Home > Articles > Building a Security Strategy

Building a Security Strategy

Chapter Description

Bob Vachon introduces network security-related concepts and summarizes how security policies are implemented using a lifecycle approach.

The chapter covers the following topics:

Cisco Borderless Network Architecture

  • Borderless Security Products

Cisco SecureX Architecture and Context-Aware Security

  • Cisco TrustSec
  • TrustSec Confidentiality
  • Cisco AnyConnect
  • Cisco Talos

Threat Control and Containment

Cloud Security and Data-Loss Prevention

Secure Connectivity Through VPNs

Security Management

Cisco Borderless Network Architecture

Traditional approaches to network security used well-defined borders to protect inside networks from outside threats and malware. Employees used corporate computers secured with antivirus and personal firewalls. Perimeter-based networks were protected using network-scanning devices (firewalls, web proxies, and email gateways).

Today, network borders are dissolving as users want to access to resources from any location, on any type of endpoint device, using various connectivity methods. Cisco has addressed this with the Borderless Network Architecture, which integrates the following components:

Borderless end zone

The zone offers deployment flexibility and strong security services in multiple dimensions as users connect to the network. End-user access is based on the security posture of the connecting endpoint using the Cisco AnyConnect SSL VPN Client. Infrastructure protection is provided using firewalls, intrusion prevention systems (IPSs), web security, and email security.

Borderless Internet

Implemented by performing Layer 2 through Layer 7 scanning engines managed by enterprises and cloud providers. Scanning engines assume the role of firewalls, intrusion detection/prevention systems (IDSs/IPSs), network proxies, and web gateways.

Borderless data center

Layers virtualized components on top of existing infrastructure components to provide security solutions for the cloud.

Policy management layer

The security policy is managed in central locations and then enforced throughout the network based on context-specific variables.

It provides the following:

  • Access policy (who, what, when, where, and how)
  • Dynamic containment policy
  • Policy for on and off premise

Borderless Security Products

The architectural approach to security found in the Borderless Network Architecture results in distinct categories of Cisco products, technologies, and solutions:

  • SecureX and context-aware security
  • Threat control and containment
  • Cloud security and data-loss prevention
  • Secure connectivity through VPNs
  • Security management
2. Cisco SecureX Architecture and Context-Aware Security | Next Section

There are currently no related articles. Please check back later.