1 / 8

Network Security Complexity

Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel, VMS Product Marketing, Cisco Security Technology Group. Internet. Network Security Complexity. Central Management. Problem Large number of firewalls, routers, VPNs, IDS

mosec
Download Presentation

Network Security Complexity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Protecting the Business Networkand Resources with CiscoWorks VMSSecurity Management SoftwareGirish Patel, VMS Product Marketing, Cisco Security Technology Group

  2. Internet Network Security Complexity CentralManagement Problem • Large number of firewalls, routers, VPNs, IDS • Controlling changes with multiple administrators • Unreachable devices: dynamically addressed or intermittent links • Remote OS updates Need • Scalable management that can handle hundreds of devices • Change management for multiuser environment • Implement configurations to remote firewalls that are not always reachable • Device inventory of network • Software image management and code distribution to devices Local Security Operations

  3. SolutionCiscoWorks Security Information Management Solution (SIMS) • High-level graphical summary of enterprise security landscape • Real-time view of security event trends across the enterprise • Correlate and visualize to identify and respond to threats in real time • Over 250 canned reports provide extensive data-mining capabilities • Support for multivendor network Global view provides “big picture” view of security trends

  4. Private VLANs for Increased Server isolation Managing Security in the Data Center Let Insiders in Secure systems approach within and between data centers Keep Outsiders out • Data Center Security Challenges • Protect confidential data • Protect business critical applications • Prevent security threats from outside and inside the organization • Data Center Security Solutionswith VMS • Manage agents to protect key servers and desktops • Manage Intrusion prevention for threat analysis • Manage firewall appliances, switch modules’ filtering and traffic • Manage VPNs for secure communications • Monitor security and performance for automated correction of emerging problems • Centralized management of all network security Internet Intranet

  5. Managing Security for the Branch Office Corporate Office • Branch Security Challenges • Protect business communications • Prevent malicious traffic, threats, worms, etc. • Adopt new network services/apps without performance impact • Little to no remote IT staff Security Scalablewith Business Needs IPSec Tunnel Service Provider PSTN • Branch Security Solutions with VMS • Manage router-embedded security services (FW, VPN, IPS) • Manage router-integrated VPN, IDS modules for secure connectivity and threat prevention • Distribute consistent policies to hundreds of remote locations • Monitor health and performance to prevent downtime • Reduce configuration errors

  6. 6 5 2a 4 2 1 3 Managing Security for the Cisco NAC Solution Hosts Attempting Network Access Network Access Devices Policy Server Decision Points Policy (AAA) Server Vendor Server Credentials Credentials Credentials Management and Monitoring SystemCiscoWorks VMSCiscoWorks SIMS HTTPS RADIUS EAP/UDP, EAP/802.1x Access Rights Comply? Notification Cisco Trust Agent Enforcement • NAC Security Management • Manage software agents to protect desktops • Monitor performance and health of the access devices • Monitor end points, access devices, policy servers, and antivirus products • Centrally manage policies to ensure access points are configured according to policies • NAC Security Management Challenges • How to manage agents on lots of hosts • How to get a holistic view of access control, as opposed to a view of individual components • How to automate distribution of policy

  7. Summary: Business Justification for Security Management “95% of all security breaches are attributed to misconfigurations.” – The Lippis Report, Vol 35: An Enterprise Network Security Framework Review your day-to-day activities: Where do IT staff spend their time? Management Products and Importance • 72% monitoring/reporting tools • 54% performance, service level, and application management tools • 53% platforms, frameworks, element managers • – Infonetics Research, 2003 • Over three years, the primary costs are not hardware or software but admin costs. • Cisco management software targets these primary costs and lowers TOC. • Dealing with the increased sophistication of attacks requires more than point products – it requires treating management as an integrated system. Cisco provides an integrated solution.

More Related