SAFE Architecture Guide. Places in the Network: Secure Campus
|
|
- Joseph Woods
- 6 years ago
- Views:
Transcription
1 SAFE Architecture Guide Places in the Network: Secure Campus January 2018
2 SAFE Architecture Guide Places in the Network: Secure Campus Contents January 2018 Contents Overview Business Flows Threats Capabilities Architecture Secure Campus 14 Attack Surface Human 15 Devices 16 Access Layer 17 Distribution Layer 18 Core Layer 19 Services Layer 20 Summary Appendix A Proposed Design 22 Suggested Components
3 SAFE Architecture Guide Places in the Network: Secure Campus Overview January Overview The Secure Campus is a place in the network (PIN), a cluster of buildings, where a company does business. This guide addresses campus business flows across all industries and the security used to defend them. Campus examples are company headquarters, or any group of buildings that requires network services. More complex than branches due to physical and logical scale, they support network access for employees, third parties, and customers across multiple buildings and floors. approach in which Secure PINs model the physical infrastructure and Secure Domains represent the operational aspects of a network. The Secure Campus architecture guide provides: Business flows typical for campus locations Campus threats and security capabilities Business flow security architecture Design examples and a parts list The Secure Campus is one of the six places in the network within SAFE. SAFE is a holistic Compliance Segmentation Intelligence Threat Defense Management Secure Services Places in the Network (PINs) Domains Figure 1 The Key to SAFE. SAFE provides the Key to simplify cybersecurity into Secure Places in the Network (PINs) for infrastructure and Secure Domains for operational guidance.
4 SAFE Architecture Guide Places in the Network: Secure Campus Overview January SAFE simplifies security by starting with business flows, then addressing their respective threats with corresponding security capabilities, architectures, and designs. SAFE provides guidance that is holistic and understandable. T H E K E Y T O S A F E Design Guides Architecture Guides Operations Guides Design Guides Secure Data Center Capability Guide Secure Services Secure Cloud SAFE Overview Threat Defense Secure WAN Segmentation Secure Internet Edge Secure Branch YOU ARE HERE Intelligence Compliance Secure Campus Management PLACES IN THE NETWORK SECURE DOMAINS Figure 2 SAFE Guidance Hierarchy
5 SAFE Architecture Guide Places in the Network: Secure Campus Business Flows January Business Flows The Secure Campus is where physical presence is important for internal employees, third-party partners, and customers over multiple physical buildings. Internally, employees use devices (PCs, laptops, phones, tablets, and other tools) that require access to campus-critical applications, collaboration services (voice, video, ) and the Internet. Third parties, such as service providers and partners, require remote access to applications and devices. Customers at the campus use guest Internet access on their phones or tablets. CEO sending to shareholder Employee researching product information Customer Third Party Internal Subject matter expert consultation Connected device with remote vendor support Guest accessing the Internet to watch hosted video Figure 3 Campus business use cases are color coded to define where they flow.
6 SAFE Architecture Guide Places in the Network: Secure Campus Business Flows January Functional Controls Functional controls are common security considerations that are derived from the technical aspects of the business flows. Secure Applications Secure Access Secure Remote Access Secure Communications Secure Web Access Applications require sufficient security controls for protection. Employees, third parties, customers, and devices securely accessing the network. Secure remote access for employees and third-party partners that are external to the company network. , voice, and video communications connect to potential threats outside of company control and must be secured. Web access controls enforce usage policy and help prevent network infection. Secure communications for CEO sending to shareholder Secure web access for employees: Employee researching product information Customer Third Party Internal Secure communications for collaboration: Subject matter expert consultation Secure remote access for third party: Connected device with remote vendor support Secure web access for guests: Guest accessing the Internet to watch hosted video Figure 4 Campus business flows map to functional controls based on the types of risk they present.
7 SAFE Architecture Guide Places in the Network: Secure Campus Business Flows January Capability Groups Campus security is simplified using foundational, access and business capability groups. Each flow requires access and foundational groups. Additional business activity risks require appropriate controls as shown in figure 5 which often reside outside the campus (Non-Campus Capabilities). For more information regarding capability groups, refer to the SAFE overview guide. Campus Capabilities Non-Campus Capabilities CEO sending to shareholders Secure communications for CEO sending to shareholder Shareholder Client-Based Identity Posture Assessment Firewall Intrusion Prevention Flow Analytics Threat Intelligence Anti- Malware TrustSec AVC Host-Based Customer Third Party Internal Employee Expert Thermostat Guest Client-Based Client-Based DNS Wireless Connection Identity Identity Identity Wireless Intrusion Prevention Posture Assessment Posture Assessment Wireless Rogue Detection Secure web access for employees: Employee researching product information Firewall Firewall Firewall Firewall Intrusion Prevention Intrusion Prevention Intrusion Prevention Intrusion Prevention Flow Analytics Flow Analytics Flow Analytics Flow Analytics Threat Intelligence Threat Intelligence Threat Intelligence Threat Intelligence Anti- Malware Anti- Malware Anti- Malware Anti- Malware TrustSec Secure communications for collaboration: Subject matter expert consultation TrustSec Secure remote access for third party: Connected device with remote vendor support TrustSec Secure web access for guests: Guest accessing the Internet to watch hosted video TrustSec AVC VPN Web Posture Assessment Client-Based Identity Website Colleague Remote Technician Website ACCESS FOUNDATIONAL BUSINESS Figure 5 The Secure Campus Business Flow Capability Diagram Secure Campus threats and capabilities are defined in the following sections.
8 SAFE Architecture Guide Places in the Network: Secure Campus Threats January Threats Campuses have many employees, partner and guest users who use , browse the web, collaborate. With a combination of wired and wireless access, the attack surface extends beyond the building. The campus has six primary threats: Phishing Phishing is social engineering to trick people into clicking on a malicious link or opening an infected attachment of an . Messages looks as if they are from a legitimate organization, usually a financial institution, but contains a link to a fake website that replicates the real one Unauthorized network access The act of gaining access to a network, system, application or other resource without permission. The attacker could cause damage in many ways, perhaps by accessing sensitive files from a host, by planting a virus, or by hindering network performance by flooding your network with illegitimate packets. Malware propagation Devices present in the campus are a big source of contamination. Devices of employees, partners or customers can be infected from multiple sources such as web use, use, or lateral infection from other devices on the network. Devices accepting credit cards and the Internet of Things are common attack points. Web-based exploits Malvertizing and compromised sites hosting exploit kits to take over employee devices using browser vulnerabilities. BYOD - Larger attack surface Mobile devices can roam networks increasing chances of compromise, and the spread of infection. The large variety of mobile devices makes security policies and posture checking almost impossible when no device standardization exists. Limited on-device security capabilities (e.g., firewall, antimalware, browser sand-boxing) Botnet infestation Botnets are networks made up of remotecontrolled computers, or bots. These computers have been infected with an advanced form of malware which allows the devices to be remotely controlled. The controller of a botnet is able to direct the activities of these compromised computers to perform other attacks, steal data, or send spam. The defense is explained throughout the rest of the document
9 SAFE Architecture Guide Places in the Network: Secure Campus Capabilities January Capabilities The attack surface of the campus is defined by the business flow, which includes the people and the technology present. The security capabilities that are needed to respond to the threats are mapped in Figure 6. The campus security capabilities are listed in table 1. The placement of these capabilities are discussed in the architecture section. HUMAN DEVICES NETWORK APPLICATIONS Attack Surface Users Devices Wired Wireless Analysis WAN Cloud Employees, Third Parties, Customers, and Administrators Client Voice Network Wireless Connection Public WAN Public/Hybrid Cloud Applications Application Video Identity Client-Based Firewall Wireless Rogue Anti-Malware Detection Virtual Private Network (VPN) Cloud Server-Based Posture Assessment Intrusion Prevention Wireless Intrusion Prevention System Threat Intelligence TrustSec Flow Analytics Figure 6 Secure Campus Attack Surface and Capabilities
10 SAFE Architecture Guide Places in the Network: Secure Campus Capabilities January Table 1 Secure Campus Attack Surface, Capability, and Threat Mapping Campus Attack Surface Human Capability Threat Users: Employees, third parties, customers, and administrators. Identity: Identity-based access. Attackers accessing restricted information resources. Devices Capability Threat Client-based : software for devices with the following capabilities: Anti-Malware Malware compromising systems. Clients: Devices such as PCs, laptops, smartphones, tablets. Anti-Virus Cloud Viruses compromising systems. Redirection of user to malicious website. Personal Firewall Unauthorized access and malformed packets connecting to client. Posture Assessment: Client endpoint compliance verification and authorization. Compromised devices connecting to infrastructure. Voice: Phone. N/A: Covered in Secure Services domain. Attackers accessing private information. Video: Displays, collaboration. N/A: Covered in Secure Services domain. Attackers accessing private information.
11 SAFE Architecture Guide Places in the Network: Secure Campus Capabilities January Network Capability Threat Wired Network: Physical network infrastructure; routers, switches, used to connect access, distribution, core, and services layers together. Firewall: Stateful filtering and protocol inspection between campus layers and the outside Internet, and service provider connections to the data center. Intrusion Prevention: Blocking of attacks by signatures and anomaly analysis. Unauthorized access and malformed packets between and within the campus. Attacks using worms, viruses, or other techniques. TrustSec: Policy-based segmentation. Unauthorized access and malicious traffic between campus layers. Wireless Network: Branches vary from having robust local wireless controller security services to a central, cost-efficient model. Wireless Rogue Detection: Detection and containment of malicious wireless devices that are not controlled by the company. Wireless Intrusion Prevention (WIPS): Blocking of wireless attacks by signatures and anomaly analysis. Unauthorized access and disruption of wireless network. Attacks on the infrastructure via wireless technology. Analysis: Analysis of network traffic within the campus. Anti-Malware: Identify, block, and analyze malicious files and transmissions. Threat Intelligence: Contextual knowledge of existing and emerging hazards. Malware distribution across networks or between servers and devices. Zero-day malware and attacks. Flow Analytics: Network traffic metadata identifying security incidents. Traffic, telemetry, and data exfiltration from successful attacks. WAN: Public and untrusted Wide Area Networks that connect to the company, such as the Internet. Web : Web, DNS, and IP-layer security and control for the branch. Virtual Private Network (VPN): Encrypted communication tunnels. Attacks from malware, viruses, and redirection to malicious URLs. Exposed services and data theft of remote workers and third parties.
12 SAFE Architecture Guide Places in the Network: Secure Campus Capabilities January Cloud Cloud : Web, DNS, and IP-layer security and control in the cloud for the campus. Attacks from malware, viruses, and redirection to malicious URLs. DNS Redirection of user to malicious website. Cloud-based Firewall Unauthorized access and malformed packets connecting to services. Software-Defined Perimeter (SDP/SD-WAN): Easily collecting information and identities. Web : Internet access integrity and protections. Infiltration and exfiltration via HTTP. Web Reputation/ Filtering: Tracking against URL-based threats. Attacks directing to a malicious URL. Cloud Access Broker (CASB) Unauthorized access and Data loss. Applications Capability Threat Server-based : software for servers with the following capabilities: Anti-Malware: Identify, block, and analyze malicious files and transmissions. Malware distribution across servers. Applications Anti-Virus Viruses compromising systems. Cloud Redirection of session to malicious website. Host-based Firewall Unauthorized access and malformed packets connecting to server. Management Capability These security capabilities are required across all PINs: Identity/authorization Policy/configuration Analysis/correlation Monitoring Vulnerability management Logging/reporting Time synchronization/ntp Get details on these management security capabilities in the SAFE Management Architecture Guide.
13 CEO sending to Shareholders Guest browsing Employee browsing Subject Matter Expert Building Controls HUMAN DEVICES NETWORK APPLICATIONS Branch Manager browsing information Customer browsing prices Clerk processing credit card Subject Matter Expert Building Controls Corporate Device Wireless Guest Corporate Device Employee Phone Environmental Controls Corporate Device Wireless Guest Corporate Device Employee Phone Environmental Controls Wireless Access Point Wireless Access Point Access Distribution Wireless Controller Firepower Appliance BUILDING BLOCK Wireless Controller HUMAN DEVICES NETWORK APPLICATIONS Server Core CORE BLOCK Router Web Firepower Appliance Blade Server Communications Manager SERVICES Anti-Malware Threat Intelligence Web Reputation/ Filtering/DCS Anomaly Detection Application Visibility Control (AVC) Router vrouter v Comparative Shopping Website vfirepower Appliance vfirepower Appliance vradware Appliance v Secure Server vfirepower Appliance vfirepower Appliance Product Information Website Customer making purchase NETWORK vradware Appliance REMOTE USERS Technician submitting task Third-party Technician accessing logs NETWORK v v v Shareholder receiving from CEO Router Firepower Appliance Storage Server Secure Server Secure Server Wholesaler Website APPLICATIONS Database Zone Payment Application Workflow Application Hosted E-Commerce SERVICES Identity Authorization DNS Distributed Denial of Service Protection Web Router Wireless Controller Communications Manager Secure Server FMC RA VPN Firepower Appliance Distribution Firepower Appliance Firepower Appliance Firepower Appliance Firepower Appliance Nexus NETWORK NETWORK Wireless Controller DMVPN Adaptive Appliance Nexus Nexus Adaptive Appliance Radware Appliance Radware Appliance Radware Appliance Payment Secure Server Application Nexus Fabric Nexus Fabric Nexus Fabric SERVERS Hyperflex Server Blade Server Secure Server Secure Server APPLICATIONS Database Payment Application Workflow Application Communication Services SAFE Architecture Guide Places in the Network: Secure Campus Architecture January Architecture SAFE underscores the challenges of securing the business. It enhances traditional network diagrams to include a security-centric view of the company business. The Secure Campus architecture is a logical grouping of security and network technology that supports campus business use cases. It follows a classic access/distribution/core architecture, scaling as needed by increasing distribution blocks as floors or buildings are added. SAFE business flow security architecture depicts a security focus. Traditional design diagrams that depict cabling, redundancy, interface addressing, and specificity are depicted in SAFE design diagrams. Note that a SAFE logical architecture can have many different physical designs. Cloud Branch Services Business Use Cases Edge Perimeter Services Untrusted Trusted Enterprise DMZ VPN Business Use Cases Endpoints Access Services Internet Campus Business Endpoints Access Use Cases Distribution Core Services Services Services Core Distribution Access Endpoints Business Use Cases Data Center WAN Figure 7 SAFE Model. The SAFE Model simplifies complexity across a business by using Places in the Network (PINs) that it must secure.
14 SAFE Architecture Guide Places in the Network: Secure Campus Architecture January Secure Campus The Secure Campus architecture has the following characteristics: Location size consists of multiple buildings/ floors that may have multiple business flows Many varied devices requiring network connectivity Devices (sensors, thermostats, printers, etc.) Separate appliances for services for redundancy and maximum uptime Wireless connectivity Local application services (also in data center or cloud) Campus Architecture HUMAN ATTACK SURFACE DEVICES ATTACK SURFACE NETWORK ATTACK SURFACE APPLICATIONS ATTACK SURFACE Secure CEO sending to Shareholders Corporate Device Web Shareholder receiving from CEO Guest browsing Wireless Guest Wireless Access Point Wireless Controller Comparative Shopping Website Secure Web Wholesaler Website Employee browsing Corporate Device Distribution Core Firepower Appliance Router Remote Colleague Secure Communications Subject Matter Expert Employee Phone Firepower Appliance Third-party Technician accessing logs Secure Third Parties Building Controls Environmental Controls Blade Server Communications Manager Business Use Cases Endpoints Access Distribution Core Services BUILDING BLOCK CORE BLOCK Figure 8 Secure Campus. The Secure Campus business flows and security capabilities are arranged into a logical architecture. The colored business use cases flow through the green architecture icons with the required blue security capabilities.
15 SAFE Architecture Guide Places in the Network: Secure Campus Attack Surface January Attack Surface The Secure Campus attack surface consists of Humans, Devices, Network, and Applications. The sections below discuss the security capability that defends the threats associated with that part of the surface. Note that the capability might be a service that is supplied from another PIN. For example, the Identity service is prompted to a human, on a user s device, enforced at the switch, and served from the Data Center. However, for the sake of simplifying, Identity is depicted logically where the risk exists of supplying credentials: the human. Human Typically, humans in the campus are employees, partners, or customers. No amount of technology can prevent successful attacks if the humans in the company, both internal and partner users, are not trained to keep security in mind. One of the biggest problems is that humans are prone to compromise by various types of social exploits such as phishing. Primary Capability Identity training and metrics of adoption are Secure critical elements to reducing the risk of this attack surface. CEO sending to Shareholders Corporate Device Administrators have more authority than normal users and the systems they have access to. Additional controls should be used like two-factor authentication, limited access to job function, and logging of their changes. Secure Web Guest browsing Wireless Guest It is not the purpose of this guide to advise Employee browsing Corporate Device on the specifics. Appropriate identity services defined by policy must be supplied with associated, approved clients and devices. Secure Communications Subject Matter Expert Employee Phone Secure Third Parties Building Controls Environmental Controls Figure 9 Business Use Cases Business Use Cases Endpoints
16 SAFE Architecture Guide Places in the Network: Secure Campus Attack Surface January Devices Malware propagation, Botnet infestation and a large attack surface are campus threats targeting devices. Perimeter defenses are no longer (if ever) sufficient. CEO sending to Shareholders Corporate Device Devices are part of the security reference architecture. A secure company uses the network and the devices connecting to it as baselines for comparison. If you are not using Guest browsing Wireless Guest Wireless Access Point the network as a sensor, you are not secure. This visibility allows for effective containment through intelligent architectural design. It is equally important to ensure that clients Employee browsing Corporate Device (PCs, tablets, phones, and other devices) are participating in security and that malicious devices are quarantined. Subject Matter Expert Employee Phone Primary Capability Client-based Building Controls Environmental Controls Client-Based Business Use Cases Endpoints Access Figure 10 Campus Devices Anti-Virus Anti-Malware Cloud Personal Firewall
17 SAFE Architecture Guide Places in the Network: Secure Campus Attack Surface January Access Layer Unauthorized network access is the primary threat addressable by the access layer. Primary Capability The access/distribution/core is classic network hierarchy. The access layer is where users and devices connect to the company network. This layer connects to the distribution or core layer. Its hierarchical organization simplifies network troubleshooting and segments traffic for security. It is the first line of defense within the Secure Campus architecture. The network as a sensor utilizes flow analytics to capture anomalies and provide visibility to attacks. Its purpose is to identify the users, to assess compliance to policy of devices seeking access to the network, and to respond appropriately. Violations of posture, identity, or anomalous behavior can be enforced. Identity Posture Assessment Wireless Rogue Detection Flow Analytics TrustSec Corporate Device Web Wireless Guest Wireless Access Point Wireless Controller Corporate Device Distribution Co Firepower Appliance Router Employee Phone Firepower Appliance Environmental Controls Blade Server Communications Manager Endpoints Access Distribution C Services Figure 11 Access Layer
18 SAFE Architecture Guide Places in the Network: Secure Campus Attack Surface January Distribution Layer Wireless Access Point Wireless Controller Distribution Core Firepower Appliance Access Distribution Core Figure 12 Distribution Layer Distribution layers segregate the access layer from the services layer. These layers provide a distribution method of services that discretely separates business-based traffic into flows, and allows scale as employees are moved, added, or changed. Primary Capability Identity Flow Analytics Posture Assessment TrustSec
19 SAFE Architecture Guide Places in the Network: Secure Campus Attack Surface January Core Layer The core layer provides scale to the distribution blocks and connects them to the foundational security capabilities in the services layer. Primary Capability Flow Analytics TrustSec Web Wireless Controller Distribution Core Firepower Appliance Router Firepower Appliance Blade Server Communications Manager Distribution Core Services Figure 13 Core Layer
20 SAFE Architecture Guide Places in the Network: Secure Campus Attack Surface January Services Layer Web-based exploits are threat vectors that large campus populations need protection from. The services layer connects the Secure Campus to the data center via service providers. It connects the access and distribution layers inside the campus to the security and inspection capabilities that secure the separate business flows coming into and out of the campus. Depending on the size of the campus, some security controls are brought into the campus as appliances rather than being served centrally as a service. See the Appendix for proposed options. Primary Capability Foundational Services Firewall IPS Threat Intelligence Anti-Malware Identity Flow Analytics TrustSec Business-based Web Web VPN Application Visibility Control Core Firepower Appliance Router WIPS Wireless Rogue Detection Server-based Server-Based Blade Server Communications Manager Core Services Anti-Virus Anti-Malware Figure 14 Services Layer Cloud Host-based Firewall
21 SAFE Architecture Guide Places in the Network: Secure Campus Summary January Summary Today s companies are threatened by increasingly sophisticated attacks. Campuses are commonly targeted because they are susceptible to physical access and have a large mix of services across increasingly complicated devices. Cisco s Secure Campus architecture and solutions defend the business against corresponding threats. SAFE is Cisco s security reference architecture that simplifies the security challenges of today and prepares for the threats of tomorrow.
22 SAFE Architecture Guide Places in the Network: Secure Campus Appendix January Appendix A Proposed Design The Secure Campus has been deployed in Cisco s laboratories. Portions of the design have been validated and documentation is available on Cisco Design Zone. Figure 15 depicts the specific products that were selected within Cisco s laboratories. It is important to note that the Secure Campus architecture can produce many designs based on performance, redundancy, scale, and other factors. The architecture provides the required logical orientation of security capabilities that must be considered when selecting products to ensure that the documented business flows, threats, and requirements are met. Campus Design ATTACK SURFACE HUMAN DEVICES NETWORK APPLICATIONS WSA-S390-K9 AIR-CT5520-K9 Corporate Laptop AIR-AP3802e-x-K9 (QTY:3) Secure FP-AMP-LC UMBRELLA-SUB Host Firewall WIRELESS SSID:EMPLOYEE E0 E0 E0 E1 E0 E1 G0 G1/2 G2/2 G1/5 G2/5 G1/6 G2/6 C6807-XL Guest Device WIRELESS SSID:GUEST G0/11-13 T1/5 UMBRELLA-SUB WS-C FQ G0/1 G2/11 G2/3 G1/1 G2/1 T1/7 E1/4 ISR4431-K9 G0/21-44 G0/2 G2/12 T1/1-4 G2/1 C6807-XL FP4110-X T1/5 E1/1 E1/2 G3/0/1 G3/1/1 Secure Web FP-AMP-LC UMBRELLA-SUB Corporate Desktop P0 DATA VLAN AIR-CT5520-K9 E0 G0/1 FP2130-X T1/1-4 E1/8 E1/3 E0 G1/4 G1/1 WS-C XU-L Host Firewall T1/1-4 E1/8 E1/4 E1 G0/2 C6807-XL FP4110-X G2/4 G2/1 Corporate Computer CP-9951-C-K9 WS-C FQ G0/1 G2/11 T1/1-4 G2/1 T1/5 E1/1 E1/2 G3/0/1 G3/1/1 Secure Communications FP-AMP-LC UMBRELLA-SUB P1 DATA VLAN VOICE VLAN P0 G0/21-44 G0/2 G2/12 G2/3 T1/7 E1/3 E1/6 E1/6 ISR4431-K9 Host Firewall UCS-FI-6248UP G0/3 T1/5 E1/4 C6807-XL Building Controls E1/1-8 E1/1-8 E1/1-8 E1/1-8 Secure Third Parties VENDOR VLAN UCSB-5108-AC2 Business Use Cases Endpoints Access Distribution Core Services BUILDING BLOCK CORE BLOCK Figure 15 Secure Campus Proposed Design, part 1. The building block is connected to the core block.
23 SAFE Architecture Guide Places in the Network: Secure Campus Appendix January Campus Design with Additional Floors BUILDING ONE Secure Secure Web Secure Communications G0/1 G0/2 Secure Third Parties FLOOR BLOCK Secure G1/6 T1/5 T1/6 Secure Web E0 Secure Communications G2/13 T1/5 T1/6 Secure Third Parties Business Use Cases Endpoints Access Distribution Core Services BUILDING BLOCK CORE BLOCK Figure 16 Secure Campus Proposed Design, part 2 shows how multiple floors can be connected to the distribution layer.
24 Secure Secure Web Secure Communications Secure Third Parties Secure Secure Web Secure Communications Secure Third Parties Secure Secure Web Secure Communications Secure Third Parties Secure Secure Web Secure Communications Secure Third Parties SAFE Architecture Guide Places in the Network: Secure Campus Appendix January Campus Design with Additional Buildings BUILDING ONE BUILDING TWO BUILDING THREE Secure FLOOR BLOCK FLOOR BLOCK Secure Web Secure Communications Secure Third Parties FLOOR BLOCK BUILDING BLOCK Distribution BUILDING BLOCK Distribution Secure T1/5 T1/6 T1/7 Secure Web E0 T1/8 T1/8 Secure Communications T1/7 T1/5 T1/6 Secure Third Parties Business Use Cases Endpoints Access Distribution Core Services BUILDING BLOCK CORE BLOCK Figure 17 Secure Campus Proposed Design, part 3 illustrates multiple buildings connected to the core block.
25 SAFE Architecture Guide Places in the Network: Secure Campus Suggested Components January Suggested Components Table 2 SAFE Design Components for Secure Campus Campus Attack Surface Campus Suggested Cisco Components Human Users Identity Identity Services Engine Meraki Management Devices Endpoints Client-Based Advanced Malware Protection (AMP) for Endpoints Cisco Umbrella AnyConnect AnyConnect Agent Posture Assessment Identity Services Engine(ISE) Meraki Mobile Device Management Network Wired Network Firewall Firepower Appliance, Adaptive Appliance (ASA) Integrated Services Router (ISR) Intrusion Prevention Firepower Appliance (ASA) Integrated Services Router (ISR) Access Control + TrustSec Wireless Controller/Catalyst Centralized Identity Services Engine Wireless Network Wireless Rogue Detection Meraki Wireless Mobility Services Engines (MSE) Wireless Intrusion Prevention (WIPS) Wireless APs Wireless LAN Controller
26 SAFE Architecture Guide Places in the Network: Secure Campus Suggested Components January Table 2 SAFE Design Components for Secure Campus (Continued) Campus Attack Surface Campus Suggested Cisco Components Network (continued) Analysis Anti-Malware Advanced Malware Protection (AMP) for Endpoints Advanced Malware Protection (AMP) for Advanced Malware Protection (AMP) for Networks Advanced Malware Protection (AMP) for Web Stealthwatch Integrated Services Router (ISR) with Stealthwatch Learning Network (SLN) AMP ThreatGrid WAN Threat Intelligence Flow Analytics Web Cisco Collective Intelligence Talos Intelligence AMP ThreatGrid Cognitive Threat Analytics (CTA) Adaptive Appliance Catalyst es ISR with Stealthwatch Learning Network (SLN) Stealthwatch (Flow Sensor and Collectors) Wireless LAN Controller Firepower URL Web Appliance Umbrella Secure Internet Gateway (SIG) VPN Firepower Integrated Services Router (ISR) Aggregation Services Router (ASR) Adaptive Appliance (ASA)
27 Campus Attack Surface Campus Suggested Cisco Components Network (continued) Cloud Cloud Cisco Umbrella Secure Internet Gateway(SIG) Cisco Cloudlock DNS Cisco Umbrella Secure Internet Gateway (SIG) Cloud-based Firewall Cisco Umbrella Secure Internet Gateway (SIG) Software- Defined Perimeter (SDP/SD-WAN) AnyConnect Agent Cisco Viptela Meraki MX Web : Internet access integrity and protections. Firepower virtual URL Cisco Umbrella Secure Internet Gateway (SIG) Web Reputation/ Filtering: Tracking against URL-based threats. Web Appliance Cloud Web Meraki MX Cloud Access Broker (CASB) Cloudlock Applications Service Server-based Advanced Malware Protection (AMP) Cisco Umbrella For more information on SAFE, see Americas Headquarters Cisco Systems, Inc. San Jose, CA Asia Pacific Headquarters Cisco Systems (USA) Pte. Ltd. Singapore Europe Headquarters Cisco Systems International BV Amsterdam, The Netherlands Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not Return imply a to partnership Contents relationship between Cisco and any other company. (1110R)
SAFE Architecture Guide. Places in the Network: Secure Branch
SAFE Architecture Guide Places in the Network: Secure Branch January 2018 SAFE Architecture Guide Places in the Network: Secure Branch Contents January 2018 Contents 3 5 8 9 13 17 22 23 26 Overview Business
More informationSAFE Architecture Guide. Places in the Network: Secure Data Center
SAFE Architecture Guide Places in the Network: Secure Data Center April 2018 SAFE Architecture Guide Places in the Network: Secure Data Center Contents April 2018 Contents 3 5 8 9 14 16 25 26 28 Overview
More informationSAFE Overview Guide. Threats, Capabilities, and the Security Reference Architecture
SAFE Overview Guide s, Capabilities, and the Reference Architecture January 2018 SAFE Overview Guide s, Capabilities, and the Reference Architecture Contents January 2018 Contents 3 4 6 11 12 13 15 20
More informationSAFE Architecture Guide. Places in the Network: Secure Internet Edge
SAFE Architecture Guide Places in the Network: Secure Internet Edge January 2018 SAFE Architecture Guide Places in the Network: Secure Internet Edge Contents January 2018 2 Contents 3 5 8 9 13 15 24 25
More informationUser-to-Data-Center Access Control Using TrustSec Design Guide
CISCO VALIDATED DESIGN User-to-Data-Center Access Control Using TrustSec Design Guide October 2015 REFERENCE NETWORK ARCHITECTURE Table of Contents About This Document... 1 Cisco TrustSec Overview... 2
More informationCisco Security Enterprise License Agreement
Cisco Security Enterprise License Agreement Deploy Software and Technology more easily The Cisco Security Enterprise Licensing Agreement (ELA) gives you a simpler way to manage your licenses. And it saves
More informationCisco Cloud Security. How to Protect Business to Support Digital Transformation
Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,
More informationCisco Service Control Service Security: Outgoing Spam Mitigation Solution Guide, Release 4.1.x
CISCO SERVICE CONTROL SOLUTION GUIDE Cisco Service Control Service Security: Outgoing Spam Mitigation Solution Guide, Release 4.1.x 1 Introduction and Scope 2 Functionality Overview 3 Mass-Mailing-Based
More informationThe Internet of Everything is changing Everything
The Internet of Everything is changing Everything Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763 Global Security Sales Organization Changing Business Models Any Device
More informationCisco Ransomware Defense The Ransomware Threat Is Real
Cisco Ransomware Defense The Ransomware Threat Is Real Seguridad Integrada Abril 2018 Ransomware B Malicious Software Encrypts Critical Data Demands Payment Permanent Data Loss Business Impacts Ramifications
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationHow to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption
How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist April 2018 New
More informationHow to Get Started with Cisco SBA
How to Get Started with Cisco SBA Cisco Smart Business Architecture (SBA) helps you design and quickly deploy a full-service business network. A Cisco SBA deployment is prescriptive, out-ofthe-box, scalable,
More informationHow to Get Started with Cisco SBA
How to Get Started with Cisco SBA Cisco Smart Business Architecture (SBA) helps you design and quickly deploy a full-service business network. A Cisco SBA deployment is prescriptive, out-ofthe-box, scalable,
More informationCisco Self Defending Network
Cisco Self Defending Network Integrated Network Security George Chopin Security Business Development Manager, CISSP 2003, Cisco Systems, Inc. All rights reserved. 1 The Network as a Strategic Asset Corporate
More informationCisco Security Exposed Through the Cyber Kill Chain
Cisco Forschung & Lehre Forum für Mecklenburg Vorpommern Cisco Security Exposed Through the Cyber Kill Chain Rene Straube CSE, Cisco Advanced Threat Solutions January, 2017 The Cisco Security Model BEFORE
More informationSecurity Deployment Guide. Revision: H2CY10
Email Security Revision: H2CY10 Who Should Read This Guide This guide is intended for the reader with any or all of the following: 100 1000 connected employees Up to 20 branches with approximately 25 employees
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years
More informationCisco Stealthwatch Endpoint License
Data Sheet Cisco Stealthwatch Endpoint License With the Cisco Stealthwatch Endpoint License you can conduct in-depth, context-rich investigations into endpoints that exhibit suspicious behavior. In our
More informationWireless and Network Security Integration Solution Overview
Wireless and Network Security Integration Solution Overview Solution Overview Introduction Enterprise businesses are being transformed to meet the evolving challenges of today's global business economy.
More informationEncrypted Traffic Analytics
Encrypted Traffic Analytics Introduction The rapid rise in encrypted traffic is changing the threat landscape. As more businesses become digital, a significant number of services and applications are using
More informationBorderless Networks. Tom Schepers, Director Systems Engineering
Borderless Networks Tom Schepers, Director Systems Engineering Agenda Introducing Enterprise Network Architecture Unified Access Cloud Intelligent Network & Unified Services Enterprise Networks in Action
More informationCisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017
Cisco Security Advanced Malware Protection Guillermo González Security Systems Engineer Octubre 2017 The New Security Model Attack Continuum Before During After Before Discover During Detect After Scope
More informationVendor: Cisco. Exam Code: Exam Name: Cisco Sales Expert. Version: Demo
Vendor: Cisco Exam Code: 646-206 Exam Name: Cisco Sales Expert Version: Demo QUESTION 1 What are three current business factors that are influencing customer decisions in making technology investments?
More informationPrestigious hospital. Outdated network.
Prestigious hospital. Outdated network. What happens when a cuttingedge medical center suffers from outdated network security? It s possible to lead the world in an industry medicine in this case and to
More informationLogistics Company Improves IT Uptime and Management
We look beyond IT CASE STUDY Logistics Company Improves IT Uptime and Management Logistics Company Improves IT Uptime and Management Customer Case Study FlexPod technology gives Suttons Group confidence
More informationSolution Architecture
2 CHAPTER Introduction The purpose of the Secure Wireless is to provide common security services across the network for wireless and wired users and enable collaboration between wireless and network security
More informationPassit4Sure (50Q) Cisco Advanced Security Architecture for System Engineers
Passit4Sure.500-265 (50Q) Number: 500-265 Passing Score: 800 Time Limit: 120 min File Version: 5.8 Cisco 500-265 Advanced Security Architecture for System Engineers Today is big day for me as I passed
More informationSimplify Technology Deployments
Cisco Security Enterprise License Agreement: Simplify Technology Deployments The need for Pervasive Security Coverage Security measures can t be limited to certain areas of your business. Mobility has
More informationOffice 365 Buyers Guide: Best Practices for Securing Office 365
Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.
More informationCisco ASA 5500-X NGFW
Cisco ASA 5500-X NGFW Sieťová ochrana pre malé a stredné podniky pred modernými hrozbami Peter Mesjar CCIE 17428, Systémový Inžinier, Cisco What are we going to talk about Problem is THREATS How today
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationSAFE Design Guide. Places in the Network: Secure Data Center. April 2018 First Look Guide
Places in the Network: Secure Data Center April 2018 First Look Guide 2 Secure Data Center Design Guide Contents April 2018 Contents 3 7 11 19 27 30 31 33 Introduction Data Center Business Flows 5 Data
More informationCisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer
Cisco Next Generation Firewall and IPS Dragan Novakovic Security Consulting Systems Engineer Cisco ASA with Firepower services Cisco TALOS - Collective Security Intelligence Enabled Clustering & High Availability
More informationMAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER
MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric
More informationSecure Network Access for Personal Mobile Devices
White Paper Secure Network Access for Personal Mobile Devices What You Will Learn People around the globe are enamored with their smartphones and tablet computers, and they feel strongly that they should
More informationSecuring the Empowered Branch with Cisco Network Admission Control. September 2007
Securing the Empowered Branch with Cisco Network Admission Control September 2007 Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. 1 Contents 1 The Cisco Empowered Branch 2 Security Considerations
More informationCisco Cloud Services Router 1000V and Amazon Web Services CASE STUDY
Cisco Cloud Services Router 1000V and Amazon Web Services CASE STUDY CASE STUDY ADOBE 2 About Adobe Adobe Systems provides digital media and marketing solutions to customers around the world including
More informationby Cisco Intercloud Fabric and the Cisco
Expand Your Data Search and Analysis Capability Across a Hybrid Cloud Solution Brief June 2015 Highlights Extend Your Data Center and Cloud Build a hybrid cloud from your IT resources and public and providerhosted
More informationSecurity Assessment Checklist
Security Assessment Checklist Westcon Security Checklist - Instructions The first step to protecting your business includes a careful and complete assessment of your security posture. Our Security Assessment
More informationCisco Collaborative Knowledge
Cisco Collaborative Knowledge Product Overview. Your workforce needs knowledge, speed and flexibility to solve real-world business challenges in today s fast moving digital economy. Cisco Collaborative
More informationATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK INTRODUCTION Attivo Networks has partnered with Cisco Systems to provide advanced real-time inside-the-network
More informationSymantec Client Security. Integrated protection for network and remote clients.
Symantec Client Security Integrated protection for network and remote clients. Complex Internet threats require comprehensive security. Today's complex threats require comprehensive security solutions
More informationA Unified Threat Defense: The Need for Security Convergence
A Unified Threat Defense: The Need for Security Convergence Udom Limmeechokchai, Senior system Engineer Cisco Systems November, 2005 1 Agenda Evolving Network Security Challenges META Group White Paper
More informationCisco Cloud Web Security
Cisco Cloud Web Security WSA ment Guide Internal Use Only 1 October 2014 Cisco CWS WSA/WSAv ment Guide Contents Introduction... 1 Cloud ment... 1 Additional Redirect Methods... 1... 2 Verify connection
More informationNETWORK THREATS DEMAN
SELF-DEFENDING NETWORK NETWORK THREATS DEMAN NEW SECURITY: STRATEGIES TECHNOLOGIES Self-Propagating Threats A combination of: self propagating threats Collaborative applications Interconnected environments
More informationCisco Network Admission Control (NAC) Solution
Data Sheet Cisco Network Admission Control (NAC) Solution New: Updated to include the Cisco Secure Network Server (SNS) Cisco Network Admission Control (NAC) solutions allow you to authenticate wired,
More informationFIREWALL BEST PRACTICES TO BLOCK
Brought to you by Enterprie Control Systems FIREWALL BEST PRACTICES TO BLOCK Recent ransomware attacks like Wanna and Petya have spread largely unchecked through corporate networks in recent months, extorting
More informationCisco Smart Business Communications Systems. Cisco Small Business Unified Communications 300 Series
Cisco Smart Business Communications Systems Cisco Small Business Unified Communications 300 Series Easy, Affordable Unified Communications for Your Business. Small businesses face new challenges and competitive
More informationData Sheet Instant Connect Mobile Client When your business is on the line, Instant Connect is here for your most critical communications needs. Welco
Data Sheet Instant Connect Mobile Client When your business is on the line, Instant Connect is here for your most critical communications needs. Welcome to the world s first and only secure communications
More informationModern attacks and malware
Modern attacks and malware Everything starts with an email and web Dragan Novakovic Cisco Systems New Cyber Threat Reality Your environment will get breached You ll most likely be infected via email Hackers
More informationNETWORKING &SECURITY SOLUTIONSPORTFOLIO
NETWORKING &SECURITY SOLUTIONSPORTFOLIO NETWORKING &SECURITY SOLUTIONSPORTFOLIO Acomprehensivesolutionsportfoliotohelpyougetyourbusiness securelyconnected.clickononeofoursolutionstoknowmore NETWORKING
More informationGlobal vision. Local knowledge. Cisco Forum Kyiv Country Day Month Year
Global vision. Local knowledge. Cisco Forum Kyiv Country Day Month Year Firepower Next Generation Firewall Subtitle goes here William Young Security Solutions Architect, Global Security Architecture Team
More informationWater Provider Relocates, Modernizes Data Center
: mission-critical services and Cisco engaged to lead data of 260 servers and 60 community of employees and partners. The most vital are those associated service. It was important for us to maintain the
More informationHow Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity
How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity Why is the NIST framework important? GOH Seow Hiong Executive Director, Global Policy & Government Affairs, Asia Pacific
More informationComplying with RBI Guidelines for Wi-Fi Vulnerabilities
A Whitepaper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Mountain View, CA 94043 www.airtightnetworks.com 2013 AirTight Networks, Inc. All rights reserved. Reserve Bank of India (RBI) guidelines
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect June 2016
Cisco Cyber Range Paul Qiu Senior Solutions Architect June 2016 What I hear, I forget What I see, I remember What I do, I understand ~ Confucius Agenda Agenda Cyber Range Highlights Cyber Range Overview
More informationAby se z toho bezpečnostní správci nezbláznili Cisco security integrace. Milan Habrcetl Cisco CyberSecurity Specialist Mikulov, 5. 9.
Aby se z toho bezpečnostní správci nezbláznili aneb Cisco security integrace Aby se z toho bezpečnostní správci nezbláznili Cisco security integrace Milan Habrcetl Cisco CyberSecurity Specialist Mikulov,
More informationCisco Exam Questions & Answers
Cisco 648-385 Exam Questions & Answers Number: 648-385 Passing Score: 800 Time Limit: 120 min File Version: 34.4 http://www.gratisexam.com/ Cisco 648-385 Exam Questions & Answers Exam Name: CXFF - Cisco
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationAddressing PCI DSS 3.2
Organizational Challenges Securing the evergrowing landscape of devices while keeping pace with regulations Enforcing appropriate access for compliant and non-compliant endpoints Requiring tools that provide
More informationSimple and Powerful Security for PCI DSS
Simple and Powerful Security for PCI DSS The regulations AccessEnforcer helps check off your list. Most merchants think they are too small to be targeted by hackers. In fact, their small size makes them
More informationCisco PCI Solution for Retail 2.0: Simplifying Compliance
Cisco PCI Solution for Retail 2.0: Simplifying Compliance Executive Summary The Payment Card Industry Data Security Standard (PCI DSS) Version 2.0 has been released, providing clarification and reinforcing
More informationChanging face of endpoint security
Changing face of endpoint security S A N T H O S H S R I N I V A S A N C I S S P, C I S M, C R I S C, C E H, C I S A, G S L C, C G E I T D I R E C T O R S H A R E D S E R V I C E S, H C L T E C H N O L
More informationCTS2134 Introduction to Networking. Module 08: Network Security
CTS2134 Introduction to Networking Module 08: Network Security Denial of Service (DoS) DoS (Denial of Service) attack impacts system availability by flooding the target system with traffic or by exploiting
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect
Cisco Cyber Range Paul Qiu Senior Solutions Architect Cyber Range Service A platform to experience the intelligent Cyber Security for the real world What I hear, I forget What I see, I remember What I
More informationSay Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER
Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER FORTINET Say Yes to BYOD PAGE 2 Introduction Bring Your Own Device (BYOD) and consumerization
More informationExam: : VPN/Security. Ver :
Exam: Title : VPN/Security Ver : 03.20.04 QUESTION 1 A customer needs to connect smaller branch office locations to its central site and desires a more which solution should you recommend? A. V3PN solution
More informationEasy Setup Guide. Cisco ASA with Firepower Services. You can easily set up your ASA in this step-by-step guide.
Cisco ASA with Firepower Services Easy Setup Guide You can easily set up your ASA in this step-by-step guide. Connecting PC to ASA Installing ASDM 3 Configuring ASA 4 Using Umbrella DNS Connecting PC to
More informationImplementing Cisco Edge Network Security Solutions ( )
Implementing Cisco Edge Network Security Solutions (300-206) Exam Description: The Implementing Cisco Edge Network Security (SENSS) (300-206) exam tests the knowledge of a network security engineer to
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationSoftware-Defined Secure Networks in Action
Software-Defined Secure Networks in Action Enabling automated threat remediation without impacting business continuity Challenge Businesses need to continuously evolve to fight the increasingly sophisticated
More informationCisco Software-Defined Access
F Cisco Software-Defined ccess What is Cisco Software-Defined ccess? Cisco Software-Defined ccess (SD-ccess) is a central part of the Cisco Digital Network rchitecture (Cisco DN ) solution and represents
More informationCisco Cyber Threat Defense Solution 1.0
Cisco Cyber Threat Defense Solution 1.0 Contents 1. Introduction to the Cisco Cyber Threat Defense Solution 1.0 2. Technical overview of the Cisco Cyber Threat Defense Solution 1.0 3. Using the Cisco Cyber
More informationDeploying Cisco SD-WAN on AWS
How to Guide Deploying Cisco SD-WAN on AWS Introduction: Why use an SD-WAN solution for the cloud? Organizations leveraging branch office locations, IoT devices, and distributed network devices face a
More informationThe Cisco HyperFlex Dynamic Data Fabric Advantage
Solution Brief May 2017 The Benefits of Co-Engineering the Data Platform with the Network Highlights Cisco HyperFlex Dynamic Data Fabric Simplicity with less cabling and no decisions to make The quality
More informationSymantec Protection Suite Add-On for Hosted Security
Symantec Protection Suite Add-On for Hosted Email Security Overview Malware and spam pose enormous risk to the health and viability of IT networks. Cyber criminal attacks are focused on stealing money
More informationExam : Title : Security Solutions for Systems Engineers. Version : Demo
Exam : 642-566 Title : Security Solutions for Systems Engineers Version : Demo 1. Which one of the following elements is essential to perform events analysis and correlation? A. implementation of a centralized
More informationCisco Solution Support
Service Definition Cisco Solution Support Cisco Security Solutions Service Definition November 2017 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page
More informationReviewer s guide. PureMessage for Windows/Exchange Product tour
Reviewer s guide PureMessage for Windows/Exchange Product tour reviewer s guide: sophos nac advanced 2 welcome WELCOME Welcome to the reviewer s guide for NAC Advanced. The guide provides a review of the
More informationHow to build a multi-layer Security Architecture to detect and remediate threats in real time
How to build a multi-layer Security Architecture to detect and remediate threats in real time Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist March 2018 Agenda Cisco Strategy Umbrella
More informationFuture-ready security for small and mid-size enterprises
First line of defense for your network Quick Heal Terminator (UTM) (Unified Threat Management Solution) Data Sheet Future-ready security for small and mid-size enterprises Quick Heal Terminator is a high-performance,
More informationIntelligent WAN NetFlow Monitoring Deployment Guide
Cisco Validated design Intelligent WAN NetFlow Monitoring Deployment Guide September 2017 Table of Contents Table of Contents Deploying the Cisco Intelligent WAN... 1 Deployment Details...1 Deploying NetFlow
More informationwith Advanced Protection
with Advanced Email Protection OVERVIEW Today s sophisticated threats are changing. They re multiplying. They re morphing into new variants. And they re targeting people, not just technology. As organizations
More informationForeScout ControlFabric TM Architecture
ForeScout ControlFabric TM Architecture IMPROVE MULTI-VENDOR SOLUTION EFFECTIVENESS, RESPONSE AND WORKFLOW AUTOMATION THROUGH COLLABORATION WITH INDUSTRY-LEADING TECHNOLOGY PARTNERS. The Challenge 50%
More informationCisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics
Solution Overview Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics BENEFITS Gain visibility across all network conversations, including east-west and north-south
More informationA Pragmatic Approach to HealthCare Security. Hans Mathys CSE, Cybersecurity, Cisco Switzerland
A Pragmatic Approach to HealthCare Security Hans Mathys CSE, Cybersecurity, Cisco Switzerland Referatsabstract A Pragmatic Approach To HealthCare Security - Cyber-Security ist nicht nur eine Herausforderung
More informationQ&As. Advanced Borderless Network Architecture Sales Exam. Pass Cisco Exam with 100% Guarantee
700-301 Q&As Advanced Borderless Network Architecture Sales Exam Pass Cisco 700-301 Exam with 100% Guarantee Free Download Real Questions & Answers PDF and VCE file from: 100% Passing Guarantee 100% Money
More informationExam Code: Exam Code: Exam Name: Advanced Borderless Network Architecture Systems Engineer test.
Exam Code: 700-303 Number: 700-303 Passing Score: 800 Time Limit: 120 min File Version: 41.2 http://www.gratisexam.com/ Exam Code: 700-303 Exam Name: Advanced Borderless Network Architecture Systems Engineer
More informationADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY
ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY OUTLINE Advanced Threat Landscape (genv) Why is endpoint protection essential? Types of attacks and how to prevent them
More informationNETWORK ADMISSION CONTROL
WHITE PAPER NETWORK ADMISSION CONTROL EXECUTIVE SUMMARY Network Admission Control (NAC), an industry initiative sponsored by Cisco Systems, uses the network infrastructure to enforce security policy compliance
More informationCisco Solution Support
Service Definition Cisco Solution Support Security Solutions Service Definition October 2018 2015 Cisco and/or its affiliates. All rights reserv ed. This document is Cisco Public Information. Page 1 of
More informationCisco ASA 5500 Series IPS Solution
Cisco ASA 5500 Series IPS Product Overview As mobile devices and Web 2.0 applications proliferate, it becomes harder to secure corporate perimeters. Traditional firewall and intrusion prevention system
More informationWireless Clients and Users Monitoring Overview
Wireless Clients and Users Monitoring Overview Cisco Prime Infrastructure 3.1 Job Aid Copyright Page THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT
More informationPerimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN
T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN Perimeter Defenses Enterprises need to take their security strategy beyond stacking up layers of perimeter defenses to building up predictive
More informationLogical Network Design (Part II)
Logical Network Design (Part II) DCS COMSATS Institute of Information Technology Rab Nawaz Jadoon Assistant Professor COMSATS IIT, Abbottabad Pakistan Telecommunication Network Design (TND) Possible (Part
More informationSecurity-as-a-Service: The Future of Security Management
Security-as-a-Service: The Future of Security Management EVERY SINGLE ATTACK THAT AN ORGANISATION EXPERIENCES IS EITHER ON AN ENDPOINT OR HEADING THERE 65% of CEOs say their risk management approach is
More informationClient Computing Security Standard (CCSS)
Client Computing Security Standard (CCSS) 1. Background The purpose of the Client Computing Security Standard (CCSS) is to (a) help protect each user s device from harm, (b) to protect other users devices
More informationStealthwatch ülevaade + demo ja kasutusvõimalused. Leo Lähteenmäki
Stealthwatch ülevaade + demo ja kasutusvõimalused Leo Lähteenmäki 09:00-9:30 Hommikukohv ja registreerimine 09:30 11:15 Stealthwatch ülevaade + demo ja kasutusvõimalused 11:00 11:15 Kohvipaus 11:15 12:00
More informationCoordinated Threat Control
Application Note Coordinated Threat Control Juniper Networks Intrusion Detection and Protection (IDP) and Secure Access SSL VPN Interoperability Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale,
More information