Cisco has introduced an intent-based policy management for networks, built on a Mesh Policy Engine. The Intent-Based Policy Management is a response to the increasingly complex security requirements arising in networks due to hybrid work models, cloud usage, and external partnerships.
The technical foundation is the Mesh Policy Engine, a new feature within the Security Cloud Control interface. The core principle is that network operators no longer have to manually determine which specific firewalls need to be updated to grant access. Instead, they simply formulate the intent of the access: for example, Application A is allowed to communicate with Application B via certain ports and protocols. The Mesh Policy Engine then automatically takes over the identification of the affected devices and the distribution of the corresponding policies.
A feature of this architecture is its vendor independence within a Hybrid Mesh Firewall environment. The system follows the "program once, enforce everywhere" principle. This eliminates the need for admins to deal with the individual management interfaces of different providers or manually validate the exact topology for each rule change.
With this approach, the focus of management shifts away from the device level to pure access logic, reducing the risk of inconsistent policies and faulty implementations.
Use Cases and Benefits
In practical application, Intent-Based Policy Management enables a significant acceleration of security processes while simultaneously easing the burden for maintenance and support. New or updated policies can be created within minutes using this cross-system approach and applied to the corresponding firewalls. This is particularly important for the lifecycle management of network access: Admins can view via Security Cloud Control at any time which applications have which access rights and safely revoke them if necessary, without risking unintended effects on other systems.
The technology supports companies in optimizing their existing infrastructure without the need for a complete replacement, as new devices can be seamlessly integrated into the hybrid mesh architecture.
Network segmentation and rule set hygiene are another important area of application. By focusing on the actual intent, the engine can, according to Cisco, remove up to 80 percent of redundant rules and 35 percent of objects. This simplifies administration and prevents unauthorized access.
Your maintenance expert in data centers
With decades of experience, we know what matters when maintaining your data center hardware. Benefit not only from our experience but also from our excellent prices. Get a non-binding offer and compare for yourself.
More Articles
The Anthropic Economic Futures Program: Preparing for an AI-Shaped Economy
Anthropic has launched the Anthropic Economic Futures Program. The initiative aims to promote research on the economic impacts of
Three Mile Island nuclear power plant could be brought back online earlier than planned
The Three Mile Island (TMI) nuclear power plant, which is set to supply power to Microsoft's data centers, could
Fujitsu is building Japan’s next supercomputer: FugakuNEXT
Fujitsu has been awarded the contract by the Japanese research institute RIKEN to develop a new supercomputer, provisionally named
