Uploaded byJoniGarcia9
464 views

security-reference-architecture.pdf

The document presents a security reference architecture with use cases. It includes sections on user/device security, application security, network security, SASE integration, common identity, converged multi-cloud policy, and securing IoT/OT environments. Diagrams show how different security tools and services fit together across networks, users, applications, and clouds to provide a zero trust architecture.

Embed presentation

Downloaded 13 times
Security Reference Architecture with Use Cases version 2.0.1 Global Security Architecture Team February 2022
Threat Intelligence | Malware Analytics | Actionable Intelligence | Unmatched Visibility | Collective Responses Security Reference Architecture User/Device Security Adaptive MFA | Passwordless | Trust SASE/REMOTE WORKER ZERO TRUST WORKFORCE Secure E-mail Duo Secure Access Unified Client | EDR | Cloud Managed Application Security Policy | API Security Application Segmentation Run-time Application Security ZERO TRUST WORKLOAD Application Security Stack Hybrid Private Cloud Native Security Secure Workload Secure Firewall ThousandEyes App Visibility | Detection | Response Secure Cloud Analytics Secure Application by AppDynamics Public Cloud* APIC-DC APIC Posture Telemetry Threat Query VPN Cisco Secure Client ThousandEyes (Visibility) Network Security Threat Protection | Secure Access Control | Managed Remote Access Network Edge Segmentation | Identity and Context | Profiling | Containment | Encrypted Visibility Cloud Edge DNS-layer security L7 firewall + IPS Secure web gateway Cloud access security broker/ shadow IT SSL decryption Remote browser Isolation Data loss prevention Cloud malware detection RAaaS ZTNA Umbrella/Duo SECURE ACCESS SERVICE EDGE (SASE) PRIVATE CLOUD EDGE (MSP or CUSTOMER) On-Premises IoT/OT SECURITY Scalable | Flexible | Visibility | Comprehensive Security Secure Critical Infrastructure | Unified IT and OT Reliable | Scalable | Flexible ThousandEyes Secure Firewall SDWAN by Viptela SDWAN SDWAN ThousandEyes Secure Firewall SDWAN by Viptela SDWAN Cyber Vision ISE TrustSec Industrial Router Industrial Firewall Industrial Switch/AP Secure Firewall DuoCloud SSO+IDP Secure Web Appliance Secure Network Analytics ISE Cisco DNA Center TrustSec Security Analytics and Logging Full Stack Secure DDoS Network Gateway SASE/SDWAN ZERO TRUST WORKPLACE (XDR) Threat Visibility & Hunting Managed Detection and Response Services 3rd Party Integrations Security, Orchestration, Automation and Response Incident Response and Remediation Services Secure Cloud Insights Kenna Vuln Mgmt Device Insights Security Operations
Threat Intelligence | Malware Analytics | Actionable Intelligence | Unmatched Visibility | Collective Responses User/Device Security Adaptive MFA | Passwordless | Trust SASE/REMOTE WORKER ZERO TRUST WORKFORCE Secure E-mail Duo Secure Access Unified Client | EDR | Cloud Managed Application Security Policy | API Security Application Segmentation Run-time Application Security ZERO TRUST WORKLOAD Application Security Stack Hybrid Private Cloud Native Security Secure Workload Secure Firewall ThousandEyes App Visibility | Detection | Response Secure Cloud Analytics Secure Application by AppDynamics Public Cloud* APIC-DC APIC Posture Telemetry Threat Query VPN Cisco Secure Client ThousandEyes (Visibility) Network Security Threat Protection | Secure Access Control | Managed Remote Access Network Edge Segmentation | Identity and Context | Profiling | Containment | Encrypted Visibility Cloud Edge DNS-layer security L7 firewall + IPS Secure web gateway Cloud access security broker/ shadow IT SSL decryption Remote browser Isolation Data loss prevention Cloud malware detection RAaaS ZTNA Umbrella/Duo SECURE ACCESS SERVICE EDGE (SASE) PRIVATE CLOUD EDGE (MSP or CUSTOMER) On-Premises IoT/OT SECURITY Scalable | Flexible | Visibility | Comprehensive Security Secure Critical Infrastructure | Unified IT and OT Reliable | Scalable | Flexible ThousandEyes Secure Firewall SDWAN by Viptela SDWAN SDWAN ThousandEyes Secure Firewall SDWAN by Viptela SDWAN Cyber Vision ISE TrustSec Industrial Router Industrial Firewall Industrial Switch/AP Secure Firewall DuoCloud SSO+IDP Secure Web Appliance Secure Network Analytics ISE Cisco DNA Center TrustSec Security Analytics and Logging Full Stack Secure DDoS Network Gateway SASE/SDWAN ZERO TRUST WORKPLACE (XDR) Threat Visibility & Hunting Managed Detection and Response Services 3rd Party Integrations Security, Orchestration, Automation and Response Incident Response and Remediation Services Secure Cloud Insights Kenna Vuln Mgmt Device Insights Security Operations Common Identity Security Reference Architecture Use case: Common Identity / Endpoint Information
Threat Intelligence | Malware Analytics | Actionable Intelligence | Unmatched Visibility | Collective Responses User/Device Security Adaptive MFA | Passwordless | Trust SASE/REMOTE WORKER ZERO TRUST WORKFORCE Secure E-mail Duo Secure Access Unified Client | EDR | Cloud Managed Application Security Policy | API Security Application Segmentation Run-time Application Security ZERO TRUST WORKLOAD Application Security Stack Hybrid Private Cloud Native Security Secure Workload Secure Firewall ThousandEyes App Visibility | Detection | Response Secure Cloud Analytics Secure Application by AppDynamics Public Cloud* APIC-DC APIC Posture Telemetry Threat Query VPN Cisco Secure Client ThousandEyes (Visibility) Network Security Threat Protection | Secure Access Control | Managed Remote Access Network Edge Segmentation | Identity and Context | Profiling | Containment | Encrypted Visibility Cloud Edge DNS-layer security L7 firewall + IPS Secure web gateway Cloud access security broker/ shadow IT SSL decryption Remote browser Isolation Data loss prevention Cloud malware detection RAaaS ZTNA Umbrella/Duo SECURE ACCESS SERVICE EDGE (SASE) PRIVATE CLOUD EDGE (MSP or CUSTOMER) On-Premises IoT/OT SECURITY Scalable | Flexible | Visibility | Comprehensive Security Secure Critical Infrastructure | Unified IT and OT Reliable | Scalable | Flexible ThousandEyes Secure Firewall SDWAN by Viptela SDWAN SDWAN ThousandEyes Secure Firewall SDWAN by Viptela SDWAN Cyber Vision ISE TrustSec Industrial Router Industrial Firewall Industrial Switch/AP Secure Firewall DuoCloud SSO+IDP Secure Web Appliance Secure Network Analytics ISE Cisco DNA Center TrustSec Security Analytics and Logging Full Stack Secure DDoS Network Gateway SASE/SDWAN ZERO TRUST WORKPLACE (XDR) Threat Visibility & Hunting Managed Detection and Response Services 3rd Party Integrations Security, Orchestration, Automation and Response Incident Response and Remediation Services Secure Cloud Insights Kenna Vuln Mgmt Device Insights Security Operations Security Reference Architecture Use case: Converged Multi-Cloud Policy Converged Policy
Threat Intelligence | Malware Analytics | Actionable Intelligence | Unmatched Visibility | Collective Responses User/Device Security Adaptive MFA | Passwordless | Trust SASE/REMOTE WORKER ZERO TRUST WORKFORCE Secure E-mail Duo Secure Access Unified Client | EDR | Cloud Managed Application Security Policy | API Security Application Segmentation Run-time Application Security ZERO TRUST WORKLOAD Application Security Stack Hybrid Private Cloud Native Security Secure Workload Secure Firewall ThousandEyes App Visibility | Detection | Response Secure Cloud Analytics Secure Application by AppDynamics Public Cloud* APIC-DC APIC Posture Telemetry Threat Query VPN Cisco Secure Client ThousandEyes (Visibility) Network Security Threat Protection | Secure Access Control | Managed Remote Access Network Edge Segmentation | Identity and Context | Profiling | Containment | Encrypted Visibility Cloud Edge DNS-layer security L7 firewall + IPS Secure web gateway Cloud access security broker/ shadow IT SSL decryption Remote browser Isolation Data loss prevention Cloud malware detection RAaaS ZTNA Umbrella/Duo SECURE ACCESS SERVICE EDGE (SASE) PRIVATE CLOUD EDGE (MSP or CUSTOMER) On-Premises IoT/OT SECURITY Scalable | Flexible | Visibility | Comprehensive Security Secure Critical Infrastructure | Unified IT and OT Reliable | Scalable | Flexible ThousandEyes Secure Firewall SDWAN by Viptela SDWAN SDWAN ThousandEyes Secure Firewall SDWAN by Viptela SDWAN Cyber Vision ISE TrustSec Industrial Router Industrial Firewall Industrial Switch/AP Secure Firewall DuoCloud SSO+IDP Secure Web Appliance Secure Network Analytics ISE Cisco DNA Center TrustSec Security Analytics and Logging Full Stack Secure DDoS Network Gateway SASE/SDWAN ZERO TRUST WORKPLACE (XDR) Threat Visibility & Hunting Managed Detection and Response Services 3rd Party Integrations Security, Orchestration, Automation and Response Incident Response and Remediation Services Secure Cloud Insights Kenna Vuln Mgmt Device Insights Security Operations Security Reference Architecture Use case: SASE Integration 1 1 2 2 3 3 SASE Auto Tunnel
Threat Intelligence | Malware Analytics | Actionable Intelligence | Unmatched Visibility | Collective Responses Security Reference Architecture User/Device Security Adaptive MFA | Passwordless | Trust SASE/REMOTE WORKER ZERO TRUST WORKFORCE Secure E-mail Duo Secure Access Unified Client | EDR | Cloud Managed Application Security Policy | API Security Application Segmentation Run-time Application Security ZERO TRUST WORKLOAD Application Security Stack Hybrid Private Cloud Native Security Secure Workload Secure Firewall ThousandEyes App Visibility | Detection | Response Secure Cloud Analytics Secure Application by AppDynamics Public Cloud* APIC-DC APIC Posture Telemetry Threat Query VPN Cisco Secure Client ThousandEyes (Visibility) Network Security Threat Protection | Secure Access Control | Managed Remote Access Network Edge Segmentation | Identity and Context | Profiling | Containment | Encrypted Visibility Cloud Edge DNS-layer security L7 firewall + IPS Secure web gateway Cloud access security broker/ shadow IT SSL decryption Remote browser Isolation Data loss prevention Cloud malware detection RAaaS ZTNA Umbrella/Duo SECURE ACCESS SERVICE EDGE (SASE) PRIVATE CLOUD EDGE (MSP or CUSTOMER) On-Premises IoT/OT SECURITY Scalable | Flexible | Visibility | Comprehensive Security Secure Critical Infrastructure | Unified IT and OT Reliable | Scalable | Flexible ThousandEyes Secure Firewall SDWAN by Viptela SDWAN SDWAN ThousandEyes Secure Firewall SDWAN by Viptela SDWAN Cyber Vision ISE TrustSec Industrial Router Industrial Firewall Industrial Switch/AP Secure Firewall DuoCloud SSO+IDP Secure Web Appliance Secure Network Analytics ISE Cisco DNA Center TrustSec Security Analytics and Logging Full Stack Secure DDoS Network Gateway SASE/SDWAN ZERO TRUST WORKPLACE (XDR) Threat Visibility & Hunting Managed Detection and Response Services 3rd Party Integrations Security, Orchestration, Automation and Response Incident Response and Remediation Services Secure Cloud Insights Kenna Vuln Mgmt Device Insights Security Operations 1 1 IPsec backhaul, private apps 1 SaaS, public apps 2 2 Security Reference Architecture Use case: Zero Trust Network Access (ZTNA)
Threat Intelligence | Malware Analytics | Actionable Intelligence | Unmatched Visibility | Collective Responses User/Device Security Adaptive MFA | Passwordless | Trust SASE/REMOTE WORKER ZERO TRUST WORKFORCE Secure E-mail Duo Secure Access Unified Client | EDR | Cloud Managed Application Security Policy | API Security Application Segmentation Run-time Application Security ZERO TRUST WORKLOAD Application Security Stack Hybrid Private Cloud Native Security Secure Workload Secure Firewall ThousandEyes App Visibility | Detection | Response Secure Cloud Analytics Secure Application by AppDynamics Public Cloud* APIC-DC APIC Posture Telemetry Threat Query VPN Cisco Secure Client ThousandEyes (Visibility) Network Security Threat Protection | Secure Access Control | Managed Remote Access Network Edge Segmentation | Identity and Context | Profiling | Containment | Encrypted Visibility Cloud Edge DNS-layer security L7 firewall + IPS Secure web gateway Cloud access security broker/ shadow IT SSL decryption Remote browser Isolation Data loss prevention Cloud malware detection RAaaS ZTNA Umbrella/Duo SECURE ACCESS SERVICE EDGE (SASE) PRIVATE CLOUD EDGE (MSP or CUSTOMER) On-Premises IoT/OT SECURITY Scalable | Flexible | Visibility | Comprehensive Security Secure Critical Infrastructure | Unified IT and OT Reliable | Scalable | Flexible ThousandEyes Secure Firewall SDWAN by Viptela SDWAN SDWAN ThousandEyes Secure Firewall SDWAN by Viptela SDWAN Cyber Vision ISE TrustSec Industrial Router Industrial Firewall Industrial Switch/AP Secure Firewall DuoCloud SSO+IDP Secure Web Appliance Secure Network Analytics ISE Cisco DNA Center TrustSec Security Analytics and Logging Full Stack Secure DDoS Network Gateway SASE/SDWAN ZERO TRUST WORKPLACE (XDR) Threat Visibility & Hunting Managed Detection and Response Services 3rd Party Integrations Security, Orchestration, Automation and Response Incident Response and Remediation Services Secure Cloud Insights Kenna Vuln Mgmt Device Insights Security Operations Security Reference Architecture Use case: SecureX Telemetry
Threat Intelligence | Malware Analytics | Actionable Intelligence | Unmatched Visibility | Collective Responses User/Device Security Adaptive MFA | Passwordless | Trust SASE/REMOTE WORKER ZERO TRUST WORKFORCE Secure E-mail Duo Secure Access Unified Client | EDR | Cloud Managed Application Security Policy | API Security Application Segmentation Run-time Application Security ZERO TRUST WORKLOAD Application Security Stack Hybrid Private Cloud Native Security Secure Workload Secure Firewall ThousandEyes App Visibility | Detection | Response Secure Cloud Analytics Secure Application by AppDynamics Public Cloud* APIC-DC APIC Posture Telemetry Threat Query VPN Cisco Secure Client ThousandEyes (Visibility) Network Security Threat Protection | Secure Access Control | Managed Remote Access Network Edge Segmentation | Identity and Context | Profiling | Containment | Encrypted Visibility Cloud Edge DNS-layer security L7 firewall + IPS Secure web gateway Cloud access security broker/ shadow IT SSL decryption Remote browser Isolation Data loss prevention Cloud malware detection RAaaS ZTNA Umbrella/Duo SECURE ACCESS SERVICE EDGE (SASE) PRIVATE CLOUD EDGE (MSP or CUSTOMER) On-Premises IoT/OT SECURITY Scalable | Flexible | Visibility | Comprehensive Security Secure Critical Infrastructure | Unified IT and OT Reliable | Scalable | Flexible ThousandEyes Secure Firewall SDWAN by Viptela SDWAN SDWAN ThousandEyes Secure Firewall SDWAN by Viptela SDWAN Cyber Vision ISE TrustSec Industrial Router Industrial Firewall Industrial Switch/AP Secure Firewall DuoCloud SSO+IDP Secure Web Appliance Secure Network Analytics ISE Cisco DNA Center TrustSec Security Analytics and Logging Full Stack Secure DDoS Network Gateway SASE/SDWAN ZERO TRUST WORKPLACE (XDR) Threat Visibility & Hunting Managed Detection and Response Services 3rd Party Integrations Security, Orchestration, Automation and Response Incident Response and Remediation Services Secure Cloud Insights Kenna Vuln Mgmt Device Insights Security Operations Security Reference Architecture Use case: SecureX Orchestration

More Related Content

PDF
Succeeding with Secure Access Service Edge (SASE)
byCloudflare
 
PDF
Microsoft Zero Trust
byDavid J Rosenthal
 
PDF
Palo alto networks product overview
byBelsoft
 
PPTX
Zero trust deck 2020
byGuido Marchetti
 
PPTX
Zero Trust Framework for Network Security​
byAlgoSec
 
PDF
ATT&CK Updates- ATT&CK's Open Source
byMITRE ATT&CK
 
PPSX
Zero-Trust SASE DevSecOps
byAraf Karsh Hamid
 
PPTX
Cyber security: A roadmap to secure solutions
bySchneider Electric
 
Succeeding with Secure Access Service Edge (SASE)
byCloudflare
 
Microsoft Zero Trust
byDavid J Rosenthal
 
Palo alto networks product overview
byBelsoft
 
Zero trust deck 2020
byGuido Marchetti
 
Zero Trust Framework for Network Security​
byAlgoSec
 
ATT&CK Updates- ATT&CK's Open Source
byMITRE ATT&CK
 
Zero-Trust SASE DevSecOps
byAraf Karsh Hamid
 
Cyber security: A roadmap to secure solutions
bySchneider Electric
 

What's hot

PDF
Cyber Threat hunting workshop
byArpan Raval
 
PDF
Zero trust in a hybrid architecture
byHybrid IT Europe
 
PPTX
Understanding Zero Trust Security for IBM i
byPrecisely
 
PPTX
Putting MITRE ATT&CK into Action with What You Have, Where You Are
byKatie Nickels
 
PDF
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
byMITRE ATT&CK
 
PDF
Microsoft Azure Sentinel
byBGA Cyber Security
 
PPTX
Do You Really Need to Evolve From Monitoring to Observability?
bySplunk
 
PDF
Secure your Azure and DevOps in a smart way
byEficode
 
PDF
PaloAlto Enterprise Security Solution
byPrime Infoserv
 
PDF
Understanding SASE
byHaris Chughtai
 
PDF
0wn-premises: Bypassing Microsoft Defender for Identity
byNikhil Mittal
 
PPTX
Security Training: #3 Threat Modelling - Practices and Tools
byYulian Slobodyan
 
PDF
2019 DevSecOps Reference Architectures
bySonatype
 
PPTX
Zero Trust
byBoaz Shunami
 
PPTX
The Zero Trust Model of Information Security
byTripwire
 
PPTX
Patch Management Best Practices
byIvanti
 
PDF
When Insiders ATT&CK!
byMITRE ATT&CK
 
PDF
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
bySounil Yu
 
PDF
Introduction to MITRE ATT&CK
byArpan Raval
 
PDF
Threat Hunting
bySplunk
 
Cyber Threat hunting workshop
byArpan Raval
 
Zero trust in a hybrid architecture
byHybrid IT Europe
 
Understanding Zero Trust Security for IBM i
byPrecisely
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
byKatie Nickels
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
byMITRE ATT&CK
 
Microsoft Azure Sentinel
byBGA Cyber Security
 
Do You Really Need to Evolve From Monitoring to Observability?
bySplunk
 
Secure your Azure and DevOps in a smart way
byEficode
 
PaloAlto Enterprise Security Solution
byPrime Infoserv
 
Understanding SASE
byHaris Chughtai
 
0wn-premises: Bypassing Microsoft Defender for Identity
byNikhil Mittal
 
Security Training: #3 Threat Modelling - Practices and Tools
byYulian Slobodyan
 
2019 DevSecOps Reference Architectures
bySonatype
 
Zero Trust
byBoaz Shunami
 
The Zero Trust Model of Information Security
byTripwire
 
Patch Management Best Practices
byIvanti
 
When Insiders ATT&CK!
byMITRE ATT&CK
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
bySounil Yu
 
Introduction to MITRE ATT&CK
byArpan Raval
 
Threat Hunting
bySplunk
 

Similar to security-reference-architecture.pdf

PPTX
Monetizing The Enterprise: Borderless Networks
byCisco Service Provider
 
PPTX
Cisco ISE secures access with identityAI
byBrindha639607
 
PPTX
Cisco ISE secures access with identityAI
byBrindha639607
 
PPTX
Terremark Intro
bymartyburks
 
PPTX
Cloud_Security_as_a_Service_Presentation.pptx
byVinodSurvase2
 
PPTX
Cloud_Security_as_a_Service_Presentation.pptx
byVinodSurvase2
 
PDF
2019 10-app gate sdp 101 09a
byCristian Garcia G.
 
PPTX
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
byCristian Garcia G.
 
PDF
Building a Security Architecture
byCisco Canada
 
PPTX
Zero trust model for cloud computing.pptx
bykkhhusshi
 
PDF
SASE-for-Superheroes-The-Complete-Integration-eBook.pdf
byAnto664537
 
PPTX
TechWiseTV Workshop: SD-WAN Security
byRobb Boyd
 
PPT
Cisco Security Technical Alliances
byCisco DevNet
 
PPTX
AWS Security Architecture - Overview
bySai Kesavamatham
 
PPTX
customer presentation of security concern.pptx
byrlinac
 
PDF
PaloAltoExpertForum_SASE 3.0 document sase
byOğuz YILMAZ
 
PDF
Secure Service Access- The Future of Network Security in the Cloud Era.pdf
byjvinay0898
 
PPTX
Layer 7 Technologies: Enabling Hybrid Enterprise/Cloud SOA
byCA API Management
 
PPTX
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...
byCisco DevNet
 
PDF
Hybrid Mesh Firewall: Network firewall revolution
byBangladesh Network Operators Group
 
Monetizing The Enterprise: Borderless Networks
byCisco Service Provider
 
Cisco ISE secures access with identityAI
byBrindha639607
 
Cisco ISE secures access with identityAI
byBrindha639607
 
Terremark Intro
bymartyburks
 
Cloud_Security_as_a_Service_Presentation.pptx
byVinodSurvase2
 
Cloud_Security_as_a_Service_Presentation.pptx
byVinodSurvase2
 
2019 10-app gate sdp 101 09a
byCristian Garcia G.
 
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
byCristian Garcia G.
 
Building a Security Architecture
byCisco Canada
 
Zero trust model for cloud computing.pptx
bykkhhusshi
 
SASE-for-Superheroes-The-Complete-Integration-eBook.pdf
byAnto664537
 
TechWiseTV Workshop: SD-WAN Security
byRobb Boyd
 
Cisco Security Technical Alliances
byCisco DevNet
 
AWS Security Architecture - Overview
bySai Kesavamatham
 
customer presentation of security concern.pptx
byrlinac
 
PaloAltoExpertForum_SASE 3.0 document sase
byOğuz YILMAZ
 
Secure Service Access- The Future of Network Security in the Cloud Era.pdf
byjvinay0898
 
Layer 7 Technologies: Enabling Hybrid Enterprise/Cloud SOA
byCA API Management
 
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...
byCisco DevNet
 
Hybrid Mesh Firewall: Network firewall revolution
byBangladesh Network Operators Group
 

Recently uploaded

PDF
Andria Sergio - Known For Her Accuracy And Professionalism
byAndria Sergio
 
PDF
Bohdan Haidabrus: Lessons Learned from Scaling Agile: A Case Study of SAFe Im...
byLviv Startup Club
 
PDF
AI,Analytics, Digital HR, Agentic AI.pdf
bypgp25chinica
 
DOCX
How to Buy Verified Bybit Accounts in 2026 not risk .docx
bymarketing
 
PDF
What Is the Fastest Way to Buy Facebook Accounts.pdf
byFacebook Accounts
 
PDF
VD 570 - Robust Inline Flow Meter From CS-Instruments
byCS Instruments
 
PDF
Stablecoins beyond narrow banking - Lombard Notes
byGiorgio Giuliani
 
PDF
Certification Training Course On New Skills Across Globe
bySprintzeal
 
PDF
𝐖𝐚𝐠 𝐂𝐥𝐨𝐧𝐞 𝐏𝐞𝐭 𝐂𝐚𝐫𝐞 𝐀𝐩𝐩 𝐃𝐞𝐯𝐞𝐥𝐨𝐩𝐦𝐞𝐧𝐭
byV3CUBE TECHNOLABS
 
DOCX
Buy Verified Paypal Accounts_ A Safely Complete Guide Usa.docx
bynicakala
 
PDF
Step-by-Step 17 Guide to Purchasing Verified PayPal Account.pdf
byhttps://www.usaallhub.com/product/buy-verified-paypal-accounts/
 
PPTX
5, Money Number Tax and Wages 19072017.pptx
byAdrian Hawkes
 
PDF
How Oversize Embroidery Design Size Is Measured
byInkdnylon
 
PDF
rf_mccaffrey_stocksforthelongrun_revisited_online.v2 (1).pdf
byHenry Tapper
 
PDF
Iryna Rudenko: Follow the Money: How Investment Trends Define IT Niches (UA)
byLviv Startup Club
 
PDF
Lessons on Branding from the Team Behind the World's Biggest Brands
byNeil Horowitz
 
PDF
How to Buy Old Gmail Accounts in Bulk Safely in the USA.pdf
bypvaisback is Online Marketing site
 
DOCX
Buy Instagram Account Purchase_ A Safe and Secure Approach.docx
bybarbeymcdanielokczz
 
PDF
KGA - Governing administration in a consolidated market
byHenry Tapper
 
PDF
ICv2 White Paper - Navigating the New World of Comics
byDennisViau
 
Andria Sergio - Known For Her Accuracy And Professionalism
byAndria Sergio
 
Bohdan Haidabrus: Lessons Learned from Scaling Agile: A Case Study of SAFe Im...
byLviv Startup Club
 
AI,Analytics, Digital HR, Agentic AI.pdf
bypgp25chinica
 
How to Buy Verified Bybit Accounts in 2026 not risk .docx
bymarketing
 
What Is the Fastest Way to Buy Facebook Accounts.pdf
byFacebook Accounts
 
VD 570 - Robust Inline Flow Meter From CS-Instruments
byCS Instruments
 
Stablecoins beyond narrow banking - Lombard Notes
byGiorgio Giuliani
 
Certification Training Course On New Skills Across Globe
bySprintzeal
 
𝐖𝐚𝐠 𝐂𝐥𝐨𝐧𝐞 𝐏𝐞𝐭 𝐂𝐚𝐫𝐞 𝐀𝐩𝐩 𝐃𝐞𝐯𝐞𝐥𝐨𝐩𝐦𝐞𝐧𝐭
byV3CUBE TECHNOLABS
 
Buy Verified Paypal Accounts_ A Safely Complete Guide Usa.docx
bynicakala
 
Step-by-Step 17 Guide to Purchasing Verified PayPal Account.pdf
byhttps://www.usaallhub.com/product/buy-verified-paypal-accounts/
 
5, Money Number Tax and Wages 19072017.pptx
byAdrian Hawkes
 
How Oversize Embroidery Design Size Is Measured
byInkdnylon
 
rf_mccaffrey_stocksforthelongrun_revisited_online.v2 (1).pdf
byHenry Tapper
 
Iryna Rudenko: Follow the Money: How Investment Trends Define IT Niches (UA)
byLviv Startup Club
 
Lessons on Branding from the Team Behind the World's Biggest Brands
byNeil Horowitz
 
How to Buy Old Gmail Accounts in Bulk Safely in the USA.pdf
bypvaisback is Online Marketing site
 
Buy Instagram Account Purchase_ A Safe and Secure Approach.docx
bybarbeymcdanielokczz
 
KGA - Governing administration in a consolidated market
byHenry Tapper
 
ICv2 White Paper - Navigating the New World of Comics
byDennisViau
 

security-reference-architecture.pdf

  • 1.
    Security Reference Architecture with UseCases version 2.0.1 Global Security Architecture Team February 2022
  • 2.
    Threat Intelligence |Malware Analytics | Actionable Intelligence | Unmatched Visibility | Collective Responses Security Reference Architecture User/Device Security Adaptive MFA | Passwordless | Trust SASE/REMOTE WORKER ZERO TRUST WORKFORCE Secure E-mail Duo Secure Access Unified Client | EDR | Cloud Managed Application Security Policy | API Security Application Segmentation Run-time Application Security ZERO TRUST WORKLOAD Application Security Stack Hybrid Private Cloud Native Security Secure Workload Secure Firewall ThousandEyes App Visibility | Detection | Response Secure Cloud Analytics Secure Application by AppDynamics Public Cloud* APIC-DC APIC Posture Telemetry Threat Query VPN Cisco Secure Client ThousandEyes (Visibility) Network Security Threat Protection | Secure Access Control | Managed Remote Access Network Edge Segmentation | Identity and Context | Profiling | Containment | Encrypted Visibility Cloud Edge DNS-layer security L7 firewall + IPS Secure web gateway Cloud access security broker/ shadow IT SSL decryption Remote browser Isolation Data loss prevention Cloud malware detection RAaaS ZTNA Umbrella/Duo SECURE ACCESS SERVICE EDGE (SASE) PRIVATE CLOUD EDGE (MSP or CUSTOMER) On-Premises IoT/OT SECURITY Scalable | Flexible | Visibility | Comprehensive Security Secure Critical Infrastructure | Unified IT and OT Reliable | Scalable | Flexible ThousandEyes Secure Firewall SDWAN by Viptela SDWAN SDWAN ThousandEyes Secure Firewall SDWAN by Viptela SDWAN Cyber Vision ISE TrustSec Industrial Router Industrial Firewall Industrial Switch/AP Secure Firewall DuoCloud SSO+IDP Secure Web Appliance Secure Network Analytics ISE Cisco DNA Center TrustSec Security Analytics and Logging Full Stack Secure DDoS Network Gateway SASE/SDWAN ZERO TRUST WORKPLACE (XDR) Threat Visibility & Hunting Managed Detection and Response Services 3rd Party Integrations Security, Orchestration, Automation and Response Incident Response and Remediation Services Secure Cloud Insights Kenna Vuln Mgmt Device Insights Security Operations
  • 3.
    Threat Intelligence |Malware Analytics | Actionable Intelligence | Unmatched Visibility | Collective Responses User/Device Security Adaptive MFA | Passwordless | Trust SASE/REMOTE WORKER ZERO TRUST WORKFORCE Secure E-mail Duo Secure Access Unified Client | EDR | Cloud Managed Application Security Policy | API Security Application Segmentation Run-time Application Security ZERO TRUST WORKLOAD Application Security Stack Hybrid Private Cloud Native Security Secure Workload Secure Firewall ThousandEyes App Visibility | Detection | Response Secure Cloud Analytics Secure Application by AppDynamics Public Cloud* APIC-DC APIC Posture Telemetry Threat Query VPN Cisco Secure Client ThousandEyes (Visibility) Network Security Threat Protection | Secure Access Control | Managed Remote Access Network Edge Segmentation | Identity and Context | Profiling | Containment | Encrypted Visibility Cloud Edge DNS-layer security L7 firewall + IPS Secure web gateway Cloud access security broker/ shadow IT SSL decryption Remote browser Isolation Data loss prevention Cloud malware detection RAaaS ZTNA Umbrella/Duo SECURE ACCESS SERVICE EDGE (SASE) PRIVATE CLOUD EDGE (MSP or CUSTOMER) On-Premises IoT/OT SECURITY Scalable | Flexible | Visibility | Comprehensive Security Secure Critical Infrastructure | Unified IT and OT Reliable | Scalable | Flexible ThousandEyes Secure Firewall SDWAN by Viptela SDWAN SDWAN ThousandEyes Secure Firewall SDWAN by Viptela SDWAN Cyber Vision ISE TrustSec Industrial Router Industrial Firewall Industrial Switch/AP Secure Firewall DuoCloud SSO+IDP Secure Web Appliance Secure Network Analytics ISE Cisco DNA Center TrustSec Security Analytics and Logging Full Stack Secure DDoS Network Gateway SASE/SDWAN ZERO TRUST WORKPLACE (XDR) Threat Visibility & Hunting Managed Detection and Response Services 3rd Party Integrations Security, Orchestration, Automation and Response Incident Response and Remediation Services Secure Cloud Insights Kenna Vuln Mgmt Device Insights Security Operations Common Identity Security Reference Architecture Use case: Common Identity / Endpoint Information
  • 4.
    Threat Intelligence |Malware Analytics | Actionable Intelligence | Unmatched Visibility | Collective Responses User/Device Security Adaptive MFA | Passwordless | Trust SASE/REMOTE WORKER ZERO TRUST WORKFORCE Secure E-mail Duo Secure Access Unified Client | EDR | Cloud Managed Application Security Policy | API Security Application Segmentation Run-time Application Security ZERO TRUST WORKLOAD Application Security Stack Hybrid Private Cloud Native Security Secure Workload Secure Firewall ThousandEyes App Visibility | Detection | Response Secure Cloud Analytics Secure Application by AppDynamics Public Cloud* APIC-DC APIC Posture Telemetry Threat Query VPN Cisco Secure Client ThousandEyes (Visibility) Network Security Threat Protection | Secure Access Control | Managed Remote Access Network Edge Segmentation | Identity and Context | Profiling | Containment | Encrypted Visibility Cloud Edge DNS-layer security L7 firewall + IPS Secure web gateway Cloud access security broker/ shadow IT SSL decryption Remote browser Isolation Data loss prevention Cloud malware detection RAaaS ZTNA Umbrella/Duo SECURE ACCESS SERVICE EDGE (SASE) PRIVATE CLOUD EDGE (MSP or CUSTOMER) On-Premises IoT/OT SECURITY Scalable | Flexible | Visibility | Comprehensive Security Secure Critical Infrastructure | Unified IT and OT Reliable | Scalable | Flexible ThousandEyes Secure Firewall SDWAN by Viptela SDWAN SDWAN ThousandEyes Secure Firewall SDWAN by Viptela SDWAN Cyber Vision ISE TrustSec Industrial Router Industrial Firewall Industrial Switch/AP Secure Firewall DuoCloud SSO+IDP Secure Web Appliance Secure Network Analytics ISE Cisco DNA Center TrustSec Security Analytics and Logging Full Stack Secure DDoS Network Gateway SASE/SDWAN ZERO TRUST WORKPLACE (XDR) Threat Visibility & Hunting Managed Detection and Response Services 3rd Party Integrations Security, Orchestration, Automation and Response Incident Response and Remediation Services Secure Cloud Insights Kenna Vuln Mgmt Device Insights Security Operations Security Reference Architecture Use case: Converged Multi-Cloud Policy Converged Policy
  • 5.
    Threat Intelligence |Malware Analytics | Actionable Intelligence | Unmatched Visibility | Collective Responses User/Device Security Adaptive MFA | Passwordless | Trust SASE/REMOTE WORKER ZERO TRUST WORKFORCE Secure E-mail Duo Secure Access Unified Client | EDR | Cloud Managed Application Security Policy | API Security Application Segmentation Run-time Application Security ZERO TRUST WORKLOAD Application Security Stack Hybrid Private Cloud Native Security Secure Workload Secure Firewall ThousandEyes App Visibility | Detection | Response Secure Cloud Analytics Secure Application by AppDynamics Public Cloud* APIC-DC APIC Posture Telemetry Threat Query VPN Cisco Secure Client ThousandEyes (Visibility) Network Security Threat Protection | Secure Access Control | Managed Remote Access Network Edge Segmentation | Identity and Context | Profiling | Containment | Encrypted Visibility Cloud Edge DNS-layer security L7 firewall + IPS Secure web gateway Cloud access security broker/ shadow IT SSL decryption Remote browser Isolation Data loss prevention Cloud malware detection RAaaS ZTNA Umbrella/Duo SECURE ACCESS SERVICE EDGE (SASE) PRIVATE CLOUD EDGE (MSP or CUSTOMER) On-Premises IoT/OT SECURITY Scalable | Flexible | Visibility | Comprehensive Security Secure Critical Infrastructure | Unified IT and OT Reliable | Scalable | Flexible ThousandEyes Secure Firewall SDWAN by Viptela SDWAN SDWAN ThousandEyes Secure Firewall SDWAN by Viptela SDWAN Cyber Vision ISE TrustSec Industrial Router Industrial Firewall Industrial Switch/AP Secure Firewall DuoCloud SSO+IDP Secure Web Appliance Secure Network Analytics ISE Cisco DNA Center TrustSec Security Analytics and Logging Full Stack Secure DDoS Network Gateway SASE/SDWAN ZERO TRUST WORKPLACE (XDR) Threat Visibility & Hunting Managed Detection and Response Services 3rd Party Integrations Security, Orchestration, Automation and Response Incident Response and Remediation Services Secure Cloud Insights Kenna Vuln Mgmt Device Insights Security Operations Security Reference Architecture Use case: SASE Integration 1 1 2 2 3 3 SASE Auto Tunnel
  • 6.
    Threat Intelligence |Malware Analytics | Actionable Intelligence | Unmatched Visibility | Collective Responses Security Reference Architecture User/Device Security Adaptive MFA | Passwordless | Trust SASE/REMOTE WORKER ZERO TRUST WORKFORCE Secure E-mail Duo Secure Access Unified Client | EDR | Cloud Managed Application Security Policy | API Security Application Segmentation Run-time Application Security ZERO TRUST WORKLOAD Application Security Stack Hybrid Private Cloud Native Security Secure Workload Secure Firewall ThousandEyes App Visibility | Detection | Response Secure Cloud Analytics Secure Application by AppDynamics Public Cloud* APIC-DC APIC Posture Telemetry Threat Query VPN Cisco Secure Client ThousandEyes (Visibility) Network Security Threat Protection | Secure Access Control | Managed Remote Access Network Edge Segmentation | Identity and Context | Profiling | Containment | Encrypted Visibility Cloud Edge DNS-layer security L7 firewall + IPS Secure web gateway Cloud access security broker/ shadow IT SSL decryption Remote browser Isolation Data loss prevention Cloud malware detection RAaaS ZTNA Umbrella/Duo SECURE ACCESS SERVICE EDGE (SASE) PRIVATE CLOUD EDGE (MSP or CUSTOMER) On-Premises IoT/OT SECURITY Scalable | Flexible | Visibility | Comprehensive Security Secure Critical Infrastructure | Unified IT and OT Reliable | Scalable | Flexible ThousandEyes Secure Firewall SDWAN by Viptela SDWAN SDWAN ThousandEyes Secure Firewall SDWAN by Viptela SDWAN Cyber Vision ISE TrustSec Industrial Router Industrial Firewall Industrial Switch/AP Secure Firewall DuoCloud SSO+IDP Secure Web Appliance Secure Network Analytics ISE Cisco DNA Center TrustSec Security Analytics and Logging Full Stack Secure DDoS Network Gateway SASE/SDWAN ZERO TRUST WORKPLACE (XDR) Threat Visibility & Hunting Managed Detection and Response Services 3rd Party Integrations Security, Orchestration, Automation and Response Incident Response and Remediation Services Secure Cloud Insights Kenna Vuln Mgmt Device Insights Security Operations 1 1 IPsec backhaul, private apps 1 SaaS, public apps 2 2 Security Reference Architecture Use case: Zero Trust Network Access (ZTNA)
  • 7.
    Threat Intelligence |Malware Analytics | Actionable Intelligence | Unmatched Visibility | Collective Responses User/Device Security Adaptive MFA | Passwordless | Trust SASE/REMOTE WORKER ZERO TRUST WORKFORCE Secure E-mail Duo Secure Access Unified Client | EDR | Cloud Managed Application Security Policy | API Security Application Segmentation Run-time Application Security ZERO TRUST WORKLOAD Application Security Stack Hybrid Private Cloud Native Security Secure Workload Secure Firewall ThousandEyes App Visibility | Detection | Response Secure Cloud Analytics Secure Application by AppDynamics Public Cloud* APIC-DC APIC Posture Telemetry Threat Query VPN Cisco Secure Client ThousandEyes (Visibility) Network Security Threat Protection | Secure Access Control | Managed Remote Access Network Edge Segmentation | Identity and Context | Profiling | Containment | Encrypted Visibility Cloud Edge DNS-layer security L7 firewall + IPS Secure web gateway Cloud access security broker/ shadow IT SSL decryption Remote browser Isolation Data loss prevention Cloud malware detection RAaaS ZTNA Umbrella/Duo SECURE ACCESS SERVICE EDGE (SASE) PRIVATE CLOUD EDGE (MSP or CUSTOMER) On-Premises IoT/OT SECURITY Scalable | Flexible | Visibility | Comprehensive Security Secure Critical Infrastructure | Unified IT and OT Reliable | Scalable | Flexible ThousandEyes Secure Firewall SDWAN by Viptela SDWAN SDWAN ThousandEyes Secure Firewall SDWAN by Viptela SDWAN Cyber Vision ISE TrustSec Industrial Router Industrial Firewall Industrial Switch/AP Secure Firewall DuoCloud SSO+IDP Secure Web Appliance Secure Network Analytics ISE Cisco DNA Center TrustSec Security Analytics and Logging Full Stack Secure DDoS Network Gateway SASE/SDWAN ZERO TRUST WORKPLACE (XDR) Threat Visibility & Hunting Managed Detection and Response Services 3rd Party Integrations Security, Orchestration, Automation and Response Incident Response and Remediation Services Secure Cloud Insights Kenna Vuln Mgmt Device Insights Security Operations Security Reference Architecture Use case: SecureX Telemetry
  • 8.
    Threat Intelligence |Malware Analytics | Actionable Intelligence | Unmatched Visibility | Collective Responses User/Device Security Adaptive MFA | Passwordless | Trust SASE/REMOTE WORKER ZERO TRUST WORKFORCE Secure E-mail Duo Secure Access Unified Client | EDR | Cloud Managed Application Security Policy | API Security Application Segmentation Run-time Application Security ZERO TRUST WORKLOAD Application Security Stack Hybrid Private Cloud Native Security Secure Workload Secure Firewall ThousandEyes App Visibility | Detection | Response Secure Cloud Analytics Secure Application by AppDynamics Public Cloud* APIC-DC APIC Posture Telemetry Threat Query VPN Cisco Secure Client ThousandEyes (Visibility) Network Security Threat Protection | Secure Access Control | Managed Remote Access Network Edge Segmentation | Identity and Context | Profiling | Containment | Encrypted Visibility Cloud Edge DNS-layer security L7 firewall + IPS Secure web gateway Cloud access security broker/ shadow IT SSL decryption Remote browser Isolation Data loss prevention Cloud malware detection RAaaS ZTNA Umbrella/Duo SECURE ACCESS SERVICE EDGE (SASE) PRIVATE CLOUD EDGE (MSP or CUSTOMER) On-Premises IoT/OT SECURITY Scalable | Flexible | Visibility | Comprehensive Security Secure Critical Infrastructure | Unified IT and OT Reliable | Scalable | Flexible ThousandEyes Secure Firewall SDWAN by Viptela SDWAN SDWAN ThousandEyes Secure Firewall SDWAN by Viptela SDWAN Cyber Vision ISE TrustSec Industrial Router Industrial Firewall Industrial Switch/AP Secure Firewall DuoCloud SSO+IDP Secure Web Appliance Secure Network Analytics ISE Cisco DNA Center TrustSec Security Analytics and Logging Full Stack Secure DDoS Network Gateway SASE/SDWAN ZERO TRUST WORKPLACE (XDR) Threat Visibility & Hunting Managed Detection and Response Services 3rd Party Integrations Security, Orchestration, Automation and Response Incident Response and Remediation Services Secure Cloud Insights Kenna Vuln Mgmt Device Insights Security Operations Security Reference Architecture Use case: SecureX Orchestration