A Unified Threat Defense: The Need for Security Convergence Udom Limmeechokchai, Senior system Engineer Cisco Systems November, 2005 1
Agenda Evolving Network Security Challenges META Group White Paper : Unified Threat Defenses The Self Defending Network Increasing the Effectiveness of Security Decreasing the Cost of Securing the Network Summary 2
Evolving Network Security Challenges 3
Key Issues Facing Organizations Simplification and Cost Reduction Scalability Equipment cost Staffing (total cost of ownership) Integration and systems management Application and Service Optimization Enablers Application management Performance/Optimization Resilience Security Threats Theft Loss Response time 4
The Network Has Evolved Applications Everywhere, Everyone Interconnected Sales Automation HR Apps ERP MRP Finance Headquarters Partners Manufacturing Sales Reached Mostly by Web/Extranet Human Resources Teleworker Departmental Applications Available Throughout Remote Offices Customer 5
Evolution of Security Challenges Target and Scope of Damage Global Infrastructure Impact Regional Networks Multiple Networks Individual Networks Individual Computer First Gen Boot viruses Rapidly Escalating Threat to Businesses Weeks Days Second Gen Macro viruses Denial of Service Minutes Third Gen Distributed Denial of Service Blended threats Seconds Next Gen Flash threats Massive bot driven DDoS Damaging payload worms 1980s 1990s Today Future 6
Security Services Silos Force Trade Offs Complementary Defenses, Limited Deployability Firewall Services Access Control Services Packet Inspection Protocol Validation Accurate Enforcement Robust Resiliency IPS Services Broad Attack Detection Granular Packet Inspection Application Control Dynamic Response Network AV Services Virus Mitigation Spyware, Adware, Malware Detection and Control Malicious Mobile Code Mitigation IPSec/SSL VPN Services SSL VPN IPSec VPN User-Based Security Group-Based Management Clustering Access Breaches Session Abuse Port Scans Malformed Packets Application Misuse DoS/Hacking Known Attacks Tunneled Traffic Limited Protections Infected Traffic Multiple Discrete Services x Multiple Locations = Security Trade-Offs 7
What s on the Mind of the IT Professional? Help! I have to respond more rapidly and proactively to changes in business conditions Show me how to use IT investments to go on the offense Help me with my pain: Operational complexity Virus/worm outbreaks Application abuse Approaching the network in a new way can help solve these challenges 8
META Group White Paper: Unified Threat Defenses 9
Pervasive Integration 10
Pervasive Perimeterization 11
Multilayer Security 12
Multiservice Agents/Gateway 13
Unified Threat Defenses 14
The Self-Defending Network 15
What Worked in the Past Can t Meet Today s Threats Past Reactive Point Products Product Support Services Needed Now Automated, Proactive Integrated Multiple Layers Advanced Design/Deployment Services A Collaborative Systems Approach 16
Evolution of Cisco Security Strategy Cisco Self-Defending Network SDN Phase III Adaptive Threat Defense Mutual awareness among and between security services and network intelligence Increases security effectiveness, enables proactive response Consolidates services, improves operations efficiency Application recognition and inspection for secure application delivery/optimization Point Products Multiple security appliances Separate management software SDN Phase II Collaborative Security Systems Security becomes a Network-Wide System: Endpoints + Network + Policies Multiple services and devices working in coordination to thwart attacks with active management NAC, IBNS, SWAN SDN Phase I Integrated Security Making every network element a point of defense routers, switches, appliances. endpoints Secure connectivity (V3PN, DMVPN), threat defense, trust and identity Network foundation protection 17
Adaptive Threat Defense in Action Services Convergence Enables More Effective Security Access Control, Packet Inspection Firewall Services Application Intelligence, Content Inspection, Virus Mitigation IPS and NW-AV Services Identity, Virtualization, QoS Segmentation, Traffic Visibility Network Intelligence Cisco Router CSA Cisco DDoS Catalyst VPN VPN Access Cisco Router Si Si Catalyst PIX Identity-Based Networking NAC CSA Quarantine VLAN Cisco IPS CSA 18
Five Characteristics of a Self-Defending Network End Point Posture Enforcement Network Device and End Point Protection Dynamic/ Secure Connectivity Dynamic Communication Between Elements Automated Threat Response 19
Introducing Cisco Adaptive Security Appliances Delivering Adaptive Threat Defense and VPN Solutions App Inspection, Use Enforcement, Web Control Malware/Content Defense, Anomaly Detection Application Security Anti-X Defenses Traffic/Admission Control, Proactive Response Containment and Control Catalyst CSA Cisco Router Cisco DDoS VPN VPN Access Cisco Router Catalyst Quarantine VLAN NAC CSA PIX Identity-Based Networking Cisco IPS The Cisco ASA 5500 Series 2005 Cisco Systems, Inc. All rights reserved. CSA Cisco Public 20
Increasing the Effectiveness of Security 21
Introducing Cisco Adaptive Security Appliances Delivering Adaptive Threat Defense and VPN Solutions Converged Adaptive Threat Defense and Flexible VPN Services Application Security, Worm/Virus Mitigation, Malware Protection and Threat-Protected VPN Minimize Deployment and Operations Costs Platform Standardization, Unified Management, Network Awareness Technology Extensibility to Address New Threats Purpose-Built Adaptive Identification and Mitigation Architecture Enables Unprecedented Extensibility and Policy Control The Cisco ASA 5500 Series 22
Cisco Adaptive Security Appliances Series Convergence of Robust, Market-Proven Technologies Market-Proven Technologies Adaptive Threat Defense, Secure Connectivity Firewall Technology Cisco PIX App Inspection, Use Enforcement, Web Control Application Security IPS Technology Cisco IPS NW-AV Technology Cisco IPS + Trend NAV VPN Technology Cisco VPN 3000 Malware/Content Defense, Anomaly Detection Anti-X Defenses Traffic/Admission Control, Proactive Response Network Containment and Control Network Intelligence Cisco Network Services Secure Connectivity IPSec and SSL VPN 23
VPN Services for Any Deployment Scenario Robust IPSec and SSL VPN Services with Threat Prevention Branch Office Site-to-Site Supply Partner Extranet Public Internet Access Scenarios: Site-to-Site Connectivity Managed Desktop Employee Desktop Kiosk Access Full or Limited Network Access Partner Access Account Manager Mobile User Employee at Home Unmanaged Desktop ASA 5500 Converged IPSec, WebVPN, Firewall, IPS: Inspect/Control VPN Sessions Single RA VPN Device Infrastructure Unified User Management Uniform Resiliency and Load Balancing QoS for Site-to-Site Traffic Provides Secure Access for Any User from Any Location from a Single Device and Management Infrastructure 24
High Performance Threat Mitigation Services Convergence Enables Thorough Protection Worms Viruses Spyware Hackers W32.Tomorrow s-threat Comprehensive Analysis: De-obfuscation Application Layer Inspection Protocol Anomaly Detection Heuristic Analysis Traffic Normalization Public Internet ASA 5500 Accurate Enforcement: Real-Time Correlation Risk Rating Attack Drop Session Removal and Resets Outbreak Prevention: Virus Detection Dynamic Outbreak Updates Leverages Depth of Anti-X Defense Features to Stop Malicious Worms, Viruses and More and Without a Performance Loss! 25
Decreasing the Cost of Securing the Network 26
Cisco Adaptive Security Device Manager (ASDM) v5.0 Dashboard Provides At-a-Glance View of System Status Dashboard provides instant status of items such as: - Software versions installed - Interface status and throughput - Platform uptime - Security Contexts -Real-time syslog viewer (last ten) - Powerful search capabilities - And more! 27 27
Cisco Adaptive Security Device Manager (ASDM) v5.0 Robust Firewall Management and Monitoring Cisco ASDM v5.0 delivers robust firewall management and monitoring of a Cisco ASA appliance Supports full configuration of: - Access control lists - Network and service object groups - Inspection Engines - NAT/PAT - AAA and more Supports monitoring of: - Syslog (real-time) - Connections - Throughput & more! ASA 5500 Intro 2004 2005 Cisco Systems, Inc. All rights reserved. Cisco Public 28 28
Cisco Adaptive Security Device Manager v5.0 Comprehensive VPN Management and Monitoring Cisco ASDM v5.0 delivers comprehensive remote access and site-to-site VPN management and monitoring of a single Cisco ASA appliance Supports full configuration of: - WebVPN - IPSec RA groups - S2S tunnels - AAA, DHCP, & more! Supports monitoring of: - Uptime, bytes xfered, by tunnel - VPN usage trends ASA 5500 Intro 2004 2005 Cisco Systems, Inc. All rights reserved. Cisco Public 29 29
Cisco Adaptive Security Device Manager v5.0 Extensive IPS Management and Monitoring Cisco ASDM v5.0 delivers extensive IPS management and monitoring of a single Cisco ASA appliance Supports full configuration of: -Engines - Signatures - Threat Risk Rating - IPS Actions - And more! Supports monitoring of: - Events - Diagnostic reports - Sensor statistics ASA 5500 Intro 2004 2005 Cisco Systems, Inc. All rights reserved. Cisco Public 30 30
Summary 31
Benefits Protects from broadest range of threats with comprehensive suite of services Delivers excellent value through integration of multiple deployment-proven, best-ofbreed security and networking services Decreases ops costs by standardizing on one platform customizable for numerous deployment scenarios Increases security effectiveness through services consolidation Delivers high concurrent services performance through unique, extensible multi-processor architecture Part of a greater whole self-defending networks 32
Take Advantage of Unified Threat Defenses and Self Defending Networks Today! To learn more about this exciting new product family or about Cisco Self Defending Networks: Visit us at www.cisco.com/go/asa or www.cisco.com/go/sdn Contact your Cisco account team or Cisco partner to arrange a demo Thank you for your time today! 33
34