Reduce the attack surface
Use your Cisco network as an enforcer to minimize malicious attacks. (1:30 min)
Use Your Network to Enforce Security Policies
See how you can use your network to apply your security policies, control access to online resources, and block attacks.
Learn about your network’s built-in policy-enforcer capabilities:
Software Defined Segmentation
Use Cisco TrustSec with Cisco Identity Services Engine (ISE) to segment your network and enforce role-based, topology-independent, and access-independent access control. With Cisco TrustSec technology, you can control access to network segments and resources by context and user, device, and location, according to your security policy.
For example, you can set a group policy that only traffic with a Security Group Tag (SGT) from an authorized finance department user can access finance resources. With SGTs, a user with maintenance contractor credentials is blocked from accessing finance data, regardless of network topology or whether this contractor was using wired or wireless access to the network.
Centralized Policy Engine
Cisco ISE serves as a centralized policy engine that provides real-time access control decisions for Cisco switches, routers, wireless and security devices. This helps improve scalability and policy consistency. Furthermore, when new threats are identified (for example, through Cisco Stealthwatch), Cisco ISE can send updated policy decisions for the network to block attacks or compromised devices. This dynamic policy capability:
- Grants the right levels of access to the right users and devices
- Limits the impact of data breaches through software-defined segmentation and real-time threat response
It also helps you simplify regulatory compliance efforts using centralized policy and network segmentation capabilities. For example, you can apply a central policy and segregate the parts of the network that process financial or health information data from the rest of the environment. This can help you reduce the scope, cost, and complexity of the Payment Card Industry Data Security Standard (PCI DSS) and Health Insurance Portability and Accountability Act of 1996 (HIPAA) network compliance audits.