What is software-defined segmentation and how can it help secure your business?
Cisco TrustSec technology uses software-defined segmentation to simplify the provisioning of network access, accelerate security operations, and consistently enforce policy anywhere in the network. Cisco TrustSec is embedded technology in Cisco switches, routers, and wireless and security devices.
Cisco TrustSec Software-Defined Segmentation
Cisco TrustSec uses software-defined segmentation to reduce the risk of malware propagation, simplify security operations, and assist in meeting compliance goals. Traffic classification is based on endpoint identity, not IP address. It is also not based on access control lists (ACLs), helping to enable policy change without network redesign.
Taking Complexity Out of Network Security
Cisco TrustSec is embedded technology in your existing Cisco infrastructure. This can simplify provisioning and management of network access, make security operations more efficient, and help to enforce segmentation policy consistently, anywhere in the network.
Cisco Identity Services Engine, Cisco’s market-leading policy management platform, gathers advanced contextual data about who and what is accessing your network. It then defines role-based access using Security Group Tags to segment your network.
This centralized software-defined segmentation policy is pushed by Identity Services Engine to your TrustSec-enabled network devices in order to enforce policy decisions across the network.
Simplify Access Management
- Create and manage policies in a simple matrix using plain language
- Easily manage access control and segmentation across the enterprise while maintaining compliance
- Control access to critical assets by business role, device type, and location
Consistent Policy Across the Network
- Consistently enforce policies across the network and scale from mobile users to the data center
- Identity Services Engine central policy manager defines segmentation policies, which are enforced across wired, wireless, and VPN topologies
Reduce Operational Expenses
- Limit the impact of data breaches and prevent the lateral movement of threats and compromised devices across your network with micro-segmentation
- Reduce the need for costly network re-architecture by automating firewall rules and ACL administration
- Easily comply with audits for PCI and other compliance requirements using network segmentation
Cisco TrustSec technology is available in products used in the branch office, campus, and data center. It is embedded in Cisco switching, routing, firewall, and wireless devices. Supporting platforms include:
- Cisco Identity Services Engine
- Cisco Catalyst and Cisco Nexus switches
- Cisco Integrated Services Routers
- Cisco wireless LAN products
- Cisco ASA firewalls and VPN appliances
See the Cisco TrustSec product matrix for a complete list of products and capabilities.
Erickson Living Customer Case Study ( PDF - 1 MB )
Erickson Living Customer Case Study ( PDF - 246 KB )
Fitness Company Builds Secure Data Center
Global Bank Builds Foundation for Highly Secure BYOD
Global Banking Customer Case Study ( PDF - 1 MB )
Proteccion contra de seguridad, racionlizacion de la prestacion de servicios ( PDF - 345 KB )
Protecting Against Security Threats, Streamlining Service Delivery ( PDF - 887 KB )
Providing Next-Generation Security for Today's Healthcare
Securing Fire Service That Protects Millions ( PDF - 671 KB )
How-to Guide for Campus and Branch Segmentation ( PDF - 2 MB )
Quick Start Configuration Guide ( PDF - 5 MB )
Securing BYOD with Cisco TrustSec Security Group Firewalling
User-to-Data-Center Access Control Using TrustSec Deployment Guide April 2016 ( PDF - 3 MB )
User-to-Data-Center Access Control Using TrustSec Design Guide October 2015 ( PDF - 1 MB )
Cisco TrustSec for Software Defined Segmentation
Retirement Community Goes Mobile
Cisco TrustSec 4.0 Product Bulletin
Cisco TrustSec 2.0 Product Bulletin
Cisco TrustSec 1.0 Product Bulletin
Cisco TrustSec Release 5.3 System Bulletin ( PDF - 497 KB )
Cisco TrustSec Solution: Intelligently Control Access to Corporate Data