self defending network – data centre · 3 increasing the business impact of the it organization...
TRANSCRIPT
2
Agenda
• Issues and Challenges
• Cisco® Self-Defending Network Solution
• Solution Components (Afternoon)
• Getting Started
3
Increasing the Business Impactof the IT Organization
1. Increasing revenues and opportunity
• Reacting in real time to customer and market demands
• Driving innovative products and services to market faster
• Greater process efficiency, monitoring, and reporting on activity
• Reduce escalating costs of IT, achieving ROI expectations
4. Increasing productivity, efficiency while reducing costs
3. Improving customer relationships
• Strengthening trust and confidence
• Building long-term business partner relationships
2. Increasing business resiliency and agility• Greater flexibility to use resources where and when needed
• Greater ability to interact with customers and partners
Business Objectives
4
Growth
Cost /Productivity
Flexibility
Share of Spend
CEOPriorities
CEOPriorities
Cross-Functional
Collaboration
Security
CEO’s Priorities…Networked IT Enables Priorities
As technology becomes more business critical...security becomes a business imperative.
As technology becomes more business critical...security becomes a business imperative.
The Economist2005 CEO Briefing
The Economist2005 CEO Briefing
“CEOs call technology advances most important driver of change”… First year ever
“CEOs call technology advances most important driver of change”… First year ever
5
Business Processes
Applications and Services
Networked Infrastructure • Active participation in application
and service delivery
• A systems approach integrates technology layers to reduce complexity
• Flexible policy controls adapt this intelligent system to your business though business rules
Intelligent NetworkingUsing the Network to Enable Business Processes
Connectivity Intelligent Networking
Utilize the network to unite isolated layers and domains to enable business processes
Cisco Network Strategy
Resilient
Integrated
Adaptive
6
Evolution of Security Challenges
GlobalInfrastructure
Impact
RegionalNetworks
MultipleNetworks
IndividualNetworks
IndividualComputer
Target and Scope of Damage
1st Gen• Boot viruses
Weeks 2nd Gen• Macro viruses
• DoS
• Limited hacking
Days3rd Gen• Network DoS
• Blended threat (worm + virus + Trojan)
• Turbo worms
• Widespread system hacking
Minutes
Next Gen
• Infrastructure hacking
• Flash threats
• Massive, worm driven
• DDoS
• Damaging payload viruses and worms
Seconds
1980s 1990s Today Future
Time from Knowledge of Vulnerability to Release
of Exploit is Shrinking
7
Top Security Challenges 2005
Note: 1 = No challenge; 5 = Significant Challenge Source: IDC’s Enterprise Security Survey, 2005
0 1 2 3 4
Wireless Devices
Network Management
Volume / Complexity Network Traffic
Solution Complexity
Employees Following Policy
Increasing Attack Sophistication
Patchwork Network Security
Per IDC, increasing sophistication of attacks and complexity of security management will drive
need for more integrated / proactive security solutions.
Per IDC, increasing sophistication of attacks and complexity of security management will drive
need for more integrated / proactive security solutions.
8
Evolution of Security Requirements
A Collaborative Systems Approach
NEEDED NOWNEEDED NOWPASTPAST
StandaloneStandalone Integrated Multiple LayersIntegrated Multiple Layers
Reactive Reactive Automated, ProactiveAutomated, Proactive
Product Level Product Level System-level ServicesSystem-level Services
New Methods & New Architectures
9
Current Investment Is Misdirected
Patching, Restoration
and Recovery
Prevention and
Containment
“Respondents spend most of their time in reactive mode: responding to incidents, deploying firewalls, and dealing with everyday nuisances like spam and spyware. Ironically, the most common proactive step respondents take is to develop business continuity and disaster recover plans. So even their proactive steps are investments in reactive measures.”
—CSO Magazine, 2005 State of Information Security Survey
10
Network
Vulnerable Custom Applications: Focus of Attacks Moves to the Application Layer
75% of Attacks Focused Here
Custom Web Applications• Customized packaged applications• Internal and third-party code• Business logic and code
Network Firewall
IDSIPS
No Signatures or Patches
OperatingSystems
WebServers
OperatingSystems
ApplicationServers
OperatingSystems
DatabaseServers
11
The Challenge of Managing Security
MonitoringNeed to monitor
multivendor networks
ConfigurationHow to rapidly deploy
new policies
MitigationHow to use networkto eliminate threats
AuditingHow to audit against
best practices
AnalysisToo much meaningless
raw data
IdentityHow to control access
to network assets—who can do what
Source: Security Virtues of a Common Infrastructure, J. Tiller, INS
12
Why Cisco? We Are Committed to Security
• 1500 security-focused engineers
• 15+ acquisitions added to our solution portfolio (increasing)
• 65+ NAC partners worked collaboratively with us to deliver an unprecedented security vision
Responsible Leadership
• NIAC Vulnerability Framework Committee
• Critical Infrastructure Assurance Group
• PSIRT—responsible disclosure
• MySDN.com—intelligenceand best practices sharing
“Because the network is a strategic customer asset, the protectionof its business-critical applications and resources is a top priority.”
—John Chambers, CEO, Cisco Systems®
Product and Technology Innovation
13
Cisco Self-Defending Network:Using the Network to Identify, Prevent, and Adapt to Threats
Enabling everyelement to be a pointof defense and policy
enforcement
Integrated
Proactive security technologies that
automatically prevent threats
Adaptive
Collaboration among the services and
devices throughoutthe network to thwart
attacks
Collaborative
14
Benefits of a Systems Approach
• Complex Environment
• Gaps and Inconsistency
• Lower Visibility
• More Difficult to Manage
• Higher TCO
• Simplified Environment
• Tighter Integration = Tighter Security
• Greater Visibility
• Easier to Deploy and Manage
• Lower TCO
15
Benefits of Cisco Self-Defending Networks
Improved Value:
• Reduces integrationcosts—security is already integrated into the network
• Allows proactive, planned upgrades at traditional IT refresh cycles
• Improves efficiency of security management
Security Virtues of a Common Infrastructure, J. Tiller, INS
16
Integrate Advanced Security Services Where NeededSecurity Point Products
Security Point Products
Secure Network Platform Security Services Integrated into the Network
Advanced Technologies and Services
Integrated Collaborative Adaptive
Firewall Network AntivirusAccess Control
IPSec and SSL VPNIPS
IntegrateAdvancedServices
Leverage Existing
Investment
Automated ThreatResponse
Virtualized Security Services
Behavioral-BasedProtection
Dynamic DDoSMitigation
Application-LayerInspection
Endpoint PostureControl
IP Network
17
Integrated / Convergence … D / V / V / MRequires Integrated, Pervasive Security
IPIPMobilityMobility
VideoVideo
DataData
VoiceVoice
18
Network as Platform for Security
Integrated Services Routers
• Integrate Cisco® IOS® Firewall, VPN, and Intrusion Prevention System (IPS) services across the Cisco router portfolio
• Deploy new security features on your existing routers using Cisco IOS Software
• NAC-enabled
Cisco Catalyst® Switches
• Denial-of-service (DoS) attack mitigation
• Integrated security service modules for high-performance threat protection and secure connectivity
• Man-in-the-middle attack mitigation
• NAC-enabled
Adaptive Security Appliances
• High-performance firewall, IPS, network antivirus, and IPSec/SSL VPN technologies all in one unified architecture
• Device consolidation reduces overall deployment and operations costs and complexities
• NAC-enabled
“Comprehensive and simple—almost the holy grail.”—Garth Brown, President, Semaphore
19
How does this apply to my Data Centre?
20
Functional Consolidation within a Data Center
ACE helps consolidate functions and creates a simplified and manageable application infrastructure
ACE helps consolidate functions and creates a simplified and manageable application infrastructure
GrowingComplexity and Cost
Multiple Separate TCP Terminations
Failover Scenario—More Complexity
Single TCP Termination,
Multiple Operations
Scalability, Performance, Manageability
SS
L
Secu
rity
SL
B
Op
tim
ize
21
Virtualization=Simplification=Lower Costs
MultipleVirtual Partitions(each withfunctionsand resources
N-Tier Applications
Web Servers
App Servers
DB Servers
Front End Network
C2C1 C3 C4 C5 C6
Single ACE
Module
N-Tier Applications
Web Servers
App Servers
DB Servers
Front End Network
ACE consolidates horizontal application silos and supports central control with distributed management
ACE consolidates horizontal application silos and supports central control with distributed management
22
StorageNetworking
StorageNetworking
Security Is Now a Baseline Architecture for All Communication Technologies
IP TelephonyIP Telephony
Wireless LANWireless LANNetworked
HomeNetworked
Home
RoutingRoutingSwitchingSwitching
23
A Lifecycle Approach to Security Service and Support
Coordinated Planning and Strategy
Make sound financial decisions
PreparePrepare
Assess ReadinessCan your network support the proposed system?
PlanPlan
Maintain Network Health
Manage, resolve, repair, replace
OperateOperate
Implement SolutionIntegrate without disruption
or causing vulnerability
ImplementImplement
Design the SolutionProducts, service, support aligned to requirements
DesignDesign
Operational Excellence
Adapt to changing business requirements
OptimizeOptimize
Cisco®
PartnerCustomer
24
Cisco: Helping Our Customers Make the Journey from Point Solutions to Self-Defending Networks
• Self-Defending Network: integrated, collaborative, adaptive
• Enable business-driven security practice
• Risk gaps are reduced; complexity is reduced;total cost of ownership is lower
• Protect, optimize, andgrow your business
cisco.com/go/security
25