© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 1 Cisco Self- Defending Network (SDN)

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 2  Cisco SDN – Meeting Customers’ Requirements  Cisco Security- Portfolio @ a Glance  SDN Applied  Closing Remarks & Next Steps Agenda

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 3 The Growing Need for Security Solutions Data Loss Regulatory Compliance Malware A Systems Approach to Streamline IT Risk Management for Security and Compliance

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 4 Cisco Self-Defending Network Solutions for Business Security  Enforce business policies and protect critical assets  Decrease IT administrative burden and reduce TCO  Reduce security and compliance IT risk Network Security Endpoint Security Content Security Application Security System Management Policy—Reputation—Identity Cisco Self-Defending Network: Best of Breed Security in a Systems Approach

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 5 Systems Approach Built from a Leadership Product Portfolio Level of Integration Product Leadership Stand Alone Products Loosely Coupled Silos Emerging Threats Pervasive Threats Best of Breed Self-Defending Network Systems Approach Built from Best of Breed

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 7  Cisco SDN – Meeting Customers’ Requirements  Cisco Security- Portfolio @ a Glance –Network & End-point Security –Content & Application Security –Systems & Security Management  SDN Applied  Closing Remarks & Next Steps Agenda

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 8 The Portfolio at a Glance… Network and Endpoint Security Product Highlights: CSA Desktop CSA Server NAC Appliance Product Highlights: Adaptive Security Appliance Integrated Services Router Aggregation Services Router Cisco Switch Security Modules Network Security  Integrate security pervasively into the network  Converged services for fewer touch points  Scale performance and services to meet any deployment needs Endpoint Security  Rich NAC and identity services  Endpoint protection and control— host-based IPS and AV

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 9 Malware Propagation Automated Threat Mitigation Data Loss Prevention Dynamic DDoS Mitigation Application-Layer Inspection Endpoint Posture Control Integrate Advanced Services Leverage Existing Infrastructure Advanced Technologies and Services FirewallContent SecurityAccess Control VPNIPS IP Network Converge Security Services for End-to-end Solutions FirewallContent SecurityAccess Control VPNIPS Security Point Products Foundation of the Self-Defending Network: Network Security

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 10 Cisco ASA 5500 Series Convergence of Robust, Market-Proven Technologies App Inspection, Use Enforcement, Web Control Application Security + IPS Malware/Content Defense, Anomaly Detection Content Security Services Traffic/Admission Control, Proactive Response Access Control, etc. Secure Connectivity SSL & IPsec VPN Adaptive Threat Defense, Secure Connectivity Firewall Technology Cisco PIX IPS Technology Cisco IPS Content Security Trend Micro VPN Technology Cisco VPN 3000 Network Intelligence Cisco Network Services Market-Proven Technologies Unified Communications Cisco Voice/Video ASA 5500 Series

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 11 Cisco Integrated Services Router Security for the Branch/WAN SDMNetFlowIP SLA Role-Based Access Management and Instrumentation Secure Network Solutions Secure Voice Compliance Secure Mobility Business Continuity Network Admission Control Intrusion Prevention Integrated Threat Control Content Filtering 802.1x Network Foundation Protection Flexible Packet Matching Secure Connectivity GET VPNDMVPNEasy VPNSSL VPN Advanced Firewall GET VPN Content Filtering

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 12 Cisco Catalyst 6500 Series Switch Security Defend the Edge: Integrated FW/IPS Service Module Protect the Interior: Catalyst Integrated Security Toolkit Guard Against Infections and Worms: Network Admissions Control (NAC) Cisco Security Agent (CSA) Secure the Data in Transit: IPSec VPN SPA Defend Network Exploits: Intrusion Protection System (IPS) Threat Defense Denial of Service Protection: CoPP, CPU Rate Limiters, Netflow, QoS Trust and Identity Identity-Based Networking Control Who/What Has Access Enforce endpoint Security Compliance Secure Apps. Deep Packet Inspection Programmable Intelligent Service Accelerator (PISA) Security and application intelligence

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 13 Cisco Security Agent Server and Desktop Host-IPS  Zero-update host-IPS and integrated antivirus  Single client, single management interface  Network collaboration with local threat remediation  Identified and controls sensitive information Business Benefits:  Empower IT to address business risks  Enforce policies and protect business critical assets  Decrease IT administrative burden and reduce expenses CSA

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 14 Cisco Network Admission Control (NAC) Features  Role-based network access control and security policy compliance enforcement  Full lifecycle: discovery, assessment, enforcement, and remediation Benefits  Securing both managed and unmanaged assets  Providing guest access and preventing unauthorized access  Reducing vulnerability- based exploits Flexible Deployment Layer 2, Layer 3 In-band, Out-of-band Centralized, Distributed SNMP, RADIUS Innovative NAC Services Posture Assessment Remediation Profiling Guest Flexible Deployment Layer 2, Layer 3 In-band, Out-of-band Centralized, Distributed SNMP, RADIUS Innovative NAC Services Posture Assessment Remediation Profiling Guest

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 16 The Portfolio at a Glance… Content and Application Security Product Highlights: Ironport Email Ironport Web Intrusion Prevention Systems Product Highlights: ACE XML Gateway Web Application Firewall Content Security  Reputation based, zero-day defense  Capability to address diverse attacks types and techniques  Secure all sources of attack Application Security  Layer 7 protection for application and data vulnerabilities  XML traffic validation and inspection  Enhanced deep packet inspection

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 17 Intrusion Prevention Systems  Scans all traffic using deep (packet-level) inspection  Accurate threat intelligence, which reduces false positives  Coordinated response with existing network gear  Application abuse: Inspects and controls IM, P2P, backdoor  Trend Micro partnership: For latest breaking malware updates Viruses/Worms Anti-Spam Trojans/ Backdoors Bots/ Zombies DoS/ DDoS Spyware/ Adware P2P/IM Abuse Port 80 Misuse

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 18 Cisco IPS for Smaller Businesses  IPS Manager Express for SMB New GUI provides: simplified provisioning using wizard correlation engine simplifies prioritization of major events customized filtering to improve monitoring & reporting of events  Cisco ASA IPS solution Increased throughput (up to 650 Mb) for full IPS and firewall protection  Cisco Services for IPS – expanded protection Increased Unified Communication protection against SIP attacks Enhanced protection for MSFT MSRPC and SMB (internal OS messaging protocol) vulnerabilities Expanded detection across all ports for peer-to-peer application transmissions  Decrease IT administrative burden and reduce expenses for SMBs  Increased scalability using existing network infrastructure  Proactive protection of network assets - greater protection for UC, MSFT, and system resource availability Business Benefits:

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 19 Web Security | Email Security | Security Management | Encryption EMAIL Security Appliance WEB Security Appliance Security MANAGEMENT Appliance IronPort SenderBase APPLICATION-SPECIFIC SECURITY GATEWAYS CLIENTS BLOCK Incoming Threats PROTECT Corporate Assets Data Loss Prevention CENTRALIZE Administration Internet ENCRYPTION Appliance Internet IronPort Gateway Security Products

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 20 Ironport SenderBase Real-Time Knowledge of Threat Environment 30B+ queries daily 150+ e-mail and Web parameters 25% of the world’s e-mail traffic The Dominant Force in Global E-Mail and Web Traffic Monitoring… Complaint reports Spam traps Message composition data Global volume data URL lists Compromised host lists Web crawlers IP blacklists and whitelists Additional data SenderBase Data Data Analysis/ Security Modeling SenderBase Reputation Scores –10 to +10 150 Parameters

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 21 Cisco ACE Web Application Firewall  Satisfies PCI 6.5 and 6.6 requirements Section 6.5: Protect web applications against programming (coding) vulnerabilities Section 6.6: Deploy a web application firewall in front of web server to protect against known vulnerabilities  Extensive set of Cisco validated signatures for HTTP and XML known malicious attack patterns SQL Injection, buffer overflow, cross-site scripting, cooking and session poisoning, etc. Business Benefits:  Meets PCI requirement for web application firewall  Dramatically reduces exposure to costly Web attacks

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 23 The Portfolio at a Glance… Systems and Security Management Product Highlights: Cisco Security MARS Cisco Security Manager CiscoSecure ACS TrustSec Security Management  Operationalize security with automation to optimize resources  Align monitoring and policy for a closed loop system  Leverage identity information within the policy framework  Provide comprehensive view for IT risk management

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 24 MARS CSM Monitoring Policy Total Security System Management Threat Intelligence Reduced complexity for more effective risk analysis and operational control Event Sharing and Collaboration Configuration and Management Policy Implementation

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 25 Cisco Security Manager  Unified services management for security including firewall, VPN, and IPS  Intuitive, feature-rich user interface  Different views for different administrative preferences Device View Topology View Policy View  Efficient management architecture for large-scale security deployments VPN Wizard Policy Rule Table Device View Topology View

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 26 Cisco Security MARS  MARS is an acronym = Monitoring, Analysis, and Response System  Security threat mitigation appliance  Rapid threat detection, isolation and mitigation, topologically aware  Command and control for your existing network security  Correlates data from across disparate multi-vendor security devices and applications Firewall LogIDS EventServer Log Switch LogFirewall Cfg.AV Alert Switch Cfg.NAT Cfg.App Log Router Cfg.NetflowVA Scanner Reduction Correlation Sessions Rules Verify Isolated Events

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 27  Cisco SDN – Meeting Customers’ Requirements  Cisco Security- Portfolio @ a Glance  SDN Applied –Malware Propagation/ Threat Management –Data Loss Prevention –PCI Compliance  Closing Remarks & Next Steps Agenda

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 28 Systems Approach to Stop Malware: Visibility and Control Intrusion Prevention  Detection  Precision response Content Security  Email SPAM  Web filtering Endpoint Security  Host IPS  AV solutions Firewall and VPN Firewall and VPN  Traffic access control  Encryption Centralized Policy Management and Monitoring

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 29 Protected Data Center Corporate LAN Branch Office An Integrated Solution to Stop Malware: IPS, CSA, MARS, and CSM  Attacker attempts to gain access  IPS detects the event with data inputs from CSA  MARS receives the information and correlates the incident  IPS signature policy is updated in one place  Single deployment for consistent network protection CS MARSPolicy Distribution

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 30 Cisco Threat Management Profitability Example—200 User Mid-Market E-Commerce Opportunity  Estimated Gross product margin including Rebates and Professional Services on a $300K deal : $100K (30%)  Professional Services can include: Data classification and usage analysis to provision IPS Incident response policy creation and review (optimization) Review customer’s security policy and implement safeguards to insure applicable industry and regulatory compliance

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 32 Data Loss Prevention (DLP) Bypassing Traditional Security Measures  DLP: Security measures to protect company’s data-in-use, data-in-motion and data-at-rest  Data loss through “approved” ports (email and web)  Computing resource theft Laptops Portable connected equipment Data Center resources

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 33 Internet Cisco Data Loss Prevention Solution NAC, CSA, IronPort, and TrustSec IronPort NAC Appliance ASA printer IronPort  Prevent data loss at perimeter  Mail policy verification  Logs transaction  Encrypts mail message and notifies recipient NAC Appliance  Verifies CSA and endpoint posture TrustSec  Enforces data policy through role-based access control Cisco Security Agent  Scan files for sensitive data  Prevents copying to external media  Prevents transfer with internetwork applications  Prevents bypass of gateway security policy Hi Joan, Could you send those files over? Sure Bob, I’ll find a way to get those files to you!

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 34 DLP Profitability Example 200 User Mid-Market Financial Services Opportunity  Estimated Gross product margin including Rebates and Professional Services on a $64K deal: $33K (52%)  Professional Services Opportunities can include: Data classification and usage analysis to provision NAC, CSA, and IronPort Review and consult on best practices for customer acceptable usage policy Incident response, policy creation and review (optimization)  Apply today to become an IronPort Certified Partner: http://www.ironport.com/partners/become_a_partner.html

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 36 PCI Applies to Nearly Every Industry PCI Not Just for Retail Utilities E-Commerce Transportation Restaurant Financial/ Insurance Retail Service Provider Healthcare Federal Mobile Universities Sports and Entertainment State Agencies

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 37 The Payment Card Industry (PCI) Data Security Standard  Published January 2005  Impacts ALL who process, transmit, or store cardholder data  Also applies to 3 rd -party hosting companies, information storage companies, etc.  Monthly fines ranging from $5,000 to $50,000 for missed deadlines  Has global reach Source: pcisecuritystandards.org TheaterLevel 1Level 2Level 3 US SEP 2007DEC 2007DEC 2008 Western Europe Negotiated individually MAR-DEC 2008 Asia DEC 2009 Canada 2008 TBD Latin American CEMEA Not Published yet

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 38 US and Western Europe Merchant Categories and Requirements  Impact of non- compliance: Increased transaction processing fees Monthly fines ranging from $5,000 to $50,000 for missed deadlines Source: VISA, January 2008 Visa publishes merchant level definitions for each country on their site Merchant Level Annual Transactions Requirements 1 Over 6 million Annual Onsite PCI Data Security Assessment Quarterly Network Scans 2 1 million— 6 million Quarterly Scans Annual Self-Assessment 3 20,000— 1 million Quarterly Scans Annual Self-Assessment 4 < 20,000 Quarterly Scans Annual Self-Assessment

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 39 Cisco’s Security Portfolio— Offers End-to-End Compliance with PCI Requirements PCI Requirement ISRASACSAMARSWLANIPSNAC6500 Iron Port CSM NCM/ CAS ACE XML ACS 1. Install and maintain a firewall to protect cardholder data YYYYY n/a Y YY 2. Do not use vendor-supplied defaults for system passwords YY n/a YY YY 3. Protect stored cardholder data n/a YY 4. Encrypt transmission of cardholder data across networks YY n/a YY N/A YYYY n/a 5. Use and regularly update anti-virus softwareYYYY n/a Y Y 6. Develop and maintain secure systems and applications Y n/a YY Y Y YY 7. Restrict access to cardholder dataYYYY n/a YY YY Y 8. Assign a unique ID to each person with computer access YYYY n/a YY Y 9. Restrict physical access to cardholder data n/a 10. Track and monitor all access to network resources and cardholder data YYYYYY n/a Y YY Y 11. Regularly test security systems and processes YYYYYY n/a Y YY 12. Maintain a policy that addresses information security YYYYYYYYYYYYY

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 40 Internet Credit Card Storage Wireless Device Branch Router Branch Switch Core Switch with Integrated Security Monitoring and Reporting Core Switch Desktop Security WAP E-Commerce Integrated Security Appliance Head-end Router Management WAP POS Cash Register Mobile POS POS Server Store Worker PC Cisco Security Portfolio—Offers End-to- End Compliance with PCI Requirements Policy Manager AAA WAP SSL/IPsec VPN Termination NAC Application Server Application Firewall Remote Branch Location Remote Branch Location Internet Edge Internet Edge Main Campus Data Center and NOC Confidentiality, Data Integrity, Availability, Auditing, and Reporting

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 41 Internet Credit Card Storage Wireless Device Remote Branch Location Internet Edge Cisco Integrated Services Router Cisco® Catalyst Switch Cisco Catalyst 6500 and Cisco 7600 FWSM Cisco Security MARS Cisco Security Agent MAIN OFFICE Cisco Catalyst 6500 Switch Cisco Security Agent CSA WAP E-Commerce ASA Cisco 7000 NCM/CAS WAP POS Cash Register Mobile POS POS Server Store Worker PC Achieving Policy and Regulatory Compliance Self-Defending Network Applied Network Management Center Data Center CSM ACS WAP Confidentiality: Strong Authentication and Access Control Keep It Secret Data Integrity: IPsec and SSL VPNs Protect Information in Transit Audit/Reporting: Security Information Is Tracked for Compliance and Incident Investigation Cisco ASA SSL NAC Availability: Regulated Data Available to Authorized Users

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 43 The Business Relevance of Security— Creating Infinite Possibilities Regulatory Compliance Data Loss Threat Management Self-Defending Network Best of Breed Security in a Systems Approach CSA, IronPort, Cisco SME, Trustsec ASA, CSA, NAC, IPS, Web Application Firewall, MARS IronPort, ASA, CSA, IPS, MARS

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 44 Leverage Partner Enablement Resources Business Issues Cisco Partner Enablement Sites URLs Threat Management Threat Control and Containment: New Strategies for a Changed Threat Landscape http://www.cisco.com/en/US/solutions/collateral/ns 340/ns394/ns171/ns441/net_implementation_white _paper0900aecd805bae31.html Flash Demo http://www.cisco.com/en/US/solutions/collateral/ns 340/ns394/ns171/ns441/net_presentation0900aec d805ba2f0.html Controlling Security Threats http://www.cisco.com/en/US/netsol/ns340/ns394/n s171/ns441/networking_solutions_package.html Data Loss Prevention Data Loss Prevention with CSA: Feature Contents http://www.cisco.com/en/US/products/sw/secursw/ ps5057/index.html Prevent Data Loss with CSA http://dms.cisco.com/rmc/dms/video_portal/?vidid= DFB521F9DC8C04DECC7B7801BB230F7E Data Loss Prevention and E-Mail Security Reference Guides http://www.ironport.com/resources/guides.html CSA Featured on Cisco Techwise TV http://dms.cisco.com/rmc/dms/video_portal/?vidid= 2772536281F33E9B4EE5B6F026E52104 Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Solution for Retail http://www.cisco.com/web/strategy/retail/pci.html

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 45 Partner Enablement Programs, Tools, and Training Sales Tools Security Competitive Edge Portalhttp://www.cisco.com/web/partners/sell/competitive/security.html Partner Enablement and Tools http://www.cisco.com/web/partners/tools/ http://www.cisco.com/web/partners/sell/technology/ipc/tools.html Promotionshttp://www.cisco.com/web/partners/sell/technology/security/promotions.html Pipeline Builder Programhttp://www.cisco.com/web/partners/sell/technology/security/pipeline_builder.html Secure Business Advisor 2.0http://www.ciscowebtools.com/securebusinessadvisor/ Marketing Tools Security Partner Website http://www.cisco.com/go/channelsecurity Campaign Builder http://www.cisco.com/go/campaignbuilder Cisco Customized Partner Intelligence Newsletter (CPI) http://www.cisco.com/go/cpi-global/ Partner Events Calendarhttp://www.cisco.com/web/partners/pr47/events.html Partner Practice Builderwww.cisco.com/go/practicebuilder Steps-to-Successhttp://www.cisco.com/web/partners/tools/steps-to-success/index.html Presentation Builder http://www.cisco.com/web/partners/sell/presentation_builder.html PIX to ASA Migration: http://www.cisco.com/go/pixplus Technical Tools Partner Education Connection http://www.cisco.com/web/learning/le36/learning_partner_e- learning_connection_tool_launch.html

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 46 New Cisco Security Center  Vendor-neutral security threat intelligence with Cisco® IPS signatures and expert mitigation techniques  IntelliShield Cyber Risk Report Podcast: Analysis of current security trends  Real-time threat activity mapping: Opportunities to improve network security, increase knowledge, and join the community  Latest information about Cisco security products and services www.cisco.com/security

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 47 IntelliShield Advisory Service  Risk ratings Each alert graded by urgency, credibility, severity, and CVSS industry standard  Version summary Brief summary of the most recent alert version  Effect The possible effect of an attack  Description High-level overview of alert and strategic implications  Technical information Tactical explanations and guidance aimed at administrators

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 48 Market Leader with Commitment to Security  Product and technology innovation 1500+ security-focused engineers Nine acquisitions added to our solution portfolio in last two years 100+ NAC partners worked collaboratively with us to deliver an unprecedented security vision  Industry leadership Responsible disclosure Cisco® Security Center Web destination IntelliShield: Security intelligence and best-practice sharing “Because the network is a strategic customer asset, the protection of its business-critical applications and resources is a top priority.” John Chambers, Chairman snd CEO, Cisco New

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 49 The Business Relevance of Security— Creating Infinite Possibilities Next Steps Regulatory Compliance: Global customer demand to become PCI compliant creates partner opportunities to drive product sales and increased professional services. Train your sales teams on how to qualify opportunities. Collaborate with non-competing PCI auditors to generate new sales leads. Data Loss Prevention: Gross margins on product sales combined with professional services and advanced VIP rebates can be as much as 50% of the deal. Increase your capabilities with NAC, CSA, and IronPort Apply to become an IronPort partner Threat Management: In SMB, 50% of downtime is caused by security incidents and only 52% have deployed IPS. Customer demand for IPS is high, growing at 42% Y/Y, and Cisco has the largest market share. Have your SE’s become proficient with IPS Manager Express. Focus on greenfield opportunities in SMB and the mid-market to create new sales opportunities. Business Opportunities

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 52 Converged branch protection Local content scanning to mitigate malware introduction Network Admission Control to prevent malware and enforce policy Router-based IPS to protect local clients and preserve bandwidth Monitoring, Correlation, and Response Cisco® Security Agent Cisco Security Agent Internet Intranet Day-Zero Endpoint Protection Branch- Office Protection Converged Perimeter Protection Integrated Data-Center Protection Server Protection Policy-Based Solution Management Mitigating Targeted Attacks and Malware Self-Defending Network Applied High-capacity protection of servers and applications Application and protocol inspection to protect servers and systems Local server protection from targeted exploit attempts Data Center Endpoint protection from spyware, botnets, spam, and Trojan horses High-capacity Internet-edge security Inbound, outbound, and intra- LAN protection and control Content security and Network Admission Control to mitigate malware propagation CampusBranch Cisco® Security Agent Cisco Security Management Suite Cisco Integrated Services Routers with IPS Cisco ASA 5500 with Content Security Cisco ASA 5500 Adaptive Security Appliance with IPS and Cisco IronPort Cisco Catalyst® Services Modules Cisco IPS 4200 Series Cisco ASA 5500 Series Cisco Security Agent

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 53 Preventing Data Leakage and Disclosure Self-Defending Network Applied Data Center Employees Network Edge Tape Devices Application Server Cisco MDS 9000 C-Series E- Mail Security Appliance Internet Corporate Network Cisco® Security Agent Prevents endpoint data loss Prevents bypass of Cisco IronPort network protection Inspects and classifies content (similar to Cisco IronPort) in a future release Partners Customers Remote Employees Storage Media Encryption Prevention of unauthorized access and loss of data at rest Full integration with SAN fabric and management Secure, highly available service IronPort Prevent data loss at network perimeter Inspect and control content Address privacy regulations Take advantage of existing anti- spam and anti-spyware infrastructure

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 54 Internet Credit Card Storage Wireless Device Remote Branch Location Internet Edge Cisco Integrated Services Router Cisco® Catalyst Switch Cisco Catalyst 6500 and Cisco 7600 FWSM Cisco Security MARS Cisco Security Agent MAIN OFFICE Cisco Catalyst 6500 Switch Cisco Security Agent CSA WAP E-Commerce ASA Cisco 7000 NCM/CAS WAP POS Cash Register Mobile POS POS Server Store Worker PC Achieving Policy and Regulatory Compliance Self-Defending Network Applied Network Management Center Data Center CSM ACS WAP Confidentiality: Strong Authentication and Access Control Keep It Secret Data Integrity: IPsec and SSL VPNs Protect Information in Transit Audit/Reporting: Security Information Is Tracked for Compliance and Incident Investigation Cisco ASA SSL NAC Availability: Regulated Data Available to Authorized Users

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 55 Multivector protections at all points in the network and at desktop and server endpoints Branch infrastructure security that enables end- to-end architecture Self-Defending Network in the Branch Cross-solution feedback linkages Common policy management Endpoint posture and security policy enforcement Passive and active fingerprinting Cisco Security Agent IPS collaboration Collaborative Anomaly detection with in- production learning Network behavioral analysis Visibility and mitigation capabilities for blended content-based threats Real-time security posture adjustment AdaptiveIntegrated Cisco Security Agent Cisco Security Manager Cisco Integrated Services Routers Cisco ASA Adaptive Security Appliance Cisco Intrusion Prevention Systems Cisco NAC Appliance Internet Public WAN Cisco Security MARS Endpoint Security Policy and Posture Detect and Mitigate Content Security Threats Targeted Attack Protection Centralized Security Management Encrypted Secure Communications

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 56 Centralized threat management, including correlation and mitigation Centralized policy and device management across entire Cisco infrastructure for IPS, VPN, and firewall Self-Defending Network in the Campus Web and mail content scanning to reduce malware introduction and propagation Layer 3–7 inspection and traffic control Converged remote site and user IPsec and SSL VPN services Trojan horse and spyware to control channel monitoring and mitigation Gateway and Internet Services Prevent exploits of vulnerabilities on PCs and other endpoints Minimize the entrance and propagation of new threats on trusted PCs Enforce access controls to trusted, untrusted, and guest users Protect and isolate intra-LAN segments Policy Enforcement and Endpoint Protection Threat Management and Policy Control Cisco® Security Management Suite Cisco ASA 5500 Firewall, VPN, and IPS Cisco IPS 4200 Series Sensors Network Admission Control FWSM and Cisco ASA 5500 Series Cisco IronPort Cisco ASA 5500 CSC Cisco Security Agent Internet Public WAN Endpoint Security Policy and Posture Centralized Policy and Threat Management Traffic and Admission Control Targeted Attack Protection Web and Mail Malware Scan Intra-LAN Policy Enforcement

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 57 Self-Defending Network in the Data Center Cisco ASA ACS Cisco Security MARS Cisco® WAAS Web Servers Cisco ACE Cisco Security Agent Application Servers Database Servers AXG (Web Applications) Cisco Security Agent Cisco MDS with SME Tier 1/2/3 Storage Tape/Offsite Backup AXG (B2B) CSM Cisco Security Agent-MC CW-LMN Data-Center Edge Firewall and IPS DoS protection Application protocol inspection Web Services security VPN termination E-mail and Web access control Cisco Catalyst 6000 FWSM Web Access Web security Application security Application isolation Content inspection SSL encryption and offload Server hardening Applications and Database XML, SOAP, and AJAX security DoS prevention Application-to- application security Server hardening Storage Data encryption o In motion o At rest Stored data access control Segmentation Management Tiered access Monitoring and analysis Role-based access AAA access control Cisco IronPort E-Mail Security AXG (DHTML to XML) Cisco IronPort Web Security Cisco IronPort Web Security

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 58 Cisco Secure Wireless Solution Self-Defending Network Applied Integrated baseline security capabilities into the wireless LAN infrastructure Built-in security intelligence and threat protection specific to wireless security threats Unified wired and wireless IPS/IDS Enforced wireless security policy through single sign-on with NAC appliance Collaborative Anomaly detection with unified wired and wireless IPS/IDS architecture Real-time rogue-access-point detection and mitigation through automatic RF monitoring Host-based IPS wireless controls for mobile laptops AdaptiveIntegrated Cisco® Security Agent Cisco NAC Appliance Cisco ASA 5500 Adaptive Security Appliance Cisco Intrusion Prevention Systems Cisco Wireless LAN Controller Cisco Wireless Control System InternetEnterprise Guest Endpoint Wireless Controls Unified Wired and Wireless IPS Rogue Access- Point Detection Integrated Firewall Wireless Single- Sign-On

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 1 Cisco Self- Defending Network (SDN)

Similar presentations

Presentation on theme: "© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 1 Cisco Self- Defending Network (SDN)"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 1 Cisco Self- Defending Network (SDN)

Similar presentations

Presentation on theme: "© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 1 Cisco Self- Defending Network (SDN)"— Presentation transcript:

Similar presentations

About project

Feedback