Key Security Measures to Enable Next-Generation Data Center Transformation
|
|
- Dayna Welch
- 5 years ago
- Views:
Transcription
1
2 Key Security Measures to Enable Next-Generation Data Center Transformation Bill McGee Senior Manager, Security Solutions Cisco Systems, Inc.
3 Agenda Data Center Security Challenges Secure DC Strategies Secure DC Cyber Defense Cisco Secure DC Solutions New ASA Solutions Sourcefire IPS and AMP Control Without Compromise 3
4 Data Center Security Challenges
5 Edge Security was not designed to support the advances being made in the Data Center 5
6 Data Center Security Perception Ease of Provisioning Just 32% have a way to automate firewall rule management Over 50% Find it challenging to add security without impeding business goals 52% Feel their data centers are compromised due to accommodating firewalls Over 40% Perceive security as an inhibitor 54% plan to make significant security improvements or upgrades, or redesign the data center network entirely, over the next year. Maximized Performance 73% Don t believe current firewall and/or IPS technology meets today s increased performance requirements. The percentage of respondents that say speed and performance are critical when evaluating firewall and IPS solutions for data center 91% Pervasive Protection Results show that organizations are underprepared. 67% report instances of downtime over the past 12 months due to malware-related incidents. Organizations that automate firewall rules are twice as likely to report high confidence in firewall/ips solutions AND twice as likely to report zero downtime from malwarerelated incidents 6
7 Traditional Data Center Security Challenges Difficult Provisioning Provisioning takes days or weeks Forced to dumb down the data center Lose critical flexibility and responsiveness Limited Scalability Required to hairpin traffic for inspection Security becomes a bottleneck Separate Management Separate management for each device No coordination between DC and security Cumbersome Policy ACL overload Policies created by hand No coordination between security and UCS Closed Architecture Tied to a specific hypervisor and vswitch No or limited APIs No multi-tenant segmentation No support for DC applications 7
8 Provisioning Erode efficiency gains and can delay new services implementation by weeks or months Performance Insufficient performance and limited scalability Protection Limited threat awareness, limited visibility and fails to proactively defend the data center from emerging threats 8
9 9
10 Secure DC Strategies
11 Key Data Center Security Trends Scalability: Need for policy enforcement for high speed networks Resiliency: High availability is imperative for applications Expanded Deployment Options: Policy enforcement on inter-dc traffic Segmentation: Policy between specific groups, users, or applications Contextual Analysis: Global and local threat correlation Virtualization: Security for east-west traffic in multi-hypervisor environments 11
12 Data Center Security Solution Purchase Drivers Source: Infonetics Research, Inc. Data Center Security Strategies And Vendor Leadership Report, March 25,
13 1. Security Must Be Designed for the Data Center Ease of Provisioning Optimum Performance Actionable Protection Must be deployed dynamically and quickly Ties data center and security policy together Gives the right tool to the right team Optimized for DC performance east/west data bursts Highly available and resilient Matches security performance to network performance Supports asymmetrical traffic flows North-south protection East-west protection Signature-based protection Reputation-based protection Signature-less protection Custom application inspection 13
14 2. Security Must Be Part of The DC Architecture Traditional DC Application-Centric DC Policy Engine Role-Based Policy and Management Physical and Virtual Security Scalable Enforcement Data Center UCS Manager Resource Provisioning Monitoring Apps Programmable Provisioning Apps Networking Apps Physical and Virtual Security Data Center Fabric End-User Apps Provisionable Policy-Based Security Provisioning Scalable Security for Physical and Virtual/Cloud Simplified Policy and Management Service-Based Security Provisioning Scalable Security for Physical and Virtual/Cloud Centralized Policy and Management 14
15 3. Security Must Adapt As Data Centers Evolve WAN WAN WAN VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM 15
16 4. Security Must Address The Attack Continuum Attack Continuum BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Network Endpoint Mobile Virtual Cloud Point in Time Continuous 16
17 5. Data Centers Don t Exist In A Vacuum If data has any street value whether it s a major corporation s intellectual property or an individual s healthcare data it is desirable and, therefore, at risk. And most organizations, large and small, have already been compromised and don t even know it: 100 percent of business networks analyzed by Cisco have traffic going to websites that host malware. Cisco 2014 Annual Security Report 17
18 Secure DC Cyber Defense
19 Losing the Data Center Moving from end user compromise to losing the data center Step 1 End User Compromise Step 2 Compromise Server Step 3 Install VMBR Most organizations rely solely on access control and segmentation for threat capabilities SubVirt, Blue Pill, Vitriol are VMBRs User browses the Internet User is authorized to access server per ACLs Cyber Defenders Need More Capabilities VMs are now under cyber attacker control 19
20 The Attack Chain Cyber Attacker Process to Develop Capabilities Survey Develop Test Execute Accomplish Users/Employees? Default Passwords? Open Ports? Operating Systems? Counter Measures? Phishing Campaign? Objectives Data Theft Destruction Recon? Command and Control? Required Capabilities? Custom Malware? Open source Malware? Polymorphic Engines? Anti-detection? Phishing Campaign? Purchase Malware? Did rootkit Install? Two way communications? successful? Detected? Operating Systems? Web farms? Network Map? Have time? Malware drop End User Devices Servers Web Servers Gain second foothold Lateral Movement Evade Detection Extract data Plant evidence Hide additional rootkits Destroy artifacts Own the target! 20
21 Cyber Threat Management System Mapping Capabilities to The BDA Attack Continuum Threat Management System Capabilities Description Before During After Products Threat Containment and Remediation File, packet, and flow based inspection and analysis for threats End point protection agents, network based flow protection Cloud based end point file analysis, network based file analysis, network based flow analysis, signature based analysis, sandbox analysis Connections and flows analysis and remediation Sourcefire FireSIGHT, Intrusion Protection, Network based AMP, AMP, CWS AMP, FireAMP for End User and Mobile Access Control and Segmentation Access control policies, segmentation, secure separation End point group assignments, security zones, user to asset access policies Fabric enforcement, firewall policy enforcements, traffic normalization and protocol compliance Policy enforcement and logging ASA 5585-X, SGTs, SGACLs, SXP, and TrustSec capable switching fabric or ACI Fabric with ASAv Identity Management User identity and access posturing, network based user context User mapping to groups, resources, and acceptable access locations User context analysis User access and threat origination analysis and remediation Active Directory, Cisco ISE, Sourcefire FireSIGHT Application Visibility and Control File control and trajectory, network file trajectory, application quarantine Policies to limit and control access to internal and external applications Enforcement of application control policies Visibility into all applications being accessed and running on network Sourcefire Access Control, Sourcefire NGFW Logging and Traceability Management Threat forensics and compliance Proper configuration of threat management system reporting Active out of band logging Immediate access by proper threat function management platform. Consolidation of logs into central repository for further forensics and compliance Defense Center for short term logs, Lancope Stealthwatch for longer term NetFlow analysis logs, SPLUNK SIEM for log management compliance 21
22 Mapping Threat Capabilities to Controls Controls Can be Implemented Where There Are Capabilities Threat Containment Access Control and Segmentation Identity Management Application Management Logging and Traceability Capability File, packet and flow based inspection and analysis for threats Access control and segmentation User identity and access posturing, network based user context Application visibility and control Threat Forensics and compliance NIST SP Relevant Controls Incident Response, Maintenance, Media Protection, Risk Assessment, System and Information Integrity Access Control, System and Communications Protection Access Control System and Information Integrity, Access Control Audit and Accountability SANs Top 20 Critical Security Controls Continuous Vulnerability Assessment and Remediation, Malware Defenses, Data Protection Inventory of Authorized and Unauthorized Devices, Boundary Defense, Controlled Access Based on the Need to Know, Secure Network Engineering Controlled Access Based on the Need to Know, Secure Network Engineering Inventory of Auhorized and Unauthorized Software, Secure Network Engineering Maintenance, Monitoring, and Analysis of Audit Logs NIST Special Publication , Security and Privacy Controls for Federal Information Systems and Organizations states organizations can consider defining a set of security capabilities as a precursor to the security control selection process. protection of information being processed, stored, or transmitted by information systems, seldom derives from a single safeguard or counter measure (i.e. security control). 22
23 Covering The Entire Attack Continuum Attack Continuum BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Firewall VPN NGIPS Advanced Malware Protection NGFW UTM Web Security Network Behavior Analysis NAC + Identity Services Security Visibility and Context 23
24 Secure Data Center Threat Management New Threat Management Capabilities Threat Management System Capabilities Description Products Threat Containment and Remediation File, packet, and flow based inspection and analysis for threats Sourcefire FireSIGHT, Intrusion Protection, Network based AMP, AMP, CWS AMP, FireAMP for End User and Mobile Access Control and Segmentation Access control policies, segmentation, secure separation ASA 5585-X, SGTs, SGACLs, SXP, and TrustSec capable switching fabric or ACI Fabric with ASAv Identity Management User identity and access posturing, network based user context Active Directory, Cisco ISE, Sourcefire FireSIGHT Application Visibility and Control File control and trajectory, network file trajectory, application quarantine Sourcefire Access Control, Sourcefire NGFW Logging and Traceability Management Threat forensics and compliance Defense Center for short term logs, Lancope Stealthwatch for NetFlow based analysis, SIEM for log management compliance 24
25 Secure DC Portfolio Comprehensive Set of Capabilities for The Cyber Defender Four solutions jointly validated to create a complete solution Modular Approach Industry s Most Comprehensive Security Solution 25
26 Cisco s Latest Secure DC Solutions
27 ASAv and ASA 5585-X Cisco ASA Virtual Firewall Full ASA Feature Set Hypervisor Independent vswitch Agnostic Dynamic Scalability Cisco ASA 5585-X Series 16-node clustering Up to 640 Gbps throughput Multi-site clustering Manage clusters as a single device Load balancing between physical and virtual ASAs Support Traditional and Next-Gen Data Centers (SDN, ACI) Fully integrated into ACI APIC-based provisioning, orchestration, and management 27
28 FirePOWER NGIPS and AMP Industry-Best NG Intrusion Prevention Real-Time Contextual Awareness Full Stack Visibility Unparalleled Performance and Scalability Detects and Inspects Custom Applications Easily add Application Control, URL Filtering, and Advanced Malware Protection (AMP) with optional subscription licenses 28
29 New Secure Data Center CVD The Latest in A Series of Secure DC Designs Focused on Cyber Threat Defense - Fully Tested and Validated Architecture - Best Practices Design and Blueprint Integrates Cisco and Sourcefire Technologies See the Secure DC demo stations in the World of Solutions Security 29
30 Control Without Compromise
31 We are the global leader in data center security 31
32 Cisco Data Center Security Leadership Part 1 Part 2 Source: Infonetics Research, Inc. Data Center Security Strategies And Vendor Leadership Report, March 25,
33 33
34 Protect your data center while maintaining the flexibility and performance you need 34
35
36 Participate in the My Favorite Speaker Contest Promote Your Favorite Speaker and You Could be a Winner Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress) Send a tweet and include Your favorite speaker s Twitter handle Two hashtags: #CLUS #MyFavoriteSpeaker You can submit an entry for more than one of your favorite speakers Don t forget to View the official rules at 36
37 Complete Your Online Session Evaluation Give us your feedback and you could win fabulous prizes. Winners announced daily. Complete your session evaluation through the Cisco Live mobile app or visit one of the interactive kiosks located throughout the convention center. Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online 37
38 Continue Your Education Demos in the Cisco Campus Walk-in Self-Paced Labs Table Topics Meet the Engineer 1:1 meetings 38
39
40
Data Center Security. Fuat KILIÇ Consulting Systems
Data Center Security Fuat KILIÇ Consulting Systems Engineer @Security Data Center Evolution WHERE ARE YOU NOW? WHERE DO YOU WANT TO BE? Traditional Data Center Virtualized Data Center (VDC) Virtualized
More informationDeploying Intrusion Prevention Systems
Deploying Intrusion Prevention Systems Gary Halleen Consulting Systems Engineer II Agenda Introductions Introduction to IPS Comparing Cisco IPS Solutions IPS Deployment Considerations Migration from IPS
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect
Cisco Cyber Range Paul Qiu Senior Solutions Architect Cyber Range Service A platform to experience the intelligent Cyber Security for the real world What I hear, I forget What I see, I remember What I
More informationEvolution of Data Center Security Automated Security for Today s Dynamic Data Centers
Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers Speaker: Mun Hossain Director of Product Management - Security Business Group Cisco Twitter: @CiscoDCSecurity 2 Any
More informationCisco Cloud Security for Public & Private Cloud Villayat Muhammad : Technical Leader BRKSEC-2016
Cisco Cloud Security for Public & Private Cloud Villayat Muhammad : Technical Leader BRKSEC-2016 Agenda Security Challenges Design and Integration Compliance Guidance Cloud Data Center Security Challenges
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationResilient WAN and Security for Distributed Networks with Cisco Meraki MX
Resilient WAN and Security for Distributed Networks with Cisco Meraki MX Daghan Altas, Director of Product Management BRKSEC-2900 Agenda Problem Cisco CNG Live network creation demo (45m) Product Brief
More informationMAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER
MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationSourcefire Network Security Analytics: Finding the Needle in the Haystack
Sourcefire Network Security Analytics: Finding the Needle in the Haystack Mark Pretty Consulting Systems Engineer #clmel Agenda Introduction The Sourcefire Solution Real-time Analytics On-Demand Analytics
More informationAdvanced Malware Protection. Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe
Advanced Malware Protection Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe How would you do security differently if you knew you were going to be hacked? Security Challenges Changing
More informationAgile Security Solutions
Agile Security Solutions Piotr Linke Security Engineer CISSP CISA CRISC CISM Open Source SNORT 2 Consider these guys All were smart. All had security. All were seriously compromised. 3 The Industrialization
More informationAbout the Authors. Tom Hogue, Security Solutions Manager, Security Business Group, Cisco
Secure Data Center for Enterprise Threat Management with NextGen IPS Design Guide Last Updated: August 26, 2014 About the Authors About the Authors Tom Hogue, Security Solutions Manager, Security Business
More informationThe Internet of Everything is changing Everything
The Internet of Everything is changing Everything Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763 Global Security Sales Organization Changing Business Models Any Device
More informationAlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment
BRKPAR-2488 AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment Edy Almer How to Secure and Automate Your Heterogeneous Cisco Environment Yogesh Kaushik, Senior Director Cisco Doug
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect June 2016
Cisco Cyber Range Paul Qiu Senior Solutions Architect June 2016 What I hear, I forget What I see, I remember What I do, I understand ~ Confucius Agenda Agenda Cyber Range Highlights Cyber Range Overview
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years
More informationA New Security Model for the IoE World. Henry Ong SE Manager - ASEAN Cisco Global Security Sales Organization
A New Security Model for the IoE World Henry Ong SE Manager - ASEAN Cisco Global Security Sales Organization Internet of Everything The Internet of Everything brings together people, process, data and
More informationIntelligent WAN Sumanth Kakaraparthi Principal Product Manager PSOCRS-2010
Intelligent WAN Sumanth Kakaraparthi Principal Product Manager PSOCRS-2010 Agenda Challenges Architectures Cisco IWAN Proof Points Challenges Application landscape is changing Applications Are Moving to
More informationSDN Security BRKSEC Alok Mittal Security Business Group, Cisco
SDN Security Alok Mittal Security Business Group, Cisco Security at the Speed of the Network Automating and Accelerating Security Through SDN Countering threats is complex and difficult. Software Defined
More informationVirtualized Video Processing: Video Infrastructure Transformation Yoav Schreiber, Product Marketing Manager, Service Provider Video BRKSPV-1112
Toonces LOOK OUT! Virtualized Video Processing: Video Infrastructure Transformation Yoav Schreiber, Product Marketing Manager, Service Provider Video BRKSPV-1112 Agenda Video Industry Evolution and Challenges
More informationCisco ASA with FirePOWER Services
Cisco ASA with FirePOWER Services TDM Thomas Jankowsky Consulting Systems Engineer May 2015 Introduction Industry s First Threat-Focused Next-Generation Firewall (NGFW) Proven Cisco ASA firewalling Industry-leading
More informationSegmentation. Threat Defense. Visibility
Segmentation Threat Defense Visibility Establish boundaries: network, compute, virtual Enforce policy by functions, devices, organizations, compliance Control and prevent unauthorized access to networks,
More informationNext Generation IPS and Advance Malware Protection. Mahmoud Rabi Consulting Systems Engineer - Security
Next Generation IPS and Advance Malware Protection Mahmoud Rabi Consulting Systems Engineer - Security Threat Landscape and Attack Continuum Today s Real World: Threats are evolving and evading traditional
More informationThe Internet of Everything is changing Everything
The Internet of Everything is changing Everything Next Generation Security John Tzortzakakis Security Solutions Architect, Security Business Group November 2014 Threat Landscape evolution 60% of data is
More informationCisco Security Exposed Through the Cyber Kill Chain
Cisco Forschung & Lehre Forum für Mecklenburg Vorpommern Cisco Security Exposed Through the Cyber Kill Chain Rene Straube CSE, Cisco Advanced Threat Solutions January, 2017 The Cisco Security Model BEFORE
More informationCisco ASA 5500-X NGFW
Cisco ASA 5500-X NGFW Sieťová ochrana pre malé a stredné podniky pred modernými hrozbami Peter Mesjar CCIE 17428, Systémový Inžinier, Cisco What are we going to talk about Problem is THREATS How today
More informationCisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer
Cisco Next Generation Firewall and IPS Dragan Novakovic Security Consulting Systems Engineer Cisco ASA with Firepower services Cisco TALOS - Collective Security Intelligence Enabled Clustering & High Availability
More informationStop Threats Before They Stop You
Stop Threats Before They Stop You Gain visibility and control as you speed time to containment of infected endpoints Andrew Peters, Sr. Manager, Security Technology Group Agenda Situation System Parts
More informationCisco Cyber Threat Defense Solution 1.0
Cisco Cyber Threat Defense Solution 1.0 Contents 1. Introduction to the Cisco Cyber Threat Defense Solution 1.0 2. Technical overview of the Cisco Cyber Threat Defense Solution 1.0 3. Using the Cisco Cyber
More informationThe Importance of Threat-Centric Security
The Importance of Threat-Centric Security Jay Iyer Distinguished Engineer, Office of the Security CTO Martin Roesch Vice President and Chief Architect, Cisco Security Business Group BRKSEC-2135 Agenda
More informationCisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339
Cisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339 Agenda Introduction to Lab Exercises Platforms and Solutions ASA with
More informationAby se z toho bezpečnostní správci nezbláznili Cisco security integrace. Milan Habrcetl Cisco CyberSecurity Specialist Mikulov, 5. 9.
Aby se z toho bezpečnostní správci nezbláznili aneb Cisco security integrace Aby se z toho bezpečnostní správci nezbláznili Cisco security integrace Milan Habrcetl Cisco CyberSecurity Specialist Mikulov,
More informationSECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011
SECURING THE NEXT GENERATION DATA CENTER Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011 JUNIPER SECURITY LEADERSHIP Market Leadership Data Center with High-End
More informationCisco Secure Access Control
Cisco Secure Access Control Delivering Deeper Visibility, Centralized Control, and Superior Protection Martin Briand - Security Escalation VSE Global Virtual Engineering Oriol Madriles Soriano Security
More informationCisco Firepower NGIPS Tuning and Best Practices
Cisco Firepower NGIPS Tuning and Best Practices John Wise, Security Instructor High Touch Delivery, Cisco Learning Services CTHCRT-2000 Cisco Spark How Questions? Use Cisco Spark to communicate with the
More informationIntuit Application Centric ACI Deployment Case Study
Intuit Application Centric ACI Deployment Case Study Joon Cho, Principal Network Engineer, Intuit Lawrence Zhu, Solutions Architect, Cisco Agenda Introduction Architecture / Principle Design Rollout Key
More informationDesign and Deployment of SourceFire NGIPS and NGFWL
Design and Deployment of SourceFire NGIPS and NGFWL BRKSEC - 2024 Marcel Skjald Consulting Systems Engineer Enterprise / Security Architect Abstract Overview of Session This technical session covers the
More informationCCIE Collaboration Lab
CCIE Collaboration Lab Rami Kandah, Technical Leader Scott Hunt, UC Content Engineer James Lehto, UC Content Engineer David Mallory, CTO Learning@Cisco Overview: CCIE Certification Highest regarded IT
More informationDEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise
DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS Security Without Compromise CONTENTS INTRODUCTION 1 SECTION 1: STRETCHING BEYOND STATIC SECURITY 2 SECTION 2: NEW DEFENSES FOR CLOUD ENVIRONMENTS 5 SECTION
More informationProtection - Before, During And After Attack
Advanced Malware Protection for FirePOWER TM BENEFITS Continuous detection of malware - immediately and retrospectively Inline detection of sophisticated malware that evades traditional network protections
More informationSnort: The World s Most Widely Deployed IPS Technology
Technology Brief Snort: The World s Most Widely Deployed IPS Technology Overview Martin Roesch, the founder of Sourcefire and chief security architect at Cisco, created Snort in 1998. Snort is an open-source,
More informationCisco Tetration Analytics
Cisco Tetration Analytics Real-time application visibility and policy management using advanced analytics Yogesh Kaushik, Sr. Director Product Management PSOACI-2100 Agenda Market context Introduction:
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationExpert Reference Series of White Papers. Cisco Completes the Security Picture with Sourcefire
Expert Reference Series of White Papers Cisco Completes the Security Picture with Sourcefire 1-800-COURSES www.globalknowledge.com Cisco Completes the Security Picture with Sourcefire Rich Hummel, CCNA,
More informationFirewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků
Firewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků Jiří Tesař, CSE Security, jitesar@cisco.com CCIE #14558, SFCE #124266 Mapping Technologies to the
More informationIndustrial Defender ASM. for Automation Systems Management
Industrial Defender ASM for Automation Systems Management INDUSTRIAL DEFENDER ASM FOR AUTOMATION SYSTEMS MANAGEMENT Industrial Defender ASM is a management platform designed to address the overlapping
More informationThreat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN)
Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN) JP Vasseur, PhD - Cisco Fellow jpv@cisco.com Maik G. Seewald, CISSP Sr. Technical Lead maseewal@cisco.com June 2016 Cyber
More informationThreat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ
Threat Containment and Operations Yong Kwang Kek, Director of Presales SE, APJ 2018-07-19 1 1 2017 Infoblox Inc. All Rights 2013 Infoblox Inc. All Reserved. Rights Reserved. Three Aspects of Security #1
More informationCisco UCS Director and ACI Advanced Deployment Lab
Cisco UCS Director and ACI Advanced Deployment Lab Michael Zimmerman, TME Vishal Mehta, TME Agenda Introduction Cisco UCS Director ACI Integration and Key Concepts Cisco UCS Director Application Container
More informationAMP for Endpoints & Threat Grid
AMP for Endpoints & Threat Grid Response & Prevention Dean De Beer & Eric Hulse BRKSEC-2029 AMP Threat Grid Malware Analysis Engines & Techniques A little background Malware Analysis & Threat Intelligence
More informationAn Investment Checklist
Next-Generation Addressing Advanced Firewalls: Web Threats Next-Generation Firewalls: What You Will Learn When you buy a next-generation firewall (NGFW), you want to determine whether the solution can
More informationAssessing the Business Value of the Secured Datacenter
IDC SOLUTION BRIEF Assessing the Business Value of the Secured Datacenter Sponsored by: Cisco Pete Lindstrom Matthew Marden December 2014 Richard L. Villars OVERVIEW The world of IT is in the midst of
More informationSecuring the Empowered Branch with Cisco Network Admission Control. September 2007
Securing the Empowered Branch with Cisco Network Admission Control September 2007 Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. 1 Contents 1 The Cisco Empowered Branch 2 Security Considerations
More informationSecurity Challenges and
Security Challenges and Opportunities for IoE Becoming an IoE Ready Organization Steve Martino, Chief Information Security Officer, Cisco Lokesh Sisodiya, President, ISC2, East Bay Chapter Cisco Public
More informationCisco Comstor
Cisco Security @ Comstor 1 Agenda 1. Cisco Security Fundamentals Cyber Security? Cisco Security Solutions - Cisco NGFW - Cisco Umbrella Cisco Meraki, MR, MS, MV and MX Meraki Insight 2 1. Cisco Security
More informationDistributed Branch Deployment Costs
Branch Deployment Automation with Prime Infrastructure and APIC-EM Prakash Rajamani, Manager, Product Management Bipin Kapoor, Manager, Technical Marketing PSONMS-2003 Distributed Branch Deployment Costs
More informationBorderless Networks. Tom Schepers, Director Systems Engineering
Borderless Networks Tom Schepers, Director Systems Engineering Agenda Introducing Enterprise Network Architecture Unified Access Cloud Intelligent Network & Unified Services Enterprise Networks in Action
More informationCisco Solution Support
Service Definition Cisco Solution Support Security Solutions Service Definition October 2018 2015 Cisco and/or its affiliates. All rights reserv ed. This document is Cisco Public Information. Page 1 of
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationThe threat landscape is constantly
A PLATFORM-INDEPENDENT APPROACH TO SECURE MICRO-SEGMENTATION Use Case Analysis The threat landscape is constantly evolving. Data centers running business-critical workloads need proactive security solutions
More informationHow to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption
How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist April 2018 New
More informationProtecting Your Digital Business: The Case for Next-Generation Intrusion Prevention
White Paper Protecting Your Digital Business: The Case for Next-Generation Intrusion Prevention What You Will Learn Many companies that adopt a next-generation firewall (NGFW) believe that they can t benefit
More informationNetwork Visibility and Segmentation
Network Visibility and Segmentation 2019 Cisco and/ or its affiliates. All rights reserved. Contents Network Segmentation A Services Approach 3 The Process of Segmentation 3 Segmentation Solution Components
More informationNext generation branch with SD-WAN and NFV
Next generation branch with SD-WAN and NFV Kiran Ghodgaonkar, Senior Manager, Enterprise Marketing Mani Ganeson, Senior Product Manager PSOCRS-2004 @ghodgaonkar Cisco Spark How Questions? Use Cisco Spark
More informationCisco Security Enterprise License Agreement
Cisco Security Enterprise License Agreement Deploy Software and Technology more easily The Cisco Security Enterprise Licensing Agreement (ELA) gives you a simpler way to manage your licenses. And it saves
More informationCisco Advanced Malware Protection. May 2016
Cisco Advanced Malware Protection May 2016 The Reality Organizations Are Under Attack and Malware Is Getting in 95% of large companies targeted by malicious traffic 100% Cybercrime is lucrative, barrier
More informationCisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017
Cisco Security Advanced Malware Protection Guillermo González Security Systems Engineer Octubre 2017 The New Security Model Attack Continuum Before During After Before Discover During Detect After Scope
More informationIntelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales
Intelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales The Industrialization of Hacking Sophisticated Attacks, Complex Landscape Hacking Becomes an Industry Phishing,
More informationDeploying Cloud Network Services Prime Network Services Controller (formerly VNMC)
Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC) Dedi Shindler - Sr. Manager Product Management Cloud System Management Technology Group Cisco Agenda Trends Influencing
More informationBusiness Resiliency Through Superior Threat Defense
Business Resiliency Through Superior Threat Defense Firepower 2100 Series/ Cisco Identity Services Engine Andre Lambertsen, Consulting Systems Engineer ala@cisco.com Cisco Firepower NGFW Fully Integrated
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationAdvanced Malware Protection: A Buyer s Guide
Advanced Malware Protection: A Buyer s Guide What You Will Learn This document will identify the essential capabilities you need in an advanced malware protection solution, the key questions you should
More informationA Unified Threat Defense: The Need for Security Convergence
A Unified Threat Defense: The Need for Security Convergence Udom Limmeechokchai, Senior system Engineer Cisco Systems November, 2005 1 Agenda Evolving Network Security Challenges META Group White Paper
More informationDNA Automation Services Offerings
DNA Automation Services Offerings Jamie Owen, Solutions Architect, Cisco Advanced Services Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session
More informationUCS Management Deep Dive
UCS Management Deep Dive Jason Shaw Cisco UCS Technical Marketing Engineer Agenda Introductions UCS Architecture, Topology Physical Building Blocks Logical Building Blocks Policy Driven Management UCS
More informationInternet of Things. Tanja Hess Consulting Systems Engineer 2nd June 2016
Internet of Things Tanja Hess Consulting Systems Engineer 2nd June 2016 Agenda Cisco IoT System The Six Pillars of IoT IoT in Action The Cisco Role in IoT Cloud and Fog Analytics App Enablement App Enablement
More informationThreat Centric Network Security
BRKSEC-2056 Threat Centric Network Security Ted Bedwell, Principal Engineer Network Threat Defence Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More informationCisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002
Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002 Agenda Joint Cisco and Microsoft Integration Efforts Introduction to CCA-MCP What is a Pattern?
More informationCloudCenter for Developers
DEVNET-1198 CloudCenter for Developers Conor Murphy, Systems Engineer Data Centre Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the
More informationCisco Self Defending Network
Cisco Self Defending Network Integrated Network Security George Chopin Security Business Development Manager, CISSP 2003, Cisco Systems, Inc. All rights reserved. 1 The Network as a Strategic Asset Corporate
More informationalign security instill confidence
align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed
More informationNETWORKING &SECURITY SOLUTIONSPORTFOLIO
NETWORKING &SECURITY SOLUTIONSPORTFOLIO NETWORKING &SECURITY SOLUTIONSPORTFOLIO Acomprehensivesolutionsportfoliotohelpyougetyourbusiness securelyconnected.clickononeofoursolutionstoknowmore NETWORKING
More informationCisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics
Solution Overview Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics BENEFITS Gain visibility across all network conversations, including east-west and north-south
More informationIntelligent Cyber Security for Real World
Intelligent Cyber Security for Real World Simone Posti Security Account Manager Cisco GSSO June 2016 The Security Challenges Without integrated security, our data is at risk 60% of data is stolen in HOURS
More informationHow-To Threat Centric NAC Cisco AMP for Endpoints in Cloud and Cisco Identity Service Engine (ISE) Integration using STIX Technology
How-To Threat Centric NAC Cisco AMP for Endpoints in Cloud and Cisco Identity Service Engine (ISE) Integration using STIX Technology Author: John Eppich Table of Contents About this Document... 3 Introduction
More informationCisco Ransomware Defense The Ransomware Threat Is Real
Cisco Ransomware Defense The Ransomware Threat Is Real Seguridad Integrada Abril 2018 Ransomware B Malicious Software Encrypts Critical Data Demands Payment Permanent Data Loss Business Impacts Ramifications
More informationATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK INTRODUCTION Attivo Networks has partnered with Cisco Systems to provide advanced real-time inside-the-network
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationPSODCT-2088
Data Center and Cloud: Strategy and Planning The Next 5 Years Efficiency. Speed. Disruption Shashi Kiran, Sr. Director, Head of Marketing, DC and Cloud Networking skiran@cisco.com PSODCT-2088 Agenda Introduction
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationSecuring Your Amazon Web Services Virtual Networks
Securing Your Amazon Web Services s IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up a workload,
More informationSOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE
SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE 1 EXECUTIVE SUMMARY Attackers have repeatedly demonstrated they can bypass an organization s conventional defenses. To remain effective,
More informationInfoblox as Part of the Ecosystem
Infoblox Core Exchange Infoblox Core Exchange is a highly-interconnected set of ecosystem integrations that extend security, increase agility, and provide situational awareness for more efficient operations,
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationEnabling Quality of Service with Cisco SDN. Jon Snyder
Enabling Quality of Service with Cisco SDN Jon Snyder Agenda Introduction SDN: What Do We Mean, and What s the Point? Background Collaboration Applications and the Network SDN and APIC-EM Network Configuration
More informationDelivering Integrated Cyber Defense for the Cloud Generation Darren Thomson
Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582
More informationSoftware-Define Secure Networks The Future of Network Security for Digital Learning
Software-Define Secure Networks The Future of Network Security for Digital Learning SIGS, 5.Juli 2015 Klaus Ernst, Systems Engineer Juniper Networks Threat Landscape Feels like Treading Water 2017 IT Priorities
More informationCloud-Enable Your District s Network For Digital Learning
Cloud-Enable Your District s Network For Digital Learning Session B40 BrainStorm 17.0 Gavin Lee Education Business Development Manager Juniper Networks gavinl@juniper.net Juniper Innovations for Mission
More informationCisco Enterprise Cloud Suite for Service Providers. Cisco Knowledge Network Data Center Jan 16, 2018
Cisco Enterprise Cloud Suite for Service Providers Cisco Knowledge Network Data Center Jan 16, 2018 Agenda Cisco ONE Software Suite Overview Cisco Enterprise Agreement for Cisco ONE Cisco Service Provider
More information