• United States
Senior Editor

Cisco boosts IoT access control, management

News Analysis
Apr 17, 20184 mins
Data CenterInternet of Things

security risks in the IoT [internet of things] network
Credit: Thinkstock

Cisco has rolled out software tools for helping customers control access and more easily manage the burgeoning amount of enterprise IoT devices in their networks. 

The company has also begun filling out its Catalyst 9000 line of intent-based networking (IBN) switches with new boxes aimed at customers wanting 100G/sec and 25G/sec network migration options.

IoT access control, security, management

The need for much better enterprise IoT access control is obvious, Cisco says: According to its Midyear Cybersecurity Report for 2017 most companies are not aware of what IoT devices are connected to their network.

These devices are generally not build with security in mind, many of them lagging behind the security of desktops, the report says. Security issues can take months or years to resolve, and typically they have no reporting or updating on common vulnerabilities and exposures. They often have unpatched or outdated applications that cannot be easily accessed or reached at all, making it hard to remediate compromised systems.

ISE upgrades

With all of that in mind, Cisco has bolstered its Identity Service Engine (ISE) by doubling the amount of IoT device and user device groups that can be automatically classified and identified, including those using industrial and building protocols such as BACNet, Profinet, CIP and Modbus.

“With ISE 2.4 we have added 620 new profiles that can now be populated in ISE,” said Prashanth Shenoy, VP of enterprise network marketing at Cisco. “With this increased support ISE customers can set policies for IoT devices, segment IoT devices and control access all from one location.”

Cisco ISE is available as hardware appliances or virtual servers. The software recognizes devices as they connect to the network, reporting data like manufacturer, model number and software installed. ISE controls access across wired, wireless and VPN connections to the corporate network, Cisco said.

DNA Center, SD-Access

Cisco also said it was expanding a central component of its DNA Center provisioning package to support IoT devices. Introduced last year as a key part of its IBN initiative, DNA Center is network-automation software. A key part of it is SD-Access software, which uses an identity-centric approach to manage users and devices coming onto and operating within the network, Cisco said.  

Cisco is extending SD-Access from the campus to what Cisco calls the extended enterprise, such as distribution centers, warehouses and manufacturing plants where IoT devices, sensors and robots are common. Extending SD-Access means customers can push policy and automate operations across their enterprise, manufacturing or outdoor environments — all through DNA Center, Shenoy said.

SD-Access Extension for IoT and SD-Access for Distributed Campus should be in in the 3Q with general availability in 4Q, Cisco said.

Cisco said its Operational Insights cloud-based management service and Cisco Connected Mobile Experiences (CMX) appliance, version 10.3 or later can now use data acquired from IoT devices to track and monitor the location and environmental state of machines, sensors and other assets. By applying business rules that define the expected range of locations and telemetry, the service is able to more effectively identify problems and streamline business operations.

“Operational Insights continually monitors data from the sensors attached to your assets — including telemetry data such as temperature and humidity. When any measure deviates from the norm established by your workflows, policies and business rules, the solution swings into action. It can give you an immediate alert or, if you prefer, can trigger an automated action that is predefined by your workflows and business rules,” Cisco said.

Catalyst switches for intent-based networking

Cisco added the Catalyst 9500 100/40G 32-port switch and the Catalyst 9500 25G 24- and 48-port switches to its Catalyst family.  

The Catalyst 9500 is Cisco’s core aggregation enterprise switch that offers myriad services such as Encrypted Traffic Analytics and Netflow, and offers customers an  upgrade path from older models. The boxes are available now.

Cisco also rolled out an Aironet 4800 Access Point,which it described as an all-in-one access point that “includes a 24×7 dedicated radio for security and analytics, real-time telemetry with deep visibility and industry-leading hyperlocation.”

The 4800 features what Cisco calls “Intelligent Capture” which probes the network and can send DNA Center the results, which can be used to set policies or track and react to anomalies.

“The software can track over 240 anomalies and instantaneously review all packets on demand, emulating the onsite network administrator,” Cisco said. The box includes a supplemental radio that constantly monitors the wireless network looking for anything that can cause a threat or interfere with performance, the company said. The box will be available in the third quarter, Cisco said.