Network as an Enforcer

Reduce the attack surface

Use your Cisco network as an enforcer to minimize malicious attacks. (1:30 min)

Reduce the attack surface

Use Your Network to Enforce Security Policies

See how you can use your network to apply your security policies, control access to online resources, and block attacks.

Learn about your network’s built-in policy-enforcer capabilities:

Software Defined Segmentation

Use Cisco TrustSec with Cisco Identity Services Engine (ISE) to segment your network and enforce role-based, topology-independent, and access-independent access control. With Cisco TrustSec technology, you can control access to network segments and resources by context and user, device, and location, according to your security policy.

For example, you can set a group policy that only traffic with a Security Group Tag (SGT) from an authorized finance department user can access finance resources. With SGTs, a user with maintenance contractor credentials is blocked from accessing finance data, regardless of network topology or whether this contractor was using wired or wireless access to the network.

Centralized Policy Engine

Cisco ISE serves as a centralized policy engine that provides real-time access control decisions for Cisco switches, routers, wireless and security devices. This helps improve scalability and policy consistency. Furthermore, when new threats are identified (for example, through Lancope StealthWatch), Cisco ISE can send updated policy decisions for the network to block attacks or compromised devices. This dynamic policy capability:

  • Grants the right levels of access to the right users and devices
  • Limits the impact of data breaches through software-defined segmentation and real-time threat response

It also helps you simplify regulatory compliance efforts using centralized policy and network segmentation capabilities. For example, you can apply a central policy and segregate the parts of the network that process financial or health information data from the rest of the environment. This can help you reduce the scope, cost, and complexity of the Payment Card Industry Data Security Standard (PCI DSS) and Health Insurance Portability and Accountability Act of 1996 (HIPAA) network compliance audits.

Additional Resources