Cisco Adding Threat Detection to ACI

Cisco Systems Inc. will add threat detection to its Application Centric Infrastructure (ACI), the company's alternative to the new software-defined networking (SDN) movement.

While some tenets of the young SDN technology call for decoupling hardware from software, facilitating the use of open standards and white-box -- or bare-metal -- switches, ACI is based on Cisco's purpose-built hardware and other proprietary components.

Cisco describes ACI as "a highly secure multi-tenant infrastructure based on whitelist policy model that isolates and segments both physical and virtual applications in the datacenter with centralized automation, visibility and auditing through the Application Policy Infrastructure Controller (APIC)."

To bolster the embedded security of ACI, Cisco announced the integration with its FirePOWER Next Generation Intrusion Prevention System (NGIPS).

FirePOWER security comes in the form of physical appliances and virtual appliances, such as Virtual Next-Generation IPS (NGIPSv) for VMware.

"ACI integration with FirePOWER NGIPS (including Advanced Malware Protection) provides security before, during and after an attack, enabling organizations to dynamically detect and block advanced threats with continuous visibility and control across the full attack continuum," the company said in a news release. "These new security capabilities deliver unprecedented control, visibility and centralized security automation in the datacenter."

The new security integration will be available in June.

The company also announced that ACI had been independently validated for deployment in networks compliant with the payment card industry (PCI).

"Protecting our corporate and customer information is always uppermost in our daily jobs and in planning for the future," the company quoted Ameritas exec Chuck Huetter as saying. "Cybersecurity is key to customer confidence, and we chose carefully when we selected Cisco ACI as our next-generation datacenter network platform. ACI's policy-based automation combined with next-generation intrusion protection and advanced malware protection will optimize our ability to safeguard sensitive information."

About the Author

David Ramel is an editor and writer for Converge360.


Subscribe on YouTube