TrustSec (NaaS / NaaE)
|
|
- Norman Hardy
- 5 years ago
- Views:
Transcription
1 TrustSec (NaaS / NaaE) per@cisco.com
2 Security on top of the mind for our customers 60% 85% 54% of data is stolen in HOURS of point-of-sale intrusions aren t discovered for WEEKS of breaches remain undiscovered for MONTHS 51% increase of companies reporting a $10M loss or more in the last 3 YEARS A community that hides in plain sight avoids detection and attacks swiftly - Cisco Security Annual Security Report
3 US-CERT Effective network segmentation restricts communication between networks and reduces the extent to which an adversary can move across the network.
4 How TrustSec Simplifies Network Segmentation Traditional Segmentation Static ACL Routing Redundancy DHCP Scope Address VLAN Enterprise Backbone VACL Aggregation Layer Access Layer TrustSec Micro/Macro Segmentation Central Policy Provisioning No Topology Change No VLAN Change DC Servers Enterprise Backbone DC Firewall / Switch Policy Access Layer ISE Non-Compliant Voice Employee Supplier BYOD Voice Non-Compliant Employee Supplier BYOD Quarantine VLAN Voice VLAN Data VLAN Guest VLAN Security Policy based on Topology High cost and complex maintenance BYOD VLAN Employee Tag Supplier Tag Non-Compliant Tag Voice VLAN Data VLAN Use existing topology and automate security policy to reduce OpEx
5 Driven by Customer Top-of Mind Segmentation for Threat Defense Regulatory Compliance Privileged Access to DC Segmentation at access layer to block lateral-movement of threats, access control to improve security Major Retailers segmenting critical assets in stores and DC driven by recent hacks Governments, tech companies, healthcare, manufacturing increasing network security controls to mitigate risk Segmentation for scope reduction, protecting sensitive information from other connected devices (PCI, HIPAA, Financial Regulation, etc.) Bank - 3 use-cases in production Bank deploying across 350,000 endpoints Multiple retailers for PCI compliance Defense customer export controls Healthcare Segmenting clinical/non-clinical devices and protecting patient data Restricting application access based on user / device privilege in scalable fashion Banks Universities Broadcaster Federal/Central Govts Utilities Defense Manufacturers Insurance Consumer electronics Research
6 Agenda Overview of Cisco TrustSec Prescriptive Approach for Effective Segmentation Case Studies and Design Considerations Summary and Key Takeaways
7 Agenda Overview of Cisco TrustSec Prescriptive Approach for Effective Segmentation Case Studies and Design Considerations Summary and Key Takeaways
8 TrustSec About Security Group Tags! Priority Users / Devices Classification: The process of assigning SGTs Propagation: The process of carrying tags in the network Enforcement: The process of controlling access based on tags. Users Endpoints Infected Hosts Servers Full Access Partial Access Access Deny Sites / Branch Offices
9 TrustSec in Action Remote Access ISE Directory Application Servers 8 SGT 5 SGT Wireless Network Users Switch Routers DC Firewall DC Switch Application Servers 7 SGT Classification Propagation Enforcement
10 Classification Types Classification DYNAMIC CLASSIFICATION STATIC CLASSIFICATION 802.1X Authentication MAC Auth Bypass Web Authentication IP Address VLANs Subnets L2 Interface L3 Interface Virtual Port Profile Layer 2 Port Lookup SGT Common Classification for Mobile Devices Common Classification for Servers, Topology-based Policy, etc.
11 Propagation Inline Tagging Faster, and most scalable way to propagate SGT within LAN or Data Center SGT embedded within Cisco Meta Data (CMD) in Layer 2 frame Capable switches understands and process SGT in line-rate Protected by enabling MACsec (IEEE802.1AE) optional for capable hardware No impact to QoS, IP MTP/Fragmentation L2 Frame Impact: ~20 bytes 16 bits field gives ~ 64,000 tag space Non-capable device drops frame with unknown Ethertype Ethernet Frame Destination MAC Source MAC 802.1Q CMD ETHTYPE PAYLOAD CRC Cisco Meta Data CMD EtherType Version Length SGT Option Type SGT Value Other CMD Option EtherType:0x8909 SGT Value:16bits MACsec Frame AES-GCM 128bit Encryption Destination MAC Source MAC 802.1AE Header 802.1Q CMD ETHTYPE PAYLOAD 802.1AE Header CRC
12 Propagation SGT Exchange Protocol (SXP) Propagation method of IP-SGT binding Propagate IP-SGT from classification to enforcement point Open protocol (IETF-Draft) & ODL Supported TCP - Port:64999 Role: Speaker (initiator) and Listener (receiver) Use MD5 for authentication and integrity check Support Single Hop SXP & Multi-Hop SXP (aggregation) Switches Speaker Routers (SXP Aggregation) Listener Firewall Switches 12
13 Propagation SGT Transport over L3 networks Enterprise LAN Finance Switch SXP Enterprise Network OTP on Roadmap ISE SGACL CTS Link Wireless SXP Internet Nexus 7000 Nexus 1000v BYOD Switch SXP DMVPN Catalyst 6500 Data Center Switch Enterprise MPLS GETVPN HR Multiple options for SGT transport over non CTS Layer 3 networks DMVPN for Internet based VPNS GETVPN for security private MPLS clouds Over The Top (OTP) for private enterprise networks (1HCY15)
14 Enforcement SGACL Enforcement Policy Destination Source Policy Representing Source = Empoloye_SGT Destination=CreditCard_Server Policy = Deny IP
15 Enforcement Policy Enforcement on Firewalls: ASA SG-FW SGT Defined in the ISE or locally defined on ASA Use Destination SGT received from Switches connected to destination Trigger IPS/CX based on SGT Use Network Object (Host, Range, Network (subnet), or FQDN)
16 TrustSec Functions Classification Propagation Enforcement 5 Employee 6 Supplier 8 Suspicious A B 8 5 Static Dynamic Inline SXP WAN SGACL SGFW SGZBFW
17 TrustSec Supported Platforms Employee SGT User WAN (GETVPN DMVPN IPSEC) Switch Router Router Firewall DC Switch vswitch Server ISE Classification Propagation Classification Catalyst 2960-S/-C/-Plus/-X/-XR Catalyst 3560-E/-C/-X/-CX Catalyst 3750-E/-X Catalyst 3850/3650 Catalyst 4500E (Sup6E/7E) Catalyst 4500E (Sup8) Catalyst 6500E (Sup720/2T) Catalyst 6800 WLC 2500/5500/5400/WiSM2/8510/8540 WLC 5760 Nexus 7000 Nexus 6000 Nexus 5500/2200 Nexus 1000v ISRG2, CGR2000, ISR4000 IE2000/3000/CGR2000 ASA5500 (RAS VPN) Propagation Propagation Catalyst 2960-S/-C/-Plus/-X/-XR Catalyst 3560-E/-C/, 3750-E Catalyst 3560-X/3750-X Catalyst 3850/3650 Catalyst 4500E (Sup6E) Catalyst 4500E (Sup, 7E, 7LE, 8E) Catalyst 4500X Catalyst 6500E (Sup720) Catalyst 6500/Sup2T, 6800 WLC 2500/5500/5400/WiSM2/8510/8540 WLC 5760 Nexus 7000 Nexus 6000 Nexus 5500/2200 Nexus 1000v ISRG2,ISR4000 IE2000/3000/CGR2000 ASR1000 ASA5500 Enforcement Enforcement Catalyst 3560-X Catalyst 3750-X Catalyst 3850/3650 WLC 5760 Catalyst 4500E (7E) Catalyst 4500E (8E) Catalyst 6500E (2T) Catalyst 6800 Nexus 7000 Nexus 6000 Nexus 5500/5600 Nexus 1000v ISR G2, ISR4000, CGR2000 ASR 1000 Router CSR-1000v Router ASA 5500 Firewall ASAv Firewall Web Security Appliance
18 Agenda Overview of Cisco TrustSec Prescriptive Approach for Effective Segmentation Case Studies and Design Considerations Summary and Key Takeaways
19 Approaching a TrustSec Design Start with Policy Goals Controlled access to Production systems or PCI Servers Use Cases can be Localized User to DC Access Control Secure BYOD Contractor Access Control Extranet Security Simplified Firewall Rule, VPN Access, ACLs or WSA rules Focus on Business Problem Maintain Compliance Protect against breach Complex ACLs, Firewall rule complexity
20 Implementing Business Policy through Segmentation Discover and Classify Assets Active Monitoring Network Segmentation Understand Behavior Enforce Policy Design and Model Policy
21 Discover and Classify Assets Discover and Classify Assets Profile Assets with ISE User & Device Authentication (User ID, SmartCard, Digital Certificate, etc.) MAC Address based Authentication Web Portal based Authentication Network Segmentation Profile Assets with NetFlow and StealthWatch Services, applications, hosts Behaviour profiling
22 ISE Provides Device Visibility via Profiling Integrated Profiling: Visibility in Scale Network infrastructure provides local sensing function Active Scanning: Enhanced Accuracy Cisco ISE augments passive network insight with active endpoint data Device Feed Identity in Scale Manufacturers and ecosystem provide constant updates to new devices Cisco ISE CDP/LLDP DHCP RADIUS DNS SNMP NetFlow HTTP NMAP Device Feed* Active Endpoint Scanning Cisco Device Sensor (Network Based) Profiler Design Guide:
23 Locate Assets with Lancope StealthWatch Find hosts communicating on the network Pivot based on transactional data 2
24 Implementing Effective Segmentation Understand Behavior Network Segmentation Understand Critical Business Processes Applications, services, protocol, time of day, etc. Profile systems
25 Understand Behavior Complete list of all hosts communicating with HTTP Servers: Who, What, When, Where and How
26 Profile Business Critical Processes PCI Zone Map Overall System Profile Inter-system relationships
27 Implementing Effective Segmentation Design Policy Leverage group definitions from profiling activities Monitor mode deployment Classify Objects into Security Groups Network Segmentation Directory server search / group mapping Device Profiling (Device type certainty) Other attributes: Access Time, Location, Method, etc. Model Policy with StealthWatch Passively model policy Design and Model Policy
28 Starting a TrustSec Design Discuss assets to protect Classification Mechanisms Policy Enforcement Points Propagation Methods Example: Cardholder Data, Medical Record, intellectual data Example: Dynamic, Static, etc. DC segmentation (DC virtual/ physical switches or virtual/physical Firewalls) User to DC access control (Identify capable switches or firewalls in the path) Inline Tagging SXP DM-VPN GET-VPN IPSec OTP etc..
29 How to Tag Users / Devices? TrustSec decouples network topology and security policy to simplify access control and segmentation Classification process groups network resources into Security Groups User/Device/ Location Cisco Access Layer MAC PC Web Authentication Profiling MAB ISE IP-SGT NX-OS/ CIAC/ Hypervisors VLAN-SGT Port-SGT Data Center/ Virtualization 802.1X IOS/Routing Port Profile Address Pool-SGT IPv4 Subnet-SGT IPv6 Prefix-SGT IPv6 Prefix Learning IPv4 Prefix Learning Campus & VPN Access non-cisco & legacy environment Business Partners and Supplier Access Controls
30 Deployment Approach Users connect to network, Monitor mode allows traffic regardless of authentication Authentication can be performed passively resulting in SGT assignments Monitor Mode PCI Server Production Server Users, Endpoints Catalyst Switches/WLC (3K/4K/6K) Campus Network N7K Development Server Tagged traffic traverses the network allowing monitoring and validation that: SRC \ DST PCI Server (2000) Prod Server (1000) Dev Server (1010) Assets are correctly classified Traffic flows to assets are as predicted/expected Employees (100) Permit all Permit all Permit all PCI User (105) Permit all Permit all Permit all Unknown (0) Permit all Permit all Permit all
31 Understand Behavior Custom event triggers on traffic condition Rule name and description SGT DGT Trigger on traffic in both directions; Successful or unsuccessful
32 Modeling Policy in StealthWatch Create flow-based rules for all proposed policy elements Policy Violation alarm will trigger if condition is met. Simulating proposed drop.
33 Modeled Policy: Flow Details Where When Who What Who Yes Tune Is this communication permissible? No Respond More Context Security Group
34 Realistic Enterprise Policy
35 Implementing Effective Segmentation Move to active policy enforcement Strategic rollout Security Group Access Control Lists Firewall policy Network Segmentation Enforce Policy
36 Security Group Access Control Lists Destination Source Policy Representing Source = Empoloye_SGT Destination=CreditCard_Server Policy = Deny IP
37 Enabling Enforcement Enforcement may be enabled gradually per destination security group basis Initially use SGACLs with deny logging enabled (remove log later if not required) Keep default policy as permit and allow traffic unknown SGT during deployment Monitor Mode Egress Enforcement (Security Group ACL) PCI Server Production Server Users, Endpoints Catalyst Switches/WLC (3K/4K/6K) Campus Network N7K Development Server SRC \ DST PCI Server (2000) Prod Server (1000) Dev Server (1010) Employees (100) Deny all Deny all Permit all PCI User (105) Permit all Permit all Permit all Unknown (0) Deny all Deny all Permit all
38 Implementing Effective Segmentation Active Monitoring Monitor Network Activity Detect suspicious and malicious activity Network Behaviour and Anomaly Detection Policy Violations Monitor Policy configuration and misconfiguration Monitor for business continuity Network Segmentation Adaptive Network Control Identify and remediate threats Dynamically segment network threats
39 NetFlow Monitoring Where When Who What Who Highly scalable (enterprise class) collection High compression => long term storage Months of data retention More Context Security Group
40 Integrated Threat Defense (Detection & Containment) Employee ISE Change Authorization Quarantine Supplier Server Lancope StealthWatch Event: Policy Violation Source IP: Role: Supplier Response: Quarantine Quarantine Network Fabric High Risk Segment Shared Server Internet Employee
41 Quarantine from StealthWatch
42 Agenda Overview of Cisco TrustSec Prescriptive Approach for Effective Segmentation Case Studies and Design Considerations Summary and Key Takeaways
43 One Stop Cisco Partner portal for all Network as a Sensor and Enforcer resources:
44 Summary Segmentation is foundational TrustSec Automates Network Segmentation Create a Win-Win scenario with TrustSec Start small with Localized Usecases
45
Cisco TrustSec 4.0:How to Create Campus and Branch-Office Segmentation
Ordering Guide TrustSec 4.0:How to Create Campus and Branch-Office Segmentation Ordering Guide November 2013 2013 and/or its affiliates. All rights reserved. This document is Public Information. Page 1
More informationWe re ready. Are you?
We re ready. Are you? Network as a Sensor and Enforcer Matt Robertson, Technical Marketing Engineer BRKSEC-2026 Why are we here today? Insider Threats Leverage the network Identify and control policy,
More informationPolicy Defined Segmentation with Cisco TrustSec
Policy Defined Segmentation with Cisco TrustSec Session ID 18PT Rob Bleeker Consulting System Engineer CCIE #: 2926 Abstract This session will explain how TrustSec Security Group Tagging can be used to
More informationUser-to-Data-Center Access Control Using TrustSec Design Guide
CISCO VALIDATED DESIGN User-to-Data-Center Access Control Using TrustSec Design Guide October 2015 REFERENCE NETWORK ARCHITECTURE Table of Contents About This Document... 1 Cisco TrustSec Overview... 2
More information2012 Cisco and/or its affiliates. All rights reserved. 1
2012 Cisco and/or its affiliates. All rights reserved. 1 Policy Access Control: Challenges and Architecture UA with Cisco ISE Onboarding demo (BYOD) Cisco Access Devices and Identity Security Group Access
More informationCisco TrustSec Software-Defined Segmentation Platform and Capability Matrix Release 6.3
TrustSec Software-Defined Segmentation Platform and Capability Matrix Release 6.3 TrustSec uniquely builds upon your existing identity-aware infrastructure by enforcing segmentation and access control
More informationCisco Campus Fabric Introduction. Vedran Hafner Systems engineer Cisco
Cisco Campus Fabric Introduction Vedran Hafner Systems engineer Cisco Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility (w/o stretching VLANs) Network
More informationCisco Group Based Policy Platform and Capability Matrix Release 6.4
Group d Policy Platform and Capability Matrix Release 6.4 (inclusive of TrustSec Software-Defined Segmentation) Group d Policy (also known as TrustSec Software-Defined Segmentation) uniquely builds upon
More informationCisco Trusted Security Enabling Switch Security Services
Cisco Trusted Security Enabling Switch Security Services Michal Remper, CCIE #8151 CSE/AM mremper@cisco.com 2009 Cisco Systems, Inc. All rights reserved. 1 Enter Identity & Access Management Strategic
More informationCisco TrustSec Software-Defined Segmentation Release 6.1 System Bulletin
System Bulletin TrustSec Software-Defined Segmentation Release 6.1 System Bulletin Introduction Network segmentation is essential for protecting critical business assets. TrustSec Software Defined Segmentation
More informationCisco TrustSec Software-Defined Segmentation Release 6.1 System Bulletin
System Bulletin TrustSec Software-Defined Segmentation Release 6.1 System Bulletin Introduction Network segmentation is essential for protecting critical business assets. TrustSec Software Defined Segmentation
More informationCisco TrustSec Platform Support Matrix
Sales Tool TrustSec Platform Support Matrix System Component Platform Solution Minimum Solution- Level Validated Classification Control Plane Propagation () (Inline ) MACsec (for WAN) Enforceme nt Identity
More informationIdentity Based Network Access
Identity Based Network Access Identity Based Network Access - Agenda What are my issues Cisco ISE Power training What have I achieved What do I want to do What are the issues? Guest Student Staff Contractor
More informationEvolving your Campus Network with. Campus Fabric. Shawn Wargo. Technical Marketing Engineer BRKCRS-3800
Evolving your Campus Network with Campus Fabric Shawn Wargo Technical Marketing Engineer BRKCRS-3800 Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility
More informationSecuring BYOD with Cisco TrustSec Security Group Firewalling
White Paper Securing BYOD with Cisco TrustSec Security Group Firewalling Getting Started with TrustSec What You Will Learn The bring-your-own-device (BYOD) trend can spur greater enterprise productivity
More informationChoice of Segmentation and Group Based Policies for Enterprise Networks
Choice of Segmentation and Group Based Policies for Enterprise Networks Hari Holla Technical Marketing Engineer, Cisco ISE BRKCRS-2893 hari_holla /in/hariholla Cisco Spark How Questions? Use Cisco Spark
More informationONE POLICY. Tengku Shahrizam, CCIE Asia Borderless Network Security 20 th June 2013
ONE POLICY Tengku Shahrizam, CCIE Asia Borderless Network Security 20 th June 2013 Agenda Secure Unified Access with ISE Role-Based Access Control Profiling TrustSec Demonstration How ISE is Used Today
More informationExam Questions Demo Cisco. Exam Questions
Cisco Exam Questions 300-208 SISAS Implementing Cisco Secure Access Solutions (SISAS) Version:Demo 1. Which functionality does the Cisco ISE self-provisioning flow provide? A. It provides support for native
More informationCisco TrustSec Software-Defined Segmentation Platform and Capability Matrix
Sales Tool TrustSec Software-Defined Segmentation Platform and Capability Matrix TrustSec uniquely builds upon your existing identity-aware infrastructure by enforcing segmentation and access control policies
More informationEnterprise Network Segmentation with Cisco TrustSec
Enterprise Network Segmentation with Cisco TrustSec Hariprasad Holla @hari_holla Abstract This session provides an overview of the Cisco TrustSec solution for Enterprise network segmentation and Role-Based
More informationCisco Software Defined Access (SDA)
Cisco Software Defined Access (SDA) Transformational Approach to Network Design & Provisioning Sanjay Kumar Regional Manager- ASEAN, Cisco Systems What is network about? Source: google.de images Security
More informationCisco Exam Questions & Answers
Cisco 648-375 Exam Questions & Answers Number: 648-375 Passing Score: 800 Time Limit: 120 min File Version: 22.1 http://www.gratisexam.com/ Cisco 648-375 Exam Questions & Answers Exam Name: Cisco Express
More informationCisco TrustSec How-To Guide: Central Web Authentication
Cisco TrustSec How-To Guide: Central Web Authentication For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table of Contents Table of Contents... 1
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST \ http://www.pass4test.com We offer free update service for one year Exam : 300-208 Title : Implementing Cisco Secure Access Solutions Vendor : Cisco Version : DEMO Get Latest & Valid 300-208
More informationCisco TrustSec How-To Guide: Monitor Mode
Cisco TrustSec How-To Guide: Monitor Mode For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table of Contents Table of Contents... 2 Introduction...
More informationNetwork as an Enforcer (NaaE) Cisco Services. Network as an Enforcer Cisco and/or its affiliates. All rights reserved.
Network as an Enforcer (NaaE) Cisco Services INTRODUCTION... 6 Overview of Network as an Enforcer... 6 Key Benefits... 6 Audience... 6 Scope... 6... 8 Guidelines and Limitations... 8 Configuring SGACL
More informationDigital Network Architecture for Securing Enterprise Networks
Digital Network Architecture for Securing Enterprise Networks Matt Robertson Evgeny Mirolyubov Technical Marketing Engineers, Advanced Threat Solutions Cisco Spark How Questions? Use Cisco Spark to communicate
More informationTransforming the Network for the Digital Business
Transforming the Network for the Digital Business Driven by Software Defined Platforms Hugo Padilla Prad Enterprise Networks Digital Acceleration Team CCIE Emeritus #12444 Cisco Forum Kiev, November 14
More informationA Pragmatic Approach to HealthCare Security. Hans Mathys CSE, Cybersecurity, Cisco Switzerland
A Pragmatic Approach to HealthCare Security Hans Mathys CSE, Cybersecurity, Cisco Switzerland Referatsabstract A Pragmatic Approach To HealthCare Security - Cyber-Security ist nicht nur eine Herausforderung
More informationBorderless Networks. Tom Schepers, Director Systems Engineering
Borderless Networks Tom Schepers, Director Systems Engineering Agenda Introducing Enterprise Network Architecture Unified Access Cloud Intelligent Network & Unified Services Enterprise Networks in Action
More informationCisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller
Cisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table
More informationCisco SD-Access Policy Driven Manageability
BRKCRS-3811 Cisco SD-Access Policy Driven Manageability Victor Moreno, Distinguished Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session
More informationImplementing Cisco Edge Network Security Solutions ( )
Implementing Cisco Edge Network Security Solutions (300-206) Exam Description: The Implementing Cisco Edge Network Security (SENSS) (300-206) exam tests the knowledge of a network security engineer to
More informationCisco Exam Questions & Answers
Cisco 648-385 Exam Questions & Answers Number: 648-385 Passing Score: 800 Time Limit: 120 min File Version: 34.4 http://www.gratisexam.com/ Cisco 648-385 Exam Questions & Answers Exam Name: CXFF - Cisco
More informationP ART 2. BYOD Design Overview
P ART 2 BYOD Design Overview CHAPTER 2 Summary of Design Overview Revised: August 7, 2013 This part of the CVD describes design considerations to implement a successful BYOD solution and different deployment
More informationCisco TrustSec How-To Guide: Phased Deployment Overview
Cisco TrustSec How-To Guide: Phased Deployment Overview For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table of Contents Table of Contents... 2
More informationVeč kot SDN - SDA arhitektura v uporabniških omrežjih
Več kot SDN - SDA arhitektura v uporabniških omrežjih Aleksander Kocelj SE Cisco Agenda - Introduction to Software Defined Access - Brief description on SDA - Cisco SDA Assurance - DEMO 2 New Requirements
More informationCisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer
Cisco Next Generation Firewall and IPS Dragan Novakovic Security Consulting Systems Engineer Cisco ASA with Firepower services Cisco TALOS - Collective Security Intelligence Enabled Clustering & High Availability
More informationCertKiller q
CertKiller.500-451.28q Number: 500-451 Passing Score: 800 Time Limit: 120 min File Version: 5.3 500-451 Cisco Unified Access Systems Engineer Exam I just passed today with 89%. My sole focus was the VCE.
More informationCisco Network Admission Control (NAC) Solution
Data Sheet Cisco Network Admission Control (NAC) Solution New: Updated to include the Cisco Secure Network Server (SNS) Cisco Network Admission Control (NAC) solutions allow you to authenticate wired,
More informationSoftware-Defined Access 1.0
Software-Defined Access 1.0 What is Cisco Software-Defined Access? The Cisco Software-Defined Access (SD-Access) solution uses Cisco DNA Center to provide intent-based policy, automation, and assurance
More informationTrustSec Configuration Guides. TrustSec Capabilities on Wireless 8.4 Software-Defined Segmentation through SGACL Enforcement on Wireless Access Points
TrustSec Configuration Guides TrustSec Capabilities on Wireless 8.4 Software-Defined Segmentation through SGACL Enforcement on Wireless Access Points Table of Contents TrustSec Capabilities on Wireless
More informationSECURE NETWORK ACCESS
SECURE NETWORK ACCESS The Security Problem Changing Business Models Dynamic Threat Landscape Complexity & Fragmentation 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confiden5al 3 Mobility
More informationTHE NETWORK. INTUITIVE. Powered by intent, informed by context. Rajinder Singh Product Sales Specialist - ASEAN August 2017
THE NETWORK. INTUITIVE. Powered by intent, informed by context. Rajinder Singh Product Sales Specialist - ASEAN August 2017 The Network. Intuitive. Constantly learning, adapting and protecting. L E A R
More informationCisco Secure Access Control
Cisco Secure Access Control Delivering Deeper Visibility, Centralized Control, and Superior Protection Martin Briand - Security Escalation VSE Global Virtual Engineering Oriol Madriles Soriano Security
More informationData Center Security. Fuat KILIÇ Consulting Systems
Data Center Security Fuat KILIÇ Consulting Systems Engineer @Security Data Center Evolution WHERE ARE YOU NOW? WHERE DO YOU WANT TO BE? Traditional Data Center Virtualized Data Center (VDC) Virtualized
More informationSecurity? where to? Adrian Aron. Consultant Systems Engineer. 19 Oct
Security? where to? Adrian Aron Consultant Systems Engineer 19 Oct Agenda Industry shift and trends Router security, switch security OpenDNS Integration and automation Q&A Road from task to implementation
More informationMonitor Mode Deployment with Cisco Identity Services Engine. Secure Access How -To Guides Series
Monitor Mode Deployment with Cisco Identity Services Engine Secure Access How -To Guides Series Author: Adrianne Wang Date: December 2012 Table of Contents Monitor Mode... 3 Overview of Monitor Mode...
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect
Cisco Cyber Range Paul Qiu Senior Solutions Architect Cyber Range Service A platform to experience the intelligent Cyber Security for the real world What I hear, I forget What I see, I remember What I
More informationISE Identity Service Engine
CVP ISE Identity Service Engine Cisco Validated Profile (CVP) Series 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 10 Contents 1. Profile introduction...
More informationDumpsFree. DumpsFree provide high-quality Dumps VCE & dumps demo free download
DumpsFree http://www.dumpsfree.com DumpsFree provide high-quality Dumps VCE & dumps demo free download Exam : 300-208 Title : Implementing Cisco Secure Access Solutions Vendor : Cisco Version : DEMO Get
More informationThe Context Aware Network A Holistic Approach to BYOD
The Context Aware Network A Holistic Approach to BYOD Trends Bring Your Own Device BYOD at Cisco Cisco BYOD Solution Use Cases Summary Trends #CiscoPlusCA Demand for Mobility 15 billion new networked mobile
More informationCisco Actualanswers Exam
Cisco Actualanswers 648-375 Exam Number: 648-375 Passing Score: 800 Time Limit: 120 min File Version: 15.6 http://www.gratisexam.com/ Cisco 648-375 Exam Exam Name: Cisco Express Foundation for Systems
More informationCisco Exam Questions & Answers
Cisco 648-385 Exam Questions & Answers Number: 648-385 Passing Score: 800 Time Limit: 120 min File Version: 34.4 http://www.gratisexam.com/ Cisco 648-385 Exam Questions & Answers Exam Name: CXFF - Cisco
More informationMaximize Network Visibility with NetFlow Technology. Adam Powers Chief Technology Officer Lancope
Maximize Network Visibility with NetFlow Technology Adam Powers Chief Technology Officer Lancope Agenda What is NetFlow h Introduction to NetFlow h NetFlow Examples NetFlow in Action h Network Operations
More informationBuilding Network Security Policy Through Data Intelligence
Building Network Security Policy Through Data Intelligence Darrin Miller Distinguished Technical Marketing Engineer Matthew Robertson, Technical Marketing Engineer Cisco Spark How Questions? Use Cisco
More informationImplementing Cisco Network Security (IINS) 3.0
Implementing Cisco Network Security (IINS) 3.0 COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationContents. Introduction
Contents Introduction Prerequisites Requirements Components Used Configure Network Diagram ISE - Configuration Steps 1. SGT for Finance and Marketing 2. Security group ACL for traffic Marketing ->Finance
More informationSecuring Your Network Simply with TrustSec
Securing Your Network Simply with TrustSec Brandon Johnson Systems Engineer #clmel Agenda Introduction TrustSec SGTs How difficult? Is this for you? Examples Conclusion Modern Architecture Network Architecture
More informationCisco Self Defending Network
Cisco Self Defending Network Integrated Network Security George Chopin Security Business Development Manager, CISSP 2003, Cisco Systems, Inc. All rights reserved. 1 The Network as a Strategic Asset Corporate
More informationBYOD: Management and Control for the Use and Provisioning of Mobile Devices
BYOD: Management and Control for the Use and Provisioning of Mobile Devices Imran Bashir Technical Marketing Engineer BYOD: Management and Control for the Use and Provisioning of Mobile Devices -- 3:30
More informationSDN Security BRKSEC Alok Mittal Security Business Group, Cisco
SDN Security Alok Mittal Security Business Group, Cisco Security at the Speed of the Network Automating and Accelerating Security Through SDN Countering threats is complex and difficult. Software Defined
More informationP ART 3. Configuring the Infrastructure
P ART 3 Configuring the Infrastructure CHAPTER 8 Summary of Configuring the Infrastructure Revised: August 7, 2013 This part of the CVD section discusses the different infrastructure components that are
More informationCisco Cyber Threat Defense Solution 1.0
Cisco Cyber Threat Defense Solution 1.0 Contents 1. Introduction to the Cisco Cyber Threat Defense Solution 1.0 2. Technical overview of the Cisco Cyber Threat Defense Solution 1.0 3. Using the Cisco Cyber
More informationNetwork Segmentation Through Policy Abstraction: How TrustSec Simplifies Segmentation and Improves Security Sept 2014
In most organizations networks grow all the time. New stacks of security appliances, new applications hosted on new clusters of servers, new network connections, new subnets, new endpoint platforms and
More informationExam Code: Exam Code: Exam Name: Advanced Borderless Network Architecture Systems Engineer test.
Exam Code: 700-303 Number: 700-303 Passing Score: 800 Time Limit: 120 min File Version: 41.2 http://www.gratisexam.com/ Exam Code: 700-303 Exam Name: Advanced Borderless Network Architecture Systems Engineer
More informationTech Update Oktober Rene Andersen / Ib Hansen
Tech Update 10 12 Oktober 2017 Rene Andersen / Ib Hansen DNA Solution Cisco Enterprise Portfolio DNA Center Simple Workflows DESIGN PROVISION POLICY ASSURANCE Identity Services Engine DNA Center APIC-EM
More informationISE Primer.
ISE Primer www.ine.com Course Overview Designed to give CCIE Security candidates an intro to ISE and some of it s features. Not intended to be a complete ISE course. Some topics are not discussed. Provides
More informationPrestigious hospital. Outdated network.
Prestigious hospital. Outdated network. What happens when a cuttingedge medical center suffers from outdated network security? It s possible to lead the world in an industry medicine in this case and to
More informationCisco ISE Features. Cisco Identity Services Engine Administrator Guide, Release 1.4 1
Cisco ISE Overview, page 2 Key Functions, page 2 Identity-Based Network Access, page 2 Support for Multiple Deployment Scenarios, page 3 Support for UCS Hardware, page 3 Basic User Authentication and Authorization,
More informationModular Policy Framework. Class Maps SECTION 4. Advanced Configuration
[ 59 ] Section 4: We have now covered the basic configuration and delved into AAA services on the ASA. In this section, we cover some of the more advanced features of the ASA that break it away from a
More informationSegment Your Network for Stronger Security
Segment Your Network for Stronger Security Protecting Critical Assets with Cisco Security 2017 Cisco and/or its affiliates. All rights reserved. 2017 Cisco and/or its affiliates. All rights reserved. The
More informationEnabling Software- Defined Segmentation with TrustSec
Enabling Software- Defined Segmentation with TrustSec Fay-Ann Lee Technical Marketing Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More informationSecuring the Empowered Branch with Cisco Network Admission Control. September 2007
Securing the Empowered Branch with Cisco Network Admission Control September 2007 Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. 1 Contents 1 The Cisco Empowered Branch 2 Security Considerations
More informationCompTIA Network+ Study Guide Table of Contents
CompTIA Network+ Study Guide Table of Contents Course Introduction Table of Contents Getting Started About This Course About CompTIA Certifications Module 1 / Local Area Networks Module 1 / Unit 1 Topologies
More informationCisco TrustSec Quick Start Configuration Guide
Cisco TrustSec Quick Start Configuration Guide Table of Contents Introduction... 5 Using This Guide... 5 Baseline ISE Configuration for TrustSec... 7 Active Directory Integration (optional)... 7 Defining
More informationEvolution of Data Center Security Automated Security for Today s Dynamic Data Centers
Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers Speaker: Mun Hossain Director of Product Management - Security Business Group Cisco Twitter: @CiscoDCSecurity 2 Any
More informationCisco ISE Features Cisco ISE Features
Cisco ISE Overview, on page 2 Key Functions, on page 2 Identity-Based Network Access, on page 3 Support for Multiple Deployment Scenarios, on page 3 Support for UCS Hardware, on page 3 Basic User Authentication
More informationCisco Tetration Analytics Demo. Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH
Cisco Tetration Analytics Demo Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH Agenda Introduction Theory Demonstration Innovation Through Engineering
More informationCisco TrustSec Platform and Capability Matrix
TrustSec and Capability Matrix TrustSec uniquely builds upon your existing identityaware infrastructure by enforcing segmentation and access control policies in a scalable manner using the s detailed below:
More informationSoftware-Defined Access 1.0
White Paper Software-Defined Access 1.0 Solution White Paper Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA https://www.cisco.com/ Tel: 408 526-4000 800 553-NETS
More informationBuilding an End-End Policy Driven Secure Hybrid Cloud DC Architecture
BRKSEC-2980 Building an End-End Policy Driven Secure Hybrid Cloud DC Architecture David Jansen CCIE #5952 DSE Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years
More informationA Unified Threat Defense: The Need for Security Convergence
A Unified Threat Defense: The Need for Security Convergence Udom Limmeechokchai, Senior system Engineer Cisco Systems November, 2005 1 Agenda Evolving Network Security Challenges META Group White Paper
More informationKlaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access
Klaudia Bakšová System Engineer Cisco Systems Cisco Clean Access Agenda 1. Securing Complexity 2. NAC Appliance Product Overview and In-Depth 3. NAC Appliance Technical Benefits The Challenge of Securing
More informationCisco Day Hotel Mons Wednesday
Cisco Day 2016 20.4.2016 Hotel Mons Wednesday Three Friends in Security : Identity, Visibility and Enforcement Stop the bad guys immediately György Ács IT Security Consulting Systems Engineer 20 April
More informationCISCO EXAM QUESTIONS & ANSWERS
CISCO 648-385 EXAM QUESTIONS & ANSWERS Number: 648-385 Passing Score: 800 Time Limit: 120 min File Version: 41.0 http://www.gratisexam.com/ CISCO 648-385 EXAM QUESTIONS & ANSWERS Exam Name: CXFF - Cisco
More informationCisco.Network.Intuitive FastLane IT Forum. Andreas Korn Systems Engineer
Cisco.Network.Intuitive FastLane IT Forum Andreas Korn Systems Engineer 12.10.2017 Ziele dieser Session New Era of Networking - Was ist darunter zu verstehen? Software Defined Access Wie revolutioniert
More informationNetwork Automation and Branch Agility The Network Helps Enable Digital Business. Rajinder Singh Product Sales Specialist June 2016
Network Automation and Branch Agility The Network Helps Enable Digital Business Rajinder Singh Product Sales Specialist June 2016 Agenda WAN Market Drivers Cisco Intelligent WAN (IWAN) Cisco Intelligent
More information2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
2018 Cisco and/or its affiliates. All rights reserved. Cisco Public PSODCN-1030 Intent Based Systems Deliver Automation Dave Malik Cisco Fellow and Chief Architect Advanced Services @dmalik2 2018 Cisco
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationCIH
mitigating at host level, 23 25 at network level, 25 26 Morris worm, characteristics of, 18 Nimda worm, characteristics of, 20 22 replacement login, example of, 17 signatures. See signatures SQL Slammer
More informationConfigure Devices Using Converged Access Deployment Templates for Campus and Branch Networks
Configure Devices Using Converged Access Deployment Templates for Campus and Branch Networks What Are Converged Access Workflows?, on page 1 Supported Cisco IOS-XE Platforms, on page 3 Prerequisites for
More information: Designing for Cisco Internetwork Solutions (DESGN) v2.1
640-864: Designing for Cisco Internetwork Solutions (DESGN) v2.1 Course Introduction Course Introduction Module 01 - Network Design Methodology Overview Understanding the Network Architectures for the
More informationIntelligent WAN Multiple VRFs Deployment Guide
Cisco Validated design Intelligent WAN Multiple VRFs Deployment Guide September 2017 Table of Contents Table of Contents Deploying the Cisco Intelligent WAN... 1 Deploying the Cisco IWAN Multiple VRFs...
More informationIntroduction to 802.1X Operations for Cisco Security Professionals (802.1X)
Introduction to 802.1X Operations for Cisco Security Professionals (802.1X) The goal of the course is to provide students with foundational knowledge in the capabilities and functions of the IEEE 802.1x
More informationDeployment Scenarios
This chapter describes and shows some typical deployment scenarios for the Cisco 860, Cisco 880, and Cisco 890 series Intergrated Services Routers (ISRs): About the, page 1 Enterprise Small Branch, page
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST \ http://www.pass4test.com We offer free update service for one year Exam : 300-210 Title : Implementing Cisco Threat Control Solutions Vendor : Cisco Version : DEMO Get Latest & Valid 300-210
More informationDetecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0
Detecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Comments and errata should be directed to: cyber- tm@cisco.com Introduction One of the most common network
More informationCisco Software-Defined Access
Cisco Software-Defined Access Introducing an entirely new era in networking. What if you could give time back to IT? Provide network access in minutes for any user or device to any application-without
More information