cisco vision de arquitectura de seguridad sin fronteras (2010-01-21)
DESCRIPTION
Presentación realizada por Ricardo Rivera, Business Develpment Manager Security & Mobility para Cono Sur en Cisco. Las empresas actuales sustentan sus nuevos negocios en esquemas donde se desdibujan las fronteras del centro de cómputo y el espacio físico laboral. Las interconexiones entre los empleados con las fuentes informativas y servicios que ellos necesitan ha formado una red de combinaciones que es necesario analizar bajo el esquema de seguridad innovadora de hoy. Es por ello, que CISCO propone un esquema de Seguridad de Redes sin Fronteras.TRANSCRIPT
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Ricardo RiveraBusiness Development Manager Security & Mobility – Southern Cone
Visión de la Arquitectura Seguridad Sin Fronteras
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 2
Frontera Corporativa Tradicional
Frontera Corporativa
Oficina Remota
Aplicaciones y Datos
Oficina Corporativa
Políticas
Atacantes ClientesPartners
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 3
Movilidad y Colaboraciónestán Disolviendo la Frontera de Internet
Frontera Corporativa
Oficina Remota
Aplicaciones y Datos
Oficina Corporativa
Políticas
Atacantes Clientes
Oficina de Casa
Coffee Shop
Aeropuerto
UsuarioMóvil Partners
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 4
Cloud Computing está Disolviendo la Frontera del Data Center
Frontera Corporativa
Oficina Remota
Aplicaciones y Datos
Oficina Corporativa
Políticas
Atacantes
Oficina de Casa
Coffee ShopClientes
Aeropuerto
UsuarioMóvil Partners
Platformas a Service
Infrastructureas a Service
Xas a Service
Softwareas a Service
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 5
Los Clientes Quieren Negocios sin Fronteras
Frontera Corporativa
Oficina Remota
Aplicaciones y Datos
Oficina Corporativa
Políticas
Atacantes
Oficina de Casa
Coffee ShopClientes
Aeropuerto
Usuario Móvil Partners
Platformas a Service
Infrastructureas a Service
Xas a Service
Softwareas a Service
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 6
Borderless
Data C
enter
3
BorderlessInternet
2
Borderless
End Zones
1
Arquitectura Cisco para Seguridad de Redes sin Fronteras
Policy
Corporate Border
Branch Office
Applications and Data
Corporate Office
Políticas(Control de Acceso, Uso Permitido, Malware, Seguridad de Datos)4
Home Office
AttackersCoffee ShopCustomers
Airport
Mobile User Partners
Platformas a Service
Infrastructureas a Service
Xas a Service
Softwareas a Service
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 7
Intelligent End Point Traffic Routing
Pillar 1: Borderless End Zone
Persistent Connectivity
Always On, Location Aware
Auto Head-end Discovery
IPsec , SSL VPN, DTLS
Advanced Security
Strong Authentication
Fast, Accurate Protection
Consistent Enforcement
Broadest Coverage
Most OS’s and Protocols
Windows Mobile
Apple iPhone
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 8
Always On Security and Protection
Traditional VPN
Protected
Cisco Borderless Network Security
Un-Protected
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 9
Always On Security and Protection
Anytime, Anywhere, Any Device
Sitting in a Park
Cape Town, South AfricaCape Town, South Africa
At a Coffee Shop
Sydney, AustraliaSydney, Australia
In the Office
San Jose, CaliforniaSan Jose, California
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 10
Pillar 2: Borderless Security ArrayAdvanced Scanning and Enforcement Capabilities
Access Control | Acceptable Use | Data Security |Threat Protection
Integrated into the Fabric of the Network
Access Control | Acceptable Use | Data Security |Threat Protection
Integrated into the Fabric of the Network
Cisco IronPortEmail Security
Appliance
Cisco AdaptiveSecurity Appliance
Cisco IntegratedServices Routers
Cisco IronPortWeb Security
Appliance
10
VM Software Security Module Hybrid HostedAppliance
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 11
HTTP Is the New TCP
Instant Messaging
Peer to Peer
File Transfer Protocol
Understanding Web Traffic11
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 12
Advanced Content Analysis
12
SSN Detection
Rule Is Matched MultipleTimes to Increase Score
Unique Rule Matches Are Met
Matches Are Foundin Close Proximity
Proper NameDetection
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 13
Advanced, Proactive Threat ProtectionCisco Security Intelligence Operations
GlobalThreat
Telemetry
GlobalThreatTelemetry
8:03 GMT Sensor Detects Hacker Probing
Bank Branchin Chicago
Ad Agency HQ in London
ISP Datacenterin Moscow
8:00 GMT Sensor Detects New Malware
8:07 GMT Sensor Detects New Botnet
8:10 GMTAll Cisco Customers Protected
8:10 GMTAll Cisco Customers Protected
Cisco SensorBase
Threat Operations Center
AdvancedAlgorithms
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 13
Higher Threat Coverage, Greater Accuracy, Proactive Protection
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 14
AppServer
DatabaseServer
WebServer
Physical Security Device
Virtual Contexts
Pillar 3: Secure Virtualized Data Center
AppServer
DatabaseServer
WebServer
Hypervisor
Physical Security Device
Virtual ContextsVIRTUAL SECURITY
AppServer
DatabaseServer
WebServer
Hypervisor
Connect Physical Security to Virtual Machines with Cisco’s SIA
2Secure Physical Infrastructure1 Embed Security in
the Virtual Switch3
Service Chaining
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 15
Pillar 4: Rich Policy Enables “Ubiquitous”, Consistent Control
Who? What? When? Where? How?
3 Policy On and Off Premise
2 Dynamic Containment Policy
1 AccessPolicy
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 16
Access Control
Access Control Policy
In a Cisco Secure and Protected Borderless Network
Access Control Violation
Remote WebEx Participant
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 17
In a Cisco Secure and Protected Borderless Network
Acceptable Use
Employee in Marketing Department
Acceptable Use Policy
Access Control Violation
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 18
In a Cisco Secure and Protected Borderless Network
Data Security
Data SecurityPolicy
Data SecurityViolation
Employee at Unmanaged Device
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 19
Borderless
Data C
enter
3
BorderlessInternet
2
Borderless
End Zones
1
Arquitectura Cisco para Seguridad de Redes sin Fronteras
Políticas
Frontera Corporativa
Oficina Remota
Aplicaciones yDatos
Oficina Corporativa
Políticas(Control de Acceso, Uso Permitido, Malware, Seguridad de Datos)4
Oficina de Casa
AtacantesCoffee ShopClientes
Aeropuerto
Usuario Móvil Partners
Platformas a Service
Infrastructureas a Service
Xas a Service
Softwareas a Service
