Empowering What’s Next Cisco Customer Education · Empowering What’s Next Cisco Customer ......

Empowering What’s Next

Cisco Customer Education

This session was recorded via Cisco WebEx! You can watch the live session recording via the following URL:

https://acecloud.webex.com/acecloud/lsr.php?RCID=1cd1928bb30445e5ba2bdd5712a74975

Thanks for your interest and participation!

Cisco Prime: Transform Your Network with Cisco



Empowering What’s Next

Cisco Customer Education

Cisco Prime: Transform Your Network with Cisco

Connect using the audio conference box or you can call into the meeting:

1. Toll-Free: (866) 432-9903

2. Enter Meeting ID: 209 534 281 and your attendee ID number.

3. Press “1” to join the conference.

§ Welcome from Cisco!

§ A Brief History of Networking

§ Cisco Unified Access Overview § One Network § Wired, Wireless, WAN

§ One Policy § Identity Services, MDM

§ One Management § Cisco Prime Infrastructure

§ Network as Enforcer

§ Conclusion, Call to Action

Welcome and Agenda

Brian J Avery Territory Business Manager

Florida Territory Commercial

[email protected] Priors:

Cisco Sales and Channels (10 yrs)

President and CEO (6 yrs) Cisco Premier Partner

Director of Sales (2 yrs) Cisco Silver Partner

Financial Analyst (7 yrs) Sprint Corporation

Who Is Cisco?

Cisco Confidential 5 © 2014 Cisco and/or its affiliates. All rights reserved.

Computer scientists, Len Bosack and Sandy Lerner found Cisco Systems

Bosack and Lerner run network cables between two different buildings on the Stanford University campus

A technology has to be invented to deal with disparate local area protocols; the multi-protocol router is born

1984


Who Is Cisco?

Chuck Robbins, CEO, Cisco

• Dow Jones Industrial Average Fortune 100 Company

• $145B Market Capitalization

• $48B in Revenue

• $8B in Annual Profits

• $33B More Cash than Debt

• $5.9B in Research and Development

http://finance.yahoo.com/q/ks?s=CSCO+Key+Statistics

http://finance.yahoo.com/q/ks?s=CSCO+Key+Statistics

Market Leadership Matters

No. 1

Voice

39%

No. 1

TelePresence

43%

No. 1

Web Conferencing

41%

No. 1

Wireless LAN

50%

No. 2

x86 Blade Servers

27%

No. 1

Routing Edge/Core/

Access

45%

No. 1

Security

33%

No. 1

Switching Modular/Fixed

64%

No. 1

Storage Area Networks

47%

Q1CY14

§ CCE is an educational session for current and prospective Cisco customers

§ Designed to help you understand the capabilities and business benefits of Cisco technologies

§ Allow you to interact directly with Cisco subject matter experts and ask questions

§ Offer assistance if you need/want more information, demonstrations, etc.

What Is the Cisco Customer Education Series?

A Brief History of Networking Who Remembers When?

Cisco Confidential 10 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

20 Years Ago: Cubicles Office Space with different Networks

Wired Ethernet and Dedicated Phone Lines


Simplified wiring & beginning of infrastructure consolidation

15 Years Ago: Cisco introduced PoE and VoIP


Trusted Wireless Enabled Mobility

10 Years Ago: WiFi with Trusted Wireless


BYOD Maximized Flexibility

5 Years Ago: Bring Your Own Device (BYOD)


Next Generation Workspace and New Services enabled by the Network

Today: Workspace Transformation, Ent IoT & more


Ready for the Business and IT Transformation?

New Connected Experiences

IT Simplicity and Programmability

Managed Cloud Services

BYOD and Mobility

Optimal Application Experience

78% The network is increasingly critical.


The network is not ready for cloud**

The network is not ready for BYOD**

Policy for employee device access*

Ready for the Business and IT Transformation?

50% 41% 38%

*2012 Cisco IBSG Horizons Study **2013 Cisco Global IT Impact Survey

Cisco Unified Access The Intelligent Platform for a Connected World


Calling all Autobots!


With Cisco, You Can Have a Network That Drives Your Business

Making IT More Responsive to the Business Less Time on IT Operations, More Time on IT Business Innovation

One Management

One Network

One Policy

Simple

Secure

Lower TCO

One Network


Cisco Catalyst Switches – from Access to Backbone! New products across the complete portfolio

Flexible, scalable, feature-rich

modular access

Enterprise backbone

optimized for 10/40/100G

LOWER TCO

END-TO-END SECURITY

APPLICATION VISIBILITY

INVESTMENT PROTECTION

PERFORMANCE & SCALE

Smart, simple, green & secure wired access

Catalyst 2960

Advanced fixed switching with

Unified Access

Catalyst 3850/3650 Catalyst 4500E with SUP8-E

Catalyst 6500/6800


Catalyst Access Portfolio From essential connectivity to Unified Access for next-generation workspaces

UNIFIED WORKSPACE

• Secure, reliable access

• Low TCO & energy-eff icient

Competitiv e Feature Set at Compelling Prices

BYOD Video Mobility

Converged Wired/Wireless Access

• Scale and performance • Resiliency & high availability

• Application Visibility • Cisco TrustSec

Feat

ures

Scale


STACKABLE SWITCHES

Catalyst Converged Access Switching Portfolio Industry-Leading Switching - Deployment Choices, Flexibility, Affordability

High-Performance Stackable Switch

Cisco Catalyst 3850

Access points supported

• Modular uplinks

Stacking bandwidth

MODULAR SWITCHES

Highly Adopted Switching Platform

Cisco Catalyst 4500E with Supervisor 8-E

• Modular 8 x 1 and 10 Gigabit Ethernet Uplinks

(928 Gbps)

Bandwidth Base Stackable Switch

Cisco® Catalyst® 3650

• 25 access points • 160G stacking bandwidth • Fixed uplink

Performance and Investment Protection

Adv

ance

d Fu

nctio

nalit

y


UADP ASIC in Catalyst 3850/3650 Enables Convergence

Built on UADP • Unified Access Data Plane • Unique and powerful Cisco innovation

• Hardware performance with software flexibility

• Optimized Performance • CAPWAP encapsulation/de-capsulation,

Flexible Netflow, QoS happens in ASIC for line rate performance

• Future Proofed and Programmable • Flexparser enables new software features

(like SDN) over the product lifetime • UADP is used across multiple platforms

• Catalyst 3850/3650, Sup 8E, WLC5760

Cisco Confidential 25 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Wireless Control

System

Access Control Server

LAN Mgmt Solution

Identity Mgmt

NAC Profiler

Guest Server

Cisco Wireless LAN Controller

Cisco Firewall Cisco Access Point

Catalyst Switch

Corporate Network Internet

One Management Prime One Policy ISE

Conv erged Access Mode • Integrated wireless

controller • Distributed wired/wireless

data plane (CAPWAP termination on switch)

One Network

Internal Resources

Unified Access – Wired/Wireless on One Network


NEXT GENERATION COMPACT

Extend the NetworkIdeal for Retail Kiosks, Classrooms, Conference Rooms, Hotel Suites…outside the wiring closet

Quiet but Capable Fanless with full-size capabilities, UpoE, Perpetual PoE, Mgig, DC powered

Flexibility in Deployment Nbase-T, Copper/Fiber, Standalone or Instant Access Mode, PnP with APIC-EM


Security Segmentation with Cisco TrustSec

Data Center Firewall

Voice Data Suppliers Guest Quarantine

Access Layer

Data Tag

Supplier Tag

Guest Tag

Quarantine Tag

Aggregation Layer

Business Policy:

Source Destination

Exec PC

HR Database

HR Database Prod HRMS Storage

Exec BYOD X X X X X

X

• Who can talk to whom • Who can talk to what systems • What systems can talk to other systems

• Simplifies policy implementation • Simplifies security operations • Accelerates business agility • Lowers network cost and

complexity


Smart Operations Lower TCO

Zero Touch Deployments and Maintenance

NG Plug n Play Smart Install

Instant Access

• Softw are image & Configuration dow nloaded

• Consistent for Devices & PIN

• On-going Image Update and Configuration Backup

Easy Configurations for endpoints

Auto Smart Ports Auto Conf

Interface Templates

• Port Configuration: Applied

• QoS Policy: Enforced

• Security Policy: Enforced

Monitor and troubleshoot

Smart Call Home IPSLA

• Proactive diagnostics • Real time Alerts • Web-based reports • Routed to TAC team

Program the network

EEM, XML Programmability

• Ability to take custom actions based on syslogs/triggers

• Enhanced Flexibility and control

Reduce energy consumption

Energywise and EEE

• EEE ready • Energyw ise – Time of the

day policy based on/off of access devices

• 0 $ SKUs for energy management

APIC EM

Sleep Sleep Sleep


High Availability Protecting Business Continuity

StackPower Stateful SwitchOver Virtual Switching System

Physical Redundancy

• Redundant Pow er Supplies

• StackPower w ith 3850 • Redundant Fan Trays for

Chassis Systems • Redundant Supervisors

for Chassis Systems

Stateful Switchover

• Stackable Support: 3850 and 3650

• Intra-chassis support: 6800, 6500 and 4500

• Inter-Chassis support: w ith VSS

Network Resiliency

• NSF support for OSPF, EIGRP, ISIS, BGP

• NSF reduces forw arding table churn

• BGP PIC • Graceful Restart for IPv4

& IPv6 w ith various routing protocols

• OSPFv3 Non-Stop Routing

Upgrade Management

• ISSU for hitless softw are upgrade

• EFSU for minimal disruption during softw are upgrade

Infrastructure Redundancy

• VSS • Instant Access • Multi-chassis

EtherChannel (MEC) provides hardw are-based failover

• VSS Quad-Sup SSO w ith Sup2T

FlexStack+


Cisco Multigigabit Ethernet Key Differentiators

Maintain Switch to AP Reach at Higher Speeds Adaptive Rate Technology (FE, 1G, 2.5G, 5G, and 10G) à Future proofed for higher speeds

Infrastructure Investment Protection Supports 100m distance with Cat5e cabling up to 5G speeds for Brownfield Supports Cat6a cabling for Greenfield deployments for higher speeds

POE/POE+/UPOE Cisco Innovation over 10GT Standard to support high end point power needs

Standards Compliant 1G and 10G BaseT IEEE standards, intermediate speeds WIP

4500E Multigigabit Line Card C3850 12 port and 24 port Multigigabit Compact Multigigabit switch 3650CX


§ Auto-negotiation of cable type of speeds supported * § 0-55m: no restrictions § 55-100m: based on customer cabling infrastructure and configuration, there are some corner cases in which customers

will experience less than 100m support. In these cases, the system will automatically default to 2.5G (post-FCS SW release support)

Cisco Multigigabit Ethernet Cabling Support Maximum Investment Protection

Cable Type 1G 2.5G 5G 10G

Cat5e 100m 100m 100m * N/A

Cat6 100m 100m 100m 55m

Cat6a 100m 100m 100m 100m


This MUST be Autobot

technology.

Gigabit Wi-Fi is Here… Capturing the Potential of 802.11ac

Market: Why Gigabit Wi-Fi / 802.11ac now…!!!

Wi-Fi as Primary – Ethernet as Fallback

Connectivity

Wireless (53%) will bypass Wired traffic

(40%) by 20171

50% new devices will be 802.11ac by end of

2014, 75% by 20152

1 Cisco VNI Global Mobile Data Forecast 2012-2017, 2 AVI Research 3 Nemertes Research Global Mobile Research 2013

Wi-Fi Speed Gigabit Wi-Fi as Primary

No Price Premium over 802.11n

3X the Performance over 802.11n

2X the Battery Life over 802.11n

4SS Desktops

3SS Desktops / Laptops

2SS Laptops / Tablets

1SS Tablets / Smartphones

*Assuming 80 MHz channel is available and suitable

**Assuming 160 MHz channel is available and suitable

802.11 802.11n 802.11b 802.11a/g 802.11ac Wave 1

802.11ac Wave 2

2 11

24

54 65

600

450

300

6900** 6900**

3500**

2340**

1730** 1300*

430* 430*

= Connect Rates (Mbps)

= Spatial Streams SS

1997 1999 2003 2007 2013 2016 G

igab

it

Eth

erne

t Upl

ink

2 G

igab

it

Eth

erne

t Upl

inks

1 Spatial Stream

8 Spatial

Streams

2 Spatial Stream

4 Spatial

Streams

870*


Improve Customer Experience • Mobile Insurance Agents • Enabling the “real-time” Agent

Improve Services Delivery • Mobile Staff and Services • Reach more of those you serve

Increase Sales • Mobile Sales Associates • Enabling the “real-time” in-store sale

Increase Production • Mobile Technicians and Engineers • Connecting the previously unconnected

Reach more Students • Mobile Faculty and Students • Enabling the always connected student

Treat more Patients • Mobile Physicians and Staff • Enabling the “real-time” Physician

Wi-Fi as Primary Connectivity Changes Everything


Mobile Devices as the “Most Important” Technology

OF STUDENTS

OF EMPLOYEES

SAY A MOBILE DEVICE (LAPTOP, SMARTPHONE, TABLET) IS “THE MOST IMPORTANT TECHNOLOGY IN THEIR LIVES.”

SMARTPHONES ARE POISED TO SURPASS DESKTOPS AS THE MOST PREVALENT TOOL FROM A GLOBAL PERSPECTIVE


Changing People

COLLEGE STUDENTS AND YOUNG PROFESSIONALS

CONSIDER THE INTERNET TO BE A “FUNDAMENTAL” HUMAN RESOURCE

OF COLLEGE STUDENTS

OF YOUNG EMPLOYEES

AND

SAY THEY COULD NOT LIVE WITHOUT THE INTERNET

Air Water Food Shelter WiFi/Internet

Why Cisco for Gigabit Wi-Fi / 802.11ac

Only AP manufacturer that built their own

Radio ASIC

Most CPU and Memory per AP in

the industry

Suite of High Client and Access Point

Density capabilities

Only Modular and Future Proofed Access

Point in the industry


Unique Gigabit Wi-Fi / 802.11ac Access Point Design

DRAM (512)

5GHZ Radio

CPU

DRAM (128) CPU

DRAM (128) CPU

2.4GHZ Radio

THE CISCO ADVANTAGE

More onboard CPU Processing and Memory than any other Access Point design in the industry – with no price premium over previous generations

Cisco High Density Experience (HDX)

*Future

Cisco CleanAir® 80Mhz Mitigates interference and improves channel capacity

Optimized Roaming Intelligently determines the optimum time to roam

Turbo Performance Improves the efficiency of airtime utilization and channel capacity

Cisco ClientLink 3.0 Improves legacy and 802.11ac Client performance

Noise Reduction* Enables Dense Access Point Coexistence / implementation

Industries Most Comprehensive Gigabit Wi-Fi Portfolio

Best in ClassMission Critical

802.11ac with HDX

802.11ac with HDX

802.11n with 802.11ac Module

ON-PREMISE

Fixed

Modular

CLOUD MANAGED

High-Performance

M R34 802.11ac

Fixed

Cisco Unified Access: The Foundation For Connected Mobile Experiences How It Works

GUEST PRESENCE GUEST EXPERIENCE

LOCATION ANALYTICS Insights into Customer Online and Onsite Behavior, Traffic Paths, Dwell Times, Location Density, etc.

GUEST ACCESS • Seamless and secure Wi-Fi connectivity

• Preferences, profile, device, and roaming credentials identif ied

Mobile devices and characteristics detected before they enter the venue

Highly relevant content and services based on user attributes and real- time location

ENGAGE CONNECT DETECT

RETAIL

CONNECTED CONSUMERS

Imagine The Possibilities Industry Use Cases

• Context-rich notifications

• Use of loyalty app encouraged

• In-venue high-value shopper engagement

• Indoor maps with featured attractions

• Personalized third-party advertising

• Special promotions

• Better planning for high-traffic areas

• Transportation updates, indoor directions

• Third-party advertising opportunities

• Café and gift shop orders and delivery

• Maps and wayfinding integrated into patient apps

• Nearby services notifications

• Campus maps and directions

• Stadium sales and athletic event experience

• Real-time bus maps

HOSPITALITY

CONNECTED GUESTS

TRANSPORTATION

CONNECTED TRAVELERS

HEALTHCARE

CONNECTED PATIENTS

EDUCATION

CONNECTED STUDENTS

Analytics That Aid Business Decisions

What Were the Peak Times in the Venue?

Wi-Fi Stats: Associated vs. Nonassociated Devices Most Frequently Used Paths in the Venue

Which Area Did People Spend Time In? Are They New or Repeat Customers?

Not All Gigabit Wi-Fi Solutions are Created Equal

802.11ac

All Gigabit Wi-Fi

Vendors

Improved Device Power Efficiency

Support More Devices Than 802.11n

Support Bandwidth Intensive Apps.

Increased Scale and Coverage

Improved Experience on ALL Devices

Optimized Wi-Fi Network

Cisco is the ONLY SOLUTION with High-Definition Experience

Technology (HDX)

802.11ac with HDX


Transform Your Network!

Branch and WAN Opportunity


Digital Innovation Overwhelming the Branch

80%

30%

20-50%

BRANCH

OS Updates

HD Video

Omni-channel Apps

Mobile Apps

Online Training

SaaS Enterprise Apps

Social Media

Guest WiFi

Digital Displays

MORE USERS

MORE APPS

MORE THREATS

Of employee and customers are served in branch offices*

Increase in Enterprise bandwidth per year through 2018**

Of advanced threats will target branch offices by 2016 (up from 5%) **

*Tech Target, Branch Office Growth Demands New Devices., 2013 **Gartner, Forecast Analysis: Worldwide Enterprise Network Services, Q2 2014 Update *** Gartner: “Bring Branch Office Network Security Up to the Enterprise Standard, Jeremy D’Hoinne, 26 April. 2013.


Cisco Branch Strategy

BRANCH

WAN LAN

Users Data Centers/ Cloud

Cisco Unified Access (UA) Connected Mobile Experiences

Cisco Intelligent WAN (IWAN) Converged Branch Infrastructure

Cisco ACI Automation, Orchestration,

Programmability

SECURITY


Cisco Strategy for Accelerating Branch Innovation

BRANCH

WAN LAN

Users Data Centers/ Cloud

Cisco Unified Access (UA) Connected Mobile Experiences

Cisco Intelligent WAN (IWAN) Converged Branch Infrastructure

Cisco ACI Automation, Orchestration,

Programmability

SECURITY


Cisco Intelligent WAN Vision

UNCOMPROMISED EXPERIENCE OVER ANY CONNECTION

Lower Costs

Application Experience

IT Simplicity

Private Cloud

Hybrid Cloud

Public Cloud

Secure Access

Any Application

Align Infrastructure to Better Business Outcomes

Any User


High Performance Hybrid WAN

App-aware services with high performance; low cost

3G/4G

Internet

MPLS

Introducing New IWAN Innovations Elevating to an Application-Centric WAN

Secure Direct Internet Access

Automate WAN Provisioning

Purpose-Built Branch Infrastructure: Cisco ISR 4000 Series with Cisco ONE Software purchase options

Threat-centric services elevate branch defense

Centralized policy with distributed enforcement

APP

Public Cloud 365

NEW Intelligent Path Selection Akamai Connect NEW

Sourcefire IDS CloudWeb Security NEW

IWAN App with APIC Open Ecosystem


Application-Aware Services Maximize Apps Experience and Bandwidth Use

Intelligent Path Selection (PfRv3) Akamai Connect

High Quality Experience Over Any Connection

Simple application-based policies One-touch, hub-only configuration

Enabling New Digital Experiences

Intelligent web caching Content prepositioning

Dramatically offloads WAN

Now Shipping Now Shipping

3G/4G

Internet

MPLS

ISR-AX

NEW


Threat-Aware Services Comprehensive Branch Threat Defense

Sourcefire IDS on UCS-E Cloud Web Security with Advanced Malware Protection

Delivers Branch Defense 99% protection against attacks

Most powerful detection software

Secure Internet Access Scale Internet edge to the branch

Address full attack continuum

Limited Availability 2HCY2014

Available 1HCY15 NEW NEW


Cisco ISR 4000

Service Aware Data Plane for Efficient traffic handling

Converged Branch with UCS E-Series Integrated network, compute, storage

Virtualized Services Framework Flexible virtualized application services

Pay-as-You-Grow Performance and services on demand

Re-designed Architecture For Branch Agility

One Policy


Cisco Identity Services Engine (ISE)

NETWORK / USER CONTEXT

How

What Who

Where When

Access Policy Compromised

Device CXO Level

Secure Access

BYOD Employee

User

Guest Visitor

INTEGRATED PARTNER ECOSYSTEM

ü MINIMIZE NETWORK UNKNOWNS ü REDUCE YOUR ATTACK SURFACE

ü ENFORCE THE RIGHT LEVEL OF ACCESS CONTROL ü CONTAIN MALICIOUS NETWORK THREATS

Role-Based Secure Access with ISE Confidential

Patient Records

Internal Employee Intranet

Internet

ü Acquires Important Context & Identity from the Network ü Implements Context-Aware Classification & Policy ü Provides Differentiated Access to the Network

Who: Guest What: iPad Where: Office

Who: Doctor What: Laptop Where: Office

Who: Doctor What: iPad Where: Office


Enterprise Mobility Management Integrations Enforce True Device Compliance for All Mobile Devices

Sees ALL devices on the network

Requires devices to comply with EMM policy

Provides guest access to non-EMM devices

Sees unregistered devices on the network?

Forces EMM Policy Compliance?

Keeps noncompliant devices off network?

ISE + EMM Together

EMM Secures Actual Device

Cisco ISE Secures Network Access

SOLUTION

One Management


Cisco Prime!


Cisco Prime Infrastructure Realizing the Vision of One Management

Campus Branch to DC Day 0 to Day N Application-Centric

Data Center Assurance

Lifecycle Converged management with integrated best practices

Simplified operations management

End-to-end application experience and visibility


Wireless Management Get Comprehensive Configuration and Operational Productivity

§ Discovery, inventory, SWIM, compliance – PSIRT

§ Controller and access point deployment, configuration audit

§ Network configuration, guest access, RRM

§ Integration with Cisco® MSE and ISE

§ Maps-based planning for access point placement

§ Sites and virtual domains

§ Rogue, security, voice audit, mesh

§ Performance reporting and fault management

§ End-user troubleshooting – authentication and access

§ Users and devices, and applications

§ Client tracking

§ Visualization of users, rogues, interferers through maps

Network Configuration Network Health Troubleshooting


Network and Application Assurance

Switch Management with Cisco Prime Infrastructure

Plug and Play (New device in network)

Discovery and

Inventory

Configuration

Archive and SWIM

Fault Managem

ent (Syslog

and Trap Processing

)

Performance

Management

Configuration

(Features: ACL, VLAN, etc)

CAT2960

CAT 3560, 3650, 3750, 3850

CAT4500 CAT 6500,

CAT6800

EEM Trustsec

Work Center

Wireshark Quality of Service

User Tracking

EoL/EoS Reports

Lifecycle Management

Platforms Supported

Network Configuration and Health


Network and Application Assurance

Router Management with Cisco Prime Infrastructure

Plug and Play (New device in network)

Discovery and

Inventory

Configuration Archive and SWIM

Fault Management (Syslog and Trap

Processing)

Performance

Management

Configuration

(Features: VPN, ACL, VLAN, etc)

ISR 800

Series ISR G1 Series

ISR G2 1900 2900 3900

ISR 4300 4400

ASR 1000

Series

DM-VPN

AVC –Visibility

and Performanc

e

Performance Routing

Quality of Service

Zone based firewall WAAS

Lifecycle Management

IWAN Management

Platforms Supported

Network Configuration and Health


Simplified IWAN Management

Guided Workflow to help design and deploy IWAN on your branch

or hub


Prime Infrastructure Highlights – Application Experience Service Health Dashboard for Sites, Users and Applications

• Automated Baselining

• Proactive Performance Troubleshooting

• Service Health Dashboard

• AVC Configuration for ISR/ASR

• One-click AVC Configuration

• AVC Monitoring Customization

• NBAR2 Custom Applications

• Embedded Packet Capture for ASR

• Top URL/Domain Views

Network as Enforcer


You Can’t Protect What You Can’t See The Network Gives Deep and Broad Visibility

010101001011

010101001011

010101001011

010101001011


NetFlow – The Heart of Network as a Sensor Example: NetFlow Alerts With Lancope StealthWatch

Denial of Service SYN Half Open; ICMP/UDP/Port Flood

Worm Propagation Worm Infected Host Scans and Connects to the Same Port Across Multiple Subnets, Other Hosts Imitate the Same Above Behavior

Fragmentation Attack Host Sending Abnormal # Malformed Fragments.

Botnet Detection When Inside Host Talks to Outside C&C Server

for an Extended Period of Time

Host Reputation Change Inside Host Potentially Compromised or

Received Abnormal Scans or Other Malicious Attacks

Network Scanning TCP, UDP, Port Scanning Across Multiple Hosts

Data Exfiltration Large Outbound File Transfer VS. Baseline


§ The StealthWatch System . . . § Collects and analyzes NetFlow data and brings it together with user

information, application awareness, and other security context to provide pervasive visibility and security intelligence across the network.

§ StealthWatch helps organizations: § Accelerate incident identification and response. § Improves forensic investigations. § Reduces overall enterprise risk.

What is the StealthWatch System?

72 1/30/2


Use Case – Defense against Data Breaches Anatomy of a Data Breach Network as Enforcer

enterprise network Attacker

Perimeter (Inbound)

Perimeter (Outbound)

Infiltration and Backdoor establishment 1

C2 Server

Admin Node

Reconnaissance and Network Traversal 2

Exploitation and Privilege Elevation 3

Staging and Persistence (Repeat 2,3,4) 4

Data Exfiltration

5


What Can the Network Do for You? Network as Sensor

Detect Anomalous Traffic Flows, Malware e.g. Communication with Malicious Hosts, Internal Malware Propagation, Data Exfiltration

Detect App Usage, User Access Policy Violations e.g. Maintenance Contractor Accessing Financial Data

Detect Rogue Devices, APs and More e.g. Maintenance Contractor Connecting an Unauthorized AP in Bank Branch to Breach

Conclusion

Cisco Unified Access Portfolio Robust Converged Wired And Wireless Solution

Cisco Unified Access

One Policy

Cisco® Identity Services Engine (ISE)

Cisco Prime™ Infrastructure

One Management

One Network

2960X/XR

En try-level S witches

S witching Platform

4500-E w/Sup. 8-E

S tackable Switches

3850 3650

Co ntrollers and Converged Access Switches: Common OS, UADP ASIC

Access Points

1600

S mall to Midsize En terprise

2600

Fe ature-Optimized En terprise

3600

M idsize to Large En terprise

3700 w/HDX

H igh-Density En terprise

1530

Lo w P rofile

1550

Larger De ployments

MDM SIEM

Conclusion

Thank You and Next Steps

Brian Avery [email protected]

Contact Your Cisco Partner https://tools.cisco.com/WWChannels/LOCATR/performBasicSearch.do

www.

Learn more at: http://www.cisco.com/go/unifiedaccess

mailto:[email protected]

https://tools.cisco.com/WWChannels/LOCATR/performBasicSearch.do

https://tools.cisco.com/WWChannels/LOCATR/performBasicSearch.do

• CCE sessions are held weekly on a variety of topics

• CCE sessions can help you understand the capabilities and business benefits of Cisco technologies

• Watch replays of past events and register for upcoming events!

Visit http://cs.co/cisco101 for details

Join us again for a future Cisco Customer Education Event

http://cs.co/cisco101

Empowering What’s Next Cisco Customer Education · Empowering What’s Next Cisco Customer ......

Documents

Transcript of Empowering What’s Next Cisco Customer Education · Empowering What’s Next Cisco Customer ......