safe security architecture toolkit · the safe toolkit includes the elements required to facilitate...

SAFE Security Architecture Toolkit

July 2018

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

SAFE Security Architecture ToolkitTable of Contents

• SAFE Toolkit Overview

• Capabilities Flows and Endpoints

• Architectures

• Designs

• SAFE Icon Library

• Tools, Rules and Techniques

• Contact


Cisco SAFE simplifies security so your conversations can focus on the needs of a business. By mapping the flows of the business, specific threats can be addressed with corresponding security capabilities, architectures, and designs.

The SAFE Toolkit includes the elements required to facilitate security discussions. You can use the items on these slides to build presentations using SAFE best-practice illustrations and diagrams. And you can customize the diagrams to suit your business.

This toolkit complements the SAFE Overview, Architecture and Design Guides which can be found at www.cisco.com/go/safe

SAFE Toolkit Overview

http://www.cisco.com/go/safe

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public

High-level SAFE Graphics

The following slides contain graphics that you can use to introduce SAFE and explain SAFE concepts and components.


The Key to SAFE


SAFE Progression of Capabilities


SAFE Architecture Wheel


SAFE Capabilities Flows and Endpoints

First, identify the capabilities your customer needs their network to provide to the business.

Next, you can use the endpoints and capabilities icons to map the business flows.

Mapping the threats the customer faces onto the capabilities is the key to SAFE.


SAFE Master Capabilities Flows

WebsiteEmployee

Secure web access for employees: Employee researching product information

ColleagueExpert

Secure communications for collaboration: Subject matter expert consultation

ShareholderCEO

Secure communications for email: CEO sending email to shareholder

Payment Application

Secure applications for PCI: Clerk processing credit card transaction

Clerk

Internal Business Flows:

Firewall IntrusionPrevention

TaggingAnti-Malware

Threat Intelligence

FlowAnalytics

Client-Based

Security

Identity Posture Assessment

Application Visibility Control

Email Security

Server-Based

Security

\


TaggingAnti-Malware

Threat Intelligence

FlowAnalytics


TaggingAnti-Malware

Threat Intelligence

FlowAnalytics


TaggingAnti-Malware

Threat Intelligence

FlowAnalytics

Client-Based

Security


Client-Based

Security


Client-Based

Security



Server-Based

Security


Client-Based

Security

IdentityPosture Assessment

WebSecurity

WebApplication

Firewall


SAFE Master Capabilities FlowsThird-Party Business Flows:

Remote TechnicianThermostat

Secure remote access for third party: Connected device with remote vendor support

Workflow ApplicationEngineer

Secure remote access for employees: Field engineer updating work order

Database Payment Application

Secure east-west traffic for compliance: PCI compliance for financial transactions


TaggingAnti-Malware

Threat Intelligence

FlowAnalytics

Client-Based

SecurityIdentity Posture

Assessment

Server-Based

Security


TaggingAnti-Malware

Threat Intelligence

FlowAnalytics


TaggingAnti-Malware

Threat Intelligence

FlowAnalytics

Client-Based

Security


Server-Based

SecurityWeb

Application Firewall

Identity

Server-Based

Security

DistributedDenial

of ServiceProtection

DNSSecurity

VirtualPrivate Network

VirtualPrivate Network


SAFE Master Capabilities FlowsCustomer Business Flows:

WebsiteGuest

Secure web access for guests: Guest accessing the Internet for comparative shopping

Guest Website

Secure web access for guests: Guest accessing the Internet to watch hosted video

E-commerceCustomer

Secure applications for PCI: Customer making purchase


TaggingAnti-Malware

Threat Intelligence

FlowAnalytics

Server-Based

SecurityWeb


DistributedDenial



Identity

DNSSecurity

WirelessRogue

Detection

WirelessIntrusion

Prevention

DNSSecurity

WirelessRogue

Detection

WirelessIntrusion

Prevention


TaggingAnti-Malware

Threat Intelligence

FlowAnalytics


TaggingAnti-Malware

Threat Intelligence

FlowAnalytics

Server-Based

SecurityWeb


DistributedDenial




Use these endpoints to further customize your SAFE capabilities flows. Industry-specific endpoints are provided on the following slides.

SAFE Master Endpoints

CEO Guest ServerShareholder Customer Guest Salesperson ServerServerShareholder AutomatedProcess

Clerk Server CustomerManager Manager Salesperson ServerTechnician Building Controls

Remote Employee

ServerTechnician

AutomatedProcess

BuildingControls

BuildingControls

Remote Technician

ServerTechnician Server Server BuildingControls

BuildingControls

RemoteEmployee

SecurePartner

Subject Matter Expert

Remote Colleague

RemoteEmployee

Server VideoCamera

VideoSurveillance

CEO ClerkCustomer SubjectMatter Expert

GuestManagerShareholder


SAFE Architecture Diagrams

SAFE architecture diagrams convey the network structure at a high level without naming specific products. Architectures can also reference capabilities.


The following architecture diagrams are best-practice references for each Place in the Network (PIN).

They may be used as is or you may customize them. Customization instructions are in the Tools and Rules section beginning on slide 38.


BusinessUse Cases

Endpoints Access Services

BuildingControls

Third-party Technicianaccessing logsSecure Third Parties

Subject MatterExpert

Remote ColleagueSecure Communications

Payment ProcessingClerk processing credit card

Secure Applications

Customer browsing prices

Comparative Shopping Website

Guest Wireless

Product Information Website

\Branch Manager browsing

information

Secure Web

Server

RouterAccess Switch

WirelessAccess Point

EnvironmentalControls

EmployeePhone

CorporateDevice

MobileDevice

CorporateWi-Fi Device

APPLICATIONSNETWORKDEVICESHUMAN

Small Branch Architecture


BusinessUse Cases

Endpoints Access Services

Secure Third Parties

BuildingControls

Third-party Technicianaccessing logs

Secure Communications


Remote Colleague

Secure Applications

Clerk processing credit card

Payment Processing

Guest Wireless



Secure Web

Branch Manager browsing

information




EmployeePhone

CorporateDevice

MobileDevice

Access Switch DistributionSwitch

Router

Server

Wireless ControllerCorporateWi-Fi Device


Medium Branch Architecture


BusinessUse Cases

Endpoints Access Collapsed Core & Distribution

Services


BuildingControls




Remote Colleague

Secure Applications


Payment Processing

Guest Wireless



Secure Web

Branch Managerbrowsing

information


Router

CommunicationsManager

Switch

Web Security

Server

Switch

Firewall

Switch

WirelessController

Distribution Switch

Switch



EmployeePhone

CorporateDevice

MobileDevice



Large Branch Architecture

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco PublicBUILDING BLOCK CORE BLOCK

BusinessUse Cases

Endpoints Access Distribution Core Services


BuildingControls


Remote Colleague



Wholesaler WebsiteEmployeebrowsing

Secure Web


Guestbrowsing

Guest WirelessShareholder receiving

email from CEO

CEO sending email to

Shareholders

Secure Email

Router


Switch

Guest Wireless

Blade Server

Switch

Firewall

Switch

Web Security

Core Switch

Firewall

Wireless Controller

Distribution Switch

Switch



EmployeePhone

CorporateDevice

MobileDevice



Campus Architecture

TO CAMPUS/ BRANCH

TO DATA CENTER

Services

PaymentProcessing


Third-party Technician

accessing logs

BuildingControls

Shareholder receiving email

from CEO

CEO sending email to Shareholders


Guestbrowsing

WholesalerWebsite

Employeebrowsing

SwitchFirewallSwitchRouter

NETWORK

WAN Architecture

Software-defined

BusinessUse Cases

EndpointsAccessDistributionCoreServices

Database

East/West Traffic

PaymentApplication

PaymentProcessing



Guestbrowsing

ShareholderEmails

CommunicationServices

Shareholder receiving Email

from CEO

CEO sending email to

Shareholders

WholesalerWebsite

Employeebrowsing

WorkflowApplication

WorkflowAutomation

Field Engineer submitting work order

Third-party Technician

accessing logs

BuildingControls

Secure Server

Secure Server

Secure Server

Secure Server

Fabric Switch

Leaf Switch

Load BalancerAppliance

Load BalancerAppliance

Spine Switch

Controller

Firewall

Distribution Switch

Leaf Switch

Firewall

Core Switch

IdentityServer

Firewall

Distribution Switch

Firewall

Management Console


Wireless Controller

APPLICATIONSSERVERSNETWORK

Data Center Architecture

TO EDGE

TO WAN

TO INTERNET TO ENTERPRISE CORE

TrustedEnterpriseUntrusted

VPN

DMZ

Perimeter Services

BuildingControls


Workflow Application

Field engineer submitting work order

Customer making purchase

PaymentApplication

Employee browsing

WholesalerWebsite

CEO sending email to Shareholders

Shareholder receiving email from CEO

Corporate Guest accessing Internet


SwitchSecure ServerSwitchLoad BalancerAppliance

SD WAN

Switch

Wireless Controller

Switch

Firewall

Firewall

Firewall

Switch

VPNConcentrator

Switch

Switch

Email Security

Router

Web Security

NETWORK

Edge Architecture

TO INTERNET

BusinessUse Cases

Services

DatabaseZone

East/West Traffic

Guest browsing

HostedE-Commerce

ShareholderEmails

Techniciansubmitting task

Workflow Application

WorkflowAutomation

Customer making purchase

PaymentApplication

PaymentProcessing

DistributedDenial ofService

Protection

DNS Security

Anti-Malware

ThreatIntelligence

AnomalyDetection

Web Reputation/Filtering/DCS

Application Visibility

Control (AVC)

IdentityAuthorization

Secure Server

Secure Server

Secure Server

Storage Server

vSwitch

vSwitch

vSwitch

vSwitch

Load Balancer

Load Balancer

Firewall Virtual Appliance




vSwitchvRouter

NETWORKSERVICES APPLICATIONS SERVICES

Cloud Architecture


SAFE Design Diagrams

SAFE design diagrams show the specific products and flow/ structure needed to satisfy the desired security capabilities of a particular network.

The following design diagrams are best-practice references for selected Places in the Network (PINs). Contact the Cisco SAFE Team for assistance in building customized SAFE designs in Visio.


SAFE Icon LibraryIf you need to customize SAFE capabilities flows or architectures, you’ll find the icons on the following slides.


Human IconsUsers:Employees, third parties, customers, and administrators.

Rogue:Attackers accessing restricted information resources.

Identity:Identity-based access.

Identity Directory • Cisco Identity Services Engine Appliance

• Cisco Identity Services Engine Virtual Appliance

IdentityDirectory

Identity


Additional Humans Icons

IdentityDirectory

MS ActiveDirectory

Identity Directory

Identity Directory

CEO Clerk Customer Guest Manager ShareholderExpert RemoteEmployee

SecurePartner

MS ActiveDirectory

Person People


Devices IconsClients:Devices such as PCs, laptops,smartphones, tablets.

Malware: Viruses, malware, and attacks that compromise systems.

Client-Based Security:This capability represents multiple types of security software to protect clients.

Corporate Device • Cisco Advanced Malware Protection for Endpoints

• Cisco Umbrella

• Cisco AnyConnect

• Built-in OS Firewall or Partner Products

• Cisco Advanced Malware Protection for EndpointsAnti-MalwareMalware: Viruses, malware, and attacks that compromise systems.

• Cisco Advanced Malware Protection for Endpoints (TETRA)Anti-VirusVirus:Viruses compromising systems.

Client-BasedSecurity

Anti-Malware

Anti-Virus

Corporate DeviceWorkstation


Devices IconsClients:Devices such as PCs, laptops,smartphones, tablets.

Exploit Redirection:Unauthorized access and malformed packets connecting to client.

Personal Firewall Corporate Device • Built-in OS Firewall

• Partner Products

• Cisco Umbrella - Secure Internet Gateway (SIG)

• Cisco AnyConnect Agent

• Cisco Cloudlock

• Cisco Web Security Appliance

• Cisco Meraki MX

• Cisco Firepower with URL Filtering

• Cisco Viptela SD-WAN

Cloud Security:Combination icon representing several security capabilities provided by the cloud.

Phish Link:Redirection of user to malicious web site.


• Cisco Identity Services Engine

• Cisco Meraki MDM

Posture Assessment:Client endpointcompliance verificationand authorization.

Botnets DDOS:Compromised devices connecting to infrastructure.

Firewall

Cloud Security

Posture Assessment

Corporate DeviceWorkstation


Devices IconsVoice:Phone

Rogue:Attacker accessing private information.

Phone • Cisco Unified Communications

• Cisco IP Phones

• Cisco Unified Communications

• Cisco Telepresence

• Cisco WebEx Teams

• Cisco IP Phones

Video Endpoint

Autonomous Device:Building controls, manufacturing systems, automation.

• Partner devices and controllersEnvironmental ControlsRogue:Attacker accessing private information.

Phone

Video Endpoint

Environmental Controls

Video:Displays, collaboration, smartboards.

Rogue:Attacker accessing private information.

phone

VideoEndpoint

sensor


Additional Devices Icons

CorporateDevice

Corporate Wireless Device

Mobile Phone Video Endpoint Sensor Automated System

Actuator

Corporate Device Corporate Wireless Device

Mobile Phone

Phone

Actuator SensorVideo Endpoint

Video Endpoint

Automated System

Automated System

Server BuildingControls

Server BuildingControls

Camera

StandardizedSystem Images

InfrastructureRedundancy


Network IconsWired Network:Physical network infrastructure; routers, switches, used to connect access, distribution, core, and services layers together

Exploit Redirection: Unauthorized access and malformed packets connecting to client.

Firewall:Stateful filtering and protocol inspection.

Firewall • Cisco Adaptive Security Appliance (ASA)

• Cisco Firepower Appliance

• Cisco Next Generation Firewall

• Cisco Next Generation Firewall Virtual

• Cisco Adaptive Security Appliance (ASA)


• Cisco Next Generation Intrusion Prevention System

• Cisco Next Generation Intrusion Prevention System Virtual

Intrusion Prevention:Blocking of attacks by signatures and anomaly analysis.

Exploit Redirection: Attacks using worms, viruses, or other techniques.



• Cisco Catalyst Switches

• Cisco Wireless Controller and Access Points


• Cisco Integrated Services Routers

• Cisco Aggregation Services Routers

• Cisco Nexus Switches

• Cisco ACI Fabric

• Cisco DNA Fabric

• Cisco Tetration

Tagging:Policy-based, software-defined segmentation.

Unauthorized Network Access:Lateral spread of infiltration.

Firewall

Intrusion Prevention

Tagging

Firewall


Switch


Switch

L2/L3Network

Router

DistributionSwitch

FabricSwitch

AccessSwitch


Network IconsWireless Network:Physical network infrastructure; access points and controllers used to connect mobile devices to the access layer.

Malware: Compromised devices connecting to infrastructure.

Mobile DeviceManagement (MDM):Endpoint access controlbased on policies.

MDM Appliance • Cisco Identity Services Engine

• Cisco Meraki Mobile Device Management

• Cisco Catalyst Switches with Unified Access

• Cisco Wireless Controller and Access Points

• Cisco Mobility Services Engine

Wireless Rogue Detection:Detection and containment of malicious wireless devices not controlled by the company.

Rogue: Unauthorized access and disruption of wireless network.

• Cisco Catalyst Switches with Unified Access

• Cisco Wireless Controller and Access PointsWireless Intrusion Prevention (WIPS):Blocking of wireless attacks by signatures and anomaly analysis.

Rogue:Attacks on the infrastructure via wireless technology.

Mobile Device Management (MDM)

Wireless Rogue Detection

Wireless Intrusion Prevention (WIPS)

MDM Appliance

Wireless LAN Controller

Wireless LAN Controller

Wireless Access Point

Wireless Access Point

Wireless


Analysis:Telemetry and analysis of traffic across the enterprise.

Malware: Malware distribution across networks or between servers and devices.

Anti-Malware for Networks:Identify, block, and analyze malicious files and transmissions.

Firewall • Cisco Advanced Malware Protection for Networks



• Cisco Next Generation Intrusion Prevention System

• Cisco Next Generation Intrusion Prevention System Virtual

• Cisco Collective Security Intelligence

• Cisco Global Threat Analytics and Encrypted Traffic Analytics

• Cisco Talos Security Intelligence

• Cisco Firepower Management Center

• Cisco Umbrella Investigate

• Cisco AMP Console – Telemetry

• Cisco Stealthwatch Management Console

Threat Intelligence:Contextual knowledgeof emerging hazards.

Advanced Threat:Zero-day malware and attacks.

Flow Sensors and Collectors:

• Cisco Integrated Services Router

• Cisco Adaptive Security Appliance

• Cisco Wireless LAN Controller

• Cisco Catalyst Switch

• Cisco Nexus Switch

• Cisco NetFlow Generation Appliance

• Cisco Stealthwatch Flow Sensor

Analysis:


• Cisco Stealthwatch Cloud

Flow Analytics:Network traffic metadataidentifying security Incidents.

Exfiltration:Traffic, telemetry, and data exfiltration from successful attacks.

Network Anti-Malware

Threat Intelligence

Flow Analytics

Firewall

Threat Intelligence is a capability leveraged by many systems andnot deployed separately;there is no dedicated architecture icon.

Flow Sensor

Flow Sensor

Network Icons

AnalyticEngine


Network IconsWAN:Public and untrusted Wide Area Networks that connect to the company, such as the Internet.

VPN Concentrator:Encrypted remote access.

VPN Concentrator • Cisco Adaptive Security Appliance (ASA)





• Cisco Aggregation Services Routers

• Cisco Cloud Services Router



• Cisco Meraki SD-WAN

• Cisco IWAN



• Cisco Viptela SD-WAN vEdge

Virtual Private Network (VPN):Encrypted communication tunnels.

Man-in-the-Middle:Connection of information and identities.

• Cisco Aggregation Services Routers with Radware

• Cisco Firepower Appliance with Radware

• Distributed Denial of Service Technology Partner

DDOS Protection:Protection against scaledattack forms.

Botnets DDOS:Massively scaled attacks that overwhelm services.

VPN Concentrator

Virtual Private Network (VPN)

Distributed Denialof Service Protection

VPN Concentrator

DDOS Protection Appliance

DDOS Protection Appliance

Exfiltration:Traffic, telemetry, and data exfiltration from successful attacks.

SD WAN

SD WAN

WAN


Network IconsCloud:Security services from the cloud.

Cloud Security:Combination icon representing several security capabilities provided by the cloud.

VPN Concentrator • Cisco Umbrella - Secure Internet Gateway (SIG)


• Cisco Cloudlock


• Cisco Web Security Appliance

• Cisco Meraki MX

• Cisco Firepower with URL Filtering

• Cisco Viptela SD-WAN

• Cisco UmbrellaDNS Security:Name resolution filtering.

Phish Link:Redirection of user to malicious website.

Cloud Access Security Broker (CASB):Monitor and protect SaaS services.

Rogue:Unauthorized access to cloud SaaS services, data loss.

Cloud Security

DNS Security

CASB

Cloud Security

Phish Link:Attacks from malware, viruses, and malicious URLs.

Secure DNS

Secure DNS

• Cisco CloudLock

Cloud


Network IconsCloud:Security services from the cloud.

Web Security:Internet access integrityand protections.

Web Security • Cisco Umbrella - Secure Internet Gateway (SIG)

• Cisco Web Security Virtual Appliance

• Cisco Meraki URL Filtering

• Cisco Umbrella - Secure Internet Gateway (SIG)

• Cisco Web Security Virtual Appliance

• Cisco Meraki URL Filtering

Web Reputation/Filtering:Tracking against URL-based threats.

Malware C2:Attacks directing to a malicious URL.

• Cisco Adaptive Security Virtual Appliance (ASAv)


• Cisco Next Generation Firewall Virtual (NGFWv)

Cloud-based Firewall:Filter and inspect traffic via the cloud.

Redirect Link:Unauthorized access and malformed packets connecting to services.

Web Security

Web Reputation/Filtering/DCS

Firewall

Web Security

Redirect Link:Infiltration and exfiltration viaWeb protocols.

Web Reputation Filtering

Web Filtering

Cloud


Additional Network Icons


Router VPN Concentrator DDOSProtection

IdentityDirectory

Web Security

Firewall IPS

Firewall

Adaptive SecurityAppliance

IPS

FirepowerAppliance

Router VPN Concentrator

VPN ConcentratorRouter

DDOSProtection

DDOSProtection

IdentityDirectory

IdentityDirectory

Web Security

Web Security

MS ActiveDirectory

MS ActiveDirectory

Web Filtering

Web Filtering



AccessSwitch

DistributionSwitch

Core Switch

FabricSwitch

LeafSwitch

SpineSwitch

SDController

SD WAN WirelessAccess Point

Mobile DeviceManagement (MDM)

WirelessLAN Controller

Access Switch

Access Switch

SwitchStack

DistributionSwitch

CoreSwitch

FabricSwitch

LeafSwitch

SpineSwitch

ACIController

ACIController

SD WAN

SD WAN

Access Point Mobile DeviceManagement (MDM)

Mobile DeviceManagement (MDM)





Flow Sensor FlowConnector

EndpointConcentrator

UDPDirector

ManagementConsole

SecureDNS



UDPDirector

ManagementConsole

SecureDNS



UDPDirector

ManagementConsole

SecureDNS


Applications IconsApplications:Application-specific security services.

Redirect Link: Attacks against poorly-developed applications.

Web Application Firewalling:Advanced application inspection and monitoring.

Web Application Firewall • Web Application Firewall Technology Partner

• Cisco Aggregation Services Router





Application Visibility Control (AVC):Deep packet inspection of application flows.

C2 Sites: Attack tools hiding in permitted applications.


• Transport Layer Security Offload Technology PartnerTLS Encryption Offload:Accelerated encryption/ decryption of data services.

Spying:Theft of unencrypted traffic.

Web Application Firewall

Application Visibility Control (AVC)

TLS Offload

Web Application Firewall

TLS Appliance

TLS Appliance

Application


Applications IconsApplications:Application-specific security services.

Phishing:Infiltration and exfiltration viaemail.

Email Security:Messaging integrityand protections.

Email Security • Cisco Email Security Appliance

• Cisco Cloud Email Security

• Cisco ThreatgridSandbox ApplianceMalware Sandbox:Detonation and analysisof file behavior.

Storage:Drives, databases, media.

• Disk Encryption Technology Partner

Email Security Email Security

Malware Sandbox Sandbox

Appliance

Malware:Polymorphic threats.

Spying:Theft of unencrypted traffic.

Disk Encryption:Encryption of data at rest.

DiskEncryption

Application

Storage


Applications IconsServers:Application hosting operation systems.

Malware: Viruses, malware and attacks that compromise systems.

Server-based Security:Combination icon representing several security capabilities to secure the server.

Secure Server • Cisco Advanced Malware Protection for Endpoint

• Cisco Umbrella

• Cisco Tetration

• Built-in OS Firewall or Partner Products

Server-BasedSecurity Secure Server

LoadBalancer

Secure Server


Additional Applications Icons

Server SecureServer

BladeServer

Storage LoadBalancer

Wide AreaApplication Engine

TLS Appliance

Server SecureServer

BladeServer

Storage

Storage

LoadBalancer

LoadBalancer



TLS Appliance

TLS Appliance

CiscoAnyConnect

Cisco AMP

Server SecureServer

BladeServer

GenericAppliance

CiscoAppliance

RadwareAppliance

RadwareAppliance


Management IconsManagement:Infrastructure systems management and orchestration.

Analysis/Correlation:Security event management of real-time information.

SIEM • Cisco Stealthwatch


• Cisco Visibility

• SIEM Technology Partner Products


• Cisco Meraki

• Cisco Tetration

• Cisco Stealthwatch

Anomaly Detection:Identification of infected hosts scanning for other vulnerable hosts.

• Cisco Identity Services EngineIdentity/Authorization:Centralized identity andadministration policy.

Analysis/Correlation

AnomalyDetection

Identity/Authorization

SIEM

Identity Directory

Identity Directory

CentralManagement



Logging/Reporting:Centralized event information collection.

Log Collector • Cisco Stealthwatch

• Logging Technology Partner Products

• Cisco Stealthwatch


• Cisco Tetration

Monitoring:Network traffic inspection.

• Cisco UmbrellaName Resolution:Centralized DNS Services

Logging/Reporting

Monitoring

NameResolution

Secure DNS

Monitoring

Log Collector

SecureDNS

Monitoring

CentralManagement



Policy/Configuration:Unified infrastructure management and compliance verification.

Policy • Cisco Firepower Management Center


• Cisco DNA Center

• Cisco ACI APIC


• Cisco Advanced Malware Protection Console

• Cisco Defense Orchestrator

• Cisco Tetration

• Cisco Security Manager

• Cisco Prime LMS

• Cisco Firewalls, Routers, and SwitchesTime Synchronization:Device clock calibration for accurate event correlation.

• Endpoint Technology PartnerVulnerability Management:Continuous scanning, patching, and reporting of infrastructure.

Policy/Configuration

TimeSynchronization

VulnerabilityManagement

Policy

Vulnerability Management

Vulnerability Management

NTP

NTP

CentralManagement


Additional Management Icons

Secure DNS NTP Monitoring VulnerabilityManagement

Policy LogCollector

SIEM

Secure DNS

NTP Monitoring VulnerabilityManagement

VulnerabilityManagement

Policy

Policy

LogCollector

LogCollector

SIEM

SIEMNTP Monitoring

GenericAppliance

Secure DNS

IdentityDirectory

IdentityDirectory

MS ActiveDirectory

MS ActiveDirectory

IdentityDirectory


Tools and RulesPlease refer to the guidelines and helpful elements on these pages to ensure that your diagrams and presentations are SAFE!


Building SAFE Architectures

To customize one of the architecture diagrams on slides 20-27, or to build one, please refer to this key as well as the Architecture Toolkit and the Dos and Don’ts information on the following slides.

For assistance, contact Christian Janoff. [email protected]


Icon Title Example

Title Example

Area Title Example

Icon Title Example


Using Selection PaneThe Selection Pane enables you to view and access layers easily1. Turn on the Selection Pane2. Each object in the pane is listed in the hierarchical order (depth) that it is on the slide.3. Click the eye to make them invisible/visible so you can access objects below them without having

to move them from their position4. By clicking on an object or group name you can select objects that are hard to grab5. Once selected, you can change their order via the Arrange menu, or move them with cursor keys

1 2 3 4 5


By editing the points of a freeform shape you can create smooth consistent corners (steps 1-8).• Make the line with square turns, click and drag to make each segment (hold shift to constrain)• Select Edit Shape then Edit Points from the Drawing Tools menu• Using the gridlines from the View menu, add points before and after (Ctrl+click) • After adding the new points, then select and delete the corner point • Stretch handles as appropriate (back to where the corner point was, and the next corner)

to create a smooth arching corner

1 2 3

4 5 6 7 8

How to draw smooth business flows


Design/Drawing Elements

G1/6 VLAN201HSRP

VLAN

201


If you have questions about SAFE and constructing SAFE architectures with the resources in this toolkit, contact Christian Janoff. [email protected]

safe security architecture toolkit · the safe toolkit includes the elements required to facilitate...

Documents