Protegendo sua Rede
Sergio Dias Systems Engineer CCIE DC #47837
Fabiane Paulino Consulting Systems Engineer
Legacy Security: Costly & Complex
Siloed
Inefficient
Manual
Limited integra,on, security gaps
Hard-‐coded processes
Over-‐provisioned, sta,c and slow
• $ 400 Millions the es?mated financial loss in 2015 with breachs
• 98% stemmed from External Agents • 81% u?lized some form of Hacking • 69% incorporated Malware • 96% of aPacks Not Highly Difficult
* Verizon 2015 Data Breach Inves?ga?on Report
Cisco’s Threat-‐Centric Security Model
Network Endpoint Mobile Virtual Cloud
DURING Detect Block
Defend
AFTER Scope
Contain Remediate
BEFORE Discover Enforce Harden
Advanced Malware Protec?on VPN Firewall NGIPS DDoS
Policy Management Applica?on Control
Secure Access + Identity Services
Malware Sandboxing Web Security
Email Security Network Behavior Analysis
Security Services
4 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Corp Network
Global Orchestration
5 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Corporate HQ
Partners Guests
...
6 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Branches / Home Office
7 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Partners Guests
Network Security Challengers Distributed Network, Compliance and Control
Grant and Control access to Corporate Devices, Guests Devices and BYOD Devices.
Compliance.
Borderless network (wireless, wired and VPN) keeping the same level of access and control. Distributed network (Datacenter, Stores and Remote Locations, HQ and Remote Users).
Employees ...
Grant and Control access to Employees, Partners and Guests.
Compliance.
Keep track and have visibility over all users, devices, applications and vulnerabilities on the network.
Protect the network against security events and advanced threats.
8 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Access Control Consistent Secure Access Policy Across Wired, Wireless and VPN
Guests
BYOD Corporate and Partners
SSID: Guest
SSID: Corporate
Authentication Users and Devices
Cisco ISE
Onboarding (Portals)
Access Enforcement
Traffic Analysis
AD, LDAP, RADIUS or Local Database
Rest API
Full Reports
Corporate
Corporate and Partners
Corporate and Partners How
What Who
Where When
9 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco pxGrid Context Sharing
FirePower NGIPS
ASA and ASA with FP Services
Stealth Watch WSA
FirePower Threat Defense
Cisco ISE
pxGrid
User Identity User, Location IP,
Device Type and SGT Tag
10 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
FirePower and ISE Integration Fire&ISE pxGrid
11 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
WSA and ISE Integration WSA&ISE pxGrid
12 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Corp Network
Global Orchestration
13 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
New Features
Sourcefire FirePOWER
Cisco ASA
Converged Software – Firepower Threat Defense (FTD)
14 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Total Visibility
Web
WWW
Endpoints Network Email Mobile
Cloud
FTD - Centralized Management Web, Multi-Tenant, Full Visibility
15 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Corp Network
Global Orchestration
16 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Q&A
17 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Thank you!!
Top Related