CISCO BORDERLESS NETWORKS€¦ · s 1 Cisco’s Architecture for Borderless Network Security Policy...
Transcript of CISCO BORDERLESS NETWORKS€¦ · s 1 Cisco’s Architecture for Borderless Network Security Policy...
© 2009 Cisco Systems, Inc. All rights reserved. 1
CISCOBORDERLESS
NETWORKS
© 2009 Cisco Systems, Inc. All rights reserved. 2
Creating New Business Models
Source: Forrester Report “State of the CIO Agenda” January 2009: 600 Business/506 IT Executives
Customer Experience/Innovation
Improve quality of products and services
Manage customer relationships
Acquire and retain customers
Drive innovative new market offering/biz practices
1 2
Productivity/ Operating Expense
Lower company operating costs
Improve workforce productivity
Support globalization
2
The Key Change:Putting the Interaction Where the Customer Is
© 2009 Cisco Systems, Inc. All rights reserved. 3
Driving the Transformation
Mobility Video
WorkspaceExperience
Mobile Devices
IT Resources
1.3 Billion New Networked Mobile Devices in Next 3 Years
60% of All Cisco Network Traffic Today Is Video
Blurring the Borders : Consumer ↔ Workforce; Employee ↔ Partner
HealthcareData
↔
© 2009 Cisco Systems, Inc. All rights reserved. 4
Changing Environment; Shifting Borders
IT Consumerization
Device Border
Mobile Worker
Location Border
Video/Cloud
IaaS,SaaS
Application Border
External-FacingApps Internal
Apps
© 2009 Cisco Systems, Inc. All rights reserved. 5
Bo
rde
rless
Da
ta C
en
ter
3
Bo
rde
rless
Inte
rne
t
2
Bo
rde
rless
En
d Z
on
es
1
Cisco’s Architecture for Borderless Network Security
Policy
Corporate Border
Branch Office
Applications
and Data
Corporate Office
Policy(Access Control, Acceptable Use, Malware, Data Security)4
Home Office
AttackersCoffee
ShopCustomers
Airport
Mobile
User Partners
Platform
as a Service
Infrastructure
as a ServiceX
as a ServiceSoftware
as a Service
© 2009 Cisco Systems, Inc. All rights reserved. 6
Pillar 2: Borderless Security ArrayAdvanced Scanning and Enforcement Capabilities
Access Control | Acceptable Use | Data Security |Threat Protection
Integrated into the Fabric of the Network
Cisco IronPortEmail Security
Appliance
Cisco AdaptiveSecurity Appliance
Cisco IntegratedServices Routers
Cisco IronPortWeb Security
Appliance
6
VM Software Security Module Hybrid HostedAppliance
© 2009 Cisco Systems, Inc. All rights reserved. 7
Man
ag
em
en
t
Email Security ArchitectureCisco IronPort C-Series
Virus
Defense
CISCO IRONPORT ASYNCOS™
EMAIL PLATFORM
Data Loss
Prevention
Secure
Messaging
INBOUND
SECURITY
OUTBOUND
CONTROL
MAIL TRANSFER
AGENT
Spam
Defense
© 2009 Cisco Systems, Inc. All rights reserved. 8
Very negative score:
TCP connection is
rejected
> 99% Catch Rate
< 1 in 1 million
False Positives
IronPort Anti-SpamSenderBase
Reputation Filtering
Who? How?
What?Where?
Verdict
Very positive score:
messages are delivered
Suspicious
Score
Anti-Spam Defense Multi-layer architecture
90% of messages stopped
© 2009 Cisco Systems, Inc. All rights reserved. 9
Cisco IronPort E-Mail EncryptionEasy for the sender…
Gateway encrypts message
User opens IronPort
PXE in browser
User authenticates &
gets message key
Cisco Registered Envelope Service
Password
Decrypted
message
displayed
Message pushed
to Recipient
Key
Stored
© 2009 Cisco Systems, Inc. All rights reserved. 10
Cisco IronPort S-SeriesA Powerful, Secure Web Gateway Solution
Most effective defense against web-based malware
Visibility and control for acceptable use and data loss
High performance to ensure best end-user experience
Integrated solution offering optimum TCO
Management and Reporting
AsyncOS for Web
Acceptable Use Policy
Malware Defense
Data Security
© 2009 Cisco Systems, Inc. All rights reserved. 11
Next-Generation Secure Web GatewayConsolidation Drives Operational Efficiency
Users
After IronPort
Internet
Firewall
Users
Web Proxy and Caching
Anti-Spyware
Anti-Virus
Anti-Phishing
URL Filtering
Policy Management
Before IronPort
Cisco IronPort S-Series
Internet
Firewall
© 2009 Cisco Systems, Inc. All rights reserved. 12
Multi-Layered Malware DefenseProtection Against Today’s Threats
Layer 4 Traffic Monitor
Web Reputation Filters
Dynamic Vectoring and Streaming
Engine
Detects malicious botnet traffic across all ports
Blocks 70 percent of known and unknown malware traffic at connection time
Blocks malware based on deep content analysis
© 2009 Cisco Systems, Inc. All rights reserved. 13
Gartner says ...
© 2009 Cisco Systems, Inc. All rights reserved. 14
Advanced, Proactive Threat ProtectionCisco Security Intelligence Operations
GlobalThreat
Telemetry
GlobalThreatTelemetry
8:03 GMT Sensor Detects Hacker Probing
Bank Branchin Chicago
Ad Agency HQ in London
ISP Datacenterin Moscow
8:00 GMT Sensor Detects New Malware
8:07 GMT Sensor Detects New Botnet
8:10 GMTAll Cisco Customers Protected
Cisco
SensorBase
Threat
Operations Center
Advanced
Algorithms
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 14
Higher Threat Coverage, Greater Accuracy, Proactive Protection
© 2009 Cisco Systems, Inc. All rights reserved. 15
Threat Intelligence Benefits
SensorBase
700,000+ global sensors
Historical library of 40,000 threats
30% of global email and web traffic
500 third-party feeds, 100 news feeds, open source and vendor partnerships
360 degree dynamic threat visibility
Understanding of vulnerabilities and exploit technologies
Visibility into highest threat vehicles
Latest attack trends and techniques
Over 1000 servers process over 500GB of threat data per day
Depth of Coverage
© 2009 Cisco Systems, Inc. All rights reserved. 16
Threat Operations Center
Researchers and Analysts Benefits
Network security best practices and mitigation techniques
Insight into threat trends and future outlook
Quality assurance, reduced false positives
Around-the-clock global coverage
500 analysts and White Hat engineers
80+ PhDs, CCIEs, CISSPs, MSCEs
Human-aided rule creation and QC
Penetration testing, botnet infiltration, malware reverse engineering, vulnerability research
24 x 7 x 365 operations in five centers
95% of Internet languages covered
Security Expertise
© 2009 Cisco Systems, Inc. All rights reserved. 17
Powering Cisco Security Products and Services
IPS Reputation and Signature
FiltersAnti-Spam
Email and WebReputation
Filters
Security Filters: Industry’s Most Effective Security Features
Adaptive Security
Intrusion Prevention
Email Security
Web Security
Hosted Email Security
Cisco Products and Services: Proactive Protection, High-Performance
wwwwww
Live Reputation
Scores
Authored and Dynamic Rule Sets
New and Updated
Signatures
Customized Alerts Every 5
Minutes
Auto-Updates Every
5 Minutes
Cisco SIO: Threat Identification, Analysis, and Automated Defense
Alert Aggregation
Filters
Virus Outbreak
Filters
Firewall BotnetTraffic Filters
Service Modules
Alert Services
© 2009 Cisco Systems, Inc. All rights reserved. 18
Migration to the Cloud:Opposing Pressures
Accelerators Inhibitors
Financial Resources
Predictable Op-Ex
Operational Maintenance
Datacenter footprint
Security Privacy
Reliability
Control Management
Visibility
© 2009 Cisco Systems, Inc. All rights reserved. 19
The Cisco ApproachHybrid in Action
Reporting TrackingAdministration
Message
Encryption
On-Premise
Malware Filtering
On-Premise
Malware Filtering
Cloud
DLP
On-Premise
SensorBase
Seamless Security Deployment
Policy definition and enforcement
Simplified Management
Co-Governance
Unified View
Visibility, reporting and tracking
© 2009 Cisco Systems, Inc. All rights reserved. 20
FlexibilityUnified Reporting and Tracking
Benchmark Company vs. Industry Trends
Message and User Tracking
Unified View WithOn-premise Reports
Insight To Refine PolicyTo Address Business Needs
© 2009 Cisco Systems, Inc. All rights reserved. 21
Complementary Capabilities
Accelerating Cisco’s Cloud Security Vision
Endpoint footprint
Powerful enforcement engines
Network integration
Identity
Threat protection
Proven multi-tenant cloud
platform
Global footprint
Hosted operations
Zero day threat protection
Service provider enablement
Accelerating Cisco’s Borderless Security Vision
Persistent Security Advanced Scanning Hybrid SaaS Intelligent Policy
© 2009 Cisco Systems, Inc. All rights reserved. 22