Network A Platform for Compliance

Transcription

1 Network A Platform for Compliance Mahesh Gupta (maheshng@cisco.com) National Manager Network Security CCIE, CISSP, CISA, CISM & PMP SDN Overview 2007 Cisco Systems, Inc. All rights reserved. Cisco Public

2 Agenda Cisco Self Defending Network Security Strategy Network A Platform for Compliance Q&A Compliance Solutions 1. End Point Security 2. Network Admission Control 3. Event Correlation and Incident Management 4. Configuration and Change Management 2

3 Integrated IP networks for Banking: Enabling better customer service through an integrated multi-channel platforms Contact Third Party/ Centre Virtual Call Centre Call with the bank Customer on the phone Intelligent IP Network For Retail Banking (data, voice & video) Teleworker/ Virtual Call Centre Advisor Branch 3

4 Your Bank s Network Today: The Intelligence is in the Network Branch / Store Internet Banking Contact Centre Mobile Banking Interactive Cross Selling Your Bank s Future Network (Intelligent, Flexible & Secure) Data Video Video Surveillance Surveillance Alarms Alarms Voice Video Customer Centric Channel Video Surveillance VideoProduct Surveillance Faster Creation Alarms Alarms Agile Infrastructure Improve Cost / Income Ratio Secure and Compliant Impact: Resilient Data Centres Network Command Centre Back Office SDN Overview 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Increase Interactions Integrate processes Reduce OPEX/CAPEX! 4

5 Cisco Self Defending Network Security Strategy 5

6 The Challenges of Approaching Security Without an End-to-End, Systems Approach Training and Staffing Policy Implementation Configuration and Management Event Sharing and Collaboration Threat Intelligence URL Filter Host IPS Web App Firewall NW IPS NAC Firewall IPSEC VPN SSL VPN AV Gateway XML Firewall Security Mgmt. SPAM Gateway 6

7 The Advantages of a Systems Approach Lower Cost, Higher Efficiency, Greater Impact Training and Staffing Policy Implementation Configuration and Management Event Sharing and Collaboration Threat Intelligence URL Filter Host IPS Web App Firewall NW IPS NAC Firewall IPSEC VPN SSL VPN AV Gateway XML Firewall Security Mgmt. SPAM Gateway Integration Into the Network Infrastructure 7

8 The Need For a Systems Approach Less complexity, improved usability Collaborative operation, increased effectiveness Fewer devices, reduced initial and ongoing cost 8

9 The Alternative 9

10 Compliance Solution 10

11 1. End Point Security 11

12 End Point Security using CSA Device Security Day Zero Attack Protection System Integrity Assurance + Patch Relief Better Threat Visibility Data Loss Prevention Restrict copying & sending sensitive data Force VPN use, End user education Comply with PCI and other policy mandates Enhance Self-Defending Network Collaborate with Network Security Per-Application QoS, WiFi security Better security, lower administrative cost 12

13 End-Point Security: Data Loss Prevention IronPort Prevent Data Loss at Network Perimeter Multi-Protocol Scanning Leverage Existing Anti-Spam and Anti-Spyware Infrastructure Network Edge Security Appliance Data Center Application Server Corporate Network Tape Devices MDS 9000 Storage Media Encryption Prevent unauthorized access and loss of data at rest Fully integrated with SAN fabric and management Secure, highly available service Employees Partners Internet Customers Remote Employees WEB Security Appliance Cisco Security Agent Prevent endpoint data loss Prevents bypass of IronPort network protection Content classification similar to IronPort in a future release 13

14 Data Loss Prevention Platform High Performance, Multi-Protocol Scanning IronPort Content Filtering High Performance Flexible Fine Grained Encrypt Archive Block URL Monitor URL Notify Legal Personnel Remove Attachment Bounce Drop & Web Content Directory Queries Pre- defined Dictionaries, URL Filters Customer Generated Filters 14

15 End-Point Security: Data Loss Prevention Restrict copying sensitive data to removable media USB, floppy disk, CD Burner Restrict sending sensitive data via unauthorized interfaces Modem, Bluetooth, IRDA; printer (6.0) Block sending sensitive data via webmail, p2p, IM No cut & paste clipboard abuse Security Appliance WEB Security Appliance Content scanning on endpoint available in an upcoming release 15

16 End-point Security: Mobile Users Policy to require the use of Corporate VPN for remote users CSA can block SSL sessions not sent via corporate proxy These ensure IronPort corporate network mail & web protections are not bypassed / Web Corporate Network Internet VPN Remote Employees 16

17 CSA-Network IPS Correlation: Enhanced Protection through Collaboration 2. Global Correlation is invoked and the CSAMC updates all the CSA agents with threat information 4. CSA collaborating with Cisco IPS is able to dynamically elevate the Risk Rating threshold for attacks coming from the hacker 3. All connection attempts by the hacker to CSA protected devices are dynamically blocked 1. Hacker scans internal servers for vulnerabilities 17

18 2. Network Admission Control 18

19 19

20 Network Admission: Access on Compliance First, establish ACCESS POLICIES. Then: Authenticate & Authorize Enforces authorization policies and privileges Supports multiple user roles Quarantine & Enforce Isolate non-compliant devices from rest of network MAC and IP-based quarantine effective at a per-user level Scan & Evaluate Agent scan for required versions of hotfixes, AV, etc Network scan for virus and worm infections and port vulnerabilities Update & Remediate Network-based tools for vulnerability and threat remediation Help-desk integration NO COMPLIANCE = NO NETWORK ACCESS 20

21 Network Admission Control WHAT SYSTEM IS IT? WHO OWNS IT? WHERE IS IT COMING FROM? WHAT S ON IT? IS IT RUNNING? WHAT S THE PREFERRED WAY TO CHECK / FIX IT? Windows, Mac or Linux Laptop or desktop or PDA Printer or other corporate asset Company Employee Contractor Guest Unknown VPN LAN WLAN WAN Anti-virus, anti-spyware Personal firewall Patching tools Pre-configured checks Customized checks Self-remediation or auto-remediation Third-party software 21

22 3. Event Correlation, Incident Management & Compliance Reporting 22

23 Event Correlation - Critical Data Reduction Impactful Data Reduction, allows Administrators to focus on priorities Incident Dashboard -Aggregate - Correlate - Summarize 2,694,083 Events 992,511 Sessions 249 Incidents 61 High Severity Incidents 23

24 Incident Management, Compliance Reporting Popular Reports With Customization and Distribution Options Queries Saved as Rules or Reports Intuitive Framework 24

25 4. Change Management 25

26 26

27 PACE: Addressing the Business & Technology disconnect Before PACE: Point Management Solution Business Service Processes Operational Processes Mgt Tools Mgt Tools Mgt Tools Collaboration Apps App Delivery Infrastructure Security Infrastructure Unified Comms IP Telephony ACE WAAS NAC/SDN ASA Mgt Tools Network Infrastructure Routers/Switches Wireless 27

28 PACE: Addressing the Business & Technology disconnect After PACE: Integrated Management Solution Business Service Processes = PACE hooks Operational Processes PACE + Management Tools Collaboration Apps App Delivery Infrastructure Security Infrastructure Network Infrastructure Unified Comms IP Telephony ACE WAAS NAC/SDN ASA Routers/Switches Wireless 28

29 Network Compliance Manager Change & Configuration Management Provisioning Configuration Scripting Real-time change detection Instant rollback Automated diagnostics Workflow & Approvals Multi-task projects Scheduling Process model Change approvals Compliance Center Auditing Autoremediation Pre-defined & custom reporting Automated policy checking Security Administration Centralized & device permission mgt/ lock-down Device ACL mgt Single sign-on Router policies Vulnerability detection 29

30 Compliance Baselining Need for Compliance Building Blocks Mandatory and Optional Compliance Requirements Security Policy Vulnerability Assessment Protection against Data Theft Security Posture Metrics and Measurement Patch management Local & Remote Access Authentication Log Monitoring Incident Management Authentication and Authorizations Mail Security & Web Security Security Event Management Malicious Code Protection Change Management Strong Encryption Threat Protection Privacy Management Compliance Organization Compliance Training Assessments Internal and External 30

31 Cisco Technology Mapping Baseline Compliance Requirement Security Policy Cisco Technology Solution Cisco SDN Best Practices Application Security Mail + Web Apps Security Policy Management IronPort Web and Mail Security Cisco Security Manager Log Monitoring MARS Malicious Code Protection Protection against Data Theft Vulnerability Management Patch management CISCO SELF DEFENDING NETWORK NAC, CSA, Firewall, IPS, IOS IronPort,CSA, SME, SSL VPN NAC, MARS NAC, MARS Incident & Event Management Change Management Access Authentication & Authorization MARS, NAM Network Compliance Manager AAA, VPN Solutions, NAC Security Posture Assessment NAC, CSA, CSD 31

32 Market Leader with Commitment to Security Product and Technology Innovation security-focused engineers Nine acquisitions added to our solution portfolio in last two years Industry Leadership NEW Critical Infrastructure Assurance Group Responsible disclosure Cisco Security Center web destination Intellishield security intelligence and best practice sharing Because the network is a strategic customer asset, the protection of its business-critical applications and resources is a top priority. John Chambers, Chairman & CEO, Cisco 32

33 33