Cisco deepens enterprise network virtualization, security detection of DNA suite
- 22 February, 2017 04:28
Cisco today announced a variety of hardware, software and services designed to increase network virtualization and bolster security for campus, branch office and cloud customers.
The products, which include a Network Functions Virtualization branch office device and improved security network segmentation software, fall under Cisco’s overarching Digital Network Architecture plan.
DNA offers integrated networking software—virtualization, automation, analytics, cloud service management and security under a single suite.
“DNA offers IT leaders a blueprint for building digital ready networks. In just under 18 months we have seen over 1,900 organizations deploy our SDN controller, APIC-EM, in their networks and start laying a foundation capable of enabling their digital transformation,” said Cisco’s Prashanth Shenoy, vice president of marketing, Enterprise Networking and Mobility.
On the hardware side, Cisco rolled out the Enterprise Network Compute System (ENCS) 5400 Series, a 1RU Intel Xeon server that includes an eight-port GE Switch which supports LTE, T1, DSL and more, as well as Dual-Phy Gigabit Ethernet WAN connectivity and 64Gb of memory.
The 5400 a purpose-built branch platform aimed at helping customers accelerate their Enterprise NFV deployments by extending routing, security, WAN optimization and other network services to their branch environments, Shenoy said.
The 5400 is all about the speed and agility in setting up “a branch office rollout that secures virtualized services," Shenoy said. “A branch office that took days to set up and provision previously can now be done virtually in minutes with security, QoS and management capabilities.”
Cisco does offer other SD-WAN packages and the 5400 is another option but one that focuses on customers interested in virtualizing network functions, experts said.
For security, Cisco extended its TrustSec security software across all its network components and offers security segmentation to isolate attacks and restrict threats in the network.
TrustSec 6.1 now extends from the campus to the branch office and the cloud, all in an effort to avoid and prevent pervasive threats Shenoy said.
In that vein, Cisco also enhanced its Identity Services Engine (ISE). ISE 2.2 offers much deeper visibility into applications on endpoints, including detection of anomalous behavior. It also offers more granular control with the ability to define "DEFCON" policy sets that lets customers escalate their response to prolific threats, Shenoy stated.
Together ISE and TrustSec can help turn the network into a sensor and enforcer, Cisco said. ISE provides visibility and control of users and devices on the network, while TrustSec provides software-defined segmentation to isolate attacks and restrict movement of threats in the network.
Rather than changing the authorization of individual users and devices, or implementing policy changes manually, changing DEFCON state changes the TrustSec policies defining how users, devices, and systems can talk to others — essentially raising the “network drawbridges” to protect your critical data and maintaining essential services. For example, you could define DEFCON 4 to kick all guests off the network, DEFCON 3 to kick all BYOD users off the network, DEFCON 2 to restrict peer-to-peer traffic, and DEFCON 1 to severely limit access to your “crown jewels,” wrote Kevin Skahill, director, product management in Cisco’s Secure Access and Mobility Product Group in a blog detailing the new security software.
ISE 2.2 also provides streamlined workflows that include guest, secure access, and BYOD setup with Cisco Wireless LAN Controllers in as little as 10 minutes. This approach also extends to customers migrating from the Cisco Access Control System (ACS), which Cisco recently announced will go end-of-sale, Skahill stated.
On the services side, Cisco announced an online DNA Advisor and network assessment tool that helps customers define their digital network. The company also announced DNA Advisory Services that will offer in-depth consulting to help enterprises formulate a digital strategy.
Cisco dovetailed the DNA announcement with the release of a study that looked at the issues surrounding what it calls digital-ready networks. Conducted by IDC and commissioned by Cisco, the research surveyed 2,054 global organizations across 10 countries to determine the digital readiness of their networks. A couple findings from the study included:
- Organizations clearly recognize the need to evolve their networks: Over the next two years, 45% of organizations expect to achieve digital-ready network capabilities. That represents three times the current adoption rates.
- Modern networks are delivering real, tangible benefits: Companies that have invested in modern network capabilities are experiencing two to three times the rate of growth in revenue, customer retention and profit. They have also deployed twice as many digital transformation initiatives compared to companies with legacy networks.
- On average, IDC’s research shows that interviewed organizations have been able to translate their digital network initiatives into significant financial value, achieving $188,000 to $745,000 per 100 users per year.
“Outdated infrastructure characteristics such as manual configuration and management processes, overlay security geared mainly toward external threats, and siloed network domains hinder the network’s ability to further the goals of digital business. For IT staff, valuable time is spent “keeping the lights on” instead of aligning network capabilities with strategic initiatives that improve operational efficiency and enhance customer experience. A network that is truly digital ready is a network that can dynamically align with the ever-changing needs of the enterprise. That means a network that allows more agility and faster time to innovation, better security, and greater operational efficiency and simplicity,” IDC wrote.