Challenge
A global financial services organization was interested in enforcing a unified security policy throughout their network infrastructure. The move toward a unified security policy would reduce potential attacks to their network, aid in preventing malware propagation, lower administrative overhead and increase agility within their environment for the integration of mergers and acquisitions.
The organization was interested in using Cisco's TrustSec and Secure Group Tagging (SGT) to accomplish their security policy goal, but before moving forward they wanted to be sure of how the products would function when integrated into their existing infrastructure. They turned to WWT for a proof of concept.
Solution
WWT used its Advanced Technology Center to create the organization's network topology and develop lab test cases.
During this two-week engagement, we scaled down the organization's environment to focus on exposure points within the network at the campus and branch user level. At this level, the organization would experience the most new user logins through mergers and acquisitions or mobility devices. By securing the organization's external access points, we could ultimately secure the data center.
WWT built out a typical enterprise campus topology with MPLS connectivity and Active Directory as their identity store for testing. From here, the principal CSE created various test use cases by importing security groups into Cisco Identity Services Engine (ISE) from the Active Directory.
Results
Our proof of concept created a knowledgebase for the financial organization. The organization was able to realize the benefits of user control with context-based access, segmentation control to reduce malware propagation, and secure operational efficiencies for integration of mergers and acquisitions.
Now comfortable with a TrustSec and SGT solution, the organization solicited WWT moving forward.
The organization was able to apply the proof of concept design to production of a low level SGT design with ISE modifications and is currently working with WWT on finalizing the infrastructure and future scope of TrustSec.