SAFE Architecture Guide. Places in the Network: Secure Branch
|
|
- Abraham Paul
- 6 years ago
- Views:
Transcription
1 SAFE Architecture Guide Places in the Network: Secure Branch January 2018
2 SAFE Architecture Guide Places in the Network: Secure Branch Contents January 2018 Contents Overview Business Flows Threats Security Capabilities Architecture Small Branch 14 Medium Branch 15 Large Branch 16 Attack Surface Human 17 Devices 18 Access Layer 19 Core and Distribution Layer 20 Services Layer 21 Summary Appendix A Proposed Design 23 Suggested Components
3 SAFE Architecture Guide Places in the Network: Secure Branch Overview January Overview The Secure Branch is a place in the network (PIN) where a company does business across dispersed locations. This guide addresses the most common branch business flows across all industries and the security used to defend them. Branch examples are stores in retail, clinics in healthcare, banks in financial markets, etc. Typically less complex and smaller in footprint than campuses or data centers, branches can have large numbers of locations supporting network access for employees, third parties, and customers. The Secure Branch is one of the six places in the network within SAFE. SAFE is a holistic approach in which Secure PINs model the physical infrastructure and Secure Domains represent the operational aspects of a network. The Secure Branch architecture guide provides: Business flows typical for branch locations Branch threats and security capabilities Business flow security architecture Design examples and a parts list Compliance Segmentation Security Intelligence Threat Defense Management Secure Services Places in the Network (PINs) Domains Figure 1 The Key to SAFE. SAFE provides the Key to simplify cybersecurity into Secure Places in the Network (PINs) for infrastructure and Secure Domains for operational guidance.
4 SAFE Architecture Guide Places in the Network: Secure Branch Overview January SAFE simplifies security by starting with business flows, then addressing their respective threats with corresponding security capabilities, architectures, and designs. SAFE provides guidance that is holistic and understandable. T H E K E Y T O S A F E Design Guides Architecture Guides Operations Guides Design Guides Secure Data Center Capability Guide Secure Services Secure Cloud SAFE Overview Threat Defense Secure WAN Segmentation Secure Internet Edge YOU ARE HERE Compliance Secure Branch Security Intelligence Secure Campus Management PLACES IN THE NETWORK SECURE DOMAINS Figure 2 SAFE Guidance Hierarchy
5 SAFE Architecture Guide Places in the Network: Secure Branch Business Flows January Business Flows The Secure Branch is where physical presence is important for internal employees, third-party partners, and customers. Internally, employees use devices (PCs, laptops, phones, tablets, and other tools) that require access to branch-critical applications (i.e. payments), collaboration services like (voice, video, ) and the Internet. Third parties, such as service providers and partners, require remote access to applications and devices. Customers at the branch use guest Internet access on their phones or tablets. Clerk processing credit card transaction to PCI server Employee researching product information on website Customer Third Party Internal Subject matter expert consulting with remote colleague Connected device with remote vendor support Guest accessing Internet website Figure 3 Branch business use cases are color coded to define where they flow.
6 SAFE Architecture Guide Places in the Network: Secure Branch Business Flows January Functional Controls Functional controls are common security considerations that are derived from the technical aspects of the business flows. Secure Applications Secure Access Secure Remote Access Secure Communications Secure Web Access Applications require sufficient security controls for protection. Employees, third parties, customers, and devices securely accessing the network. Secure remote access for employees and third-party partners that are external to the company network. , voice, and video communications connect to potential threats outside of company control and must be secured. Web access controls enforce usage policy and help prevent network infection. Secure applications for PCI: Clerk processing credit card transaction to PCI server Secure web access for employees: Employee researching product information on website Customer Third Party Internal Secure communications for collaboration: Subject matter expert consulting with remote colleague External access VPN: Connected device with remote vendor support Secure guest Internet access: Guest accessing Internet website Figure 4 Branch business flows map to functional controls based on the types of risk they present.
7 SAFE Architecture Guide Places in the Network: Secure Branch Business Flows January Capability Groups Branch security is simplified using foundational, access and business capability groups. Each flow requires access and foundational groups. Additional business activity risks require appropriate controls as shown in figure 5 which often reside outside the branch (nonbranch capabilities). For more information regarding capability groups, refer to the SAFE overview guide. Branch Capabilities Non-Branch Capabilities Clerk Secure applications for PCI: Clerk processing credit card transaction Payment Application Client-Based Security Identity Posture Assessment Firewall Intrusion Prevention Flow Analytics Threat Intelligence Anti- Malware TrustSec AVC Web Application Firewall Host-Based Security Customer Third Party Internal Employee Expert Thermostat Guest Client-Based Security Client-Based Security DNS Security DNS Security Identity Identity Identity Wireless Intrusion Prevention Posture Assessment Posture Assessment Wireless Rogue Detection Secure web access for employees: Employee researching product information Firewall Firewall Firewall Firewall Intrusion Prevention Intrusion Prevention Intrusion Prevention Intrusion Prevention Flow Analytics Flow Analytics Flow Analytics Flow Analytics Threat Intelligence Threat Intelligence Threat Intelligence Threat Intelligence Anti- Malware Anti- Malware Anti- Malware Anti- Malware TrustSec TrustSec TrustSec TrustSec AVC VPN Web Security Secure communications for collaboration: Subject matter expert consultation Posture Assessment Posture Assessment Identity Secure remote access for third party: Connected device with remote vendor support Client-Based Security Secure web access for guests: Guest accessing the Internet for comparative shopping Client-Based Security Identity Website Colleague Remote Technician Website ACCESS FOUNDATIONAL BUSINESS Figure 5 Branch security simplified into capability groups Secure Branch threats and capabilities are defined in the following sections.
8 SAFE Architecture Guide Places in the Network: Secure Branch Threats January Threats The branch has four primary threats, and the defense is explained throughout the rest of the document: Exploitation of trust People have a specific job to do. Unfortunately, the trust of employees can be compromised. Malicious employees (especially administrators) are very dangerous. Partners can be compromised. If a trusted partner is breached, an attacker would have access via stolen credentials. Endpoint malware Devices present at the branch are a common source of contamination. Devices of employees, partners or customers can be infected from multiple sources such as web use, use, or lateral infection from other devices on the network. Mobile devices can roam networks increasing chances of compromise. Devices accepting credit cards and the Internet of Things are primary attack points. Unauthorized/malicious device activity Devices at the branch range from Employee PCs to Temperature Controls Units. Although PCs can use client security software, zeroday attacks can bypass them. Worse, many devices are not constructed with strong security. Advanced persistent threats take advantage of exploits from various resources, and once compromised through vulnerability, can be used to contribute to a larger overall attack. Wireless infrastructure exploits Wireless networks expose companies to threats beyond their walls. A company s wireless service allows attackers access that they would not normally have without physical access. Attackers with physical access can place their own (rogue) wireless access points which allow them to continue attacks from parking lots or other locations outside the physical walls of the company.
9 SAFE Architecture Guide Places in the Network: Secure Branch Security Capabilities January Security Capabilities The attack surface of the branch is defined by the business flow, which includes the people and the technology present. The security capabilities that are needed to respond to the threats are mapped in Figure 6. The branch security capabilities are listed in table 1. The placement of these capabilities are discussed in the architecture section. HUMAN DEVICES NETWORK APPLICATIONS Attack Surface Users Endpoints Wired Wireless Analysis WAN Cloud Services Employees, Third Parties, Customers, and Administrators Client Voice Network Wireless Connection Public WAN Public/Hybrid Cloud Application Video Security Identity Client-Based Firewall Wireless Rogue Anti-Malware Security Detection Web Security Cloud Security Server-Based Security Posture Assessment Intrusion Prevention Wireless Intrusion Prevention System Threat Intelligence Virtual Private Network (VPN) TrustSec Flow Analytics Figure 6 Secure Branch Attack Surface and Security Capabilities The branch primary threats are mitigated by security capabilities placed within architectural locations that are described in the following sections.
10 SAFE Architecture Guide Places in the Network: Secure Branch Security Capabilities January Table 1 Secure Branch Attack Surface, Security Capability, and Threat Mapping Branch Attack Surface Human Security Capability Threat Users: Employees, third parties, customers, and administrators. Identity: Identity-based access. Attackers accessing restricted information resources. Devices Security Capability Threat Client-based Security: Security software for devices with the following capabilities: Anti-Malware Malware compromising systems. Clients: Devices such as PCs, laptops, smartphones, tablets. Anti-Virus Cloud Security Viruses compromising systems. Redirection of user to malicious website. Personal Firewall Unauthorized access and malformed packets connecting to client. Posture Assessment: Client endpoint compliance verification and authorization. Compromised devices connecting to infrastructure. Voice: Phone. N/A: Covered in Secure Services domain. Attackers accessing private information. Video: Displays, collaboration. N/A: Covered in Secure Services domain. Attackers accessing private information.
11 SAFE Architecture Guide Places in the Network: Secure Branch Security Capabilities January Network Security Capability Threat Wired Network: Physical network infrastructure; routers, switches, used to connect access, distribution, core, and services layers together. Firewall: Stateful filtering and protocol inspection between branch layers and the outside Internet, and service provider connections to the data center. Intrusion Prevention: Blocking of attacks by signatures and anomaly analysis. Unauthorized access and malformed packets between and within the branch. Attacks using worms, viruses, or other techniques. TrustSec: Policy-based segmentation. Unauthorized access and malicious traffic between branch layers. Wireless Network: Branches vary from having robust local wireless controller security services to a central, cost-efficient model. Wireless Rogue Detection: Detection and containment of malicious wireless devices that are not controlled by the company. Wireless Intrusion Prevention (WIPS): Blocking of wireless attacks by signatures and anomaly analysis. Unauthorized access and disruption of wireless network. Attacks on the infrastructure via wireless technology. Anti-Malware: Identify, block, and analyze malicious files and transmissions. Malware distribution across networks or between servers and devices. Analysis: Analysis of network traffic within the branch. Threat Intelligence: Contextual knowledge of existing and emerging hazards. Zero-day malware and attacks. Flow Analytics: Network traffic metadata identifying security incidents. Traffic, telemetry, and data exfiltration from successful attacks. WAN: Public and untrusted Wide Area Networks that connect to the company, such as the Internet. Web Security: Web, DNS, and IP-layer security and control for the branch. Virtual Private Network (VPN): Encrypted communication tunnels. Attacks from malware, viruses, and redirection to malicious URLs. Exposed services and data theft of remote workers and third parties.
12 SAFE Architecture Guide Places in the Network: Secure Branch Security Capabilities January Cloud Cloud Security: Web, DNS, and IP-layer security and control in the cloud for the campus. Attacks from malware, viruses, and redirection to malicious URLs. DNS Security Redirection of user to malicious website. Cloud-based Firewall Unauthorized access and malformed packets connecting to services. Software-Defined Perimeter (SDP/SD-WAN): Easily collecting information and identities. Web Security: Internet access integrity and protections. Infiltration and exfiltration via HTTP. Web Reputation/ Filtering: Tracking against URL-based threats. Attacks directing to a malicious URL. Cloud Access Security Broker (CASB) Unauthorized access and Data loss. Applications Security Capability Threat Server-based Security: Security software for servers with the following capabilities: Anti-Malware: Identify, block, and analyze malicious files and transmissions. Malware distribution across servers. Applications Anti-Virus Viruses compromising systems. Cloud Security Redirection of session to malicious website. Host-based Firewall Unauthorized access and malformed packets connecting to server. Management Security Capability These security capabilities are required across all PINs: Identity/authorization Policy/configuration Analysis/correlation Monitoring Vulnerability management Logging/reporting Time synchronization/ntp Get details on these management security capabilities in the SAFE Management Architecture Guide.
13 CEO sending to Shareholders Guest browsing Employee browsing Subject Matter Expert Building Controls HUMAN DEVICES NETWORK APPLICATIONS Branch Manager browsing information Customer browsing prices Clerk processing credit card Subject Matter Expert Building Controls Wireless Guest Employee Phone Environmental Controls Wireless Guest Employee Phone Environmental Controls Wireless Access Point Wireless Access Point Access Distribution Wireless Controller Firepower Appliance BUILDING BLOCK Wireless Controller HUMAN DEVICES NETWORK APPLICATIONS Server Core CORE BLOCK Router Web Security Firepower Appliance Blade Server Guest Wireless Communications Manager SERVICES Anti-Malware Threat Intelligence Web Reputation/ Filtering/DCS Anomaly Detection Application Visibility Control (AVC) Router vrouter v Comparative Shopping Website vfirepower Appliance vfirepower Appliance vradware Appliance v Secure Server vfirepower Appliance vfirepower Appliance Product Information Website Customer making purchase NETWORK vradware Appliance REMOTE USERS Technician submitting task Third-party Technician accessing logs NETWORK v v v Shareholder receiving from CEO Router Firepower Appliance Storage Server Secure Server Secure Server Wholesaler Website APPLICATIONS Database Zone Payment Application Workflow Application Hosted E-Commerce SERVICES Identity Authorization DNS Security Distributed Denial of Service Protection Web Security Router Wireless Controller Communications Manager Secure Server FMC Security RA VPN Firepower Appliance Distribution Firepower Appliance Firepower Appliance Firepower Appliance Firepower Appliance Nexus NETWORK NETWORK Wireless Controller DMVPN Adaptive Security Appliance Nexus Nexus Adaptive Security Appliance Radware Appliance Radware Appliance Radware Appliance Payment Secure Server Application Nexus Fabric Nexus Fabric Nexus Fabric SERVERS Hyperflex Server Blade Server Secure Server Secure Server APPLICATIONS Database Payment Application Workflow Application Communication Services SAFE Architecture Guide Places in the Network: Secure Branch Architecture January Architecture SAFE underscores the challenges of securing the business. It enhances traditional network diagrams to include a security-centric view of the company s business. The Secure Branch architectures are logical groupings of security and network capabilities that support branch business use cases. Branches are not easily defined across multiple industries; SAFE uses several sizes of branches to address a large cross-section of scenarios. SAFE business flow security architecture depicts a security focus. Traditional design diagrams that depict cabling, redundancy, interface addressing, and specificity are depicted in SAFE design diagrams. Note that a SAFE logical architecture can have many different physical designs. Cloud Branch Services Business Use Cases Edge Perimeter Services Untrusted Trusted Enterprise DMZ VPN Business Use Cases Endpoints Access Services Internet Campus Business Endpoints Access Use Cases Distribution Core Services Services Services Core Distribution Access Endpoints Business Use Cases Data Center WAN Figure 7 SAFE Model. The SAFE Model simplifies complexity across a business by using Places in the Network (PINs) that it must secure.
14 SAFE Architecture Guide Places in the Network: Secure Branch Architecture January Small Branch The Secure Small Branch architecture has the following characteristics: Location size averages between 1,000 and 6,000 square feet Preference for integrated services within fewer network components because of physical space requirements Wireless connectivity Single router with firewall/ips, integrated Ethernet switch, compact switch, and power-over-ethernet (PoE) Web security via the cloud Survivable Remote Site Telephony (SRST) Majority of applications in data center or cloud Fewer than 25 traditional devices (PCs, laptops, tablets, phones, etc.) requiring network connectivity Fewer than 25 low-bandwidth devices (sensors, thermostats, printers, etc.) Small Branch Architecture HUMAN DEVICES NETWORK APPLICATIONS Secure Web Branch Manager browsing information Guest Wireless Customer browsing prices Wireless Guest Wireless Access Point Secure Applications Clerk processing credit card Access Router Secure Communications Product Information Website Subject Matter Expert Employee Phone Secure Third Parties Comparative Shopping Website Building Controls Environmental Controls Server Payment Processing Business Use Cases Endpoints Access Services Remote Colleague Third-party Technician accessing logs Figure 8 Secure Small Branch. The Secure Small Branch business flows and security capabilities are arranged into a logical architecture. The colored business use cases flow through the green architecture icons with the required blue security capabilities.
15 SAFE Architecture Guide Places in the Network: Secure Branch Architecture January Medium Branch The Secure Medium Branch architecture uses the following characteristics: Location size averages between 6,000 and 18,000 square feet Redundant LAN and WAN infrastructures with firewall/ips The physical size is smaller than a large branch, so a core and distribution layer of network switches is not required Web security via the cloud Wireless connectivity Survivable Remote Site Telephony (SRST) traditional devices (PCs, laptops, tablets, phones, etc.) requiring network connectivity Fewer than 100 low-bandwidth devices (sensors, thermostats, printers, etc.) Medium Branch Architecture HUMAN DEVICES NETWORK APPLICATIONS Secure Web Branch Manager browsing information Wireless Controller Guest Wireless Customer browsing prices Wireless Guest Wireless Access Point Secure Applications Clerk processing credit card Access Router Secure Communications Product Information Website Subject Matter Expert Employee Phone Secure Third Parties Comparative Shopping Website Building Controls Environmental Controls Server Payment Processing Business Use Cases Endpoints Access Services Remote Colleague Third-party Technician accessing logs Figure 9 Secure Medium Branch. The Secure Medium Branch business flows and security capabilities are arranged into a logical architecture. The colored business use cases flow through the green architecture icons with the required blue security capabilities.
16 SAFE Architecture Guide Places in the Network: Secure Branch Architecture January Large Branch The Large Branch architecture includes the following design requirements: Location size averages between 15,000 and 150,000 square feet Multiple routers for primary and backup network connectivity requirements Preference for a combination of network services distributed across the facility to meet resilience and application availability requirements Tiered network architecture within the branch; distribution layer switches are employed between the central network services core and the access layer connecting to the network endpoints (endpoints, wireless APs, servers) Unified Communications with centralized or distributed PSTN access and services 100 or more traditional devices (PCs, laptops, tablets, phones, etc.) requiring network connectivity 100 or more low-bandwidth devices (sensors, thermostats, printers, etc.) Large Branch Architecture HUMAN DEVICES NETWORK APPLICATIONS Secure Web Branch Manager browsing information Wireless Controller Guest Wireless Customer browsing prices Wireless Guest Wireless Access Point Web Security Secure Applications Clerk processing credit card Core/ Distribution Firepower Appliance Router Secure Communications Product Information Website Subject Matter Expert Employee Phone Communications Manager Secure Third Parties Comparative Shopping Website Building Controls Environmental Controls Server Payment Processing Business Use Cases Endpoints Access Collapsed Core & Distribution Services Remote Colleague Third-party Technician accessing logs Figure 10 Secure Large Branch. The Secure Large Branch business flows and security capabilities are arranged into a logical architecture. The colored business use cases flow through the green architecture icons with the required blue security capabilities.
17 SAFE Architecture Guide Places in the Network: Secure Branch Attack Surface January Attack Surface The Secure Branch attack surface of Human, Devices, Network, and Applications is consistent across all sizes of branch architectures. The sections below discuss the security capability that defends the threats associated with each layer of the surface. Note that the capability might be a service that is supplied from another PIN. For example, the Identity service is prompted to a human, on a user s device, enforced at the switch, and served from the Data Center. However, for the sake of simplifying, Identity is depicted logically where the risk exists of supplying credentials: the human. Human Typically, humans in the branch are employees, customers, and remote access users such as partners. Exploitation of Trust attacks happen most frequently at this layer. Credential management of employees, partners and customers with effective role based segmentation minimized the risk or this threat Primary Security Capability Identity Security technology should be augmented with security awareness training and acceptable Secure Web use policies for internal, partner, and customer users. No amount of technology can prevent successful attacks if humans in your company, both internal and partner users, are not trained to keep security in mind. Security training and metrics of adoption are critical elements to reducing the risk of this attack surface. Guest Wireless Secure Applications Branch Manager browsing information Customer browsing prices Wireless Guest Administrators have more authority than normal users and the systems they have access to. Additional controls should be used like two-factor authentication, limited access to job function, and logging of their changes. Secure Communications Clerk processing credit card Subject Matter Expert Employee Phone Appropriate identity services defined by policy must be supplied with associated, approved clients and devices. Secure Third Parties Building Controls Environmental Controls Figure 11 Business Use Cases Business Use Cases Endpoints
18 SAFE Architecture Guide Places in the Network: Secure Branch Attack Surface January Devices Devices are part of the security reference architecture. Endpoint Malware and Malicious device activity attacks occur at this layer. Combining identity, posture assessments with the capabilities of the device layer minimize the risk of these threats. Branch Manager browsing information Perimeter defenses are no longer (if ever) sufficient. A secure company uses the network and the devices connecting to it as baselines for comparison. If you are not using the network as a sensor, you are not secure. This visibility allows for effective containment through intelligent architectural design. It is equally important to ensure that clients (PCs, tablets, phones, and other connected devices) are participating in security and that malicious devices are quarantined. Primary Security Capability Customer browsing prices Clerk processing credit card Subject Matter Expert Building Controls Business Use Cases Wireless Guest Employee Phone Environmental Controls Endpoints Wireless Access Point Access Access Client-based Security Figure 12 Branch Devices Client-Based Security Anti-Virus Anti-Malware Cloud Security Personal Firewall
19 SAFE Architecture Guide Places in the Network: Secure Branch Attack Surface January Access Layer The access layer is where users and devices connect to the company network. It is the first line of defense within the Secure Branch architecture. Its purpose is to identify the users, to assess compliance to policy of devices seeking access to the network, and to respond appropriately. Wireless infrastructure exploits typically happen at the access layer. Unauthorized wireless access points and attacks on the wireless communication are mitigated by security capabilities. This layer connects to the distribution or core layer in a hierarchical organization that simplifies network troubleshooting and segments traffic for security. The network as a sensor utilizes flow analytics to capture anomalies and provide visibility to attacks. Violations of posture, identity, or anomalous behavior can be enforced. Wireless Guest Employee Phone Environmental Controls Endpoints Wireless Access Point Access Access Primary Security Capability Figure 13 Access Layer Identity Flow Analytics Posture Assessment TrustSec Wireless Rogue Detection
20 SAFE Architecture Guide Places in the Network: Secure Branch Attack Surface January Core and Distribution Layer The access/distribution/core is classic network hierarchy. Due to branches having smaller footprints, these functions may be collapsed. By segregating the access layer from the services layer, this layer provides a distribution method of services that discretely separates business-based traffic into flows. Primary Security Capability Wireless Access Point Wireless Controller Identity Flow Analytics Core/ Distribution Firepower Appliance Posture Assessment TrustSec Server Access Collapsed Core & Distribution Figure 14 Collapsed Core and Distribution
21 SAFE Architecture Guide Places in the Network: Secure Branch Attack Surface January Services Layer The services layer connects the Secure Branch to the outside data center and Internet via service providers. It connects the access and distribution layers inside the branch to the security and inspection capabilities that secure the separate business flows coming into and out of the branch. Primary Security Capability Foundational Security Services Firewall IPS Threat Intelligence Anti-Malware Flow Analytics TrustSec Wireless Controller Identity Web Security Business-based Security Firepower Appliance Router Web Security VPN Application Visibility Control Communications Manager WIPS Wireless Rogue Detection Server Services Server-based Security Figure 15 Services Layer Server-Based Security Anti-Virus Anti-Malware Cloud Security Host-Based Firewall
22 SAFE Architecture Guide Places in the Network: Secure Branch Summary January Summary Today s companies are threatened by increasingly sophisticated attacks. Branches are commonly targeted because they are susceptible to physical access and have a large mix of services across increasingly complicated devices. SAFE is Cisco s security reference architecture that simplifies the security challenges of today and prepares for the threats of tomorrow. Cisco s Secure Branch architecture and solutions defend the business against corresponding threats.
23 SAFE Architecture Guide Places in the Network: Secure Branch Appendix January Appendix A Proposed Design The Secure Branch has been deployed in Cisco s laboratories. Portions of the design have been validated and documentation is available on Cisco Design Zone. Figures depict the specific products that were selected within Cisco s laboratories. It is important to note that the Secure Branch architecture can produce many designs based on performance, redundancy, scale, and other factors. The architecture provides the required logical orientation of security capabilities that must be considered when selecting products to ensure that the documented business flows, threats, and requirements are met. Small Branch Design HUMAN DEVICES NETWORK APPLICATIONS Corporate Laptop AIR-CAP3702E-A-K9 Secure Web FP-AMP-LC UMBRELLA-SUB Host Firewall WIRELESS SSID:EMPLOYEE G0/1 Guest Device Guest Wireless UMBRELLA-SUB WIRELESS SSID:GUEST MANAGEMENT VLAN WDATA VLAN VOICE VLAN L-FP4351-TAMC UCS-E160S-M3 Branch Point of Sale G1/11 UCS-E 2/0/0 UCS-E 1/0/0 Secure Applications FP-AMP-LC UMBRELLA-SUB Host Firewall P0 WS-C3560CX-12PC-S PCI VLAN G1/5 G1/1 TRUNK G0/1 G3/0/1 G1/6 G1/10 ISR4351-K9 Corporate Computer CP-9951-C-K9 Secure Communications FP-AMP-LC UMBRELLA-SUB Host Firewall P1 P0 DATA VLAN VOICE VLAN Building Controls Secure Third Parties VENDOR VLAN Business Use Cases Endpoints Access Services Figure 16 Secure Small Branch Proposed Design
24 SAFE Architecture Guide Places in the Network: Secure Branch Appendix January Medium Branch Design HUMAN DEVICES NETWORK APPLICATIONS Corporate Laptop AIR-CAP3702E-A-K9 (QTY:3) Secure Web FP-AMP-LC UMBRELLA-SUB Host Firewall WIRELESS SSID:EMPLOYEE G0/1 Guest Device Guest Wireless UMBRELLA-SUB WIRELESS SSID:GUEST MANAGEMENT VLAN WDATA VLAN VOICE VLAN L-FP4451-TAMC UCS-E160S-M3 Branch Point of Sale G1/11-13 UCS-E 2/0/0 UCS-E 1/0/0 Secure Applications FP-AMP-LC UMBRELLA-SUB Host Firewall P0 WS-C PQ-S PCI VLAN G1/41 G1/48 TRUNK G0/1 G3/0/1 Corporate Computer CP-9951-C-K9 G1/1-2 G1/1-2 HSRP ISR4451-K9 ISR4451-K9 Secure Communications FP-AMP-LC UMBRELLA-SUB Host Firewall P1 P0 WS-C PQ-S G1/5 DATA VLAN VOICE VLAN G1/48 TRUNK G0/1 G3/0/1 G1/6 G1/11-13 UCS-E 2/0/0 UCS-E 1/0/0 Building Controls Secure Third Parties VENDOR VLAN L-FP4451-TAMC UCS-E160S-M3 To more APs Business Use Cases Endpoints Access Services Figure 17 Secure Medium Branch Proposed Design
25 SAFE Architecture Guide Places in the Network: Secure Branch Appendix January Large Branch Design HUMAN DEVICES NETWORK APPLICATIONS Corporate Laptop AIR-CAP3702E-A-K9 (QTY:3) Secure Web FP-AMP-LC UMBRELLA-SUB Host Firewall WIRELESS SSID:EMPLOYEE G0/1 Guest Device Guest Wireless UMBRELLA-SUB WIRELESS SSID:GUEST MANAGEMENT VLAN WDATA VLAN VOICE VLAN Branch Point of Sale G1/11-13 G3/41 E1/7 ISR4431-K9 Secure Applications FP-AMP-LC UMBRELLA-SUB Host Firewall P0 PCI VLAN WS-C4507 R+E G3/48 TRUNK E1/2 FP4110-X E1/1 TRUNK G0/1 G3/0/1 G1/5 T1/1-4 T1/5-7 E1/8 Corporate Computer CP-9951-C-K9 T1/1-4 E1/8 HSRP ISR4431-K9 Secure Communications FP-AMP-LC UMBRELLA-SUB Host Firewall P1 P0 DATA VLAN VOICE VLAN WS-C4507 R+E G3/48 TRUNK E1/2 FP4110-X E1/1 TRUNK G0/1 G3/0/1 Building Controls 3560CX-12PC-S G3/11 T1/5-7 G3/41 E1/7 TRUNK E1 AIR-CTVM-K9 Unified Communications Manager Web Security Secure Third Parties VENDOR VLAN E1/2 G1/1 E0 UCSC-C220-M4S (QTY:3) Business Use Cases Endpoints Access Collapsed Core and Distribution Services Figure 18 Secure Large Branch Proposed Design
26 SAFE Architecture Guide Places in the Network: Secure Branch Suggested Components January Suggested Components Table 2 SAFE Design Components for Secure Branch Branch Attack Surface Branch Security Suggested Cisco Components Human Users Identity Identity Services Engine(ISE) Meraki Management Devices Endpoints Client-Based Security Advanced Malware Protection (AMP) for Endpoints Cisco Umbrella AnyConnect AnyConnect Agent Posture Assessment Identity Services Engine(ISE) Meraki Mobile Device Management Network Wired Network Firewall Firepower Appliance, Adaptive Security Appliance (ASA) Integrated Services Router (ISR) Meraki MX Intrusion Prevention Firepower Appliance (ASA) Firepower Services on UCS-E Meraki MX Access Control + TrustSec Wireless Controller/Catalyst Centralized Identity Services Engine Meraki MX Wireless Network Wireless Rogue Detection Meraki Wireless Mobility Services Engines (MSE) Wireless Intrusion Prevention (WIPS) Wireless APs Wireless LAN Controller
27 SAFE Architecture Guide Places in the Network: Secure Branch Suggested Components January Table 2 SAFE Design Components for Secure Branch (continued) Branch Attack Surface Branch Security Suggested Cisco Components Network (continued) Analysis Advanced Malware Protection (AMP) for Endpoints Advanced Malware Protection (AMP) for Security Anti-Malware Advanced Malware Protection (AMP) for Networks Advanced Malware Protection (AMP) for Web Security Stealthwatch Integrated Services Router (ISR) with Stealthwatch Learning Network (SLN) AMP ThreatGrid Threat Intelligence Cisco Collective Security Intelligence Talos Security Intelligence AMP ThreatGrid Cognitive Threat Analytics (CTA) Adaptive Security Appliance Catalyst es Flow Analytics ISR with Stealthwatch Learning Network (SLN) Stealthwatch (Flow Sensor and Collectors) Wireless LAN Controller Meraki MX WAN Web Security Firepower URL Web Security Appliance Umbrella Secure Internet Gateway (SIG) Meraki MX Firepower Integrated Services Router (ISR) VPN Aggregation Services Router (ASR) Adaptive Security Appliance (ASA) Meraki MX Cloud Cloud Security Umbrella Secure Internet Gateway(SIG) Cloudlock Meraki MX Applications Service Server-based Security Advanced Malware Protection (AMP) for Endpoints Cisco Umbrella
28 For more information on SAFE, see Americas Headquarters Cisco Systems, Inc. San Jose, CA Asia Pacific Headquarters Cisco Systems (USA) Pte. Ltd. Singapore Europe Headquarters Cisco Systems International BV Amsterdam, The Netherlands Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) 2017 Cisco and/or its affiliates. All rights reserved.
SAFE Architecture Guide. Places in the Network: Secure Campus
SAFE Architecture Guide Places in the Network: Secure Campus January 2018 SAFE Architecture Guide Places in the Network: Secure Campus Contents January 2018 Contents 3 5 8 9 13 15 21 22 25 Overview Business
More informationSAFE Overview Guide. Threats, Capabilities, and the Security Reference Architecture
SAFE Overview Guide s, Capabilities, and the Reference Architecture January 2018 SAFE Overview Guide s, Capabilities, and the Reference Architecture Contents January 2018 Contents 3 4 6 11 12 13 15 20
More informationSAFE Architecture Guide. Places in the Network: Secure Data Center
SAFE Architecture Guide Places in the Network: Secure Data Center April 2018 SAFE Architecture Guide Places in the Network: Secure Data Center Contents April 2018 Contents 3 5 8 9 14 16 25 26 28 Overview
More informationSAFE Architecture Guide. Places in the Network: Secure Internet Edge
SAFE Architecture Guide Places in the Network: Secure Internet Edge January 2018 SAFE Architecture Guide Places in the Network: Secure Internet Edge Contents January 2018 2 Contents 3 5 8 9 13 15 24 25
More informationUser-to-Data-Center Access Control Using TrustSec Design Guide
CISCO VALIDATED DESIGN User-to-Data-Center Access Control Using TrustSec Design Guide October 2015 REFERENCE NETWORK ARCHITECTURE Table of Contents About This Document... 1 Cisco TrustSec Overview... 2
More informationCisco Service Control Service Security: Outgoing Spam Mitigation Solution Guide, Release 4.1.x
CISCO SERVICE CONTROL SOLUTION GUIDE Cisco Service Control Service Security: Outgoing Spam Mitigation Solution Guide, Release 4.1.x 1 Introduction and Scope 2 Functionality Overview 3 Mass-Mailing-Based
More informationCisco Self Defending Network
Cisco Self Defending Network Integrated Network Security George Chopin Security Business Development Manager, CISSP 2003, Cisco Systems, Inc. All rights reserved. 1 The Network as a Strategic Asset Corporate
More informationCisco Security Enterprise License Agreement
Cisco Security Enterprise License Agreement Deploy Software and Technology more easily The Cisco Security Enterprise Licensing Agreement (ELA) gives you a simpler way to manage your licenses. And it saves
More informationSecuring the Empowered Branch with Cisco Network Admission Control. September 2007
Securing the Empowered Branch with Cisco Network Admission Control September 2007 Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. 1 Contents 1 The Cisco Empowered Branch 2 Security Considerations
More informationCisco Smart Business Communications Systems. Cisco Small Business Unified Communications 300 Series
Cisco Smart Business Communications Systems Cisco Small Business Unified Communications 300 Series Easy, Affordable Unified Communications for Your Business. Small businesses face new challenges and competitive
More informationCisco Cloud Security. How to Protect Business to Support Digital Transformation
Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,
More informationHow to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption
How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist April 2018 New
More informationCisco Stealthwatch Endpoint License
Data Sheet Cisco Stealthwatch Endpoint License With the Cisco Stealthwatch Endpoint License you can conduct in-depth, context-rich investigations into endpoints that exhibit suspicious behavior. In our
More informationHow to Get Started with Cisco SBA
How to Get Started with Cisco SBA Cisco Smart Business Architecture (SBA) helps you design and quickly deploy a full-service business network. A Cisco SBA deployment is prescriptive, out-ofthe-box, scalable,
More informationAddressing PCI DSS 3.2
Organizational Challenges Securing the evergrowing landscape of devices while keeping pace with regulations Enforcing appropriate access for compliant and non-compliant endpoints Requiring tools that provide
More informationVendor: Cisco. Exam Code: Exam Name: Cisco Sales Expert. Version: Demo
Vendor: Cisco Exam Code: 646-206 Exam Name: Cisco Sales Expert Version: Demo QUESTION 1 What are three current business factors that are influencing customer decisions in making technology investments?
More informationBorderless Networks. Tom Schepers, Director Systems Engineering
Borderless Networks Tom Schepers, Director Systems Engineering Agenda Introducing Enterprise Network Architecture Unified Access Cloud Intelligent Network & Unified Services Enterprise Networks in Action
More informationHow to Get Started with Cisco SBA
How to Get Started with Cisco SBA Cisco Smart Business Architecture (SBA) helps you design and quickly deploy a full-service business network. A Cisco SBA deployment is prescriptive, out-ofthe-box, scalable,
More informationWireless and Network Security Integration Solution Overview
Wireless and Network Security Integration Solution Overview Solution Overview Introduction Enterprise businesses are being transformed to meet the evolving challenges of today's global business economy.
More informationThe Internet of Everything is changing Everything
The Internet of Everything is changing Everything Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763 Global Security Sales Organization Changing Business Models Any Device
More informationCisco ASA 5500-X NGFW
Cisco ASA 5500-X NGFW Sieťová ochrana pre malé a stredné podniky pred modernými hrozbami Peter Mesjar CCIE 17428, Systémový Inžinier, Cisco What are we going to talk about Problem is THREATS How today
More informationComplying with RBI Guidelines for Wi-Fi Vulnerabilities
A Whitepaper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Mountain View, CA 94043 www.airtightnetworks.com 2013 AirTight Networks, Inc. All rights reserved. Reserve Bank of India (RBI) guidelines
More informationCisco Ransomware Defense The Ransomware Threat Is Real
Cisco Ransomware Defense The Ransomware Threat Is Real Seguridad Integrada Abril 2018 Ransomware B Malicious Software Encrypts Critical Data Demands Payment Permanent Data Loss Business Impacts Ramifications
More informationAby se z toho bezpečnostní správci nezbláznili Cisco security integrace. Milan Habrcetl Cisco CyberSecurity Specialist Mikulov, 5. 9.
Aby se z toho bezpečnostní správci nezbláznili aneb Cisco security integrace Aby se z toho bezpečnostní správci nezbláznili Cisco security integrace Milan Habrcetl Cisco CyberSecurity Specialist Mikulov,
More informationCisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer
Cisco Next Generation Firewall and IPS Dragan Novakovic Security Consulting Systems Engineer Cisco ASA with Firepower services Cisco TALOS - Collective Security Intelligence Enabled Clustering & High Availability
More informationSecurity Assessment Checklist
Security Assessment Checklist Westcon Security Checklist - Instructions The first step to protecting your business includes a careful and complete assessment of your security posture. Our Security Assessment
More informationEncrypted Traffic Analytics
Encrypted Traffic Analytics Introduction The rapid rise in encrypted traffic is changing the threat landscape. As more businesses become digital, a significant number of services and applications are using
More informationCisco ASA 5500 Series IPS Solution
Cisco ASA 5500 Series IPS Product Overview As mobile devices and Web 2.0 applications proliferate, it becomes harder to secure corporate perimeters. Traditional firewall and intrusion prevention system
More informationSAFE Design Guide. Places in the Network: Secure Data Center. April 2018 First Look Guide
Places in the Network: Secure Data Center April 2018 First Look Guide 2 Secure Data Center Design Guide Contents April 2018 Contents 3 7 11 19 27 30 31 33 Introduction Data Center Business Flows 5 Data
More informationCisco Software-Defined Access
F Cisco Software-Defined ccess What is Cisco Software-Defined ccess? Cisco Software-Defined ccess (SD-ccess) is a central part of the Cisco Digital Network rchitecture (Cisco DN ) solution and represents
More informationPrestigious hospital. Outdated network.
Prestigious hospital. Outdated network. What happens when a cuttingedge medical center suffers from outdated network security? It s possible to lead the world in an industry medicine in this case and to
More informationA Unified Threat Defense: The Need for Security Convergence
A Unified Threat Defense: The Need for Security Convergence Udom Limmeechokchai, Senior system Engineer Cisco Systems November, 2005 1 Agenda Evolving Network Security Challenges META Group White Paper
More informationMAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER
MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric
More informationCisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics
Solution Overview Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics BENEFITS Gain visibility across all network conversations, including east-west and north-south
More informationCisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017
Cisco Security Advanced Malware Protection Guillermo González Security Systems Engineer Octubre 2017 The New Security Model Attack Continuum Before During After Before Discover During Detect After Scope
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationNETWORK THREATS DEMAN
SELF-DEFENDING NETWORK NETWORK THREATS DEMAN NEW SECURITY: STRATEGIES TECHNOLOGIES Self-Propagating Threats A combination of: self propagating threats Collaborative applications Interconnected environments
More informationDeploying Cisco SD-WAN on AWS
How to Guide Deploying Cisco SD-WAN on AWS Introduction: Why use an SD-WAN solution for the cloud? Organizations leveraging branch office locations, IoT devices, and distributed network devices face a
More informationCisco PCI Solution for Retail 2.0: Simplifying Compliance
Cisco PCI Solution for Retail 2.0: Simplifying Compliance Executive Summary The Payment Card Industry Data Security Standard (PCI DSS) Version 2.0 has been released, providing clarification and reinforcing
More informationWater Provider Relocates, Modernizes Data Center
: mission-critical services and Cisco engaged to lead data of 260 servers and 60 community of employees and partners. The most vital are those associated service. It was important for us to maintain the
More informationLogistics Company Improves IT Uptime and Management
We look beyond IT CASE STUDY Logistics Company Improves IT Uptime and Management Logistics Company Improves IT Uptime and Management Customer Case Study FlexPod technology gives Suttons Group confidence
More informationCisco Security Exposed Through the Cyber Kill Chain
Cisco Forschung & Lehre Forum für Mecklenburg Vorpommern Cisco Security Exposed Through the Cyber Kill Chain Rene Straube CSE, Cisco Advanced Threat Solutions January, 2017 The Cisco Security Model BEFORE
More informationATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK INTRODUCTION Attivo Networks has partnered with Cisco Systems to provide advanced real-time inside-the-network
More informationSolution Architecture
2 CHAPTER Introduction The purpose of the Secure Wireless is to provide common security services across the network for wireless and wired users and enable collaboration between wireless and network security
More informationCisco Cloud Services Router 1000V and Amazon Web Services CASE STUDY
Cisco Cloud Services Router 1000V and Amazon Web Services CASE STUDY CASE STUDY ADOBE 2 About Adobe Adobe Systems provides digital media and marketing solutions to customers around the world including
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationCisco Exam Questions & Answers
Cisco 648-385 Exam Questions & Answers Number: 648-385 Passing Score: 800 Time Limit: 120 min File Version: 34.4 http://www.gratisexam.com/ Cisco 648-385 Exam Questions & Answers Exam Name: CXFF - Cisco
More informationPhysical Environmental Specifications Guide. February 2012 Series
Physical Environmental Specifications Guide Preface Who Should Read This Guide This Cisco Smart Business Architecture (SBA) guide is for people who fill a variety of roles: Systems engineers who need standard
More informationQ&As. Advanced Borderless Network Architecture Sales Exam. Pass Cisco Exam with 100% Guarantee
700-301 Q&As Advanced Borderless Network Architecture Sales Exam Pass Cisco 700-301 Exam with 100% Guarantee Free Download Real Questions & Answers PDF and VCE file from: 100% Passing Guarantee 100% Money
More informationSecure Network Access for Personal Mobile Devices
White Paper Secure Network Access for Personal Mobile Devices What You Will Learn People around the globe are enamored with their smartphones and tablet computers, and they feel strongly that they should
More informationSimple and Powerful Security for PCI DSS
Simple and Powerful Security for PCI DSS The regulations AccessEnforcer helps check off your list. Most merchants think they are too small to be targeted by hackers. In fact, their small size makes them
More informationCisco Network Admission Control (NAC) Solution
Data Sheet Cisco Network Admission Control (NAC) Solution New: Updated to include the Cisco Secure Network Server (SNS) Cisco Network Admission Control (NAC) solutions allow you to authenticate wired,
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years
More informationThe Top 6 WAF Essentials to Achieve Application Security Efficacy
The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and
More informationExam Code: Exam Code: Exam Name: Advanced Borderless Network Architecture Systems Engineer test.
Exam Code: 700-303 Number: 700-303 Passing Score: 800 Time Limit: 120 min File Version: 41.2 http://www.gratisexam.com/ Exam Code: 700-303 Exam Name: Advanced Borderless Network Architecture Systems Engineer
More informationFuture-ready security for small and mid-size enterprises
First line of defense for your network Quick Heal Terminator (UTM) (Unified Threat Management Solution) Data Sheet Future-ready security for small and mid-size enterprises Quick Heal Terminator is a high-performance,
More informationFirewalls for Secure Unified Communications
Firewalls for Secure Unified Communications Positioning Guide 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 12 Firewall protection for call control
More informationDEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise
DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS Security Without Compromise CONTENTS INTRODUCTION 1 SECTION 1: STRETCHING BEYOND STATIC SECURITY 2 SECTION 2: NEW DEFENSES FOR CLOUD ENVIRONMENTS 5 SECTION
More informationHow Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity
How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity Why is the NIST framework important? GOH Seow Hiong Executive Director, Global Policy & Government Affairs, Asia Pacific
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationSolution Implementation
4 CHAPTER Solution Implementation Overview Cisco customers have asked Cisco to provide insight on how Cisco products can be used to address their HIPAA compliance requirements. To fully accomplish this
More informationCisco Solution Support
Service Definition Cisco Solution Support Cisco Security Solutions Service Definition November 2017 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page
More informationData Sheet Instant Connect Mobile Client When your business is on the line, Instant Connect is here for your most critical communications needs. Welco
Data Sheet Instant Connect Mobile Client When your business is on the line, Instant Connect is here for your most critical communications needs. Welcome to the world s first and only secure communications
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationPassit4Sure (50Q) Cisco Advanced Security Architecture for System Engineers
Passit4Sure.500-265 (50Q) Number: 500-265 Passing Score: 800 Time Limit: 120 min File Version: 5.8 Cisco 500-265 Advanced Security Architecture for System Engineers Today is big day for me as I passed
More informationSECURITY PLATFORM FOR HEALTHCARE PROVIDERS
SECURITY PLATFORM FOR HEALTHCARE PROVIDERS Hundreds of hospitals, clinics and healthcare networks across the globe prevent successful cyberattacks with our Next-Generation Security Platform. Palo Alto
More informationCato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN
Cato Cloud Software-defined and Cloud-based Secure Enterprise Network Solution Brief NETWORK + SECURITY IS SIMPLE AGAIN Legacy WAN and Security Appliances are Incompatible with the Modern Enterprise The
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationNetwork Visibility and Segmentation
Network Visibility and Segmentation 2019 Cisco and/ or its affiliates. All rights reserved. Contents Network Segmentation A Services Approach 3 The Process of Segmentation 3 Segmentation Solution Components
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationCisco Exam Questions & Answers
Cisco 648-375 Exam Questions & Answers Number: 648-375 Passing Score: 800 Time Limit: 120 min File Version: 22.1 http://www.gratisexam.com/ Cisco 648-375 Exam Questions & Answers Exam Name: Cisco Express
More informationCisco Collaborative Knowledge
Cisco Collaborative Knowledge Product Overview. Your workforce needs knowledge, speed and flexibility to solve real-world business challenges in today s fast moving digital economy. Cisco Collaborative
More informationService. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution
Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being
More informationThe Cisco HyperFlex Dynamic Data Fabric Advantage
Solution Brief May 2017 The Benefits of Co-Engineering the Data Platform with the Network Highlights Cisco HyperFlex Dynamic Data Fabric Simplicity with less cabling and no decisions to make The quality
More informationCisco Solution Support
Service Definition Cisco Solution Support Security Solutions Service Definition October 2018 2015 Cisco and/or its affiliates. All rights reserv ed. This document is Cisco Public Information. Page 1 of
More informationAKAMAI CLOUD SECURITY SOLUTIONS
AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your
More informationSolution Architecture
3 CHAPTER Solution Architecture The Cisco PCI solution is a set of architectures, strategic principles, and tactical designs that details a holistic approach to addressing the requirements of PCI DSS 2.0.
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationCato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief
Cato Cloud Software-defined and cloud-based secure enterprise network Solution Brief Legacy WAN and Security Appliances are Incompatible with the Modern Enterprise Cato Networks: Software-defined and Cloud-based
More informationChapter 11: Networks
Chapter 11: Networks Devices in a Small Network Small Network A small network can comprise a few users, one router, one switch. A Typical Small Network Topology looks like this: Device Selection Factors
More informationSoftware-Defined Secure Networks in Action
Software-Defined Secure Networks in Action Enabling automated threat remediation without impacting business continuity Challenge Businesses need to continuously evolve to fight the increasingly sophisticated
More informationThe Honest Advantage
The Honest Advantage READY TO CHALLENGE THE STATUS QUO GSA Security Policy and PCI Guidelines The GreenStar Alliance 2017 2017 GreenStar Alliance All Rights Reserved Table of Contents Table of Contents
More informationby Cisco Intercloud Fabric and the Cisco
Expand Your Data Search and Analysis Capability Across a Hybrid Cloud Solution Brief June 2015 Highlights Extend Your Data Center and Cloud Build a hybrid cloud from your IT resources and public and providerhosted
More informationSymantec Client Security. Integrated protection for network and remote clients.
Symantec Client Security Integrated protection for network and remote clients. Complex Internet threats require comprehensive security. Today's complex threats require comprehensive security solutions
More informationChapter 5. Security Components and Considerations.
Chapter 5. Security Components and Considerations. Technology Brief Virtualization and Cloud Security Virtualization concept is taking major portion in current Data Center environments in order to reduce
More informationExam : Title : Security Solutions for Systems Engineers(SSSE) Version : Demo
Exam : 642-565 Title : Security Solutions for Systems Engineers(SSSE) Version : Demo 1. SomeCompany, Ltd. wants to implement the the PCI Data Security Standard to protect sensitive cardholder information.
More informationReaping the Full Benefits of a Hybrid Network
Singtel Business Product Factsheet Managed Hybrid Network Reaping the Full Benefits of a Hybrid Network Singtel Managed Hybrid Network is an innovative offering that extends the enterprise s network coverage
More informationCISCO EXAM QUESTIONS & ANSWERS
CISCO 700-505 EXAM QUESTIONS & ANSWERS Number: 700-505 Passing Score: 800 Time Limit: 120 min File Version: 18.5 http://www.gratisexam.com/ CISCO 700-505 EXAM QUESTIONS & ANSWERS Exam Name: SMB Specialization
More informationForeScout ControlFabric TM Architecture
ForeScout ControlFabric TM Architecture IMPROVE MULTI-VENDOR SOLUTION EFFECTIVENESS, RESPONSE AND WORKFLOW AUTOMATION THROUGH COLLABORATION WITH INDUSTRY-LEADING TECHNOLOGY PARTNERS. The Challenge 50%
More informationSolution Architecture
3 CHAPTER Solution Architecture The Cisco PCI Solution for Retail 2.0 is a set of architectures, strategic principles, and tactical designs that details a holistic approach to addressing the requirements
More informationOffice 365 Buyers Guide: Best Practices for Securing Office 365
Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.
More informationEasy Setup Guide. Cisco ASA with Firepower Services. You can easily set up your ASA in this step-by-step guide.
Cisco ASA with Firepower Services Easy Setup Guide You can easily set up your ASA in this step-by-step guide. Connecting PC to ASA Installing ASDM 3 Configuring ASA 4 Using Umbrella DNS Connecting PC to
More informationAn Investment Checklist
Next-Generation Addressing Advanced Firewalls: Web Threats Next-Generation Firewalls: What You Will Learn When you buy a next-generation firewall (NGFW), you want to determine whether the solution can
More informationCisco Cloud Web Security
Cisco Cloud Web Security WSA ment Guide Internal Use Only 1 October 2014 Cisco CWS WSA/WSAv ment Guide Contents Introduction... 1 Cloud ment... 1 Additional Redirect Methods... 1... 2 Verify connection
More informationConfiguring a Zone-Based Firewall on the Cisco ISA500 Security Appliance
Application Note Configuring a Zone-Based Firewall on the Cisco ISA500 Security Appliance This application note describes how to configure a zone-based firewall on the Cisco ISA500 security appliance.
More informationHow to build a multi-layer Security Architecture to detect and remediate threats in real time
How to build a multi-layer Security Architecture to detect and remediate threats in real time Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist March 2018 Agenda Cisco Strategy Umbrella
More informationCND Exam Blueprint v2.0
EC-Council C ND Certified Network Defende r CND Exam Blueprint v2.0 CND Exam Blueprint v2.0 1 Domains Objectives Weightage Number of Questions 1. Computer Network and Defense Fundamentals Understanding
More informationLogical Network Design (Part II)
Logical Network Design (Part II) DCS COMSATS Institute of Information Technology Rab Nawaz Jadoon Assistant Professor COMSATS IIT, Abbottabad Pakistan Telecommunication Network Design (TND) Possible (Part
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect June 2016
Cisco Cyber Range Paul Qiu Senior Solutions Architect June 2016 What I hear, I forget What I see, I remember What I do, I understand ~ Confucius Agenda Agenda Cyber Range Highlights Cyber Range Overview
More information