SlideShare une entreprise Scribd logo

From Physical to Virtual to Cloud

Cisco Security
Cisco Security

Take a deep dive into 3 important deployment types for Cisco Security.

Technologie
1  sur  36
Mike Nielsen Senior Director Security February 7, 2012 © 2012 Cisco and/or its affiliates. All rights reserved. 1
Cisco Data Center Technology Physical Deployment Use Cases Virtual and Cloud Deployment Use Cases © 2012 Cisco and/or its affiliates. All rights reserved. 2
NEARLY MORE THAN 2000% 50% increase in application traffic of business-critical applications and network connections per will be virtualized by 2013 second required for inspection by 2015 Rapidly losing visibility of business-critical traffic © 2012 Cisco and/or its affiliates. All rights reserved. 3
1. vMotion moves VMs across physical ports—the network policy must follow vMotion (across racks, PODS, DCs) 2. Must view or apply network/security policy to Port locally switched traffic Group 3. Need to maintain segregation of duties while ensuring Security non-disruptive operations Admin Server Admin Network Admin © 2012 Cisco and/or its affiliates. All rights reserved. 4
PHYSICAL VIRTUAL CLOUD WORKLOAD WORKLOAD WORKLOAD • One app per server • Many apps per server • Multi-tenant per server • Static • Mobile • Elastic • Manual provisioning • Dynamic provisioning • Automated scaling HYPERVISOR VDC-1 VDC-2 CONSISTENCY: Policy, Features, Security, Management Switching Nexus 7K/5K/3K/2K Nexus 1000V, VM-FEX Security ASA 5585, ASA SM, IPS VSG, ASA 1000V Compute UCS for Bare Metal UCS for Virtualized Workloads * Virtual only, ** Announced © 2012 Cisco and/or its affiliates. All rights reserved. 5
Security needs to scale to the transaction SCALABLE or throughput requirements of today’s SECURITY applications PHYSICAL & Security must provide consistent policy VIRTUAL enforcement across hybrid environments Security deployments must enable BUSINESS business agility through the unification of CONTEXT business and technology policies © 2012 Cisco and/or its affiliates. All rights reserved. 6
Segment resources Ensure maximum logically and CPU utilization physically by tenant and VM mobility or risk class © 2012 Cisco and/or its affiliates. All rights reserved. 7
Firewall Segmentation Fabric Segmentation Stateful/reflective ACL UCS Fabric Interconnect Multi-context VPN TrustSec Context-Aware Segmentation Network Segmentation Security Group Tags (SGT) Physical Security Exchange Protocol (SXP) Virtual (VLAN, VRF) Security Group ACL Virtualized (Zones) © 2012 Cisco and/or its affiliates. All rights reserved. 8
© 2012 Cisco and/or its affiliates. All rights reserved. 9
ASA Firewall at Data Center Speeds ASA 5585-SSP60 80 40 Gbps Firewall 20 MM Connections 10 700,000 350,000 CPS ASA 5585-SSP40 40 20 Gbps Firewall ASA 5585-SSP20 8 4 MM Connections 20 10 Gbps Firewall 400,000 CPS Connections 4 MM 2 200,000 CPS ASA 5585-SSP10 Connections 8 4 Gbps Firewall 250,000 125,000 CPS 2 1 MM ASA Services Connections Module 100,000 CPS 50,000 CPS 80 20 Gbps Firewall 40 10 MM Connections 1.2 MM CPS 300,000CPS Campus Data Center © 2012 Cisco and/or its affiliates. All rights reserved. 10
Assured Protection for High-performance Data Centers Next-generation firewall at 700% Higher Performance data center speeds • Clusters managed as a single logical device Density • 320 Gbps firewall & 80 Gbps IPS throughput • 1 million connections per 84% Less Power second • 50 million concurrent sessions Consumption • Pay as you grow Integrated identity, content 87% Percent Less and application security Fully IPv6 compliant for coming wave of mobile Rack Space application access © 2012 Cisco and/or its affiliates. All rights reserved. 11
Assured Protection for High-performance Data Centers 400% Highest IPS performance density • 10 Gbps IPS throughput Higher Performance Density • 100,000 connections per second 75% Less Power • Expandable 2RU chassis Context-aware attacker, Consumption victim, and attack visibility 50% Less Rack Space Backed by Cisco Security Intelligence Operation (SIO) for the highest level of attack identification and mitigation © 2012 Cisco and/or its affiliates. All rights reserved. 12
Cisco® ASA 5585-X v9.0 with Clustering Capability* • Two to eight ASAs supported per cluster (same model and DRAM) • Both routed (L3) and transparent (L2) firewall modes supported • Cluster performance = 60-70 percent of combined throughput and connections (traffic- dependent) ASA CLUSTERING AT CONTROL PLANE • One master syncs configuration to all members • Minimum one cluster control interface for the cluster control plane • Site-to-site VPN support Not supported in cluster mode: SSL/IPSEC RA VPN, VPN LB, Botnet Traffic Filter, DHCP capabilities, WCCP, Unified Communications features, ASA-CX SSP, specific applications inspection. * Clustering is supported on ASA 5585, 5580 and ASA SM ASA Clustering at Data Plane © 2012 Cisco and/or its affiliates. All rights reserved. 13
Cisco Catalyst 6500 as Services Switch ® • ASA SM for Catalyst 6500 • Etherchannel Integration with Cisco Nexus 7K/vPC ® • 6500 supports Link Aggregation Control Protocol (LACP), IEEE 802.3ad standard • Traffic forwarded using service- specific VLANs • Each port-channel supports up to eight active and eight standby links © 2012 Cisco and/or its affiliates. All rights reserved. 14
System Dashboard © 2012 Cisco and/or its affiliates. All rights reserved. 15
Integrated Identity Security Context AAA Directory Infrastructure Agent Mark Data Center and Cloud AnyConnect IDFW DMZ John ASA Identity Firewall © 2012 Cisco and/or its affiliates. All rights reserved. 16
AD/LDAP Identity • Non-auth-aware apps NTLM • Any platform Kerberos • AD/LDAP credential TRUSTSEC Network Identity Secure Group Tags on ASA User Authentication IP Surrogate • Auth-Aware Apps AD Agent • Mac, Windows, Linux • AD/LDAP user credential © 2012 Cisco and/or its affiliates. All rights reserved. 17
TrustSec lets you define policy in Context Classification meaningful business terms Business Policy TAG Security Group Tag Destination HR Database Prod CRM Storage Source VD HR Users X X Distributed Enforcement in DC VPN HR User X X X IT Ops ASA DC Switch Test Server Test-ACL X Filtering Physical and Virtual Servers in Data Center © 2012 Cisco and/or its affiliates. All rights reserved. 18
Integrated Identity Security SGT (6) mktg-servers SGT (9) HR-servers ISE SGT=06 Packet SGT=09 Packet Security Xchange Protocol © 2012 Cisco and/or its affiliates. All rights reserved. 19
• Users assigned with a security group tag • Contextual access control is now possible • Cisco Nexus® 7000 enforces group policy at the DC edge • Cisco® ASA 5585-X v9.0 support SXP security group tags in policy • Example usage: access to VDI service in DC © 2012 Cisco and/or its affiliates. All rights reserved. 20
Delivers protections months ahead of the threat 0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 Cisco SIO WWW Email Devices Web CWS IPS AnyConnect Zero-day detection WWW Actions Information IPS Networks Endpoints ESA ASA WSA Reputation-based Visibility protection Control 1.6M global sensors 3 to 5 minute updates 75TB data received per day Consistent 5,500+ IPS signatures produced 150M+ deployed endpoints 8M+ rules per day enforcement 35% worldwide email traffic 200+ parameters tracked 13B web requests 70+ publications produced © 2012 Cisco and/or its affiliates. All rights reserved. 21
Proving SIO - Global Correlation White Paper http://www.cisco.com/en/US/products/ps12156/prod_white_papers_list.html Figure 4. Sensor at Industrial Supplies Distributor (IND-2) Figure 2. Sensor at Bank (BNK-1) © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2012 Cisco and/or its affiliates. All rights reserved. 23
Unified Firewall Policies in Virtual and Cloud Environments Unmatched Deployment Consistent Policies Flexibility • Common ASA configuration for physical, virtual and cloud deployments Lowest Operational VM Firewall Scalability Complexity • Single Instance secures up to 64 ESX hosts • Limitless VMs for SP and Enterprise Enhanced Network Scalability Unified Fabric Security • Integrates with the Nexus 1000V Series switch • Complements zone-based security capabilities of the Cisco Virtual Security Gateway) © 2012 Cisco and/or its affiliates. All rights reserved. 24
Features and Capabilities Built using Cisco ASA IPsec VPN (site to site) infrastructure NAT Interoperability with Cisco VSG DHCP through service chaining Default gateway VXLAN gateway Static routing Stateful inspection Multi-tenant management Through Cisco VNMC IP audit © 2012 Cisco and/or its affiliates. All rights reserved. 25
Zone 1 Zone 2 • The zones used define policy enforcement • Unique policies and traffic decisions applied to each zone • Physical infrastructure mapped Steer VM traffic to virtual context per zone: • VRF • Virtual context • Merging physical and virtual vPath Virtual Switch Segment pools of vPath Virtual Switch infrastructure vSphere blade resources per vSphere zone © 2012 Cisco and/or its affiliates. All rights reserved. 26
VSG Zone-based intratenant Cisco Nexus 1000V ® segmentation of VMs Cisco ASA 1000V ® Virtual Service Nodes vPATH Nexus 1000V Hypervisor Ingress/egress multitenant edge deployment vCenter Nexus 1 KV VNMC Server Network Security Admin Admin Admin © 2012 Cisco and/or its affiliates. All rights reserved. 27
Virtual Security Gateway: Zone Firewall for Cisco Nexus® 1000V • Control inter-VM traffic to address new blind spot • Support dynamic VM provisioning VM-to-VM traffic VM-to-VM traffic • Transparent VM mobility enforcement • Policy based VLAN-agnostic operation • Administrative separation of duties; App App App App server, network, and security` OS OS OS OS © 2012 Cisco and/or its affiliates. All rights reserved. 28
SECURING VM-VM TRAFFIC Aggregation ERSPAN DST IDS ID:2 Virtual Sensor 1 IDS ID:1 Virtual Sensor 2 Zone B Zone C monitor session 1 type erspan-source VDC VDC description N1k ERSPAN – session 1 vApp monitor session 3 type erspan-destination description N1k ERSPAN to IDS Virtual Sensor 1 VSG VSG vApp monitor session 2 type erspan-source description N1k ERSPAN –session 2 monitor session 4 type erspan-destination description N1k ERSPAN to IDS Virtual Sensor 2 vPath Cisco® Nexus 1000V © 2012 Cisco and/or its affiliates. All rights reserved. vSphere 29
Tenant A Tenant A’ (clone) VM 1 VM 2 VM 1 VM 1 VM 2 VM 1 VM 3 VM 1 VM 3 VM 1 ASA 1000V ASA 1000V Virtualized Servers External Network • Multizone tenant cloning while keeping overlapping IP addresses • Isolate overlap IPs with dynamic Network Address Translation (NAT) while connected to the external network © 2012 Cisco and/or its affiliates. All rights reserved. 30
Proven Cisco Security…Virtualized vCenter • Physical – virtual consistency Virtual Network Management Center (VNMC) Tenant B Collaborative Security Model Tenant A VDC VDC • VSG for intra-tenant secure zones vApp • ASA 1000V for tenant edge controls VSG VSG VSG vApp Seamless Integration • With Nexus 1000V & vPath VSG ASA 1000V ASA 1000V Scales with Cloud Demand vPath • Multi-instance deployment for Nexus 1000V horizontal scale-out deployment Hypervisor © 2012 Cisco and/or its affiliates. All rights reserved. 31
Tenant A Tenant B VM 1 VM 2 VM 1 VM 1 VM 2 VM 1 VM 3 VM 1 VM 3 VM 1 ASA 1000V ASA 1000V Virtualized Servers • VMs are quickly brought up and down in virtual environments • ASA 1000V DHCP capability used to assigns dynamic IPs to new VMs © 2012 Cisco and/or its affiliates. All rights reserved. 32
Physical Data Center DC Security Cisco Validated Designs Virtual Data Center Virtualized Multiservice Data Center (VMDC) © 2012 Cisco and/or its affiliates. All rights reserved. 33
End-to-End Security for Hybrid Infrastructure Physical Virtual and Cloud Physical Appliances and Modules Cloud Firewall Cisco Multi-Scale™ data center-class Enhanced cloud security Cisco® ASA devices Cisco ASA Cisco Catalyst® 6500 Cisco VSG Cisco ASA 1000V 5585-X Series ASA Services Cloud Firewall Module • Scalable in-line performance • Proven firewall to secure your cloud • Data center-edge security policies • Policies specific to the tenant edge to the virtual machine • Flexible deployment options • Automated, policy-based provisioning © 2012 Cisco and/or its affiliates. All rights reserved. 34
• Always-on, security that is integrated into the network fabric • End-to-end security solutions for Physical physical and virtual environments • Context-aware security to Cloud differentiate risk from random • Services to enable pervasive security across the infrastructure, within, and between clouds Virtual © 2012 Cisco and/or its affiliates. All rights reserved. 35
Thank you. © 2012 Cisco and/or its affiliates. All rights reserved. 36

Recommandé

Defending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationDefending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationCisco Security
 
Data Center Security Now and into the Future
Data Center Security Now and into the FutureData Center Security Now and into the Future
Data Center Security Now and into the FutureCisco Security
 
How SASE can help you move securely from the PSN with VMware and Breeze Networks
How SASE can help you move securely from the PSN with VMware and Breeze NetworksHow SASE can help you move securely from the PSN with VMware and Breeze Networks
How SASE can help you move securely from the PSN with VMware and Breeze NetworksArticulate Marketing
 
Security as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentSecurity as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentKaashivInfoTech Company
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data CenterCisco Canada
 
Monetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless NetworksMonetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless NetworksCisco Service Provider Mobility
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Strategy Cloud and Security as a Service
Strategy Cloud and Security as a ServiceStrategy Cloud and Security as a Service
Strategy Cloud and Security as a ServiceAberla
 

Recommandé

Defending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationDefending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationCisco Security
 
Data Center Security Now and into the Future
Data Center Security Now and into the FutureData Center Security Now and into the Future
Data Center Security Now and into the FutureCisco Security
 
How SASE can help you move securely from the PSN with VMware and Breeze Networks
How SASE can help you move securely from the PSN with VMware and Breeze NetworksHow SASE can help you move securely from the PSN with VMware and Breeze Networks
How SASE can help you move securely from the PSN with VMware and Breeze NetworksArticulate Marketing
 
Security as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentSecurity as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentKaashivInfoTech Company
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data CenterCisco Canada
 
Monetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless NetworksMonetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless NetworksCisco Service Provider Mobility
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Strategy Cloud and Security as a Service
Strategy Cloud and Security as a ServiceStrategy Cloud and Security as a Service
Strategy Cloud and Security as a ServiceAberla
 
Cisco Meraki Overview
Cisco Meraki OverviewCisco Meraki Overview
Cisco Meraki OverviewSSISG
 
Cisco Meraki Portfolio Guide
Cisco Meraki Portfolio GuideCisco Meraki Portfolio Guide
Cisco Meraki Portfolio GuideMaticmind
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaWise Pacific Venture
 
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks
 
Vfm palo alto next generation firewall
Vfm palo alto next generation firewallVfm palo alto next generation firewall
Vfm palo alto next generation firewallvfmindia
 
Safe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsSafe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsASBIS SK
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Trend Micro
 
IT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersIT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersCisco Mobility
 
The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)F5 Networks
 
Netpluz corp presentation 2020
Netpluz corp presentation 2020Netpluz corp presentation 2020
Netpluz corp presentation 2020Netpluz Asia Pte Ltd
 
Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Sean Xie
 
BIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionBIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionF5 Networks
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2JD Sherry
 
Meraki Cloud Wireless Lan
Meraki Cloud Wireless LanMeraki Cloud Wireless Lan
Meraki Cloud Wireless LanChikPea
 
Navigating the Zero Trust Journey for Today's Everywhere Workplace
Navigating the Zero Trust Journey for Today's Everywhere WorkplaceNavigating the Zero Trust Journey for Today's Everywhere Workplace
Navigating the Zero Trust Journey for Today's Everywhere WorkplaceIvanti
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep securityTrend Micro
 
Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Amazon Web Services
 
Cisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For YouCisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For YouCisco Canada
 
Meraki overview sales deck inside sales
Meraki overview sales deck inside salesMeraki overview sales deck inside sales
Meraki overview sales deck inside salesHaffizulla Rahman
 
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...Nur Shiqim Chok
 
2013 Cisco Annual Security Report
2013 Cisco Annual Security Report2013 Cisco Annual Security Report
2013 Cisco Annual Security ReportCisco Security
 
Enterprise Strategy Group: Security Survey
Enterprise Strategy Group: Security SurveyEnterprise Strategy Group: Security Survey
Enterprise Strategy Group: Security SurveyCisco Security
 

Contenu connexe

Tendances

Cisco Meraki Overview
Cisco Meraki OverviewCisco Meraki Overview
Cisco Meraki OverviewSSISG
 
Cisco Meraki Portfolio Guide
Cisco Meraki Portfolio GuideCisco Meraki Portfolio Guide
Cisco Meraki Portfolio GuideMaticmind
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaWise Pacific Venture
 
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks
 
Vfm palo alto next generation firewall
Vfm palo alto next generation firewallVfm palo alto next generation firewall
Vfm palo alto next generation firewallvfmindia
 
Safe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsSafe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsASBIS SK
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Trend Micro
 
IT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersIT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersCisco Mobility
 
The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)F5 Networks
 
Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Sean Xie
 
BIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionBIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionF5 Networks
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2JD Sherry
 
Meraki Cloud Wireless Lan
Meraki Cloud Wireless LanMeraki Cloud Wireless Lan
Meraki Cloud Wireless LanChikPea
 
Navigating the Zero Trust Journey for Today's Everywhere Workplace
Navigating the Zero Trust Journey for Today's Everywhere WorkplaceNavigating the Zero Trust Journey for Today's Everywhere Workplace
Navigating the Zero Trust Journey for Today's Everywhere WorkplaceIvanti
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep securityTrend Micro
 
Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Amazon Web Services
 
Cisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For YouCisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For YouCisco Canada
 
Meraki overview sales deck inside sales
Meraki overview sales deck inside salesMeraki overview sales deck inside sales
Meraki overview sales deck inside salesHaffizulla Rahman
 
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...Nur Shiqim Chok
 

Tendances (20)

Cisco Meraki Overview
Cisco Meraki OverviewCisco Meraki Overview
Cisco Meraki Overview
 
Cisco Meraki Portfolio Guide
Cisco Meraki Portfolio GuideCisco Meraki Portfolio Guide
Cisco Meraki Portfolio Guide
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, Indonesia
 
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
 
Vfm palo alto next generation firewall
Vfm palo alto next generation firewallVfm palo alto next generation firewall
Vfm palo alto next generation firewall
 
Safe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsSafe Net: Cloud Security Solutions
Safe Net: Cloud Security Solutions
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
 
IT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersIT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leaders
 
The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)
 
Netpluz corp presentation 2020
Netpluz corp presentation 2020Netpluz corp presentation 2020
Netpluz corp presentation 2020
 
Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019
 
BIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionBIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall Solution
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2
 
Meraki Cloud Wireless Lan
Meraki Cloud Wireless LanMeraki Cloud Wireless Lan
Meraki Cloud Wireless Lan
 
Navigating the Zero Trust Journey for Today's Everywhere Workplace
Navigating the Zero Trust Journey for Today's Everywhere WorkplaceNavigating the Zero Trust Journey for Today's Everywhere Workplace
Navigating the Zero Trust Journey for Today's Everywhere Workplace
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep security
 
Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro
 
Cisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For YouCisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For You
 
Meraki overview sales deck inside sales
Meraki overview sales deck inside salesMeraki overview sales deck inside sales
Meraki overview sales deck inside sales
 
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
 

En vedette

2013 Cisco Annual Security Report
2013 Cisco Annual Security Report2013 Cisco Annual Security Report
2013 Cisco Annual Security ReportCisco Security
 
Enterprise Strategy Group: Security Survey
Enterprise Strategy Group: Security SurveyEnterprise Strategy Group: Security Survey
Enterprise Strategy Group: Security SurveyCisco Security
 
Cisco 2015 Midyear Security Report Slide Deck
Cisco 2015 Midyear Security Report Slide DeckCisco 2015 Midyear Security Report Slide Deck
Cisco 2015 Midyear Security Report Slide DeckCisco Security
 
Infographic: Security for Mobile Service Providers
Infographic: Security for Mobile Service ProvidersInfographic: Security for Mobile Service Providers
Infographic: Security for Mobile Service ProvidersCisco Security
 
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...Cisco Security
 
Cisco ISE Reduces the Attack Surface by Controlling Access
Cisco ISE Reduces the Attack Surface by Controlling AccessCisco ISE Reduces the Attack Surface by Controlling Access
Cisco ISE Reduces the Attack Surface by Controlling AccessCisco Security
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Security
 
McAllen Intermediate School District
McAllen Intermediate School DistrictMcAllen Intermediate School District
McAllen Intermediate School DistrictCisco Security
 
Midsize Business Solutions: Cybersecurity
Midsize Business Solutions: CybersecurityMidsize Business Solutions: Cybersecurity
Midsize Business Solutions: CybersecurityCisco Security
 
Integrated Network Security Strategies
Integrated Network Security StrategiesIntegrated Network Security Strategies
Integrated Network Security StrategiesCisco Security
 
Balance Data Center Security and Performance
Balance Data Center Security and PerformanceBalance Data Center Security and Performance
Balance Data Center Security and PerformanceCisco Security
 
Data Center Security Challenges
Data Center Security ChallengesData Center Security Challenges
Data Center Security ChallengesCisco Security
 
A Reality Check on the State of Cybersecurity
A Reality Check on the State of CybersecurityA Reality Check on the State of Cybersecurity
A Reality Check on the State of CybersecurityCisco Security
 
Pervasive Security Across Your Extended Network
Pervasive Security Across Your Extended NetworkPervasive Security Across Your Extended Network
Pervasive Security Across Your Extended NetworkCisco Security
 
Malware and the Cost of Inactivity
Malware and the Cost of InactivityMalware and the Cost of Inactivity
Malware and the Cost of InactivityCisco Security
 
Automotive Virtual Sensors - Motorsport Applications
Automotive Virtual Sensors - Motorsport ApplicationsAutomotive Virtual Sensors - Motorsport Applications
Automotive Virtual Sensors - Motorsport ApplicationsEnrico Busto
 
William Paterson University
William Paterson UniversityWilliam Paterson University
William Paterson UniversityCisco Security
 

En vedette (18)

2013 Cisco Annual Security Report
2013 Cisco Annual Security Report2013 Cisco Annual Security Report
2013 Cisco Annual Security Report
 
Enterprise Strategy Group: Security Survey
Enterprise Strategy Group: Security SurveyEnterprise Strategy Group: Security Survey
Enterprise Strategy Group: Security Survey
 
Cisco 2015 Midyear Security Report Slide Deck
Cisco 2015 Midyear Security Report Slide DeckCisco 2015 Midyear Security Report Slide Deck
Cisco 2015 Midyear Security Report Slide Deck
 
Infographic: Security for Mobile Service Providers
Infographic: Security for Mobile Service ProvidersInfographic: Security for Mobile Service Providers
Infographic: Security for Mobile Service Providers
 
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...
 
Cisco ISE Reduces the Attack Surface by Controlling Access
Cisco ISE Reduces the Attack Surface by Controlling AccessCisco ISE Reduces the Attack Surface by Controlling Access
Cisco ISE Reduces the Attack Surface by Controlling Access
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security Overview
 
McAllen Intermediate School District
McAllen Intermediate School DistrictMcAllen Intermediate School District
McAllen Intermediate School District
 
Midsize Business Solutions: Cybersecurity
Midsize Business Solutions: CybersecurityMidsize Business Solutions: Cybersecurity
Midsize Business Solutions: Cybersecurity
 
Integrated Network Security Strategies
Integrated Network Security StrategiesIntegrated Network Security Strategies
Integrated Network Security Strategies
 
Balance Data Center Security and Performance
Balance Data Center Security and PerformanceBalance Data Center Security and Performance
Balance Data Center Security and Performance
 
Data Center Security Challenges
Data Center Security ChallengesData Center Security Challenges
Data Center Security Challenges
 
A Reality Check on the State of Cybersecurity
A Reality Check on the State of CybersecurityA Reality Check on the State of Cybersecurity
A Reality Check on the State of Cybersecurity
 
Pervasive Security Across Your Extended Network
Pervasive Security Across Your Extended NetworkPervasive Security Across Your Extended Network
Pervasive Security Across Your Extended Network
 
Malware and the Cost of Inactivity
Malware and the Cost of InactivityMalware and the Cost of Inactivity
Malware and the Cost of Inactivity
 
Automotive Virtual Sensors - Motorsport Applications
Automotive Virtual Sensors - Motorsport ApplicationsAutomotive Virtual Sensors - Motorsport Applications
Automotive Virtual Sensors - Motorsport Applications
 
William Paterson University
William Paterson UniversityWilliam Paterson University
William Paterson University
 
RSA 2017 - CISO's 5 steps to Success
RSA 2017 - CISO's 5 steps to SuccessRSA 2017 - CISO's 5 steps to Success
RSA 2017 - CISO's 5 steps to Success
 

Similaire à From Physical to Virtual to Cloud

Cisco tec rob soderbery - core enterprise networking
Cisco tec rob soderbery - core enterprise networkingCisco tec rob soderbery - core enterprise networking
Cisco tec rob soderbery - core enterprise networkingCisco Public Relations
 
Cisco Dec 6 Toronto VMUG
Cisco Dec 6 Toronto VMUGCisco Dec 6 Toronto VMUG
Cisco Dec 6 Toronto VMUGtovmug
 
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...Ixia
 
HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust
 
Cisco X Factor 9.x Updates & More
Cisco X Factor 9.x Updates & MoreCisco X Factor 9.x Updates & More
Cisco X Factor 9.x Updates & Moreceriumnetworks
 
Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012Cisco Public Relations
 
MassTLC Cloud summit keynote presentation from CTO of VMWare, Scott Davis
MassTLC Cloud summit keynote presentation from CTO of VMWare, Scott DavisMassTLC Cloud summit keynote presentation from CTO of VMWare, Scott Davis
MassTLC Cloud summit keynote presentation from CTO of VMWare, Scott DavisMassTLC
 
Inter op nyc_mahbubul alam_october 2012
Inter op nyc_mahbubul alam_october 2012Inter op nyc_mahbubul alam_october 2012
Inter op nyc_mahbubul alam_october 2012Mahbubul Alam
 
Express Data - BYOD
Express Data - BYODExpress Data - BYOD
Express Data - BYODGen-i
 
Express Data - BYOD
Express Data - BYODExpress Data - BYOD
Express Data - BYODGen-i
 
ReadyCloud Collaboration, a Cisco Powered service
ReadyCloud Collaboration, a Cisco Powered serviceReadyCloud Collaboration, a Cisco Powered service
ReadyCloud Collaboration, a Cisco Powered serviceGen-i
 
Cisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco Public Relations
 
Cisco switching technical
Cisco switching technicalCisco switching technical
Cisco switching technicalImranD1
 
Cisco at v mworld 2015 vmworld-deck-2015-final
Cisco at v mworld 2015 vmworld-deck-2015-finalCisco at v mworld 2015 vmworld-deck-2015-final
Cisco at v mworld 2015 vmworld-deck-2015-finalldangelo0772
 
Becloud hybrid cloud
Becloud hybrid cloudBecloud hybrid cloud
Becloud hybrid cloudBecloud
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroGraeme Wood
 
Vss Security And Compliance For The Cloud
Vss Security And Compliance For The CloudVss Security And Compliance For The Cloud
Vss Security And Compliance For The CloudGraeme Wood
 
Cloud Computing at Cisco
Cloud Computing at CiscoCloud Computing at Cisco
Cloud Computing at CiscoCisco Canada
 
Cloud Networking: Network aspects of the cloud
Cloud Networking: Network aspects of the cloudCloud Networking: Network aspects of the cloud
Cloud Networking: Network aspects of the cloudSAIL
 
Designing Secure Cisco Data Centers
Designing Secure Cisco Data CentersDesigning Secure Cisco Data Centers
Designing Secure Cisco Data CentersCisco Russia
 

Similaire à From Physical to Virtual to Cloud (20)

Cisco tec rob soderbery - core enterprise networking
Cisco tec rob soderbery - core enterprise networkingCisco tec rob soderbery - core enterprise networking
Cisco tec rob soderbery - core enterprise networking
 
Cisco Dec 6 Toronto VMUG
Cisco Dec 6 Toronto VMUGCisco Dec 6 Toronto VMUG
Cisco Dec 6 Toronto VMUG
 
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
 
HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure
 
Cisco X Factor 9.x Updates & More
Cisco X Factor 9.x Updates & MoreCisco X Factor 9.x Updates & More
Cisco X Factor 9.x Updates & More
 
Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012
 
MassTLC Cloud summit keynote presentation from CTO of VMWare, Scott Davis
MassTLC Cloud summit keynote presentation from CTO of VMWare, Scott DavisMassTLC Cloud summit keynote presentation from CTO of VMWare, Scott Davis
MassTLC Cloud summit keynote presentation from CTO of VMWare, Scott Davis
 
Inter op nyc_mahbubul alam_october 2012
Inter op nyc_mahbubul alam_october 2012Inter op nyc_mahbubul alam_october 2012
Inter op nyc_mahbubul alam_october 2012
 
Express Data - BYOD
Express Data - BYODExpress Data - BYOD
Express Data - BYOD
 
Express Data - BYOD
Express Data - BYODExpress Data - BYOD
Express Data - BYOD
 
ReadyCloud Collaboration, a Cisco Powered service
ReadyCloud Collaboration, a Cisco Powered serviceReadyCloud Collaboration, a Cisco Powered service
ReadyCloud Collaboration, a Cisco Powered service
 
Cisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operations
 
Cisco switching technical
Cisco switching technicalCisco switching technical
Cisco switching technical
 
Cisco at v mworld 2015 vmworld-deck-2015-final
Cisco at v mworld 2015 vmworld-deck-2015-finalCisco at v mworld 2015 vmworld-deck-2015-final
Cisco at v mworld 2015 vmworld-deck-2015-final
 
Becloud hybrid cloud
Becloud hybrid cloudBecloud hybrid cloud
Becloud hybrid cloud
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend Micro
 
Vss Security And Compliance For The Cloud
Vss Security And Compliance For The CloudVss Security And Compliance For The Cloud
Vss Security And Compliance For The Cloud
 
Cloud Computing at Cisco
Cloud Computing at CiscoCloud Computing at Cisco
Cloud Computing at Cisco
 
Cloud Networking: Network aspects of the cloud
Cloud Networking: Network aspects of the cloudCloud Networking: Network aspects of the cloud
Cloud Networking: Network aspects of the cloud
 
Designing Secure Cisco Data Centers
Designing Secure Cisco Data CentersDesigning Secure Cisco Data Centers
Designing Secure Cisco Data Centers
 

Plus de Cisco Security

Incident Response Services Template - Cisco Security
Incident Response Services Template - Cisco SecurityIncident Response Services Template - Cisco Security
Incident Response Services Template - Cisco SecurityCisco Security
 
3 Tips for Choosing a Next Generation Firewall
3 Tips for Choosing a Next Generation Firewall3 Tips for Choosing a Next Generation Firewall
3 Tips for Choosing a Next Generation FirewallCisco Security
 
AMP Helps Cisco IT Catch 50% More Malware threats
AMP Helps Cisco IT Catch 50% More Malware threatsAMP Helps Cisco IT Catch 50% More Malware threats
AMP Helps Cisco IT Catch 50% More Malware threatsCisco Security
 
The Cost of Inactivity: Malware Infographic
The Cost of Inactivity: Malware InfographicThe Cost of Inactivity: Malware Infographic
The Cost of Inactivity: Malware InfographicCisco Security
 
Cisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Security
 
Infonetics Network and Content Security Vendor Scorecard
Infonetics Network and Content Security Vendor ScorecardInfonetics Network and Content Security Vendor Scorecard
Infonetics Network and Content Security Vendor ScorecardCisco Security
 
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...Cisco Security
 
The Evolution of and Need for Secure Network Access
The Evolution of and Need for Secure Network AccessThe Evolution of and Need for Secure Network Access
The Evolution of and Need for Secure Network AccessCisco Security
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco Security
 
String of Paerls Infographic
String of Paerls InfographicString of Paerls Infographic
String of Paerls InfographicCisco Security
 
Midyear Security Report Infographic
Midyear Security Report InfographicMidyear Security Report Infographic
Midyear Security Report InfographicCisco Security
 
Cisco Annual Security Report Infographic
Cisco Annual Security Report InfographicCisco Annual Security Report Infographic
Cisco Annual Security Report InfographicCisco Security
 
City of Tomorrow Builds in Next-Generation Security
City of Tomorrow Builds in Next-Generation SecurityCity of Tomorrow Builds in Next-Generation Security
City of Tomorrow Builds in Next-Generation SecurityCisco Security
 
Laser Pioneer Secures Network End-to-End to Protect Assets
Laser Pioneer Secures Network End-to-End to Protect AssetsLaser Pioneer Secures Network End-to-End to Protect Assets
Laser Pioneer Secures Network End-to-End to Protect AssetsCisco Security
 
Leveraging Context-Aware Security to Safeguard Patient Data
Leveraging Context-Aware Security to Safeguard Patient DataLeveraging Context-Aware Security to Safeguard Patient Data
Leveraging Context-Aware Security to Safeguard Patient DataCisco Security
 

Plus de Cisco Security (15)

Incident Response Services Template - Cisco Security
Incident Response Services Template - Cisco SecurityIncident Response Services Template - Cisco Security
Incident Response Services Template - Cisco Security
 
3 Tips for Choosing a Next Generation Firewall
3 Tips for Choosing a Next Generation Firewall3 Tips for Choosing a Next Generation Firewall
3 Tips for Choosing a Next Generation Firewall
 
AMP Helps Cisco IT Catch 50% More Malware threats
AMP Helps Cisco IT Catch 50% More Malware threatsAMP Helps Cisco IT Catch 50% More Malware threats
AMP Helps Cisco IT Catch 50% More Malware threats
 
The Cost of Inactivity: Malware Infographic
The Cost of Inactivity: Malware InfographicThe Cost of Inactivity: Malware Infographic
The Cost of Inactivity: Malware Infographic
 
Cisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack Continuum
 
Infonetics Network and Content Security Vendor Scorecard
Infonetics Network and Content Security Vendor ScorecardInfonetics Network and Content Security Vendor Scorecard
Infonetics Network and Content Security Vendor Scorecard
 
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...
 
The Evolution of and Need for Secure Network Access
The Evolution of and Need for Secure Network AccessThe Evolution of and Need for Secure Network Access
The Evolution of and Need for Secure Network Access
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security Report
 
String of Paerls Infographic
String of Paerls InfographicString of Paerls Infographic
String of Paerls Infographic
 
Midyear Security Report Infographic
Midyear Security Report InfographicMidyear Security Report Infographic
Midyear Security Report Infographic
 
Cisco Annual Security Report Infographic
Cisco Annual Security Report InfographicCisco Annual Security Report Infographic
Cisco Annual Security Report Infographic
 
City of Tomorrow Builds in Next-Generation Security
City of Tomorrow Builds in Next-Generation SecurityCity of Tomorrow Builds in Next-Generation Security
City of Tomorrow Builds in Next-Generation Security
 
Laser Pioneer Secures Network End-to-End to Protect Assets
Laser Pioneer Secures Network End-to-End to Protect AssetsLaser Pioneer Secures Network End-to-End to Protect Assets
Laser Pioneer Secures Network End-to-End to Protect Assets
 
Leveraging Context-Aware Security to Safeguard Patient Data
Leveraging Context-Aware Security to Safeguard Patient DataLeveraging Context-Aware Security to Safeguard Patient Data
Leveraging Context-Aware Security to Safeguard Patient Data
 

Dernier

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 

Dernier (20)

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 

From Physical to Virtual to Cloud

  • 1. Mike Nielsen Senior Director Security February 7, 2012 © 2012 Cisco and/or its affiliates. All rights reserved. 1
  • 2. Cisco Data Center Technology Physical Deployment Use Cases Virtual and Cloud Deployment Use Cases © 2012 Cisco and/or its affiliates. All rights reserved. 2
  • 3. NEARLY MORE THAN 2000% 50% increase in application traffic of business-critical applications and network connections per will be virtualized by 2013 second required for inspection by 2015 Rapidly losing visibility of business-critical traffic © 2012 Cisco and/or its affiliates. All rights reserved. 3
  • 4. 1. vMotion moves VMs across physical ports—the network policy must follow vMotion (across racks, PODS, DCs) 2. Must view or apply network/security policy to Port locally switched traffic Group 3. Need to maintain segregation of duties while ensuring Security non-disruptive operations Admin Server Admin Network Admin © 2012 Cisco and/or its affiliates. All rights reserved. 4
  • 5. PHYSICAL VIRTUAL CLOUD WORKLOAD WORKLOAD WORKLOAD • One app per server • Many apps per server • Multi-tenant per server • Static • Mobile • Elastic • Manual provisioning • Dynamic provisioning • Automated scaling HYPERVISOR VDC-1 VDC-2 CONSISTENCY: Policy, Features, Security, Management Switching Nexus 7K/5K/3K/2K Nexus 1000V, VM-FEX Security ASA 5585, ASA SM, IPS VSG, ASA 1000V Compute UCS for Bare Metal UCS for Virtualized Workloads * Virtual only, ** Announced © 2012 Cisco and/or its affiliates. All rights reserved. 5
  • 6. Security needs to scale to the transaction SCALABLE or throughput requirements of today’s SECURITY applications PHYSICAL & Security must provide consistent policy VIRTUAL enforcement across hybrid environments Security deployments must enable BUSINESS business agility through the unification of CONTEXT business and technology policies © 2012 Cisco and/or its affiliates. All rights reserved. 6
  • 7. Segment resources Ensure maximum logically and CPU utilization physically by tenant and VM mobility or risk class © 2012 Cisco and/or its affiliates. All rights reserved. 7
  • 8. Firewall Segmentation Fabric Segmentation Stateful/reflective ACL UCS Fabric Interconnect Multi-context VPN TrustSec Context-Aware Segmentation Network Segmentation Security Group Tags (SGT) Physical Security Exchange Protocol (SXP) Virtual (VLAN, VRF) Security Group ACL Virtualized (Zones) © 2012 Cisco and/or its affiliates. All rights reserved. 8
  • 9. © 2012 Cisco and/or its affiliates. All rights reserved. 9
  • 10. ASA Firewall at Data Center Speeds ASA 5585-SSP60 80 40 Gbps Firewall 20 MM Connections 10 700,000 350,000 CPS ASA 5585-SSP40 40 20 Gbps Firewall ASA 5585-SSP20 8 4 MM Connections 20 10 Gbps Firewall 400,000 CPS Connections 4 MM 2 200,000 CPS ASA 5585-SSP10 Connections 8 4 Gbps Firewall 250,000 125,000 CPS 2 1 MM ASA Services Connections Module 100,000 CPS 50,000 CPS 80 20 Gbps Firewall 40 10 MM Connections 1.2 MM CPS 300,000CPS Campus Data Center © 2012 Cisco and/or its affiliates. All rights reserved. 10
  • 11. Assured Protection for High-performance Data Centers Next-generation firewall at 700% Higher Performance data center speeds • Clusters managed as a single logical device Density • 320 Gbps firewall & 80 Gbps IPS throughput • 1 million connections per 84% Less Power second • 50 million concurrent sessions Consumption • Pay as you grow Integrated identity, content 87% Percent Less and application security Fully IPv6 compliant for coming wave of mobile Rack Space application access © 2012 Cisco and/or its affiliates. All rights reserved. 11
  • 12. Assured Protection for High-performance Data Centers 400% Highest IPS performance density • 10 Gbps IPS throughput Higher Performance Density • 100,000 connections per second 75% Less Power • Expandable 2RU chassis Context-aware attacker, Consumption victim, and attack visibility 50% Less Rack Space Backed by Cisco Security Intelligence Operation (SIO) for the highest level of attack identification and mitigation © 2012 Cisco and/or its affiliates. All rights reserved. 12
  • 13. Cisco® ASA 5585-X v9.0 with Clustering Capability* • Two to eight ASAs supported per cluster (same model and DRAM) • Both routed (L3) and transparent (L2) firewall modes supported • Cluster performance = 60-70 percent of combined throughput and connections (traffic- dependent) ASA CLUSTERING AT CONTROL PLANE • One master syncs configuration to all members • Minimum one cluster control interface for the cluster control plane • Site-to-site VPN support Not supported in cluster mode: SSL/IPSEC RA VPN, VPN LB, Botnet Traffic Filter, DHCP capabilities, WCCP, Unified Communications features, ASA-CX SSP, specific applications inspection. * Clustering is supported on ASA 5585, 5580 and ASA SM ASA Clustering at Data Plane © 2012 Cisco and/or its affiliates. All rights reserved. 13
  • 14. Cisco Catalyst 6500 as Services Switch ® • ASA SM for Catalyst 6500 • Etherchannel Integration with Cisco Nexus 7K/vPC ® • 6500 supports Link Aggregation Control Protocol (LACP), IEEE 802.3ad standard • Traffic forwarded using service- specific VLANs • Each port-channel supports up to eight active and eight standby links © 2012 Cisco and/or its affiliates. All rights reserved. 14
  • 15. System Dashboard © 2012 Cisco and/or its affiliates. All rights reserved. 15
  • 16. Integrated Identity Security Context AAA Directory Infrastructure Agent Mark Data Center and Cloud AnyConnect IDFW DMZ John ASA Identity Firewall © 2012 Cisco and/or its affiliates. All rights reserved. 16
  • 17. AD/LDAP Identity • Non-auth-aware apps NTLM • Any platform Kerberos • AD/LDAP credential TRUSTSEC Network Identity Secure Group Tags on ASA User Authentication IP Surrogate • Auth-Aware Apps AD Agent • Mac, Windows, Linux • AD/LDAP user credential © 2012 Cisco and/or its affiliates. All rights reserved. 17
  • 18. TrustSec lets you define policy in Context Classification meaningful business terms Business Policy TAG Security Group Tag Destination HR Database Prod CRM Storage Source VD HR Users X X Distributed Enforcement in DC VPN HR User X X X IT Ops ASA DC Switch Test Server Test-ACL X Filtering Physical and Virtual Servers in Data Center © 2012 Cisco and/or its affiliates. All rights reserved. 18
  • 19. Integrated Identity Security SGT (6) mktg-servers SGT (9) HR-servers ISE SGT=06 Packet SGT=09 Packet Security Xchange Protocol © 2012 Cisco and/or its affiliates. All rights reserved. 19
  • 20. • Users assigned with a security group tag • Contextual access control is now possible • Cisco Nexus® 7000 enforces group policy at the DC edge • Cisco® ASA 5585-X v9.0 support SXP security group tags in policy • Example usage: access to VDI service in DC © 2012 Cisco and/or its affiliates. All rights reserved. 20
  • 21. Delivers protections months ahead of the threat 0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 Cisco SIO WWW Email Devices Web CWS IPS AnyConnect Zero-day detection WWW Actions Information IPS Networks Endpoints ESA ASA WSA Reputation-based Visibility protection Control 1.6M global sensors 3 to 5 minute updates 75TB data received per day Consistent 5,500+ IPS signatures produced 150M+ deployed endpoints 8M+ rules per day enforcement 35% worldwide email traffic 200+ parameters tracked 13B web requests 70+ publications produced © 2012 Cisco and/or its affiliates. All rights reserved. 21
  • 22. Proving SIO - Global Correlation White Paper http://www.cisco.com/en/US/products/ps12156/prod_white_papers_list.html Figure 4. Sensor at Industrial Supplies Distributor (IND-2) Figure 2. Sensor at Bank (BNK-1) © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
  • 23. © 2012 Cisco and/or its affiliates. All rights reserved. 23
  • 24. Unified Firewall Policies in Virtual and Cloud Environments Unmatched Deployment Consistent Policies Flexibility • Common ASA configuration for physical, virtual and cloud deployments Lowest Operational VM Firewall Scalability Complexity • Single Instance secures up to 64 ESX hosts • Limitless VMs for SP and Enterprise Enhanced Network Scalability Unified Fabric Security • Integrates with the Nexus 1000V Series switch • Complements zone-based security capabilities of the Cisco Virtual Security Gateway) © 2012 Cisco and/or its affiliates. All rights reserved. 24
  • 25. Features and Capabilities Built using Cisco ASA IPsec VPN (site to site) infrastructure NAT Interoperability with Cisco VSG DHCP through service chaining Default gateway VXLAN gateway Static routing Stateful inspection Multi-tenant management Through Cisco VNMC IP audit © 2012 Cisco and/or its affiliates. All rights reserved. 25
  • 26. Zone 1 Zone 2 • The zones used define policy enforcement • Unique policies and traffic decisions applied to each zone • Physical infrastructure mapped Steer VM traffic to virtual context per zone: • VRF • Virtual context • Merging physical and virtual vPath Virtual Switch Segment pools of vPath Virtual Switch infrastructure vSphere blade resources per vSphere zone © 2012 Cisco and/or its affiliates. All rights reserved. 26
  • 27. VSG Zone-based intratenant Cisco Nexus 1000V ® segmentation of VMs Cisco ASA 1000V ® Virtual Service Nodes vPATH Nexus 1000V Hypervisor Ingress/egress multitenant edge deployment vCenter Nexus 1 KV VNMC Server Network Security Admin Admin Admin © 2012 Cisco and/or its affiliates. All rights reserved. 27
  • 28. Virtual Security Gateway: Zone Firewall for Cisco Nexus® 1000V • Control inter-VM traffic to address new blind spot • Support dynamic VM provisioning VM-to-VM traffic VM-to-VM traffic • Transparent VM mobility enforcement • Policy based VLAN-agnostic operation • Administrative separation of duties; App App App App server, network, and security` OS OS OS OS © 2012 Cisco and/or its affiliates. All rights reserved. 28
  • 29. SECURING VM-VM TRAFFIC Aggregation ERSPAN DST IDS ID:2 Virtual Sensor 1 IDS ID:1 Virtual Sensor 2 Zone B Zone C monitor session 1 type erspan-source VDC VDC description N1k ERSPAN – session 1 vApp monitor session 3 type erspan-destination description N1k ERSPAN to IDS Virtual Sensor 1 VSG VSG vApp monitor session 2 type erspan-source description N1k ERSPAN –session 2 monitor session 4 type erspan-destination description N1k ERSPAN to IDS Virtual Sensor 2 vPath Cisco® Nexus 1000V © 2012 Cisco and/or its affiliates. All rights reserved. vSphere 29
  • 30. Tenant A Tenant A’ (clone) VM 1 VM 2 VM 1 VM 1 VM 2 VM 1 VM 3 VM 1 VM 3 VM 1 ASA 1000V ASA 1000V Virtualized Servers External Network • Multizone tenant cloning while keeping overlapping IP addresses • Isolate overlap IPs with dynamic Network Address Translation (NAT) while connected to the external network © 2012 Cisco and/or its affiliates. All rights reserved. 30
  • 31. Proven Cisco Security…Virtualized vCenter • Physical – virtual consistency Virtual Network Management Center (VNMC) Tenant B Collaborative Security Model Tenant A VDC VDC • VSG for intra-tenant secure zones vApp • ASA 1000V for tenant edge controls VSG VSG VSG vApp Seamless Integration • With Nexus 1000V & vPath VSG ASA 1000V ASA 1000V Scales with Cloud Demand vPath • Multi-instance deployment for Nexus 1000V horizontal scale-out deployment Hypervisor © 2012 Cisco and/or its affiliates. All rights reserved. 31
  • 32. Tenant A Tenant B VM 1 VM 2 VM 1 VM 1 VM 2 VM 1 VM 3 VM 1 VM 3 VM 1 ASA 1000V ASA 1000V Virtualized Servers • VMs are quickly brought up and down in virtual environments • ASA 1000V DHCP capability used to assigns dynamic IPs to new VMs © 2012 Cisco and/or its affiliates. All rights reserved. 32
  • 33. Physical Data Center DC Security Cisco Validated Designs Virtual Data Center Virtualized Multiservice Data Center (VMDC) © 2012 Cisco and/or its affiliates. All rights reserved. 33
  • 34. End-to-End Security for Hybrid Infrastructure Physical Virtual and Cloud Physical Appliances and Modules Cloud Firewall Cisco Multi-Scale™ data center-class Enhanced cloud security Cisco® ASA devices Cisco ASA Cisco Catalyst® 6500 Cisco VSG Cisco ASA 1000V 5585-X Series ASA Services Cloud Firewall Module • Scalable in-line performance • Proven firewall to secure your cloud • Data center-edge security policies • Policies specific to the tenant edge to the virtual machine • Flexible deployment options • Automated, policy-based provisioning © 2012 Cisco and/or its affiliates. All rights reserved. 34
  • 35. • Always-on, security that is integrated into the network fabric • End-to-end security solutions for Physical physical and virtual environments • Context-aware security to Cloud differentiate risk from random • Services to enable pervasive security across the infrastructure, within, and between clouds Virtual © 2012 Cisco and/or its affiliates. All rights reserved. 35
  • 36. Thank you. © 2012 Cisco and/or its affiliates. All rights reserved. 36

Notes de l'éditeur

  1. As they grow to the next level, data centers have the following security requirements, to support their changing needs:Scalable Security: The amount of data and transactions moving through most data centers requires ever-increasing levels of performance. Security must have the ability to scale to meet these seemingly insatiable performance requirements, while ensuring the highest levels of security.Physical & Virtual: Modern-day data centers are no longer comprised solely of physical deployments. Instead, they are a mixture of physical, virtual, and cloud infrastructures – built to solve the business’ specific needs. Security policies must have the ability work consistently across hybrid environments.Business Integration: While security is certainly important to data center administrators, it isn’t their only concern. They must also focus on maintaining business/IT alignment and avoiding chokepoints that can degrade performance and jeopardize their SLAs. Security needs to be an integral part of the network architecture, so that it can help maintain business/IT alignment, avoid performance chokepoints, and enable business flexibility.
  2. The ASA 5585-X is available at four performance levels ...
  3. Now for some of the new products we’re announcing today …ASA 9.0 is a major release of our core operating system, which powers the entire line of ASA security appliances.One of the most significant improvements in this release is its ability to cluster up to eight of our highest performing firewall appliances to produce the fastest firewall in the worldIt also integrates Cisco TrustSec security group tags (SGTs); along with Identity Firewall capabilities (for active and passive authentication) introduced in our previous release, we are the only security provider with the ability to deliver next-generation firewall capabilities at data center speedsIntegrates with Cisco Cloud Web Security (formerly ScanSafe) to enable administrators to perform deep content scanning on a subset of traffic, without degrading performanceIPv6 support with a minimal performance degradation from IPv4 traffic (15% vs 80% for competitors)[!-- Explanation of the blue “Data Boxes”: --!]700% Higher Performance Density: ASA 5585-X delivers the performance in 2RU that Juniper requires 16RU to match … the math holds up in a clustered environment as well on the firewall side – and adds 60 Gbps IPS throughput (Juniper is limited to 10 Gbps IPS when colocated with the firewall)84% Less Power Consumption: we require less than 400 watts of power, compared to ~5100 watts with Juniper87% Less Rack Space: this is tied to the first point – we use 1/8 the rack space
  4. The industry’s first IPS that is fit to handle data center workflows10 Gbps in a single blade – expandable to two blades in the near futureIntelligent and context-aware for the most effective, proactive IPS in the industry[!-- Explanation of the blue “Data Boxes”: --!]400% Higher Performance Density: IPS 4520 delivers the IPS throughput in 1 blade that Juniper requires 4 blades to match …75% Less Power Consumption: due to the 1:4 hardware ratio discussed above50% Less Rack Space: due to the fact that we can do it with a 2RU unit, vs4RU
  5. CPU and Memory for any unit within the cluster. When you click on environment status button, you can see exact what has failed on the specific cluster node
  6. Identity repository is AD based at phase 1 and is forward compatible with Identity Services Engine.User Logs into ADAD Agent retrieves IP information from ADASA retrieves IP-User mapping from AD AgentPermit/Deny based on Policy
  7. Technology trends such as cloud computing, proliferation of personal devices, and collaboration are enabling more efficient business practices, but they are also putting a strain on the data center and adding new security risks. As technology becomes more sophisticated, so are targeted attacks, and these security breaches, as a result, are far more costly. Many security breaches are caused by external forces such as hackers, organized crime and cybercriminals, and internally, disgruntled employees pose a threat. Businesses must be protected from these threats. Cisco offers two key threat defense options and then supports these with Cisco’s Security Intelligence Operations (SIO).
  8. The Cisco ASA 1000V Cloud Firewall uses the same base ASA code that runs our physical appliances, but is optimized for virtual and cloud environments. That provides some key advantages over “virtual firewalls”, which negate most of the reasons for virtualizing in the first place!Consistent security across hybrid infrastructures – single policy can span physical, virtual, and cloudFlexibility – can secure multiple ESX hosts and can span multiple virtual datacenters; supports VMOTION, so applications can be moved without breaking security policies [!-- Explanation of the blue “Data Boxes”: --!]Unmatched Deployment Flexibility: ASA code – consistency across hybrid infrastructure. Also, ASA 1000V supports VMOTION, so when applications and workloads are moved, security policies move with them – enabling ongoing infrastructure flexibility, without having to re-work security.Lowest Operational Complexity: Unlike “virtual firewalls”, a single instance of ASA 1000V can secure multiple ESX hosts and span multiple virtual datacenters. Also works in conjunction with Nexus 1000V and VSG (using a common management tool for all three) for an end-to-end virtual/cloud solutionEnhanced Network Scalability: Rather than ~4,000 VLANs that are possible in the physical world, Virtual Extensible LAN (VXLAN) can manage 16 million segments.
  9. For the multi tenant DC sometimes there need to clone a specific set of machines so we want to clone a complete tenant. We will have the same IP address with clone. To avoid overlap and collision we can take advantage of the NAT address translation functionality that’s built into Nexus 1K with ASA 1K
  10. Virtual machines are quickly brought up and down in virtual environments. These virtual machines need dynamic IP address assignment. ASA 1000V acts as a DHCP server and allocates IP addresses when a request is received from any of the virtual machines in the tenant.When new virtual machines are instantiated we need to assign them with the appropriate IP addresses and the ASA 1000V has built in DHCP capability so it will assign the IP and will keep those IP in the right network segments as the policy dictates
  11. In conclusion, Cisco enables consistent security across physical, virtual, and cloud environments – with flexible, comprehensive security solutions that:Maintain business/IT alignmentEnable one layer of security policies to work throughout your hybrid environmentAvoid chokepoints that can degrade performance and jeopardize SLAsDeliver context-aware access control by leveraging the entire network… therefore, we  enable security decisions to be made using the same flexibility and fluidity you employ for your network implementation decisions – for a high level of security with operational consistency