Protegendo sua Rede

Sergio Dias Systems Engineer CCIE DC #47837

Fabiane Paulino Consulting Systems Engineer

Legacy  Security:  Costly  &  Complex  

Siloed  

Inefficient  

Manual  

Limited  integra,on,  security  gaps  

Hard-­‐coded  processes  

Over-­‐provisioned,  sta,c  and  slow  

•  $  400  Millions  the  es?mated  financial  loss  in  2015  with  breachs  

•  98%  stemmed  from  External  Agents    •  81%  u?lized  some  form  of  Hacking  •  69%  incorporated  Malware    •  96%  of  aPacks  Not  Highly  Difficult  

     

*  Verizon  2015  Data  Breach  Inves?ga?on  Report    

 

Cisco’s  Threat-­‐Centric  Security  Model  

Network   Endpoint   Mobile   Virtual   Cloud  

DURING Detect Block

Defend

AFTER Scope

Contain Remediate

BEFORE Discover Enforce Harden

Advanced  Malware  Protec?on  VPN  Firewall   NGIPS   DDoS  

Policy  Management  Applica?on  Control  

Secure Access + Identity Services

Malware  Sandboxing  Web  Security  

Email  Security   Network  Behavior  Analysis  

Security  Services  

4 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Corp Network

Global Orchestration

5 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Corporate HQ

Partners Guests

...

6 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Branches / Home Office

7 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Partners Guests

Network Security Challengers Distributed Network, Compliance and Control

Grant and Control access to Corporate Devices, Guests Devices and BYOD Devices.

Compliance.

Borderless network (wireless, wired and VPN) keeping the same level of access and control. Distributed network (Datacenter, Stores and Remote Locations, HQ and Remote Users).

Employees ...

Grant and Control access to Employees, Partners and Guests.

Compliance.

Keep track and have visibility over all users, devices, applications and vulnerabilities on the network.

Protect the network against security events and advanced threats.

8 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Access Control Consistent Secure Access Policy Across Wired, Wireless and VPN

Guests

BYOD Corporate and Partners

SSID: Guest

SSID: Corporate

Authentication Users and Devices

Cisco ISE

Onboarding (Portals)

Access Enforcement

Traffic Analysis

AD, LDAP, RADIUS or Local Database

Rest API

Full Reports

Corporate

Corporate and Partners

Corporate and Partners How

What Who

Where When

9 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Cisco pxGrid Context Sharing

FirePower NGIPS

ASA and ASA with FP Services

Stealth Watch WSA

FirePower Threat Defense

Cisco ISE

pxGrid

User Identity User, Location IP,

Device Type and SGT Tag

10 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

FirePower and ISE Integration Fire&ISE pxGrid

11 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

WSA and ISE Integration WSA&ISE pxGrid

12 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Corp Network

Global Orchestration

13 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

New Features

Sourcefire FirePOWER

Cisco ASA

Converged Software – Firepower Threat Defense (FTD)

14 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Total Visibility

Web

WWW

Endpoints Network Email Mobile

Cloud

FTD - Centralized Management Web, Multi-Tenant, Full Visibility

15 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Corp Network

Global Orchestration

16 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Q&A

17 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Thank you!!