context-aware security.