During the Next Generation Network and Data Centre – Now and into the Future – Vision, Roadmap and Execution

Securing the Next Generation Network and Data Centre – Now and into the Future – Vision, Roadmap, and Execution B-EN-01-B

Bret Hartman

Vice President and Chief Technology Officer, Cisco Security Business Group

Cisco and/or its affiliates. All rights reserved. Session FAQ Forum Cisco Public

House Keeping Notes – Wednesday April 16, 2014

Thank you for attending Cisco Connect Toronto 2014, here are a few housekeeping notes to ensure we all enjoy the session today.

Please ensure your cellphones are set on silent to ensure no one is disturbed during the session

Please hold all questions until the end of these session to ensure all material is covered

2

Cisco and/or its affiliates. All rights reserved. Session FAQ Forum Cisco Public

Complete Your Paper Session Evaluation – Wednesday April 16

Give us your feedback and you could win 1 of 2

fabulous prizes in a random draw.

Complete and return your paper evaluation

form to the Room Attendant at the end of the

session.

Winners will be announced today at the end of

the session. You must be present to win!

Please visit the Concierge desk to pick up your

prize redemption slip.

Visit them at BOOTH# 407

http://www.google.com/aclk?sa=l&ai=CG2awSZxqUdmnIPKh6QGc2oHwAZDV48gCqLGXwTvI1sycSQgGEAMoA1Dburb5BGDJ1q6KpKTEEaAB3OuE_QPIAQeqBCNP0LNQhqdgW7cj9_QLmL6qjhzmt6ofFchKKiN01DpGJxLdTboFEwiblL75j8q2AhUrGjQKHR8zALrABQXKBQCgBiaAB4yU-wLgEsza__m9m6rV0QE&ei=SJxqUZvQF6u00AGf5oDQCw&sig=AOD64_3c0ay6iHU-GGkY5JlWB4p4X2vmXw&ctype=5&rct=j&frm=1&q=kobo+vox&sqi=2&ved=0CKUBEPMO&adurl=http://www.digitaldeliverydownloads.com/kobo-vox-ereader.html

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

Recent Events Have Eroded Trust


"We can trust the NSA

because without a doubt it is

history's most powerful,

pervasive, sophisticated

surveillance agency ever to

be totally pwned by a 29-

year-old with a thumb drive”


The Industrialization of Hacking

2000 1990 1995 2005 2010 2015 2020

Viruses 1990–2000

Worms 2000–2005

Spyware and Rootkits 2005–Today

APTs Cyberware Today +

Hacking Becomes an Industry

Sophisticated Attacks, Complex Landscape

Phishing, Low Sophistication


Any Device to Any Cloud

Public Cloud Private Cloud

Public Cloud


The Security Problem

Changing

Business Models

Dynamic

Threat Landscape

Complexity

and Fragmentation


Comprehensive Security Portfolio

IPS & NGIPS

• Cisco IPS 4300 Series

• Cisco ASA 5500-X Series integrated IPS

Web Security

• Cisco Web Security Appliance (WSA)

• Cisco Virtual Web Security Appliance (vWSA)

• Cisco Cloud Web Security

Firewall & NGFW

• Cisco ASA 5500-X Series

• Cisco ASA 5500-X w/ NGFW license

• Cisco ASA 5585-X w/ NGFW blade

Advanced Malware Protection

NAC + Identity Services

• Cisco Identity Services Engine (ISE)

• Cisco Access Control Server (ACS)

Email Security

• Cisco Email Security Appliance (ESA)

• Cisco Virtual Email Security Appliance (vESA)

• Cisco Cloud Email Security

• Cisco

UTM

• Meraki MX

VPN

• Cisco AnyConnect VPN


The New Security Model

BEFORE Discover

Enforce

Harden

AFTER Scope

Contain

Remediate

Attack Continuum

Network Endpoint Mobile Virtual Cloud

Detect

Block

Defend

DURING

Point in Time Continuous


Network-Integrated,

Broad Sensor Base,

Context and Automation

Continuous Advanced Threat

Protection, Cloud-Based

Security Intelligence

Agile and Open Platforms,

Built for Scale, Consistent

Control, Management

Strategic Imperatives


Visibility-Driven Threat-Focused Platform-Based


Visibility-Driven


Need Both Breadth and Depth


BREADTH

DEPTH

Who What Where When How


Cisco Fabric Provides Pervasive Visibility

Network Servers

Operating Systems

Routers and Switches

Mobile Devices

Printers

VoIP Phones

Virtual Machines

Client Applications

Files

Users

Web Applications

Application Protocols

Services

Malware

Command and Control

Servers

Vulnerabilities

NetFlow

Network Behavior

Processes


?

Threat-Focused


Detect, Understand, and Stop Threats

?

Collective Security Intelligence

Threat Identified

Event History

How

What

Who

Where

When

ISE + Network, Appliances (NGFW/NGIPS)

Context

AMP, CWS, Appliances

Recorded

Enforcement


Continuous Advanced Threat Protection

ISE + Network, Appliances (NGFW/NGIPS)

How

What

Who

Where

When


AMP, CWS, Appliances

Enforcement

Event History

AMP, Threat Defense

Continuous Analysis Context


Today’s Security Appliances

W W W

Context-

Aware

Functions

IPS

Functions Malware

Functions

VPN

Functions Traditional

Firewall

Functions


Management

Security

Services and

Applications

Security

Services

Platform

Infrastructure

Element

Layer

Platform-Based Security Architecture

Common Security Policy & Management

Common Security Policy and Management

Orchestration

Security Management APIs

Cisco ONE APIs

Platform APIs

Cloud Intelligence APIs

Physical Appliance Virtual Cloud

Access Control

Context Awareness

Content Inspection

Application Visibility

Threat Prevention

Device API: OnePK™, OpenFlow, CLI

Cisco Networking Operating Systems (Enterprise, Data Center, Service Provider)

Route–Switch–Compute ASIC Data Plane Software Data Plane

APIs APIs

Cisco Security Applications Third-Party Security Applications


The Security Perimeter in the Cloud

The Distributed Perimeter

Cloud Connected Network


Telemetry Data Threat Research Advanced Analytics

Mobile Router Firewall

3M+ Cloud Web Security Users

6 GB Web Traffic Examined, Protected Every Hour

75M Unique Hits Every Hour

10M Blocks Enforced Every Hour


Develop Ecosystems for Cisco Security

Cisco Current

Partner Ecosystem Mobility (MDM), Threat (SIEM), Cloud

Partner to Deliver Complete Solutions

Open Platform Architecture Enables

Develop SSP Partner Ecosystem

ISE as “Context Directory Service”

Embed Security in Broader IT Solutions

Lancope, Network as a Sensor

Drive the Value of the Network


Visibility and Context

Firewall

NGFW

NAC + Identity Services

VPN

UTM

NGIPS

Web Security

Email Security

Advanced Malware Protection

Network Behavior Analysis

Covering the Entire Attack Continuum

BEFORE Discover

Enforce

Harden

AFTER Scope

Contain

Remediate

Attack Continuum

Detect

Block

Defend

DURING

Questions?

26

During the Next Generation Network and Data Centre – Now and into the Future – Vision, Roadmap and Execution

Technology

cisco andor

cisco confidential

cisco security business

x series cisco asa

x w ngfw license cisco

security problem

new security model

paper session evaluation