Skip Links

The Cisco security directive

By , Network World
June 05, 2012 04:56 PM ET
Chris Young

Page 3 of 5

That could be anything from, "I'll let the device on, I'll let the user on, I'll let them sync to ActiveSync and get their email," to "Let's take the user through a set of flows, register a user or register a device, and provision a profile to the device so there's a secure VPN connection to corporate applications." You can also provision other company-based applications as part of that workflow. And then the Identity Services Engine becomes the policy management point, and the router, switch and the firewall, depending upon whether you're on network or off, become the control points that get leveraged.

And what's great about that for a customer is they can leverage one policy server that works with an existing infrastructure deployment. They don't have to go deploy another set of servers that are enforcing access control within the network. They're just leveraging the network gear that's already there.

How does this vision mesh with, say, the VDI efforts of companies such as VMware and Citrix?

When I was at VMware I ran the virtual desktop business, end user computing was my space, and what I just described doesn't mean you wouldn't have a VDI solution involved. I talked about going through a user registration flow, and part of that could be provisioning a VDI client. And then through that VDI client they get access to their Windows desktop that's running in the data center, so we can provide the upfront access control and the security policy around provisioning that VDI client to the user. And then when they go off network and come back on network, we can continue to be the access control point for letting them into other VDI infrastructure. So they work very much in conjunction with each other. Our position is we're trying to help customers allow their users to work the way they want to work.

OK. Let's get to integration. Are there other legacy security pieces you'll try to integrate into these different architectures?

Well, it depends on what you define as legacy. I mean Cisco is one of the biggest players in firewall, we've been that for years. And firewalling is probably one of the most mature segments of the security business, although it's going through a renaissance because there's a lot of convergence between network security, which is firewall and IPS, and content security, you know, email and Web gateways and that kind of thing.

Those worlds are coming together. We're seeing more and more convergence between firewall, IPS, Web gateway and even anti-malware scanning that goes on in messaging traffic. And so what I see in the industry and what we're doing as well, is trying to bring multiple services to the same platform, trying to make Web and cloud-based security services a part of the overall offering.

One of the reasons I believe our ScanSafe solution is so important is because you want to be able to give customers the ability to leverage the capabilities the cloud brings, such as real-time scanning for malware, real-time intelligence on threats that could be global in nature, the ability to protect users off network as well as on network. So there's a lot of value in these kinds of integrated models and I think customers using the ScanSafe service are very pleased with the flexibility they get from that kind of a model.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News