Cisco SAFE Overview:Cisco SAFE Overview:Validated Next-Generation Security Architecture

© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSAFE 01222008 1

Critical Security Issuesy

Compliance

Data and identity theft

Financial fraud

Virtualization and cloud computing

Network abuseNetwork abuse

Service availability

Security management and operationSecurity management and operation

Cost

L k f i t d ll b ti d t

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSEVT Dec 2008 2

Lack of consistency and collaboration across products

Today’s Complex Security ThreatsRequire Systemwide CollaborationRequire Systemwide Collaboration

Sophisticated website attacksTop-Ten Cyber Security Menaces

Sophisticated website attacksIncreasing botnet sophistication and effectivenessGrowing cyber espionageGrowing cyber espionageEmerging mobile phone threatsInsider attacksAdvanced identity theft Increasingly malicious spywareWeb application security exploitsSophisticated social engineering

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSEVT Dec 2008 3

Supply-chain attacks infecting consumer devices Source: SANS Institute

The Greatest Security Threat?Accidental Security ArchitectureAccidental Security Architecture

Fear-based security ydecisions

Product- or feature-of-the-oduct o eatu e o t emoment purchases

Siloed products andSiloed products and designs

Poor security policyPoor security policy

Poor management, control and visibility

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSEVT Dec 2008 4

control and visibility

Cisco SAFEValidated End-to-End Security Design and Deep Technical Implementation Guide to Complement SDN Messaging

Cisco SAFE

Common security framework Enables ongoing solution development

Implementation Guide to Complement SDN Messaging

Enables ongoing solution developmentCovers network PINs and cross-network solutionsIntegrates comprehensive services to support solution lifecycley

BenefitsComplements and validates software-defined network (SDN) messagingEases transition from concept to design and implementationOffers Cisco® SAFE designs free of charge

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSEVT Dec 2008 5

Enables simple updating and expansion through modular design

Cisco SAFE ObjectivesCisco SAFE ObjectivesCisco® SAFE addresses threats to critical business objectivesobjectives Business Goals and Objectives

Potential Threatsj

Protecting revenue sources Disruption of business, resulting in loss of revenue

Meeting customer requirements

Loss of customer privacy, security, and service levels

Safeguarding corporate Negative effect on marketingSafeguarding corporate identity and brands

Negative effect on marketing campaigns and brand reputation

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSEVT Dec 2008 6

Compliance with regulations and standards

Fines, loss of business, and legal action

Cisco Security FrameworkCisco Security Framework

Cisco® SAFE designs and strategies are based on the Cisco Security Framework for consistent policy deployment and enforcement across the networkfor consistent policy deployment and enforcement across the network

Business Relevance Security Policies Security Principles Security Actions

Business Goals and Objectives

Threat and Risk Assessment Visibility

Identify

MonitorMonitor

CorrelateSecurity Policies

Threats to Goals Security C t lIsolate

HardenPolicies

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSEVT Dec 2008 7

Threats to Goals and Objectives

Security Operations Control

Enforce

Cisco SAFE Security ArchitectureSecurity Solutions (PCI, DLP, etc.)

Visibility Control

Cisco® Security FrameworkPolicy and Device Management

Visibility Control

Serv

ices

Identify Monitor Correlate Harden Isolate Enforce

Branch/WAN Data Center Campus/LANVirtual Office

Network Foundation ProtectionNetwork Foundation Protection

Mobility Unified Communications Network Virtualization

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSEVT Dec 2008 8

Design Principles and BenefitsDesign Principles and Benefits

Defense in depth

Systemwide intelligence and ll b ticollaboration

Service availability and resiliencyresiliency

Modularity

Facilitation of operationsFacilitation of operations

Regulatory compliance

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSEVT Dec 2008 9

Cisco SAFE Network ModulesCisco SAFE Network ModulesWAN EdgeManagement NOC Branch

SiSi

Partner

WAN

CExtranet

Partner

Core

Campus

SiSi

SiSi

Internet Edge

Internet

Core

Data Center

Cisco Virtual OfficeSiSi

SiSi

E-CommerceRemote User

SiSi

SiSi

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSEVT Dec 2008 10

SiSi

Cisco SAFE Next-Generation Lifecycle ServicesServices

Strategy and gyassessment

Deployment andDeployment and migration

Remote management

Security intelligencey g

Security optimization

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSEVT Dec 2008 11

Cisco SAFE BenefitsCisco SAFE BenefitsStep-by-step design and implementation guidance

Fully tested and validated

Solutions-based approach

Layered security using best practices

Threat visibility and coordinated responseresponse

Assurance of business-critical service availability

Modularity to support strategic improvement

Compliance with regulatory requirements

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSEVT Dec 2008 12

Compliance with regulatory requirements

SAFE ResourcesSAFE Resources

Cisco SAFE:

http://www.cisco.com/go/safe

Cisco Design Zone:Cisco Design Zone:

http://www.cisco.com/go/cvd

Cisco Security Lifecycle Services:Cisco Security Lifecycle Services:

http://www.cisco.com/go/services/security

Ci ’ i dCisco’s security products:

http://www.cisco.com/go/security

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSEVT Dec 2008 13

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSEVT Dec 2008 14