Cisco Security Solutions: January 2009

Quick Reference Guide
For Customers
®
Cisco Security Solutions
Contents
Why Security Matters More Than Ever
Security Appliances
• Cisco ASA 5500 Series Adaptive Security Appliances
Firewall
Intrusion Prevention Systems
Cisco Router Security
End-Point Security
• Cisco Security Agent
• Cisco Network Admission Control
Email, Web, and Content Security
• Cisco Web Security Gateway Appliances
• Cisco IronPort Email Security Appliances
• Cisco ACE Web Application Firewall
• Content Security on the Cisco ASA 5500 Series
Management
• Cisco Security Monitoring, Analysis, and Response System
• Cisco Security Manager
• Cisco Secure Access Control System
• Cisco Enterprise Policy Manager
Switch Security
• Cisco Catalyst 6500 Series Security Services Modules
• Cisco TrustSec
Solutions
• Compliance
• Cisco Virtual Office
Virtual Private Networks
• Site-to-Site VPNs
• Remote-Access VPNs
Putting It All Together
EXIT
January 2009
HOME
Contents
Security Appliances
Firewall
End-Point Security
Cisco Security Agen
EXIT
Security Appliances HOME
Cisco ASA 5500 Series Contents

Adaptive Security Appliances Why Security Matters More Than Ever
Security Appliances
Overview Benefits • Cisco ASA 5500 Series Adaptive Security Appliances
• The Cisco ASA 5500 Series converges full-featured, high-
®
• Reduces cost and complexity by providing firewall, SSL and Firewall
performance firewall (including application firewall services), IPsec VPN, intrusion prevention, network content security Intrusion Prevention Systems
intrusion prevention, content security, IPsec/ SSL VPN, and services, and secure unified communications on a single
secure unified communications technologies in a single, hardware platform
easy-to-use security appliance. End-Point Security
• Delivers high performance with multiple security services for
• Now you can provide industrial-strength security for your the same cost as a firewall alone • Cisco Network Admission Control
network while reducing cost and complexity by converging • Adapts to new security threats Email, Web, and Content Security
multiple security functions into a high-performance
• Provides thorough remote-office protection to protect data • Cisco Web Security Gateway Appliances
appliance. • Cisco IronPort Email Security Appliances
and voice for remote workers
• Cisco ASA 5500 Series integrated security platforms provide • Cisco ACE Web Application Firewall
• Provides an integrated threat protection solution on a single
the scalability to meet the security needs of businesses of all • Content Security on the Cisco ASA 5500 Series
device, for both SSL and IPsec VPN connectivity
sizes. Management
For more information, please visit: • Cisco Security Monitoring, Analysis, and Response System
http://www.cisco.com/go/asa • Cisco Security Manager
The following figure shows how Cisco ASA 5500 Series Adaptive Security Appliances fit in the network. • Cisco Enterprise Policy Manager
Switch Security
Branch Office
Mobile Worker • Cisco Catalyst 6500 Series Security Services Modules
• Cisco TrustSec
Solutions
Main Office
• Compliance
Cisco ASA 5500
(may include Data Center
Application
Firewall, IPS,
Content Security, Servers • Site-to-Site VPNs
VPN and Secure Cisco Unified • Remote-Access VPNs
Secure UC) Wireless CallManager EXIT
Private
WAN CiscoUnity®
System
Internet
Cisco ASA 5500

(may include
Firewall, IPS,
Content Security,
VPN and
Secure UC)
Firewall HOME
Overview Benefits Contents

The firewall protects the resources of a private network from • Enables organizations of all sizes to protect their critical Why Security Matters More Than Ever
unauthorized access to applications, networks, and data by networks from unauthorized access
Security Appliances
internal or external users. • Protects applications and network services from attack with • Cisco ASA 5500 Series Adaptive Security Appliances
• Cisco® firewall solutions provide integrated network security advanced application inspection capabilities
Firewall
services, including: • Offers multiprotocol support to enable dynamic routing for
• Stateful packet inspection improved network reliability and performance
• Application-layer and protocol inspection • Makes it easy to centrally administer and manage all firewall
solutions using Cisco Security Manager End-Point Security
• Inline intrusion prevention
• Rich multimedia and voice security • Provides an extremely resilient security infrastructure with
high-availability capabilities
• Cisco offers multiple firewall solutions, including: Email, Web, and Content Security
• Maximizes network uptime, resulting in improved productivity
• Cisco ASA 5500 Series Adaptive Security Appliances • Cisco Web Security Gateway Appliances
• Enables secure deployment of next-generation unified • Cisco IronPort Email Security Appliances
• Cisco IOS® Software- and Cisco NX-OS® Software-based
communications and multimedia applications • Cisco ACE Web Application Firewall
firewall on Cisco routers • Content Security on the Cisco ASA 5500 Series
• Cisco Catalyst® 6500 Series Firewall Services Module For more information, please visit:
Management
(FWSM) for environments needing greater scalability http://www.cisco.com/go/firewall
The following figure shows how Cisco firewall solutions fit in the network. • Cisco Secure Access Control System
Branch Office
Mobile Worker Switch Security
• Cisco TrustSec
Main Office
Solutions
• Compliance
Data Center • Cisco Virtual Office
Application
Servers Virtual Private Networks
Secure Cisco Unified • Site-to-Site VPNs
Cisco ASA CallManager
Wireless • Remote-Access VPNs
Cisco IOS 5500 Security
Router Appliance EXIT
Security ASR Router Putting It All Together
Security
CiscoUnity®
Branch Firewall System
is included
in Secure
Cisco Catalyst 6500 Series
WAN Bundle
Private Firewall Services Module
WAN
Internet
Cisco ASA
5500 Security
Appliance
Intrusion Prevention Systems HOME
Overview Contents
The most trusted and widely-deployed IPS in the world, Cisco Cisco IPS collaborates with other key network components
Intrusion Prevention System (IPS) provides proven protection for end-to-end network-wide protection. Threat information
is shared between Cisco IPS and the host-based IPS Cisco Security Appliances
against over 30,000 threats to help customers secure their
confidential data and meet ever-increasing compliance Security Agent and Cisco wireless controller. Available as a
mandates. Cisco IPS accurately identifies, classifies, and stops dedicated appliance, Cisco IPS is also integrated into Cisco Firewall
malicious traffic, including worms, spyware / adware, network firewall, switch, and router platforms for maximum protection Intrusion Prevention Systems
viruses, and application abuse before they affect business and deployment flexibility. Cisco Router Security
continuity. Cisco Anomaly Detection stops Day-Zero attacks
End-Point Security
before signature updates are available. • Cisco Security Agent
The following figure shows how Cisco IPS products fit within the network.
Branch Office • Cisco Web Security Gateway Appliances
Mobile Worker • Cisco IronPort Email Security Appliances
Main Office
Management
Management: • Cisco Security Monitoring, Analysis, and Response System
Data Center
CiscoSecurity • Cisco Security Manager
Manager, • Cisco Secure Access Control System
Cisco ASA CiscoSecurity MARS
5500 with IPS Secure • Cisco Enterprise Policy Manager
Wireless
Switch Security
IPS • Cisco TrustSec
Solutions
• Compliance
Private IPS
WAN
Internet • Remote-Access VPNs
EXIT
IPS
Intrusion Prevention Systems (continued) HOME
Benefits Contents
• Advanced IPS technology based on 12 years of IPS innovation Flexible deployment options include: Why Security Matters More Than Ever
• Proven protection against more than 30,000 threats • Cisco IPS 4200 Series Sensors as standalone IPS appliances. Security Appliances
• Tight integration with host-based IPS (Cisco Security Agent) Learn more at: http://www.cisco.com/go/4200 • Cisco ASA 5500 Series Adaptive Security Appliances
for end-to-end protection • Integrated Cisco ASA 5500 Series Advanced Inspection Firewall
• Tight integration with Cisco Wireless Controller for secure and Prevention Security Services Modules (AIP SSM10,
wireless deployments AIP SSM20, and AIP SSM40) provide intrusion prevention,
firewall, and VPN in a single, easy-to-deploy platform. Cisco Router Security
• Simplified management with Cisco IPS Manager Express for
smaller organizations Learn more at: http://www.cisco.com/go/aipssm End-Point Security
• Cisco AIM-IPS, NME-IPS, or Cisco IPS Sensor Software for • Cisco Security Agent
• Enterprise-class policy management with Cisco Security • Cisco Network Admission Control
Manager and Cisco Security Monitoring, Analysis, and integrated services routers.
Learn more at: http://www.cisco.com/go/ime Email, Web, and Content Security
Response System (Cisco Security MARS)
• Protects against more than just virus outbreaks, such as • Cisco Catalyst 6500 Series Intrusion Detection System
attacks targeted against a company’s information (IDSM-2) Modules. • Cisco ACE Web Application Firewall
Learn more at: http://www.cisco.com/en/US/products/hw/ • Content Security on the Cisco ASA 5500 Series
• Helps prevent against severe loss due to disruptions, theft, or
modules/ps2706/ps5058/index.html
defacement caused by compromised servers Management
• Cisco Adaptive Wireless IPS protects the wireless signal • Cisco Security Monitoring, Analysis, and Response System
• Stops worm and virus outbreaks at the network level, before
from being hijacked by an intruder while Cisco’s network IPS • Cisco Security Manager
they reach the desktop • Cisco Secure Access Control System
prevents authenticated users (with a legitimate user name
and password) from performing malicious or unauthorized • Cisco Enterprise Policy Manager
activity, such as stealing confidential data. Switch Security
Learn more at: http://www.cisco.com/go/wips • Cisco Catalyst 6500 Series Security Services Modules
• Cisco TrustSec
For more information on Cisco IPS solutions, please visit:
Solutions
http://www.cisco.com/go/ips
• Compliance
EXIT
Cisco Router Security HOME
Overview Contents
It’s crucial to secure your critical network infrastructure, • A good business continuity design typically includes Why Security Matters More Than Ever
including Cisco® routers. encrypted dual WAN links, remote network access during
Security Appliances
• Cisco Router Security adds important security features with disasters, and stateful failover of critical services. Cisco
a strong return on investment (ROI). Router Security enables all these solutions.
Firewall
• This feature set adds the following capabilities to your branch • Cisco Router Security can enable other network services
such as secure unified communications (voice and video) Intrusion Prevention Systems
router: site-to-site VPN, IPsec and SSL remote-access VPN,
Common Criteria/EAL4-certified stateful firewall, content and secure wireless LAN. Cisco Router Security
filtering, inline intrusion prevention, Network Admission End-Point Security
Control (NAC), and security management. • Cisco Security Agent
The following figure shows how the Cisco Router Security fits in the network. Email, Web, and Content Security
Branch Office • Cisco IronPort Email Security Appliances
Mobile Worker • Cisco ACE Web Application Firewall
Main Office Management
Data Center • Cisco Secure Access Control System
Application • Cisco Enterprise Policy Manager
Servers
Secure
Wireless
Cisco Unified Switch Security
Cisco IOS CallManager
Router
Security • Cisco TrustSec
Solutions
CiscoUnity® • Compliance
Branch Firewall
System
is included • Cisco Virtual Office
in Secure
ASR Router
WAN Bundle
Private Security
WAN • Site-to-Site VPNs
Internet EXIT
Cisco Router Security (continued) HOME
Benefits Contents
• Maximizes ROI by greatly increasing router value with • Enables compliance with U.S. federal and state data and Why Security Matters More Than Ever
security services such as firewall, IPsec and SSL VPN, network privacy laws (for example, Payment Card Industry
Security Appliances
intrusion prevention, content filtering, and Network Admission [PCI] requirements)
Control (NAC) • Simplifies management burden by converging security and
Firewall
• Enables your business to securely deploy wireless LAN and other services in a single network device
unified communications services such as voice and video Intrusion Prevention Systems
For more information, please visit:
• Offers a secure, cost-effective, easy-to-manage, and scalable Cisco Router Security
http://www.cisco.com/go/routersecurity
solution for site-to-site business communications End-Point Security
The following figure shows the security services available through Cisco Router Security • Cisco Network Admission Control
Secure Network Solutions
Management
Compliance • Cisco Security Manager
Business Continuity Secure Voice Secure Mobility
Switch Security
Integrated Threat Control • Cisco Catalyst 6500 Series Security Services Modules
• Cisco TrustSec
Solutions
011111101010101 • Compliance
Advanced Content Intrusion Flexible Packet Network 802.1x Network Foundation
Firewall Filtering Prevention Matching Admission Control Protection Virtual Private Networks
Secure Connectivity Management and Instrumentation EXIT
Role-Based
GET VPN DMVPN Easy VPN SSL VPN CCP NetFlow Access IP SLA
End-Point Security HOME
Cisco Security Agent Contents

Overview Benefits Security Appliances
Cisco® Security Agent is the first endpoint security solution • Zero-update protection reduces emergency patching in • Cisco ASA 5500 Series Adaptive Security Appliances
that combines zero-update attack protection, data loss response to vulnerability announcements, minimizing patch- Firewall
prevention, and signature-based antivirus in a single agent. related downtime and IT expenses.
This unique blend of capabilities defends servers and Intrusion Prevention Systems
• Visibility and control of sensitive data protects against loss
desktops against sophisticated zero-day attacks, and enforces Cisco Router Security
from both user actions and targeted malware.
acceptable-use and compliance policies within a simple
• Predefined compliance and acceptable use policies allow for End-Point Security
management infrastructure. • Cisco Security Agent
efficient management, reporting, and auditing of activities.
• You will save on your security budget with better security: • Cisco Network Admission Control
• “Always-vigilant” security means that your system is always
Cisco Security Agent 6.0 includes antivirus at no additional Email, Web, and Content Security
protected, even when users are not connected to the
cost and no charge for renewals. • Cisco Web Security Gateway Appliances
corporate network or lack the latest patches. • Cisco IronPort Email Security Appliances
• Data loss prevention is integrated with Cisco Security Agent
For more information, please visit: • Cisco ACE Web Application Firewall
endpoint security: A single agent and single management
console protects both the integrity of the endpoint and http://www.cisco.com/go/csa
confidential data. Management
• Cisco Security Agent provides certified PCI protection. • Cisco Security Manager
• Cisco Security Agent is the industry leader in defending • Cisco Secure Access Control System
endpoints against targeted attacks, malicious mobile code, • Cisco Enterprise Policy Manager
rootkits, worms, and zero-day attacks. Switch Security
The following figure shows how Cisco Security Agent fits in the network. • Cisco TrustSec
Solutions
Branch Office • Compliance
Mobile Worker
Mobile Worker
with Cisco Virtual Private Networks
Main Office
Security Agent • Site-to-Site VPNs
EXIT
Desktops with
Cisco Security
Agent Data Center
Private Critical Servers with

WAN Cisco Security Agent
Internet
Desktops with Cisco Security Agent

Cisco Network Admission Control Contents

Overview Security Appliances
• Cisco® Network Admission Control (NAC) enables the • The optional Cisco NAC Profiler automates discovery and • Cisco ASA 5500 Series Adaptive Security Appliances
network to enforce security policies on all devices seeking inventory of all LAN-attached endpoints, including non-PC Firewall
to access the network. devices such as IP phones and printers. It simplifies NAC
• Cisco NAC protects sensitive data and prevents unauthorized deployment by using the device information to apply
access by confirming a user’s identity before access to the appropriate Cisco NAC policies. Cisco Router Security
network is granted. • The optional Cisco NAC Guest Server supports the End-Point Security
entire guest access lifecycle (provisioning, notification, • Cisco Security Agent
• Cisco NAC minimizes the risks associated with noncompliant
management, and reporting). • Cisco Network Admission Control
devices, regardless of system type, ownership, or access
methods, resulting in more resilient and secure networks. Email, Web, and Content Security
• Noncompliant devices can be quarantined and brought into • Cisco IronPort Email Security Appliances
compliance. • Cisco ACE Web Application Firewall
The following figure shows how Cisco NAC fits in the network. Management
Network • Cisco Security Monitoring, Analysis, and Response System
Access 1. End user attempts to access • Cisco Security Manager
Device a network Authentication • Cisco Secure Access Control System
Network access is blocked
Server • Cisco Enterprise Policy Manager
Wired until end user provides
login information. Switch Security
Employee Posture Assessment • Cisco TrustSec
Guest
Contractor Wireless Compliant Cisco NAC Solutions
with correct login Manager
Partner • Compliance
Student Noncompliant • Cisco Virtual Office
or wrong login
3b. Device is compliant

VPN Machine gets on “clean list” • Site-to-Site VPNs
and is granted access • Remote-Access VPNs
IPsec/SSL to network. EXIT
Cisco NAC Quarantine

Server
3a. Device is noncompliant
2. User is redirected to a login page User is denied network access and
User login authenticated. device is assigned to a quarantine role.
Device validated to assess Device remediation takes place.
vulnerabilities and posture.
Cisco Network Admission Control Contents

(continued) Why Security Matters More Than Ever
Security Appliances
Benefits • Cisco ASA 5500 Series Adaptive Security Appliances
• Enforces security policy compliance at the network level • Profiling service reduces IT burden by automating device Firewall
• Proactively protects against infrastructure disruptions (such discovery and inventory
as viruses and worms) • Guest service provides secure guest access and guest
• Controls and reduces large-scale infrastructure satisfaction
End-Point Security
disruptions • Supports all use cases, including campus, branch offices,
• Reduces operating expenses and maintains higher wireless, and VPN • Cisco Network Admission Control
employee productivity • Secures both company-owned and non-company-owned
• Prevents unauthorized access devices • Cisco Web Security Gateway Appliances
• Controls network access based on user and device • Can be deployed for Layer 2 or Layer 3, in-band or out-of- • Cisco IronPort Email Security Appliances
band • Cisco ACE Web Application Firewall
credentials to maintain security and protect confidential
information • Reduces IT security risks and addresses compliance
requirements Management
• Provides effective controls for guest access and partner
connections For more information, please visit: • Cisco Security Manager
• Provides complete services (user authentication, device http://www.cisco.com/go/nac • Cisco Secure Access Control System
posture validation, policy enforcement, remediation, device • Cisco Enterprise Policy Manager
profiling, and secure guest) to meet customer business Switch Security
needs • Cisco Catalyst 6500 Series Security Services Modules
• Cisco TrustSec
Solutions
• Compliance
EXIT
Email, Web, and Content Security HOME
Cisco Web Security Contents

Gateway Appliances Why Security Matters More Than Ever
Security Appliances
The number of security threats introduced by web traffic has • The Cisco IronPort S-Series offers a single-appliance Firewall
reached epidemic proportions. Traditional gateway defenses solution to secure and control the three greatest web traffic Intrusion Prevention Systems
are proving to be inadequate against a variety of web-based risks facing enterprise networks: security risks, resource risks,
malware, leaving corporate networks exposed to the inherent and compliance risks.
danger posed by these threats. End-Point Security
• By stopping malware threats at the network perimeter with
• According to industry estimates, approximately 75 percent the Cisco IronPort S-Series, enterprises can significantly • Cisco Network Admission Control
of corporate PCs are infected with spyware, yet less than 10 reduce administrative costs, prevent attacker “phonehome”
percent of corporations have deployed perimeter malware activity on networks, reduce support calls, enhance worker
defenses. productivity, and eliminate the business exposure that • Cisco IronPort Email Security Appliances
• The Cisco® IronPort® S-Series Web Security Gateway accompanies these threats. • Cisco ACE Web Application Firewall
Appliance is the industry’s first and only appliance to combine • The industry’s first web reputation filters provide a powerful • Content Security on the Cisco ASA 5500 Series
traditional URL filtering, reputation filtering, and malware outer layer of defense. Cisco IronPort Web Reputation Management
filtering on a single platform. Filters use SenderBase technology to analyze more than • Cisco Security Monitoring, Analysis, and Response System
50 different web traffic and network-related parameters to • Cisco Security Manager
• The S-Series provides multiple layers of defense on a single
accurately evaluate a URL’s trustworthiness. • Cisco Secure Access Control System
appliance while maintaining carrier-class performance. • Cisco Enterprise Policy Manager
• By implementing acceptable use policies, enterprises can
The following figure shows how the Cisco IronPort S-Series fits Switch Security
not only monitor activities, but can also help generate
in the network. • Cisco Catalyst 6500 Series Security Services Modules
awareness and increase education about the risks these • Cisco TrustSec
policies help mitigate.
Solutions
• Unlike other ICAP-based solutions that require multiple
WCCP Router or • Compliance
pieces of hardware to maintain, the Cisco IronPort S-Series • Cisco Virtual Office
Layer 4 Switch
Router provides a single platform that contains a complete, in-depth
defense.
• Designed to minimize administrative overhead, Cisco • Remote-Access VPNs
Firewall IronPort S-Series appliances offer easy setup and EXIT
management with an intuitive graphical user interface,
Internet
support for automated updates, and comprehensive
Router
monitoring and alerting.
• Cisco IronPort S-Series appliances deliver real-time and
historical security information, enabling administrators to
quickly understand web traffic activity.
For more information, please visit:

http:// www.ironport.com/web
Clients IronPort S-Series Integrated
Authentication via LDAP
and Active Directory
Cisco IronPort Contents

Email Security Appliances Why Security Matters More Than Ever
Security Appliances
Cisco provides the world’s most powerful multilayered Cisco IronPort’s antispam solutions quickly and accurately Firewall
approach to email security. The Cisco® IronPort® C-Series protect customers from spam outbreaks. Intrusion Prevention Systems
provides world-class spam protection, data loss prevention, • Cisco IronPort combines SenderBase Reputation Filters Cisco Router Security
preventive virus outbreak filters, and signature-based reac- with content-level analysis and Cisco IronPort Anti-Spam, to
tive filters, combined with content filtering and best-of-breed End-Point Security
protect customers from an industry best: removing 99% of
encryption technology, to deliver the highest level of email • Cisco Security Agent
spam with near-zero false positives. • Cisco Network Admission Control
security available today.
• The Cisco IronPort C-Series enables a significant reduction
Today’s email-borne threats consist of virus attacks, spam, in TCO by consolidating email operations and security • Cisco Web Security Gateway Appliances
false positives, distributed denial-of-service (DDoS) attacks, into a single platform. The unparalleled performance of the • Cisco IronPort Email Security Appliances
spyware, phishing (fraud), regulatory compliance violations, and C-Series delivers dial-tone availability—saving hours of pro- • Cisco ACE Web Application Firewall
data loss. The unparalleled performance of the Cisco IronPort ductivity and thousands of dollars during peak traffic times. • Content Security on the Cisco ASA 5500 Series
email security appliance delivers industry-leading protection Management
• Cisco IronPort provides system administrators with the
from inbound spam and virus attacks and outbound data loss • Cisco Security Monitoring, Analysis, and Response System
necessary information to make critical security decisions
possibilities, in an easy-to-use appliance. • Cisco Security Manager
and demonstrate ROI.
For more information, please visit: • Cisco Enterprise Policy Manager
http:// www.ironport.com/email Switch Security
The following figure shows how Cisco IronPort fits in your network. • Cisco TrustSec
Before IronPort After IronPort Solutions

• Compliance
Internet Firewall Firewall Internet
DLP
Scanner
EXIT
MTA Putting It All Together
Encryption
Platform
Antispam
Antivirus DLP Policy IronPort Email

Manager Security Appliance
Policy
Enforcement
Mail Routing Users Users
Groupware Groupware
Cisco ACE Contents

Web Application Firewall Why Security Matters More Than Ever
Security Appliances
Many organizations are looking to increase efficiency and • PCI DSS regulation compliance, with out-of-the-box Firewall
profitability through new Web 2.0 applications and services. customizable PCI policies and securing, auditing, and Intrusion Prevention Systems
Unfortunately, these new applications are often customized reporting on web application activity
and poorly secured. • Full-proxy security for both traditional HTML-based web
End-Point Security
• The Cisco® ACE Web Application Firewall combines deep applications and modern XML-enabled web services
web application analysis with high-performance Extensible applications • Cisco Network Admission Control
Markup Language (XML) inspection and management to • Authentication and authorization enforcement to block Email, Web, and Content Security
address the full range of threats to web applications, unauthorized access • Cisco Web Security Gateway Appliances
including identity theft, data theft, information leakage, • Best-in-industry scalability throughput for managing XML • Cisco IronPort Email Security Appliances
application disruption, fraud, and targeted attacks. application traffic in largest of data centers • Cisco ACE Web Application Firewall
• The Cisco ACE Web Application Firewall is especially • Content Security on the Cisco ASA 5500 Series
• Positive and negative security enforcement to keep bad
designed to help organizations that store, process, and trans- traffic patterns out and identify and allow only good traffic Management
mit credit card data to comply with the current Payment Card • Cisco Security Monitoring, Analysis, and Response System
through
Industry (PCI) Data Security Standard (DSS) requirements. • Cisco Security Manager
• Enterprisewide, user-friendly management accessible • Cisco Secure Access Control System
• Because of its unique blend of HTML and XML security, anywhere on the network through the web GUI • Cisco Enterprise Policy Manager
the Cisco ACE Web Application Firewall provides a full
For more information, please visit: Switch Security
compliance solution for PCI DSS sections 6.5 and 6.6, which
http://www.cisco.com/go/waf • Cisco Catalyst 6500 Series Security Services Modules
mandate the implementation of a web application firewall. • Cisco TrustSec
The following figure shows how a Cisco ACE Web Application Firewall fits in the network. Solutions
• Compliance
Web-Enabled Applications
Cisco ACE Web • Remote-Access VPNs
Web Client Application EXIT
Manager Putting It All Together
Cisco ACE Cisco ACE
Network Application Application
Firewall Switch Switch
Internet
Portal
Cisco ACE Web Cisco ACE Web

Application Application
Firewall Firewall
Applications
DMZ Data Center
Content Security Contents

on the Cisco ASA 5500 Series Why Security Matters More Than Ever
Security Appliances
Overview • Cisco ASA 5500 Series Adaptive Security Appliances
• The Cisco ASA 5500 Series Adaptive Security Appliance
®
• Filtering content at the gateway provides a consistent layer of Firewall
with the Content Security and Control Security Services content protection for company-owned and guest computers, Intrusion Prevention Systems
Module (CSC-SSM) is an all-in-one threat defense appliance regardless of the type or status of antivirus protection on
that takes advantage of Cisco’s leadership in firewall and those computers. The CSC-SSM provides a comprehensive
VPN technology and Trend Micro’s expertise in antimalware set of content security services, including antispam, URL End-Point Security
and gateway content security. filtering and blocking, antiphishing, and antispyware, in
• The Cisco ASA 5500 Series with CSC-SSM allows network addition to antivirus services.
and security administrators to accurately identify, classify,
and stop malicious traffic, including worms, spyware/adware, • Cisco IronPort Email Security Appliances
network viruses, and application abuse, before they affect • Cisco ACE Web Application Firewall
business continuity. • Content Security on the Cisco ASA 5500 Series
Management
The following figure shows how Cisco content security solutions fit in the network. • Cisco Security Monitoring, Analysis, and Response System
Branch Office • Cisco Secure Access Control System
Mobile Worker
Switch Security
Main Office • Cisco Catalyst 6500 Series Security Services Modules
• Cisco TrustSec
Cisco ASA 5500
with Content Data Center Solutions
Security Module Application
• Compliance
Servers
Secure Cisco Unified • Cisco Virtual Office
Wireless CallManager
Private
CiscoUnity®
EXIT
WAN Putting It All Together
System
Internet
Cisco ASA 5500

with Content
Security Module
Content Security Contents

on the Cisco ASA 5500 Series Why Security Matters More Than Ever
Security Appliances
(continued) • Cisco ASA 5500 Series Adaptive Security Appliances
Firewall
Benefits
• The Cisco ASA 5500 Series with the CSC-SSM is an all-in- • The CSC-SSM includes configurable spam filters. Email Intrusion Prevention Systems
one appliance that includes firewall and VPN security, and reputation provides real-time information about senders of Cisco Router Security
interoperates well with the Cisco VPN concentrators and spam and botnets by assigning a reputation score to their
End-Point Security
Cisco PIX® firewalls that are still deployed in some remote IP addresses. Email from suspect IP addresses can then be
offices. blocked automatically “in the cloud,” before the messages • Cisco Network Admission Control
reach the company’s network. This level of domain
• The all-in-one appliance minimizes day-to-day management Email, Web, and Content Security
customization increases the control that organizations
while improving operational efficiency compared with • Cisco Web Security Gateway Appliances
have over their email traffic and helps conserve bandwidth • Cisco IronPort Email Security Appliances
separate solutions.
on internal networks. • Cisco ACE Web Application Firewall
• Firewall and VPN security are complemented with URL and
• Gateway, desktops, servers, and email are protected, • Content Security on the Cisco ASA 5500 Series
email filtering and protection from viruses, spam, spyware,
and phishing.
90 percent of spam is blocked, and traffic to and from Management
disreputable sites is blocked. • Cisco Security Monitoring, Analysis, and Response System
• Full-featured, in-depth, and convenient, the CSC-SSM • Cisco Security Manager
• Unwanted content does not clutter the network or system.
include antivirus, antispam, antiphishing, antispyware, and • Cisco Secure Access Control System
Bandwidth and storage are not flooded with spam. • Cisco Enterprise Policy Manager
URL and email filters.
• The CSC-SSM solution is low-maintenance—updates and
Switch Security
filtering are carried out automatically once setup is complete. • Cisco Catalyst 6500 Series Security Services Modules
For more information, please visit: • Cisco TrustSec
http://www.cisco.com/go/cscssm Solutions
• Compliance
EXIT
Management HOME
Cisco Security Monitoring, Contents

Analysis, and Response System Why Security Matters More Than Ever
Security Appliances
• The Cisco Security Monitoring, Analysis, and Response
®
• Collects, analyzes, and correlates data from a diverse set of Firewall
System (Cisco Security MARS) is a family of high- Cisco devices Intrusion Prevention Systems
performance, scalable appliances for threat management, • Shows a graphical attack path using topology awareness Cisco Router Security
monitoring, and mitigation. Cisco Security MARS helps
• Suggests mitigation for rapid threat containment End-Point Security
customers achieve greater security and make more effective
• Links with Cisco Security Manager for policy provisioning • Cisco Security Agent
use of network and security devices.
and event lookup • Cisco Network Admission Control
• Cisco Security MARS combines traditional security event
• Optimized for Cisco ASA and Cisco IPS troubleshooting Email, Web, and Content Security
monitoring with network intelligence to deliver precise
mitigation intelligence for real-time response to attacks, • Delivers high performance: A single Cisco Security MARS
intrusions, and other network threats. appliance can handle up to 15,000 events per second
For more information, please visit: • Content Security on the Cisco ASA 5500 Series
http://www.cisco.com/go/mars Management
The following figure shows how Cisco Security MARS fits in the network. • Cisco Security Manager
Branch Office • Cisco Enterprise Policy Manager
Mobile Worker
Switch Security
Main Office • Cisco TrustSec
Cisco Solutions
Security Data Center • Compliance
MARS
Application • Cisco Virtual Office
Servers
Secure Cisco Unified Virtual Private Networks
Wireless CallManager • Site-to-Site VPNs
EXIT
Private Putting It All Together
WAN CiscoUnity®
System
Internet
Management HOME
Cisco Security Manager Contents

• Cisco® Security Manager is a powerful but easy-to-use • Collaborates with Cisco Security MARS to form a • Cisco ASA 5500 Series Adaptive Security Appliances
solution that centrally provisions all aspects of device comprehensive security management solution that Firewall
configurations and security policies for Cisco firewalls, VPNs, encompasses security provisioning, event monitoring,
and intrusion prevention systems (IPSs). threat detection, and mitigation
• Cisco Security Manager provides centralized security • Allows faster response to threats—Defines and assigns new Cisco Router Security
administration, faster deployment, and increased security policies to thousands of devices in a few simple End-Point Security
configuration accuracy. steps • Cisco Security Agent
• The solution is effective for managing small networks • Provides superior ease of use with a rich graphical user
consisting of fewer than 10 devices, but also scales to interface Email, Web, and Content Security
efficiently manage large-scale networks composed of • Supports true enterprise-class operational environments with • Cisco IronPort Email Security Appliances
thousands of devices. support for multiple simultaneous security administrators • Cisco ACE Web Application Firewall
with fine-grained control of access permissions; an optional • Content Security on the Cisco ASA 5500 Series
Benefits
“workflow” mode allows the security and network operations Management
• Provides a single integrated application for managing firewall,
staff to work together effectively with the appropriate division • Cisco Security Monitoring, Analysis, and Response System
VPN, and IPS security services on Cisco security appliances
of responsibilities • Cisco Security Manager
and modules, routers, and switches
• Supports provisioning for Cisco router, switch, and security • Cisco Secure Access Control System
• Reduces operational expenses while improving provisioning • Cisco Enterprise Policy Manager
platforms
accuracy and consistency Switch Security
For more information, please visit: • Cisco Catalyst 6500 Series Security Services Modules
http://www.cisco.com/en/US/products/ps6498/index.html • Cisco TrustSec
Solutions
The following figure shows how Cisco Security Manager fits in the network.
• Compliance
Branch Office • Cisco Virtual Office
Mobile Worker
Main Office • Remote-Access VPNs
EXIT
Data Center
Cisco Application
Security Servers
Secure Manager
Wireless
Private
WAN
Internet
Management HOME
Cisco Secure Contents

Access Control System Why Security Matters More Than Ever
Security Appliances
• Cisco Secure ACS is the world’s most-trusted enterprise
®
• Centralized control for network access and device Firewall
network access policy and identity system, used by more administration. Intrusion Prevention Systems
than 40,000 enterprises worldwide. • Can be used with virtually any network device that supports Cisco Router Security
• With powerful performance and a design-for-versatility RADIUS or TACACS+.
End-Point Security
approach, Cisco Secure ACS provides a crucial building • Built to meet the needs of large networked environments with • Cisco Security Agent
block for almost any network identity and access policy support for redundant servers, remote databases, database • Cisco Network Admission Control
strategy. replication, and backup services. Email, Web, and Content Security
• Cisco Secure ACS interacts with external databases, policy • For the small enterprise and SMB, Cisco Secure ACS • Cisco Web Security Gateway Appliances
servers, and posture engines, becoming a control point for Express provides a powerful yet economical package. • Cisco IronPort Email Security Appliances
managing network access policy. • Cisco ACE Web Application Firewall
• Cisco Secure ACS View provides enhanced reporting,
• Cisco Secure ACS provides better control, monitoring, and monitoring, and troubleshooting designed for the highest
enforcement of access to corporate resources to meet ever- levels of visibility, control, and compliance. Management
changing business and regulatory needs. • Cisco Security Monitoring, Analysis, and Response System
For more information, please visit: • Cisco Security Manager
http://www.cisco.com/go/acs • Cisco Secure Access Control System
Switch Security
Monitor • Cisco Catalyst 6500 Series Security Services Modules
Provision • Cisco TrustSec
Solutions
• Compliance
Report • Cisco Virtual Office
Cisco Secure • Remote-Access VPNs
Network Integrate
Access Control
Interact Policy, DB EXIT
Enforcement & Enforce & Query Posture Putting It All Together
System (ACS)
Wireless Wired Remote
Access
Client
Management HOME
Cisco Enterprise Policy Manager Contents

• Cisco® Enterprise Policy Manager is the market-leading • Consistent administration and enforcement of entitlement • Cisco ASA 5500 Series Adaptive Security Appliances
policy-based authorization solution for enterprise applications policies (“configure not code”): Firewall
and data, providing fine-grained and differentiated access • Centralized, delegated management is usable by non-
control. developers
• Cisco Enterprise Policy Manager externalizes the policy Cisco Router Security
• Consistently applied for local and remotely hosted
decision services from existing applications, collaboration resources End-Point Security
services, and network infrastructure. • Cisco Security Agent
• Centralized auditing and real-time remediation: • Cisco Network Admission Control
• Cisco Enterprise Policy Manager allows companies to extract
• Policy what-ifs
business logic that makes access policy decisions from Email, Web, and Content Security
• Comprehensive “who has access to what, and, who • Cisco Web Security Gateway Appliances
individual applications. This looser binding of policy from
accessed what” • Cisco IronPort Email Security Appliances
application logic makes it easier (and much faster) to respond • Cisco ACE Web Application Firewall
to changing regulations and business needs. • Enterprise-class, standards-compliant product with out-of-
the-box integration with existing customer infrastructure
• Cisco Enterprise Policy Manager is a component of Cisco’s Management
Service-Oriented Network Architecture (SONA) strategy • Scalable from single application, to heterogeneous LoB, to
with the network becoming the provider of policy services to globally distributed enterprise • Cisco Security Manager
service-oriented architecture (SOA), Web 2.0, collaboration, For more information, please visit: • Cisco Secure Access Control System
unified communications, and enterprise applications. • Cisco Enterprise Policy Manager
http://www.cisco.com/go/epm
Switch Security
Reachability • Cisco Catalyst 6500 Series Security Services Modules
• Is Joe (who is an HR admin) allowed to access • Cisco TrustSec
an HR application from an “un-trusted” network? Solutions
• Compliance
EXIT
Policy-Based
Access Control
Functional Data
• Is Joe allowed to view employee profile? • What fields of the employee profile can Joe see?
• Can he adjust salary (if so, what limit/approval)? • Is he entitled to view address of employees in “EMEA” and
can he see data about all VPs and their direct reports?
Switch Security HOME
Cisco Catalyst 6500 Series Contents

Security Services Modules Why Security Matters More Than Ever
Security Appliances
• Cisco delivers integrated network security with a suite of • Ability to increase security while using existing Cisco Firewall
advanced security modules for Cisco® Catalyst® 6500 Series Catalyst 6500 Series investment Intrusion Prevention Systems
Switches. These include firewall, intrusion prevention system • Tightly integrated infrastructure security solutions Cisco Router Security
(IPS), IP Security (IPsec) VPN, Secure Sockets Layer (SSL)
• Highest-performance security solutions, offering multigigabit End-Point Security
acceleration, distributed denial-of-service (DDoS), and
performance in a single Cisco Catalyst 6500 Series Switch • Cisco Security Agent
content switching modules.
• Application-level visibility into the infrastructure • Cisco Network Admission Control
• These security modules enable integrated, highly available,
• Critical platform for collaboration of emerging technologies Email, Web, and Content Security
adaptive, and scalable security for network connectivity,
(such as applicationnetworking) • Cisco Web Security Gateway Appliances
services, and applications. • Cisco IronPort Email Security Appliances
For more information, please visit: • Cisco ACE Web Application Firewall
http://www.cisco.com/go/switchsecurity • Content Security on the Cisco ASA 5500 Series
Management
The following figure shows how Cisco Catalyst 6500 Series Security Services Modules fit in the network. • Cisco Security Monitoring, Analysis, and Response System
Branch Office • Cisco Secure Access Control System
Mobile Worker • Cisco Enterprise Policy Manager
Main Office Switch Security
Data Center • Cisco TrustSec
Application Solutions
Servers
Cisco Unified • Compliance
CallManager • Cisco Virtual Office
Secure
Wireless Virtual Private Networks
Cisco
Catalyst • Site-to-Site VPNs
6500 with
Services CiscoUnity® • Remote-Access VPNs
Private Modules System
EXIT
WAN Putting It All Together
VPN
Acceleration
Internet
Content
Switching
Stateful Firewall
Virtualization Services
Application Firewall
IPS
Switch Security HOME
Cisco TrustSec Contents

• Cisco® TrustSec provides secure campus access control. • Provides consistent role-based identity and controlled • Cisco ASA 5500 Series Adaptive Security Appliances
It protects customer data and resources by controlling access to critical applications and resources Firewall
access based on a user’s role in the organization. It works • Converges various roles, servers, and access definitions into
independent of how users connect to your network, when a centralized policy framework and simplifies identity-based
they connect, and where they connect. policy management Cisco Router Security
• Cisco TrustSec enables a converged policy framework. • Safeguards against data loss in support of regulatory End-Point Security
TrustSec helps customers consolidate multiple access • Cisco Security Agent
requirements
policies into a centralized policy framework for consistency • Cisco Network Admission Control
• Collaborates with Cisco Identity-Based Networking Services
and scalability. TrustSec can also act as a broker between Email, Web, and Content Security
(IBNS) to provide flexible authentication and policy controls
the campus network infrastructure and back-end policy • Cisco Web Security Gateway Appliances
• Enables scalable switch security services • Cisco IronPort Email Security Appliances
directories such as Active Directory.
• Streamlines policy management and implementation, allows • Cisco ACE Web Application Firewall
• Cisco TrustSec delivers pervasive integrity and confidentiality • Content Security on the Cisco ASA 5500 Series
new business opportunities, improves security, reduces IT
protection. TrustSec safeguards sensitive data and defeats
total cost, and helps achieve regulatory compliance Management
man-in-the-middle attacks by providing switch-level hop-to- • Cisco Security Monitoring, Analysis, and Response System
hop encryption between switch ports. For more information, please visit: • Cisco Security Manager
http://www.cisco.com/go/trustsec • Cisco Secure Access Control System
The following figure shows how Cisco TrustSec fits in the network.
Switch Security
Switch Policy Engine
• Cisco TrustSec
Solutions
Cisco
• Compliance
Employee
Catalyst Switch • Cisco Virtual Office
Cisco ASA
5500 Series • Remote-Access VPNs
Contractor AA-VPN EXIT
LAN
Cisco
Cisco Aironet WLAN Catalyst Switch
Access Points AA-WLAN
Sub-Contractor
Cisco Unified
CallManager AA-LAN
Cisco
Guest
Catalyst Switch
Cisco
Unknown Catalyst Switch
Solutions HOME
Compliance Contents
• The Payment Card Industry (PCI) is a global industry standard • CiscoWorks Network Compliance Manager • Cisco ASA 5500 Series Adaptive Security Appliances
to protect customer credit card information while it is in • Cisco Network Admission Control (NAC) Appliance Firewall
process, in transit, or while being stored. • Cisco IronPort® Email Security
• Cisco® PCI Validated Architectures, a set of architectures • Cisco ACE WAF
audited by a PCI Qualified Security Assessor (QSA) address Cisco Router Security
• Cisco IPS 4200 Series intrusion prevention system
many of the PCI requirements. appliances
End-Point Security
• The Cisco PCI solution includes Cisco products and services: • Cisco Catalyst® 6500 Series Firewall Services Module • Cisco Network Admission Control
• Cisco ASA 5500 Series Adaptive Security Appliances with (FWSM) and Intrusion Detection Services Module (IDSM-2)
firewall, VPN, and IPS
• Cisco Secure Access Control System (ACS) • Cisco Web Security Gateway Appliances
• Cisco IOS® Software on Cisco integrated service routers • Professional services that can help achieve PCI • Cisco IronPort Email Security Appliances
with firewall, VPN, and IPS compliance, and then help maintain a compliant state • Cisco ACE Web Application Firewall
• Unified Wireless Network with Cisco Wireless Control • Content Security on the Cisco ASA 5500 Series
• Cisco PCI Services from Cisco and from Cisco Security
Server (WCS), Wireless LAN Controller, and Aironet® 1100 Management
Specialized Partners include:
and 1200 Series Wireless Access Points • Cisco Security Monitoring, Analysis, and Response System
• Cisco PCI Gap Analysis Service
• Cisco Security Agent • Cisco Security Manager
• Cisco PCI Remediation Service • Cisco Secure Access Control System
• Cisco Security Monitoring, Analysis and Response System
• Cisco PCI Remote Monitoring and Management Service • Cisco Enterprise Policy Manager
(Cisco Security MARS)
• Cisco PCI Periodic Gap Analysis Service Switch Security
• Cisco TrustSec
Remote Location Internet Edge Main Office Network Management Center Solutions
Cisco • Compliance
Security Cisco • Cisco Virtual Office
CSA ACS Security
POS Agent (CSA) IronPort
Terminal Management Virtual Private Networks
POS Server
NAC • Site-to-Site VPNs
ASA 5500 • Remote-Access VPNs
WAP 7300 NCM/CAS EXIT
1200 Router ASA Putting It All Together
WAN CS-MARS
Switch ASA ISR ASA IPS
6500
Switch
Store WAP AXG

Worker PC CSA
WAF
CSA AXG
CSA Credit Card
Wireless E-commerce Storage
Device
Data Center
Requirement 1 Requirement 4 Requirement 7 Requirement 10

Solutions HOME
Compliance Contents
Security Appliances
• Reduces network complexity, expense, and risk of fines and • User-friendly and auditor-friendly PCI reports reduce audit Firewall
penalties by establishing a proven, PCI-validated architecture time and expense
• Provides organizations with a step-by-step approach toward • End-to-end integrated solution delivers stronger value
achieving PCI compliance beyond individual product benefits
End-Point Security
• Shows how customers can use their existing Cisco For more information, please visit: • Cisco Security Agent
investment http://www.cisco.com/go/compliance • Cisco Network Admission Control
Management
Switch Security
• Cisco TrustSec
Solutions
• Compliance
EXIT
Solutions HOME
Cisco Virtual Office Contents

The adoption of teleworking is increasing due to globalization, The Cisco Virtual Office architecture is ideal for home offices, • Cisco ASA 5500 Series Adaptive Security Appliances
rising fuel and energy prices, “green” initiatives, and the small branch offices, call centers, and mobile business partners Firewall
increase in collaboration applications for business and contractors.
communications. Cisco® Virtual Office:
• Enables businesses to extend their enterprise to the remote
workforce by providing data, voice, video, and wireless End-Point Security
mobility services in a centrally managed environment • Cisco Security Agent
• Addresses the security requirements of remote workers by
providing dedicated VPN, firewall, IPS, and content security
features on the integrated services router platform.
• Provides a seamless experience for remote workers and • Cisco ACE Web Application Firewall
teleworkers by providing the same IT services that employees • Content Security on the Cisco ASA 5500 Series
expect in a traditional corporate environment. Management
The following figure shows a Cisco Virtual Office deployment for a home office user. • Cisco Security Manager
The Network Enables: • Cisco Enterprise Policy Manager
• Office-caliber data, voice, and video services
Switch Security
• Integrated security extended to the remote user
• Scalable, low-cost VPN architecture
• Cisco TrustSec
Solutions
• Compliance
Cisco
CallManager
Remote VPN EXIT
Employee Routers Putting It All Together
Wireless LAN
Corporate
Campus
Internet
Headend Management
Solutions HOME
Cisco Virtual Office Contents

Security Appliances
Benefits for Employees Benefits for the Company • Cisco ASA 5500 Series Adaptive Security Appliances
• Increased schedule flexibility for improved work-life balance • Consistent security policy enforcement for better risk Firewall
mitigation
• Reduced costs and commute time Intrusion Prevention Systems
• Ease of management and the ability to scale IT
• Improved reliability and access to collaboration tools for Cisco Router Security
better productivity • Continuity of operations and business agility
End-Point Security
• Ease of use and setup • Cost savings associated with real estate, energy, and • Cisco Security Agent
operations • Cisco Network Admission Control
Unified • Talent attraction and retention Email, Web, and Content Security
Security Comunications For more information, please visit:
http://www.cisco.com/go/cvo
Management
Switch Security
• Cisco TrustSec
Solutions
• Compliance
Mobility Management • Remote-Access VPNs
EXIT
Virtual Private Networks HOME
Site-to-Site VPNs Contents

VPNs enable the deployment of fast, reliable, and secure • Cisco VPN solutions include: • Cisco ASA 5500 Series Adaptive Security Appliances
connectivity for remote offices, business partner locations, and • Cisco routers: Cisco’s most advanced site-to-site VPN Firewall
other branch sites. The data, voice, and video communications solution plus integrated remote-access, firewall, intrusion
between these locations are kept confidential across untrusted prevention system (IPS), and content security services
networks. Cisco offers a variety of VPN solutions that provide Cisco Router Security
• Cisco ASA 5500 Series: Cisco’s most advanced remote-
cost-effective and highly manageable secure connectivity. End-Point Security
access VPN solution, delivering integrated site-to-site VPN,
Cisco offers multiple VPN technologies, including IPsec VPN, • Cisco Security Agent
remote-access VPN, firewall, IPS, and content security
Dynamic Multipoint VPN (DMVPN), and Group Encrypted services
Transport VPN (GET VPN), integrated on a single platform, Email, Web, and Content Security
• Cisco Catalyst® 6500 Series: Cisco’s most scalable VPN
reducing equipment cost and management complexity. • Cisco Web Security Gateway Appliances
platform plus integrated firewall and IPS services • Cisco IronPort Email Security Appliances
Collectively, these solutions represent the most comprehensive
. • Cisco ACE Web Application Firewall
and scalable VPN portfolio in the industry. • Content Security on the Cisco ASA 5500 Series
• Cisco® VPN solutions provide integrated, threat-protected Management
VPN features that guard against malware and hackers • Cisco Security Monitoring, Analysis, and Response System
without the cost and complexity of deploying additional • Cisco Security Manager
security equipment. • Cisco Secure Access Control System
The following figure shows how Cisco site-to-site VPNs fit in the network Switch Security
Branch Office • Cisco TrustSec
Mobile Worker
Solutions
Main Office
• Compliance
Data Center Virtual Private Networks
Application • Site-to-Site VPNs
Servers
Cisco Unified
CallManager
EXIT
Secure Putting It All Together
Wireless Secure ASR
Cisco IOS
Router
Router Security
with VPN
with Site-to-Site
and Remote- CiscoUnity®
Access VPN System
Cisco Catalyst
Private 6500 Series VPN
WAN Cisco ASA
5500 Security
Internet Appliance
with IPsec
and SSL
Site-to-Site VPNs Contents

Security Appliances
• Site-to-site VPNs securely connect office locations utilizing For more information, please visit: Firewall
the Internet to decrease costs and increase flexibility. http://www.cisco.com/go/vpn
• Support for multiple VPN technologies from a single platform
reduces cost and complexity while enabling VPN services
that are customized for the deployment environment. End-Point Security
• Fully network-aware VPNs deliver any application, including • Cisco Network Admission Control
voice and video, to any location with a high level of integrity.
• Integrated threat-protection VPN services defend network • Cisco Web Security Gateway Appliances
threats without the need for additional security equipment. • Cisco IronPort Email Security Appliances
Management
Switch Security
• Cisco TrustSec
Solutions
• Compliance
EXIT
Remote-Access VPNs Contents

• Remote-access VPNs enable fast, reliable, and secure • Cisco VPN solutions include: • Cisco ASA 5500 Series Adaptive Security Appliances
connectivity to the corporate network from practically • Cisco ASA 5500 Series: Cisco’s most advanced remote- Firewall
anywhere, anytime, with any device. They allow secure access VPN solution, which delivers concurrent user
remote access to the corporate network based on user roles, scalability from 10 to 10,000 sessions, plus integrated site-
whether they are remote workers, employees, contractors, to-site VPN, firewall, intrusion prevention system (IPS), and Cisco Router Security
or business partners. Cisco offers a variety of VPN solutions, content security services End-Point Security
including IP Security (IPsec) and Secure Sockets Layer (SSL) • Cisco Security Agent
• Cisco routers: Cisco’s most advanced site-to-site VPN
VPN, that provide cost-effective and highly manageable • Cisco Network Admission Control
solution plus integrated remote-access, firewall, and IPS
remote connectivity. Email, Web, and Content Security
services
• Cisco® VPN technologies are integrated on a single platform, • Cisco Web Security Gateway Appliances
• Cisco Catalyst 6500 Series: Cisco’s most scalable VPN
®
reducing equipment cost and management complexity.
platform plus integrated firewall and IPS services • Cisco ACE Web Application Firewall
Collectively, these solutions represent the most
comprehensive and scalable VPN portfolio in the industry.
Management
• Cisco VPN solutions provide integrated threat protection that • Cisco Security Monitoring, Analysis, and Response System
guards against malware and hackers without the cost and • Cisco Security Manager
complexity of deploying additional security equipment. • Cisco Secure Access Control System
The following figure shows how Cisco remote-access VPNs fit in the network. Switch Security
Branch Office • Cisco TrustSec
Solutions
Main Office
• Compliance
Data Center Virtual Private Networks
Application • Site-to-Site VPNs
Servers • Remote-Access VPNs
Secure Cisco Unified
CallManager
EXIT
Wireless Putting It All Together
Cisco IOS
Router Security
with Site-to-Site
and Remote-
Access VPN CiscoUnity®
System
Private
WAN Cisco Catalyst
6500 Series VPN
Internet
Cisco ASA
5500 Security
Appliance
IPsec or with IPsec
SSL VPN and SSL
Mobile Worker
Remote-Access VPNs Contents

Security Appliances
• Remote-access VPNs increase productivity by extending • Remote-access VPNs support IPsec and clientless SSL VPN. Firewall
secure network access for remote workers, anytime, • Fully network-aware VPNs deliver any application, including Intrusion Prevention Systems
anywhere, and with any type of device, including PDAs, voice and video, to any location with a high level of integrity.
smartphones, public kiosks, personal laptops, and shared Cisco Router Security
• Integrated threat-protection services defend against viruses,
computers. Access can be customized according to user End-Point Security
spyware, and hackers traversing the VPN connection, without
roles, such as “day-extenders,” full-time employees, remote • Cisco Security Agent
the need for additional security equipment. • Cisco Network Admission Control
workers, contractors, or business partners.
• Clientless SSL VPNs provide simplified administration by
• Remote-access VPNs simultaneously support IPsec (remote- Email, Web, and Content Security
enabling remote-access connectivity through any Internet- • Cisco Web Security Gateway Appliances
access and site-to-site) and SSL VPN connectivity from a
enabled location with a standard web browser. • Cisco IronPort Email Security Appliances
single platform, reducing cost, complexity, and management • Cisco ACE Web Application Firewall
overhead while enabling VPN services customized for the For more information, please visit:
deployment environment. http://www.cisco.com/go/sslvpn
Management
Switch Security
• Cisco TrustSec
Solutions
• Compliance
EXIT
Putting It All Together HOME
The Cisco® Self-Defending Network provides the most This integrated, collaborative, and adaptive approach to security Contents
comprehensive, end-to-end approach to network security in provides comprehensive, in-depth defense and maximum risk
the industry. Our world-class solutions not only provide best- reduction, while lowering total cost of ownership, making it the
of-breed capabilities and features, but also provide a level of ideal choice for securing your networked environment. Security Appliances
security not available anywhere else, through:
Firewall
1. Integration: Critical security functions have been woven into
Cisco’s entire line of appliances and network devices, as Intrusion Prevention Systems
well as into all of our critical business applications and Cisco Router Security
services, such as unified communications and data center. End-Point Security
2. Collaboration: An additional layer of security is achieved • Cisco Security Agent
through unprecedented collaboration between security • Cisco Network Admission Control
and network devices, and between different security Email, Web, and Content Security
devices and solutions. • Cisco Web Security Gateway Appliances
3. Adaptability: The ability to identify a security event anywhere • Cisco IronPort Email Security Appliances
on the network, and share that information across the net-
work, allows Cisco solutions to dynamically adapt the net-
work’s overall security profile to real-time threats and events. Management
Branch Office Main Office • Cisco Secure Access Control System
Cisco Security MARS Cisco
Securite ACS Switch Security
Cisco Security
Manager • Cisco Catalyst 6500 Series Security Services Modules
• Cisco TrustSec
NAC Appliance
Solutions
• Compliance
Secure
Desktops Wireless
Secure WAN with Cisco Servers Virtual Private Networks
Router with Security with Cisco • Site-to-Site VPNs
Firewall Agent Guard Security Agent • Remote-Access VPNs
Catalyst EXIT
6500 Putting It All Together
Wide Area
Application Content Switching
Server
VPN ACE
Module WAF/AXG
Private Detector
WAN Cisco IronPort
S-series
Internet and C-series
FWSM IDS Module MDS 9000
with SME
Cisco ASA 5500

Security Appliance
with IPsec and SSL Desktops with Cisco Security Agent
Remote and Mobile Workers

Cisco Security Solutions: January 2009

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cisco Security Solutions: January 2009

Uploaded by

Copyright:

Available Formats

Quick Reference Guide

Cisco ASA 5500 Series Contents

Cisco ASA 5500

Overview Benefits Contents

Cisco Security Agent Contents

Private Critical Servers with

Desktops with Cisco Security Agent

Cisco Network Admission Control Contents

3b. Device is compliant

Cisco NAC Quarantine

Cisco Network Admission Control Contents

Cisco Web Security Contents

For more information, please visit:

Cisco IronPort Contents

Before IronPort After IronPort Solutions

Antivirus DLP Policy IronPort Email

Mail Routing Users Users

Cisco ACE Contents

Cisco ACE Web Cisco ACE Web

Content Security Contents

Cisco ASA 5500

Content Security Contents

Cisco Security Monitoring, Contents

Cisco Security Manager Contents

Cisco Secure Contents

Wireless Wired Remote

Cisco Enterprise Policy Manager Contents

Cisco Catalyst 6500 Series Contents

Cisco TrustSec Contents

Store WAP AXG

Requirement 1 Requirement 4 Requirement 7 Requirement 10

Cisco Virtual Office Contents

Cisco Virtual Office Contents

Site-to-Site VPNs Contents

Site-to-Site VPNs Contents

Remote-Access VPNs Contents

Remote-Access VPNs Contents

Cisco ASA 5500

You might also like