SlideShare a Scribd company logo

Presentacion nac

A
Adriana Cardona

diseño nac

Engineering
1 of 25
Download to read offline
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 1 Securing the Empowered Branch with Cisco Network Admission Control September 2007
© 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 2 1 The Cisco® Empowered Branch 2 Security Considerations for the Branch Office 3 Cisco Network Admission Control (NAC) Overview 4 Securing the Empowered Branch with Cisco NAC Contents
© 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 3 New Business Realities E - M a i l W e b 2 . 0 T r a n s a c t i o n A p p l i c a t i o n s C o l l a b o r a t i o n T o o l s A d v a n c e d V o i c e A p p l i c a t i o n s V o D V i d e o C o n f e r e n c i n g Performance Bandwidth • Surveys show >35% of all employees are in branch offices, and the number is growing. • Business decisions are increasingly localized. • Branch offices consume 70–90% of resources * Technology Innovation Point-to-Point Multipoint Voice Only Rich-Media Phone PC/PDA Wired Wireless Non-Real Time Real Time Scheduled Impromptu Most Employees Cannot Take Full Advantage of These Today, Unless Network Infrastructure Keeps Up *Internet Research Group
© 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 4 Today’s Branch: WAN New Branch-Office Realities Limited Mobility; Limited Disaster Recovery Blended Security Threats, Compliance Saturated WAN; Poor Response Time Aging, Disparate Data and Voice Networks Inconsistent Branches and Branch-Headquarters Solutions Empowered Branch: WAN Optimized WAN; Accelerated Applications Consistent Branches and Branch-Headquarters Services Self-Defending Networks High Availability, Unified Wireless–Wireline Business Unified Voice, Data, and Video Network Platform
© 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 5 Embedded Wireless Access Points for Improved Mobility Integrated Services Routers Secure, Concurrent Services Leading Solution for Branch Offices Increased Performance, Service Density, and Memory for Enhanced Efficiency Voice-Ready Capabilities for Improved Responsiveness Remote Management (e.g., Cisco IOS® Software and CiscoWorks) Built-In, Self- Defending Security: • Firewalls • Intrusion prevention systems • Antivirus • Application inspection • Transaction privacy • Network admission control Easy-to-Deploy Device Management: • Cisco® Router and Security Device Manager (SDM) Cisco Integrated Services Routers
© 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 6 Small Office and Teleworker Cisco Integrated Services Router Portfolio Medium to Large Branch Small Branch Embedded Wireless, Security, and Data Cisco® 800 Series Cisco 2800 Series Cisco 3800 Series Cisco 1800 Series Cisco 1861 Series New The Integrated Services Router Portfolio High Density and Performance for Concurrent Services Embedded, Advanced Voice, Video, Data, and Security Services Performance and Services Density
© 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 7 1 The Cisco® Empowered Branch 2 Security Considerations for the Branch Office 3 Cisco Network Admission Control (NAC) Overview 4 Securing the Empowered Branch with Cisco NAC Contents
© 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 8 Today: Branch-Office Security Concerns Extended Network Boundaries • Need protection at the edge before threats enter corporate network • Need to control guest and unmanaged devices Effect of Compliance on IT • IT resources leaner at branch than at headquarters • Regulations such as PCI call for enhanced security between remote offices and headquarters “Inherited” Security Applications and Infrastructure • May differ from or lag behind security at headquarters • Security policies must accommodate without increasing inconsistencies
© 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 9 Cost of Risk as Measured by Downtime • Costs for downtime are high One day cost of lost productivity = $1,640 per employee • More than just a data network outage • More than just revenue affected: o Revenue loss o Productivity loss o Impaired financial performance o Damaged reputation o Recovery expenses Source: Meta Group $ 205 $1,010,536 Average $ 107 $ 668,586 Transportation $ 244 $1,107,274 Retail $ 370 $1,202,444 Insurance $1,079 $1,495,134 Financial Institution $ 134 $1,610,654 Manufacturing $ 186 $2,066,245 Telecommunications $ 569 $2,817,846 Energy Revenue/ Employee- Hour Revenue/Hour Industry Sector
© 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 10 1 The Cisco® Empowered Branch 2 Security Considerations for the Branch Office 3 Cisco Network Admission Control (NAC) Overview 4 Securing the Empowered Branch with Cisco NAC Contents
© 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 11 Cisco Network Admission Control Using the Network to Enforce Policies Helps Ensure that Incoming Devices Are Compliant. Authenticate and Authorize • Enforces authorization policies and privileges • Supports multiple user roles Update and Remediate • Network-based tools for vulnerability and threat remediation • Help-desk integration Quarantine and Enforce • Isolate noncompliant devices from rest of network • MAC and IP-based quarantine effective at a per-user level Scan and Evaluate • Agent scan for required versions of hotfixes, AV, etc. • Network scan for virus and worm infections and port vulnerabilities
© 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 12 Cisco NAC Addresses Top Pain Points Cisco NAC authenticates and controls guest and unmanaged assets. Source: Current Analysis, July 2006 Cisco NAC assesses, quarantines, and remediates noncompliant endpoints. Cisco® NAC applies access and posture policies based on roles. How to Implement Role-Based Access Control How to Handle Guest and Unmanaged Users How to Enforce Endpoint Policy Requirements
© 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 13 Cisco NAC by the Numbers 2000+ Customers 47% Market Share1 1 Infonetics, May 2007 2 March 2007 http://searchnetworking.techtarget.com/productsOfTheYear/ 3 May 2007 http://www.networkcomputing.com/channels/security/showArticle.jhtml?articleID=199204304 Gold Award: Determined by Reader Survey2 75% of Infonetics Survey Respondents Ranked Cisco No. 1 Among NAC Vendors1 No.1 NAC Vendor Based on Network World Reader Survey3
© 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 14 The Goal Intranet or Network Cisco NAC Appliance Flow 2. User logs in to optional agent or is redirected to a login Webpage Cisco® NAC validates username and password, also performs device and network scans to assess vulnerabilities on the device Device is noncompliant or login is incorrect User is denied access and assigned to a quarantine role with access to online remediation resources 3a. Quarantine Role 3b. Device is “clean” Machine gets on “certified devices list” and is granted access to network Cisco NAC Server Cisco NAC Manager 1. End user attempts to access network Access is blocked until wired or wireless end user provides login information Authentication Server
© 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 15 Cisco Business Benefits Manage and Mitigate Risks Introduce Operational Efficiencies Maintain Network Accessibility Transparent Interoperability with Other Cisco® Products Makes Self-Defending Networks a Reality for Secured Remote Access for Secured LAN Access for Secured Wireless Access
© 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 16 Maintain Network Accessibility 3.6% 3% Monetary loss as a percentage of total revenue Human or Configuration Errors Network Security Attacks “Human error plays a much larger part in application downtime than in any other area; human error is responsible for 35% of outage time and 31% of service degradation time.” (Infonetics, The Costs of Downtime, 2006) Cisco NAC Addresses the Two Primary Sources of Downtime. “In recent years, lost productivity has started to eclipse data theft as the primary concern when it comes to network security attacks.” (Infonetics, The Costs of Network Security Attacks, 2007)
© 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 17 Part of the Cisco Self-Defending Network Interoperates with Many Other Cisco® Products, Such as VPN, Wireless Products, Routers, and Switches to Increase Network Resiliency and Productivity • Switches and routers All switches and routers (in band) Cisco Catalyst® 2900, 2940, 2950, 2960, 3500, 3550, 3560, 3750, 3760, 4000, 4500, and 6500 models (out of band) • VPN products Cisco VPN 3000 Series Concentrators Cisco ASA VPN Cisco Integrated Services Router and Cisco IOS® Software VPN • Wireless access points Wireless LAN services module (WLSM) (Cisco Aironet® access points) Wireless LAN Controller (WiSM/WLC) • Cisco Security Agent for day-zero endpoint security • Cisco Security Monitoring, Analysis and Response System (MARS) for security correlation
© 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 18 1 The Cisco® Empowered Branch 2 Security Considerations for the Branch Office 3 Cisco Network Admission Control (NAC) Overview 4 Securing the Empowered Branch with Cisco NAC Contents
© 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 19 Cisco NAC Appliance Portfolio 2500 Users Each or 3500 Users Each Super Manager Manages up to 40 Enterprise and Branch Servers Enterprise and Branch Servers 1500 Users Each Standard Manager Manages up to 20 Branch Offices, SMB Servers, or Cisco® Integrated Services Router Network Modules 100 Users 250 Users 500 Users Manager Lite Manages up to 3 50 or 100 Users ƒ NME-NAC for 50 and 100 users; integrates CAS functions ƒ Supports Cisco 2811, 2821, 2851, 3825, and 3845 Integrated Services Routers Now Extending to Cisco Integrated Services Router
© 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 20 Cisco NAC Deployments Central Site Campus Building Corporate Users 802.1q Layer 3 Segmentation Campus Building Corporate Users IPsec VPN Home Office Unmanaged Desktop SSL Tunnel VPN Account Manager Mobile User Branch Office Branch Users WAN IP Wireless Network LWAPP Users LWAPP 802.1q
© 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 21 Extending Cisco NAC with Cisco Integrated Services Router Network Module Network Admission Control Better Criteria for Network Access Beyond “Who Is It?” Authenticate and Authorize Update and Remediate Quarantine and Enforce Scan and Evaluate What’s the preferred way to check or fix it? Where is it coming from? What’s on it? What is it doing? What do you have? Who owns it? = Four Critical Functions Industry’s First Full NAC Network Module
© 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 22 Cisco NAC Network Module on Cisco Integrated Services Router • Authentication and identity • Security posture • Enforcement • Remediation Use Cases • Pervasive security One product for all use cases and locations • Consistent policy One policy store for consistent application across entire organization • Transparent deployment Integrated for easier deployment, troubleshooting, and management Wireless Remote Access Guest LAN Benefits: Cisco NAC
© 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 23 Cisco NAC for Customer Choice System Support • Vendor accountability: Network partner • Fewer maintenance contracts Operational Efficiency • Fewer devices, management systems, and user interfaces • Simplified troubleshooting Appliances (Overlay) Cisco Integrated Services Router Network Module (Modular) Or Service Interoperability • Consistency • Interoperability • Tested Investment Protection • Flexibility to evolve through system modularity
© 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 24 Any Combination Works Not supported Supported High availability Fits into Cisco 2811, 2821, 2851, 3825, and 3845 Integrated Services Routers Separate appliance Form factor Cisco NAC Appliance Manager (manages both options) Policy store or management point Same deployment flexibility with Layer 2 or Layer 3, in-band or out-of-band, agent or agentless Increments of 100, 250, 500, 1500, and 2500 users per server Campus: Wired, wireless, remote, and guest access Appliances (Overlay) Increments of 50 or 100 per module Branch: Wired, wireless, remote, and guest access Cisco Integrated Services Router Network Module (Modular) Deployment methods Number of users Primary use cases
© 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 25

Recommended

Network access control (nac)
Network access control (nac)Network access control (nac)
Network access control (nac)cyberlocke
 
What is NAC
What is NACWhat is NAC
What is NACIsrael Marcus
 
Network Control Access for Non-IT Professionals
Network Control Access for Non-IT ProfessionalsNetwork Control Access for Non-IT Professionals
Network Control Access for Non-IT ProfessionalsIncheon Park
 
Network Access Control as a Network Security Solution
Network Access Control as a Network Security SolutionNetwork Access Control as a Network Security Solution
Network Access Control as a Network Security SolutionConor Ryan
 
NAC - A Solution for Disappearing Perimeter
NAC - A Solution for Disappearing Perimeter NAC - A Solution for Disappearing Perimeter
NAC - A Solution for Disappearing Perimeter RiskNaut
 
Genian NAC Datasheet
Genian NAC Datasheet Genian NAC Datasheet
Genian NAC Datasheet GENIANS, INC.
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Controljwpiccininni
 
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and RoutersEnsuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and RoutersAlgoSec
 

Recommended

Network access control (nac)
Network access control (nac)Network access control (nac)
Network access control (nac)cyberlocke
 
What is NAC
What is NACWhat is NAC
What is NACIsrael Marcus
 
Network Control Access for Non-IT Professionals
Network Control Access for Non-IT ProfessionalsNetwork Control Access for Non-IT Professionals
Network Control Access for Non-IT ProfessionalsIncheon Park
 
Network Access Control as a Network Security Solution
Network Access Control as a Network Security SolutionNetwork Access Control as a Network Security Solution
Network Access Control as a Network Security SolutionConor Ryan
 
NAC - A Solution for Disappearing Perimeter
NAC - A Solution for Disappearing Perimeter NAC - A Solution for Disappearing Perimeter
NAC - A Solution for Disappearing Perimeter RiskNaut
 
Genian NAC Datasheet
Genian NAC Datasheet Genian NAC Datasheet
Genian NAC Datasheet GENIANS, INC.
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Controljwpiccininni
 
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and RoutersEnsuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and RoutersAlgoSec
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentationRasool Irfan
 
Throughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlThroughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlAruj Thirawat
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Lancope, Inc.
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?Mir Mustafa Ali
 
DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0Shah Sheikh
 
resume IT security
resume IT securityresume IT security
resume IT securityMichael Moore
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsColorTokens Inc
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to PracticeAlgoSec
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Networks
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architectureijsrd.com
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNorth Texas Chapter of the ISSA
 
What we learned from MISA Ontario 2020 Infosec
What we learned from MISA Ontario 2020 InfosecWhat we learned from MISA Ontario 2020 Infosec
What we learned from MISA Ontario 2020 InfosecGENIANS, INC.
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access Er. Ajay Sirsat
 
Genian NAC Overview
Genian NAC Overview Genian NAC Overview
Genian NAC Overview GENIANS, INC.
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security ProductsDigital Bond
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...Eran Goldstein
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Joan Figueras Tugas
 
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMJim Gilsinn
 
Cisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Canada
 
Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsBiznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsYusuf Hadiwinata Sutandar
 

More Related Content

What's hot

Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentationRasool Irfan
 
Throughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlThroughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlAruj Thirawat
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Lancope, Inc.
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?Mir Mustafa Ali
 
DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0Shah Sheikh
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsColorTokens Inc
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to PracticeAlgoSec
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Networks
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architectureijsrd.com
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNorth Texas Chapter of the ISSA
 
What we learned from MISA Ontario 2020 Infosec
What we learned from MISA Ontario 2020 InfosecWhat we learned from MISA Ontario 2020 Infosec
What we learned from MISA Ontario 2020 InfosecGENIANS, INC.
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access Er. Ajay Sirsat
 
Genian NAC Overview
Genian NAC Overview Genian NAC Overview
Genian NAC Overview GENIANS, INC.
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security ProductsDigital Bond
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...Eran Goldstein
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Joan Figueras Tugas
 
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMJim Gilsinn
 

What's hot (20)

Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentation
 
Throughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlThroughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security Control
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?
 
DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0
 
resume IT security
resume IT securityresume IT security
resume IT security
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architecture
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
 
What we learned from MISA Ontario 2020 Infosec
What we learned from MISA Ontario 2020 InfosecWhat we learned from MISA Ontario 2020 Infosec
What we learned from MISA Ontario 2020 Infosec
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
 
Genian NAC Overview
Genian NAC Overview Genian NAC Overview
Genian NAC Overview
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security Products
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company Introduction
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
 
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
 

Similar to Presentacion nac

Cisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Canada
 
Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsBiznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsYusuf Hadiwinata Sutandar
 
What is ThousandEyes Webinar
What is ThousandEyes WebinarWhat is ThousandEyes Webinar
What is ThousandEyes WebinarThousandEyes
 
UniCredit Business Integrated Solutions
UniCredit Business Integrated SolutionsUniCredit Business Integrated Solutions
UniCredit Business Integrated SolutionsCisco Case Studies
 
Cisco connect winnipeg 2018 introducing the network intuitive
Cisco connect winnipeg 2018 introducing the network intuitiveCisco connect winnipeg 2018 introducing the network intuitive
Cisco connect winnipeg 2018 introducing the network intuitiveCisco Canada
 
Cisco Connect Ottawa 2018 dna assurance shortest path to network innocence
Cisco Connect Ottawa 2018 dna assurance shortest path to network innocenceCisco Connect Ottawa 2018 dna assurance shortest path to network innocence
Cisco Connect Ottawa 2018 dna assurance shortest path to network innocenceCisco Canada
 
Enterprise Networks - Cisco Digital Network Architecture - Introducing the Ne...
Enterprise Networks - Cisco Digital Network Architecture - Introducing the Ne...Enterprise Networks - Cisco Digital Network Architecture - Introducing the Ne...
Enterprise Networks - Cisco Digital Network Architecture - Introducing the Ne...Cisco Canada
 
Cisco Connect Ottawa 2018 the intelligent network with Cisco Meraki
Cisco Connect Ottawa 2018 the intelligent network with Cisco MerakiCisco Connect Ottawa 2018 the intelligent network with Cisco Meraki
Cisco Connect Ottawa 2018 the intelligent network with Cisco MerakiCisco Canada
 
Ise 1 2-bdm-v4
Ise 1 2-bdm-v4Ise 1 2-bdm-v4
Ise 1 2-bdm-v4Danny Liu
 
Cisco Connect 2018 Thailand - Cisco aci delivering intent for data center net...
Cisco Connect 2018 Thailand - Cisco aci delivering intent for data center net...Cisco Connect 2018 Thailand - Cisco aci delivering intent for data center net...
Cisco Connect 2018 Thailand - Cisco aci delivering intent for data center net...NetworkCollaborators
 
Cisco Connect Ottawa 2018 dna automation the evolution to intent-based netw...
Cisco Connect Ottawa 2018 dna automation the evolution to intent-based netw...Cisco Connect Ottawa 2018 dna automation the evolution to intent-based netw...
Cisco Connect Ottawa 2018 dna automation the evolution to intent-based netw...Cisco Canada
 
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Canada
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecRobb Boyd
 
Smau Padova 2018 - Cisco
Smau Padova 2018 - CiscoSmau Padova 2018 - Cisco
Smau Padova 2018 - CiscoSMAU
 
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assuranceCisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assuranceCisco Canada
 
Cisco Digital Network Architecture - Introducing the Network Intuitive
Cisco Digital Network Architecture - Introducing the Network IntuitiveCisco Digital Network Architecture - Introducing the Network Intuitive
Cisco Digital Network Architecture - Introducing the Network IntuitiveCisco Canada
 
Introduction_to_Network_Security lecture
Introduction_to_Network_Security lectureIntroduction_to_Network_Security lecture
Introduction_to_Network_Security lecturerosemaryjibril1
 

Similar to Presentacion nac (20)

Cisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper dive
 
Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsBiznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital Forensics
 
UCS_MINI_OVERVIEW.pptx
UCS_MINI_OVERVIEW.pptxUCS_MINI_OVERVIEW.pptx
UCS_MINI_OVERVIEW.pptx
 
What is ThousandEyes Webinar
What is ThousandEyes WebinarWhat is ThousandEyes Webinar
What is ThousandEyes Webinar
 
UniCredit Business Integrated Solutions
UniCredit Business Integrated SolutionsUniCredit Business Integrated Solutions
UniCredit Business Integrated Solutions
 
Cisco connect winnipeg 2018 introducing the network intuitive
Cisco connect winnipeg 2018 introducing the network intuitiveCisco connect winnipeg 2018 introducing the network intuitive
Cisco connect winnipeg 2018 introducing the network intuitive
 
Cisco Connect Ottawa 2018 dna assurance shortest path to network innocence
Cisco Connect Ottawa 2018 dna assurance shortest path to network innocenceCisco Connect Ottawa 2018 dna assurance shortest path to network innocence
Cisco Connect Ottawa 2018 dna assurance shortest path to network innocence
 
Enterprise Networks - Cisco Digital Network Architecture - Introducing the Ne...
Enterprise Networks - Cisco Digital Network Architecture - Introducing the Ne...Enterprise Networks - Cisco Digital Network Architecture - Introducing the Ne...
Enterprise Networks - Cisco Digital Network Architecture - Introducing the Ne...
 
Cisco Connect Ottawa 2018 the intelligent network with Cisco Meraki
Cisco Connect Ottawa 2018 the intelligent network with Cisco MerakiCisco Connect Ottawa 2018 the intelligent network with Cisco Meraki
Cisco Connect Ottawa 2018 the intelligent network with Cisco Meraki
 
Ise 1 2-bdm-v4
Ise 1 2-bdm-v4Ise 1 2-bdm-v4
Ise 1 2-bdm-v4
 
Cisco Connect 2018 Thailand - Cisco aci delivering intent for data center net...
Cisco Connect 2018 Thailand - Cisco aci delivering intent for data center net...Cisco Connect 2018 Thailand - Cisco aci delivering intent for data center net...
Cisco Connect 2018 Thailand - Cisco aci delivering intent for data center net...
 
Cisco Connect Ottawa 2018 dna automation the evolution to intent-based netw...
Cisco Connect Ottawa 2018 dna automation the evolution to intent-based netw...Cisco Connect Ottawa 2018 dna automation the evolution to intent-based netw...
Cisco Connect Ottawa 2018 dna automation the evolution to intent-based netw...
 
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSec
 
Smau Padova 2018 - Cisco
Smau Padova 2018 - CiscoSmau Padova 2018 - Cisco
Smau Padova 2018 - Cisco
 
Cisco DNA
Cisco DNACisco DNA
Cisco DNA
 
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assuranceCisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assurance
 
PSOIOT-1151.pdf
PSOIOT-1151.pdfPSOIOT-1151.pdf
PSOIOT-1151.pdf
 
Cisco Digital Network Architecture - Introducing the Network Intuitive
Cisco Digital Network Architecture - Introducing the Network IntuitiveCisco Digital Network Architecture - Introducing the Network Intuitive
Cisco Digital Network Architecture - Introducing the Network Intuitive
 
Introduction_to_Network_Security lecture
Introduction_to_Network_Security lectureIntroduction_to_Network_Security lecture
Introduction_to_Network_Security lecture
 

Recently uploaded

Computer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersComputer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersMairaAshraf6
 
Computer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesComputer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesChandrakantDivate1
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXssuser89054b
 
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptxA CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptxmaisarahman1
 
Rums floating Omkareshwar FSPV IM_16112021.pdf
Rums floating Omkareshwar FSPV IM_16112021.pdfRums floating Omkareshwar FSPV IM_16112021.pdf
Rums floating Omkareshwar FSPV IM_16112021.pdfsmsksolar
 
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...Health
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptMsecMca
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTbhaskargani46
 
AIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsAIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsvanyagupta248
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Arindam Chakraborty, Ph.D., P.E. (CA, TX)
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaOmar Fathy
 
Learn the concepts of Thermodynamics on Magic Marks
Learn the concepts of Thermodynamics on Magic MarksLearn the concepts of Thermodynamics on Magic Marks
Learn the concepts of Thermodynamics on Magic MarksMagic Marks
 
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best ServiceTamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Servicemeghakumariji156
 
Bridge Jacking Design Sample Calculation.pptx
Bridge Jacking Design Sample Calculation.pptxBridge Jacking Design Sample Calculation.pptx
Bridge Jacking Design Sample Calculation.pptxnuruddin69
 
DeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakesDeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakesMayuraD1
 
kiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal loadkiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal loadhamedmustafa094
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startQuintin Balsdon
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdfKamal Acharya
 
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxSCMS School of Architecture
 
Block diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptBlock diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptNANDHAKUMARA10
 

Recently uploaded (20)

Computer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersComputer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to Computers
 
Computer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesComputer Networks Basics of Network Devices
Computer Networks Basics of Network Devices
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptxA CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
 
Rums floating Omkareshwar FSPV IM_16112021.pdf
Rums floating Omkareshwar FSPV IM_16112021.pdfRums floating Omkareshwar FSPV IM_16112021.pdf
Rums floating Omkareshwar FSPV IM_16112021.pdf
 
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
AIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsAIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech students
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS Lambda
 
Learn the concepts of Thermodynamics on Magic Marks
Learn the concepts of Thermodynamics on Magic MarksLearn the concepts of Thermodynamics on Magic Marks
Learn the concepts of Thermodynamics on Magic Marks
 
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best ServiceTamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
 
Bridge Jacking Design Sample Calculation.pptx
Bridge Jacking Design Sample Calculation.pptxBridge Jacking Design Sample Calculation.pptx
Bridge Jacking Design Sample Calculation.pptx
 
DeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakesDeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakes
 
kiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal loadkiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal load
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdf
 
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
 
Block diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptBlock diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.ppt
 

Presentacion nac

  • 1. © 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 1 Securing the Empowered Branch with Cisco Network Admission Control September 2007
  • 2. © 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 2 1 The Cisco® Empowered Branch 2 Security Considerations for the Branch Office 3 Cisco Network Admission Control (NAC) Overview 4 Securing the Empowered Branch with Cisco NAC Contents
  • 3. © 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 3 New Business Realities E - M a i l W e b 2 . 0 T r a n s a c t i o n A p p l i c a t i o n s C o l l a b o r a t i o n T o o l s A d v a n c e d V o i c e A p p l i c a t i o n s V o D V i d e o C o n f e r e n c i n g Performance Bandwidth • Surveys show >35% of all employees are in branch offices, and the number is growing. • Business decisions are increasingly localized. • Branch offices consume 70–90% of resources * Technology Innovation Point-to-Point Multipoint Voice Only Rich-Media Phone PC/PDA Wired Wireless Non-Real Time Real Time Scheduled Impromptu Most Employees Cannot Take Full Advantage of These Today, Unless Network Infrastructure Keeps Up *Internet Research Group
  • 4. © 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 4 Today’s Branch: WAN New Branch-Office Realities Limited Mobility; Limited Disaster Recovery Blended Security Threats, Compliance Saturated WAN; Poor Response Time Aging, Disparate Data and Voice Networks Inconsistent Branches and Branch-Headquarters Solutions Empowered Branch: WAN Optimized WAN; Accelerated Applications Consistent Branches and Branch-Headquarters Services Self-Defending Networks High Availability, Unified Wireless–Wireline Business Unified Voice, Data, and Video Network Platform
  • 5. © 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 5 Embedded Wireless Access Points for Improved Mobility Integrated Services Routers Secure, Concurrent Services Leading Solution for Branch Offices Increased Performance, Service Density, and Memory for Enhanced Efficiency Voice-Ready Capabilities for Improved Responsiveness Remote Management (e.g., Cisco IOS® Software and CiscoWorks) Built-In, Self- Defending Security: • Firewalls • Intrusion prevention systems • Antivirus • Application inspection • Transaction privacy • Network admission control Easy-to-Deploy Device Management: • Cisco® Router and Security Device Manager (SDM) Cisco Integrated Services Routers
  • 6. © 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 6 Small Office and Teleworker Cisco Integrated Services Router Portfolio Medium to Large Branch Small Branch Embedded Wireless, Security, and Data Cisco® 800 Series Cisco 2800 Series Cisco 3800 Series Cisco 1800 Series Cisco 1861 Series New The Integrated Services Router Portfolio High Density and Performance for Concurrent Services Embedded, Advanced Voice, Video, Data, and Security Services Performance and Services Density
  • 7. © 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 7 1 The Cisco® Empowered Branch 2 Security Considerations for the Branch Office 3 Cisco Network Admission Control (NAC) Overview 4 Securing the Empowered Branch with Cisco NAC Contents
  • 8. © 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 8 Today: Branch-Office Security Concerns Extended Network Boundaries • Need protection at the edge before threats enter corporate network • Need to control guest and unmanaged devices Effect of Compliance on IT • IT resources leaner at branch than at headquarters • Regulations such as PCI call for enhanced security between remote offices and headquarters “Inherited” Security Applications and Infrastructure • May differ from or lag behind security at headquarters • Security policies must accommodate without increasing inconsistencies
  • 9. © 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 9 Cost of Risk as Measured by Downtime • Costs for downtime are high One day cost of lost productivity = $1,640 per employee • More than just a data network outage • More than just revenue affected: o Revenue loss o Productivity loss o Impaired financial performance o Damaged reputation o Recovery expenses Source: Meta Group $ 205 $1,010,536 Average $ 107 $ 668,586 Transportation $ 244 $1,107,274 Retail $ 370 $1,202,444 Insurance $1,079 $1,495,134 Financial Institution $ 134 $1,610,654 Manufacturing $ 186 $2,066,245 Telecommunications $ 569 $2,817,846 Energy Revenue/ Employee- Hour Revenue/Hour Industry Sector
  • 10. © 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 10 1 The Cisco® Empowered Branch 2 Security Considerations for the Branch Office 3 Cisco Network Admission Control (NAC) Overview 4 Securing the Empowered Branch with Cisco NAC Contents
  • 11. © 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 11 Cisco Network Admission Control Using the Network to Enforce Policies Helps Ensure that Incoming Devices Are Compliant. Authenticate and Authorize • Enforces authorization policies and privileges • Supports multiple user roles Update and Remediate • Network-based tools for vulnerability and threat remediation • Help-desk integration Quarantine and Enforce • Isolate noncompliant devices from rest of network • MAC and IP-based quarantine effective at a per-user level Scan and Evaluate • Agent scan for required versions of hotfixes, AV, etc. • Network scan for virus and worm infections and port vulnerabilities
  • 12. © 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 12 Cisco NAC Addresses Top Pain Points Cisco NAC authenticates and controls guest and unmanaged assets. Source: Current Analysis, July 2006 Cisco NAC assesses, quarantines, and remediates noncompliant endpoints. Cisco® NAC applies access and posture policies based on roles. How to Implement Role-Based Access Control How to Handle Guest and Unmanaged Users How to Enforce Endpoint Policy Requirements
  • 13. © 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 13 Cisco NAC by the Numbers 2000+ Customers 47% Market Share1 1 Infonetics, May 2007 2 March 2007 http://searchnetworking.techtarget.com/productsOfTheYear/ 3 May 2007 http://www.networkcomputing.com/channels/security/showArticle.jhtml?articleID=199204304 Gold Award: Determined by Reader Survey2 75% of Infonetics Survey Respondents Ranked Cisco No. 1 Among NAC Vendors1 No.1 NAC Vendor Based on Network World Reader Survey3
  • 14. © 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 14 The Goal Intranet or Network Cisco NAC Appliance Flow 2. User logs in to optional agent or is redirected to a login Webpage Cisco® NAC validates username and password, also performs device and network scans to assess vulnerabilities on the device Device is noncompliant or login is incorrect User is denied access and assigned to a quarantine role with access to online remediation resources 3a. Quarantine Role 3b. Device is “clean” Machine gets on “certified devices list” and is granted access to network Cisco NAC Server Cisco NAC Manager 1. End user attempts to access network Access is blocked until wired or wireless end user provides login information Authentication Server
  • 15. © 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 15 Cisco Business Benefits Manage and Mitigate Risks Introduce Operational Efficiencies Maintain Network Accessibility Transparent Interoperability with Other Cisco® Products Makes Self-Defending Networks a Reality for Secured Remote Access for Secured LAN Access for Secured Wireless Access
  • 16. © 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 16 Maintain Network Accessibility 3.6% 3% Monetary loss as a percentage of total revenue Human or Configuration Errors Network Security Attacks “Human error plays a much larger part in application downtime than in any other area; human error is responsible for 35% of outage time and 31% of service degradation time.” (Infonetics, The Costs of Downtime, 2006) Cisco NAC Addresses the Two Primary Sources of Downtime. “In recent years, lost productivity has started to eclipse data theft as the primary concern when it comes to network security attacks.” (Infonetics, The Costs of Network Security Attacks, 2007)
  • 17. © 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 17 Part of the Cisco Self-Defending Network Interoperates with Many Other Cisco® Products, Such as VPN, Wireless Products, Routers, and Switches to Increase Network Resiliency and Productivity • Switches and routers All switches and routers (in band) Cisco Catalyst® 2900, 2940, 2950, 2960, 3500, 3550, 3560, 3750, 3760, 4000, 4500, and 6500 models (out of band) • VPN products Cisco VPN 3000 Series Concentrators Cisco ASA VPN Cisco Integrated Services Router and Cisco IOS® Software VPN • Wireless access points Wireless LAN services module (WLSM) (Cisco Aironet® access points) Wireless LAN Controller (WiSM/WLC) • Cisco Security Agent for day-zero endpoint security • Cisco Security Monitoring, Analysis and Response System (MARS) for security correlation
  • 18. © 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 18 1 The Cisco® Empowered Branch 2 Security Considerations for the Branch Office 3 Cisco Network Admission Control (NAC) Overview 4 Securing the Empowered Branch with Cisco NAC Contents
  • 19. © 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 19 Cisco NAC Appliance Portfolio 2500 Users Each or 3500 Users Each Super Manager Manages up to 40 Enterprise and Branch Servers Enterprise and Branch Servers 1500 Users Each Standard Manager Manages up to 20 Branch Offices, SMB Servers, or Cisco® Integrated Services Router Network Modules 100 Users 250 Users 500 Users Manager Lite Manages up to 3 50 or 100 Users ƒ NME-NAC for 50 and 100 users; integrates CAS functions ƒ Supports Cisco 2811, 2821, 2851, 3825, and 3845 Integrated Services Routers Now Extending to Cisco Integrated Services Router
  • 20. © 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 20 Cisco NAC Deployments Central Site Campus Building Corporate Users 802.1q Layer 3 Segmentation Campus Building Corporate Users IPsec VPN Home Office Unmanaged Desktop SSL Tunnel VPN Account Manager Mobile User Branch Office Branch Users WAN IP Wireless Network LWAPP Users LWAPP 802.1q
  • 21. © 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 21 Extending Cisco NAC with Cisco Integrated Services Router Network Module Network Admission Control Better Criteria for Network Access Beyond “Who Is It?” Authenticate and Authorize Update and Remediate Quarantine and Enforce Scan and Evaluate What’s the preferred way to check or fix it? Where is it coming from? What’s on it? What is it doing? What do you have? Who owns it? = Four Critical Functions Industry’s First Full NAC Network Module
  • 22. © 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 22 Cisco NAC Network Module on Cisco Integrated Services Router • Authentication and identity • Security posture • Enforcement • Remediation Use Cases • Pervasive security One product for all use cases and locations • Consistent policy One policy store for consistent application across entire organization • Transparent deployment Integrated for easier deployment, troubleshooting, and management Wireless Remote Access Guest LAN Benefits: Cisco NAC
  • 23. © 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 23 Cisco NAC for Customer Choice System Support • Vendor accountability: Network partner • Fewer maintenance contracts Operational Efficiency • Fewer devices, management systems, and user interfaces • Simplified troubleshooting Appliances (Overlay) Cisco Integrated Services Router Network Module (Modular) Or Service Interoperability • Consistency • Interoperability • Tested Investment Protection • Flexibility to evolve through system modularity
  • 24. © 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 24 Any Combination Works Not supported Supported High availability Fits into Cisco 2811, 2821, 2851, 3825, and 3845 Integrated Services Routers Separate appliance Form factor Cisco NAC Appliance Manager (manages both options) Policy store or management point Same deployment flexibility with Layer 2 or Layer 3, in-band or out-of-band, agent or agentless Increments of 100, 250, 500, 1500, and 2500 users per server Campus: Wired, wireless, remote, and guest access Appliances (Overlay) Increments of 50 or 100 per module Branch: Wired, wireless, remote, and guest access Cisco Integrated Services Router Network Module (Modular) Deployment methods Number of users Primary use cases
  • 25. © 2006 Cisco Systems, Inc. All rights reserved. NAC_BDM_May 25