BRKPAR-2488 AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment Edy Almer
How to Secure and Automate Your Heterogeneous Cisco Environment Yogesh Kaushik, Senior Director Cisco Doug Hurd, Alliance Manager Cisco Edy Almer, VP Product Algosec
Cisco Tetration Platform Hybrid Cloud Workload Protection Network Traffic Visibility Visibility & Forensics Googl e Azure Amazon App Behavior Detection Vulnerability Detection Policy Simulation Attribute based whitelist policy & segmentation Whitelist Policy
USE CASE I Map Firewall Rules to Business Applications Application tags are then visible everywhere policy searches, security risks, cleanup, export via API
USE CASE II Risk, Vulnerability and Compliance Application servers are matched with vulnerability scan results Risk, vulnerability and compliance are managed with correct business application context and priority
USE CASE II Risk, Vulnerability and Compliance Tetration Platform discovers application flows and dependencies Application flows are matched with network security risks & vulnerability scan results
USE CASE II Risk, Vulnerability and Compliance Tetration flow data annotated with vulnerability score
USE CASE III Generate and Push Whitelist Policies Tetration Analytics generates whitelist policy recommendations and enforces host based polices AlgoSec configures security policies to multi-vendor security devices and SDN controllers (automatically/with modifications) ACI
CORPORATE OVERVIEW Founded 2004 1500+ Enterprise Customers Serving 20 of the Fortune 50 24/7 Support via 3 Global Centers Passionate about Customer Satisfaction
BUSINESS-DRIVEN SECURITY MANAGEMENT Business-Driven Network Security Policy Management Business-Driven Security Business-Driven Agility Unified Visibility Across Cloud, SDN & On-Premise Enterprise Networks USE CASES Risk Management Auditing & Compliance Incident Response Micro- Segmentation Change Management DevSecOps Business Continuity Digital Transformation
NETWORK ABSTRACTION & POLICY ANALYSIS Visibility and analysis of complex network security policies across on premise and cloud networks. Topology map and traffic simulation Firewall rule optimization and cleanup Audit-ready compliance reports Risk assessment Baseline configuration compliance Network segmentation enforcement 12 Confidential
SECURITY POLICY CHANGE AUTOMATION Process firewall changes with zerotouch automation. Security policy workflow automation Topology analysis and optimal rule design Proactive risk and compliance verification Automated policy push Change validation and reconciliation SLA tracking and complete audit trail Integration with ticketing systems 13 Confidential
APPLICATION CONNECTIVITY MANAGEMENT Discover, provision, maintain and securely decommission network connectivity for critical business applications. Automated discovery and mapping of business connectivity Translation of business requirements in to networking terms Impact assessment to avoid outages Rapid datacenter and cloud migration Business-centric risk analysis Secure application decommissioning 14 Confidential
ACI, NX-OS, FIREPOWER, FWSM, IOS (XE,XR) Process firewall changes with zerotouch automation. Automate change for ACI, FWSM, IOS Plan: Automate Firepower Risk and Compliance for all Change recommendation for NX-OS Change validation and reconciliation SLA tracking and complete audit trail Integration with ticketing systems 15 Confidential
Integration Points Across the Cisco Security Portfolio estreamer API Send Firepower event data to SIEMs Host Input API Collect vulnerability and other host info Remediation API Programmatic response to third parties from FireSIGHT JDBC Database Access API Supports queries from other applications Read/Write REST API for Firepower Supports FW and Risk Management technologies Threat Intelligence Director REST API for Firepower Collect, correlate, take action on third party Threat Intelligence Management API for ASA Third party management of ASA, policy auditing pxgrid Bi-directional context sharing framework for ISE, ecosystem partners MDM API Enables 3rd party MDM partners to make mobile device posture part of ISE access policy External Restful Services (ERS) Adds 3rd party asset data to ISE inventory database AMP Cloud-based API Externalize event data for all 3rd party apps Threat Grid API Hand off suspicious files for analysis Queries entire dataset for correlation or historical/geographic significance Automate submission of files for analysis Create custom or batch threat feeds FirePOWER 9300 (SSP) REST API Cisco and third party applications in service chain configuration AnyConnect Network Visibility Module Collection AnyConnect provides IPFIX data AnyConnect EDM/MDM VPN Services OpenDNS Investigate Query OpenDNS for threat intelligence OpenDNS Umbrella Add addresses to customer specific enforcement CloudLock Enterprise API Reporting/Management CloudLock Development APIs Access micro-services Other Integration Points ESA, WSA
Gain more insight with increased visibility Migration from ASA to Firepower Client applications Operating systems Threats Typical IPS Users File transfers Application protocols Web applications C & C Servers Malware Routers & switches Mobile Devices Printers Typical NGFW Cisco Firepower NGFW Network Servers VOIP phones
Please complete your Online Session Evaluations after each session Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt All surveys can be completed via the Cisco Live Mobile App or the Communication Stations Complete Your Online Session Evaluation Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at www.ciscolive.com/global/on-demand-library/. 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Tech Circle Meet the Engineer 1:1 meetings Related sessions BRKPAR-2488 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Thank you