Specifically, Cisco is adding Cisco® Cloud Access Security (CAS), which provides visibility and data security for cloud-based applications; Identity Services Engine (ISE) enhancements, extending visibility and control for network and endpoints with new location access controls; and Threat Awareness Service, which provides organizations with threat visibility into their networks.
Cloud Visibility and Control
According to the Cisco Cloud Consumption Services trend data, the number of unauthorized cloud applications used by employees in the enterprise is 15 to 20 times higher than CIOs predicted due to Shadow IT. The new Cisco Cloud Access Security (CAS) offering allows organizations to address this complexity as well as increase visibility and control over data in cloud applications.
Partnering with Skyhigh Networks and Elastica, CAS delivers increased visibility into “hidden” applications that employees might bring onto the network; detection of malicious behavior; and the ability to set security policies that tailor application usage and user behavior to align with corporate policies. To protect cloud-based applications, such as Dropbox and Salesforce.com, CAS prevents the uploading of sensitive information and inappropriate sharing of data in the applications, to limit data exposure breaches.
Cisco Cloud Web Security now integrates with CAS and provides branch offices secure direct Internet access with Integrated Services Router 4K router integration, saving on bandwidth costs.
Safeguarding Endpoint Connections and Data Access
As businesses open their networks to the IoT and mobile devices as well as third-party applications, they are faced with balancing access and protection with accelerating how quickly they can make security changes to map to their business requirements. Over 68 percent of enterprises find that employees’ use of mobile devices on their networks has significantly increased endpoint risk.
The Cisco Identity Services Engine (ISE) is extending software-defined business policies for control over more granularly segmented endpoint, user and geographical access. ISE now integrates with the Cisco Mobility Services Engine, so IT can create and enforce location policies that define access to data down to a specific room. This reduces the overall attack surface, containing network threats, and securing wired, wireless and remote network access across the entire attack continuum.
ISE also is extending its security coverage through its pxGrid partner ecosystem with nine new partners – including Check Point, Infoblox, Invincea, E8 Security, Hawk Defense, Huntsman Security, LogRhythm, SAINT, and SOTI – bringing the total number of partners to 30 in its first year of deployment. Ecosystem partners can now share security telemetry bi-directionally between pxGrid partners. A new feature of the pxGrid Adaptive Network Control allows partners to leverage ISE to rapidly investigate and contain attacks using the network as an enforcer.
Threat Awareness Protection
Often organizations do not have visibility of potential vulnerabilities in their network. What they can’t see, they can’t protect.
Leveraging the power of Cisco’s threat intelligence telemetry, Cisco Threat Awareness Service enhances threat visibility of inbound and outbound network activity and highlights potential threats that may require additional attention. A base offer is included with purchases of the Cisco SMARTnet™ Total Care™ Service, while a premium offer, with additional functionality, is available as a yearly subscription.
Enhancing Protection for AnyConnect, AMP Everywhere
Rounding out the new security offerings are the addition of the Network Visibility Module to AnyConnect® VPN to provide traffic flow and contextual data regarding users, applications, devices, locations, and destinations. Also, AMP (Advanced Malware Protection) Threat Grid now provides broader contextual information across the full AMP portfolio, extending protection for ASA with FirePOWER™ Services and AMP for Networks. Both put more visibility and control into the hands of businesses to rapidly address cyber threats.
OpenDNS Umbrella
Newly acquired OpenDNS uses its unique view of global Internet activity to provide cloud-delivered network security and threat intelligence solutions that provide advanced threat protection for any device, anywhere, anytime. With this latest update, the OpenDNS Umbrella threat enforcement platform prevents system compromise and data exfiltration over any port or protocol for both DNS and IP-initiated connections. Additionally, the OpenDNS Investigate global threat intelligence product now features a new search functionality that can uncover shared attacker infrastructure, find newly registered domains that are used to impersonate brand websites, and identify other patterns in phishing or targeted attacks.
Extended Security for Partners
The advancement of the Cisco Security Everywhere strategy creates new profitable business opportunities for partners by further addressing customers’ security challenges across their entire IT infrastructure and extended network. This expanded portfolio provides greater visibility, context and control further into the cloud, the network and endpoints. It provides an end-to-end security platform that covers the entire attack continuum, while reducing complexity for the customer and driving growth for partners. Cisco has made significant investments to help partners profitably grow their Cisco Security business through a joint go-to-market approach, training, and skills development workshops.