• Save
Unlock the Value of Network Security Policy
 

Like this? Share it with your network

Share

Unlock the Value of Network Security Policy

on

  • 4,403 views

Examining the evolution of the network and the role of Cisco’s Identity Services Engine in enforcing these security policies. Is your enterprise equipped to fully leverage the power of the network?

Examining the evolution of the network and the role of Cisco’s Identity Services Engine in enforcing these security policies. Is your enterprise equipped to fully leverage the power of the network?

Statistics

Views

Total Views
4,403
Views on SlideShare
1,795
Embed Views
2,608

Actions

Likes
1
Downloads
0
Comments
0

7 Embeds 2,608

http://blogs.cisco.com 1569
http://www.ciscokrblog.com 769
http://ciscokrblog.com 252
http://ciscokr.tistory.com 13
http://www.twylah.com 3
http://cafe.naver.com 1
http://www.docshut.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Traditionally the network & network security have operated as a black box lacking the language of business governance. Disruptive trends like BYOD, application outsourcing and next generation attacks are forcing the network to mature as the fundamental platform for securing enterprise assets. This presentation examines the evolution of the network and the role of Cisco’s Identity Services Engine in enforcing these security policies. Is your enterprise equipped to fully leverage the power of the network
  • Policy is construct to tackle this problemBYOD multiple components – have to bring a broader policy solution set to cover this market to differentiateWhat’s going on in the market (Aruba buying Avenda would be a last decade solution) – hodge-podgeStitch it in a common domain – NAC framework orig vision – ubiquitous way for common policy centralized, distributed deployment

Unlock the Value of Network Security Policy Presentation Transcript

  • 1. Unlock the Value ofNetwork SecurityPolicyRussell RiceDirector, Product ManagementJune 12, 2012© 2011 Cisco and/or its affiliates. All rights reserved. 2012 Cisco Confidential 1
  • 2. Secure my IT Protect intellectual infrastructure. property. Compliance with Provide anytime regulations, and risk of CXO anywhere, access with non-compliance. predictable quality. Consider BYOD.© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
  • 3. Business Goals and Objectives Executed Through Company Polices Shared Company Policies “Protect Intellectual Property While Providing Anytime, Anywhere Access.” Network Application Security Compliance Policy Policy Policy Policy “Control access “Identify “Control access “Audit to ensure to networks applications that to users and IP protection with sensitive access sensitive prevent data and compliance assets.” data and control leakage” to regulations” access.”© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
  • 4. Allow X RestrictChallenge: Policy Definition Policies based on distinct technical language Unified Business-Relevant Policies Product joe_ b Fin. www.customer. Grant Bookings Mgr com/sapapp Corporate Customer issued laptop Data ApplicationAdministration X Finance SalesForce. Manager com bjoe12 Finance a_serversap permit _group Personal iPad SystemAdministration User Role Device Service Location Action All Any iPad Product Bookings All Restrict IP Address Netmask Network permit All Any iPad Salesforce.com Out of Allow – 1.1.1.1 255.255.0.0 10.10.0.0 Office Any Finance Corporat Product Bookings Any Allow Network e Asset / Salesforce.comAdministration© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
  • 5. Allow X RestrictChallenge: Situational Awareness Limited and Static Context Real time and Dynamic Context Awareness User ID= jblog User ID= jblog ? Product Bookings Product Bookings Customer Corporate Customer 0a:34:90:df:34:ab Data issued laptop Data ? User ID= joeb X User ID= jblog 10.10.30.45 SalesForce. Finance SalesForce. ? com Manager (out of office) com 05:ab:5f:a0:34:87 Personal iPad© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
  • 6. Challenge: Visibility and Control Silo’d Reporting, Lack of Correlation Consolidated Reports, Simplified Auditing jblog Finance Corporate SJC Bldg 1 Product Allow Manager Laptop Bookings jblog Finance iPad Remote Product Restrict Manager Location Bookings • Multiple non-correlated reports • Lack contextualized visibility and control Consolidated Dashboard • Contextualized • real time data combines applications, systems, and network context App Usage Network Usage Security • Single source of information, supporting Report Report Report control and tuning of policy© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
  • 7. Policy Visibility & Control PointEnterprise Identity Other Policy Servers Visibility Session Directory, with User Device Health Location History Reputation Behavioral Monitoring Policy Intrusion Detection Anomaly Detection Datacenter Network Access Devices Endpoints Si© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
  • 8. Cisco Identity Services Engine (ISE)Identity and Context Centric Policy Platform WHERE WHAT WHEN Business-Relevant Security Policy Policies Attributes WHO HOW Centralized Identity Policy Engine (Identity Services Engine) Dynamic Policy & Enforcement Monitoring User and Devices & Reporting Security Policy Application Enforcement Controls© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential A
  • 9. ISE Services I only want to allow the “right” users and Authentication devices on my network Services Identity Services I want user and devices Authorization Engine to receive appropriate network services Services I want to allow guests into the network Guest Lifecycle and control their behavior Management I need to allow/deny iPads in my Profiling network (BYOD) Services Simplified Policy I want to ensure that devices on my Posture Management network are clean Services I need a scalable way of enforcing Security Group access policy across the network Access© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
  • 10. Platform: Integrate Across VerticalsEarly Proof Points Identity Services Engine (ISE) Context & Control Plane Inventory SIEM MDM Management Report with User & Device Context Driven On-boarding “Russ’s non-compliant PC “Russ forced to enroll iPAD Application appears infected” into MDM” Entitlement Streamline SecOps Response Limit Non-Compliant Access “Quarantine” “Quarantine” Virtualization Endpoint Security GRC Tools© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
  • 11. Policy Governed Networks in Action Policy Teams Business Security Compliance IT Systems Mgmt, Cisco Network Mgmt Policy & Rules Product Bookings Identity Services Engine (ISE) MPLSCorporate Laptop Full Encrypt Device, Service, Application, User, Role Location Context Customer Data Context SalesForce. com Centralized Policy Platform iPad Restricted ASR/ISR/ASA Router/Switch Applications in Data Center or Cloud Central Dashboard, Third-Party Reports, Measurements, Applications Troubleshooting Centralized View© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
  • 12. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12