Unlock the Value of Network Security Policy

Secure my IT Protect intellectual infrastructure. property. Compliance with Provide anytime regulations, and risk of CXO anywhere, access with non-compliance. predictable quality. Consider BYOD.© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

Business Goals and Objectives Executed Through Company Polices Shared Company Policies “Protect Intellectual Property While Providing Anytime, Anywhere Access.” Network Application Security Compliance Policy Policy Policy Policy “Control access “Identify “Control access “Audit to ensure to networks applications that to users and IP protection with sensitive access sensitive prevent data and compliance assets.” data and control leakage” to regulations” access.”© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

Allow X RestrictChallenge: Policy Definition Policies based on distinct technical language Unified Business-Relevant Policies Product joe_ b Fin. www.customer. Grant Bookings Mgr com/sapapp Corporate Customer issued laptop Data ApplicationAdministration X Finance SalesForce. Manager com bjoe12 Finance a_serversap permit _group Personal iPad SystemAdministration User Role Device Service Location Action All Any iPad Product Bookings All Restrict IP Address Netmask Network permit All Any iPad Salesforce.com Out of Allow – 1.1.1.1 255.255.0.0 10.10.0.0 Office Any Finance Corporat Product Bookings Any Allow Network e Asset / Salesforce.comAdministration© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

Allow X RestrictChallenge: Situational Awareness Limited and Static Context Real time and Dynamic Context Awareness User ID= jblog User ID= jblog ? Product Bookings Product Bookings Customer Corporate Customer 0a:34:90:df:34:ab Data issued laptop Data ? User ID= joeb X User ID= jblog 10.10.30.45 SalesForce. Finance SalesForce. ? com Manager (out of office) com 05:ab:5f:a0:34:87 Personal iPad© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

Challenge: Visibility and Control Silo’d Reporting, Lack of Correlation Consolidated Reports, Simplified Auditing jblog Finance Corporate SJC Bldg 1 Product Allow Manager Laptop Bookings jblog Finance iPad Remote Product Restrict Manager Location Bookings • Multiple non-correlated reports • Lack contextualized visibility and control Consolidated Dashboard • Contextualized • real time data combines applications, systems, and network context App Usage Network Usage Security • Single source of information, supporting Report Report Report control and tuning of policy© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6

Policy Visibility & Control PointEnterprise Identity Other Policy Servers Visibility Session Directory, with User Device Health Location History Reputation Behavioral Monitoring Policy Intrusion Detection Anomaly Detection Datacenter Network Access Devices Endpoints Si© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

Cisco Identity Services Engine (ISE)Identity and Context Centric Policy Platform WHERE WHAT WHEN Business-Relevant Security Policy Policies Attributes WHO HOW Centralized Identity Policy Engine (Identity Services Engine) Dynamic Policy & Enforcement Monitoring User and Devices & Reporting Security Policy Application Enforcement Controls© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential A

ISE Services I only want to allow the “right” users and Authentication devices on my network Services Identity Services I want user and devices Authorization Engine to receive appropriate network services Services I want to allow guests into the network Guest Lifecycle and control their behavior Management I need to allow/deny iPads in my Profiling network (BYOD) Services Simplified Policy I want to ensure that devices on my Posture Management network are clean Services I need a scalable way of enforcing Security Group access policy across the network Access© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9

Platform: Integrate Across VerticalsEarly Proof Points Identity Services Engine (ISE) Context & Control Plane Inventory SIEM MDM Management Report with User & Device Context Driven On-boarding “Russ’s non-compliant PC “Russ forced to enroll iPAD Application appears infected” into MDM” Entitlement Streamline SecOps Response Limit Non-Compliant Access “Quarantine” “Quarantine” Virtualization Endpoint Security GRC Tools© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10

Policy Governed Networks in Action Policy Teams Business Security Compliance IT Systems Mgmt, Cisco Network Mgmt Policy & Rules Product Bookings Identity Services Engine (ISE) MPLSCorporate Laptop Full Encrypt Device, Service, Application, User, Role Location Context Customer Data Context SalesForce. com Centralized Policy Platform iPad Restricted ASR/ISR/ASA Router/Switch Applications in Data Center or Cloud Central Dashboard, Third-Party Reports, Measurements, Applications Troubleshooting Centralized View© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

http://blogs.cisco.com	1483
http://www.ciscokrblog.com	484
http://ciscokrblog.com	154
http://ciscokr.tistory.com	13
http://www.twylah.com	3
http://cafe.naver.com	1

Unlock the Value of Network Security Policy

by Cisco Security

Accessibility

Categories

Upload Details

Usage Rights

6 Embeds 2,138

Statistics