Cisco Firewalls and ISE Extend Zero Trust Network Visibility and Control

As the number of remote workers continues to grow worldwide, organizations are diligently seeking to strike the right balance between security and convenience. Employees utilize a wide variety of devices to access company web sites, applications, and data. Some devices are maintained by the company and therefore assumed to be secure, but many devices are provided by employees and out of corporate IT control. Implementing too many security requirements can decrease worker productivity, while too little can expose the organization to data loss, security breaches, regulatory compliance issues, and other negative consequences.  

According to the Cisco 2020 CISO Benchmark Report, a zero-trust framework enables organizations to “identify and verify every person and device trying to access your infrastructure. Zero trust is a pragmatic and future-proof framework that can help bring effective security across your architecture – spanning the workforce, workload, and workplace.

A zero-trust framework achieves these three success metrics, among others:

• The user is known and authenticated

• The device is checked and found to be adequate

• The user is limited to where they can go within your environment

 Having zero trust in place removes much of the guesswork in protecting your infrastructure from all potential threats, including mobile devices.”

Cisco Security protects your entire infrastructure with best-of-breed products on an integrated, open platform that enables you to effectively secure all access across networks, applications, and environments. Cisco’s industry-leading firewall solutions provide deep visibility and context across networks from the endpoint to the cloud.

 For example, let’s take a look at what happens when a user inserts a USB drive into a corporate laptop that is protected by Cisco security solutions. For starters, Cisco Advanced Malware Protection (AMP) automatically detects, blocks and removes any malware, and the results can be shared with the firewall’s Firepower Management Center (FMC). At the same time, Cisco Identity Services Engine (ISE) sends user identity information and metadata (including device type and security group tags) to the firewall FMC, which provides granular visibility and control. This includes the ability to create firewall policies for specific device types (e.g., Apple or Samsung devices) and enables FMC to differentiate between corporate and personal devices. 

The firewall can then direct ISE to take action, including the shutdown of a specific switch port, tagging traffic from a device that has a quarantined system tag, and more. This is just one example since the firewall FMC can use a wide range of criteria to determine if a device is a threat and then direct ISE to take appropriate action.

Today the firewall is more relevant than ever, and we need to think about it using a fresh perspective. We must go beyond form factors and physical or virtual appliances to embrace firewalling as a functionality. Firewalling needs to be about delivering world-class security controls – the key elements for preventing, detecting, and blocking attacks faster and more accurately. All with common policy and threat visibility delivered everywhere you need it, including the data centerprivate cloud, and public cloud environments. 

Learn more about Cisco’s industry-leading approach to firewalling and discover how you can effectively secure your organization’s network today and in the future by reading The Future of Firewall