CYBERSECURITY for ENTERPRISE INFRASTRUCTURE: Protecting your DataCenter Marco Mazzoleni Consulting Systems Engineer, Cisco GSSO 2014 Cisco and/or and/or its affiliates. its affiliates. All rights All reserved. rights reserved. Cisco Public 1 1
Data Center Security Challenges Without integrated security, our customer s data centers are at risk 60% of data is stolen in HOURS 85% of data center intrusions aren t discovered for WEEKS 54% of data center breaches remain undiscovered for MONTHS 51% increase in companies reporting a $10M loss or more in the last YEAR START HOURS WEEKS MONTHS YEARS Source: Verizon 2014 Data Breach Investigations Report (DBIR) 2014 Cisco and/or its affiliates. All rights reserved. 2
Data Center Administrators Need New Security IT professionals don t know what they re protecting They can t see or recognize what s in their environment They can t deal with unknown attacks Even if technologies are purchased, in many cases, IT profesionals cannot use them properly Complexity and fragmentation Operational challenges 2014 Cisco and/or its affiliates. All rights reserved. 3
Fitness Company Builds Secure Data Center With Beachbody the converged quote: Cisco on ASA solution, 5585-X: we We can can now cluster centralize monitoring without losing and management performance. for all It s our the resources perfect and firewall provide better platform support to insert and services into the to users without increasing IT staff. compute environment of Brian C. Young, Infrastructure our UCS. Manager, Adena Health System Customer Stats Challenges Why Cisco? Solution Impact Industry: Health, Wellness and Fitness Location: Santa Monica, California Employees: 600 Provide advanced IT services, Visibility across the network Help ensure security in multitenant environment Simplify network and security operations Has long relied on Cisco for nearly all IT needs, from metro fiber network to data center infrastructure Considered other vendors, but while their devices may be capable, Cisco provides a fully integrated solution Most capable solution for meeting multitenancy, other project-related demands Cisco ASA 5585-X Adaptive Security Appliance with Next- Generation Firewall Services with IPS and Global Threat Correlation Cisco Identity Service Engine Cisco Trutsec Reduce data center footprint by 50 percent Provides holistic view of threat environment for all customer Simplifies security management and operations, and provides economic sustainability for IT infrastructure
Cisco Security: Secure the Data Center ASA and ASAv ASA w/firepower Services FirePOWER NGIPS and vngips ASA + FirePOWER provides: Data Center Integration Physical and virtual solutions Support for asymmetric traffic Policy-based provisioning Full integration with ACI APIC Data Center Performance High availability and failover Advanced multi-site clustering Before/During/After protection at data center speeds Data Center Protection Protection against advanced threats Inspection of custom applications Retrospective analysis and remediation Cisco has been identified as the clear Data Center security leader by data center administrators for the second year in a row Number 1 in All 10 Infonetics Leadership Criteria
Cisco Identity Services Engine (ISE) Delivering the Visibility and Control for Secure Network Access Network Partner Context Data Who What Cisco ISE Where When How Consistent Secure Access Policy
The New Security Model Attack Continuum BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Network Endpoint Mobile Virtual Cloud Point in Time Continuous 2013-2014 Cisco and/or its affiliates. All rights reserved. 7
Thank You