Your SlideShare is downloading. ×
0
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Establishing Trust Within the Enterprise and Beyond | GSF 2012 | Session 4-1

543

Published on

Establishing Trust Within your Enterprise is very important. Build it into your network. …

Establishing Trust Within your Enterprise is very important. Build it into your network.
Securely Enable Your Business with Policy Based Access Control.

By: Kevin Manwiller, Jamie Sanbower

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
543
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Establishing TrustWithin the Enterpriseand BeyondSecurely Enabling Your Business with Policy Based Access ControlKevin Manwiller – Manager Federal Security and Mobility SolutionsJamie Sanbower – Technical Solutions ArchitectMarch 21st, 2012© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 1
  • 2. Agenda • The role of establishing Trust • Why the Network is the place to address Trust© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 2
  • 3. Why do I need Trust Built into the Network?• DoD Requirements – • Network STIG V8R1 (Aug 2010) NET-NAC-009 – CAT I• NIST Guidelines - 800-53 Controls• Explosion of new mobile devices • Bring Your Own Device (BYOD) • Handhelds and tablets used in both enterprise and tactical environments• Better visibility • You can’t properly protect it if you don’t know it’s there (Identity) • Cyber Operations, Mission Assurance, Continuous Monitoring, Incident response© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 3
  • 4. © 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 4
  • 5. The Evolving Workplace Landscape DEVICE PROLIFERATION DEVICE NEXT GENERATIKON VIRTUALIZATION PROLIFERATION WORKFORCE© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 5
  • 6. The Evolving Workplace Landscape NEXT GENERATION WORKFORCE People Are Willing to Take a 70% percent of end users Work Is No Longer a Pay Cut as Long as They admit to breaking IT policy Place You Go to Work Are Able to Work from to make their lives easier Home DEVICE NEXT GENERATIKON VIRTUALIZATION PROLIFERATION WORKFORCE© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 6
  • 7. The Evolving Workplace Landscape VIRTUALIZATION “60% of server workloads will be virtualized by 2013” “20% of professional PCs will be managed under a hosted virtual desktop model by 2013.”Datacenters are evolving, Applications are now objects moving through the network DEVICE NEXT GENERATIKON VIRTUALIZATION PROLIFERATION WORKFORCE© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 7
  • 8. The Burden Falls on IT • How do I manage the risk of employees bringing their own devices? • How do I ensure consistent experience on all devices? • How do I implement multiple security policies per user, device? • How and What do I support? DEVICE PROLIFERATION© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 8
  • 9. The Burden Falls on IT • Am I hindering my workforce from being competitive? • How do I retain top talent? • How do I ensure compliance with FISMA, DIACAP, STIG, etc? • Can I handle partners, consultants, guest appropriately? CHANGING WORKFORCE© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 9
  • 10. The Burden Falls on IT • How do I know who is accessing my virtual desktop infrastructure? • How do I secure access to my data across the cloud… in a scalable way? • Can I ensure compliance across geographic boundaries? VIRTUALIZATION© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 10
  • 11. 73 Million 2104 Online Cisco Cius™ 8144 12,290 Meetings a Year Apple iPads RIM BlackBerry Tablets Devices -1.6% Growth 6700+ Linux Desktops 2185 Other Devices -3.8% Growth 87,000+ Microsoft 5234 Windows PCs Android Devices 9.5% Growth 12,000+ 20,581 Apple Macs Apple iPhones 3.9% GrowthC97-701828-00 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
  • 12. 59% 32% 20% More devices More Users Fewer Cases 30 Minutes 25% 17 Weeks per Day per Year Savings Faster Acquisition More Productivity Using Cisco® VXI IntegrationC97-701828-00 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
  • 13. Securely Enables Your Business with Policy Based Access Control Wireless / Employee Guest User VM Client Comprehensive RemoteComprehensive VPN User IP Devices Contextual Awareness of the Who, What, Visibility Where, When, How Leverage Network to Secure Access to Your Exceptional Identity and Context Critical Resources, Control Aware Infrastructure Mitigating Risk and Ensuring Compliance Centralized Effective Management of Secure Data Center Intranet Internet Security Zones Access Services and Management Scalable Enforcement Leveraging Your Infrastructure © 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 13
  • 14. Policy Administration Policy Decision Identity Services Engine (ISE) Identity Access Policy System Policy Enforcement Cisco 2900/3560/3700/4500/6500, Nexus 5000/7000 Cisco ASA, ISR, ASR 1000 TrustSec Powered switches, Wireless and Routing Infrastructure Policy Information NAC Agent Web Agent 802.1x Supplicant No-Cost Persistent and Temporal Clients AnyConnect or TrustSec Powered for Posture, and Remediation OS-Embedded Supplicant Identity-Based Access Is a Feature of the Network Spanning Wired, Wireless, and VPN© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 14
  • 15. Comprehensive Visibility Guest Access Profiling Posture WHO WHAT WHERE WHEN HOW CONTEXT Security Camera G/W Francois Didier Personal iPad Agentless Asset Consultant Employee Owned Chicago Branch HQ—Strategy Wireless HQ Remote Access 6 p.m. Vicky Sanchez Frank Lee Employee, Marketing Guest Wireline Wireless 3 p.m. 9 a.m. IDENTITY 802.1X MAB WebAuth CISCO SWITCHES, ROUTERS, WIRELESS ACCESS POINTS Identity (802.1X)-Enabled Network© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 16
  • 16. Comprehensive Visibility Leveraging Your Infrastructure Network Cisco Catalyst® Switch Identity Differentiators Monitor Mode Flexible Authentication Sequence IP Telephony Support Support for Virtual DesktopAuthorized Tablets IP Network Device Guests Environments Users Phones 802.1X MAB and Profiling Web Auth Authentication Features IEEE 802.1x MAC Auth Bypass Web Authentication Consistent identity features supported on all Catalyst switch models © 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 17
  • 17. Manual Device Classification and Policy Enforcement The Challenge TYPICAL DEPLOYMENT SCENARIO Device Proliferation Multitude of Devices Need to Have Need Assurance and Identification for on the Network, Wired Policy Control for That a Device Conforms Policy Enforcement and Wireless Each Device Type With Fingerprint© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 18
  • 18. Comprehensive Visibility Cisco InnovationAutomated Device Classification Using Cisco Infrastructure DEVICE PROFILING For wired and wireless networks Printer Personal iPad ISE Access Point Personal Printer Policy CDP CDP LLDP DHCP LLDP DHCP iPad Policy MAC MAC [place on VLAN X] [restricted access] Access Point The Solution DEPLOYMENT SCENARIO WITH CISCO DEVICE SENSORS Efficient Device COLLECTION CLASSIFICATION AUTHORIZATION Classification Switch Collects Device ISE Classifies Device, Collects ISE Executes Policy Based Leveraging Related Data and Sends Flow Information and Provides on User and Device Report to ISE Device Usage Report Infrastructure© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 19
  • 19. Comprehensive Visibility Cisco InnovationIntegrated Profiling—Visibility in ScaleNetwork Infrastructure Provides LocalSensing FunctionContextual data passed via RADIUS to ISE Active Endpoint ScanningActive Scanning—Enhanced AccuracyISE Augments Passive Network TelemetryWith Active Endpoint Telemetry Data ISE Device FeedDevice Feed*—Identity in ScaleManufacturers and Ecosystem ProvidesConstant Updates to New Devices Device Sensor (network-based)Customers Pull Bundled Data Feedfrom Cisco Cisco Device Sensor * Scheduled for Fall 2012© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 20
  • 20. Comprehensive VisibilityISE Posture Ensures Endpoint Health before Network Access Wired, Wireless, VN User Temporary Limited Non- Compliant Network Access Until Remediation Is CompleteSample Employee Policy: Challenge: Value:• Microsoft patches updated • Understanding health of • Temporal (web-based) device or Persistence Agent• McAfee AV installed, running, and current • Varying level of control • Automatic Remediation over devices • Differentiated policy• Corp asset checks • Cost of Remediation enforcement based on• Enterprise application running© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 role Cisco Confidential 21
  • 21. Comprehensive VisibilityISE Guest Service for managing guests Guest Policy Web Authentication Internet Wireless or Guests Wired Access Internet-Only Access Provision: Manage: Notify: Report: Guest Accounts via Sponsor Privileges, Guests of Account On All Aspects of Guest Sponsor Portal Guest Accounts and Details by Print, Email, Accounts Policies, Guest Portal or SMS© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 22
  • 22. Exceptional ControlDelivers Policy-Based Enforcement Remote VPN Wireless Wired User Devices Virtual Desktop User User Policy-Based Scalable Access Control Enforcement VLANs IDENTITY and CONTEXT AWARE Access Control Lists NETWORK Secure Group Tags * MACsec Encryption * *= Cisco Security Innovation Data Center Intranet Internet Zones© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 23
  • 23. Exceptional Control Cisco Innovation DACL or Named ACL VLANS Security Group Access Employee IP Any S Gr ecur Remediation ou ity pT ag Contractor Employees Guest Security Group Access—SXP, VLAN 3 VLAN 4 SGT, SGACL, SGFW• Less disruptive to • Does not require switch • Simplifies ACL endpoint (no IP address port ACL management management change required) • Preferred choice for path • Uniformly enforces• Improved user experience isolation policy independent of topology • Fine-grained access control Flexible Enforcement Mechanisms in your infrastructure Range of options available to customer© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 24
  • 24. Policies Based on Role Based Distinct Technical Language Policy Access Table Individual Users Permissions Resources Policy Matrix Doctors Intranet Email Financial Patient D1 S1 (10.156.78.100) Portal Server Servers Records (10.10.24.13) Patient Doctor Web IMAP No Access Web File S2 D2 Records Share (10.10.28.12) Finance Web IMAP Web No Access D3 Web, SQL, Full (10.156.54.200) IT Admin SSH Access SQL SQL Finance S3 Email D4 Intranet Doctor - Patient Record ACL (10.10.36.10) permit tcp dst eq 443 permit tcp dst eq 80 permit tcp dst eq 445 D5 permit tcp dst eq 135 IT Admins (10.156.100.10) deny ip S4 (10.10.135.10) D6 Finance permit tcp S1 D1 eq https permit tcp S1 D1 eq 8081 Time Consuming deny ip S1 D1 Simple …… Manual …… permit tcp S4 D6 eq https Flexible permit tcp S4 D6 eq 8081 Error Prone deny ip S4 D6 Business Relevant© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 25
  • 25. Exceptional ControlMarking traffic with context Patient Records (confidential) Doctor Unrestricted for Employees Finance Internet Guest Cisco Innovation The Solution DEPLOYMENT SCENARIO WITH SECURITY Scalable Enforcement GROUP ACCESS (SGA) Independent of Network SCALABLE AND REDUCED INCREASED BUSINESS Topology CONSISTENT POLICY OPERATIONAL AGILITY ENFORCEMENT EXPENSE© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 26
  • 26. DEPLOYMENT USE CASES Healthcare: Ensure Privacy of Patient Data by Enforcing Roles Based Access and Segmentation Across the Network Retail: Intra Store Communication for Networked Devices While . Ensuring That Only Authorized Users and Devices Have Access to PCI Data Technology: Allowing Approved Employee-Owned Tablets Access to Internal Portals and Corporate App Store Manufacturing: Marking Extranet Traffic to Allow PLC Vendor Remote Access to Specific Manufacturing Zone Only, and Offshore Development Partners Access to Development Servers Only© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 27
  • 27. Exceptional Control Cipher Data No Visibility No Visibility CORPORATE RESOURCES L3/L4 Encryption The Challenge Typical Deployment Scenario Encryption disables Encryption at IP No visibility into the visibility for policy or application flows for Security and layers QoS policy enforcement enforcement© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 28
  • 28. Exceptional Control Cisco Innovation 802.1X 802.1X AE Encrypted AE Encrypted Cipher Data Cipher Data Flows Visible for Flows Visible for Policy Policy CORPORATE RESOURCES Enforcement Enforcement Decrypt On Encrypt On Ingress Interface Egress Interface The Solution Typical Deployment Scenario Data Confidentiality Hop by Hop L2 Visibility into the flows for Security Security Group Tag with Visibility encryption and QoS policy enforcement integrity© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 29
  • 29. Effective ManagementOperations Converged Security and Policy Monitoring Contextual status and monitoring dashboards across wired and wireless networks Centrally organizes Day 1-to-n management tasks Instructional configuration workflows Reduces the time to troubleshoot Integration with Cisco NCS Prime© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 30
  • 30. Effective ManagementDetermine, Document and Implement Policies User Device Type Location Posture Time Access Method Custom© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 31
  • 31. Effective ManagementPutting the End User in Control Reduced Burden on IT Staff Device On-boarding, Self Registration, Supplicant Provisioning * Reduced Burden on Help Desk Staff Seamless, Intuitive End user experience Self Service Model My Device Registration Portal*, Guest Sponsorship Portal * Scheduled for Summer 2012© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 32
  • 32. Effective ManagementMDM Ecosystem INTEGRATION WITH LEADING AD/LDAP MDM VENDORS * ISE • MobileIron, Airwatch, Zenprise Contextual MDM Mgr Policy • Ecosystem offering choice for ? customers Cisco Catalyst Switches Cisco WLAN Controller FEATURES: • Comprehensive Device Provisioning User X User Y • Detailed User and Device Context • Increased Device and Application Security Window or OS X Smartphones including iOS Computers or Android Devices * Scheduled for Fall 2012 Wired or Wireless Wireless© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 33
  • 33. ISE Base ISE Advanced ISE Wireless License License License NEW TRUSTSEC FEATURES IN EXISTING SWITCH PACKAGING: Are My Endpoints Are My Endpoints Campus (Cat 3K/4K): Authorized? Compliant? Base + Advanced •LAN Base—802.1X, SXP, IOS sensor, MACsec• Authentication/ • Device Profiling • All Base Services •IP Base—SGT, SGACL Authorization • Host Posture • All Advanced Aggregation (Cat 6K):• Guest Provisioning • Security Group Access Services• Link Encryption Policies •IP Base—802.1X, SXP, SGT, SGACL Router (ASR 1K/ISR): Perpetual Licensing 3 / 5 Year Term Licensing 5 Year Term Licensing •Base packaging—SXP •Advanced/Security—SG FW Appliance Platforms Data Center (Nexus): Small 3315/1121 | Medium 3355 | Large 3395 | Virtual Appliance •Advanced LAN License → Base Package Built into Headend Note: Advanced License does not include Base Anyconnect© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 34
  • 34. Different from Competitors One Policy for Wired, Most comprehensive policy-driven Wireless and VPN BYOD solution supporting full range of business needs Integrated Lifecycle Services Flexible and Scalable (Posture, Profiling, Guest) Authorization Options Leveraging your Infrastructure Differentiated Identity Features Standards based Data Layer(Multiple Auth Methods, Flexible Encryption to ProtectSequencing Auth, Monitor Mode) Communications© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 35
  • 35. Monitor Logging Logging View Logs/ Reports Policy External Admin Service Data View/ Query Configure Attributes Policies Request/Re Logging sponse Context Endpoint Enforce Resource Access Resource Request Access© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 36
  • 36. Centralized Deployment All ISE Persona’s Deployed in a Single Site Admin Monitor Policy Services Cluster HA Inline AD/LDAP Posture Nodes (External ASA VPN ID/Attribute Store) Data Center A WLC Switch 802.1X 802.1X AP© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 37
  • 37. Distributed Deployment All ISE Persona’s Deployed Across Multiple Sites Admin Monitor Policy Services Cluster Distributed Admin (S) Monitor (S) Policy Services HA Inline AD/LDAP Posture Nodes (External ASA VPN ID/Attribute Store) AD/LDAP Data Data (External Center A Center B ID/Attribute Store) WLC Switch Switch WLC 802.1X 802.1X 802.1X 802.1X AP AP Branch A Branch B Switch Switch AP 802.1X AP 802.1X© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 38
  • 38. Converged Unified Identity-Based Policy Platform Agent Firewall NAC ACS Guest ISE Profiler SALES HR User Group UK Enforcement • Offers Cisco AnyConnect™ technology: Employees • AAA, 802.1X, guest, profiler, posture On- and off-premises security • System monitor and diagnosis • Extends 802.1X and VPN client + NAC • User, group, device based policy • “ISE”: Next-generation ACS + NAC • Extends management to Positron • ASA and Positron platforms Enhanced Device Network Infection System-Wide Monitoring Profiling Containment and Troubleshooting Network Device Identity Cisco Security Provisioning Policy Intelligence Ops Client Monitoring and Management Troubleshooting • Cisco delivered device template feed • Streamline the locate, contain, and • Switches collect and forward device remediation process • Single admin pane-of-glass fingerprint, no traffic re-engineering • Leverage reputation and NIPS feeds • Wired and wireless infrastructure© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 39
  • 39. “Visibility and “BYOD– “Secure Data Control” Bring Your Center” Own Device” “ISE Advanced + Base” “ISE Wireless” Offer, Identity/SGA + Offer Expand to Wired ISE Advanced TrustSec™– Securely Enables Your Business with Policy based access control© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 40
  • 40. Thank you.© 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 41
  • 41. © 2011 Cisco and/or its affiliates. All rights reserved. - Last Updated 2/23/2012 Cisco Confidential 42

×