Cisco Security Borderless Network Strategy Ahmed Etman [email protected] Borderless Network Lead, Africa & Levant Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Traditional Corporate Border Policy Corporate Border Applications and Data Corporate Office Branch Office Attackers Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Partners Customers 2 Mobility and Collaboration Is Dissolving the Internet Border Policy Corporate Border Applications and Data Corporate Office Branch Office Home Office Airport Mobile User Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Attackers Partners Customers Coffee Shop 3 Cloud Computing Is Dissolving the Data Center Border Policy Corporate Border Applications and Data Software as a Service Platform as a Service Infrastructure as a Service X as a Service Corporate Office Branch Office Home Office Airport Mobile User Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Attackers Partners Customers Coffee Shop 4 Customers Want Business Without Borders Policy Corporate Border Applications and Data Software as a Service Platform as a Service Infrastructure as a Service X as a Service Corporate Office Branch Office Home Office Airport Mobile User Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Attackers Partners Customers Coffee Shop 5 Cisco’s Architecture for Borderless Network Security Policy Corporate Border Applications and Data Software as a Service Platform as a Service Infrastructure as a Service X as a Service Corporate Office Branch Office Home Office Airport Mobile User Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Attackers Partners Customers Coffee Shop 6 Cisco’s Architecture for Borderless Network Security Corporate Border Applications and Data Software as a Service Platform as a Service Infrastructure as a Service X as a Service 3 Borderless Internet 2 Borderless End Zones Corporate Office Borderless Data Center Policy 1 Branch Office Airport Mobile User Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Attackers Partners Customers Coffee Shop 7 Cisco’s Architecture for Borderless Network Security Policy (Access Control, Acceptable Use, Malware, Data Security) Corporate Border Applications and Data Software as a Service Platform as a Service Infrastructure as a Service X as a Service 3 Borderless Internet 2 Borderless End Zones Corporate Office Borderless Data Center 4 1 Branch Office Home Office Airport Mobile User Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Attackers Partners Customers Coffee Shop 8 Pillar 1: Borderless End Zone Intelligent End Point Traffic Routing Broadest Coverage Persistent Connectivity Advanced Security Most OS’s and Protocols Always On, Location Aware Strong Authentication Windows Mobile Auto Head-end Discovery Fast, Accurate Protection Apple iPhone IPsec , SSL VPN, DTLS Consistent Enforcement Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9 Always On Security and Protection Traditional VPN Protected Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Un-Protected 10 Always On Security and Protection Cisco Borderless Network Traditional VPN Security Protected Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11 Anytime, Anywhere, Any Device Always On Security and Protection Sitting in a Park At a Coffee Shop Cape Cape Town, Town, South South Africa Africa Sydney, Sydney, Australia Australia In the Office San San Jose, Jose, California California Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12 Pillar 2: Borderless Security Array Advanced Scanning and Enforcement Capabilities Cisco Adaptive Security Appliance / IPS Cisco Integrated Services Routers Cisco IronPort Web Security Appliance Cisco IronPort Email Security Appliance Access Access Control Control || Acceptable Acceptable Use Use || Data Data Security Security |Threat |Threat Protection Protection Integrated Integrated into into the the Fabric Fabric of of the the Network Network VM Software Presentation_ID Appliance © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Security Module Hybrid Hosted 13 HTTP Is the New TCP File Transfer Protocol Instant Messaging Peer to Peer Understanding Web Traffic Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14 Advanced Content Analysis SSN Detection Proper Name Detection Matches Are Found in Close Proximity Rule Is Matched Multiple Times to Increase Score Unique Rule Matches Are Met Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15 Advanced, Proactive Threat Protection Cisco Security Intelligence Operations Global Threat Telemetry Global Threat Telemetry Cisco SensorBase Threat Operations Center Advanced Algorithms 8:10 8:10 GMT GMT All All Cisco Cisco Customers Customers Protected Protected Ad Agency HQ in London 8:00 GMT Sensor Detects New Malware ISP Datacenter in Moscow 8:07 GMT Sensor Detects New Botnet Bank Branch in Chicago 8:03 GMT Sensor Detects Hacker Probing Higher Threat Coverage, Greater Accuracy, Proactive Protection Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16 Pillar 3: Secure Virtualized Data Center 1 Secure Physical Infrastructure Web Server App Server Database Server Virtual Contexts Physical Security Device Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17 Pillar 3: Secure Virtualized Data Center 1 Secure Physical Infrastructure Web Server App Server Database Server 2 Connect Physical Security to Virtual Machines with Cisco’s SIA Web Server App Server Database Server Hypervisor Service Chaining Virtual Contexts Physical Security Device Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Virtual Contexts Physical Security Device Cisco Confidential 18 Pillar 3: Secure Virtualized Data Center 1 Secure Physical Infrastructure Web Server App Server Database Server 2 Connect Physical Security to Virtual Machines with Cisco’s SIA Web Server App Server Database Server Hypervisor 3 Embed Security in the Virtual Switch Web Server App Server Database Server Hypervisor Service Chaining Virtual Contexts Physical Security Device Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Virtual Contexts VIRTUAL SECURITY Physical Security Device Cisco Confidential 19 Pillar 4: Rich Policy Enables “Ubiquitous”, Consistent Control 1 Access Policy 2 Dynamic Containment Policy 3 Policy On and Off Premise Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Who? Cisco Confidential What? When? Where? How? 20 Access Control In a Cisco Secure and Protected Borderless Network Access Control Policy Access Control Violation Remote WebEx Participant Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21 Acceptable Use In a Cisco Secure and Protected Borderless Network Acceptable Use Policy Access Control Violation Employee in Marketing Department Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22 Data Security In a Cisco Secure and Protected Borderless Network Data Security Policy Data Security Violation Employee at Unmanaged Device Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23 Key Takeaways Cisco’s security strategy has 4 pillars: The End Zone The Internet Edge The Data Center, and Policy Cisco security is positioned to secure the Borderless Network Experience Security is a journey … Not a destination Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
© Copyright 2024 Paperzz