[PDF] [PDF] Cisco DC Security Architecture

Cisco DC Security Architecture Yesterday's network security was about the Security Challenges • Not enough threat visibility in the network, workloads 



Previous PDF Next PDF





[PDF] Security Architecture - Cisco

Cisco's Network Security Architecture Borderless Presentation_ID Cisco Security Architecture For Enterprise (SAFE) Security Reference Architecture



[PDF] Cisco Security Architecture Assessment Service

Cisco® architecture assessments are conducted using the Cisco Security Control Framework This vendor- independent control framework is built from industry 



[PDF] Cisco DC Security Architecture

Cisco DC Security Architecture Yesterday's network security was about the Security Challenges • Not enough threat visibility in the network, workloads 



[PDF] Cisco Security Architecture for Media At-a-Glance

What Cisco Security Architecture Can Do for Your Media Business ○ Protect your infrastructure, premium content, and customer information ○ Allow you to 



[PDF] SAFE Security Architecture Toolkit - July 2018 - Cisco

Cisco Public SAFE Security Architecture Toolkit Table of Contents • SAFE Toolkit Overview • Capabilities Flows and Endpoints • Architectures • Designs



[PDF] SAFE Secure Internet Architecture Guide

This is a sample list of SaaS applications and not a complete list The Cisco Security SaaS offers are broken up into 4 categories: Secure Access to Apps, Secure 



[PDF] SAFE Overview Guide

All rights reserved This document is Cisco Public Information SAFE Overview Guide Threats, Capabilities, and the Security Reference Architecture Contents



[PDF] Cisco Security Architecture Assessment Service - Micro Technology

The Cisco Security Architecture Assessment Service allows you to implement a comprehensive security architecture by identifying gaps in your security 



[PDF] Cisco SAFE Overview: Validated Next-Generation Security

The Greatest Security Threat? Accidental Security Architecture ▫ Fear-based security decisions ▫ Product- or feature 



[PDF] SAFE Security

The Cisco The Foundation for Secure Borderless Networks Cisco® SAFE is a security reference architecture that provides detailed design and implementation  

[PDF] cisco security management platform

[PDF] cisco security services platform

[PDF] cisco set time ntp

[PDF] cisco switch set clock ntp

[PDF] cisco switch set time ntp

[PDF] cisco umbrella

[PDF] cisco umbrella cloud security platform

[PDF] cisco wireless router configuration step by step pdf

[PDF] cisco wireless router wap4410n configuration

[PDF] cisco wrt54gh wireless router configuration

[PDF] cissp associate on resume

[PDF] cissp endorsement

[PDF] cissp exam cost

[PDF] cissp syllabus

[PDF] cissp track

Bing Reaport

Cybersecurity Sales Specialist

M: +639992217765

E: ereaport@cisco.com

Cisco DC Security

Architecture

© 2018 Cisco and/or its affiliates. All rights reserved. KHVPHUGM\·V QHPRRUN VHŃXULP\ RMV MNRXP POH perimeter

Routers and switches each had one job

Firewalls secured

your perimeter

Firewall

Visibility

Segmentation

Threat Protection

.QRRLQJ ROMP·V RQ \RXU QHPRRUN RMV limited to visibility from the firewall © 2018 Cisco and/or its affiliates. All rights reserved.

Business apps

Salesforce, Office 365,

G Suite, etc.

Branch office

Critical infrastructure

Amazon, Rackspace,

Windows Azure, etc.

Roaming laptops

Workplace

desktops

Business

apps

Critical

infrastructure

Internet

The way we work has changed

© 2018 Cisco and/or its affiliates. All rights reserved.

The Modern Data Center is Incredibly Complex

Big and Fast Data

Virtualization

Expanded attack surface

Increase in east-west traffic

Hybrid Cloud

Multi cloud orchestration

Workload portability

Zero trust model

Application Architecture

Continuous development | Micro Services | APIs

© 2018 Cisco and/or its affiliates. All rights reserved.

Network

Challenges

Outage/degraded service

Insufficient visibility into the

network, workload, application

Rising security breaches

and destruction of service (DeOS) attacks

Increasing regulatory compliance

requirements and audits

Rising ACL/FW rule complexity

and administration burden © 2018 Cisco and/or its affiliates. All rights reserved.

Security

Challenges

Not enough threat visibilityin the

network, workloads, applications

Inconsistent policies across

workloads

Too many point security vendors

Hackers are more sophisticated

Attack surface is too broad

© 2018 Cisco and/or its affiliates. All rights reserved.

Securing networks is a challenge that intensifies when networking and security technologies are decoupled

Difficult infrastructure choices

create a dilemma between performance and security

Infrastructure

Piecemeal security solutions

complicate the network and let threats slip through

Security

Complex system integration

takes too much time and leaves room for error

Networking

© 2018 Cisco and/or its affiliates. All rights reserved.

Threats are more

numerous and complex

Threats are using encryption

to evade detection

More IoT devices

connect everyday

Users work anywhere

across many devices

By 2020, 2/3rdsof all IP traffic will

come from wireless and mobile devices

Digitization complicates visibility

Market demands have taken the network beyond your perimeter

2YHU 20% ŃRQQHŃPHG ´POLQJV

will be in use by 2020

Companies experienced a 27.4%

average increase in security breaches in 2017

3X increase in encrypted

communication from malware in a

12-month period

© 2018 Cisco and/or its affiliates. All rights reserved.

Network

Usxaers

HQ

Data Center

Admin

Branch

SEE every conversation

Understand what

is NORMAL

Be alerted to

CHANGE

KNOW every host

Respond to

THREATS quickly

Effective security depends on total visibility

Roaming Users

Cloud © 2018 Cisco and/or its affiliates. All rights reserved.

7OH ([LVPLQJ 6HŃXULP\ 6PMŃN"

Firewall

VPN

Email Security

Web Security

DLP SIEM

Replacement Box

Failover

Persistent Threats

IDS

Firewall 2.0

VPN 2.0

Email Security 2.0

Web Security 2.0

DLP 2.0

SIEM 2.0

Replacement Box 2.0

Failover 2.0

Persistent Threats 2.0

IDS 2.0

© 2018 Cisco and/or its affiliates. All rights reserved. Adding point solutions adds complexity and can make you less secure

55% Of customers rely on more

than 5 vendorsto secure their network1

54% Of legitimate security alerts

are not remediateddue to lack of integrated defense systems2

100 days Industry average

to detect a common threats3

1Cisco 2017 Annual Cybersecurity Report

2Cisco 2017 Annual Cybersecurity Report

3Cisco 2016 Mid-Year Cybersecurity Report

© 2018 Cisco and/or its affiliates. All rights reserved. How?

Has it

affected us? Why?

Is it bad?

Customer

© 2018 Cisco and/or its affiliates. All rights reserved.

Threat

Intelligence

Internal

Monitoring

Customer

© 2018 Cisco and/or its affiliates. All rights reserved.

Internal

Monitoring

Threat

Intelligence

Customer

© 2018 Cisco and/or its affiliates. All rights reserved.

Visibility

Complete visibility of users,

devices, networks, applications, workloads and processes

Threat Protection

Quickly detect, block, and respond to

attacks before hackers can steal data or disrupt operations

Segmentation

Prevent attackers from moving

laterally east-west with application whitelisting and micro-segmentation

Cisco Data Center Security

© 2018 Cisco and/or its affiliates. All rights reserved.

Fortify the Security

Posture

Strategically place next-gen

security gatewaysfor more effective protection

The Solution: Network + Security

Enlist the Rest of your Network for SecurityDetect threats everywhere

See and analyze all traffic across the

extended network

Contain and isolate threats

Dynamically enforce software-defined

segmentation based on business roles

Typical Network:

<10 firewalls <100 routers <1000 switches

© 2017 Cisco and/or its affiliates. All rights reserved. © 2017 Cisco and/or its affiliates. All rights reserved.

(IIHŃPLYH VHŃXULP\ GRHVQ·P"

Impede performance

Add complexity

Create blind spots

Without straining the network

© 2017 Cisco and/or its affiliates. All rights reserved.

A powerful information source for

every network conversation

A critical tool to identify a

security breach

Cisco network telemetry for security awareness

Network Flows Highlight Malicious Behavior

© 2017 Cisco and/or its affiliates. All rights reserved. Time

Response

Detection

Threat

Is our security posture effective?

© 2018 Cisco and/or its affiliates. All rights reserved. Source: Verizon 2014 Data Breach Investigations Report

Time to compromise

Time to discovery 25%

50%
75%
100%
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
Percent of breaches where time to compromise (orange)/ time to discovery (blue) was days or less

Time to Detection100

Industry Days

Industry Result

© 2018 Cisco and/or its affiliates. All rights reserved.

Cisco Security Strategy

© 2018 Cisco and/or its affiliates. All rights reserved.

Architecture

Integrated

Portfolio

Best of breed

Intelligence

Cloud-delivered

© 2018 Cisco and/or its affiliates. All rights reserved.

FLVŃR·V HQPHJUMPHG 6HŃXULP\ 3RUPIROLR

150
security tech partners

Simplified Threat Management

Best of Breed Portfolio

EndpointNetworkCloud

DetectInvestigateRemediatePolicyDeploy

Leading Threat intelligence

© 2018 Cisco and/or its affiliates. All rights reserved.

MULTI-TIERED DEFENSE

Cloud to Core Coverage

WEB:Reputation, URL Filtering, AVC

END POINT: Software ClamAV, Razorback, Moflow

CLOUD: FireAMP & ClamAV detection content

EMAIL: Reputation, AntiSpam, Outbreak Filters

NETWORK: Snort Subscription Rule Set, VDB

FireSIGHT Updates & Content, SEU/SRU Product

Detection & Prevention Content

Global Threat Intelligence Updates

© 2018 Cisco and/or its affiliates. All rights reserved.

Next-Generation Firewall

Security Analytics

Network Access Control

Endpoint Detection and

Response

DNS-layer Roaming

Protection

quotesdbs_dbs9.pdfusesText_15