This chapterdiscusses the concept of borderless Networks. It discusses Cisco borderless Network architecture, including the components and underlying technologies. You will learn about the Cisco security portfolio products that address specifically issues of borderless Networks, and more precisely about Cisco SecureX. This chapter introduces Cisco threat control and containment products and VPN technologies that will be covered in greater detail in subsequent chapters.
Security Strategy and Cisco Borderless Network © 2012 Cisco and/or its affiliates All rights reserved In this chapter, you learn about the following Cisco Borderless Networks topics: • Cisco Borderless Network Architecture • Cisco security portfolio of products solving issues of Borderless Networks • Cisco SecureX Architecture presenting its features and benefits • Cisco threat control and containment products and technologies • Cisco content security products and technologies • Cisco VPN solutions and technologies • Security management products and technologies http://www.cisco.com/en/US/products/ps10906/Products_Sub_Category_Home.html# © 2012 Cisco and/or its affiliates All rights reserved Borderless Networks Cisco Borderless Network Security Architecture © 2012 Cisco and/or its affiliates All rights reserved Borderless End Zone © 2012 Cisco and/or its affiliates All rights reserved Borderless Internet Intelligent Access Policies Provides Context Awareness for Adaptive Securing of Endpoints © 2012 Cisco and/or its affiliates All rights reserved Borderless Data Center Evolution of Security in the Data Center © 2012 Cisco and/or its affiliates All rights reserved Policy Management Layer © 2012 Cisco and/or its affiliates All rights reserved Borderless Security Products Policy Management Provided by Cisco Borderless Security Products © 2012 Cisco and/or its affiliates All rights reserved SecureX, a Context-Aware Security Approach SecureX Context Awareness © 2012 Cisco and/or its affiliates All rights reserved Cisco SecureX Security Products © 2012 Cisco and/or its affiliates All rights reserved 10 Context-Aware Policies Context-Aware Policies Decide Access Privileges © 2012 Cisco and/or its affiliates All rights reserved 11 TrustSec Secure Resources Using TrustSec © 2012 Cisco and/or its affiliates All rights reserved 12 AnyConnect AnyConnect at Work © 2012 Cisco and/or its affiliates All rights reserved 13 Cisco Identity Services Engine • Cisco Identity Services Engine (ISE) is the centralized policy engine for business-relevant policy definition and enforcement • Cisco ISE complements global contextual information that is offered by Cisco SIO • Cisco ISE combines the functionality of other Cisco products, such as the Cisco Secure Access Control Server for authentication, authorization, and accounting (AAA) services and Cisco NAC, into this next-generation policy server © 2012 Cisco and/or its affiliates All rights reserved 14 Threat Control and Containment • Cisco ASA : provide proven firewall services and context- and application-aware capabilities for comprehensive, real-time threat defense • Cisco ISR : Through software- and hardware-integrated security functions, ISRs can easily become part of the army of security controls in networks of all kinds • Cisco IPS : Intrusion prevention is accomplished in a distributed fashion, from IPS 4200 appliances to integrated hardware modules such as the Advanced Inspection and Prevention Security Services Module (AIPSSM) for ASA or the Intrusion Detection Services Module (IDSM) for Cisco Catalyst 6500 © 2012 Cisco and/or its affiliates All rights reserved 15 Cisco Security Intelligence Operation • Threat intelligence, which is called Cisco SensorBase • The automatic and human development process, called the IronPort Threat Operations Center • The automated and best practices content that is pushed to network elements in the form of dynamic updates © 2012 Cisco and/or its affiliates All rights reserved 16 Cloud Security, Content Security, and Data Loss Prevention • Abuse and nefarious use of cloud computing • Insecure interfaces and APIs • Malicious insiders • Shared technology issues • Data loss or leakage • Account or service hijacking • Unknown risk profile © 2012 Cisco and/or its affiliates All rights reserved 17 Web Security ScanSafe Integration with Cisco AnyConnect © 2012 Cisco and/or its affiliates All rights reserved 18 Web Security Cisco IronPort WSA on Premises © 2012 Cisco and/or its affiliates All rights reserved 19 Email Security Cisco IronPort Email Security Solutions © 2012 Cisco and/or its affiliates All rights reserved 20 Secure Connectivity Through VPNs VPN Deployment Options © 2012 Cisco and/or its affiliates All rights reserved 21 Security Management • Device managers • Cisco Configuration Professional • Cisco Security Manager © 2012 Cisco and/or its affiliates All rights reserved 22 Summary In this chapter, you learned about the Cisco Borderless Network Architecture This chapter examined the Cisco Security portfolio of products and, more specifically, reviewed the following: • Cisco SecureX Architecture (at a high level), highlighting its features and benefits and providing examples of Cisco products that fall within this category • Cisco threat control and containment products and technologies, such as the Cisco ASA and Cisco IPS, and illustrating their high-level features and benefits • Cisco content security and data loss prevention technologies, such as Cisco IronPort WSA and ESA, and illustrating their high-level features and benefits • Cisco VPN solutions and technologies, and illustrating their high-level features and benefits • The different security management products and technologies, focusing at a high level on Cisco Security Manager © 2012 Cisco and/or its affiliates All rights reserved 23 © 2012 Cisco and/or its affiliates All rights reserved 24 ... this chapter, you learn about the following Cisco Borderless Networks topics: • Cisco Borderless Network Architecture • Cisco security portfolio of products solving issues of Borderless Networks... All rights reserved Borderless Networks Cisco Borderless Network Security Architecture © 2012 Cisco and/ or its affiliates All rights reserved Borderless End Zone © 2012 Cisco and/ or its affiliates... high-level features and benefits • Cisco content security and data loss prevention technologies, such as Cisco IronPort WSA and ESA, and illustrating their high-level features and benefits • Cisco