PDF TEST
26
#CiscoSmartTalk 1 © 2015 Cisco and/or its affiliates. All rights reserved. Reduce Security Risks to Protect Your Network Webinar will start at 12 pm EST Use the Question Pane in WebEx to ask questions. Join the live discussion on Twitter. Follow @CiscoServices and tweet #SmartTalk
-
Upload
b2bcontact -
Category
Technology
-
view
109 -
download
0
Transcript of PDF TEST
#CiscoSmartTalk 1 © 2015 Cisco and/or its affiliates. All rights reserved.
Reduce Security Risks to Protect Your Network
Webinar will start at 12 pm EST Use the Question Pane in WebEx to ask questions.
Join the live discussion on Twitter. Follow @CiscoServices and tweet #SmartTalk
Presenter
Presentation Notes
Insert intro slide for some housekeeping notes prior to presentation
#CiscoSmartTalk 2 © 2015 Cisco and/or its affiliates. All rights reserved.
@CiscoServices #CiscoSmartTalk
Presenter
Presentation Notes
Tweet out slide deck
#CiscoSmartTalk 3 © 2015 Cisco and/or its affiliates. All rights reserved.
cisco.com/go/smarttalk
#CiscoSmartTalk 4 © 2015 Cisco and/or its affiliates. All rights reserved.
Upcoming Sessions
Forecasting the Future:
Analytics and Modeling
On Demand:
Architecture Strategy: What's Your Game Plan?
April 16
Proactive vs. Reactive:
Assessing Your Network Strategy
On Demand:
Manage Network Operations Risk and Compliance
May 21
#CiscoSmartTalk 5 © 2015 Cisco and/or its affiliates. All rights reserved.
Reduce Security Risks to Protect Your Network
Presented by: Tim Levad
#CiscoSmartTalk 6 © 2015 Cisco and/or its affiliates. All rights reserved.
An Optimized Network is the Foundation for Business Innovation & Outcomes
Security & Risk
Operations Efficiency & Automation
Analytics & Modeling
Compliance & Change Management
Architecture Strategy & Planning
Operations Support & Lifecycle Management
Six Areas You Need to
Address
CiscoSmartTalk
Presenter
Presentation Notes
Here are the 6 fundamental areas to address on your shift from reactive to proactive network management.
#CiscoSmartTalk 7 © 2015 Cisco and/or its affiliates. All rights reserved.
Security & Risk
Presenter
Presentation Notes
Today we’re going to focus on a plan to reduce security risks.
#CiscoSmartTalk 8 © 2015 Cisco and/or its affiliates. All rights reserved.
Agenda
• Assessing and evolving your security strategy
• Maintaining your security posture
• Security services to help prepare your network
#CiscoSmartTalk 9 © 2015 Cisco and/or its affiliates. All rights reserved.
When was the last time you validated your security posture?
Presenter
Presentation Notes
Poll question.
#CiscoSmartTalk 10 © 2015 Cisco and/or its affiliates. All rights reserved.
Do you know what weak links are?
Presenter
Presentation Notes
How many of you know what your weak links are? As you know, it only takes one small oversight, like a configuration error, to open your network up to attacks. As business models, technologies and regulations change, organizations are asking questions like: What‘s our security risk of moving to the cloud? With more devices accessing our network, how can we effectively control user access levels? We have so many fragmented point-solutions for security….how can we reduce this complexity? It seems like there’s a shortage of security talent in the market. How can we keep up with these constant security changes? During this Smart Talk session, we’ll touch on these areas and discuss some of the critical considerations for reducing risk in your network.
#CiscoSmartTalk 11 © 2015 Cisco and/or its affiliates. All rights reserved.
The Vulnerability Lifecycle
Prioritize Risk
Remediate Risk
Validate Removal of Risk
Identify Risk
Presenter
Presentation Notes
Identify risk in your network Prioritize risk based on your business Remediate risk Validate the removal of risk
#CiscoSmartTalk 12 © 2015 Cisco and/or its affiliates. All rights reserved.
Validate Your Current Security Posture
Current State Desired State Strategy Map
Presenter
Presentation Notes
An organization’s security posture should never be considered static. Over time, security strategies, products and policies must evolve to keep up with changing business models and modern threats. This is why understanding the current state of your security posture is critical. Knowing how well your security strategy is working and what your vulnerabilities are will help you create a strategy map to get to your desired end state.
#CiscoSmartTalk 13 © 2015 Cisco and/or its affiliates. All rights reserved.
Assess Risk Based on Your Needs
Perimeter Assessment
Wireless Assessment
Device Security Assessment
Assessment Examples
Presenter
Presentation Notes
When it’s time to validate your security posture, you should always assess risk based on your business needs. From network devices assessments to collaboration security, there’s a wide array of assessments that can you help you pinpoint areas for improvement. For example, you could run a Perimeter Security Assessment to identify vulnerabilities that allow inappropriate access to your internal IT infrastructure from the outside OR a you could run a Wireless Security Assessment to identify points of exposure, including unauthorized access points, weak access control, and wireless data leakage.
#CiscoSmartTalk 14 © 2015 Cisco and/or its affiliates. All rights reserved.
What does an Assessment look like?
Review Probe Analyze Recommend
Presenter
Presentation Notes
Here’s what a typical security posture assessment looks like. Review An assessment begins by conducting a detailed review of your security goals and requirements. Probe Based on this information, security experts probe your infrastructure from the interior and perimeter, survey and map your wireless network, and attempt to engineer their way into your facility by simulating modern attacks. This is all done is a safe and controlled manner. Analyze Any discovered vulnerabilities are then analyzed and compared to industry best practices and security intelligence to remove false positives and determine which critical assets and data are exposed. Recommend The results are then prioritized and delivered to you in an actionable report with recommendations for remediation.
#CiscoSmartTalk 15 © 2015 Cisco and/or its affiliates. All rights reserved.
Uncovering Risk
Agents IT Staff Management
Presenter
Presentation Notes
Recently, a large insurance company came to us because they knew their current network access controls could be putting the company at risk. It didn’t matter if you were an insurance agent or the CIO, everyone had the same physical and logical access to the network. The only thing differentiating users access levels were privileges set at the application layer. They had previously attempted to address this issue, but failed to implement a solution that didn’t impact their user experience and business operations. However, with new compliance regulations and changing business models, they knew it was time for a different approach. Our first step was to run a Security Design Assessment to identify their risks. The assessment uncovered: A flat network with very little access control Little to no segmentation of critical assets No visibility into current compliance status
#CiscoSmartTalk 16 © 2015 Cisco and/or its affiliates. All rights reserved.
Prioritize Risk Based on Your Business
Presenter
Presentation Notes
Now let’s take a look at the second phase in the vulnerability lifecycle; Prioritizing Risk. When risks are identified, they need to be prioritized based on your environment. Just because Cisco or the common vulnerability scoring systems say something is low or high, it doesn’t necessarily mean that risk value is tied to your organization. You may find that your organization has different circumstances that change the value of that particular risk. Something that’s marked medium, may be a top concern for your environment. Key Message: Establishing your risk framework helps you identify solutions that address your highest risks.
#CiscoSmartTalk 17 © 2015 Cisco and/or its affiliates. All rights reserved.
Develop a Risk Framework
Presenter
Presentation Notes
Going back to they insurance company…the question they needed to answer was, which vulnerabilities put our organization at the greatest risk? For their environment, access control was the highest risk so deploying a better identity management solution became their priority. Other risks… No true segmentation of data Non-Compliance
#CiscoSmartTalk 18 © 2015 Cisco and/or its affiliates. All rights reserved.
Risk Remediation Strategy
Presenter
Presentation Notes
Now that we’ve identified and prioritized risk, it’s time to develop a strategy to improve your security posture. This will become your roadmap to addressing deficiencies with solutions that align to your specific business requirements. Optional – Things to consider while creating your security strategy: Change to security infrastructure must have little to no impact on business operations Business flexibility – ability to add new applications and services while still complying with policies and regulations Security solutions must provide superior protection while reducing complexity
#CiscoSmartTalk 19 © 2015 Cisco and/or its affiliates. All rights reserved.
Protection by Segmentation
Agents IT Staff Management
Presenter
Presentation Notes
For the insurance company, this meant mapping out a more segmented and controlled approach to users access and critical data assets. This allowed them to setup isolated environments using an access management solution and VLANs. Now their agents only have access to what they need, without the risk of compromising the business. This same segmentation model was applied to their critical data to keep it isolated from other business units.
#CiscoSmartTalk 20 © 2015 Cisco and/or its affiliates. All rights reserved.
Validate Risk Removal
Agents IT Staff Management
Presenter
Presentation Notes
All changes must be validated to ensure risk removal. For the insurance company this meant validating their network access controls and their data segmentation policies. This validation not only affirms the improvement in their security posture, but also helps them maintain compliance and regulatory standards.
#CiscoSmartTalk 21 © 2015 Cisco and/or its affiliates. All rights reserved.
Recap: The Vulnerability Lifecycle
Prioritize Risk
Remediate Risk
Validate Removal of Risk
Identify Risk
Presenter
Presentation Notes
Outcome: By assessing the current state of their security infrastructure, the insurance company gained the insight required to understand and improve their security posture. They identified their vulnerabilities, prioritized risks based on their environment, created a security strategy aligned with their business goals, and then validated the removal of the risk.
#CiscoSmartTalk 22 © 2015 Cisco and/or its affiliates. All rights reserved.
Cisco Security Services
Network Optimization
Service
Security Optimization
Service
Managed Threat
Defense
Presenter
Presentation Notes
NOS Security Services Security Optimization Assessment Managed Threat Defense (MTD)
#CiscoSmartTalk 23 © 2015 Cisco and/or its affiliates. All rights reserved.
Resources
Cisco 2015 Annual Security Report
Security Optimization Service At-A-Glance
Managed Threat Defense At-A-Glance
Presenter
Presentation Notes
Cisco 2015 Annual Security Report http://www.cisco.com/web/offers/lp/2015-annual-security-report/index.html Security Optimization Service At-A-Glance http://www.cisco.com/web/services/portfolio/documents/security-optimization-service-aag.pdf Managed Threat Defense At-A-Glance http://www.cisco.com/web/services/portfolio/documents/managed-threat-defense-service.pdf
#CiscoSmartTalk 24 © 2015 Cisco and/or its affiliates. All rights reserved.
Upcoming Sessions
Forecasting the Future:
Analytics and Modeling
On Demand:
Architecture Strategy: What's Your Game Plan?
April 16
Proactive vs. Reactive:
Assessing Your Network Strategy
On Demand:
Manage Network Operations Risk and Compliance
May 21
#CiscoSmartTalk 25 © 2015 Cisco and/or its affiliates. All rights reserved.
QUESTIONS?
Presenter
Presentation Notes
How we define A&M
#CiscoSmartTalk 26 © 2015 Cisco and/or its affiliates. All rights reserved.
Thank You
Presenter
Presentation Notes
Customize as needed.
