One necessary lesson the pandemic taught us is that enterprises want a community infrastructure to help a hybrid workforce with a distributed software panorama. In a hybrid office atmosphere, folks want to have the ability to work fluidly from distant dwelling workplaces in addition to from established department and campus workplace areas. In these dynamic office environments, IT wants to make sure that particular staff or work teams are subjected to the right safety coverage controls, whatever the connection location, to allow them to use the functions that they’re entitled to entry. With our most up-to-date improvements and integrations, Cisco’s SD-WAN cloth is able to help IT’s safety wants whereas making certain optimum software experiences for the hybrid workforce in addition to clients and companions.
The Cisco SD-WAN safe cloth has advanced in a number of instructions to deal with hybrid workforce by:
- Bringing id consciousness with Cisco Identity Services Engine (ISE) into the SD-WAN cloth to authenticate folks and gadgets as they entry networked sources,
- Extending the community safety cloth to distant dwelling workplaces and workspaces,
- Detecting superior persistent threats via integrations with Cisco Secure Network Analytics.
Integration with Cisco Identity Services Engine
Cisco’s Identity Services Engine (ISE) is the state-of-the-art community entry management (NAC) resolution for managing all kinds of endpoints. It gives folks and gadgets with safe entry to community sources with a zero-trust structure. Cisco ISE serves as a coverage determination level by performing authentication and authorization of the folks and gadgets connecting to the community. To allow authentication, ISE integrates with id suppliers similar to Active Directory. Cisco’s SD-WAN vManage integrates with ISE to allow IT to configure safety insurance policies primarily based on customers and consumer teams connecting to the SD-WAN cloth. IT can apply complete safety capabilities—similar to software firewall, anti-malware safety, intrusion prevention, and URL filtering—all through the SD-WAN cloth to a particular consumer or consumer group wherever within the enterprise campus to distant areas. (Refer to Fig.1)
Consider a state of affairs in a college the place the community administrator wish to restrict entry to social media websites for college students—however then make an exception for a particular consumer group in recruiting for social outreach functions. Access insurance policies can now be configured on Cisco vManage via consumer and user-group-based URL filtering.
Connecting and Protecting the Home Office
Cisco’s Catalyst Wireless Gateway platform allows the distant dwelling workplace workforce to seamlessly hook up with the safe SD-WAN cloth. Remote staff join regionally to a Catalyst Wireless Gateway at dwelling and authenticate community entry permissions through Cisco ISE. The IPSec tunnels that originate from Catalyst Wireless Gateways are terminated on an SD-WAN department router. This allows the consumer and user-group-based insurance policies to be utilized from the Cisco ISE Policy Server to distant home-based workforces, thereby extending the scope of the identity-based safe cloth. (Refer to Fig 2)
Securing Enterprise Branches with Cisco Secure Cloud Analytics
From a safety perspective, enterprise branches using direct web and multi-cloud entry connections are notably inclined to breaches which might be signatureless and capable of exploit vulnerabilities, compromise credentials, and entry encrypted communications. These behaviors can happen weeks to months earlier than a file-based menace is injected and may proceed to happen even after the breach because the threats transfer laterally east-west to focus on company belongings.
Cisco vManage can now export Flexible NetFlow (FNF) data to the Cisco Telemetry Broker. This allows Cisco Secure Cloud Analytics to detect behavioral threats related to credential theft, insider threats, penalties of misconfigurations, signatureless day-zero exploits, and encrypted threats. These new integrations with Cisco vManage allow IT to:
- Maintain community visibility and reporting on hybrid/multi-cloud and on-prem networks;
- Enable safety in opposition to Advanced Persistent Threats similar to workload vulnerabilities, information exfiltration, privilege escalation, stolen credentials, and encrypted threats;
- Enable quicker identification of threats and indicators of compromise;
- Provide coverage verification;
- Identify vulnerabilities attributable to misconfigurations.
A More Secure SD-WAN Fabric from Campus to Home
The Cisco SD-WAN cloth has elevated its scope to incorporate securing the distant workforce with new integrations with Cisco ISE and Cisco Secure Cloud Analytics. Now IT can prolong entry and safety insurance policies throughout the enterprise campus to branches and distant staff at dwelling—wherever folks want to hook up with the SD-WAN cloth.
Learn extra about Cisco ISE
Additional Resources:
Cisco Remote Workforce Network Solution Overview
Get curated content material from Networking specialists on the Networking Experiences Content Hub
Share: