Professional Documents
Culture Documents
of the Firewall?
The Answer: Very Bright –
and Deployed Everywhere!
Old perimeter
Cloud applications Traditional Network: Personal devices
Endpoints, On-site
Users, Servers, Apps
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Is the perimeter dead?
Where do
we put security
controls??
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Cloud DNS as Multicloud SD-WAN Identity
Cisco’s security strategy evolution “Classic”
cometh added layer security and DIA and SDP
Internet
DMZ
NGFW (Firepower), SWG (Web Security Appliance)
CORE
Security Analytics
VPN (Stealthwatch)
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Cloud DNS as Multicloud SD-WAN Identity
Cisco’s security strategy evolution “Classic”
cometh added layer security and DIA and SDP
CLOUD EDGE
DMZ
NGFW, SWG
CORE
Security Analytics
VPN
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Cloud DNS as Multicloud SD-WAN Identity
Cisco’s security strategy evolution “Classic”
cometh added layer security and DIA and SDP
CLOUD EDGE
DNS/web-layer Security (Umbrella)
DMZ
NGFW, SWG
OFF-VPN
CORE
Security
VPN Analytics
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Cloud DNS as Multicloud SD-WAN Identity
Cisco’s security strategy evolution “Classic”
cometh added layer security and DIA and SDP
CLOUD EDGE
DNS/web-layer Security
DMZ
NGFW, SWG
OFF-VPN
CORE
Security
VPN Analytics
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Cloud DNS as Multicloud SD-WAN Identity
Cisco’s security strategy evolution “Classic”
cometh added layer security and DIA and SDP
CLOUD EDGE
Secure Internet Gateway with Cloud Firewall & SWG (Umbrella)
DMZ
NGFW, SWG
OFF-VPN
CORE Cloud-Managed Router
DIA (ISR + vManage) with
Security Enterprise Firewall, IPS
VPN Analytics SD-WAN
Malware Protection
Encrypted Traffic
Analytics, URL Filtering
(Multiple Cisco security
Roaming Campus Branch technologies)
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Cloud DNS as Multicloud SD-WAN Identity
Cisco’s security strategy evolution “Classic”
cometh added layer security and DIA and SDP
CLOUD EDGE
MFA & Device Visibility (Duo) Secure Internet Gateway
DMZ
Web, SSH SDP (Duo), NGFW, SWG
OFF-VPN
CORE
Security
VPN Analytics SD-WAN
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Network security: Our goal
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Consistent, world class
security controls
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Deeper More Better
data content security
We analyze massive
amounts of data —
19.7 billion threats
blocked daily 600 Billion 16 Billion 3.4 Billion
Email samples Web requests AMP queries
Our real-time
datasets are diverse,
global, and live 170 Billion 80 Million 12,000 160
Internet Daily active Enterprise Countries
requests users customers worldwide
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Lower Austria
Firefighters
Administration “We chose Cisco because
The largest firefighting administration of their seamless
in Austria with 300,000 employees
and firefighters integration of all security
Solution
products and to have a
• Cisco Firepower 2130 NGFWs with FTD
smaller vendor footprint.”
• Firepower Management Center
• Cisco AnyConnect Markus Durauer, Network Technology, CMS
Specialist, Lower Austria Firefighters
Outcomes
• Uncovered existing malware infections and
blocked immediately
• Stopped a zero-day attack on edge of
network
• Saved time on configuration; daily tasks
became easier
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Security controls…In every place you need them
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
WeControls...In
2. offer choice -the
security
placescontrols
you wherethem
need it
makes sense for your environment
Cloud Security Analytics
CASB Cloud Workload Protection
CLOUD EDGE
Secure Internet Gateway with Cloud Firewall & SWG (Umbrella)
DMZ
NGFW, SWG
OFF-VPN
CORE Cloud-Managed Router
DIA (ISR + vManage) with
Security Enterprise Firewall, IPS
VPN Analytics SD-WAN
Malware Protection
Encrypted Traffic
Analytics, URL Filtering
(Multiple Cisco security
Roaming Campus Branch technologies)
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
WeControls...In
2. offer choice -the
security
placescontrols
you wherethem
need it
makes sense for your environment
Cloud Security Analytics
CASB Cloud Workload Protection
FTDv
ASAv
SaaS Internet IaaS/PaaS Private Cloud
CLOUD EDGE
Secure Internet Gateway with Cloud Firewall & SWG (Umbrella)
Umbrella -SIG
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Umbrella–Secure Internet Gateway
Cloud-delivered SaaS usage
Firewall Controls/Data
Secure Web Loss Prevention
Gateway (CASB)
Correlated
DNS-layer Threat
Security Intelligence
Cisco
Umbrella
Secure Internet Gateway
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Demo #1
Umbrella
New Cisco SD-WAN security
Enterprise Firewall
Classification of +1400 layer 7 apps
ISR 1000 ISR 4000
Series Series
Intrusion Protection System
Most widely deployed IPS engine
in the world
URL-Filtering
vEdge ASR 1000 Web reputation score using
Series 82+ web categories
Cisco SD-WAN
vManage Powered by Viptela Simplified Cloud Security
ENCS Easy deployment of Cisco Umbrella
(ISRv) CSR
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Security controls…with unified policy and
threat visibility
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Cisco’s integrated security
solutions
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Cisco’s integrated security
solutions
Unified policy
Cisco Defense Orchestrator
(CDO)
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Cisco Defense Orchestrator (CDO)
Common capabilities across the network control point
Common
Common Policy Dedicated Appliance Elements
(CDO) (Firepower) Stealthwatch/CTA
TALOS
Network Embedded
(Meraki, ISR)
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Demo #2
CDO
Cisco’s integrated security solutions
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Cisco’s integrated security solutions
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Introducing Cisco Threat Response
Unleashing the power of the Cisco Integrated Security Architecture
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Demo #3
Cisco Threat Response
Cisco Threat Response in the real world
Join Cisco Security customers who are gaining value from it now
“I like quickly being able to see “You cannot hit a target you
infections on my network, and cannot see. Cisco Threat
this presents them in a really Response really simplifies
nice fashion…” security analysis...”
Security Operations lead at a Cyber Security Specialist
large manufacturing company at MSSP
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Unmatched breadth of portfolio
Customer Cisco
Security that works together SOC Threat Intel
NGFW
Software- (FIREPOWER) Security Analytics
Defined NAC (STEALTHWATCH)
Network (IDENTITY SERVICES UTM
(MERAKI MX) NGIPS
ENGINE) (FIREPOWER)
Web Security Incident
Response
(THREAT RESPONSE)
Auth/SSO
(DUO MFA)
Internet
User/ VPN RA and BYOD
EPP/EDR
Investigations
Device Visibility (AMP FOR ENDPOINTS)
Endpoint (ANYCONNECT)
(DUO ACCESS)
Email Security
(UMBRELLA
SDP INVESTIGATE)
(DUO BEYOND)
File
SIG/SWG Investigations
(UMBRELLA) (THREAT GRID)
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Cisco security leadership
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Network Security: Our goal
World class security In every place you With unified policy and
controls need them threat visibility
Snort, AMP, Talos FirePower, FTDv, Meraki MX, Cisco Defense Orchestrator,
ISR, Umbrella Cisco Threat Response
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
The FUTURE of the
FIREWALL is very
bright and it will be
deployed everywhere.
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Cisco Webex Teams
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session
How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
cs.co/ciscolivebot#INSSEC-2003
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Complete your online
session survey
• Please complete your Online Session
Survey after each session
• Complete 4 Session Surveys & the Overall
Conference Survey (available from
Thursday) to receive your Cisco Live T-
shirt
• All surveys can be completed via the Cisco
Events Mobile App or the Communication
Stations
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Continue Your Education
INSSEC-2003 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Thank you