Security Lab — Cisco BFSI portfolio map

A placement-oriented mind map of Cisco offerings for large BFSI environments.

This page maps Cisco product families to the places they usually occupy in a large banking, financial services, and insurance environment. It is a learning guide, not a bill of materials.

Executive Map

Cisco in BFSI
├── Data center and private cloud
│   ├── Nexus 9000 / NX-OS
│   ├── ACI / APIC
│   ├── Nexus Dashboard / NDFC / NDO / Insights
│   ├── MDS 9000 SAN
│   ├── UCS / Intersight
│   └── Secure Workload
├── Campus, branch, and workplace
│   ├── Catalyst switching and wireless
│   ├── Catalyst Center
│   ├── ISE
│   └── Meraki
├── WAN, branch edge, and cloud edge
│   ├── Catalyst SD-WAN
│   ├── Catalyst 8000 / 8000V
│   ├── Meraki MX SD-WAN
│   └── Secure Access / SASE
├── Security architecture
│   ├── Secure Firewall / FMC / FTDv
│   ├── ISE / TrustSec / segmentation
│   ├── Duo / Identity Intelligence
│   ├── Secure Access / Umbrella / SSE
│   ├── XDR / Secure Endpoint
│   └── Secure Workload
├── Observability and operations
│   ├── Splunk Enterprise / Cloud
│   ├── Splunk Observability
│   ├── Splunk AppDynamics
│   ├── ThousandEyes
│   └── Nexus Dashboard / Catalyst Center / Meraki assurance
└── Collaboration, CX, and facilities
    ├── Webex / Webex Contact Center
    ├── Industrial Ethernet / IoT routers
    └── Meraki cameras and sensors

Placement Model

DomainBFSI placementCisco familiesWhy it matters
Core data centersPrimary DC, DR DC, private cloud, payment and core banking networksNexus 9000, NX-OS, ACI, Nexus Dashboard, MDS, UCS, IntersightLow latency, high availability, segmentation, predictable change
Branch and campusHQ, operations centers, branches, call centersCatalyst, Catalyst Center, ISE, MerakiUser access, NAC, wireless assurance, branch resilience
WAN and cloud edgeMPLS, DIA, SD-WAN, colocation, cloud on-rampsCatalyst SD-WAN, Catalyst 8000/8000V, Meraki MX, ThousandEyesSecure branch connectivity, SaaS performance, cloud reachability
Perimeter and segmentationInternet edge, DMZ, partner edge, east-west controlsSecure Firewall, FMC, FTDv, ASAv, Secure Workload, ISEPCI zones, partner isolation, zero-trust segmentation
Identity and accessWorkforce access, privileged access, network admission, remote accessISE, Duo, Secure Access, Identity IntelligenceMFA, device trust, NAC, ZTNA, least privilege
SOC and SecOpsSIEM, XDR, endpoint response, incident responseSplunk, Cisco XDR, Secure Endpoint, TalosDetection, investigation, compliance evidence
ObservabilityDigital banking, payments, mobile apps, internet pathsSplunk Observability, AppDynamics, ThousandEyes, Nexus Dashboard InsightsCustomer experience and root-cause isolation
Collaboration and CXHQ, branches, operations rooms, contact centersWebex, Webex Contact Center, room devicesRegulated collaboration and customer support
Facilities and edgeBuildings, cameras, sensors, remote sites, ATM-support networksIndustrial Ethernet, industrial routers, Meraki cameras/sensorsPhysical security and remote-site visibility

Learning Tracks

TrackStart withThen add
Data center fabricNexus 9300v, NX-OS, underlay routing, MP-BGP EVPN, VXLANMultisite border gateways, Nexus Dashboard, NDFC, then ACI
Branch and WANIOS XE routing and Catalyst 8000V conceptsCatalyst SD-WAN, policies, segmentation, cloud on-ramp
Identity and segmentationISE policy, 802.1X, MAB, TACACS+TrustSec/SGT, firewall integration, pxGrid
Security edgeFirewall policy, NAT, IPS, VPN, loggingFMC/FTDv, ASAv, Secure Access, Duo, XDR
Security operationsWazuh, Security Onion, Greenbone lab loopsSplunk, Cisco XDR, Secure Endpoint, Talos mapping
ObservabilityApp and network telemetry conceptsThousandEyes, AppDynamics, Splunk Observability

Current Lab Mapping

Cisco offeringLab analog or targetPriority
Nexus 9300vImported into EVE-NGNow
Nexus DashboardDownloaded, standalone VM pendingAfter manual fabric
NDFCEvaluate inside Nexus Dashboard if entitlement allowsAfter Nexus Dashboard
ACI SimulatorFuture virtual applianceAfter NX-OS fundamentals
Catalyst 8000VFuture KVM/EVE imageWAN track
ISEFuture VM/ISO/OVAIdentity track
FTDv/FMCvFuture security VM pairFirewall track
ASAvFuture classic firewall VMOptional
SplunkTrial/free option or map to Wazuh firstSOC and observability
ThousandEyesTrial/licensed agents or conceptual mappingAssurance
MerakiDashboard/API concepts unless hardware or trial is availableBranch operations
  1. NX-OS fundamentals and EVPN/VXLAN.
  2. Multisite EVPN/VXLAN and DCI.
  3. Nexus Dashboard and NDFC.
  4. Catalyst SD-WAN and Catalyst 8000V.
  5. ISE and network access control.
  6. Secure Firewall and FMC.
  7. Secure Workload microsegmentation.
  8. ACI/APIC after NX-OS is understood.
  9. Splunk, ThousandEyes, and AppDynamics placement.
  10. Secure Access, Duo, XDR, and AI-era security offerings.

Source Notes

The private lab repository keeps the fuller source-backed analysis at:

/home/ze/codex-security-lab-agent/docs/CISCO_BFSI_PORTFOLIO_MINDMAP.md

Last reviewed: 2026-05-13