Cisco Security Reference Architecture

Explore an overview of the Cisco Secure portfolio and common use cases.

How to use Cisco Security Reference Architecture

Cisco Security Reference Architecture provides an overview of the Cisco Secure portfolio, commonly deployed use cases, and their purpose within an integrated architecture. The reference architecture is organized into four categories: 

  • User/device security
  • Network security: cloud edge and on-premises
  • Application security
  • Security operations and threat intelligence

Every organization has a unique environment based on business requirements. Just because the reference architecture includes certain elements does not mean that your environment must. We encourage you to connect with your Cisco account team and map out your security journey. 

Reference architecture overview

The overview includes several commonly deployed use cases. One—which spans the entire architecture—is the Cisco Zero Trust solution (green horizontal bars) for workforce, workplace, and workload. Another is the Cisco SASE solution (blue horizontal bars), which consists of products from the user/device and network security categories. Cisco Umbrella, the primary component of SASE in cloud edge, serves as a secure connection hub for all remote users and network edges/branches. Cloud edge also includes a private cloud edge (shorter blue horizontal bar) that allows some customers to selectively build their own SASE edge using colocation facilities such as Equinix, Megaport, and others. Security operations (dark blue SecureX horizontal bar) oversee all the modules below it. It receives telemetry for monitoring, investigations, and analysis (with Talos threat intelligence) and delivers responses via orchestration.

Use case: common identity

Cisco pxGrid facilitates user/device context sharing throughout the network and in the application security component of zero trust for workloads for hybrid private/public clouds such as AWS, Azure, and GCP. Identity sharing with Umbrella under cloud edge is available today using AD/LDAP connectors to extend on-premise identity to the Umbrella cloud as part of Umbrella's policy control. Extending identity into Umbrella using pxGrid will be an option in the future and will enable Umbrella customers to enrich their cloud access policies with greater context details. Many Fortune 1000 customers use pxGrid and leverage it to integrate any third-party pxGrid ecosystem solutions into their identity and access deployments.

Use case: converged multicloud policy

A converged multicloud policy can be built and managed in stages, starting with application workloads and moving toward the endpoints. Many customers request synchronization of workload and data center perimeter policies to improve firewall policy management in general. For example, a comprehensive secure workload policy can be synchronized with AWS VPC Network Security Group policies running EC2 agents and serverless apps. Beyond the data center perimeter, the workload policy engine can synchronize with network firewalls to improve operational efficiencies. This requires further examination and planning of network policies because of the complexity in merging multiple layers of firewalls. This concept of a multicloud converged policy engine is under development and will continue to evolve and improve based on commonly deployed customer use cases.

Use case: SASE integrations

The Cisco SASE solution via Cisco Umbrella delivers threat protection and secure access anywhere the user is—home, local coffee shop, headquarters, or regional office. The combination with SD-WAN ensures the appropriate access policy is applied, without the user needing to decide how to securely connect. The Cisco SASE solution autotunnel feature—using, for example, Viptela vManage—lets customers easily build thousands of security IP tunnels with a few clicks and API key entries. Leveraging Umbrella's Secure Internet Gateway (SIG) capabilities, customers can enjoy security features such as DNS security, Snort IPS, cloud-delivered firewall, remote browser isolation, CASB, malware inspection, and more. These advanced security and deployment features reduce human error in large-scale deployments and help enable context-rich policies that mitigate unauthorized access. 

Use case: zero-trust network access (ZTNA)

The Cisco Zero Trust solution provides user and application security across the entire architecture. Both personal BYOD and corporate-issued devices are put through an adaptive multi-factor authentication process and assigned the least-privileged access with continuous trust monitoring. Application access is dynamically revoked or authorized if the user/device posture status changes. With Umbrella's managed ZTNA, customers can offload the remote access administration to Cisco managed services and quickly deploy zero-trust services for public and private application protection. Self-managed ZTNA customers can continue to deploy AnyConnect VPN services or leverage Duo's cloud single sign-on (SSO) and Duo Network Gateway for non-VPN based application access. Duo's passwordless SSO improves and simplifies users' login experience.

Use case: SecureX telemetry and orchestration

The Cisco SecureX platform provides visibility, investigation/response, and orchestration with context and threat intelligence sharing to assist incident responders. Endpoint device information (ranging from mobile device management, endpoint security software such as Duo Device Health, Cisco Secure clients, and third-party antivirus management) can be sent to Device Insights for a complete asset inventory and compliance validation. SecureX's open and flexible API capabilities further enhance its threat efficacy through third-party integrations. SecureX orchestration allows administrators to reach from the cloud into corporate networks to enforce a block rule or policy inside corporate firewalls or other enforcement devices.