CiscoWorks Network Compliance Manager · NCM Alert Center – Security Alerts Automatically...

© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 1© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 1

CiscoWorks NetworkCompliance Manager

Stuart Parham

© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 2

Challenges faced by ITteams today


Network

Auditor

Manager

Director

Clients directlyconnect tonetwork devices

Lack of controlover the network

Data manuallycollected &reported

Costly,tedious andincomplete

Devicesconfiguredmanually one byone

Costly & errorprone manualchanges

Tools Manager

Network Architect

Network Manager

Security Engineers

Network Engineers

NOC Operators

IT Staff

Configuration, scriptsand OS images stored onvarious IT workstations

Lack of security &standardization

Challenged with manual, ad-hoc networkconfiguration


Tools Manager

Network Architect

Network Manager

Security Engineers

Network Engineers

NOC Operators

IT Staff

Automate complex networkmanagement tasks throughmulti-threaded event-drivenautomation engine

Control and standardizeacross infrastructure in acentral, secure location

Auditor

Manager

Director

NetworkManagement

Tools

Track all activity down to thevery operator keystrokes

Prevent errors & enforceprocess through centralizedpoint of control

Network

Fully automated network configurationand change management


Automated Configuration

NCM drastically reduces down-time causedby configuration errors

Manual Configuration

MTTR from configuration error:15 minutes

Outages & security incidents dueto manual mis-configurations: 20%

Average time to discover securityvulnerability: Less than 2 minutes

Provision new device: 20 minutes

Changes per hour: 5,000

Average amount of network incompliance: 100%

MTTR from configuration error:150 minutes

Outages & security incidents due tomanual mis-configurations: 80%

Average time to discover securityvulnerability: 2 weeks

Provision new device: 6 hours

Changes per hour: 20

Average amount of network incompliance: 3%

Source: 2005 EMA Survey and customer feedback


What is NCM?


CiscoWorks Network ComplianceManager (NCM)

A scalable, multi-vendor offering forcentralized network configurationand compliance management

Network Configuration and ChangeManagement (NCCM)

• real-time change detection• pre-deployment validation• policy enforcement

Audit and Compliance Analysis• set policy to track compliance• automated generation of compliancereports (SOX, VISA PCI, HIPAA, GLBA,ITIL, CobiT, COSO)

Advanced Workflows• model complex projects• define custom approval policies

Extensive Reporting• network status• compliance


Functional Overview

• Device provisioning

• Configuration

• Scripting

• OS image updates

Change &

Configuration

Management

• Network audits

• Best practices enforcement

• SOX, VISA CISP, HIPAA,

GLBA, ITIL, CobiT, COSO

Audit &

Compliance

Policy-Based or Ad Hoc

Inte

gra

tion

Co

nn

ecto

rs

Central Data

Repository

Member of

Federated CMDB

• Network compliance

• Deployed assets

• Change history

Reporting

CiscoWorks Network

Compliance Manager• Sequencing

• Scheduling

• Process model

• Change approvals

Workflows &

Approvals

Other Network

Management

Systems

Automated

Discovery &

Inventory Import

• Individual devices (e.g.,

from CiscoWorks DCR)

• Network topology

• Detailed asset inventory

• OS images

Cisco NMS

and 3rd party

applications

Network


CiscoWorks NCMHardware/Software Platform

Server platforms supported

Windows Server 2000

Windows Server 2003

Solaris 9

Solaris 10

Linux RedHat ES/AS 3UP2/4

SUSE Enterprise Linux 9

Database platforms supported

Oracle 9

Oracle 10g

MySQL

Microsoft SQL Server 2000

Microsoft SQL Server 2005


SecurityManagement


Security Management

Maintain comprehensive config change history archive forsecurity audits

Monitor and enforce compliance with security standards such asVisa CISP / PCI for credit card transactions

Create security compliance policies (regex pattern match onfirewall configs) and check if firewall configs are in compliancewith applied security policies

Provide role-based access control and lockdown to devices andtheir configurations

Provision configuration changes on firewall devices

Maintain an up to the keystroke level audit trail of changes madeon firewall devices

Maintain a history of changes made to ACLs

Easily deploy ACL changes


Security Device Support

Cisco PIX

Cisco Guard (Riverhead DDOS) blades

Cisco FWSM (this device driver is on the roadmap)

CheckPoint Firewall-1

Juniper Netscreen Firewalls


What is Alert Center ?


NCM Alert Center

Security Alerts– vendor security alerts translatedinto NCM software policies

Shared Product Extensions – leverage scripts,packages and policies

Functionality Updates – new capabilitiesavailable outside the release cycle

What is it?

New, optional subscription service that provides NCM users with

ongoing updates of security alerts and automation packs

Benefits:


NCM Alert Center – Security Alerts

Automatically downloads and continuously updatesNetwork Vulnerability Alerts

Based on industry leading alert service

NCM translates alerts into Software CompliancePolicies

NCM server securely downloads new alerts (approx.~3-5 per week)

Users can review and activate desired policies in theirenvironment


VulnerabilityAwareness

OngoingCompliance

IdentificationandRemediation

VulnerabilityTranslation

Automated deliveryof vulnerability alerts

Immediatelyactionable policies

Automated alertson any regression

The right people get

alerted immediately

and everyone has a

consistent view of

the vulnerabilities

Vulnerability alerts

come pre-

translated and are

immediately

actionable

Customers can

easily choose

which alerts to

activate based on

pre-attached risk

levels

Immediately alerts

when existing devices

regress or new devices

with known

vulnerabilities are

added to the network

Security Alert Service

Rapididentification andremediation

Automatically

identifies all

vulnerable devices

and provides an ‘at-a-

glance’ dashboard

view

NCM will remediate

all vulnerable devices

concurrently

NCM Alert CenterAutomated, Reliable, and Rapid Remediation


Major Features andCustomer Benefits


CiscoWorks NCM Features & Benefits - 1

Key Features Benefits

EoX (End of Sale, Endof Life) Reports

Helps keep your network up to date with the latesthardware and to help maximize your availability anduptime

Real-time ChangeDetection

Integrated Telnet/SSH proxy can detect changes to akey stroke level.

Fool proof change detection via Syslog, regular polling,tailing AAA logs.

Open architecture

APIs available to integrate with third party applications.

Extensive scripting support for multiple scriptinglanguages.

Ability to send SNMP traps, Syslog messages and opentrouble tickets and integrate with existing workflows.

Powerful reportingHighly granular Boolean-based search and reportcapabilities on broad range of attributes and historicaldata.

Auto RemediationEvent based architecture allows non compliance issuesto be fixed automatically.


CiscoWorks NCM Features & Benefits - 2

Key Features Benefits

Enhanced Software ImageManagement

Provides image recommendation, verification with reliable andschedulable image management on the device

Integration withCiscoWorks applications

Easy cross launch of CiscoWorks NCM and CiscoWorks LMS

Consistent network database via Device Credential Repository(DCR)

Combination of network configuration, change, compliance,Cisco IOS/CatOS image management

Security managementRole-based access control and lock down

Centralized ACL management

Advanced workflow andapprovals

Close the change loop with real-time process enforcement

Multivendor support

Thousands of device models/versions supported out of the boxacross Cisco and 35 other vendors

Object-oriented driver architecture enables rapid driverdevelopment

Frequent driver releases


Additional Feature LevelDetails


Configuration and Change Management

Centralized software andconfiguration deployment

Real-time changedetection

Visual configurationscomparisons

Configuration templates

Pre-deployment validationof changes and pro-activepolicy enforcement

Secure device access

Historical configurationarchive

Maximized Uptime During Change Management

Visual DifferenceComparisons


Audit and Compliance Management

ComprehensiveCompliance Center

Set policies to track compliance

Enforce policies in real-time

Visual device comparisons

Non-compliance notificationand auto-remediation

Automatic generation ofregulatory and corporatecompliance reports

SOX, PCI, HIPAA, GLBA,ITIL, CobiT, COSO

Automated Audits and Compliance Reporting

Full ComplianceCenter


Prioritized Triage of Compliance Violations

The Problem

Compliance violations arenot all created equal

No way to filter and triagehundreds or thousands ofcompliance violationsbesides manual review

Each violation has a riskrating

Automated triage based onrisk ratings, such as:

Auto-remediate

Open new trouble ticket

Send email/page

Email daily summary

PrioritizeCompliance Rules

Pushing the Most Critical Violations to the Forefront

PrioritizedCompliance Rules


Reporting

Report on device inventory

By group, vendor, user

Change reporting

Who changed what,why & when

Compliance reporting

Regulatory compliance

Corporate compliance

NSA Router best practices

Network status reports

Policy compliance at-a-glance

Identify and address risk factors

NetworkStatus

Reports

Pre-defined and Custom Reports


Close The Change Loop withReal-Time Process Enforcement

Advanced Workflow and Approvals

Model complex projects

Combine automated and manualactivities

Define custom approval policies

Require approval based on user,activity and/or device affected

Require approvals for manual orautomated activities

Grant permission for approvaloverrides

Integrate with external workflowand process systems

Daily activity calendar

Conflict alerts

Flexible reporting and notification

Change reporting dashboard

Email /other notifications

Change ApprovalRules


Why buy CiscoWorksNCM from Cisco Today ?


NCM Cisco Differentiation

NCM 1.3 - Current selling version

– EoX scheduled reporting using Cisco internal backendinformation and automated notification. Provides details at

• Module level

• Device level

– Enhanced Software Image Management

– Integration with CW Homepage, Device Center and CiscoView

– Automated device inventory sync with CW DCR

– Automated config updates from NCM to CAS

– Automated events from NCM to CAS

– Phase 1 Cisco Network Collector integration to reduce pollingwhen using Cisco Adv Services offerings

– NCM Alert Center will provide additional Cisco value-add thrulinks and reporting to Cisco backend databases

Priority new Cisco platform driver support

Cisco brand – TAC support

In NCM Only


For More Information

Product Web Portal:

– http://www.cisco.com/go/cwncm

CiscoWorks Network Compliance Manager · NCM Alert Center – Security Alerts Automatically...

Documents

Transcript of CiscoWorks Network Compliance Manager · NCM Alert Center – Security Alerts Automatically...