Good Afternoon My name is Jon Sawdon, I’m the Cisco Security Business Development Manager for Azlan. I’m here to present to you today on the ASA5500 series Security Appliances from Cisco, these provide comprehensive cover for todays networks against many, if not all, network security threats you are likely to experience. As an adaptive security appliance it can be tailored on initial purchase and expanded as your network grows - or your needs change, ensuring maximum return on your investment.
During this presentation there are a few things I am going to cover What do people look for in network security? Here we are going to look at the different drivers that people consider when they select a network security solution. How can the ASA help? In this section we’ll look at how the ASA5500’s addresses the key aspects of network security. What is the Cisco ASA Solution? Finally we’ll have a slightly more in depth look at what the ASA does in order to secure your network
The first things to look at when providing a Security solution are obviously the business drivers likely to be affecting the decision making process, these are always going to vary depending on your position within the company but generally they will come down to A need to protect assets – most companies today would suffer huge losses if their networks were either maliciously compromised with sensitive information being stolen or networks being down leaving them unable to go about their daily business. A desire to increase productivity – increased productivity can increase profits or simply enable people to cut the time they spend on particular tasks. Profitability – probably the most common goal of them all, you have to look hard to find someone who isn’t at least aware of the bottom line, especially amongst key decision makers. A need for an adaptable solution – companies that can react quickly to changing needs have better business continuity than those than need to “go back to the boardroom” whenever changes arise. All of these factors are usually included but one that never fails to arise is the need to provide the aforementioned Within budget and deliver it with a limited number of staff. Any project will have a budget attached and the ability to deliver it comprehensively, cost effectively and maintainable by the minimum number of staff will always be the ideal solution.
After we’ve looked at business drivers we move onto technology and research again shows us that Offering Intrusion prevention, content security and SSL VPNs all on the same platforms, either smaller scale on a Cisco ISR or integrated service router, or on a dedicated security appliance featured highly amongst those asked. As technology moves forward and threats need to be addressed – manageability has come through as the most important feature. Many networks with comprehensive security solutions operate numerous devices, each performing different roles and with different management and reporting tools, this can be a very time consuming and labour intensive approach.
So what security appliances are you likely to find on a network? Network firewalls, such as Intrusion prevention, such as Content security – Gateway anti-spyware appliances – Gateway antivirus appliances – All of these are common and solid choices in their particular area of expertise, however it is both initially expensive to deploy all these devices separately and a complicated management process once installed.
The benefits of such a systems approach are compelling. To illustrate, let’s take a look at the car analogy... If we look back 25 years the car industry was a perfect example of trying to solve a problem of highway safety with a point product approach. Remember when seat belts were an option? ABS systems were an expensive third party extra - and there was no integration of air bags, crumple zones and seatbelts. The result was higher traffic fatality rates. Fast forward to today and we have an integrated security system on cars, that is both less expensive and much more effective. There are many compelling benefits to such a systems approach, when compared to point-solution strategies. A set of disparate security devices, will never be able to provide the same level of security that can be achieved through an integrated solution which combines existing infrastructure devices with embedded security solutions, security devices that have and understand native network intelligence, and actualized security policy in a collaborative and adaptive security system. Additionally, as a systems approach also provides greater visibility of your end-to-end security, it offers improved security management and policy control. A systems approach is also much easier to deploy. As you can see, simplification is a strategic approach to security, and ultimately leads to lower TCO.
Building network security based solely on single-purpose appliances is no longer practical. Converged platforms, or Unified Threat Management security appliances, that deliver multifunctional security services are better equipped to address today’s challenges, as well as tomorrows. This figure highlights the trend toward UTM Security Appliances as the security platform of choice. This report from IDC reveals the current trend and shows the UTM market will continue to grow and surpass that of point products.
I’ll demonstrate a little later about the role the network can play in your security strategy, but first you may be asking yourself, “ What does a networking vendor really know about security? Why should I put my trust in Cisco?” Because Cisco is committed to security: Cisco have 1500 engineers concentrated on development Cisco offers the broadest and deepest portfolio of security products And thanks to a barrage of new releases and new product introductions it is the strongest and most competitive ever. Each product category received a major refresh – most of them in the last 6 months. What Cisco don’t build themselves, they acquire or actively partner. Their industry leadership and activism is both broad and deep, and it starts with John Chambers himself: Chambers is a member of the committee that developed the industry’s NIAC Vulnerability Framework Standards, for responsible vulnerability disclosure. MySDN is a site providing alerts beyond those affecting Cisco products, and shares intelligence reports to assist any organization – Cisco customer or not - to improve security. Should you wish to read more about Cisco and security simply visit cisco.com/security, it’s a central portal where you can find security intelligence as well as more information about their leadership in this area.
So we’ve had a look at the technology Cisco are offering so let’s consider for a moment some of the network technology threats it’s been developed to help protect against. Network service attacks Data theft and interception, theft can occur from inside your own network, generally employees that may help themselves to sensitive information. The other way information can be lost is unencrypted traffic being intercepted and stolen. Any loss of sensitive information can work out to be costly, especially if it’s customer data! The most common that I’m sure most of you have come into contact with at some stage are viruses, worms and Trojans, all of which have ranging effects from being a nuisance to having severe or terminal effects on your networks performance, any network downtime would present the majority of you with real headaches and I’m sure is something you have put measures in place against to prevent happening.
We’ve touched on what the ASA offers but what exactly does it do? First of all it’s a firewall. A firewall acts as your first line of defence by blocking unwelcome and unauthorized traffic, ensuring it’s remains “off your network”. However, with the ASA you are also able to allow users into a demilitarized zone on your network so that although they do not have full access, they can use features such as the internet but remain unable to access secure disk areas. You can also direct users to the DMZ if the machines they are using do not meet security standards, perhaps they have not updated their anti virus to the standard your network requires, they can be kept in a “safe” area of your network until such time as they meet the requirements you have set, they can at this point be granted access to the network that befits the access the have been previously granted.
The ASA is also a VPN alliance, VPNs or virtual private networks offer secure communication to and from your network to remote users. VPN use has grown hugely over recent years, with many organizations realizing that enabling users to retrieve company data from home or customers premises has a big effect on productivity and the ability to react quickly to needs, gone are the days when you need to get back to the office to receive your emails or access documents.
IPS or Intrusion prevention, as this suggests can block against network attacks that your firewall could miss. Many security devices and applications act on signatures or predefined rules, when they encounter activity they cross reference this activity against these signatures to enable them to know how to react. IPS focuses on behavior so although there is some overlay, IPS can secure against threats that have not yet been discovered, this makes them very important when dealing with day zero attacks, whereby you encounter a virus either before a signature has been released or before you have had a chance to update against it. These include worms, Trojans and any external attack. Also, because IPS works on behavior, it provides another line of defence, if for example, a network password is stolen, your network could find it has an unwelcome visitor in the early hours, I say the early hours as this is when a hacker would likely visit your network as they are less likely to caught by someone monitoring a network. So this hacker, complete with password starts going through your network, searching for say customer data, they download anything they consider could be useful along the way, your correctly setup IPS will see that Mr. Smith, who usually logs on between 9-5 and accesses but rarely downloads anything is now downloading many files in quick succession at 3am the IPS sees this behavior and determines it is not correct for the user and will drop and block the connection, this leaves your network secure, even though by rights the user had a password to your network, so had authorized access, and was therefore allowed access beyond the firewall, the IPS device could detect the behavior was not normal and secures your network against the threat on this basis. IPS is a valuable addition to any network that needs to remain secure.
Finally we move onto content security, content security covers many aspects of network security, Beginning with Anti Virus malware protection, the ASA can protect against viruses, spyware and adware, all of which can be at least annoying and at worst stop you in your tracks when encountered. We then move on to content filtering, content filtering works on settings pre-defined by the network manager, in addition with updates supplied by Cisco, you can determine which websites your employees are able to view as required by their role, and block any that you would not like to see during the working day, many favorites are eBay and facebook, the number of working hours lost to these websites is substantial, certainly at my office none of these are available so people are able to get on with their work without the distraction of facebook applications or auctions ending! The updates provided by Cisco will cover sites that are known to download spyware to a visiting machine, prevention, as they say, is better than cure. Message security is the last aspect of content security we will look at, all emails are scanned meaning not only are you secure from known sites but you are also protected from viruses, spyware and the like getting onto your network via email, many of you will have received attachments you are unsure about and the comfort of knowing if it’s in your inbox it’s safe is valuable.
Regardless of where data is originated or destined, it is protected. Security is a fundamental component of every development effort within Cisco. Whether deploying routers, securing the switching infrastructure, implementing advanced productivity enhancing technologies such as voice/video or wireless, protecting the data stored throughout the organization or securing the home office… IT IS SECURED
Slide 1 - Audio Visual Systems Design Integration, AV ...
Cisco ASA 5500 Security Appliance Jon Sawdon- Security Business Development Manager.
Agenda <ul><li>What do people look for in network security? </li></ul><ul><li>How can the ASA help? </li></ul><ul><li>What is the Cisco ASA Solution? </li></ul>
Understanding the SMB Decision Maker How do I protect my assets? How can we be more productive ? How can I increase my profitability ? How can I be more adaptive to changing conditions? AND do all that with limited staff and budget ?
SMB Situation Assessment <ul><li>Market research indicates strong demand in SMBs for ASA and ISR features: </li></ul><ul><ul><li>- IPS – 39% Forrester, 25% Gartner </li></ul></ul><ul><ul><li>- Content Security – 36% Forrester, 35% Gartner </li></ul></ul><ul><ul><li>- SSL – 25% Gartner </li></ul></ul><ul><li>Manageability most important feature for SMBs </li></ul>Source: Forrester, Dec 2006
Infrastructure Adoption and Spending* <ul><li>SMBs are looking to buy or upgrade all types of security technologies </li></ul><ul><li>Network Firewalls </li></ul><ul><li>Intrusion Detection </li></ul><ul><li>Content Security </li></ul><ul><li>Gateway Anti-Spyware Appliance </li></ul><ul><li>Gateway Anti-Virus Appliance </li></ul>*December 2006, Data Overview “The State Of Security In SMBs And Enterprises”
The Need For a Systems Approach <ul><li>Complex environment </li></ul><ul><li>Gaps and inconsistency </li></ul><ul><li>Lower visibility </li></ul><ul><li>More difficult to manage </li></ul><ul><li>Higher TCO </li></ul><ul><li>Simplified environment </li></ul><ul><li>Tight integration, tight security </li></ul><ul><li>Greater visibility </li></ul><ul><li>Easier to deploy and manage </li></ul><ul><li>Lower TCO </li></ul>
Security Appliance Market Is Evolving <ul><li>Small to medium businesses are moving to converged, multifunctional security appliances </li></ul><ul><li>Larger enterprises seek environment-specific security solutions tailored to their needs </li></ul>Security Appliance Market Has Diversified to Meet Changing Security Needs Source: IDC, 2006 IDC: Threat Management Security Appliance by Market Share Market Size ($M)
Market Leader with Commitment to Security <ul><li>Product and Technology Innovation </li></ul><ul><ul><li>1500+ security-focused engineers </li></ul></ul><ul><ul><li>Nine acquisitions added to our solution portfolio in last two years </li></ul></ul><ul><ul><li>SMB focused security products </li></ul></ul><ul><li>Industry Leadership </li></ul><ul><ul><li>Critical Infrastructure Assurance Group </li></ul></ul><ul><ul><li>Responsible disclosure </li></ul></ul>“ Because the network is a strategic customer asset, the protection of its business-critical applications and resources is a top priority. ” John Chambers, Chairman & CEO, Cisco
Network Security Threats <ul><li>Network security threats include: </li></ul><ul><ul><li>Network service attacks </li></ul></ul><ul><ul><li>Data theft and interception </li></ul></ul><ul><ul><li>Software-based viruses, worms and Trojan Horses </li></ul></ul>
What is a Firewall? <ul><li>Firewalls provide the first line of perimeter defense by: </li></ul><ul><li>Preventing unauthorized access to a network, while allowing in authorized users. </li></ul><ul><li>Provides ability to expose internet services in a limited ability to the outside world via a DMZ. </li></ul>
What is a VPN? <ul><ul><li>VPNs are the solution to ensure that data confidentiality and integrity are protected in dynamic environments. </li></ul></ul><ul><ul><li>VPNs provide protection from data interception of unprotected assets using secure connectivity, encryption, and traffic authentication. </li></ul></ul><ul><ul><li>Company LANs and remote users can connect to the network using the same Internet access methods: dialup, (DSL), cable, ISDN , and wireless. </li></ul></ul>
What is Intrusion Prevention (IPS) <ul><li>IPS adds a layer of protection that firewalls alone cannot address. Follows are some key threats where IPS provides added protection: </li></ul><ul><ul><li>Worms </li></ul></ul><ul><ul><li>Trojan Horses </li></ul></ul><ul><ul><li>Bots </li></ul></ul><ul><ul><li>Application Attacks </li></ul></ul><ul><ul><li>Port Scans and Hacking attempts </li></ul></ul><ul><ul><li>Covert Channel Communications </li></ul></ul>
What is Content Security? <ul><li>Content Security represents a myriad of network security protections designed to protect information, users and devices stemming from common threats </li></ul><ul><li>Comprehensive Malware Protection </li></ul><ul><ul><li>Integrates antivirus and malware technology to stop virtually all threats </li></ul></ul><ul><ul><li>Stops viruses, spyware, adware, jokeware, hacking tools, etc. </li></ul></ul><ul><li>Advanced Content Filtering </li></ul><ul><ul><li>Secures employee productivity and reduces legal liability </li></ul></ul><ul><ul><li>Stops phishing, spyware downloads, spyware “phone home” attempts, inappropriate browsing </li></ul></ul><ul><li>Integrated Message Security </li></ul><ul><ul><li>Removes unsolicited email (spam) </li></ul></ul><ul><ul><li>Stops email-born trojans, viruses, spware, etc. </li></ul></ul>VIRUSES SPAM SPYWARE URL FILTERING PHISHING
Security Is Now a Baseline Architecture for IT Infrastructure Storage Networking IP Telephony Wireless LAN Networked Home Routing Switching
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.