Cisco has introduced an intent-based policy management for networks, built on a Mesh Policy Engine. The Intent-Based Policy Management is a response to the increasingly complex security requirements arising in networks due to hybrid work models, cloud usage, and external partnerships.
The technical foundation is the Mesh Policy Engine, a new feature within the Security Cloud Control interface. The core principle is that network operators no longer have to manually determine which specific firewalls need to be updated to grant access. Instead, they simply formulate the intent of the access: for example, Application A is allowed to communicate with Application B via certain ports and protocols. The Mesh Policy Engine then automatically takes over the identification of the affected devices and the distribution of the corresponding policies.
A feature of this architecture is its vendor independence within a Hybrid Mesh Firewall environment. The system follows the "program once, enforce everywhere" principle. This eliminates the need for admins to deal with the individual management interfaces of different providers or manually validate the exact topology for each rule change.
With this approach, the focus of management shifts away from the device level to pure access logic, reducing the risk of inconsistent policies and faulty implementations.
Use Cases and Benefits
In practical application, Intent-Based Policy Management enables a significant acceleration of security processes while simultaneously easing the burden for maintenance and support. New or updated policies can be created within minutes using this cross-system approach and applied to the corresponding firewalls. This is particularly important for the lifecycle management of network access: Admins can view via Security Cloud Control at any time which applications have which access rights and safely revoke them if necessary, without risking unintended effects on other systems.
The technology supports companies in optimizing their existing infrastructure without the need for a complete replacement, as new devices can be seamlessly integrated into the hybrid mesh architecture.
Network segmentation and rule set hygiene are another important area of application. By focusing on the actual intent, the engine can, according to Cisco, remove up to 80 percent of redundant rules and 35 percent of objects. This simplifies administration and prevents unauthorized access.
Your maintenance expert in data centers
With decades of experience, we know what matters when maintaining your data center hardware. Benefit not only from our experience but also from our excellent prices. Get a non-binding offer and compare for yourself.
More Articles
AI safety & AI security: Why the Topic Is Experiencing a Boom Right Now
Artificial Intelligence has now become a fundamental infrastructure that permeates our daily lives in work, education, administration, medicine, and
AI in healthcare: Study shows risks to data privacy
Health data is particularly sensitive. A recent study highlights risks associated with the use of AI in healthcare.At the NeurIPS
New subsea cable between Sweden and Finland aims to improve reliability
GlobalConnect has begun laying a new submarine cable that will connect Sweden and Finland via Åland. This investment is
