During the Next Generation Network and Data Centre – Now and into the Future – Vision, Roadmap and Execution
1 like1,272 views
The document discusses the evolution of cybersecurity threats and emphasizes the need for a comprehensive security portfolio to address these challenges. It outlines Cisco's vision and strategy for securing next-generation networks and data centers through continuous advanced threat protection and visibility-driven security models. The importance of developing ecosystems and partnerships to enhance security measures in a dynamic threat landscape is also highlighted.
During the Next Generation Network and Data Centre – Now and into the Future – Vision, Roadmap and Execution
- 1. Securing the Next Generation Network and Data Centre – Now and into the Future – Vision, Roadmap, and Execution B-EN-01-B Bret Hartman Vice President and Chief Technology Officer, Cisco Security Business Group
- 2. Cisco and/or its affiliates. All rights reserved.Session FAQ Forum Cisco Public House Keeping Notes – Wednesday April 16, 2014 Thank you for attending Cisco Connect Toronto 2014, here are a few housekeeping notes to ensure we all enjoy the session today. Please ensure your cellphones are set on silent to ensure no one is disturbed during the session Please hold all questions until the end of these session to ensure all material is covered 2
- 3. Cisco and/or its affiliates. All rights reserved.Session FAQ Forum Cisco Public Complete Your Paper Session Evaluation – Wednesday April 16 Give us your feedback and you could win 1 of 2 fabulous prizes in a random draw. Complete and return your paper evaluation form to the Room Attendant at the end of the session. Winners will be announced today at the end of the session. You must be present to win! Please visit the Concierge desk to pick up your prize redemption slip. Visit them at BOOTH# 407
- 4. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Recent Events Have Eroded Trust
- 5. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 "We can trust the NSA because without a doubt it is history's most powerful, pervasive, sophisticated surveillance agency ever to be totally pwned by a 29- year-old with a thumb drive”
- 6. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 The Industrialization of Hacking 20001990 1995 2005 2010 2015 2020 Viruses 1990–2000 Worms 2000–2005 Spyware and Rootkits 2005–Today APTs Cyberware Today + Hacking Becomes an Industry Sophisticated Attacks, Complex Landscape Phishing, Low Sophistication
- 7. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Any Device to Any Cloud Public Cloud Private Cloud Public Cloud
- 9. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 The Security Problem Changing Business Models Dynamic Threat Landscape Complexity and Fragmentation
- 10. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 Comprehensive Security Portfolio IPS & NGIPS • Cisco IPS 4300 Series • Cisco ASA 5500-X Series integrated IPS Web Security • Cisco Web Security Appliance (WSA) • Cisco Virtual Web Security Appliance (vWSA) • Cisco Cloud Web Security Firewall & NGFW • Cisco ASA 5500-X Series • Cisco ASA 5500-X w/ NGFW license • Cisco ASA 5585-X w/ NGFW blade Advanced Malware Protection NAC + Identity Services • Cisco Identity Services Engine (ISE) • Cisco Access Control Server (ACS) Email Security • Cisco Email Security Appliance (ESA) • Cisco Virtual Email Security Appliance (vESA) • Cisco Cloud Email Security • Cisco UTM • Meraki MX VPN • Cisco AnyConnect VPN
- 11. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 The New Security Model BEFORE Discover Enforce Harden AFTER Scope Contain Remediate Attack Continuum Network Endpoint Mobile Virtual Cloud Detect Block Defend DURING Point in Time Continuous
- 12. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 Network-Integrated, Broad Sensor Base, Context and Automation Continuous Advanced Threat Protection, Cloud-Based Security Intelligence Agile and Open Platforms, Built for Scale, Consistent Control, Management Strategic Imperatives Network Endpoint Mobile Virtual Cloud Visibility-Driven Threat-Focused Platform-Based
- 13. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 Visibility-Driven
- 14. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Need Both Breadth and Depth Network Endpoint Mobile Virtual Cloud BREADTH DEPTH Who What Where When How
- 15. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 Cisco Fabric Provides Pervasive Visibility Network Servers Operating Systems Routers and Switches Mobile Devices Printers VoIP Phones Virtual Machines Client Applications Files Users Web Applications Application Protocols Services Malware Command and Control Servers Vulnerabilities NetFlow Network Behavior Processes
- 16. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 ? Threat-Focused
- 17. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 Detect, Understand, and Stop Threats ? Collective Security Intelligence Threat Identified Event History How What Who Where When ISE + Network, Appliances (NGFW/NGIPS) Context AMP, CWS, Appliances Recorded Enforcement
- 18. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 Continuous Advanced Threat Protection ISE + Network, Appliances (NGFW/NGIPS) How What Who Where When Collective Security Intelligence AMP, CWS, Appliances Enforcement Event History AMP, Threat Defense Continuous AnalysisContext
- 19. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 Today’s Security Appliances WWW Context- Aware Functions IPS Functions Malware Functions VPN Functions Traditional Firewall Functions
- 20. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 Management Security Services and Applications Security Services Platform Infrastructure Element Layer Platform-Based Security Architecture Common Security Policy & Management Common Security Policy and Management Orchestration Security Management APIs Cisco ONE APIs Platform APIs Cloud Intelligence APIs Physical Appliance Virtual Cloud Access Control Context Awareness Content Inspection Application Visibility Threat Prevention Device API: OnePK™, OpenFlow, CLI Cisco Networking Operating Systems (Enterprise, Data Center, Service Provider) Route–Switch–ComputeASIC Data Plane Software Data Plane APIs APIs Cisco Security Applications Third-Party Security Applications
- 21. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 The Security Perimeter in the Cloud The Distributed Perimeter Cloud Connected Network Collective Security Intelligence Telemetry Data Threat Research Advanced Analytics Mobile Router Firewall 3M+ Cloud Web Security Users 6 GB Web Traffic Examined, Protected Every Hour 75M Unique Hits Every Hour 10M Blocks Enforced Every Hour
- 22. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 Develop Ecosystems for Cisco Security Cisco Current Partner Ecosystem Mobility (MDM), Threat (SIEM), Cloud Partner to Deliver Complete Solutions Open Platform Architecture Enables Develop SSP Partner Ecosystem ISE as “Context Directory Service” Embed Security in Broader IT Solutions Lancope, Network as a Sensor Drive the Value of the Network
- 23. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 Visibility and Context Firewall NGFW NAC + Identity Services VPN UTM NGIPS Web Security Email Security Advanced Malware Protection Network Behavior Analysis Covering the Entire Attack Continuum BEFORE Discover Enforce Harden AFTER Scope Contain Remediate Attack Continuum Detect Block Defend DURING
- 24. Questions? 26