Обзор новой версии Cisco Identity Service Engine 2.0Cisco Russia
3-го ноября 2015-го года компания Cisco анонсировала новую версию своей системы централизованного контроля и управления сетевым доступом Cisco ISE 2.0. К числу новых возможностей можно отнести поддержку сетевых устройств не-Cisco, поддержку TACACS+, новые эко-партнеры в рамках pxGrid, интеграцию с Cisco Mobility Service Engine (MSE), интеграцию с FireSIGHT Management Center и ряд других функций.
Обзор новой версии Cisco Identity Service Engine 2.0Cisco Russia
3-го ноября 2015-го года компания Cisco анонсировала новую версию своей системы централизованного контроля и управления сетевым доступом Cisco ISE 2.0. К числу новых возможностей можно отнести поддержку сетевых устройств не-Cisco, поддержку TACACS+, новые эко-партнеры в рамках pxGrid, интеграцию с Cisco Mobility Service Engine (MSE), интеграцию с FireSIGHT Management Center и ряд других функций.
Повсеместная безопасность Cisco. Анонс новых решений. 3 ноября 2015Cisco Russia
Рады сообщить вам, что 3-го ноября наша компания анонсировала целый ряд новых и обновленных решений по информационной безопасности. Среди абсолютных новинок:
- Средство защиты и контроля доступа в облака Cisco Cloud Access Security, которое позволяет контролировать, что сотрудники компании делают в облаках Google, Box, Dropbox, OneDrive, Amazon и т.п.
- Средство мониторинга и защиты Интернет-активности корпоративных, домашних и мобильных пользователей – OpenDNS Umbrella.
- Cisco AMP for Endpoints, который теперь работает на двух новых операционных системах – Red Hat Linux и CentOS (в дополнение к Windows, Mac и Android).
К обновленным версиям можно отнести:
- Cisco ISE 2.0, который теперь поддерживает TACACS+, интегрируется с Check Point, может управлять решениями третьих фирм (Aruba, Motorola, HP и т.п.) и др.
- AnyConnect 4.2, который теперь может отдавать в недавно приобретенный нами Lancope данные NetFlow для более глубокого анализа аномалий, происходящих на узлах, а не только на уровне сети, что делает Cyber Threat Defense.
- Интеграция ThreatGrid со всеми решениями Cisco и OpenDNS, что позволяет унифицировать механизмы анализа вредоносных файлов.
Также мы анонсировали два новых сервиса по безопасности:
- Ориентированную на сегмент Commercial услугу Cisco Threat Awareness Services, которая позволяет БЕЗ установки каких-либо средств защиты на стороне заказчика и БЕЗ изменения конфигурации его сети и сетевого оборудования, предоставлять заказчику данные об угрозах, которые исходят из его сети или направлены на нее.
- Ориентированную на крупных корпоративных заказчиков услугу по аутсорсингу безопасности Cisco Active Threat Analytics, которая позволяет взять на себя (то есть на Cisco) функции по мониторингу и управлению решениями по ИБ, установленными на территории заказчиков.
3-го ноября 2015-го года компания Cisco анонсировала новую версию своего унифицированного защитного клиента Cisco AnyConnect 4.2. Одной из ключевых новых функций стало появление нового модуля Network Visibility Module, который с помощью протокола Netflow может собирать и передавать на внешние коллекторы (например, Cisco Lancope) расширенные данные о происходящем на узле – имя устройства, имя пользователя, используемые адреса, используемые процессы и приложения и т.п. Данная информация может быть использована для обнаружения аномалий не только во внутренней инфраструктуре компании, но теперь и за ее пределами.
Анонс новых решений по безопасности Cisco с выставки Interop 2014Cisco Russia
Анонс новых решений по безопасности Cisco с выставки Interop 2014:
- Cisco ISE 1.3
- AnyConnect 4.0
- Cyber Threat Defense 2.0
- новые партнеры в рамках pxGRID
Контроль и управление доступом к корпоративным ресурсам предприятияVERNA
01.05.2015. Семинар во Львове. Кирилл Карнаухов рассказал о преимуществах внедрения контроля сетевого доступа на предприятии и успешном проекте построения Cisco ISE в крупном украинском банке.
Повсеместная безопасность Cisco. Анонс новых решений. 3 ноября 2015Cisco Russia
Рады сообщить вам, что 3-го ноября наша компания анонсировала целый ряд новых и обновленных решений по информационной безопасности. Среди абсолютных новинок:
- Средство защиты и контроля доступа в облака Cisco Cloud Access Security, которое позволяет контролировать, что сотрудники компании делают в облаках Google, Box, Dropbox, OneDrive, Amazon и т.п.
- Средство мониторинга и защиты Интернет-активности корпоративных, домашних и мобильных пользователей – OpenDNS Umbrella.
- Cisco AMP for Endpoints, который теперь работает на двух новых операционных системах – Red Hat Linux и CentOS (в дополнение к Windows, Mac и Android).
К обновленным версиям можно отнести:
- Cisco ISE 2.0, который теперь поддерживает TACACS+, интегрируется с Check Point, может управлять решениями третьих фирм (Aruba, Motorola, HP и т.п.) и др.
- AnyConnect 4.2, который теперь может отдавать в недавно приобретенный нами Lancope данные NetFlow для более глубокого анализа аномалий, происходящих на узлах, а не только на уровне сети, что делает Cyber Threat Defense.
- Интеграция ThreatGrid со всеми решениями Cisco и OpenDNS, что позволяет унифицировать механизмы анализа вредоносных файлов.
Также мы анонсировали два новых сервиса по безопасности:
- Ориентированную на сегмент Commercial услугу Cisco Threat Awareness Services, которая позволяет БЕЗ установки каких-либо средств защиты на стороне заказчика и БЕЗ изменения конфигурации его сети и сетевого оборудования, предоставлять заказчику данные об угрозах, которые исходят из его сети или направлены на нее.
- Ориентированную на крупных корпоративных заказчиков услугу по аутсорсингу безопасности Cisco Active Threat Analytics, которая позволяет взять на себя (то есть на Cisco) функции по мониторингу и управлению решениями по ИБ, установленными на территории заказчиков.
3-го ноября 2015-го года компания Cisco анонсировала новую версию своего унифицированного защитного клиента Cisco AnyConnect 4.2. Одной из ключевых новых функций стало появление нового модуля Network Visibility Module, который с помощью протокола Netflow может собирать и передавать на внешние коллекторы (например, Cisco Lancope) расширенные данные о происходящем на узле – имя устройства, имя пользователя, используемые адреса, используемые процессы и приложения и т.п. Данная информация может быть использована для обнаружения аномалий не только во внутренней инфраструктуре компании, но теперь и за ее пределами.
Анонс новых решений по безопасности Cisco с выставки Interop 2014Cisco Russia
Анонс новых решений по безопасности Cisco с выставки Interop 2014:
- Cisco ISE 1.3
- AnyConnect 4.0
- Cyber Threat Defense 2.0
- новые партнеры в рамках pxGRID
Контроль и управление доступом к корпоративным ресурсам предприятияVERNA
01.05.2015. Семинар во Львове. Кирилл Карнаухов рассказал о преимуществах внедрения контроля сетевого доступа на предприятии и успешном проекте построения Cisco ISE в крупном украинском банке.
В поисках идеальной сети, или зачем нужна еще одна SDN / Андрей Королев (Ионика)Ontico
Сегодня термин "программно-определяемые сети" используется во множестве случаев — начиная с демонстрационных стендов с OpenVSwitch и заканчивая внедрениями распределенной программно-аппаратной оркестровки от профильных вендоров.
Разработка собственной модели сетевого транспорта и написание SDN обычно целесообразно и посильно лишь крупнейшим компаниям, но в нашем случае это также оказалось возможным, более того, SDN упростила взаимодействие с аппаратной начинкой кластеров и привела к снижению ее общей стоимости.
Мы хотим рассказать о практическом опыте разработки и использования полностью программной сети для клиентов публичного облака — от определения требований к функциональности такого решения до нюансов работы крупного отказоустойчивого SDN-кластера.
Человеческий глаз — уникальный, исключительно сложный оптический прибор. Окружающий мир человек видит ясно, когда все отделы глаза работают гармонично. Если в каком-либо звене происходит сбой, зрение ухудшается.
Углубленное изучение Security Group Tags: Детальный обзорCisco Russia
Security Group Tag (SGT) Обзор
– Высокоуровневый обзор
– Обзор технологии
Обзор вариантов использования и дизайна
– Разработаем политику TrustSec
– Контроль беспроводного доступа
– Контроль доступа в сегментах общего проживания
– Контроль доступа Партнера/Вендора/Контрактника
– Улучшенный дизайн с VRF для Университета
– Контроль доступа в сфере здравоохранения
– Контроль доступа в много-подсистемных сетях
– Контроль доступа в ритейловых сетях
– Контроль доступа и сегментация ЦОД
– Оркестрация системы контроля доступа для облачных и локальных
решений
Корпоративные сети - изменение парадигмы…Cisco Russia
Всеобъемлющий Интернет (IoE) создает новые соединения, ускоряет развитие и распространение технологических инноваций и формирует рынок, потенциал которого оценивается в 19 млрд долларов США. В этих условиях компаниям просто необходима новая модель ИТ-инфраструктуры. Модель, для которой характерны простота, интеллектуальные возможности и высокий уровень безопасности.
Узнайте больше: http://www.cisco.com/web/RU/solutions/executive/fast_it.html
Ваш следующий шаг? Аутсорсинг, уход в облако или…?КРОК
Вебинар «Решения ЕМС начального уровня: как упаковать Ваш ЦОД в одну стойку»
Подробнее о мероприятии http://www.croc.ru/action/detail/9603/
Презентация Дощаного Дмитрия, Директора Центра решений на базе технологий EMC
Обзор Сервисных Услуг Cisco в России и странах СНГ.Cisco Russia
Обзор Сервисных Услуг в России и странах СНГ.
Сервисные Услуги в России и странах СНГ делятсяна Базовую и Расширенную техническую поддержку.
БАЗОВАЯ ТЕХНИЧЕСКАЯ ПОДДЕРЖКА 1. Центр Технической Поддержки (ТАС) Центр технической поддержки Cisco TAC предоставляет Заказчикам быстрый доступ к технологическим экспертам с опытом диагностики и решения самых сложных проблем.
Cisco TAC обладает развитой системой управления запросами, которая позволяет оперативно направить проблему в соответствующую технологическую команду или перевести на следующий уровень поддержки, если проблема не решена в заданный период.
Cisco TAC предоставляет круглосуточную поддержку по всему миру.
Клиентские контракты на техническую поддержку Cisco Smart Net Total CareCisco Russia
Клиентские контракты на услуги технической поддержки Cisco Smart Net Total Care
Cisco Smart Net Total Care (SNTC) — это контракт на услуги технической поддержки Cisco.
Cервис сочетает в себе ведущие в отрасли и получившие множество наград технические сервисы с дополнительно встроенными инструментами бизнес-аналитики, которые получает Заказчик через встроенные интеллектуальные возможности на портале Smart Net Total Care.
Запись вебинара "Решения компании Cisco для операторов связи по защите от взлома и вредоносного программного обеспечения": https://ciscoclub.ru/resheniya-kompanii-cisco-dlya-operatorov-svyazi-po-zashchite-ot-vzloma-i-vredonosnogo-programmnogo-o
Запись вебинара "Решения компании Cisco для операторов связи по защите от взлома и вредоносного программного обеспечения": https://ciscoclub.ru/resheniya-kompanii-cisco-dlya-operatorov-svyazi-po-zashchite-ot-vzloma-i-vredonosnogo-programmnogo-o
Запись вебинара "Решения компании Cisco для операторов связи по защите от взлома и вредоносного программного обеспечения": https://ciscoclub.ru/resheniya-kompanii-cisco-dlya-operatorov-svyazi-po-zashchite-ot-vzloma-i-vredonosnogo-programmnogo-o
Профессиональные услуги Cisco для Software-Defined AccessCisco Russia
Как реализовать SDA, создать стратегию, которая будет сопоставлена с бизнес задачами, оценить готовность к трансформации, успешно и максимально надежно реализовать намеченные планы.
Обнаружение известного вредоносного кода в зашифрованном с помощью TLS трафик...Cisco Russia
О работе группы исследователей компании Cisco, в которой доказана применимость традиционных методов статистического и поведенческого анализа для обнаружения и атрибуции известного вредоносного ПО, использующего TLS в качестве метода шифрования каналов взаимодействия, без дешифровки или компрометации TLS-сессии. Также рассказано о решении Cisco Encrypted Traffic Analytics, реализующем принципы, заложенные в данном исследовании, его архитектуре и преимуществах.
Промышленный Интернет вещей: опыт и результаты применения в нефтегазовой отраслиCisco Russia
Как компания Cisco способствует цифровой трансформации предприятий нефтегазовой отрасли. Описание внедренных проектов, полученных результатов, обзор примененных архитектур.
What are the transformations.. And the specific challengesNeed to make this more impactful.Focus on three themes:Slide #1 Device Proliferation - 15 Billion devices by 2015 that will be connecting to your network - Every person has 3-4 devices on them that connects to the network - 40% of Staff are bringing their own devices to work2) Next Generation Workforce - Work is no longer a place you go to work - People are willing to take a pay cut as long as they are able to work from home - Globalization, acquisitions, increased competitiveness - Need anywhere, anytime, any device access3) Virtualization No content yet, just put placeholderSlide #2Device ProliferationHow do I ensure consistent experience on all devices? How and what do I support?How do I implement multiple security policies per user, device? What devices are on my networks? 2) Changing WorkforceAm I hindering my workforce to be competitive?How do I retain top talent?How do I ensure compliance with SOX, HIPAA, etc?Can I handle partners, consultants, guest appropriately? 3) VirtualizationHow do I know who is accessing my virtual desktop infrastructure?How do I secure access to my data across the cloud.. in a scalable wayCan I ensure compliance across geographic boundaries
What are the transformations.. And the specific challengesNeed to make this more impactful.Focus on three themes:Slide #1 Device Proliferation - 15 Billion devices by 2015 that will be connecting to your network - Every person has 3-4 devices on them that connects to the network - 40% of Staff are bringing their own devices to work2) Next Generation Workforce - Work is no longer a place you go to work - People are willing to take a pay cut as long as they are able to work from home - Globalization, acquisitions, increased competitiveness - Need anywhere, anytime, any device access3) Virtualization No content yet, just put placeholderSlide #2Device ProliferationHow do I ensure consistent experience on all devices? How and what do I support?How do I implement multiple security policies per user, device? What devices are on my networks? 2) Changing WorkforceAm I hindering my workforce to be competitive?How do I retain top talent?How do I ensure compliance with SOX, HIPAA, etc?Can I handle partners, consultants, guest appropriately? 3) VirtualizationHow do I know who is accessing my virtual desktop infrastructure?How do I secure access to my data across the cloud.. in a scalable wayCan I ensure compliance across geographic boundaries
What are the transformations.. And the specific challengesNeed to make this more impactful.Focus on three themes:Slide #1 Device Proliferation - 15 Billion devices by 2015 that will be connecting to your network - Every person has 3-4 devices on them that connects to the network - 40% of Staff are bringing their own devices to work2) Next Generation Workforce - Work is no longer a place you go to work - People are willing to take a pay cut as long as they are able to work from home - Globalization, acquisitions, increased competitiveness - Need anywhere, anytime, any device access3) Virtualization No content yet, just put placeholderSlide #2Device ProliferationHow do I ensure consistent experience on all devices? How and what do I support?How do I implement multiple security policies per user, device? What devices are on my networks? 2) Changing WorkforceAm I hindering my workforce to be competitive?How do I retain top talent?How do I ensure compliance with SOX, HIPAA, etc?Can I handle partners, consultants, guest appropriately? 3) VirtualizationHow do I know who is accessing my virtual desktop infrastructure?How do I secure access to my data across the cloud.. in a scalable wayCan I ensure compliance across geographic boundaries
What are the transformations.. And the specific challengesNeed to make this more impactful.Focus on three themes:Slide #1 Device Proliferation - 15 Billion devices by 2015 that will be connecting to your network - Every person has 3-4 devices on them that connects to the network - 40% of Staff are bringing their own devices to work2) Next Generation Workforce - Work is no longer a place you go to work - People are willing to take a pay cut as long as they are able to work from home - Globalization, acquisitions, increased competitiveness - Need anywhere, anytime, any device access3) Virtualization No content yet, just put placeholderSlide #2Device ProliferationHow do I ensure consistent experience on all devices? How and what do I support?How do I implement multiple security policies per user, device? What devices are on my networks? 2) Changing WorkforceAm I hindering my workforce to be competitive?How do I retain top talent?How do I ensure compliance with SOX, HIPAA, etc?Can I handle partners, consultants, guest appropriately? 3) VirtualizationHow do I know who is accessing my virtual desktop infrastructure?How do I secure access to my data across the cloud.. in a scalable wayCan I ensure compliance across geographic boundaries
What are the transformations.. And the specific challengesNeed to make this more impactful.Focus on three themes:Slide #1 Device Proliferation - 15 Billion devices by 2015 that will be connecting to your network - Every person has 3-4 devices on them that connects to the network - 40% of Staff are bringing their own devices to work2) Next Generation Workforce - Work is no longer a place you go to work - People are willing to take a pay cut as long as they are able to work from home - Globalization, acquisitions, increased competitiveness - Need anywhere, anytime, any device access3) Virtualization No content yet, just put placeholderSlide #2Device ProliferationHow do I ensure consistent experience on all devices? How and what do I support?How do I implement multiple security policies per user, device? What devices are on my networks? 2) Changing WorkforceAm I hindering my workforce to be competitive?How do I retain top talent?How do I ensure compliance with SOX, HIPAA, etc?Can I handle partners, consultants, guest appropriately? 3) VirtualizationHow do I know who is accessing my virtual desktop infrastructure?How do I secure access to my data across the cloud.. in a scalable wayCan I ensure compliance across geographic boundaries
What are the transformations.. And the specific challengesNeed to make this more impactful.Focus on three themes:Slide #1 Device Proliferation - 15 Billion devices by 2015 that will be connecting to your network - Every person has 3-4 devices on them that connects to the network - 40% of Staff are bringing their own devices to work2) Next Generation Workforce - Work is no longer a place you go to work - People are willing to take a pay cut as long as they are able to work from home - Globalization, acquisitions, increased competitiveness - Need anywhere, anytime, any device access3) Virtualization No content yet, just put placeholderSlide #2Device ProliferationHow do I ensure consistent experience on all devices? How and what do I support?How do I implement multiple security policies per user, device? What devices are on my networks? 2) Changing WorkforceAm I hindering my workforce to be competitive?How do I retain top talent?How do I ensure compliance with SOX, HIPAA, etc?Can I handle partners, consultants, guest appropriately? 3) VirtualizationHow do I know who is accessing my virtual desktop infrastructure?How do I secure access to my data across the cloud.. in a scalable wayCan I ensure compliance across geographic boundaries
The trustsec portfolio is now enhanced with the introduction of our new policy manager ISE.Policy decision point and the platform for delivery of services is ISEPolicy enforcement is our infrastructureFinally client capabilities (802.1X, MACSec) is integrated into the Anyconnect. Or customers can use native supplicants. The NAC posture agent will be integrated into AC in the 1H CY2012
Cisco has considerable investment in identity features on our infrastructure. A number of differentiators include monitor mode that allows you to authenticate users wthout enforcement. Another differentiator is flex auth, our ability to order authentication appropriately along with the right behavior when authentication fails. Interop with IP telephony and in VDI environments are also supportedThese features are delivered consistently across our entire switch portfolio, so whether you’re deploying a Cat 3K, 4K or 6K, the customer just has to select the right switch
Problems - Different kinds of device types appearing on the network (wired & wireless) : ipads, printers, phones etc - IT needs visibility into all devices - IT may choose to have different policy for certain kinds of devices (don’t allow ipad on the network) - IT needs assurance that a device conforms with its signature for security reasons
Device Profiling + IOS sensorSolution Components – ISE (Identity Services Engine) and Switch sensor (IOS SW that resides on 3k)Steps : Collection: A device (for example – a printer) gets plugged into a port on a switchSwitch detects a new device has been plugged inSwitch collects data related to the device (DHCP, LLDP, CDP, and MAC OUI data) by snooping on the traffic sent by the deviceSwitch sends collected data to ISE to aid ISE in device classification Classification :ISE uses rules engine to classify that device to be a printerISE provides a report of devices with device types : device MAC addr, device IP addr, switch port, device type etc Authorization:If IT has defined a policy for that device type - “Printer”, ISE executes the policyIf Policy says – put printer in a VLAN X, ISE tells the switch to place printer on VLAN XIf Policy says – don’t allow printer on the network, ISE tells the switch to block the portIf Policy says – provide restricted access to printer and limit it to ONLY talk to a Print server, ISE will ask the switch to enforce an ACL per the policyISE – can also collect “netflow” information from switchIf ISE notices that HP Printer is trying to talk to Internet (based on netflow data), it raises an alaram, as Printers are meant to be used for intranet usage only. This eliminates data spoofing & improves security
Network-based sensorBroadest & deepest
The key component of the TrustSec architecture is ISE. It converges NAC and ACS functionality from AAA functions to security services like guest, profiling and posture into one appliance, making the choice of deploying either a “overlay mode” or “infrastructure integrated mode” a lot simpler for customers.Current NAC and ACS hardware platform is software upgradeable to ISELicense migration program for all software licensesData and Configurations migration tools available*
[Need animation on this slide]
Application Team – Control access to PCI Customer Data based on user, roleSystem Team – Identify data locations with PCI Customer DataNetwork Team – Create router, switch access controls for user IP addresses to Networks with PCI Customer Data
Problems - Different kinds of device types appearing on the network (wired & wireless) : ipads, printers, phones etc - IT needs visibility into all devices - IT may choose to have different policy for certain kinds of devices (don’t allow ipad on the network) - IT needs assurance that a device conforms with its signature for security reasons
Business BenefitsScalable and Consistent Policy Enforcement- Highly scalable segmentation through context-aware network devices- Centralized distribution of policy controlsConsistent enforcement across wired, wireless, physical and virtualIncreased Business Agility- Reduced Interlock between server, network and security administration- Resource moves can be handled automaticallyReduced Operational Expense- Reduction in access control entries- Keep existing logical designs- Simplified audits of firewall and datacenter policies
Without Monitor Mode this is what will happen:User connects to networkFails 802.1x & also MAC address authenticationGets blocked from networkUser Calls help deskUser downtime until problem is resolved – loss of productivity
Without Monitor Mode this is what will happen:User connects to networkFails 802.1x & also MAC address authenticationGets blocked from networkUser Calls help deskUser downtime until problem is resolved – loss of productivity
Cisco is leading the industry with the introduction of Cisco Prime for Enterprise. Cisco Prime for Enterprise is a portfolio of products that deliver converged management for Borderless Networks, Data Center, and Collaboration. Cisco Prime for Enterprise offerings simplify and automate the management of network services and operations for the enterprise helping to decrease operational costs and increase IT efficiency. The first major proof point for Cisco Prime for Enterprise is the Network Control System 1.0 that offers the ability to evolve from wireless only management into user and endpoint management across wired and wireless. NCS also becomes the management solution for the Identity Services Engine. Additionally, the LMS 4.1 solution delivers complete management of network services including EnergyWise and Medianet as well as new Smart Services. Of course, both NCS and LMS handle the ongoing box (or element) level management for switching, routing and wireless. To provide network and application visibility to quickly isolate and troubleshoot application performance issues, we have enhanced our Cisco Prime Network Analysis Module (NAM) with software release 5.1. This release also includes a new 10 Gigabit blade for the Catalyst 6500 Series, availability on ISR G2 /SRE, integration with Performance Agent on ISR G2 and integrated reporting with WAAS Central Manager.
Cisco is leading the industry with the introduction of Cisco Prime for Enterprise. Cisco Prime for Enterprise is a portfolio of products that deliver converged management for Borderless Networks, Data Center, and Collaboration. Cisco Prime for Enterprise offerings simplify and automate the management of network services and operations for the enterprise helping to decrease operational costs and increase IT efficiency. The first major proof point for Cisco Prime for Enterprise is the Network Control System 1.0 that offers the ability to evolve from wireless only management into user and endpoint management across wired and wireless. NCS also becomes the management solution for the Identity Services Engine. Additionally, the LMS 4.1 solution delivers complete management of network services including EnergyWise and Medianet as well as new Smart Services. Of course, both NCS and LMS handle the ongoing box (or element) level management for switching, routing and wireless. To provide network and application visibility to quickly isolate and troubleshoot application performance issues, we have enhanced our Cisco Prime Network Analysis Module (NAM) with software release 5.1. This release also includes a new 10 Gigabit blade for the Catalyst 6500 Series, availability on ISR G2 /SRE, integration with Performance Agent on ISR G2 and integrated reporting with WAAS Central Manager.
Comprehensive device provisioningAutomated on premise MDM enrollment with appropriate device and application provisioningDetailed User and Device ContextHigh fidelity device info offer true visibility of what is connectedIncreased device details (OS version, serial number, etc) enhances policy decisioning.Increased Device and Application SecurityDevice tracking capabilities upon device loss
Cisco SecureX takes the elements outlined in the Security Architecture Model and blends them to provide an integrated and collaborative approach to securing the entire distributed network, from the data center to to most remote worker. It starts with a trusted infrastructure of secured and tuned devices. The network is far more than plumbing, but becomes the core of both your network services and security. The network provides real-time information for visibility into what is happening on the network, context-based information about such things as where devices are located, what resources they are attempting to access, etc. This is the who, what, when, where and how that then allows for enhanced control of the environment so that granular security decisions to be made with precision. This context-based information can then be used not just at the network layer, but can be shared to contribute to a variety of enforcement points, either integrated into network devices, operating as an overlay appliance, or even into the cloud.Fundamental to this is the ability to centrally create policy about who and what can access the network, and how resources are used, across a wide spectrum of scenarios, including time, place, device, groups, etc. And then, take this centralized policy and push it across the entire networked environment for distributed enforcement. This allows for consistent security implementation (including consistent access control for users, devices, and guests) across network zones, branch offices, remote workers, virtualized devices, remote workers, and cloud-based services.APIs allow Cisco to expand our solutions with the addition of a rich ecosystem of partners that can provide critical information and services into the network, and/or gather information in order to provide granular, detailed information about what is happening.Critical management tools and services, as well as highly trained partners specializing in network security, simplify the entire experience for customers.The final wrapper around this is Cisco’s industry-leading global security intelligence services. By analyzing vast amounts of real-time data across a spectrum of traffic, including web, email, network, cloud, and endpoints, Cisco is able to identify and deliver critical, real-time security updates to network and security devices to protect organizations from threats as they are occurring, as well as reputation-based information in order to significantly enhance the accuracy and effectiveness of local tools analyzing network traffic.
Dr. Thompson buys a 3G iPad during lunch, walks back to the hospital and hands his new iPad to IT and says I want to use this for my work. Now what?[TRANSITION]
His IT manager tells him that using his username and password, he can “onboard” the device and the network will apply all the correct policies and approved apps automaticallyThe IT manager knows the importance of keeping the network secure, and complying with regulations to protect patient data. So things like remote wipe and data loss prevention are critical. [TRANSITION]
Luckily, his system can help him apply contextual policies based on things like device type, user or location automatically, without user intervention. We’ve kept it simple for this example, but as you all know you can apply polices based on many more attributes.That’s it, Dr. Thompson has now on-boarded his new iPad. Keep in mind, to enable this seamless experience the network needs to support certain things: First, you need an 802.11n Wi-Fi network which can withstand the challenges of Mobility including complex RF interference. Second, you need identity-based network control for the contextual policy we just touched on. Mobile Device Management is required for functions such as installing enterprise applications or remote wipe if the device is lost. Last but not least, Make sure you have a management system for the infrastructure and a service assurance manager for visibility into what’s going on in the network, and what you need to do if things start going wrong. If you have branches in the Hospital, WAN optimization will help help keep network resources available.[TRANSITION]
Let’s get back to Dr. Thompson…. He is now attending to patients in the OR. His contextual policy has been defined from an application perspective such that when he is at work, he has full access electronic medical records, mobile telepresence, email and IM. Again, we are keeping it simple here in terms of applications used. It’s key to note that you can tailor this policy for unique job and regulatory requirements, with the doctor only allowed to access sensitive patient records while in the office due to HIPPA regulations.It’s now 2 o’clock and Dr. Thompson needs his afternoon coffee, what happens when he leaves the Hospital? [TRANSITION]
Doctor goes to OR, pulls up EMR and xray imagesCommunicates with staff via IMWe know that literally billions of devices are pouring onto networks – at hospitals that presents doctors, administrators, patients, and visitors. Each has unique needs, and along with tablets and smart phones, healthcare has specialized medical equipment, and wireless tracking tags, connecting in increasing numbersA wi-fi network must be designed to meet these challenges, these changing device profiles, application profiles, and device density.Capacity and performance to support the influx of clientsPerformance to handle new applications, such as two-way TP with patients, and EMR data housed centrally for a medical group, and application data now residing in the cloud Acceleration for all client types, even the medical asset tags, slower tablets and smart phonesPROACTIVE protection against wireless interference from things like blanket warmers and light controlsLocation tracking for assets and peoplePlus, patient data is protected by HIPPA regulations, so IT must carefully govern when and how this can be accessed
He decides to visit the coffee shop next door, which has a Wi-Fi hotspot. Now, his contextual policy becomes a roaming policy defined by the Hospital. The policy says that Dr. Thompson will not have access to EMR while at the coffee shop, but he will be able to use email, telepresence and IM[TRANSITION] While there, he gets a paged from his nurse, and gets into a video chat session to have a two-way video chat about his patient.
Application Team – Control access to PCI Customer Data based on user, roleSystem Team – Identify data locations with PCI Customer DataNetwork Team – Create router, switch access controls for user IP addresses to Networks with PCI Customer Data
20
No additional NICs supportedNo Host Bus Adapter (HBA)