With the recent launch of FirePower Threat Defense on Cisco 4000 Series Integrated Services Routers, I would like to spend some time talking about enterprise branch security and what are the requirements to keep in mind to secure your branch office. Let's start out by examining your branch environment.
What's happening at the branch today?
Cloud is redefining application delivery. Mobility is redefining network architecture. Next generation applications like Ultra High Definition videos, Web, and SaaS applications put increased pressure on bandwidth availability.
Organizations may be considering Direct Internet Access (DIA) at the branch to leverage local internet path for public cloud and internet access. Leveraging the local internet path at the branch reduces IT spending (freeing up costly WAN bandwidth for mission critical applications) and ensures better application experience, for example for applications hosted in the public cloud (less latency) but it may come with a cost since now the branch may be exposed to security threats.
Why should branch office security matter to you?
Gartner projects that by 2016,30%of advanced targeted threats -up from less than5%today -will specifically target branch offices as an entry point.
We all read in the news stories of data and identity theft, data loss and consequent loss of revenue associated with security attacks. We are also witnessing a shift in the accountability for data breaches from IT departments to business leaders. Additionally, according to Oracle's Security Overview, it has been found that 80% of data loss is caused by insiders and 40% of Internet break-ins occur in spite of a firewall being in place. PCI and other regulatory compliance is the threat protection starting point for companies that handle cardholders' information and other sensitive data.
It is recommended that you consider additional security requirements in your branch office network design.
Here's a list of Direct Internet Access use cases you may have at the branch:
Let's explore what are the requirements to protect your branch against internal and external threats in each of those use cases and how Cisco Integrated Services Routers can help you meet those requirements.
Guest user Wi-Fi
With guest user Wi-Fi, your business intent is to route guest traffic directly to the internet. You want to ensure high guest users satisfaction by routing guest user traffic directly to the Internet while your corporate traffic keeps being back-hauled to the headquarter. However, it is paramount that guest traffic does not pose a threat to your corporate environment. Therefore, you may want to create policies to segment your guest and corporate traffic as well as deploy content filtering policies for Wi-Fi users to ensure appropriate usage of the Wi-Fi network and avoid liability.
Advanced DIA Options
As you move to more advanced Direct Internet Access (DIA) options, you also need to beef up security at your branch. There are two scenarios: partial and full DIA.
Cisco Integrated Services Routers with Integrated Security help you meet the additional security requirements that Direct Internet Access at the branch poses without the cost of deploying additional appliances in your network:
Visit our page for more details on Router Security.
Please feel free to comment, share and connect with us @CiscoEnterprise, Facebook, LinkedIn and the Enterprise Networks Community.