Cisco Digital Network Architecture
Cisco Digital Network Architecture (DNA) is a collection of different solutions that make up an architecture. It is the Cisco intent-based network. Cisco DNA is composed of four key areas: WAN, campus, data center, and cloud edge. Each area has its own Cisco solutions that integrate with each other: Cisco Software-Defined WAN (Cisco SD-WAN), Cisco Software-Defined Access (Cisco SD-Access), Cisco Application Centric Infrastructure (Cisco ACI), and Cisco Secure Agile Exchange (SAE). Each area is built with security ingrained in each solution. Figure 1-5 illustrates the pillars of Cisco DNA. At the center, Cisco DNA is powered by intent, informed by context, constantly learning, and constantly protecting. This is what translates the business intent into network policy, provides constant visibility into all traffic patterns, leverages machine learning at scale to provide increasing intelligence, and enables the network to see and predict issues and threats so the business can respond faster.
)
Figure 1-5 Cisco Digital Network Architecture (DNA)
The increased use of cloud services and mobile devices is creating IT blind spots. This industry demands a new holistic approach to security. Security is at the core of Cisco DNA. Cisco offers a full life cycle of on-premises and cloud-hosted solutions to maximize protection for organizations. Because Cisco can focus on all aspects of security, this lowers complexity by reducing to one the number of security vendors required to protect the business. Cisco DNA can turn the entire network into a sensor to detect malicious traffic and anomalies in behavior. Figure 1-6 shows the different areas of security that Cisco provides solutions for.
)
Figure 1-6 Cisco Security Overview
Cisco Stealthwatch can baseline the network and provide anomaly detection when something changes. This even includes detecting changes in traffic or user behavior. A great example of this is when a user typically uses an average amount of bandwidth within the network to do her daily job tasks. If all of a sudden the user starts downloading gigabytes’ worth of data and sending it to another machine in another country, Stealthwatch considers this an anomaly. This doesn’t necessarily mean the user is being malicious or stealing company data; it could be that the user’s machine has been compromised and malware is attacking the network. In either case, Stealthwatch would be able to detect this and inform the IT operations staff to take action. Automated network segmentation can address this type of challenge to ensure that the users and networks are in compliance. Taking this innovation a step further, the Cisco Catalyst 9000 Series switches have the capability to detect malware and other malicious threats within encrypted traffic. This is called Cisco Encrypted Traffic Analytics (ETA). This is unique to Cisco and is one of the most advanced forms of security protection available today. Combining this with all the telemetry and visibility that the network can provide, it greatly reduces the risk and potential impact of threats to the network. It is important to note that the power of Cisco DNA is that all of these technologies across all of these pillars work in concert. Security is ingrained in everything Cisco offers; it is not an afterthought or something that rides on top of the network—security is the network. Figure 1-7 depicts the Cisco stance on security and how it fits within the network environment. It illustrates that security is just as critical as the network itself. Providing the most robust network that can provide value to the business and enhance users’ application experience in a secure and agile fashion is essential to many organizations.
)
Figure 1-7 Security in Everything