SlideShare a Scribd company logo

MobileIron plus Cisco - Mobilizing Network Security

Download as PPTX, PDF
M
mobileironmarketing

This ppt shows how MobileIron and Cisco are working together to mobilize network security. • MobileIron plus Cisco ISE brings unprecedented visibility and control to mobile devices, allowing mobile device policies to be extended into the network and network policies to be seamlessly extended to mobile endpoints. • MobileIron plus CSC enables businesses to manage their mobile devices more effectively, by accelerating deployment of iOS devices and gaining the much-needed visibility and control over their policies. • MobileIron plus Cisco AnyConnect VPN provides highly secure remote access for selected applications by user, role, or device.

Mobile
1 of 48
MobileIron Confidential MobileIron plus Cisco: Mobilizing Network Security Cynthia Ryan, MobileIron, Solutions Marketing Manager Fran Thorpe, MobileIron, Head, Business Development, Technology Alliances Ameet Kulkarni, Cisco, Product Manager Paul Carco, Cisco, Technical Marketing Engineer
MobileIron ConfidentialMobileIron Confidential Your hosts Cynthia Ryan, MobileIron, Solutions Marketing Manager
MobileIron ConfidentialMobileIron Confidential Your hosts Cynthia Ryan, MobileIron, Solutions Marketing Manager Fran Thorpe, MobileIron, Head, Business Development, Technology Alliances
MobileIron ConfidentialMobileIron Confidential Your hosts Cynthia Ryan, MobileIron, Solutions Marketing Manager Ameet Kulkarni, Cisco, Product Manager Fran Thorpe, MobileIron, Head, Business Development, Technology Alliances
MobileIron ConfidentialMobileIron Confidential Your hosts Cynthia Ryan, MobileIron, Solutions Marketing Manager Ameet Kulkarni, Cisco, Product Manager Paul Carco, Cisco, Technical Marketing Engineer Fran Thorpe, MobileIron, Head, Business Development, Technology Alliances
MobileIron ConfidentialMobileIron Confidential Logistics / Housekeeping • A recording of this webinar will be available shortly – Transcript – Replay – Slides
MobileIron ConfidentialMobileIron Confidential Logistics / Housekeeping • A recording of this webinar will be available shortly – Transcript – Replay – Slides • We welcome your questions – We will pause for Q&A inbetween topics – Please use the Q&A panel
MobileIron ConfidentialMobileIron Confidential Why are we here? “Leaders . . . demonstrate broad integration with channel and other technology providers. . . Organizations that want an up-to-date, scalable and proven UEM solution that integrates with a large security ecosystem . . . should consider MobileIron.” -- Gartner, 2018 UEM Magic Quadrant
MobileIron ConfidentialMobileIron Confidential Why are we here? “Leaders . . . demonstrate broad integration with channel and other technology providers. . . Organizations that want an up-to-date, scalable and proven UEM solution that integrates with a large security ecosystem . . . should consider MobileIron.” -- Gartner, 2018 UEM Magic Quadrant EcoSystem@mobileiron.com
MobileIron ConfidentialMobileIron Confidential Agenda MobileIron Cisco Identity Services Engine Cisco Security Connector and AnyConnect Q & A
Workflow automation Collaboration Customer experience Communication Limitless computing through mobile Limitless infrastructure through cloud TRANSFORMATION
MobileIron System of record for trust across the last mile
MobileIron ConfidentialMobileIron Confidential A UEM admin has critical visibility Device-to-UEM relationship provides unique insight • User identity • Device state – Ownership – Current configuration – App inventory • Access policies • Compliance/ enforcement actions
MobileIron ConfidentialMobileIron Confidential Multiple roles in assessment / enforcement Policy Information Point (PIP) v Policy Decision Point (PDP) Policy Enforcement Point (PEP)
MobileIron ConfidentialMobileIron Confidential Asset Management Provision the trusted workspace Together with Cisco we bring awareness and alignment Endpoint Security Protect business data and user privacy Access Control Block untrusted endpoints and apps Security Operations Detect and remediate threats The MobileIron Platform: Sharing data for coordinated control
MobileIron ConfidentialMobileIron Confidential Agenda MobileIron Cisco Identity Services Engine Cisco Security Connector and AnyConnect Q & A
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Conventional management is painful and risky New individuals require personalized permissions Lack of visibility leaves network open to intrusions Overprotective policies leave employees stranded STOP ! ! Access Denied !
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Low risk Device complaint Finance credential Low risk Device complaint Guest Unlock next-generation secure network access Preconfigure access by business profiles Identify profiles automatically and intelligently Enforce access across entire infrastructure Finance Employee Profile Guest / Vendor Profile Finance Employee Profile Guest / Vendor Profile PROFILE ACCESS Finance HR Lobby PROFILE ACCESS Finance HR Lobby Finance HR Lobby with contextual awareness and segmentation Finance HR Lobby
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco solutions are the key to intuitive network security Give your internal customers the access they want Streamline your network management Maximize your security and contain breaches
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Give your internal customers the access they want Ensure ubiquitous access Set permissions by business role, so users get the right access based on device, location, and more Automate device onboarding Provide easy guest and BYOD access with self- service device onboarding portals and policies Relieve tension between IT and users Support new devices, apps, or access needs quickly from a single dashboard. Employee Log in
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Maximize your security and contain breaches Safeguard your network Keep your network secure with total visibility and control from campus to cloud Reduce attack surface Immunize your network through segmentation Harmonized, automated threat protection Centralized context sharing and policy controller for rapid threat containment Access Denied
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Streamline your network management Automate complex changes Take the complexity out of moves, adds, and changes be it users, segments, or environments Integrate disparate solutions Whether five or fifty, your network and security solutions can now truly communicate Embed compliance standards Systematically enforce access policies that align with regulatory and security compliance
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential CSTA – Engineered Integrations Across the Breadth of Security EMM/UEM/MDM Endpoint and Custom Detection Forensics and IR NPM/APM and Visualization Other SIEM & Analytics IAM/SSO Threat IntelligenceCASB UEBA Deception Orchestration Vulnerability Management Firewall and Policy Management Infrastructure Cloud Software & Infrastructure IoT Visibility
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential ISE connects trusted users and devices with trusted services Identity Services Engine (ISE): a centralized security solution that automates context-aware access Trusted Device Groups Trusted App/Services Trusted Group Partners Cloud App A Cloud App B Server A Server B Trusted Asset Trusted Group Partners Public/Private Cloud Policy Enforcement Cloud On Prem Enforcement on every PIN on Premise Destination Source
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential ISE internal CA for BYOD certificates Access based on MDM policy Single / Dual SSID provisioning Native supplicant & cert provisioning Services for Mobile Device EMM/UEM/MDM integrationsDevice Support Devices Resources ✕ ✓ ✕ ✓ ✓ ✓ ✓ ✓ ✕ ✓ ✕ ✕ ✕ ✓ ✓ ✕ ✕ ✕ PUBLIC CORPORATE EMM: Enterprise Mobility Management | UEM: Unified Endpoint Management | MDM: Mobile Device Management iDevice Android MAC OSx Windows ChromeOS
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Mobile Device Compliance MDM Policy Checks Device registration status Device compliance status Disk encryption status Pin lock status Jailbreak status Manufacturer Model IMEI Serial number OS version Phone number Posture Compliance assessment for Mobile devices 1. Register with ISE 2. Internet Access 3. Register with MDM 5. Allow Corp access Cisco ISE MDM Internet Corporate 4. Comply MDM Policy Mobile Device
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential MDM compliance check on ISE • Compliance based on: –General Compliant or ! Compliant status • OR –Disk encryption enabled –Pin lock enabled –Jail broken status • MDM attributes available for policy conditions • “Passive Reassessment”: Bulk recheck against the MDM server using configurable timer. –If result of periodic recheck shows that a connected device is no longer compliant, ISE sends a CoA to terminate session. Micro level Macro level Survivability Attribute
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential MDM Integration Flow Registered? MyDevices ISE BYOD Registration MDM Registered? MDM Compliant? Access-Accept ISE Portal Link to MDM Onboarding ISE Portal for MDM non- compliance Internet Only
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • Ability for administrator and user in ISE to issue remote actions on the device through the MDM server (eg: remote wiping the device) MDM Action
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential MDM Report MobileIr on MobileIr on MobileIr on MobileIr on MobileIr on MobileIr on MobileIr on MobileIr on MobileIr on MobileIr on
MobileIron ConfidentialMobileIron Confidential Agenda MobileIron Cisco Identity Services Engine Cisco Security Connector and AnyConnect Q & A
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Agenda Cisco Security Connector (CSC) AnyConnect Per App VPN
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Introducing: The Cisco Security Connector (CSC) for iOS 33 iOS
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Security Connector is for supervised devices only Bring your own device (BYOD) Enterprise-owned, not supervised Enterprise-owned, DEP – not supervised
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Visibility Gain insight into activity on iOS devices during incident investigations Control Defend against phishing attacks and accidental browsing of bad sites Cisco Security Connector
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Security Connector for iOS 36 The Network Apps Network API HTTPs / TLS
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Security Connector One App,Two Functions CONTROL AND VISIBILITY • DNS-layer enforcement and encryption via net new iOS 11 functionality • Customizable URL-based protection with intelligent proxy • Available to Umbrella1 customers at no extra charge if subscription’s user count already covers those using iOS VISIBILITY AND CONTROL • App-layer auditing and correlation via net new iOS 11 functionality • Logs encrypted URL requests without SSL decryption • Available to AMP for Endpoints customers at no extra charge if subscription’s device count already covers iOS devices 1. Professional, Insights and Platform packages 37
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Integration w/ 3rd Party MDM / EMM Download mobileconfig from Umbrella & Clarity – Upload to MDM for Push * iOS identities include device serial numbers, friendly names, and group profiles. Supervised devices Automatically enrolled to Cisco cloud services DOWNLOAD configuration UPLOAD into MDM PUSHES Per-device configurations for the Cisco Security Connector reflecting one or both policies PUSHES* Per-device iOS identities* Umbrella Dashboard maps policies to identities MDM / EMM Upload Clarity & Umbrella configurations Clarity (AMP) Dashboard maps policies to identities DOWNLOAD configuration UPLOAD into MDM
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Flows attributed by iOS identity and app Clarity (AMP) Dashboard Zero-touch UX for end-users Visibility and control Works anywhere On- and off-network Requests attributed by iOS identity Umbrella Dashboard Umbrella AMP Encryption and enforcement Internet requests Auditing and correlation App traffic flows Clarity App extension Umbrella App extension One app, two extensions Automatically provisioned via Meraki
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What does it all do? MDM ClarityUmbrella incident response situational awareness app and user audit blocking at IP-layer accident avoidance content control intelligent proxy endpoint management
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Introducing: AnyConnect Per APP VPN 41 iOS Android
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco AnyConnect PerApp VPN & MobileIron
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Full-Tunnel, Split-Tunnel or Per-App VPN Corporate Connection Social Media App Z Video Streaming App B External Resource (IP, App, Etc.) Per App VPN Split Tunneling Full Tunneling Internal App X External App Y Internal DNS / IP Address ASA Internet Internal Resource Capabilities Benefits Provide highly secure remote access from mobile endpoints Extend narrow remote access for partners and contractors Leverage per app policy by creating per-app VPN policies using the dedicated app selector Dynamically provision split tunneling after tunnel establishment, based on the target host DNS domain/host name. Traditional Split-Tunnel/Local Lan Access based on Network
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Differentiate Mobile Access Connect Only Approved Applications Over VPN Provide highly secure remote access for selected applications by user, role, device, etc. (Per App VPN) Reduce the potential for non-approved applications to compromise enterprise data Support a range of remote users and endpoints (employees, partners, contractors), streamlining IT operations VPN WWW Selectively Tunnels Traffic Through VPN Microsoft SharePoint Microsoft Office 365
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Policy provisioned by third-party MDM vendor Allows application policy enforcement by Cisco® ASA and Cisco AnyConnect® Allows wildcard application package identifiers to equal com.anybird.* Managed Per APP VPN
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Per App Managed Flow Request Connect Credentials/ACIDex Auth Challenge Enterprise Network VPN, Mobile Device ASA Config w/Per App Policy Apply Policy from 3rd Party MDM Enforce App meets Policy from ASA configuration DAP to Per App Policy Is the traffic Valid Valid Application Traffic
MobileIron ConfidentialMobileIron Confidential Customers and Case Studies • Cisco ISE and MobileIron: Hundreds of integrations globally • Cisco AnyConnect: #1 VPN amongst MobileIron customers • Cisco Security Connector: Case studies under development
MobileIron ConfidentialMobileIron Confidential Thank you! MobileIron Cisco Security Connector Cisco Identity Services Engine Q & A

Recommended

Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?IBM Security
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart ThemIBM Security
 
Are We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile EnterpriseAre We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile EnterpriseIBM Security
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365SecureAuth
 
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...IBM Security
 
LENSEC Corporate Presentation 2017
LENSEC Corporate Presentation 2017LENSEC Corporate Presentation 2017
LENSEC Corporate Presentation 2017Keith Harris
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarIBM Security
 
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentIBM Security
 

Recommended

Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?IBM Security
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart ThemIBM Security
 
Are We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile EnterpriseAre We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile EnterpriseIBM Security
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365SecureAuth
 
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...IBM Security
 
LENSEC Corporate Presentation 2017
LENSEC Corporate Presentation 2017LENSEC Corporate Presentation 2017
LENSEC Corporate Presentation 2017Keith Harris
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarIBM Security
 
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentIBM Security
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should KnowIBM Security
 
Passwordless Authentication
Passwordless AuthenticationPasswordless Authentication
Passwordless AuthenticationEnterprise Management Associates
 
The Industrial Immune System
The Industrial Immune SystemThe Industrial Immune System
The Industrial Immune SystemJustin Hayward
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBsJyothi Satyanathan
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseQRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseIBM Security
 
Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015Samuel Kamuli
 
Zenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZscaler
 
Fortinet Perspectiva Coporativa
Fortinet Perspectiva CoporativaFortinet Perspectiva Coporativa
Fortinet Perspectiva CoporativaSuministros Obras y Sistemas
 
Best corporate end-point protection 2013
Best corporate end-point protection 2013Best corporate end-point protection 2013
Best corporate end-point protection 2013F-Secure Corporation
 
Fortinet Icon Library
Fortinet Icon LibraryFortinet Icon Library
Fortinet Icon LibraryFortinet
 
Network Security - Fortinet, Dublin June 2017
Network Security - Fortinet, Dublin June 2017Network Security - Fortinet, Dublin June 2017
Network Security - Fortinet, Dublin June 2017Novosco
 
Fortinet
FortinetFortinet
FortinetAsifur Rahman Asif
 
IBM Security Portfolio - 2015
IBM Security Portfolio - 2015IBM Security Portfolio - 2015
IBM Security Portfolio - 2015IBM Thailand Co Ltd
 
CyberoamNGSeriesUTMBrochure
CyberoamNGSeriesUTMBrochureCyberoamNGSeriesUTMBrochure
CyberoamNGSeriesUTMBrochureBaqar kazmi
 
IBM Security - 2015 - Client References Guide
IBM Security - 2015 - Client References GuideIBM Security - 2015 - Client References Guide
IBM Security - 2015 - Client References GuideFrancisco González Jiménez
 
Enabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICEnabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICAmazon Web Services
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without BoundariesPing Identity
 
Build and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinarBuild and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinarAlgoSec
 
Appsecurity, win or loose
Appsecurity, win or looseAppsecurity, win or loose
Appsecurity, win or looseBjørn Sloth
 
Three Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and EngineeringThree Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and EngineeringWaterfall Security Solutions
 
Protegendo sua rede
Protegendo sua redeProtegendo sua rede
Protegendo sua redeCisco do Brasil
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 

More Related Content

What's hot

10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should KnowIBM Security
 
The Industrial Immune System
The Industrial Immune SystemThe Industrial Immune System
The Industrial Immune SystemJustin Hayward
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBsJyothi Satyanathan
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseQRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseIBM Security
 
Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015Samuel Kamuli
 
Zenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZscaler
 
Best corporate end-point protection 2013
Best corporate end-point protection 2013Best corporate end-point protection 2013
Best corporate end-point protection 2013F-Secure Corporation
 
Fortinet Icon Library
Fortinet Icon LibraryFortinet Icon Library
Fortinet Icon LibraryFortinet
 
Network Security - Fortinet, Dublin June 2017
Network Security - Fortinet, Dublin June 2017Network Security - Fortinet, Dublin June 2017
Network Security - Fortinet, Dublin June 2017Novosco
 
CyberoamNGSeriesUTMBrochure
CyberoamNGSeriesUTMBrochureCyberoamNGSeriesUTMBrochure
CyberoamNGSeriesUTMBrochureBaqar kazmi
 
Enabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICEnabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICAmazon Web Services
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without BoundariesPing Identity
 
Build and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinarBuild and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinarAlgoSec
 
Appsecurity, win or loose
Appsecurity, win or looseAppsecurity, win or loose
Appsecurity, win or looseBjørn Sloth
 
Three Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and EngineeringThree Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and EngineeringWaterfall Security Solutions
 

What's hot (20)

10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
 
Passwordless Authentication
Passwordless AuthenticationPasswordless Authentication
Passwordless Authentication
 
The Industrial Immune System
The Industrial Immune SystemThe Industrial Immune System
The Industrial Immune System
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseQRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the Mouse
 
Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015
 
Zenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZenith Live - Security Lab - Phantom
Zenith Live - Security Lab - Phantom
 
Fortinet Perspectiva Coporativa
Fortinet Perspectiva CoporativaFortinet Perspectiva Coporativa
Fortinet Perspectiva Coporativa
 
Best corporate end-point protection 2013
Best corporate end-point protection 2013Best corporate end-point protection 2013
Best corporate end-point protection 2013
 
Fortinet Icon Library
Fortinet Icon LibraryFortinet Icon Library
Fortinet Icon Library
 
Network Security - Fortinet, Dublin June 2017
Network Security - Fortinet, Dublin June 2017Network Security - Fortinet, Dublin June 2017
Network Security - Fortinet, Dublin June 2017
 
Fortinet
FortinetFortinet
Fortinet
 
IBM Security Portfolio - 2015
IBM Security Portfolio - 2015IBM Security Portfolio - 2015
IBM Security Portfolio - 2015
 
CyberoamNGSeriesUTMBrochure
CyberoamNGSeriesUTMBrochureCyberoamNGSeriesUTMBrochure
CyberoamNGSeriesUTMBrochure
 
IBM Security - 2015 - Client References Guide
IBM Security - 2015 - Client References GuideIBM Security - 2015 - Client References Guide
IBM Security - 2015 - Client References Guide
 
Enabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICEnabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TIC
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without Boundaries
 
Build and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinarBuild and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinar
 
Appsecurity, win or loose
Appsecurity, win or looseAppsecurity, win or loose
Appsecurity, win or loose
 
Three Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and EngineeringThree Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and Engineering
 

Similar to MobileIron plus Cisco - Mobilizing Network Security

IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
Presentation cloud security the grand challenge
Presentation cloud security the grand challengePresentation cloud security the grand challenge
Presentation cloud security the grand challengexKinAnx
 
Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...
Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...
Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...Indus Khaitan
 
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco #ITSitioEnRSA - Presentacion de Jeef Reed de Cisco
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco ITSitio.com
 
Smarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesSmarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesChris Pepin
 
Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Zernike College
 
Oracle OpenWorld 2015 | CON9456 Mobile Security in the Cloud
Oracle OpenWorld 2015 | CON9456 Mobile Security in the CloudOracle OpenWorld 2015 | CON9456 Mobile Security in the Cloud
Oracle OpenWorld 2015 | CON9456 Mobile Security in the CloudIndus Khaitan
 
CIS14: Network-Aware IAM
CIS14: Network-Aware IAMCIS14: Network-Aware IAM
CIS14: Network-Aware IAMCloudIDSummit
 
Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Jason Jolley
 
Enterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without CompromiseEnterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without CompromiseRobb Boyd
 
Ebc collab portfolio_master
Ebc collab portfolio_masterEbc collab portfolio_master
Ebc collab portfolio_masterdakins090174
 
TechWiseTV Workshop: Operational Insights
TechWiseTV Workshop: Operational InsightsTechWiseTV Workshop: Operational Insights
TechWiseTV Workshop: Operational InsightsRobb Boyd
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Visibility and Automation for Enhanced Security
Visibility and Automation for Enhanced SecurityVisibility and Automation for Enhanced Security
Visibility and Automation for Enhanced Securitypatmisasi
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifySumana Mehta
 
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...Cisco Canada
 
IBM MobileFirst Protect (MaaS360) : Rendre la Messagerie Mobile Gérable et Sé...
IBM MobileFirst Protect (MaaS360) : Rendre la Messagerie Mobile Gérable et Sé...IBM MobileFirst Protect (MaaS360) : Rendre la Messagerie Mobile Gérable et Sé...
IBM MobileFirst Protect (MaaS360) : Rendre la Messagerie Mobile Gérable et Sé...AGILLY
 
Research - Mobility Solution Testing
Research - Mobility Solution TestingResearch - Mobility Solution Testing
Research - Mobility Solution Testingmobiangle
 

Similar to MobileIron plus Cisco - Mobilizing Network Security (20)

Protegendo sua rede
Protegendo sua redeProtegendo sua rede
Protegendo sua rede
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
Presentation cloud security the grand challenge
Presentation cloud security the grand challengePresentation cloud security the grand challenge
Presentation cloud security the grand challenge
 
Adaptive Trust for Strong Network Security
Adaptive Trust for Strong Network SecurityAdaptive Trust for Strong Network Security
Adaptive Trust for Strong Network Security
 
Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...
Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...
Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...
 
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco #ITSitioEnRSA - Presentacion de Jeef Reed de Cisco
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco
 
Smarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesSmarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst Services
 
Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009
 
Oracle OpenWorld 2015 | CON9456 Mobile Security in the Cloud
Oracle OpenWorld 2015 | CON9456 Mobile Security in the CloudOracle OpenWorld 2015 | CON9456 Mobile Security in the Cloud
Oracle OpenWorld 2015 | CON9456 Mobile Security in the Cloud
 
CIS14: Network-Aware IAM
CIS14: Network-Aware IAMCIS14: Network-Aware IAM
CIS14: Network-Aware IAM
 
Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!
 
Enterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without CompromiseEnterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without Compromise
 
Ebc collab portfolio_master
Ebc collab portfolio_masterEbc collab portfolio_master
Ebc collab portfolio_master
 
TechWiseTV Workshop: Operational Insights
TechWiseTV Workshop: Operational InsightsTechWiseTV Workshop: Operational Insights
TechWiseTV Workshop: Operational Insights
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewalls
 
Visibility and Automation for Enhanced Security
Visibility and Automation for Enhanced SecurityVisibility and Automation for Enhanced Security
Visibility and Automation for Enhanced Security
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
 
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
 
IBM MobileFirst Protect (MaaS360) : Rendre la Messagerie Mobile Gérable et Sé...
IBM MobileFirst Protect (MaaS360) : Rendre la Messagerie Mobile Gérable et Sé...IBM MobileFirst Protect (MaaS360) : Rendre la Messagerie Mobile Gérable et Sé...
IBM MobileFirst Protect (MaaS360) : Rendre la Messagerie Mobile Gérable et Sé...
 
Research - Mobility Solution Testing
Research - Mobility Solution TestingResearch - Mobility Solution Testing
Research - Mobility Solution Testing
 

MobileIron plus Cisco - Mobilizing Network Security

  • 1. MobileIron Confidential MobileIron plus Cisco: Mobilizing Network Security Cynthia Ryan, MobileIron, Solutions Marketing Manager Fran Thorpe, MobileIron, Head, Business Development, Technology Alliances Ameet Kulkarni, Cisco, Product Manager Paul Carco, Cisco, Technical Marketing Engineer
  • 2. MobileIron ConfidentialMobileIron Confidential Your hosts Cynthia Ryan, MobileIron, Solutions Marketing Manager
  • 3. MobileIron ConfidentialMobileIron Confidential Your hosts Cynthia Ryan, MobileIron, Solutions Marketing Manager Fran Thorpe, MobileIron, Head, Business Development, Technology Alliances
  • 4. MobileIron ConfidentialMobileIron Confidential Your hosts Cynthia Ryan, MobileIron, Solutions Marketing Manager Ameet Kulkarni, Cisco, Product Manager Fran Thorpe, MobileIron, Head, Business Development, Technology Alliances
  • 5. MobileIron ConfidentialMobileIron Confidential Your hosts Cynthia Ryan, MobileIron, Solutions Marketing Manager Ameet Kulkarni, Cisco, Product Manager Paul Carco, Cisco, Technical Marketing Engineer Fran Thorpe, MobileIron, Head, Business Development, Technology Alliances
  • 6. MobileIron ConfidentialMobileIron Confidential Logistics / Housekeeping • A recording of this webinar will be available shortly – Transcript – Replay – Slides
  • 7. MobileIron ConfidentialMobileIron Confidential Logistics / Housekeeping • A recording of this webinar will be available shortly – Transcript – Replay – Slides • We welcome your questions – We will pause for Q&A inbetween topics – Please use the Q&A panel
  • 8. MobileIron ConfidentialMobileIron Confidential Why are we here? “Leaders . . . demonstrate broad integration with channel and other technology providers. . . Organizations that want an up-to-date, scalable and proven UEM solution that integrates with a large security ecosystem . . . should consider MobileIron.” -- Gartner, 2018 UEM Magic Quadrant
  • 9. MobileIron ConfidentialMobileIron Confidential Why are we here? “Leaders . . . demonstrate broad integration with channel and other technology providers. . . Organizations that want an up-to-date, scalable and proven UEM solution that integrates with a large security ecosystem . . . should consider MobileIron.” -- Gartner, 2018 UEM Magic Quadrant EcoSystem@mobileiron.com
  • 10. MobileIron ConfidentialMobileIron Confidential Agenda MobileIron Cisco Identity Services Engine Cisco Security Connector and AnyConnect Q & A
  • 11. Workflow automation Collaboration Customer experience Communication Limitless computing through mobile Limitless infrastructure through cloud TRANSFORMATION
  • 12. MobileIron System of record for trust across the last mile
  • 13. MobileIron ConfidentialMobileIron Confidential A UEM admin has critical visibility Device-to-UEM relationship provides unique insight • User identity • Device state – Ownership – Current configuration – App inventory • Access policies • Compliance/ enforcement actions
  • 14. MobileIron ConfidentialMobileIron Confidential Multiple roles in assessment / enforcement Policy Information Point (PIP) v Policy Decision Point (PDP) Policy Enforcement Point (PEP)
  • 15. MobileIron ConfidentialMobileIron Confidential Asset Management Provision the trusted workspace Together with Cisco we bring awareness and alignment Endpoint Security Protect business data and user privacy Access Control Block untrusted endpoints and apps Security Operations Detect and remediate threats The MobileIron Platform: Sharing data for coordinated control
  • 16. MobileIron ConfidentialMobileIron Confidential Agenda MobileIron Cisco Identity Services Engine Cisco Security Connector and AnyConnect Q & A
  • 17. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Conventional management is painful and risky New individuals require personalized permissions Lack of visibility leaves network open to intrusions Overprotective policies leave employees stranded STOP ! ! Access Denied !
  • 18. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Low risk Device complaint Finance credential Low risk Device complaint Guest Unlock next-generation secure network access Preconfigure access by business profiles Identify profiles automatically and intelligently Enforce access across entire infrastructure Finance Employee Profile Guest / Vendor Profile Finance Employee Profile Guest / Vendor Profile PROFILE ACCESS Finance HR Lobby PROFILE ACCESS Finance HR Lobby Finance HR Lobby with contextual awareness and segmentation Finance HR Lobby
  • 19. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco solutions are the key to intuitive network security Give your internal customers the access they want Streamline your network management Maximize your security and contain breaches
  • 20. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Give your internal customers the access they want Ensure ubiquitous access Set permissions by business role, so users get the right access based on device, location, and more Automate device onboarding Provide easy guest and BYOD access with self- service device onboarding portals and policies Relieve tension between IT and users Support new devices, apps, or access needs quickly from a single dashboard. Employee Log in
  • 21. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Maximize your security and contain breaches Safeguard your network Keep your network secure with total visibility and control from campus to cloud Reduce attack surface Immunize your network through segmentation Harmonized, automated threat protection Centralized context sharing and policy controller for rapid threat containment Access Denied
  • 22. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Streamline your network management Automate complex changes Take the complexity out of moves, adds, and changes be it users, segments, or environments Integrate disparate solutions Whether five or fifty, your network and security solutions can now truly communicate Embed compliance standards Systematically enforce access policies that align with regulatory and security compliance
  • 23. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential CSTA – Engineered Integrations Across the Breadth of Security EMM/UEM/MDM Endpoint and Custom Detection Forensics and IR NPM/APM and Visualization Other SIEM & Analytics IAM/SSO Threat IntelligenceCASB UEBA Deception Orchestration Vulnerability Management Firewall and Policy Management Infrastructure Cloud Software & Infrastructure IoT Visibility
  • 24. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential ISE connects trusted users and devices with trusted services Identity Services Engine (ISE): a centralized security solution that automates context-aware access Trusted Device Groups Trusted App/Services Trusted Group Partners Cloud App A Cloud App B Server A Server B Trusted Asset Trusted Group Partners Public/Private Cloud Policy Enforcement Cloud On Prem Enforcement on every PIN on Premise Destination Source
  • 25. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential ISE internal CA for BYOD certificates Access based on MDM policy Single / Dual SSID provisioning Native supplicant & cert provisioning Services for Mobile Device EMM/UEM/MDM integrationsDevice Support Devices Resources ✕ ✓ ✕ ✓ ✓ ✓ ✓ ✓ ✕ ✓ ✕ ✕ ✕ ✓ ✓ ✕ ✕ ✕ PUBLIC CORPORATE EMM: Enterprise Mobility Management | UEM: Unified Endpoint Management | MDM: Mobile Device Management iDevice Android MAC OSx Windows ChromeOS
  • 26. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Mobile Device Compliance MDM Policy Checks Device registration status Device compliance status Disk encryption status Pin lock status Jailbreak status Manufacturer Model IMEI Serial number OS version Phone number Posture Compliance assessment for Mobile devices 1. Register with ISE 2. Internet Access 3. Register with MDM 5. Allow Corp access Cisco ISE MDM Internet Corporate 4. Comply MDM Policy Mobile Device
  • 27. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential MDM compliance check on ISE • Compliance based on: –General Compliant or ! Compliant status • OR –Disk encryption enabled –Pin lock enabled –Jail broken status • MDM attributes available for policy conditions • “Passive Reassessment”: Bulk recheck against the MDM server using configurable timer. –If result of periodic recheck shows that a connected device is no longer compliant, ISE sends a CoA to terminate session. Micro level Macro level Survivability Attribute
  • 28. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential MDM Integration Flow Registered? MyDevices ISE BYOD Registration MDM Registered? MDM Compliant? Access-Accept ISE Portal Link to MDM Onboarding ISE Portal for MDM non- compliance Internet Only
  • 29. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • Ability for administrator and user in ISE to issue remote actions on the device through the MDM server (eg: remote wiping the device) MDM Action
  • 30. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential MDM Report MobileIr on MobileIr on MobileIr on MobileIr on MobileIr on MobileIr on MobileIr on MobileIr on MobileIr on MobileIr on
  • 31. MobileIron ConfidentialMobileIron Confidential Agenda MobileIron Cisco Identity Services Engine Cisco Security Connector and AnyConnect Q & A
  • 32. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Agenda Cisco Security Connector (CSC) AnyConnect Per App VPN
  • 33. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Introducing: The Cisco Security Connector (CSC) for iOS 33 iOS
  • 34. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Security Connector is for supervised devices only Bring your own device (BYOD) Enterprise-owned, not supervised Enterprise-owned, DEP – not supervised
  • 35. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Visibility Gain insight into activity on iOS devices during incident investigations Control Defend against phishing attacks and accidental browsing of bad sites Cisco Security Connector
  • 36. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Security Connector for iOS 36 The Network Apps Network API HTTPs / TLS
  • 37. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Security Connector One App,Two Functions CONTROL AND VISIBILITY • DNS-layer enforcement and encryption via net new iOS 11 functionality • Customizable URL-based protection with intelligent proxy • Available to Umbrella1 customers at no extra charge if subscription’s user count already covers those using iOS VISIBILITY AND CONTROL • App-layer auditing and correlation via net new iOS 11 functionality • Logs encrypted URL requests without SSL decryption • Available to AMP for Endpoints customers at no extra charge if subscription’s device count already covers iOS devices 1. Professional, Insights and Platform packages 37
  • 38. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Integration w/ 3rd Party MDM / EMM Download mobileconfig from Umbrella & Clarity – Upload to MDM for Push * iOS identities include device serial numbers, friendly names, and group profiles. Supervised devices Automatically enrolled to Cisco cloud services DOWNLOAD configuration UPLOAD into MDM PUSHES Per-device configurations for the Cisco Security Connector reflecting one or both policies PUSHES* Per-device iOS identities* Umbrella Dashboard maps policies to identities MDM / EMM Upload Clarity & Umbrella configurations Clarity (AMP) Dashboard maps policies to identities DOWNLOAD configuration UPLOAD into MDM
  • 39. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Flows attributed by iOS identity and app Clarity (AMP) Dashboard Zero-touch UX for end-users Visibility and control Works anywhere On- and off-network Requests attributed by iOS identity Umbrella Dashboard Umbrella AMP Encryption and enforcement Internet requests Auditing and correlation App traffic flows Clarity App extension Umbrella App extension One app, two extensions Automatically provisioned via Meraki
  • 40. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What does it all do? MDM ClarityUmbrella incident response situational awareness app and user audit blocking at IP-layer accident avoidance content control intelligent proxy endpoint management
  • 41. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Introducing: AnyConnect Per APP VPN 41 iOS Android
  • 42. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco AnyConnect PerApp VPN & MobileIron
  • 43. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Full-Tunnel, Split-Tunnel or Per-App VPN Corporate Connection Social Media App Z Video Streaming App B External Resource (IP, App, Etc.) Per App VPN Split Tunneling Full Tunneling Internal App X External App Y Internal DNS / IP Address ASA Internet Internal Resource Capabilities Benefits Provide highly secure remote access from mobile endpoints Extend narrow remote access for partners and contractors Leverage per app policy by creating per-app VPN policies using the dedicated app selector Dynamically provision split tunneling after tunnel establishment, based on the target host DNS domain/host name. Traditional Split-Tunnel/Local Lan Access based on Network
  • 44. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Differentiate Mobile Access Connect Only Approved Applications Over VPN Provide highly secure remote access for selected applications by user, role, device, etc. (Per App VPN) Reduce the potential for non-approved applications to compromise enterprise data Support a range of remote users and endpoints (employees, partners, contractors), streamlining IT operations VPN WWW Selectively Tunnels Traffic Through VPN Microsoft SharePoint Microsoft Office 365
  • 45. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Policy provisioned by third-party MDM vendor Allows application policy enforcement by Cisco® ASA and Cisco AnyConnect® Allows wildcard application package identifiers to equal com.anybird.* Managed Per APP VPN
  • 46. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Per App Managed Flow Request Connect Credentials/ACIDex Auth Challenge Enterprise Network VPN, Mobile Device ASA Config w/Per App Policy Apply Policy from 3rd Party MDM Enforce App meets Policy from ASA configuration DAP to Per App Policy Is the traffic Valid Valid Application Traffic
  • 47. MobileIron ConfidentialMobileIron Confidential Customers and Case Studies • Cisco ISE and MobileIron: Hundreds of integrations globally • Cisco AnyConnect: #1 VPN amongst MobileIron customers • Cisco Security Connector: Case studies under development
  • 48. MobileIron ConfidentialMobileIron Confidential Thank you! MobileIron Cisco Security Connector Cisco Identity Services Engine Q & A