Cisco Security Borderless Network Strategy · Advanced, Proactive Threat Protection Cisco Security...

© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

Ahmed [email protected] Network Lead,Africa & Levant

Cisco Security Borderless Network Strategy

© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 2

Traditional Corporate Border

Corporate Border

Branch Office

Applications and Data

Corporate Office

Policy

Attackers CustomersPartners


Mobility and CollaborationIs Dissolving the Internet Border

Corporate Border

Branch Office


Corporate Office

Policy

Attackers Customers

Home Office

Coffee Shop

Airport

Mobile User Partners


Cloud Computing Is Dissolving the Data Center Border

Corporate Border

Branch Office


Corporate Office

Policy

Attackers

Home Office

Coffee ShopCustomers

Airport


Platformas a Service

Infrastructureas a Service

Xas a ServiceSoftware

as a Service


Customers Want Business Without Borders

Corporate Border

Branch Office


Corporate Office

Policy

Attackers

Home Office

Coffee ShopCustomers

Airport





as a Service


Cisco’s Architecture for Borderless Network SecurityPolicy

Corporate Border

Branch Office


Corporate Office

Home Office

Attackers Coffee ShopCustomers

Airport





as a Service


BorderlessData Center

3

BorderlessInternet

2

BorderlessEnd Zones

1

Cisco’s Architecture for Borderless Network SecurityPolicy

Corporate Border

Branch Office


Corporate Office


Airport





as a Service


BorderlessData Center

3

BorderlessInternet

2

BorderlessEnd Zones

1

Cisco’s Architecture for Borderless Network Security

Corporate Border

Branch Office


Corporate Office

Policy(Access Control, Acceptable Use, Malware, Data Security)4

Home Office


Airport





as a Service


Intelligent End Point Traffic RoutingPillar 1: Borderless End Zone

Persistent ConnectivityAlways On, Location AwareAuto Head-end DiscoveryIPsec , SSL VPN, DTLS

Advanced SecurityStrong Authentication

Fast, Accurate ProtectionConsistent Enforcement

Broadest CoverageMost OS’s and Protocols

Windows MobileApple iPhone


Always On Security and ProtectionTraditional VPN

Protected Un-Protected


Always On Security and ProtectionTraditional VPN

Protected

Cisco Borderless Network Security


Always On Security and ProtectionAnytime, Anywhere, Any Device

Sitting in a Park

Cape Town, South AfricaCape Town, South Africa

At a Coffee Shop

Sydney, AustraliaSydney, Australia

In the Office

San Jose, CaliforniaSan Jose, California


Pillar 2: Borderless Security ArrayAdvanced Scanning and Enforcement Capabilities

Access Control | Acceptable Use | Data Security |Threat ProtectionIntegrated into the Fabric of the Network

Access Control | Acceptable Use | Data Security |Threat ProtectionIntegrated into the Fabric of the Network

Cisco IronPortEmail Security Appliance

Cisco AdaptiveSecurity Appliance / IPS

Cisco IntegratedServices Routers

Cisco IronPortWeb Security Appliance

13

VM Software Security Module Hybrid HostedAppliance


HTTP Is the New TCP

Instant MessagingPeer to Peer

File Transfer Protocol

Understanding Web Traffic14


Advanced Content Analysis

15

SSN Detection

Rule Is Matched MultipleTimes to Increase Score

Unique Rule Matches Are Met

Matches Are Foundin Close Proximity

Proper NameDetection


Advanced, Proactive Threat ProtectionCisco Security Intelligence Operations

GlobalThreat

TelemetryGlobalThreatTelemetry

8:03 GMT Sensor Detects Hacker Probing

Bank Branchin Chicago

Ad Agency HQ in London

ISP Datacenterin Moscow

8:00 GMT Sensor Detects New Malware

8:07 GMT Sensor Detects New Botnet

8:10 GMTAll Cisco Customers Protected

8:10 GMTAll Cisco Customers Protected

Cisco SensorBase

Threat Operations Center

AdvancedAlgorithms


Higher Threat Coverage, Greater Accuracy, Proactive Protection


AppServer

DatabaseServer

WebServer

Physical Security Device

Virtual Contexts

Pillar 3: Secure Virtualized Data CenterSecure Physical Infrastructure1


AppServer

DatabaseServer

WebServer


Virtual Contexts

Pillar 3: Secure Virtualized Data Center

AppServer

DatabaseServer

WebServer

Hypervisor


Virtual Contexts

Connect Physical Security to Virtual Machines with Cisco’s SIA2Secure Physical

Infrastructure1

Service Chaining


AppServer

DatabaseServer

WebServer


Virtual Contexts

Pillar 3: Secure Virtualized Data Center

AppServer

DatabaseServer

WebServer

Hypervisor


Virtual Contexts VIRTUAL SECURITY

AppServer

DatabaseServer

WebServer

Hypervisor

Connect Physical Security to Virtual Machines with Cisco’s SIA2Secure Physical

Infrastructure1 Embed Security in the Virtual Switch3

Service Chaining


Pillar 4: Rich Policy Enables “Ubiquitous”, Consistent Control

Who? What? When? Where? How?

3 Policy On and Off Premise

2 Dynamic Containment Policy

1 AccessPolicy


Access Control

Access Control Policy

In a Cisco Secure and Protected Borderless Network

Access Control Violation

Remote WebEx Participant


In a Cisco Secure and Protected Borderless NetworkAcceptable Use

Employee in Marketing Department

Acceptable Use Policy

Access Control Violation


In a Cisco Secure and Protected Borderless NetworkData Security

Data SecurityPolicy

Data SecurityViolation

Employee at Unmanaged Device

© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

Key Takeaways

Cisco’s security strategy has 4 pillars:The End ZoneThe Internet EdgeThe Data Center, and Policy

Cisco security is positioned to secure the Borderless Network Experience

Security is a journey … Not a destination

Cisco Security Borderless Network Strategy · Advanced, Proactive Threat Protection Cisco Security...

Documents

Transcript of Cisco Security Borderless Network Strategy · Advanced, Proactive Threat Protection Cisco Security...