Download - cs-mars presentation

Transcript
Page 1: cs-mars presentation

1© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

Cisco Security Management SuiteCisco Security ManagerOverview

EBC PresentationPresenter:

Page 2: cs-mars presentation

2© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 2© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

Threat Controland Containment

Confidential Communications

Self-Defending Network Defined

Secure Network Infrastructure

Policy–Based Managementand Enforcement

Advanced technologiesand security services to• Mitigate the effects of

outbreaks• Protect critical assets

• Ensure privacy

Security as an integraland fundamentalnetwork feature

Efficient securitymanagement, control,

and response

Secure Transactions

Page 3: cs-mars presentation

3© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 3© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

Cisco Self-Defending Network:Using the Network to Identify, Prevent, and Adapt to Threats

Collaboration amongCollaboration amongthe services andthe services and

devices throughoutdevices throughoutthe network to thwartthe network to thwart

attacksattacks

CollaborativeEnabling every elementEnabling every elementto be a point of defenseto be a point of defenseand policy enforcementand policy enforcement

IntegratedProactive securityProactive securitytechnologies thattechnologies that

automatically preventautomatically preventthreatsthreats

Adaptive

Page 4: cs-mars presentation

4© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 4© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

Cisco Security Management SuiteMonitoring, Analysis, and Mitigation

Branch

Branch

SOHO

DataCenter

DataCenter

DataCenter

Branch

Partner

Partner

MonitoringNeed to monitor

Multivendor networks…

Configuration How to rapidly deploy

new policies…

Mitigation How to use network to eliminate threats…

PatchManagementImage, inventory,

signature…

AnalysisToo much

meaningless raw data...

IdentityHow to control access

to network assets…Who can do what

Page 5: cs-mars presentation

5© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 5© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

Cisco’s Security Management Evolution

Closed Loop ManagementPoint Solutions forConfiguration, Monitoring…

Support of IntegratedNetOps and SecOps

Siloed Operations Teams

System-Wide, End-to-End,Policy-Based Management

Device-Level Management Only

Monitoring of Multi-VendorVendor-Specific monitoring

Managing Networks withEmbedded Security

Network and SecurityManagement Separate

ToFrom

Page 6: cs-mars presentation

6© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 6© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

Cisco Security Management―Value Summary

• Best-of-breed applicationswhich are integrated,collaborative and adaptive

• Reduced TCO• Simplified service management

• Integrated policy managementand log monitoring

• Greater visibility of threats• Set once, deploy network wide• Integrated SecOps and NetOps

Cisco® Management

Page 7: cs-mars presentation

7© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 7© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

Cisco Security Management Framework VisionThe Operational Framework

Appliances Routers SwitchesSvc Modules End Points

SDN Network Fabric:TIDPASDM SDM CVDM CSA MC

Polic

y

Configuration Management

Monitoring,Mitigation

Identity/Role- BasedAccess

Auditing andCompliance

SSL VPN

VPN

Firewall

CSA Desktop/Server

Intrusion Prevention

Outbreak prevention

Network Access

Clean Access

SDN

Sec

urity

Sol

utio

ns:

……

……

……

Ant

i-XFo

unda

tion

NA

CIdentity

Management

DataArchiving and

Reporting

PatchManagement

VulnerabilityAssessment

Partners

Page 8: cs-mars presentation

8© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 8© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

Today―Cisco Security Management Suite

• Integration to Cisco Secure Access Control ServerRole Based access controlPrivileged based access to management functionality

• With the Context of Auditing Services

Cisco®

SecurityMarsRapid ThreatIdentification andMitigationTopologyAwarenessData Correlation

Simplified PolicyAdministrationEnd-to-EndConfiguration

Network wide orDevice Specific

Cisco®

SecurityManager

FABRIC

Page 9: cs-mars presentation

9© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 9© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

FABRIC

ADVANCED SDNSOLUTIONS

Transition from CiscoWorks VMS

IDS Management Center

SecurityMonitor

Cisco Security AgentManagement Center

Resource Manager Essentials

Management Centerfor Performance

Router Management Center

Firewall Management Center

CSA Manager

CiscoWorks VPN/Security Management Solution

Cisco SecurityMonitoring,Analysis, andResponse SystemCS MARS

Cisco®

SecurityManagerCS Manager

NEW

Page 10: cs-mars presentation

10© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 10© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

Cisco Security ManagerOverview

Centralized PolicyAdministration

Centrally provision policies for firewalls, VPNs, and IPS

Very scalable

Policy inheritance feature enables consistent policies across enterprise

Powerful device grouping options

Configure policies for ASA,Cisco® PIX® FW, FW SMand Cisco IOS® SoftwareSingle rule table for allplatformsIntelligent analysis ofpoliciesSophisticated rule tableeditingCompresses the numberof access rules required

VPN Administration

VPN Wizard setup site-to-site, hub-spoke, and full-mesh VPNs with a few mouse clicks

Configure remote-access VPN, DMVPN, and Easy VPN devices

Superior Usability

Jumpstart help: an extensive animated learning tool

Flexible management views:• Policy-based • Device-based • Map-based• VPN Manager• IPS Manager• Deployment Manager

IPS Administration

Automatic updates to the IPS sensors

Support for outbreak prevention services

Firewall Administration

Administer policiesvisually on tables ortopology map

Page 11: cs-mars presentation

11© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 11© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

Cisco Security MARSOverview

Multivendor

Powerful monitoring, analysis, response system

Multivendor support

Correlate events frommultiple sources suchas vulnerabilityassessment and NetFlowdata to detect anomalies

Visualization Reduced Complexity

Lower TCOAppliance based

Simple to install solution

No hidden customization costs

Simple licensing, nosoftware agents

Mitigation of Attacks

Mitigate attacks by isolatingswitch ports and applyingACLs closest to source

Know “what, where, and how” of threats

Leverage the intelligencein the network to enforce security policies

Visualize attack paths andidentify network hot spots

Identifies valid incidentsand minimizes falsepositives

Higher network availabilityIdentify day-zero attacks, reduce resolution time

Security Management EBC

Page 12: cs-mars presentation

12© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 12© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

Cisco Security Management—Value SummaryBest of breed applications which are integrated, collaborative and adaptive

Greater visibility of threats, fasterproblem isolation and remediation—Improved network resiliency

Security event log topolicy lookup, real timeevent viewer

Faster deployment, ensure latestpolices are on the device—Highernetwork availability

Scaleable distributeddeployment

Enable collaboration between SecOpsand NetOps—Advanced flexibilityand control

Operations workflow

Enforce policies based onorganizational needs—Reduce Opex

Domain-based policyenforcement throughdevice abstraction

Reduces complexity, do more withfewer resources—Reduce OPex

Policy abstraction,sharing and inheritance

Value/BenefitDifferentiating Capability

Page 13: cs-mars presentation

13© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

Cisco Security Management SuiteCisco Security Manager

EBC PresentationPresenter:

Page 14: cs-mars presentation

14© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 14© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

Distributed ProtectionCS MARS and CS Manager in Action

• CS MARS detectsan incident

• CS Administratorupdates a sharedpolicy in one place

• A single deploy toprotect the network

• Scale through useof distributeddeployment usingCNS ConfigurationEngine

Data CenterCorporate

LAN

BranchOffice

BranchOffice

BranchOffice

BranchOffice

Protected

CS-MARS

CS Manager

CNS-CE

2

3

1

4

Page 15: cs-mars presentation

15© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 15© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

Cisco Security Configuration―Agenda

• Focuses on Configuration Management of Security Policesin the Network

• Usability is KeyProvides multiple views to fit the operational needsEasy-to-use, visually appealing user interfaceWizards to reduce complexityAdvanced tools for the sophisticated user

• Core-Differentiating ConceptsPolicy sharing and inheritanceDomains-based policy enforcementDecision support workflow for NetOps/SecOpsRolls-based access control for scaled operationsDistributed large-scale deployment

Page 16: cs-mars presentation

16© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 16© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

Cisco Security Manager“It Has to be Easy to Use and Flexible”

• Feature Rich front-end• Different views for

different administrationpreference

Device ViewTopology ViewPolicy View

• Unified security servicemanagement independentof the enforcing device

Firewall, VPN, IPS…

• Supporting ASA, PIX,IPS Sensors, ISR’s andCatalyst Service modules

Topology View

Policy View

Device View

CS Manager

Page 17: cs-mars presentation

17© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 17© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

Device-Centric View

• Start with single device• Clone and replicate• Rapidly deploy the

device settings

CS Manager

Page 18: cs-mars presentation

18© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 18© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

Policy-Centric View

• Centralized policymanagement

• Powerful scalabilityvia inheritance, reuse,assignment, and sharing

CS Manager

Page 19: cs-mars presentation

19© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 19© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

• Put devices on customizablemaps, image backdrops

• Build VPNs with right click• Launch FW rules and configure• Build maps-within-maps to scale

Topology-Centric ViewCS Manager

Page 20: cs-mars presentation

20© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 20© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

VPN―Wizard-based Configuration

• Wizard-basedconfiguration

• Three steps tocreate a VPN!!

ChooseVPN topologyand technology Chooseparticipants Customizeprotected trafficif needed

CS Manager

Page 21: cs-mars presentation

21© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 21© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

Multiple VPN TopologiesSite-to-site, DMVPN, RA VPN, EzVPN

CS Manager

Page 22: cs-mars presentation

22© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 22© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

Power Tools: Config Archive, FlexConfig

• Retrieve and compare deltaconfigs for deployment

• Ability to roll-back to“golden” or “last-knowngood” configuration

• Compare between previouslydeployed configurations

CS Manager

Page 23: cs-mars presentation

23© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 23© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

Power Tools―FlexConfig

• Convertcustom CLIto polices

• Powerfulmechanismto enablefeaturevelocity

• Rapidly adddevice newfeaturesupport

FlexConfigUsers can create customCLI and deploy as jobs todevice(s)

Page 24: cs-mars presentation

24© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 24© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

Going Beyond Ease of Use and Flexibility

• Scaling to many hundreds of remote sites

• Setting corporate rules and providing best-practiceguidelines

• Reducing the complexity of different device classes

• Enabling SecOps and NetOps to work together

• Controlling who can do what on which device

• Efficiency in distributing changes to always onand intermittently on devices

Page 25: cs-mars presentation

25© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 25© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

Policy-Sharing and Inheritance Model“Scaleable Policy Definition; Set Once, Deploy to Many”

What is it?

• Decoupled devices form polices

Example:

• Share common policies acrossdevice groups for:

Branch firewallSite-to-site VPNDevice administration

• Corporate mandatory policies:No Napster traffic, periodAllow SSH, SSL

Benefit:

• Reduced complexity foradministrators

• Do more with less resources

Remote Branch

Remote Branch

Remote Branch

Policy

Policy

Policy

Optionally OverrideCentral Policy at

Local Level

CS Manager

Page 26: cs-mars presentation

26© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 26© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

Domain-Based Policy Enforcement“Fine-Grain Control of What Traffic Flows Where”

Interface Groups• Interfaces related

to a domain• User customizableExample

• Define policy to controltraffic between domains

Benefit• Enforce policies based

on organizational needs

Marketing

Engineering

CS Manager

Sales

CS Manager

Page 27: cs-mars presentation

27© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 27© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

CS Manager

Workflow“Enable Different Management Teams to Work Together”

What Is It?• Structured process for change

management that complementsyour operational environment

Example• Who can set policies• Who can approve them• Who can approve deployment

and when• Who can deploy themBenefit• Enables teamwork and

collaboration betweenNetOps and SecOps

• Provides scope of control

NetworkOperations

Policy Deployment

Undo

SecurityOperationsPolicy Definition

ApproveJob Deploy

Create/EditPolicy

Review/Submit

Approve/Commit

Generate/Submit Job

Rollback

Firewall, VPN, and IPS Services

Page 28: cs-mars presentation

28© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 28© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

CS-ACS

CS-Manager

AAA

RemoteAccess

CiscoIOS®

Software

HomeOffice

Cisco® PIX®

and ASA S/W

Role-Based Access Control

What Is It?

• Authenticates admin accessto management system

• Determine who has access tospecific devices and policyfunctions

Example

• Verifies admin and associatesthem to specific roles as towho can do what

Benefit

• Enable delegation of admintasks to multiple operators

• Provides appropriateseparation of ownershipand controls

Page 29: cs-mars presentation

29© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 29© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

Extranet Self-ManagedROBO Telecommuter

UpdateApplianceCNS-CE

DMZ

UpdateServersCNS-CE

Scalable Distributed Deployment

What Is It?• Simplified distributed deployment

method for 1000s remote devices

Example• Update large numbers of remote

firewalls, which may have dynamicaddresses, intermittent links, or NATaddresses

• Update both configurations andsoftware images

• Devices self updated wheneverthey come online

• Scales through Web technologiesBenefit• Helps customers with 1000s of

teleworkers and remote locations withminimal technical staff at the remote site

Internet

EnterpriseINTRAnet

Page 30: cs-mars presentation

30© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 30© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

Cisco Security Management SuiteMonitoring, Analysis, and Mitigation

Branch

Branch

SOHO

DataCenter

DataCenter

DataCenter

Branch

Partner

Partner

MonitoringNeed to monitor

multivendor networks…

Configuration How to rapidly deploy

new policies…

Mitigation How to use network to eliminate threats…

PatchManagementImage, inventory,

signature…

Analysis Too much meaningless

raw data...

IdentityHow to control access

to network assets…Who can do what

Page 31: cs-mars presentation

31© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 31© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

CS MARS

Cisco Security MARS

• Gain Network IntelligenceTopology, Traffic Flow,Netflow Analysis

• ContextCorrelation™

Correlates, reduces,and categorizes eventsValidates incidents

• Extensive Reporting on Events

Release 4.2• Log data to policy lookup• Low latency, real-time event viewer• Relayed syslog handling• Ticketing system integration via XML

Incident NotificationValid Incidents

Sessions

Rules

Verify

Isolated EventsCorrelation Re

duct

ion

Router Cfg.

Firewall Log

Switch Cfg.Switch Log

Server LogAV AlertApp Log

VA Scanner

Firewall Cfg.

NetflowNAT Cfg.

IDS Event

...

Page 32: cs-mars presentation

32© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 32© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

CS Manager

Cisco Security MARS

Page 33: cs-mars presentation

33© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 33© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

CS ManagerCS MARS―CS Manager PolicyLookup View Resultant Rule Table

• Integrating the log and policy views for fast remediation• XML-based external integration of incidents

Aha, there is a permit rule from source 10.1.10.1to any for IP. Better make the correction over in

CS Manager and deploy to the device.

Page 34: cs-mars presentation

34© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 34© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential

The Value of Cisco’s Security Management SuiteBest-of-Breed Applications: Integrated, Collaborative and Adaptive

Management of anIntegrated Security Fabric

Higher NetworkAvailability ThroughFaster Threat Mitigation

Reduced ComplexityThrough IntegratedManagement

• Single app for mgmt of FW, VPN, IPSand network

• Shared device database• Collaboration between provisioning,

monitoring, mitigation, and identity

• Workflow to allow NetOps and SecOpsto collaborate

• Integration with NetFlow data• Integrates network and security

management components

• Better identification of day-zero attacks• Reduced resolution time• Mitigation recommendations• Identify best choke points

InvestmentPreservation

• Leverage investment in Ciscobased network

• Preserves investment in other non-Ciscopoint solutions, multi-vendor nature ofour monitoring solution

Page 35: cs-mars presentation

35© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 35© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential