By 2020, Cisco expects there to be up to 50 billion connected devices, signalling what the company says is a critical mass in achieving the promise of the Internet of Things (IoT). To help make that a reality, Cisco has introduced Cisco IoT Threat Defence, an architectural and services solution that segments devices on the network to provide protection for organizations at IoT scale. The first use of IoT Threat Defense is to secure vital services in advanced medical care, power generation and delivery, and automated manufacturing.
Network segmentation is not new. Virtual Local Area Networks (VLANs) have been in use for years. But, notes Cisco, the sheer scale of the IoT makes creating enough VLANs impractical, if not impossible. In response, the company developed TrustSec, an extensible, automated, policy-based technology to solve problems of secure segmentation at scale for the IoT that is supported across a range of Cisco equipment.
In addition to the use of network segmentation to securely scale to meet the needs of the IoT, Cisco IoT Threat Defenseis built as a best-of-breed architecture, featuring integrated Cisco security capabilities:
- Network segmentation (Cisco TrustSec)
- Network behavior analytics (Cisco Stealthwatch)
- Device visibility (Cisco ISE)
- Remote access (Cisco AnyConnect)
- Cloud security (Cisco Umbrella)
- Malware protection (Cisco AMP)
- Firewall (Cisco Firepower NGFW)
This architecture provides visibility and analysis of traffic to and from IoT devices, as well as traffic entering and exiting the organization to detect threats and compromised hosts. According to Cisco, it can detect anomalies, block threats, identify compromised hosts, and help mitigate user error. Additionally, says the company, it can secure remote access between sites and organizations.
