Cisco ACI integration with Skybox Security Posture Management Platform

In today’s hybrid networks, security policies need to be managed across large and complex on–premises and multi–cloud networks comprised of security devices from a variety of vendors. With literally tens of thousands of firewall rules across thousands of different devices, changes are rapid and complicated. Managing these networks using manual methods quickly becomes impossible, and can cause disruptive errors and outages, as well as security risks and compliance violations.

To overcome these challenges, you’ve got to start with unified visibility across the entire network. Only then will tools and teams be able to understand risk, maintain continuous compliance and identify, prioritize and provision needed security changes.

The integrated Cisco ACI and Skybox Security solution

With the integration of Skybox Security into the Cisco ACI architecture, customers can rapidly achieve the full potential of their ACI deployment. Integration features include:

Skybox Security complements the Cisco ACI architecture by extending and enhancing its policy–based automation to all security devices across the enterprise network, both inside and outside the data center. With Skybox Security’s model–driven visibility and unified policy management capabilities, customers can quickly:

Skybox imports the ACI configuration from the Cisco Application Infrastructure Controller (APIC) and creates a virtual model of the fabric layer, including bridge domains and virtual routers as well as the access control layer, EPGs and contracts. Skybox supports APIC versions 3.x to 5.x using REST APIs. Data from Cisco ACI servers can be collected using Cloud & Virtualization – Cisco ACI Collection tasks.

Attack surface modeling and simulation

• Automatically build and maintain a model of your hybrid network topology, security controls, assets and vulnerabilities.
• Use the detailed model to perform sophisticated analysis without disruption to the live network, or view a simplified, abstracted model for quick insight to risk across the organization.
• Analyze network paths end to end to assess network and application connectivity, access rules, compliance and security policy information along north–south and east–west paths.
• Securely plan transitions to cloud environments, ensuring the integrity of security expected in your on–prem network is matched in cloud environments as well.

Continuous and global policy compliance

• Enhanced visibility into EPGs, tenants, endpoints, and contracts in the ACI fabric.
• Quickly uncover gaps in access compliance across the hybrid network.
• Dynamically check each new change for compliance violations — and remediate issues before an audit.

Skybox supported Cisco products

• Cisco ACI
• Cisco sSecure Workload (Tetration)
• Cisco IOS routers
• Cisco Wireless LAN Controllers
• Cisco IOS switches