At-a-Glance
  Business demand for cloud services, mobility, and the Internet of
  Things (IoT) has created exponential network growth and complexity. It
Benefits
• Reduce operational expenses
by simplifying network
segmentation and defining
security groups based on
business roles, not IP
addresses.
• Limit the impact of a data
breach by quickly isolating
and containing threats using
technology already in your
network.
• Centrally apply and enforce
consistent policies across wired,
wireless, and remote-access
users and devices.
“Effective network
segmentation … reduces the
extent to which an
adversary can move across
the network.”
– U.S. Department of Homeland
Security
U.S. Computer Emergency
Readiness Team
Cisco TrustSec Technology
Fast Security for Fast IT
has introduced risk, too. Each new user, device, and data connection
represents a potential attack entry point. Your attack surface is
expanding.
To control the situation, you need dynamic security that moves at the
pace of your business. Network segmentation is essential to protecting
critical business assets, but traditionally requires extensive manual
maintenance. Embedded in your existing Cisco® network infrastructure,
Cisco TrustSec® security technology simplifies and accelerates network
access control with software-defined segmentation. Controls are defined
simply using endpoint roles, not IP address, so policy changes can be
made without redesigning the network.
The centralized policy management platform for TrustSec is the
Cisco Identity Services Engine. It gathers contextual data about
who and what is accessing your network. Administrators can use
this information to create groups and to assign access rights based
on role, function, location, and so on. This intuitive process gives
the right level of access to the right people at the right time and
allows access to critical applications to be easily controlled.
The increased visibility that Cisco TrustSec technology provides also helps
you better prioritize threats and accelerate remediation. Better inspection
and analysis of suspicious activity can reduce the time needed to identify a
potential breach, reducing its impact and associated costs.
How It Works
Traditional network segmentation use VLANs and access control lists (ACLs)
that are based on IP addresses, which require extensive manual
maintenance. The Cisco TrustSec approach simplifies segmentation by
dynamically organizing machines into logical groups, called security groups,
and enabling security policies to be written using security group tags.
The interaction of systems is determined by the security-group-based
policies, eliminating the need for VLAN-based or address-based policy
provisioning. Cisco TrustSec technology is available in virtual and physical
switches. It provides consistent management of virtual and physical workloads
across the campus and data center, allowing segmentation and
microsegmentation functions to be enabled anywhere on the network. Security
group-based policies also make firewall, VPN, and Web Security Apliances
much easier to manage.
Next Steps
For more information about Cisco TrustSec technology, contact your local
account representative or visit http://www.cisco.com/go/trustsec.
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S.
and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/ go/trademarks. Third-party trademarks mentioned are the property of
their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) C45-
577269-02 12/15