CISCO BORDERLESS NETWORKS€¦ · s 1 Cisco’s Architecture for Borderless Network Security Policy...

of 22/22
© 2009 Cisco Systems, Inc. All rights reserved. 1 CISCO BORDERLESS NETWORKS
  • date post

    04-Jul-2020
  • Category

    Documents

  • view

    2
  • download

    0

Embed Size (px)

Transcript of CISCO BORDERLESS NETWORKS€¦ · s 1 Cisco’s Architecture for Borderless Network Security Policy...

  • © 2009 Cisco Systems, Inc. All rights reserved. 1

    CISCOBORDERLESS

    NETWORKS

  • © 2009 Cisco Systems, Inc. All rights reserved. 2

    Creating New Business Models

    Source: Forrester Report “State of the CIO Agenda” January 2009: 600 Business/506 IT Executives

    Customer Experience/Innovation

    Improve quality of products and services

    Manage customer relationships

    Acquire and retain customers

    Drive innovative new market offering/biz practices

    1 2

    Productivity/ Operating Expense

    Lower company operating costs

    Improve workforce productivity

    Support globalization

    2

    The Key Change:Putting the Interaction Where the Customer Is

  • © 2009 Cisco Systems, Inc. All rights reserved. 3

    Driving the Transformation

    Mobility Video

    WorkspaceExperience

    Mobile Devices

    IT Resources

    1.3 Billion New Networked Mobile Devices in Next 3 Years

    60% of All Cisco Network Traffic Today Is Video

    Blurring the Borders : Consumer ↔ Workforce; Employee ↔ Partner

    HealthcareData

  • © 2009 Cisco Systems, Inc. All rights reserved. 4

    Changing Environment; Shifting Borders

    IT Consumerization

    Device Border

    Mobile Worker

    Location Border

    Video/Cloud

    IaaS,SaaS

    Application Border

    External-FacingApps Internal

    Apps

  • © 2009 Cisco Systems, Inc. All rights reserved. 5

    Bo

    rde

    rless

    Da

    ta C

    en

    ter

    3

    Bo

    rde

    rless

    Inte

    rne

    t

    2

    Bo

    rde

    rless

    En

    d Z

    on

    es

    1

    Cisco’s Architecture for Borderless Network Security

    Policy

    Corporate Border

    Branch Office

    Applications

    and Data

    Corporate Office

    Policy(Access Control, Acceptable Use, Malware, Data Security)4

    Home Office

    AttackersCoffee

    ShopCustomers

    Airport

    Mobile

    User Partners

    Platform

    as a Service

    Infrastructure

    as a ServiceX

    as a ServiceSoftware

    as a Service

  • © 2009 Cisco Systems, Inc. All rights reserved. 6

    Pillar 2: Borderless Security ArrayAdvanced Scanning and Enforcement Capabilities

    Access Control | Acceptable Use | Data Security |Threat Protection

    Integrated into the Fabric of the Network

    Cisco IronPortEmail Security

    Appliance

    Cisco AdaptiveSecurity Appliance

    Cisco IntegratedServices Routers

    Cisco IronPortWeb Security

    Appliance

    6

    VM Software Security Module Hybrid HostedAppliance

  • © 2009 Cisco Systems, Inc. All rights reserved. 7

    Man

    ag

    em

    en

    t

    Email Security ArchitectureCisco IronPort C-Series

    Virus

    Defense

    CISCO IRONPORT ASYNCOS™

    EMAIL PLATFORM

    Data Loss

    Prevention

    Secure

    Messaging

    INBOUND

    SECURITY

    OUTBOUND

    CONTROL

    MAIL TRANSFER

    AGENT

    Spam

    Defense

  • © 2009 Cisco Systems, Inc. All rights reserved. 8

    Very negative score:

    TCP connection is

    rejected

    > 99% Catch Rate

    < 1 in 1 million

    False Positives

    IronPort Anti-SpamSenderBase

    Reputation Filtering

    Who? How?

    What?Where?

    Verdict

    Very positive score:

    messages are delivered

    Suspicious

    Score

    Anti-Spam Defense Multi-layer architecture

    90% of messages stopped

  • © 2009 Cisco Systems, Inc. All rights reserved. 9

    Cisco IronPort E-Mail EncryptionEasy for the sender…

    Gateway encrypts message

    User opens IronPort

    PXE in browser

    User authenticates &

    gets message key

    Cisco Registered Envelope Service

    Password

    Decrypted

    message

    displayed

    Message pushed

    to Recipient

    Key

    Stored

  • © 2009 Cisco Systems, Inc. All rights reserved. 10

    Cisco IronPort S-SeriesA Powerful, Secure Web Gateway Solution

    Most effective defense against web-based malware

    Visibility and control for acceptable use and data loss

    High performance to ensure best end-user experience

    Integrated solution offering optimum TCO

    Management and Reporting

    AsyncOS for Web

    Acceptable Use Policy

    Malware Defense

    Data Security

  • © 2009 Cisco Systems, Inc. All rights reserved. 11

    Next-Generation Secure Web GatewayConsolidation Drives Operational Efficiency

    Users

    After IronPort

    Internet

    Firewall

    Users

    Web Proxy and Caching

    Anti-Spyware

    Anti-Virus

    Anti-Phishing

    URL Filtering

    Policy Management

    Before IronPort

    Cisco IronPort S-Series

    Internet

    Firewall

  • © 2009 Cisco Systems, Inc. All rights reserved. 12

    Multi-Layered Malware DefenseProtection Against Today’s Threats

    Layer 4 Traffic Monitor

    Web Reputation Filters

    Dynamic Vectoring and Streaming

    Engine

    Detects malicious botnet traffic across all ports

    Blocks 70 percent of known and unknown malware traffic at connection time

    Blocks malware based on deep content analysis

  • © 2009 Cisco Systems, Inc. All rights reserved. 13

    Gartner says ...

  • © 2009 Cisco Systems, Inc. All rights reserved. 14

    Advanced, Proactive Threat ProtectionCisco Security Intelligence Operations

    GlobalThreat

    Telemetry

    GlobalThreatTelemetry

    8:03 GMT Sensor Detects Hacker Probing

    Bank Branchin Chicago

    Ad Agency HQ in London

    ISP Datacenterin Moscow

    8:00 GMT Sensor Detects New Malware

    8:07 GMT Sensor Detects New Botnet

    8:10 GMTAll Cisco Customers Protected

    Cisco

    SensorBase

    Threat

    Operations Center

    Advanced

    Algorithms

    © 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 14

    Higher Threat Coverage, Greater Accuracy, Proactive Protection

  • © 2009 Cisco Systems, Inc. All rights reserved. 15

    Threat Intelligence Benefits

    SensorBase

    700,000+ global sensors

    Historical library of 40,000 threats

    30% of global email and web traffic

    500 third-party feeds, 100 news feeds, open source and vendor partnerships

    360 degree dynamic threat visibility

    Understanding of vulnerabilities and exploit technologies

    Visibility into highest threat vehicles

    Latest attack trends and techniques

    Over 1000 servers process over 500GB of threat data per day

    Depth of Coverage

  • © 2009 Cisco Systems, Inc. All rights reserved. 16

    Threat Operations Center

    Researchers and Analysts Benefits

    Network security best practices and mitigation techniques

    Insight into threat trends and future outlook

    Quality assurance, reduced false positives

    Around-the-clock global coverage

    500 analysts and White Hat engineers

    80+ PhDs, CCIEs, CISSPs, MSCEs

    Human-aided rule creation and QC

    Penetration testing, botnet infiltration, malware reverse engineering, vulnerability research

    24 x 7 x 365 operations in five centers

    95% of Internet languages covered

    Security Expertise

  • © 2009 Cisco Systems, Inc. All rights reserved. 17

    Powering Cisco Security Products and Services

    IPS Reputation and Signature

    FiltersAnti-Spam

    Email and WebReputation

    Filters

    Security Filters: Industry’s Most Effective Security Features

    Adaptive Security

    Intrusion Prevention

    Email Security

    Web Security

    Hosted Email Security

    Cisco Products and Services: Proactive Protection, High-Performance

    wwwwww

    Live Reputation

    Scores

    Authored and Dynamic Rule Sets

    New and Updated

    Signatures

    Customized Alerts Every 5

    Minutes

    Auto-Updates Every

    5 Minutes

    Cisco SIO: Threat Identification, Analysis, and Automated Defense

    Alert Aggregation

    Filters

    Virus Outbreak

    Filters

    Firewall BotnetTraffic Filters

    Service Modules

    Alert Services

  • © 2009 Cisco Systems, Inc. All rights reserved. 18

    Migration to the Cloud:Opposing Pressures

    Accelerators Inhibitors

    Financial Resources

    Predictable Op-Ex

    Operational Maintenance

    Datacenter footprint

    Security Privacy

    Reliability

    Control Management

    Visibility

  • © 2009 Cisco Systems, Inc. All rights reserved. 19

    The Cisco ApproachHybrid in Action

    Reporting TrackingAdministration

    Message

    Encryption

    On-Premise

    Malware Filtering

    On-Premise

    Malware Filtering

    Cloud

    DLP

    On-Premise

    SensorBase

    Seamless Security Deployment

    Policy definition and enforcement

    Simplified Management

    Co-Governance

    Unified View

    Visibility, reporting and tracking

  • © 2009 Cisco Systems, Inc. All rights reserved. 20

    FlexibilityUnified Reporting and Tracking

    Benchmark Company vs. Industry Trends

    Message and User Tracking

    Unified View WithOn-premise Reports

    Insight To Refine PolicyTo Address Business Needs

  • © 2009 Cisco Systems, Inc. All rights reserved. 21

    Complementary Capabilities

    Accelerating Cisco’s Cloud Security Vision

    Endpoint footprint

    Powerful enforcement engines

    Network integration

    Identity

    Threat protection

    Proven multi-tenant cloud

    platform

    Global footprint

    Hosted operations

    Zero day threat protection

    Service provider enablement

    Accelerating Cisco’s Borderless Security Vision

    Persistent Security Advanced Scanning Hybrid SaaS Intelligent Policy

  • © 2009 Cisco Systems, Inc. All rights reserved. 22