1© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
Cisco Security Management SuiteCisco Security ManagerOverview
EBC PresentationPresenter:
2© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 2© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
Threat Controland Containment
Confidential Communications
Self-Defending Network Defined
Secure Network Infrastructure
Policy–Based Managementand Enforcement
Advanced technologiesand security services to• Mitigate the effects of
outbreaks• Protect critical assets
• Ensure privacy
Security as an integraland fundamentalnetwork feature
Efficient securitymanagement, control,
and response
Secure Transactions
3© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 3© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
Cisco Self-Defending Network:Using the Network to Identify, Prevent, and Adapt to Threats
Collaboration amongCollaboration amongthe services andthe services and
devices throughoutdevices throughoutthe network to thwartthe network to thwart
attacksattacks
CollaborativeEnabling every elementEnabling every elementto be a point of defenseto be a point of defenseand policy enforcementand policy enforcement
IntegratedProactive securityProactive securitytechnologies thattechnologies that
automatically preventautomatically preventthreatsthreats
Adaptive
4© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 4© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
Cisco Security Management SuiteMonitoring, Analysis, and Mitigation
Branch
Branch
SOHO
DataCenter
DataCenter
DataCenter
Branch
Partner
Partner
MonitoringNeed to monitor
Multivendor networks…
Configuration How to rapidly deploy
new policies…
Mitigation How to use network to eliminate threats…
PatchManagementImage, inventory,
signature…
AnalysisToo much
meaningless raw data...
IdentityHow to control access
to network assets…Who can do what
5© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 5© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
Cisco’s Security Management Evolution
Closed Loop ManagementPoint Solutions forConfiguration, Monitoring…
Support of IntegratedNetOps and SecOps
Siloed Operations Teams
System-Wide, End-to-End,Policy-Based Management
Device-Level Management Only
Monitoring of Multi-VendorVendor-Specific monitoring
Managing Networks withEmbedded Security
Network and SecurityManagement Separate
ToFrom
6© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 6© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
Cisco Security Management―Value Summary
• Best-of-breed applicationswhich are integrated,collaborative and adaptive
• Reduced TCO• Simplified service management
• Integrated policy managementand log monitoring
• Greater visibility of threats• Set once, deploy network wide• Integrated SecOps and NetOps
Cisco® Management
7© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 7© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
Cisco Security Management Framework VisionThe Operational Framework
Appliances Routers SwitchesSvc Modules End Points
SDN Network Fabric:TIDPASDM SDM CVDM CSA MC
Polic
y
Configuration Management
Monitoring,Mitigation
Identity/Role- BasedAccess
Auditing andCompliance
SSL VPN
VPN
Firewall
CSA Desktop/Server
Intrusion Prevention
Outbreak prevention
Network Access
Clean Access
SDN
Sec
urity
Sol
utio
ns:
……
……
……
Ant
i-XFo
unda
tion
NA
CIdentity
Management
DataArchiving and
Reporting
PatchManagement
VulnerabilityAssessment
Partners
8© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 8© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
Today―Cisco Security Management Suite
• Integration to Cisco Secure Access Control ServerRole Based access controlPrivileged based access to management functionality
• With the Context of Auditing Services
Cisco®
SecurityMarsRapid ThreatIdentification andMitigationTopologyAwarenessData Correlation
Simplified PolicyAdministrationEnd-to-EndConfiguration
Network wide orDevice Specific
Cisco®
SecurityManager
FABRIC
9© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 9© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
FABRIC
ADVANCED SDNSOLUTIONS
Transition from CiscoWorks VMS
IDS Management Center
SecurityMonitor
Cisco Security AgentManagement Center
Resource Manager Essentials
Management Centerfor Performance
Router Management Center
Firewall Management Center
CSA Manager
CiscoWorks VPN/Security Management Solution
Cisco SecurityMonitoring,Analysis, andResponse SystemCS MARS
Cisco®
SecurityManagerCS Manager
NEW
10© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 10© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
Cisco Security ManagerOverview
Centralized PolicyAdministration
Centrally provision policies for firewalls, VPNs, and IPS
Very scalable
Policy inheritance feature enables consistent policies across enterprise
Powerful device grouping options
Configure policies for ASA,Cisco® PIX® FW, FW SMand Cisco IOS® SoftwareSingle rule table for allplatformsIntelligent analysis ofpoliciesSophisticated rule tableeditingCompresses the numberof access rules required
VPN Administration
VPN Wizard setup site-to-site, hub-spoke, and full-mesh VPNs with a few mouse clicks
Configure remote-access VPN, DMVPN, and Easy VPN devices
Superior Usability
Jumpstart help: an extensive animated learning tool
Flexible management views:• Policy-based • Device-based • Map-based• VPN Manager• IPS Manager• Deployment Manager
IPS Administration
Automatic updates to the IPS sensors
Support for outbreak prevention services
Firewall Administration
Administer policiesvisually on tables ortopology map
11© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 11© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
Cisco Security MARSOverview
Multivendor
Powerful monitoring, analysis, response system
Multivendor support
Correlate events frommultiple sources suchas vulnerabilityassessment and NetFlowdata to detect anomalies
Visualization Reduced Complexity
Lower TCOAppliance based
Simple to install solution
No hidden customization costs
Simple licensing, nosoftware agents
Mitigation of Attacks
Mitigate attacks by isolatingswitch ports and applyingACLs closest to source
Know “what, where, and how” of threats
Leverage the intelligencein the network to enforce security policies
Visualize attack paths andidentify network hot spots
Identifies valid incidentsand minimizes falsepositives
Higher network availabilityIdentify day-zero attacks, reduce resolution time
Security Management EBC
12© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 12© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
Cisco Security Management—Value SummaryBest of breed applications which are integrated, collaborative and adaptive
Greater visibility of threats, fasterproblem isolation and remediation—Improved network resiliency
Security event log topolicy lookup, real timeevent viewer
Faster deployment, ensure latestpolices are on the device—Highernetwork availability
Scaleable distributeddeployment
Enable collaboration between SecOpsand NetOps—Advanced flexibilityand control
Operations workflow
Enforce policies based onorganizational needs—Reduce Opex
Domain-based policyenforcement throughdevice abstraction
Reduces complexity, do more withfewer resources—Reduce OPex
Policy abstraction,sharing and inheritance
Value/BenefitDifferentiating Capability
13© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
Cisco Security Management SuiteCisco Security Manager
EBC PresentationPresenter:
14© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 14© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
Distributed ProtectionCS MARS and CS Manager in Action
• CS MARS detectsan incident
• CS Administratorupdates a sharedpolicy in one place
• A single deploy toprotect the network
• Scale through useof distributeddeployment usingCNS ConfigurationEngine
Data CenterCorporate
LAN
BranchOffice
BranchOffice
BranchOffice
BranchOffice
Protected
CS-MARS
CS Manager
CNS-CE
2
3
1
4
15© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 15© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
Cisco Security Configuration―Agenda
• Focuses on Configuration Management of Security Policesin the Network
• Usability is KeyProvides multiple views to fit the operational needsEasy-to-use, visually appealing user interfaceWizards to reduce complexityAdvanced tools for the sophisticated user
• Core-Differentiating ConceptsPolicy sharing and inheritanceDomains-based policy enforcementDecision support workflow for NetOps/SecOpsRolls-based access control for scaled operationsDistributed large-scale deployment
16© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 16© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
Cisco Security Manager“It Has to be Easy to Use and Flexible”
• Feature Rich front-end• Different views for
different administrationpreference
Device ViewTopology ViewPolicy View
• Unified security servicemanagement independentof the enforcing device
Firewall, VPN, IPS…
• Supporting ASA, PIX,IPS Sensors, ISR’s andCatalyst Service modules
Topology View
Policy View
Device View
CS Manager
17© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 17© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
Device-Centric View
• Start with single device• Clone and replicate• Rapidly deploy the
device settings
CS Manager
18© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 18© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
Policy-Centric View
• Centralized policymanagement
• Powerful scalabilityvia inheritance, reuse,assignment, and sharing
CS Manager
19© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 19© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
• Put devices on customizablemaps, image backdrops
• Build VPNs with right click• Launch FW rules and configure• Build maps-within-maps to scale
Topology-Centric ViewCS Manager
20© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 20© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
VPN―Wizard-based Configuration
• Wizard-basedconfiguration
• Three steps tocreate a VPN!!
ChooseVPN topologyand technology Chooseparticipants Customizeprotected trafficif needed
CS Manager
21© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 21© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
Multiple VPN TopologiesSite-to-site, DMVPN, RA VPN, EzVPN
CS Manager
22© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 22© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
Power Tools: Config Archive, FlexConfig
• Retrieve and compare deltaconfigs for deployment
• Ability to roll-back to“golden” or “last-knowngood” configuration
• Compare between previouslydeployed configurations
CS Manager
23© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 23© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
Power Tools―FlexConfig
• Convertcustom CLIto polices
• Powerfulmechanismto enablefeaturevelocity
• Rapidly adddevice newfeaturesupport
FlexConfigUsers can create customCLI and deploy as jobs todevice(s)
24© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 24© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
Going Beyond Ease of Use and Flexibility
• Scaling to many hundreds of remote sites
• Setting corporate rules and providing best-practiceguidelines
• Reducing the complexity of different device classes
• Enabling SecOps and NetOps to work together
• Controlling who can do what on which device
• Efficiency in distributing changes to always onand intermittently on devices
25© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 25© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
Policy-Sharing and Inheritance Model“Scaleable Policy Definition; Set Once, Deploy to Many”
What is it?
• Decoupled devices form polices
Example:
• Share common policies acrossdevice groups for:
Branch firewallSite-to-site VPNDevice administration
• Corporate mandatory policies:No Napster traffic, periodAllow SSH, SSL
Benefit:
• Reduced complexity foradministrators
• Do more with less resources
Remote Branch
Remote Branch
Remote Branch
Policy
Policy
Policy
Optionally OverrideCentral Policy at
Local Level
CS Manager
26© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 26© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
Domain-Based Policy Enforcement“Fine-Grain Control of What Traffic Flows Where”
Interface Groups• Interfaces related
to a domain• User customizableExample
• Define policy to controltraffic between domains
Benefit• Enforce policies based
on organizational needs
Marketing
Engineering
CS Manager
Sales
CS Manager
27© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 27© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
CS Manager
Workflow“Enable Different Management Teams to Work Together”
What Is It?• Structured process for change
management that complementsyour operational environment
Example• Who can set policies• Who can approve them• Who can approve deployment
and when• Who can deploy themBenefit• Enables teamwork and
collaboration betweenNetOps and SecOps
• Provides scope of control
NetworkOperations
Policy Deployment
Undo
SecurityOperationsPolicy Definition
ApproveJob Deploy
Create/EditPolicy
Review/Submit
Approve/Commit
Generate/Submit Job
Rollback
Firewall, VPN, and IPS Services
28© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 28© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
CS-ACS
CS-Manager
AAA
RemoteAccess
CiscoIOS®
Software
HomeOffice
Cisco® PIX®
and ASA S/W
Role-Based Access Control
What Is It?
• Authenticates admin accessto management system
• Determine who has access tospecific devices and policyfunctions
Example
• Verifies admin and associatesthem to specific roles as towho can do what
Benefit
• Enable delegation of admintasks to multiple operators
• Provides appropriateseparation of ownershipand controls
29© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 29© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
Extranet Self-ManagedROBO Telecommuter
UpdateApplianceCNS-CE
DMZ
UpdateServersCNS-CE
Scalable Distributed Deployment
What Is It?• Simplified distributed deployment
method for 1000s remote devices
Example• Update large numbers of remote
firewalls, which may have dynamicaddresses, intermittent links, or NATaddresses
• Update both configurations andsoftware images
• Devices self updated wheneverthey come online
• Scales through Web technologiesBenefit• Helps customers with 1000s of
teleworkers and remote locations withminimal technical staff at the remote site
Internet
EnterpriseINTRAnet
30© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 30© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
Cisco Security Management SuiteMonitoring, Analysis, and Mitigation
Branch
Branch
SOHO
DataCenter
DataCenter
DataCenter
Branch
Partner
Partner
MonitoringNeed to monitor
multivendor networks…
Configuration How to rapidly deploy
new policies…
Mitigation How to use network to eliminate threats…
PatchManagementImage, inventory,
signature…
Analysis Too much meaningless
raw data...
IdentityHow to control access
to network assets…Who can do what
31© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 31© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
CS MARS
Cisco Security MARS
• Gain Network IntelligenceTopology, Traffic Flow,Netflow Analysis
• ContextCorrelation™
Correlates, reduces,and categorizes eventsValidates incidents
• Extensive Reporting on Events
Release 4.2• Log data to policy lookup• Low latency, real-time event viewer• Relayed syslog handling• Ticketing system integration via XML
Incident NotificationValid Incidents
Sessions
Rules
Verify
Isolated EventsCorrelation Re
duct
ion
Router Cfg.
Firewall Log
Switch Cfg.Switch Log
Server LogAV AlertApp Log
VA Scanner
Firewall Cfg.
NetflowNAT Cfg.
IDS Event
...
32© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 32© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
CS Manager
Cisco Security MARS
33© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 33© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
CS ManagerCS MARS―CS Manager PolicyLookup View Resultant Rule Table
• Integrating the log and policy views for fast remediation• XML-based external integration of incidents
Aha, there is a permit rule from source 10.1.10.1to any for IP. Better make the correction over in
CS Manager and deploy to the device.
34© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 34© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
The Value of Cisco’s Security Management SuiteBest-of-Breed Applications: Integrated, Collaborative and Adaptive
Management of anIntegrated Security Fabric
Higher NetworkAvailability ThroughFaster Threat Mitigation
Reduced ComplexityThrough IntegratedManagement
• Single app for mgmt of FW, VPN, IPSand network
• Shared device database• Collaboration between provisioning,
monitoring, mitigation, and identity
• Workflow to allow NetOps and SecOpsto collaborate
• Integration with NetFlow data• Integrates network and security
management components
• Better identification of day-zero attacks• Reduced resolution time• Mitigation recommendations• Identify best choke points
InvestmentPreservation
• Leverage investment in Ciscobased network
• Preserves investment in other non-Ciscopoint solutions, multi-vendor nature ofour monitoring solution
35© 2006 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential 35© 2006 Cisco Systems, Inc. All rights reserved.205523.Y_C97-60001-00 Cisco Confidential
Top Related