Cisco Security Management Suite Cisco Security Manager Overview

EBC Presentation Presenter:

205523.Y_C97-60001-00

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

1

Self-Defending Network Defined
Efficient security management, control, and response

Policy–Based Management and Enforcement

Advanced technologies and security services to • Mitigate the effects of outbreaks • Protect critical assets • Ensure privacy

Threat Control and Containment

Secure Transactions

Confidential Communications

Security as an integral and fundamental network feature
Session Number 205523.Y_C97-60001-00 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved.

Secure Network Infrastructure

Cisco Confidential

2

Cisco Self-Defending Network:

Using the Network to Identify, Prevent, and Adapt to Threats

Integrated
Enabling every element to be a point of defense and policy enforcement

Collaborative
Collaboration among the services and devices throughout the network to thwart attacks

Adaptive
Proactive security technologies that automatically prevent threats

Session Number 205523.Y_C97-60001-00 Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

3

Cisco Security Management Suite Monitoring, Analysis, and Mitigation
How to control access to network assets… Who can do what

Identity

Branch

Too much meaningless raw data...

Analysis

Branch Data Center Branch Data Center SOHO Partner

Need to monitor Multivendor networks…

Monitoring

Patch Management
Image, inventory, signature…

Data Center

Partner

How to use network to eliminate threats…

Mitigation

How to rapidly deploy new policies…

Configuration

Session Number 205523.Y_C97-60001-00 Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

4

Cisco’s Security Management Evolution
From Network and Security Management Separate Vendor-Specific monitoring Device-Level Management Only Siloed Operations Teams Point Solutions for Configuration, Monitoring… To Managing Networks with Embedded Security Monitoring of Multi-Vendor System-Wide, End-to-End, Policy-Based Management Support of Integrated NetOps and SecOps Closed Loop Management

Session Number 205523.Y_C97-60001-00 Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

5

Cisco Security Management― Value Summary

Cisco® Management
• Best-of-breed applications which are integrated, collaborative and adaptive • Reduced TCO • Simplified service management • Integrated policy management and log monitoring • Greater visibility of threats • Set once, deploy network wide • Integrated SecOps and NetOps

Session Number 205523.Y_C97-60001-00 Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

6

Cisco Security Management Framework Vision
The Operational Framework

Network Access

SDN Security Solutions:

NAC

Clean Access

… … … … … …

Partners Configuration Management Monitoring, Mitigation
Identity Management

Anti-X

Outbreak prevention Intrusion Prevention CSA Desktop/Server

Policy

Vulnerability Assessment

Foundation

Firewall VPN SSL VPN

Identity/RoleBased Access

Patch Management

Auditing and Compliance

Data Archiving and Reporting

SDN Network Fabric:
ASDM Appliances
Session Number 205523.Y_C97-60001-00 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved.

SDM TIDP Routers

CVDM Switches Svc Modules

CSA MC End Points
Cisco Confidential 7

Today―Cisco Security Management Suite
Cisco® Security Manager
Simplified Policy Administration End-to-End Configuration Network wide or Device Specific
FABRIC

Cisco® Security Mars
Rapid Threat Identification and Mitigation Topology Awareness Data Correlation

• Integration to Cisco Secure Access Control Server
Role Based access control Privileged based access to management functionality

• With the Context of Auditing Services
Session Number 205523.Y_C97-60001-00 Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

8

Transition from CiscoWorks VMS
Cisco® Security Manager CS Manager
NEW

CiscoWorks VPN/Security Management Solution Firewall Management Center Router Management Center IDS Management Center Management Center for Performance Resource Manager Essentials Cisco Security Agent Management Center SecurityMonitor
ADVANCED SDN SOLUTIONS
FABRIC

CSA Manager

Cisco Security Monitoring, Analysis, and Response System CS MARS

Session Number 205523.Y_C97-60001-00 Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

9

Cisco Security Manager
Overview
Superior Usability
Administer policies visually on tables or topology map

VPN Administration
VPN Wizard setup site-to-site, hub-spoke, and full-mesh VPNs with a few mouse clicks Configure remote-access VPN, DMVPN, and Easy VPN devices

Centralized Policy Administration
Centrally provision policies for firewalls, VPNs, and IPS Very scalable Policy inheritance feature enables consistent policies across enterprise Powerful device grouping options

Jumpstart help: an extensive animated learning tool Flexible management views: • Policy-based • Device-based • Map-based • VPN Manager • IPS Manager • Deployment Manager

Firewall Administration

Configure policies for ASA, Cisco® PIX® FW, FW SM and Cisco IOS® Software Single rule table for all platforms Intelligent analysis of policies Sophisticated rule table editing Compresses the number of access rules required

IPS Administration
Automatic updates to the IPS sensors Support for outbreak prevention services

Session Number 205523.Y_C97-60001-00 Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

10

Security Management EBC

Cisco Security MARS
Overview
Visualization Reduced Complexity

Visualize attack paths and identify network hot spots Identifies valid incidents and minimizes false positives Higher network availability Identify day-zero attacks, reduce resolution time

Lower TCO Appliance based Simple to install solution

Multivendor
Powerful monitoring, analysis, response system Multivendor support Correlate events from multiple sources such as vulnerability assessment and NetFlow data to detect anomalies

Mitigation of Attacks

No hidden customization costs Simple licensing, no software agents

Mitigate attacks by isolating switch ports and applying ACLs closest to source Know “what, where, and how” of threats Leverage the intelligence in the network to enforce security policies

Session Number 205523.Y_C97-60001-00 Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

11

Cisco Security Management—Value Summary
Best of breed applications which are integrated, collaborative and adaptive

Differentiating Capability Policy abstraction, sharing and inheritance Domain-based policy enforcement through device abstraction Operations workflow

Value/Benefit Reduces complexity, do more with fewer resources—Reduce OPex Enforce policies based on organizational needs—Reduce Opex Enable collaboration between SecOps and NetOps—Advanced flexibility and control Faster deployment, ensure latest polices are on the device—Higher network availability Greater visibility of threats, faster problem isolation and remediation— Improved network resiliency
Cisco Confidential 12

Scaleable distributed deployment Security event log to policy lookup, real time event viewer
Session Number 205523.Y_C97-60001-00 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved.

Cisco Security Management Suite Cisco Security Manager

EBC Presentation Presenter:

205523.Y_C97-60001-00

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

13

Distributed Protection
• CS MARS detects an incident • CS Administrator updates a shared policy in one place • A single deploy to protect the network • Scale through use of distributed deployment using CNS Configuration Engine

CS MARS and CS Manager in Action
Protected
Branch Office Branch Office

Corporate LAN

Data Center

CNS-CE
4

1
Branch Office

3

Branch Office

CS-MARS

2

CS Manager

Session Number 205523.Y_C97-60001-00 Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

14

Cisco Security Configuration―Agenda
• Focuses on Configuration Management of Security Polices in the Network • Usability is Key
Provides multiple views to fit the operational needs Easy-to-use, visually appealing user interface Wizards to reduce complexity Advanced tools for the sophisticated user

• Core-Differentiating Concepts
Policy sharing and inheritance Domains-based policy enforcement Decision support workflow for NetOps/SecOps Rolls-based access control for scaled operations Distributed large-scale deployment
Session Number 205523.Y_C97-60001-00 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

15

Cisco Security Manager
• Feature Rich front-end • Different views for different administration preference
Device View Topology View Policy View

CS Manager

“It Has to be Easy to Use and Flexible”
Topology View

Policy View

• Unified security service management independent of the enforcing device
Firewall, VPN, IPS…

Device View

• Supporting ASA, PIX, IPS Sensors, ISR’s and Catalyst Service modules
Session Number 205523.Y_C97-60001-00 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

16

CS Manager

Device-Centric View

• Start with single device • Clone and replicate • Rapidly deploy the device settings

Session Number 205523.Y_C97-60001-00 Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

17

CS Manager

Policy-Centric View

• Centralized policy management • Powerful scalability via inheritance, reuse, assignment, and sharing

Session Number 205523.Y_C97-60001-00 Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

18

CS Manager

Topology-Centric View
• Put devices on customizable maps, image backdrops • Build VPNs with right click • Launch FW rules and configure • Build maps-within-maps to scale

Session Number 205523.Y_C97-60001-00 Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

19

CS Manager

VPN―Wizard-based Configuration
• Wizard-based configuration • Three steps to create a VPN!!
  Choose   Choose VPN topology and technology participants protected traffic if needed

  

  Customize

Session Number 205523.Y_C97-60001-00 Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

20

Multiple VPN Topologies

CS Manager

Site-to-site, DMVPN, RA VPN, EzVPN

Session Number 205523.Y_C97-60001-00 Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

21

CS Manager

Power Tools: Config Archive, FlexConfig

• Retrieve and compare delta configs for deployment • Ability to roll-back to “golden” or “last-known good” configuration • Compare between previously deployed configurations

Session Number 205523.Y_C97-60001-00 Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

22

Power Tools―FlexConfig
FlexConfig • Convert custom CLI to polices • Powerful mechanism to enable feature velocity • Rapidly add device new feature support
Users can create custom CLI and deploy as jobs to device(s)

Session Number 205523.Y_C97-60001-00 Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

23

Going Beyond Ease of Use and Flexibility
• Scaling to many hundreds of remote sites • Setting corporate rules and providing best-practice guidelines • Reducing the complexity of different device classes • Enabling SecOps and NetOps to work together • Controlling who can do what on which device • Efficiency in distributing changes to always on and intermittently on devices

Session Number 205523.Y_C97-60001-00 Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

24

Policy-Sharing and Inheritance Model
What is it? • Decoupled devices form polices Example: • Share common policies across device groups for:
Branch firewall Site-to-site VPN Device administration Remote Branch
Policy

CS Manager

“Scaleable Policy Definition; Set Once, Deploy to Many”
Remote Branch
Policy

Policy

• Corporate mandatory policies:
No Napster traffic, period Allow SSH, SSL Remote Branch Optionally Override Central Policy at Local Level

Benefit: • Reduced complexity for administrators • Do more with less resources
Session Number 205523.Y_C97-60001-00 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

25

Domain-Based Policy Enforcement
Interface Groups • Interfaces related to a domain • User customizable Example • Define policy to control traffic between domains Benefit • Enforce policies based on organizational needs
Marketing

CS Manager CS Manager

“Fine-Grain Control of What Traffic Flows Where”

Engineering


Sales

Session Number 205523.Y_C97-60001-00 Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

26

Workflow

CS Manager

“Enable Different Management Teams to Work Together”
What Is It? • Structured process for change management that complements your operational environment Example • Who can set policies • Who can approve them • Who can approve deployment and when • Who can deploy them Benefit • Enables teamwork and collaboration between NetOps and SecOps • Provides scope of control
Session Number 205523.Y_C97-60001-00 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved.

Security Operations
Policy Definition Undo Create/Edit Policy Review/ Submit Approve/ Commit

Generate/ Submit Job

Approve Job

Deploy

Network Operations
Policy Deployment

Rollback

Firewall, VPN, and IPS Services

Cisco Confidential

27

Role-Based Access Control
What Is It? • Authenticates admin access to management system • Determine who has access to specific devices and policy functions Example • Verifies admin and associates them to specific roles as to who can do what Benefit • Enable delegation of admin tasks to multiple operators • Provides appropriate separation of ownership and controls
Session Number 205523.Y_C97-60001-00 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved.

CS-Manager

Cisco IOS® Software Cisco® PIX® and ASA S/W

AAA

CS-ACS
Home Office

Remote Access

Cisco Confidential

28

Scalable Distributed Deployment
What Is It? • Simplified distributed deployment method for 1000s remote devices Example • Update large numbers of remote firewalls, which may have dynamic addresses, intermittent links, or NAT addresses • Update both configurations and software images • Devices self updated whenever they come online • Scales through Web technologies Benefit • Helps customers with 1000s of teleworkers and remote locations with minimal technical staff at the remote site Update Appliance CNS-CE DMZ Extranet Self-Managed ROBO Telecommuter

Internet

Enterprise INTRAnet
Update Servers CNS-CE

Session Number 205523.Y_C97-60001-00 Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

29

Cisco Security Management Suite Monitoring, Analysis, and Mitigation
How to control access to network assets… Who can do what

Identity

Too much meaningless raw data...

Analysis

Branch Partner

Branch Data Center Data Center

Need to monitor multivendor networks…

Monitoring

Branch

Patch Management
Image, inventory, signature…

Data Center

Partner

SOHO

How to use network to eliminate threats…

Mitigation

How to rapidly deploy new policies…

Configuration

Session Number 205523.Y_C97-60001-00 Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

30

CS MARS

Cisco Security MARS
Firewall Log IDS Event Firewall Cfg. NAT Cfg. Netflow Server Log AV Alert App Log VA Scanner

• Gain Network Intelligence
Topology, Traffic Flow, Netflow Analysis

Switch Log Switch Cfg. Router Cfg.

• ContextCorrelation™
Correlates, reduces, and categorizes events Validates incidents

. . .

Isolated Events

Rules Verify

Release 4.2 • Log data to policy lookup • Low latency, real-time event viewer • Relayed syslog handling • Ticketing system integration via XML Incident Notification

Valid Incidents

Session Number 205523.Y_C97-60001-00 Presentation_ID

Re du ctio n
31

• Extensive Reporting on Events

Sessions

on lati rre Co

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

CS Manager

Cisco Security MARS

Session Number 205523.Y_C97-60001-00 Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

32

CS MARS―CS Manager Policy Lookup View Resultant Rule Table

CS Manager

Aha, there is a permit rule from source 10.1.10.1 to any for IP. Better make the correction over in CS Manager and deploy to the device.

• Integrating the log and policy views for fast remediation • XML-based external integration of incidents
Session Number 205523.Y_C97-60001-00 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

33

The Value of Cisco’s Security Management Suite
Best-of-Breed Applications: Integrated, Collaborative and Adaptive
Management of an Integrated Security Fabric
• Workflow to allow NetOps and SecOps to collaborate • Integration with NetFlow data • Integrates network and security management components • Better identification of day-zero attacks • Reduced resolution time • Mitigation recommendations • Identify best choke points • Single app for mgmt of FW, VPN, IPS and network • Shared device database • Collaboration between provisioning, monitoring, mitigation, and identity • Leverage investment in Cisco based network • Preserves investment in other non-Cisco point solutions, multi-vendor nature of our monitoring solution
Cisco Confidential 34

Higher Network Availability Through Faster Threat Mitigation

Reduced Complexity Through Integrated Management

Investment Preservation

Session Number 205523.Y_C97-60001-00 Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Session Number 205523.Y_C97-60001-00 Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

35