a unified threat defense: the need for security convergence · a unified threat defense: the need...
TRANSCRIPT
1© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
A Unified Threat Defense: The Need for Security Convergence
Udom Limmeechokchai, Senior system EngineerCisco Systems
November , 2005
2© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
Agenda
• Evolving Network Security Challenges
• META Group White Paper : Unified Threat Defenses
• The Self Defending Network
• Increasing the Effectiveness of Security
• Decreasing the Cost of Securing the Network
• Summary
3© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
Evolving Network Security Challenges
4© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
• Scalability• Equipment cost• Staffing (total cost of ownership)• Integration and systems management
Simplification and Cost Reduction
Key Issues Facing Organizations
• Enablers• Application management• Performance/Optimization• Resilience
Application and Service Optimization
• Threats• Theft• Loss• Response time
Security
5© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
The Network Has EvolvedApplications Everywhere, Everyone Interconnected
FinanceERP MRP
Human Resources
Sales
Sales Automation
Customer
Departmental Applications
Available Throughout
Remote Offices
Reached Mostly by
Web/Extranet
HR Apps
Manufacturing
Partners
Teleworker
Headquarters
6© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
Evolution of Security Challenges
First Gen• Boot
viruses
Second Gen• Macro
viruses• Denial of
Service
Third Gen• Distributed
Denial of Service
• Blended threats
Next Gen• Flash
threats• Massive
“bot” driven DDoS
• Damaging payload worms
Minutes
Days
Weeks
1980s 1990s Today Future
GlobalInfrastructure
Impact
RegionalNetworks
MultipleNetworks
IndividualNetworks
IndividualComputer
Seconds
Rapidly Escalating Threat to BusinessesTarget and Scope of Damage
7© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
Security Services Silos Force Trade OffsComplementary Defenses, Limited Deployability
IPSServicesBroad Attack Detection
Granular PacketInspection
Application Control
Dynamic Response
ServicesAccess ControlServices
Packet Inspection
Protocol Validation
Accurate Enforcement
Robust Resiliency
Firewall Network AVServicesVirus Mitigation
Spyware, Adware, Malware Detection and Control
Malicious Mobile Code Mitigation
Access BreachesSession AbusePort ScansMalformed Packets
Application MisuseDoS/HackingKnown Attacks
Infected Traffic
IPSec/SSL VPNServicesSSL VPN
IPSec VPN
User-Based Security
Group-Based Management
Clustering
Tunneled TrafficLimited Protections
Multiple Discrete Services x Multiple Locations = Security Trade-Offs
8© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
What’s on the Mind of the IT Professional?
• Help! I have to respond more rapidly and proactively to changes in business conditions
• Show me how to use IT investments to go “on the offense”
• Help me with my pain:Operational complexity
Virus/worm outbreaks
Application abuse
Approaching the network in a new way can help solve these challenges
9© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
META Group White Paper: Unified Threat Defenses
10© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
Pervasive Integration
11© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
Pervasive Perimeterization
12© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
Multilayer Security
13© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
Multiservice Agents/Gateway
14© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
Unified Threat Defenses
15© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
The Self-Defending Network
16© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
What Worked in the Past Can’t Meet Today’s Threats
Needed Now
Reactive Automated, Proactive
Past
Point Products Integrated Multiple Layers
Product Support Services
Advanced Design/DeploymentServices
A Collaborative Systems Approach
17© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
Evolution of Cisco Security StrategyCisco Self-Defending Network
SDN Phase I “Integrated Security”• Making every network element a point of defense
routers, switches, appliances. endpoints• Secure connectivity (V3PN, DMVPN), threat defense, trust
and identity• Network foundation protection
SDN Phase III “Adaptive Threat Defense”• Mutual awareness among and between security services
and network intelligence• Increases security effectiveness, enables proactive response• Consolidates services, improves operations efficiency• Application recognition and inspection for secure
application delivery/optimization
SDN Phase II “Collaborative Security Systems”• Security becomes a Network-Wide System: Endpoints
+ Network + Policies• Multiple services and devices working in coordination
to thwart attacks with active management• NAC, IBNS, SWAN
• Multiplesecurity appliances
• Separate managementsoftware
PointProducts
18© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
Application Intelligence, Content Inspection,
Virus MitigationIPS and NW-AV Services
Identity, Virtualization, QoS Segmentation,
Traffic VisibilityNetwork Intelligence
Adaptive Threat Defense in Action Services Convergence Enables More Effective Security
PIX
CSA
NAC
Quarantine VLAN
Cisco Router
CSA
Cisco DDoS
CSA
CiscoRouter Catalyst
Catalyst
Identity-BasedNetworking
Cisco IPS
Access Control, Packet InspectionFirewall Services
SiSi SiSiVPN
VPN Access
19© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
Five Characteristics of a Self-Defending Network
End Point Posture Enforcement
Network Device andEnd PointProtection
Dynamic/SecureConnectivity
Dynamic CommunicationBetween Elements
Automated ThreatResponse
20© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
PIX
CSA
NAC
Quarantine VLAN
Cisco Router
CSA
VPN Access
Cisco DDoS
CSA
Cisco Router Catalyst
Catalyst
Identity-BasedNetworking
Cisco IPS
Introducing Cisco Adaptive Security AppliancesDelivering Adaptive Threat Defense and VPN Solutions
VPN
The Cisco ASA 5500 Series
App Inspection, Use Enforcement,
Web ControlApplication Security
Malware/Content Defense, Anomaly
DetectionAnti-X Defenses
Traffic/Admission Control, Proactive ResponseContainment and
Control
21© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
Increasing the Effectiveness of Security
22© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
Converged Adaptive Threat Defense and Flexible VPN ServicesApplication Security, Worm/Virus Mitigation,
Malware Protection and Threat-Protected VPN
Introducing Cisco Adaptive Security AppliancesDelivering Adaptive Threat Defense and VPN Solutions
Minimize Deployment and Operations CostsPlatform Standardization, Unified Management,
Network Awareness
Technology Extensibility to Address New Threats Purpose-Built Adaptive Identification and Mitigation Architecture Enables
Unprecedented Extensibility and Policy Control
The Cisco ASA 5500 Series
23© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
Cisco Adaptive Security Appliances SeriesConvergence of Robust, Market-Proven Technologies
Firewall TechnologyCisco PIX
IPS TechnologyCisco IPS
NW-AV TechnologyCisco IPS + Trend NAV
VPN TechnologyCisco VPN 3000
Network IntelligenceCisco Network
Services
App Inspection, UseEnforcement, Web Control
Application Security
Malware/Content Defense,Anomaly Detection
Anti-X Defenses
Traffic/Admission Control,Proactive Response
Network Containment and Control
Secure ConnectivityIPSec and SSL VPN
Market-ProvenTechnologies
Adaptive Threat Defense,Secure Connectivity
24© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
Public Internet
Access Scenarios:Site-to-Site Connectivity
Managed DesktopEmployee Desktop
Kiosk AccessFull or Limited Network Access
Partner Access
VPN Services for Any Deployment ScenarioRobust IPSec and SSL VPN Services with Threat Prevention
Provides Secure Access for Any User from Any Location from a Single Device and Management Infrastructure
ASA 5500Account ManagerMobile User
Branch OfficeSite-to-Site
Employee at HomeUnmanaged Desktop
Supply PartnerExtranet
Converged IPSec, WebVPN, Firewall, IPS:
Inspect/Control VPN Sessions Single RA VPN Device Infrastructure
Unified User ManagementUniform Resiliency and Load Balancing
QoS for Site-to-Site Traffic
25© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
Public Internet
High Performance Threat MitigationServices Convergence Enables Thorough Protection
ASA 5500
Outbreak Prevention:Virus Detection
Dynamic Outbreak Updates
Comprehensive Analysis:De-obfuscation
Application Layer InspectionProtocol Anomaly Detection
Heuristic AnalysisTraffic Normalization
Accurate Enforcement:Real-Time Correlation
Risk RatingAttack Drop
Session Removal and Resets
Worms
Viruses
Spyware
Hackers
W32.Tomorrow’s-Threat
Leverages Depth of Anti-X Defense Features to Stop Malicious Worms, Viruses and More…and Without a Performance Loss!
26© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
Decreasing the Cost ofSecuring the Network
27© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public 272727
Cisco Adaptive Security Device Manager (ASDM) v5.0Dashboard Provides At-a-Glance View of System Status
• Dashboard providesinstant status of itemssuch as:
- Software versionsinstalled
- Interface status andthroughput
- Platform uptime
- Security Contexts
- Real-time syslogviewer (last ten)
- Powerful searchcapabilities
- And more!
28© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
Cisco Adaptive Security Device Manager (ASDM) v5.0Robust Firewall Management and Monitoring
• Cisco ASDM v5.0delivers robustfirewall managementand monitoring of aCisco ASA appliance
• Supports full configuration of:
- Access control lists- Network and service
object groups- Inspection Engines- NAT/PAT- AAA and more
• Supports monitoring of:- Syslog (real-time)- Connections- Throughput & more!
© 2004 Cisco Systems, Inc. All rights reserved.ASA 5500 Intro 282828
29© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
Cisco Adaptive Security Device Manager v5.0Comprehensive VPN Management and Monitoring
• Cisco ASDM v5.0delivers comprehensiveremote access andsite-to-site VPNmanagement andmonitoring of a singleCisco ASA appliance
• Supports full configuration of:
- WebVPN- IPSec RA groups- S2S tunnels- AAA, DHCP, & more!
• Supports monitoring of:
- Uptime, bytes xfered,by tunnel
- VPN usage trends
© 2004 Cisco Systems, Inc. All rights reserved.ASA 5500 Intro 292929
30© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
Cisco Adaptive Security Device Manager v5.0Extensive IPS Management and Monitoring
• Cisco ASDM v5.0delivers extensiveIPS management andmonitoring of a singleCisco ASA appliance
• Supports full configuration of:
- Engines- Signatures- Threat Risk Rating- IPS Actions- And more!
• Supports monitoring of:
- Events- Diagnostic reports- Sensor statistics
© 2004 Cisco Systems, Inc. All rights reserved.ASA 5500 Intro 303030
31© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
Summary
32© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
Benefits
• Protects from broadest range of threatswith comprehensive suite of services
• Delivers excellent value through integration of multiple deployment-proven, best-of-breed security and networking services
• Decreases ops costs by standardizing on one platform—customizable for numerous deployment scenarios
• Increases security effectiveness through services consolidation
• Delivers high concurrent services performance through unique, extensible multi-processor architecture
• Part of a greater whole—self-defendingnetworks
33© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public
Take Advantage of Unified Threat Defenses and Self Defending Networks Today!
• To learn more about this excitingnew product family or aboutCisco Self Defending Networks:
– Visit us at www.cisco.com/go/asa orwww.cisco.com/go/sdn
– Contact your Cisco account teamor Cisco partner to arrange a demo
• Thank you for your time today!
34© 2005 Cisco Systems, Inc. All rights reserved. Cisco Public