Cisco Security Borderless Network Strategy · Advanced, Proactive Threat Protection Cisco Security...
Transcript of Cisco Security Borderless Network Strategy · Advanced, Proactive Threat Protection Cisco Security...
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Ahmed [email protected] Network Lead,Africa & Levant
Cisco Security Borderless Network Strategy
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 2
Traditional Corporate Border
Corporate Border
Branch Office
Applications and Data
Corporate Office
Policy
Attackers CustomersPartners
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 3
Mobility and CollaborationIs Dissolving the Internet Border
Corporate Border
Branch Office
Applications and Data
Corporate Office
Policy
Attackers Customers
Home Office
Coffee Shop
Airport
Mobile User Partners
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 4
Cloud Computing Is Dissolving the Data Center Border
Corporate Border
Branch Office
Applications and Data
Corporate Office
Policy
Attackers
Home Office
Coffee ShopCustomers
Airport
Mobile User Partners
Platformas a Service
Infrastructureas a Service
Xas a ServiceSoftware
as a Service
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 5
Customers Want Business Without Borders
Corporate Border
Branch Office
Applications and Data
Corporate Office
Policy
Attackers
Home Office
Coffee ShopCustomers
Airport
Mobile User Partners
Platformas a Service
Infrastructureas a Service
Xas a ServiceSoftware
as a Service
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 6
Cisco’s Architecture for Borderless Network SecurityPolicy
Corporate Border
Branch Office
Applications and Data
Corporate Office
Home Office
Attackers Coffee ShopCustomers
Airport
Mobile User Partners
Platformas a Service
Infrastructureas a Service
Xas a ServiceSoftware
as a Service
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 7
BorderlessData Center
3
BorderlessInternet
2
BorderlessEnd Zones
1
Cisco’s Architecture for Borderless Network SecurityPolicy
Corporate Border
Branch Office
Applications and Data
Corporate Office
Attackers Coffee ShopCustomers
Airport
Mobile User Partners
Platformas a Service
Infrastructureas a Service
Xas a ServiceSoftware
as a Service
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 8
BorderlessData Center
3
BorderlessInternet
2
BorderlessEnd Zones
1
Cisco’s Architecture for Borderless Network Security
Corporate Border
Branch Office
Applications and Data
Corporate Office
Policy(Access Control, Acceptable Use, Malware, Data Security)4
Home Office
Attackers Coffee ShopCustomers
Airport
Mobile User Partners
Platformas a Service
Infrastructureas a Service
Xas a ServiceSoftware
as a Service
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 9
Intelligent End Point Traffic RoutingPillar 1: Borderless End Zone
Persistent ConnectivityAlways On, Location AwareAuto Head-end DiscoveryIPsec , SSL VPN, DTLS
Advanced SecurityStrong Authentication
Fast, Accurate ProtectionConsistent Enforcement
Broadest CoverageMost OS’s and Protocols
Windows MobileApple iPhone
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 10
Always On Security and ProtectionTraditional VPN
Protected Un-Protected
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 11
Always On Security and ProtectionTraditional VPN
Protected
Cisco Borderless Network Security
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 12
Always On Security and ProtectionAnytime, Anywhere, Any Device
Sitting in a Park
Cape Town, South AfricaCape Town, South Africa
At a Coffee Shop
Sydney, AustraliaSydney, Australia
In the Office
San Jose, CaliforniaSan Jose, California
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 13
Pillar 2: Borderless Security ArrayAdvanced Scanning and Enforcement Capabilities
Access Control | Acceptable Use | Data Security |Threat ProtectionIntegrated into the Fabric of the Network
Access Control | Acceptable Use | Data Security |Threat ProtectionIntegrated into the Fabric of the Network
Cisco IronPortEmail Security Appliance
Cisco AdaptiveSecurity Appliance / IPS
Cisco IntegratedServices Routers
Cisco IronPortWeb Security Appliance
13
VM Software Security Module Hybrid HostedAppliance
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 14
HTTP Is the New TCP
Instant MessagingPeer to Peer
File Transfer Protocol
Understanding Web Traffic14
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 15
Advanced Content Analysis
15
SSN Detection
Rule Is Matched MultipleTimes to Increase Score
Unique Rule Matches Are Met
Matches Are Foundin Close Proximity
Proper NameDetection
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 16
Advanced, Proactive Threat ProtectionCisco Security Intelligence Operations
GlobalThreat
TelemetryGlobalThreatTelemetry
8:03 GMT Sensor Detects Hacker Probing
Bank Branchin Chicago
Ad Agency HQ in London
ISP Datacenterin Moscow
8:00 GMT Sensor Detects New Malware
8:07 GMT Sensor Detects New Botnet
8:10 GMTAll Cisco Customers Protected
8:10 GMTAll Cisco Customers Protected
Cisco SensorBase
Threat Operations Center
AdvancedAlgorithms
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 16
Higher Threat Coverage, Greater Accuracy, Proactive Protection
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 17
AppServer
DatabaseServer
WebServer
Physical Security Device
Virtual Contexts
Pillar 3: Secure Virtualized Data CenterSecure Physical Infrastructure1
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 18
AppServer
DatabaseServer
WebServer
Physical Security Device
Virtual Contexts
Pillar 3: Secure Virtualized Data Center
AppServer
DatabaseServer
WebServer
Hypervisor
Physical Security Device
Virtual Contexts
Connect Physical Security to Virtual Machines with Cisco’s SIA2Secure Physical
Infrastructure1
Service Chaining
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 19
AppServer
DatabaseServer
WebServer
Physical Security Device
Virtual Contexts
Pillar 3: Secure Virtualized Data Center
AppServer
DatabaseServer
WebServer
Hypervisor
Physical Security Device
Virtual Contexts VIRTUAL SECURITY
AppServer
DatabaseServer
WebServer
Hypervisor
Connect Physical Security to Virtual Machines with Cisco’s SIA2Secure Physical
Infrastructure1 Embed Security in the Virtual Switch3
Service Chaining
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 20
Pillar 4: Rich Policy Enables “Ubiquitous”, Consistent Control
Who? What? When? Where? How?
3 Policy On and Off Premise
2 Dynamic Containment Policy
1 AccessPolicy
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 21
Access Control
Access Control Policy
In a Cisco Secure and Protected Borderless Network
Access Control Violation
Remote WebEx Participant
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 22
In a Cisco Secure and Protected Borderless NetworkAcceptable Use
Employee in Marketing Department
Acceptable Use Policy
Access Control Violation
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 23
In a Cisco Secure and Protected Borderless NetworkData Security
Data SecurityPolicy
Data SecurityViolation
Employee at Unmanaged Device
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Key Takeaways
Cisco’s security strategy has 4 pillars:The End ZoneThe Internet EdgeThe Data Center, and Policy
Cisco security is positioned to secure the Borderless Network Experience
Security is a journey … Not a destination