Hot off the heels of Cisco Live! in Las Vegas, there’s a continued buzz about the Cisco Application Centric Infrastructure (ACI) and how it is helping organizations transform from legacy to next-generation private cloud data centers. In fact, front-and-center to this year’s event was the desire to transform Cisco offerings and make them more cloud-like, responding to the transition businesses are currently undertaking as they move further away from hardware-centric networks. The excitement could be felt all the way up here in the Bay Area– and one thing is clear; the move to modernize data center networks is challenging our traditional security approaches.
The desire to transform from static, manual processes and procedures to a more agile and automated infrastructure continues to propel organizations to adopt the next-generation data center. At the heart of this new infrastructure is the ability to treat all core tenants – servers, storage and the network – as a pool of resources called upon at will to quickly provision new applications and services. However, this model challenges traditional security capabilities, exposing modern data centers to a host of new challenges.
Security has traditionally been focused on protecting perimeter, or north-south, traffic going into and out of the data center. But the dissolving network perimeter means there are multiple entry points into corporate data center networks – not just the “traditional” north-south gateway. In addition, server and network virtualization are driving more and more data moving east-west, or laterally, within the data center. Thus any threat introduced into the data center now has the ability move and infect other hosts unimpeded since traffic isn’t being inspected by “traditional” security measures.
What’s more, traditional security approaches are manual, operationally complex, slow and unable to keep pace with dynamic changes and rapid application provisioning. Security is too often cited as a roadblock to enabling rapid development, and as a result IT security teams are typically not invited to the party. To compound things further, knowledge about cloud security is sorely lacking throughout most organizations – both DevOps and IT teams don’t have sufficient experience with the technology or techniques needed to keep modern virtualized data center networks secure. Foregoing or improper implementation of security is a recipe for disaster.
Fortunately, there is remedy for these private cloud security blues: Check Point vSEC.
Check Point vSEC is a family of products that delivers advanced threat prevention security to public, private and hybrid cloud environments. Supporting leading network virtualization and IaaS solutions, vSEC enhances micro-segmentation capabilities to provide real-time proactive protections for traffic inside virtual data centers and public cloud environments. The Check Point vSEC Controller integrates with a variety of Cloud Orchestration Management platforms, allowing automated security service insertion as well as context sharing of security groups, tags and threat information. vSEC essentially transforms network security to make it as dynamic and agile as the cloud.
Today, we are proud to announce availability of Check Point vSEC for Cisco ACI. With this solution, Check Point and Cisco have partnered together to enable the secure delivery of applications at a fraction of the cost and time – and all in Cisco ACI-enabled private cloud data center networks. The joint solution provides the most comprehensive advanced threat prevention and zero-day security protections across both physical and virtual environments, lowering the costs and complexities of deploying and managing security in the Cisco ACI private clouds.
vSEC for Cisco ACI provides industry-leading advanced threat prevention security to keep next-generation data centers protected from even the most sophisticated threats. Fully integrated, multi-layer security protections include: Stateful Firewall, Intrusion Prevention System (IPS), Antivirus and Anti-Bot technology to protect data centers against lateral movement of threats; SandBlast Zero-Day Protection sandbox technology for the most advanced protection against malware and zero-day attacks; Application Control to prevent application layer Denial of Service (DoS) attacks; Data Loss Prevention protects sensitive data from theft or unintentional loss; and IPSec VPN and Mobile Access allows secure communication into cloud resources.
Tightly integrated with Cisco ACI, vSEC security gateways are provisioned automatically from the Application Policy Infrastructure Controller (APIC) and support dynamic policy orchestration leveraging APIC-defined objects and End-Point-Group (EPG) information. This level of integration also automatically adjusts security policies and enforcement to reflect any changes in the infrastructure without any manual intervention, enabling the secure deployment of applications.
Just like any Check Point security gateway, vSEC is managed by R80 Security Management. This allows organizations to deliver consistent policy management and enforcement across both north-south and east-west traffic. Consolidated logs and reports provide complete forensics analysis for both physical and virtual cloud data centers infrastructures, dramatically lowering operational costs and complexities of managing security in Cisco ACI private cloud networks.
Large data breaches make for great headlines and are some of the most widely publicized cyber events. In 2015, an estimated 177.9 million records were exposed, putting billions of dollars at risk and costing businesses millions more. With the increasing sophistication of attackers, malware and methodologies, this trend will only continue to grow. Compound this with a hodge-podge of legacy, virtual, and cloud infrastructures and we’re in for quite a ride. In the words of the great Yogi Berra, “The future ain’t what it used to be.”
Today, we have Check Point vSEC for Cisco ACI – the antidote to your private cloud security blues. Click here to learn more about how vSEC helps businesses of all sizes securely transition to public, private and hybrid clouds.