Data Center Security. Fuat KILIÇ Consulting Systems
|
|
- Gilbert Geoffrey Rogers
- 6 years ago
- Views:
Transcription
1
2 Data Center Security Fuat KILIÇ Consulting Systems
3 Data Center Evolution WHERE ARE YOU NOW? WHERE DO YOU WANT TO BE? Traditional Data Center Virtualized Data Center (VDC) Virtualized Desktops Internal, Private Clouds Virtual Private Clouds (VPC) Public Clouds Consolidate Assets Virtualize the Environment Standardize Operations Automate Service Delivery Virtualization Cloud
4 Data Center Security Requirements Virtualization: Security for east-west traffic in multi-hypervisor environments Scalability: Need for policy enforcement for high speed networks Resiliency: High availability is imperative for applications Expanded Deployment Options: Policy enforcement on inter-dc traffic Segmentation: Policy between specific groups, users, or applications Threat Management: Threat correlation with contextual analysis
5 Edge Security NOT Designed for the DC Internet Edge Security Data Center Security Only sees symmetric traffic Mostly sees Internet apps and micro-apps Static scalability for predictable data volume, limited by edge data connection Monitors Ingress and Egress traffic. Only requires a physical appliance. Virtual devices (if any) limited to one hypervisor Standard deployment takes days or weeks Vendor support focused on traditional network deployments Must manage asymmetric traffic Sees customized and home-grown applications Requires dynamic scalability to secure high volume data bursts Security needs to be integrated in-line (East/West) Requires both a physical and a virtual solution. 42% of DCs have multiple hypervisors Must be deployed in hours or minutes The DC requires specialized support for planning, design, and implementation
6 1. Security Must Be Designed for the DC Network Integration Optimum Performance Threat-Based Security Must be deployed dynamically and quickly Ties data center and security policy together Gives the right tool to the right team Optimized for DC data bursts Highly available and resilient Matches security performance to network performance Supports asymmetric traffic. North-south and East-west protection Signature and signatureless protection Reputation-based protection Custom application inspection
7 2. Security Must Address The DC Architecture 76% 17% 7% East West Traffic North South Traffic Inter-DC Traffic 7
8 3. Security Must Adapt As The DC Evolves Changing business models and competitive environments are driving IT organizations down a DC evolutionary path: Virtualization, SDN, NFV, ACI, Cloud But what about security? 8
9 4. Security Must Be Threat Oriented Attack Continuum Before Control Enforce Harden During Detect Block Defend After Scope Contain Remediate Network Endpoint Mobile Virtual Cloud Point in Time Continuous
10 5. Data Centers Don t Exist In A Vacuum Data and threats flow horizontally across a network
11 NSS Labs NGFW Security Effectiveness Source: NSS Labs 2014
12 NSS Labs Next-Generation Firewall Security Value Map The NGFW Security Value Map shows the placement of Cisco ASA with FirePOWER Services and the FirePOWER 8350 as compared to other vendors. All three products achieved 99.2 percent in security effectiveness and now all can be confident that they will receive the best protections possible regardless of deployment. Source: NSS Labs 2014
13 NSS Labs NGFW Throughput Source: NSS Labs 2014
14 NSS Labs NGFW Connection Per Second Source: NSS Labs 2014
15 Security Designed for the Data Center ASAv and ASA 5585-X Cisco ASA Virtual Firewall Full ASA Feature Set Hypervisor Independent vswitch Agnostic Dynamic Scalability Cisco ASA 5585-X Series New: Now with FirePOWER NGIPS services Up to 640 Gbps throughput 16-node, multi-site clustering Clusters managed as a single device Load balancing between physical and virtual ASAs Support Traditional and Next-Gen Data Centers (SDN, NFV, ACI) Fully integrated into ACI APIC-based provisioning, orchestration, and management
16 Secure Data Center for the Enterprise Capabilities Necessary to Defend the Modern Data Center Cisco Collective Security Intelligence Enabled Clustering and High Availability Intrusion Prevention (Subscription) FireSIGHT Analytics and Automation Advanced Malware Protection (Subscription) WWW URL Filtering (Subscription) World s most widely deployed, enterprise-class Cisco ASA stateful firewall Cisco Application Visibility and Control (AVC) with detailed control Network Firewall Routing Switching Application Visibility and Control Built-in Network Profiling Identity-Policy Control and VPN Industry-leading Cisco FirePOWER nextgeneration IPS (NGIPS) Cisco ASA Reputation- and category-based URL filtering Cisco Advanced Malware Protection (AMP)
17 ASA Cluster Scalability A 16 node ASA 5585-X cluster* can deliver up to: Layer-2 Deployment Data Plane 1 2 ASA 5585-X Cluster Master Slave 256Gps of real-world mixed traffic throughput (640Gbps Max) 50M concurrent connections Nexus 7Ks are vpc Peers 3 4 Slave Slave Consistent scaling factor regardless of units in cluster Nexus 7K #1 5 Slave Nexus 7K #2 Handles the expected asymmetric traffic flows found in a modern data centers PC-1 6 Slave PC-1 Integrates with FirePOWER Appliances and Services Modules for AVC and NextGen IPS Slaves 16 Slave *Cisco ASA Software release 9.2 +
18 Cisco ASA Clustering Correct Asynchronous Flows ASA / FirePOWER Appliance Set #1 ASA-1 (5585-X) Inside Firewall Policy Outside Inside Firewall Policy Outside Destination DATA Cluster lookup of flow owner Inside South Context ASA / FirePOWER Appliance Set #2 Firewall Policy South Context Outside Flow Inspection Inside North Context Firewall Policy North Context NGIPS-1 ASA-2 (5585-X) Outside NGIPS-2 CCL DATA Request Reply Source LACP chooses ASA to send packet to Flow Inspection ASA Clustering eliminates the need for a statefull load-balancer in the data center to scale security services performance
19 Redundancy and Scalability Network Integration Performance Redundancy and Scalability Link Device Site
20 Link Scalability Full Flow Asymmetry Support Multiple Uplink Routers Equal Cost Multipath (ECMP) OSPF/BGP routing for rapid failure detection Multiple Physical Links Port Aggregation (EtherChannel) LACP for dynamic bundling and failure detection
21 Device Scalability Redundant Firewalls Cluster Single Logical Firewall Clustering with full state backup Redundant Switches vpc/vss Complete Fault Tolerance Spanned Etherchannel with LACP for ports Non-Stop Forwarding (NSF) for OSPF/BGP Single Virtual Switch Virtual PortChannel (vpc) on Nexus Virtual Switch System (VSS) on Catalyst
22 Site Scalability Site A Site B Local Traffic Processing Inter-site Clustering Clustering with full state backup Site-specific switch connections Endpoint Mobility VLAN Segment Extension Overlay Transport Virtualiation (OTV) Clustering retains connection state
23 Security & Threat Operations Management 1 NetOPS Workflows - CSM 4.6 or ASDM-ASA-On-Box 2 SecOPS Workflows -FireSIGHT Management Center FireAMP Connector (Managed by FMC) NGFW/NGIPS Management Forensics / Log Management Network AMP / Trajectory Vulnerability Management¹ Incident Control System¹ Adaptive Security Policy Retrospective Analysis Correlated SIEM Eventing² Network-Wide / Client Visibility 1 Passive Vulnerability Management and Basic ICS Customer may still choose to invest in a commercial product 2 FMC is NOT a SIEM, while it does provide Correlated SIEM eventing and integrates natively into the SIEM used by the customer Visibility Categories Threats Users Web Applications Application Protocols File Transfers Malware Command & Control Servers Client Applications Network Servers Operating Systems Routers & Switches Mobile Devices Printers VoIP Phones Virtual Machines
24 Simplifying Security Across the Enterprise End-to-End Cisco TrustSec Security vsphere vsphere Data Center WiF i Remote VPN User IT Managed Devices Wireless User Personal Devices Wired User Campus and Mobile Workers User Identity Authorized Users Guest Access Devices ASA firewall learns when new a workload is provisioned and automatic applies security policy Identity Services Engine Allow Limited Access Deny Roles-Based Policies Allow Limited Access Deny Cisco Nexus 7000 Administrator assigns workload to proper group. Switches send update to devices for policy maps. Cisco Security Manager Cisco UCS Director Policies SG Tags Allow Limited Access Deny Slaves Master Cisco ASA 5585-X Firewall Cluster Storage Converged Network Stack Physical Access Compute App O App O App O App O S S S S Cisco Nexus 1000V Tier 1 App O App O App O App O S S S S Cisco Nexus 1000V Tier 2 App O App O App O App O S S S S Cisco Nexus 1000V Tier N Vblocks/ FlexPods
25 Simplified Matrix of Policies Increases Security Destination SGT Source SGT Public Portal (SGT 8) Internal Portal (SGT 9) IT Portal (SGT 4) Patient Record DB (SGT 10) Doctor (SGT 7) Web Web No Access Web File Share HR DB (SGT 5) SQL SSL Web SSH RDP File Share Full Access Simplified policies eases auditability for addressing the compliance challenges of today SQL
26 Capabilities Flow Diagram Malware Flow From User to Server Asset Protections Along the Way Device Posturing FireAMP for file analysis User Logging SGACL Enforcement NetFlow Analysis SGACL Enforcement TrustSec SXP Data Black hole Prevention Operational Efficiency Policy Consolidation Traffic Normalization Asymmetric Traffic Flow Redundancy ASA Cluster Intrusion Prevention Network AMP Application Detection Application Control Indicators of Compromise Retrospection Connection Intelligence File Trajectory Network Trajectory FireAMP on Servers Secure Application Tiering Port Profile SGT Assignments East-West Protection 1 ISE User Identity AD User Identity 5 Mgmt. Defense Center 2 SXP & SGACLs 3 4 SXP 6 On Campus User Campus Core DC Core/Agg ASA D8250 Cluster Mobile User Data Center Servers/Assets
27 Radius HTTPS Cyber Threat Defense for Data Center Global view of infrastructure threats OOB management infrastructure supports relevant traffic flows StealthWatch Management Console VE ISE Policy Manager Cisco ASA cluster monitored from the Cisco Nexus 7000 NetFlow Sources SMC HTTPS NetFlow Security Event Logging (NSEL) on the ASA is optional and complementary NSEL monitors flow creation, flow teardown, and flow denial by ACLs SPAN Sources StealthWatch FlowCollector(s) FC FC FC NSEL was not validated NetFlow Generation Appliance(s) (NGA) Cisco Nexus 1000v Virtual Services Module (VSM)
28 Application Centric Infrastructure (ACI) Flat Hardware Accelerated Network Full abstraction, de-coupled from VLANs and Dynamic Routing, low latency, built-in QoS Flexible Insertion Every device is one hop away, microsecond latency, no power or port availability constraints, ease of scaling Intelligent Fabric Fabric Port Services Hardware filtering and bridging; seamless service insertion, service farm aggregation Unified Management and Visibility ACI Controller manages all participating devices, change control and audit capabilities Files Users Logical Endpoint Groups by Role Heterogeneous clients, servers, external clouds; fabric controls communication
29 Traditional ASA Policy Set Complication Network Admin Add client , call Security Admin to enable access 1 30 ACL Rules Remove client , no other action necessary Clients 2 Add ASA rules for client Security Admin access-list OUT permit tcp host host eq 80 access-list OUT permit tcp host host eq 443 [ ] access-list OUT permit icmp host host Servers HTTP (TCP/80) HTTPS (TCP/443) SSH (TCP/22) SMTP (TCP/25) ICMP 215 ACL Rules access-list OUT permit tcp host host eq 80 access-list OUT permit tcp host host eq 443 [ ] access-list OUT permit icmp host host Original ASA rules never change 4 45 ACL Rules
30 Distributed Port Level Filtering with ACI Network Admin Source Leaf 1, port 1 Leaf 1, port 10 Leaf 2, port 12 EPG Users Users Users Remove client Add client , use standard ASA template Destination Leaf 3, port 2 Leaf 4, port 8 Leaf 5, port 12 Clients Port Rules EPG Servers Servers Servers Service TCP/80 TCP/443 TCP/22 TCP/25 ICMP Advanced policies, limited ACL rules Action Redirect, ASA1 Redirect, ASA1 Redirect, ASA1 Redirect, ASA1 Redirect, ASA1 ASA1 Same 5 port level service rules and actions Create standard ASA advanced policy templates in IFC Servers Security Admin HTTP (TCP/80) HTTPS (TCP/443) SSH (TCP/22) SMTP (TCP/25) ICMP
31 Cisco Secure Data Center Enterprise Cisco Validated Designs that include Scalable performance Simplified policy management Intrusion protection and application visibility Recommended architecture based on best practices
32 Combined Overview of CVD Architecture Enterprise Core Storage SAN Data Cisco Nexus 1000v Virtual Supervisor Module Threat Management with NextGen IPS ASA Clustering with FirePOWER Services CCL Active Directory Identity Services Engine Cisco Security Manager NetFlow Generation Appliances Cyber Threat Defense Secure Enclave Architecture (SEA) FlexPod Four solutions jointly validated to create a complete portfolio
33
Key Security Measures to Enable Next-Generation Data Center Transformation
Key Security Measures to Enable Next-Generation Data Center Transformation Bill McGee Senior Manager, Security Solutions Cisco Systems, Inc. Agenda Data Center Security Challenges Secure DC Strategies
More informationSegmentation. Threat Defense. Visibility
Segmentation Threat Defense Visibility Establish boundaries: network, compute, virtual Enforce policy by functions, devices, organizations, compliance Control and prevent unauthorized access to networks,
More informationEvolution of Data Center Security Automated Security for Today s Dynamic Data Centers
Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers Speaker: Mun Hossain Director of Product Management - Security Business Group Cisco Twitter: @CiscoDCSecurity 2 Any
More informationCisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer
Cisco Next Generation Firewall and IPS Dragan Novakovic Security Consulting Systems Engineer Cisco ASA with Firepower services Cisco TALOS - Collective Security Intelligence Enabled Clustering & High Availability
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationCisco ASA with FirePOWER Services
Cisco ASA with FirePOWER Services TDM Thomas Jankowsky Consulting Systems Engineer May 2015 Introduction Industry s First Threat-Focused Next-Generation Firewall (NGFW) Proven Cisco ASA firewalling Industry-leading
More informationSDN Security BRKSEC Alok Mittal Security Business Group, Cisco
SDN Security Alok Mittal Security Business Group, Cisco Security at the Speed of the Network Automating and Accelerating Security Through SDN Countering threats is complex and difficult. Software Defined
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years
More informationAgile Security Solutions
Agile Security Solutions Piotr Linke Security Engineer CISSP CISA CRISC CISM Open Source SNORT 2 Consider these guys All were smart. All had security. All were seriously compromised. 3 The Industrialization
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect
Cisco Cyber Range Paul Qiu Senior Solutions Architect Cyber Range Service A platform to experience the intelligent Cyber Security for the real world What I hear, I forget What I see, I remember What I
More informationDEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise
DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS Security Without Compromise CONTENTS INTRODUCTION 1 SECTION 1: STRETCHING BEYOND STATIC SECURITY 2 SECTION 2: NEW DEFENSES FOR CLOUD ENVIRONMENTS 5 SECTION
More informationThe Internet of Everything is changing Everything
The Internet of Everything is changing Everything Next Generation Security John Tzortzakakis Security Solutions Architect, Security Business Group November 2014 Threat Landscape evolution 60% of data is
More informationAbout the Authors. About the Authors
Cisco Secure Data Center for Enterprise Single Site Clustering with Cisco TrustSec Technology Implementation Guide Last Updated: March 19, 2014 About the Authors About the Authors Tom Hogue, Security Solutions
More informationImplementing Cisco Edge Network Security Solutions ( )
Implementing Cisco Edge Network Security Solutions (300-206) Exam Description: The Implementing Cisco Edge Network Security (SENSS) (300-206) exam tests the knowledge of a network security engineer to
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationCisco ASA 5500-X NGFW
Cisco ASA 5500-X NGFW Sieťová ochrana pre malé a stredné podniky pred modernými hrozbami Peter Mesjar CCIE 17428, Systémový Inžinier, Cisco What are we going to talk about Problem is THREATS How today
More informationBorderless Networks. Tom Schepers, Director Systems Engineering
Borderless Networks Tom Schepers, Director Systems Engineering Agenda Introducing Enterprise Network Architecture Unified Access Cloud Intelligent Network & Unified Services Enterprise Networks in Action
More informationThe Internet of Everything is changing Everything
The Internet of Everything is changing Everything Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763 Global Security Sales Organization Changing Business Models Any Device
More informationCisco HyperFlex Systems
White Paper Cisco HyperFlex Systems Install and Manage Cisco HyperFlex Systems in a Cisco ACI Environment Original Update: January 2017 Updated: March 2018 Note: This document contains material and data
More informationMAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER
MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric
More informationCisco Cloud Security for Public & Private Cloud Villayat Muhammad : Technical Leader BRKSEC-2016
Cisco Cloud Security for Public & Private Cloud Villayat Muhammad : Technical Leader BRKSEC-2016 Agenda Security Challenges Design and Integration Compliance Guidance Cloud Data Center Security Challenges
More informationBusiness Resiliency Through Superior Threat Defense
Business Resiliency Through Superior Threat Defense Firepower 2100 Series/ Cisco Identity Services Engine Andre Lambertsen, Consulting Systems Engineer ala@cisco.com Cisco Firepower NGFW Fully Integrated
More informationCisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002
Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002 Agenda Joint Cisco and Microsoft Integration Efforts Introduction to CCA-MCP What is a Pattern?
More informationCisco - ASA Lab Camp v9.0
Cisco - ASA Lab Camp v9.0 Code: 0007 Lengt h: 5 days URL: View Online Based on our enhanced SASAC v1.0 and SASAA v1.2 courses, this exclusive, lab-based course, provides you with your own set of equipment
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationCisco ASA Next-Generation Firewall Services
Q&A Cisco ASA Next-Generation Firewall Services Q. What are Cisco ASA Next-Generation Firewall Services? A. Cisco ASA Next-Generation Firewall Services are a modular security service that extends the Cisco
More informationDesign and Deployment of SourceFire NGIPS and NGFWL
Design and Deployment of SourceFire NGIPS and NGFWL BRKSEC - 2024 Marcel Skjald Consulting Systems Engineer Enterprise / Security Architect Abstract Overview of Session This technical session covers the
More informationIdentity Based Network Access
Identity Based Network Access Identity Based Network Access - Agenda What are my issues Cisco ISE Power training What have I achieved What do I want to do What are the issues? Guest Student Staff Contractor
More informationCisco Security Exposed Through the Cyber Kill Chain
Cisco Forschung & Lehre Forum für Mecklenburg Vorpommern Cisco Security Exposed Through the Cyber Kill Chain Rene Straube CSE, Cisco Advanced Threat Solutions January, 2017 The Cisco Security Model BEFORE
More informationCisco Secure Enclaves Architecture
White Paper Cisco Secure Enclaves Architecture Design Guide 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 23 Contents Introduction... 3 Goals of This Document...
More informationAbout the Authors. Tom Hogue, Security Solutions Manager, Security Business Group, Cisco
Secure Data Center for Enterprise Threat Management with NextGen IPS Design Guide Last Updated: August 26, 2014 About the Authors About the Authors Tom Hogue, Security Solutions Manager, Security Business
More information2012 Cisco and/or its affiliates. All rights reserved. 1
2012 Cisco and/or its affiliates. All rights reserved. 1 Policy Access Control: Challenges and Architecture UA with Cisco ISE Onboarding demo (BYOD) Cisco Access Devices and Identity Security Group Access
More informationCisco Virtual Networking Solution Nexus 1000v and Virtual Services. Abhishek Mande Engineer
Cisco Virtual Networking Solution Nexus 1000v and Virtual Services Abhishek Mande Engineer mailme@cisco.com Agenda Application requirements in virtualized DC The Anatomy of Nexus 1000V Virtual Services
More informationSubscriber Data Correlation
Subscriber Data Correlation Application of Cisco Stealthwatch to Service Provider mobility environment Introduction With the prevalence of smart mobile devices and the increase of application usage, Service
More informationDELL EMC VSCALE FABRIC
NETWORK DATA SHEET DELL EMC VSCALE FABRIC FIELD-PROVEN BENEFITS Increased utilization and ROI Create shared resource pools (compute, storage, and data protection) that connect to a common, automated network
More informationCisco Firepower Thread Defence. Claudiu Boar
Cisco Firepower Thread Defence Claudiu Boar Security everywhere Stop threats at the edge Control who gets onto your network Find and contain problems fast Protect users wherever they work Simplify network
More informationCertKiller q
CertKiller.500-451.28q Number: 500-451 Passing Score: 800 Time Limit: 120 min File Version: 5.3 500-451 Cisco Unified Access Systems Engineer Exam I just passed today with 89%. My sole focus was the VCE.
More informationAlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment
BRKPAR-2488 AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment Edy Almer How to Secure and Automate Your Heterogeneous Cisco Environment Yogesh Kaushik, Senior Director Cisco Doug
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect June 2016
Cisco Cyber Range Paul Qiu Senior Solutions Architect June 2016 What I hear, I forget What I see, I remember What I do, I understand ~ Confucius Agenda Agenda Cyber Range Highlights Cyber Range Overview
More informationCisco CloudCenter Solution with Cisco ACI: Common Use Cases
Cisco CloudCenter Solution with Cisco ACI: Common Use Cases Cisco ACI increases network security, automates communication policies based on business-relevant application requirements, and decreases developer
More informationSteelConnect. The Future of Networking is here. It s Application- Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN
Data Sheet SteelConnect The Future of Networking is here. It s Application- Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN The Business Challenge Delivery of applications is becoming
More informationCisco Virtual Networking Solution for OpenStack
Data Sheet Cisco Virtual Networking Solution for OpenStack Product Overview Extend enterprise-class networking features to OpenStack cloud environments. A reliable virtual network infrastructure that provides
More informationCisco Unified Data Center Strategy
Cisco Unified Data Center Strategy How can IT enable new business? Holger Müller Technical Solutions Architect, Cisco September 2014 My business is rapidly changing and I need the IT and new technologies
More informationCisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack
White Paper Cisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack Introduction Cisco Application Centric Infrastructure (ACI) is a next-generation data center fabric infrastructure
More informationCisco Security Enterprise License Agreement
Cisco Security Enterprise License Agreement Deploy Software and Technology more easily The Cisco Security Enterprise Licensing Agreement (ELA) gives you a simpler way to manage your licenses. And it saves
More informationLayer 4 to Layer 7 Design
Service Graphs and Layer 4 to Layer 7 Services Integration, page 1 Firewall Service Graphs, page 5 Service Node Failover, page 10 Service Graphs with Multiple Consumers and Providers, page 12 Reusing a
More informationVXLAN Overview: Cisco Nexus 9000 Series Switches
White Paper VXLAN Overview: Cisco Nexus 9000 Series Switches What You Will Learn Traditional network segmentation has been provided by VLANs that are standardized under the IEEE 802.1Q group. VLANs provide
More informationNetwork Visibility and Segmentation
Network Visibility and Segmentation 2019 Cisco and/ or its affiliates. All rights reserved. Contents Network Segmentation A Services Approach 3 The Process of Segmentation 3 Segmentation Solution Components
More informationSTRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
More informationSecurity for shared infrastructure in Cisco ONE Enterprise Cloud Suite BRKPCA-2040
Security for shared infrastructure in Cisco ONE Enterprise Cloud Suite Roxana Diaz TSA, CCIE BRKPCA-2040 @roxadiaz2 Agenda Introduction Cisco VACS Overview VACS Configuration Security Use-cases Customers
More informationDC: Le Converged Infrastructure per Software Defined e Cloud Cisco NetApp - Softway. Luigi MARCOCCHIA SOFTWAY
DC: Le Converged Infrastructure per Software Defined e Cloud Cisco NetApp - Softway Luigi MARCOCCHIA SOFTWAY Today s Businesses Require Greater Agility Focus on increasing speed of business Customers expect
More informationNGFWv & ASAv in Public Cloud (AWS & Azure)
& in Public Cloud (AWS & Azure) Anubhav Swami, CCIE# 21208 Technical Marketing Engineer Your Speaker Anubhav Swami answami@cisco.com Technical Marketing Engineer 5 years in Cisco TAC 2 years in ASA BU
More informationNetwork Virtualization Business Case
SESSION ID: GPS2-R01 Network Virtualization Business Case Arup Deb virtual networking & security VMware NSBU adeb@vmware.com I. Data center security today Don t hate the player, hate the game - Ice T,
More informationFully Integrated, Threat-Focused Next-Generation Firewall
Cisco Firepower NGFW Fully Integrated, Threat-Focused Next-Generation Firewall Fuat KILIÇ, fkilic@cisco.com, +905339284608 Security Consulting Systems Engineer, CCIE #21150 September 2016 Get ahead of
More informationFirePower 2100 NGFW. Elodie Heurtevent Security BDM Commercial. 21 March 2017
FirePower 2100 NGFW Elodie Heurtevent Security BDM Commercial 21 March 2017 Capture the NGFW Opportunity "Less than 40% of enterprise Internet connections today are secured using nextgeneration firewalls
More informationCisco ONE Enterprise Cloud Suite
Cisco ONE Enterprise Cloud Suite Pragmatic Progression to Cloud Automation Geoff Soon Today s Businesses Require Greater Agility Focus on increasing speed of business Customers expect on-demand service
More informationCisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions
Data Sheet Cisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions Security Operations Challenges Businesses are facing daunting new challenges in security
More informationSecuring BYOD with Cisco TrustSec Security Group Firewalling
White Paper Securing BYOD with Cisco TrustSec Security Group Firewalling Getting Started with TrustSec What You Will Learn The bring-your-own-device (BYOD) trend can spur greater enterprise productivity
More informationIntegrating the Cisco ASA with Cisco Nexus 9000 Series Switches and the Cisco Application Centric Infrastructure
Solution Guide Integrating the Cisco ASA with Cisco Nexus 9000 Series Switches and the Cisco Application Centric Infrastructure Data Center Design Opportunities Modern designs for the highly secure data
More informationTitle DC Automation: It s a MARVEL!
Title DC Automation: It s a MARVEL! Name Nikos D. Anagnostatos Position Network Consultant, Network Solutions Division Classification ISO 27001: Public Data Center Evolution 2 Space Hellas - All Rights
More informationSAFE Design Guide. Places in the Network: Secure Data Center. April 2018 First Look Guide
Places in the Network: Secure Data Center April 2018 First Look Guide 2 Secure Data Center Design Guide Contents April 2018 Contents 3 7 11 19 27 30 31 33 Introduction Data Center Business Flows 5 Data
More informationThe threat landscape is constantly
A PLATFORM-INDEPENDENT APPROACH TO SECURE MICRO-SEGMENTATION Use Case Analysis The threat landscape is constantly evolving. Data centers running business-critical workloads need proactive security solutions
More informationHow to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption
How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist April 2018 New
More informationCisco Application Centric Infrastructure
Data Sheet Cisco Application Centric Infrastructure What s Inside At a glance: Cisco ACI solution Main benefits Cisco ACI building blocks Main features Fabric Management and Automation Network Security
More informationNext Generation IPS and Advance Malware Protection. Mahmoud Rabi Consulting Systems Engineer - Security
Next Generation IPS and Advance Malware Protection Mahmoud Rabi Consulting Systems Engineer - Security Threat Landscape and Attack Continuum Today s Real World: Threats are evolving and evading traditional
More informationDesign Guide: Deploying NSX for vsphere with Cisco ACI as Underlay
Design Guide: Deploying NSX for vsphere with Cisco ACI as Underlay Table of Contents Executive Summary... 2 Benefits of NSX Architecture... 4 2.1 NSX Primary Use Cases... 4 2.2 Logical Layer Connectivity...
More informationSecuring the Software-Defined Data Center
Securing the Software-Defined Data Center The future of the data center is software defined Key Advantages McAfee Network Platform 8.4 Delivers best-in-class IPS security across physical and softwaredefined
More informationCisco Network Admission Control (NAC) Solution
Data Sheet Cisco Network Admission Control (NAC) Solution New: Updated to include the Cisco Secure Network Server (SNS) Cisco Network Admission Control (NAC) solutions allow you to authenticate wired,
More informationCisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339
Cisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339 Agenda Introduction to Lab Exercises Platforms and Solutions ASA with
More informationDeploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework
White Paper Deploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework August 2015 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
More information"Charting the Course... Designing Cisco Data Center Infrastructure (DCID) Course Summary
Course Summary Description v6.0 is a five-day instructor-led course that focuses on data center design based on Cisco solutions. The course includes theoretical content, as well as design oriented case
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
SAI2803BU The Road to Micro- Segmentation with VMware NSX #VMworld #SAI2803BU Disclaimer This presentation may contain product features that are currently under development. This overview of new technology
More informationFirepower Techupdate April Jesper Rathsach, Consulting Systems Engineer Cisco Security North April 2017
Firepower 6.2.1 Techupdate April 2017 Jesper Rathsach, Consulting Systems Engineer Cisco Security North April 2017 Firepower 6.2.1 Nr. 1 most important!! Firepower 6.2.1 BUGFIXES!!!!! Alle kendte severity
More informationNetwork Segmentation Through Policy Abstraction: How TrustSec Simplifies Segmentation and Improves Security Sept 2014
In most organizations networks grow all the time. New stacks of security appliances, new applications hosted on new clusters of servers, new network connections, new subnets, new endpoint platforms and
More informationCisco Cyber Threat Defense Solution 1.0
Cisco Cyber Threat Defense Solution 1.0 Contents 1. Introduction to the Cisco Cyber Threat Defense Solution 1.0 2. Technical overview of the Cisco Cyber Threat Defense Solution 1.0 3. Using the Cisco Cyber
More informationGUIDE. Optimal Network Designs with Cohesity
Optimal Network Designs with Cohesity TABLE OF CONTENTS Introduction...3 Key Concepts...4 Five Common Configurations...5 3.1 Simple Topology...5 3.2 Standard Topology...6 3.3 Layered Topology...7 3.4 Cisco
More informationBuilding Private Cloud Infrastructure
Building Private Cloud Infrastructure Matthias Wessendorf Consulting Systems Engineer 20.11.2014 Cloud == FOG?? 3 The Path to Data Center Transformation Application- Based Silos Zones of Virtualization
More informationExam Code: Exam Code: Exam Name: Advanced Borderless Network Architecture Systems Engineer test.
Exam Code: 700-303 Number: 700-303 Passing Score: 800 Time Limit: 120 min File Version: 41.2 http://www.gratisexam.com/ Exam Code: 700-303 Exam Name: Advanced Borderless Network Architecture Systems Engineer
More informationCisco UCS Director and ACI Advanced Deployment Lab
Cisco UCS Director and ACI Advanced Deployment Lab Michael Zimmerman, TME Vishal Mehta, TME Agenda Introduction Cisco UCS Director ACI Integration and Key Concepts Cisco UCS Director Application Container
More informationIntelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales
Intelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales The Industrialization of Hacking Sophisticated Attacks, Complex Landscape Hacking Becomes an Industry Phishing,
More informationSourcefire and ThreatGrid. A new perspective on network security
Sourcefire and ThreatGrid A new perspective on network security Agenda An overview of traditional IPS solutions Next-Generation IPS Requirements Sourcefire Next-Generation IPS Advanced Malware Protection
More informationCisco Enterprise Cloud Suite Overview Cisco and/or its affiliates. All rights reserved.
Cisco Enterprise Cloud Suite Overview 2015 Cisco and/or its affiliates. All rights reserved. 1 CECS Components End User Service Catalog SERVICE PORTAL Orchestration and Management UCS Director Application
More informationCisco Secure Access Control
Cisco Secure Access Control Delivering Deeper Visibility, Centralized Control, and Superior Protection Martin Briand - Security Escalation VSE Global Virtual Engineering Oriol Madriles Soriano Security
More informationImproving Security with Cisco ASA Firepower Services Claudiu Onisoru, Senior Solutions Engineer Cisco Connect - 18 March 2015
Improving Security with Cisco ASA Firepower Services Claudiu Onisoru, Senior Solutions Engineer Cisco Connect - 18 March 2015 1 Agenda Frontal Communication: Who we are? - Key points - Competencies Areas
More informationSecurity Considerations for Cloud Readiness
Application Note Zentera Systems CoIP Platform CoIP Defense-in-Depth with Advanced Segmentation Advanced Segmentation is Essential for Defense-in-Depth There is no silver bullet in security a single solution
More informationVeč kot SDN - SDA arhitektura v uporabniških omrežjih
Več kot SDN - SDA arhitektura v uporabniških omrežjih Aleksander Kocelj SE Cisco Agenda - Introduction to Software Defined Access - Brief description on SDA - Cisco SDA Assurance - DEMO 2 New Requirements
More informationCisco SDN 解决方案 ACI 的基本概念
Cisco SDN 解决方案 ACI 的基本概念 Presented by: Shangxin Du(@shdu)-Solution Support Engineer, Cisco TAC Aug 26 th, 2015 2013 Cisco and/or its affiliates. All rights reserved. 1 Type Consumption Delivery Big data,
More informationThe IINS acronym to this exam will remain but the title will change slightly, removing IOS from the title, making the new title.
I n t r o d u c t i o n The CCNA Security IINS exam topics have been refreshed from version 2.0 to version 3.0. This document will highlight exam topic changes between the current 640-554 IINS exam and
More informationImplementing Cisco Network Security (IINS) 3.0
Implementing Cisco Network Security (IINS) 3.0 COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationMcAfee Virtual Network Security Platform
McAfee Virtual Network Security Platform Complete threat detection for cloud networks McAfee Virtual Network Security Platform is a complete network threat and intrusion prevention system (IPS) solution
More informationInternet of Things. Tanja Hess Consulting Systems Engineer 2nd June 2016
Internet of Things Tanja Hess Consulting Systems Engineer 2nd June 2016 Agenda Cisco IoT System The Six Pillars of IoT IoT in Action The Cisco Role in IoT Cloud and Fog Analytics App Enablement App Enablement
More informationBuild application-centric data centers to meet modern business user needs
Build application-centric data centers to meet modern business user needs Citrix.com Table of contents Meeting current business challenges...3 Device package integration...5 Policy-based service insertion...6
More informationDatacenter Management and The Private Cloud. Troy Sharpe Core Infrastructure Specialist Microsoft Corp, Education
Datacenter Management and The Private Cloud Troy Sharpe Core Infrastructure Specialist Microsoft Corp, Education System Center Helps Deliver IT as a Service Configure App Controller Orchestrator Deploy
More informationCisco TrustSec Software-Defined Segmentation Platform and Capability Matrix Release 6.3
TrustSec Software-Defined Segmentation Platform and Capability Matrix Release 6.3 TrustSec uniquely builds upon your existing identity-aware infrastructure by enforcing segmentation and access control
More informationSECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011
SECURING THE NEXT GENERATION DATA CENTER Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011 JUNIPER SECURITY LEADERSHIP Market Leadership Data Center with High-End
More informationCisco ACI Multi-Pod and Service Node Integration
White Paper Cisco ACI Multi-Pod and Service Node Integration 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 68 Contents Introduction... 3 Prerequisites...
More informationDeploying Intrusion Prevention Systems
Deploying Intrusion Prevention Systems Gary Halleen Consulting Systems Engineer II Agenda Introductions Introduction to IPS Comparing Cisco IPS Solutions IPS Deployment Considerations Migration from IPS
More informationCisco Cloud Security. How to Protect Business to Support Digital Transformation
Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,
More informationCisco ISE Features. Cisco Identity Services Engine Administrator Guide, Release 1.4 1
Cisco ISE Overview, page 2 Key Functions, page 2 Identity-Based Network Access, page 2 Support for Multiple Deployment Scenarios, page 3 Support for UCS Hardware, page 3 Basic User Authentication and Authorization,
More informationF5 Demystifying Network Service Orchestration and Insertion in Application Centric and Programmable Network Architectures
F5 Demystifying Network Service Orchestration and Insertion in Application Centric and Programmable Network Architectures Jeffrey Wong - Solution Architect F5 Networks February, 2015 Agenda F5 Synthesis
More information