Cisco Security Borderless
Network Strategy
Ahmed Etman
[email protected]
Borderless Network Lead,
Africa & Levant
Presentation_ID
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Traditional Corporate Border
Policy
Corporate Border
Applications
and Data
Corporate Office
Branch Office
Attackers
Presentation_ID
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Partners
Customers
2
Mobility and Collaboration
Is Dissolving the Internet Border
Policy
Corporate Border
Applications
and Data
Corporate Office
Branch Office
Home Office
Airport
Mobile
User
Presentation_ID
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Attackers
Partners
Customers
Coffee
Shop
3
Cloud Computing Is Dissolving
the Data Center Border
Policy
Corporate Border
Applications
and Data
Software
as a Service
Platform
as a Service
Infrastructure
as a Service
X
as a Service
Corporate Office
Branch Office
Home Office
Airport
Mobile
User
Presentation_ID
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Attackers
Partners
Customers
Coffee
Shop
4
Customers Want Business
Without Borders
Policy
Corporate Border
Applications
and Data
Software
as a Service
Platform
as a Service
Infrastructure
as a Service
X
as a Service
Corporate Office
Branch Office
Home Office
Airport
Mobile
User
Presentation_ID
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Attackers
Partners
Customers
Coffee
Shop
5
Cisco’s Architecture for Borderless
Network Security
Policy
Corporate Border
Applications
and Data
Software
as a Service
Platform
as a Service
Infrastructure
as a Service
X
as a Service
Corporate Office
Branch Office
Home Office
Airport
Mobile
User
Presentation_ID
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Attackers
Partners
Customers
Coffee
Shop
6
Cisco’s Architecture for Borderless
Network Security
Corporate Border
Applications
and Data
Software
as a Service
Platform
as a Service
Infrastructure
as a Service
X
as a Service
3
Borderless
Internet
2
Borderless
End Zones
Corporate Office
Borderless
Data Center
Policy
1
Branch Office
Airport
Mobile
User
Presentation_ID
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Attackers
Partners
Customers
Coffee
Shop
7
Cisco’s Architecture for Borderless
Network Security
Policy
(Access Control, Acceptable Use, Malware, Data Security)
Corporate Border
Applications
and Data
Software
as a Service
Platform
as a Service
Infrastructure
as a Service
X
as a Service
3
Borderless
Internet
2
Borderless
End Zones
Corporate Office
Borderless
Data Center
4
1
Branch Office
Home Office
Airport
Mobile
User
Presentation_ID
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Attackers
Partners
Customers
Coffee
Shop
8
Pillar 1: Borderless End Zone
Intelligent End Point Traffic Routing
Broadest Coverage
Persistent Connectivity
Advanced Security
Most OS’s and Protocols
Always On, Location Aware
Strong Authentication
Windows Mobile
Auto Head-end Discovery
Fast, Accurate Protection
Apple iPhone
IPsec , SSL VPN, DTLS
Consistent Enforcement
Presentation_ID
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
9
Always On Security and Protection
Traditional VPN
Protected
Presentation_ID
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Un-Protected
10
Always On Security and Protection
Cisco Borderless
Network
Traditional
VPN Security
Protected
Presentation_ID
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
11
Anytime, Anywhere, Any Device
Always On Security and Protection
Sitting in a Park
At a Coffee Shop
Cape
Cape Town,
Town, South
South Africa
Africa
Sydney,
Sydney, Australia
Australia
In the Office
San
San Jose,
Jose, California
California
Presentation_ID
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
12
Pillar 2: Borderless Security Array
Advanced Scanning and Enforcement Capabilities
Cisco Adaptive
Security Appliance / IPS
Cisco Integrated
Services Routers
Cisco IronPort
Web Security
Appliance
Cisco IronPort
Email Security
Appliance
Access
Access Control
Control || Acceptable
Acceptable Use
Use || Data
Data Security
Security |Threat
|Threat Protection
Protection
Integrated
Integrated into
into the
the Fabric
Fabric of
of the
the Network
Network
VM Software
Presentation_ID
Appliance
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Security Module
Hybrid Hosted
13
HTTP Is the New TCP
File Transfer
Protocol
Instant Messaging
Peer to Peer
Understanding Web Traffic
Presentation_ID
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
14
Advanced Content Analysis
SSN Detection
Proper Name
Detection
Matches Are Found
in Close Proximity
Rule Is Matched Multiple
Times to Increase Score
Unique Rule Matches Are Met
Presentation_ID
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
15
Advanced, Proactive Threat Protection
Cisco Security Intelligence Operations
Global
Threat
Telemetry
Global
Threat
Telemetry
Cisco
SensorBase
Threat
Operations Center
Advanced
Algorithms
8:10
8:10 GMT
GMT
All
All Cisco
Cisco Customers
Customers Protected
Protected
Ad Agency HQ
in London
8:00 GMT Sensor Detects
New Malware
ISP Datacenter
in Moscow
8:07 GMT Sensor Detects
New Botnet
Bank Branch
in Chicago
8:03 GMT Sensor Detects
Hacker Probing
Higher Threat Coverage, Greater Accuracy, Proactive Protection
Presentation_ID
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
16
Pillar 3: Secure Virtualized Data Center
1
Secure Physical
Infrastructure
Web
Server
App
Server
Database
Server
Virtual Contexts
Physical Security Device
Presentation_ID
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
17
Pillar 3: Secure Virtualized Data Center
1
Secure Physical
Infrastructure
Web
Server
App
Server
Database
Server
2
Connect Physical Security
to Virtual Machines with
Cisco’s SIA
Web
Server
App
Server
Database
Server
Hypervisor
Service Chaining
Virtual Contexts
Physical Security Device
Presentation_ID
© 2009 Cisco Systems, Inc. All rights reserved.
Virtual Contexts
Physical Security Device
Cisco Confidential
18
Pillar 3: Secure Virtualized Data Center
1
Secure Physical
Infrastructure
Web
Server
App
Server
Database
Server
2
Connect Physical Security
to Virtual Machines with
Cisco’s SIA
Web
Server
App
Server
Database
Server
Hypervisor
3
Embed Security in
the Virtual Switch
Web
Server
App
Server
Database
Server
Hypervisor
Service Chaining
Virtual Contexts
Physical Security Device
Presentation_ID
© 2009 Cisco Systems, Inc. All rights reserved.
Virtual Contexts
VIRTUAL SECURITY
Physical Security Device
Cisco Confidential
19
Pillar 4: Rich Policy Enables
“Ubiquitous”, Consistent Control
1
Access
Policy
2
Dynamic
Containment Policy
3
Policy On and Off
Premise
Presentation_ID
© 2009 Cisco Systems, Inc. All rights reserved.
Who?
Cisco Confidential
What?
When?
Where?
How?
20
Access Control
In a Cisco Secure and Protected Borderless Network
Access Control
Policy
Access Control
Violation
Remote WebEx
Participant
Presentation_ID
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
21
Acceptable Use
In a Cisco Secure and Protected Borderless Network
Acceptable Use
Policy
Access Control
Violation
Employee in Marketing
Department
Presentation_ID
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
22
Data Security
In a Cisco Secure and Protected Borderless Network
Data Security
Policy
Data Security
Violation
Employee at
Unmanaged Device
Presentation_ID
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
23
Key Takeaways
Cisco’s security strategy has 4 pillars:
The End Zone
The Internet Edge
The Data Center, and
Policy
Cisco security is positioned to secure the Borderless
Network Experience
Security is a journey … Not a destination
Presentation_ID
© 2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential