Cisco Extends Security Everywhere Strategy, Adds Cisco Cloud Access Security (CAS)

Cisco is advancing its Security Everywhere strategy deeper into the cloud, network, and endpoints with the launch of new security products and features, including Cisco Cloud Access Security (CAS). The new Cisco Cloud Access Security (CAS) offering allows organizations to increase visibility and control over data in cloud applications.

The number of unauthorized cloud applications used by employees in the enterprise is 15 to 20 times higher than CIOs predicted due to Shadow IT, according to the Cisco Cloud Consumption Services trend data.

The new Cisco Cloud Access Security (Cisco CAS) offering allows organizations to address this complexity. Cisco CAS would provide visibility and data security for cloud-based applications; Identity Services Engine (ISE) enhancements, extending visibility and control for network and endpoints with new location access controls; and Threat Awareness Service, which provides organizations with threat visibility into their networks.

Partnering with Skyhigh Networks and Elastica, Cisco CAS delivers increased visibility into ‘hidden’ applications that employees might bring onto the network; detection of malicious behavior; and the ability to set security policies that tailor application usage and user behavior to align with corporate policies. To protect cloud-based applications, such as Dropbox and, CAS prevents the uploading of sensitive information and inappropriate sharing of data in the applications, to limit data exposure breaches.

Cisco Cloud Web Security now integrates with CAS and provides branch offices secured direct Internet access with Integrated Services Router 4K router integration, “saving on bandwidth costs.”

Identity Services Engine (ISE)

cisco-cloud-securityThe Cisco Identity Services Engine (ISE) is extending software-defined business policies for control over more granularly segmented endpoint, user and geographical access. ISE now integrates with the Cisco Mobility Services Engine, so IT can create and enforce location policies that define access to data down to a specific room. This would reduce the overall attack surface, containing network threats, and securing wired, wireless and remote network access across the entire attack continuum.

Cisco ISE also is extending its security coverage through its pxGrid partner ecosystem with nine new partners – including Check Point, Infoblox, Invincea, E8 Security, Hawk Defense, Huntsman Security, LogRhythm, SAINT, and SOTI – bringing the total number of partners to 30 in its first year of deployment. Ecosystem partners can now share security telemetry bi-directionally between pxGrid partners. A new feature of the pxGrid Adaptive Network Control allows partners to leverage ISE to rapidly investigate and contain attacks using the network as an enforcer.

Threat Awareness Protection

Cisco Threat Awareness Service would enhance threat visibility of inbound and outbound network activity and highlight potential threats that may require additional attention. A base offer is included with purchases of the Cisco SMARTnet Total Care Service, while a premium offer, with additional functionality, is available as a yearly subscription.

cisco-cloudThe Network Visibility Module has been added to AnyConnect VPN to provide traffic flow and contextual data regarding users, applications, devices, locations, and destinations. Also, Cisco’s AMP (Advanced Malware Protection) Threat Grid would now provide broader contextual information across the full AMP portfolio, extending protection for ASA with FirePOWER Services and AMP for Networks. Both would put more visibility and control into the hands of businesses to rapidly address cyber threats.

OpenDNS Umbrella

Newly acquired OpenDNS uses its unique view of global Internet activity to provide cloud-delivered network security and threat intelligence solutions that provide advanced threat protection for any device, anywhere, anytime.

With this latest update, the OpenDNS Umbrella threat enforcement platform prevents system compromise and data exfiltration over any port or protocol for both DNS and IP-initiated connections.

Additionally, the OpenDNS Investigate global threat intelligence product now features a new search functionality that can uncover shared attacker infrastructure, find newly registered domains that are used to impersonate brand websites, and identify other patterns in phishing or targeted attacks.