SlideShare una empresa de Scribd logo

Defending the Data Center: Managing Users from the Edge to the Application

Cisco Security
Cisco Security

Simplify your network security and engineering through Cisco’s TrustSec for the Data Center.

Tecnología
1 de 19
MANAGING USERS FROM THE EDGE TO THE APPLICATION Russell Rice Senior Director Product Management Dec 5, 2012 © 2012 Cisco and/or its affiliates. All rights reserved. 1
7.7 Billion In next 5 Years Accessing Application and Data Wi-Fi devices © 2012 Cisco and/or its affiliates. All rights reserved. 2
• How do I classify so many devices coming onto my network every hour? • Do we have any visibility on those devices connecting to our application & data in DC? • Virtual Machine Sprawl! How should I manage security for all of those VMs we are being asked to provision everyday? • My critical services are still running on physical servers. Do I maintain separate policies? © 2012 Cisco and/or its affiliates. All rights reserved. 3
Simplifying network security and engineering • Secure  Embeds security within the infrastructure  Enforcement based on rich contextual identify of users and systems  Solution simplicity enables end-to-end approach • Efficient  Simplifies implementation of security policy  Highly scalable & Inline rate  Simplifies Data Center network design • Demonstrable ROI  Reduces ACL and VLAN complexity & maintenance  Can automate Firewall policy administration  Can improve both performance & availability © 2012 Cisco and/or its affiliates. All rights reserved. 4
Translating Business Policy to the Network TrustSec lets you define policy Context Classification in meaningful business terms Business Policy TAG Security Group Tag Destination HR Database Prod HRMS Storage Source Exec BYOD X X X Distributed Enforcement throughout Network Exec PC X X Prod HRMS X Switch Router DC FW DC Switch HR Database © 2012 Cisco and/or its affiliates. All rights reserved. 5
Device Type: Apple iPAD Classification Result: User: Mary Group: Employee Personal Asset SGT Corporate Asset: No ISE Profiling Along with authentication, various data is sent to ISE for device profiling ISE (Identity Services Engine) SGT Profiling Data ID & Security Group Policy DC Resource Company asset NetFlow DCHP Access DNS HTTP OUI RADIUS NMAP SNMP AP Wireless LAN Controller Restricted Employee Internet Only Personal asset Distributed Enforcement based on Security Group © 2012 Cisco and/or its affiliates. All rights reserved. 6
Classification ISE Directory Fin Servers SGT = 4 Users, Device Enforcement SGT:5 HR Servers SGT = 10 Switch Router DC FW DC Switch SGT Propagation TrustSec SGA is a context-based firewall or access control solution: • Classification of systems/users based on context (user role, device, location, access method) • The context-based classification propagates using SGT • SGT used by firewalls, routers and switches to make intelligent forwarding or blocking decisions in the DC © 2012 Cisco and/or its affiliates. All rights reserved. 7
Data Center Core Layer Stateful Firewalling Initial filter for all ingress and egress DC Aggregation Layer Stateful Firewalling Additional Firewall Services for server DC Service farm specific protection Layer DC Access Layer Server Segmentation IP-Based Access Control Lists VLANs, Private VLANs Virtual Access Physical Servers Virtual Servers © 2012 Cisco and/or its affiliates. All rights reserved. 8
NY 10.2.34.0/24 10.2.35.0/24 10.2.36.0/24 NY 10.3.102.0/24 DC-MTV (SRV1) VPN 10.3.152.0/24 DC-MTV (SAP1) UK 10.4.111.0/24 DC-RTP (SCM2) …. SJC DC-RTP (ESXix) Traditional ACL or Source Destination FW Rules permit NY to SRV1 for HTTPS deny NY to SAP2 for SQL deny NY to SCM2 forGlobal bank dedicates 24 global resources A SSH permit VPN to SRV1 for HTTPS deny VPN to SAP1 for SQL to manage for 3 source objects & 3 destination objects ACL Firewall rules currently deny VPN to SCM2 for SSH permit UK to SRV1 for HTTPS deny UK to SAP1 for SQL deny Permit UK SJC Complex Task and High OPEX Continues to to SAP for SSH SRV1 for HTTPS deny SJC to SAP1 for SQL Adding source Object deny SJC to SCM2 permit NY to ESXis for RDP deny VPN to ESXis for RDP Adding destination Object deny UK to ESXis for RDP deny SJC to ESXis for RDP © 2012 Cisco and/or its affiliates. All rights reserved. 9
NY DC-MTV (SRV1) VPN DC-MTV (SAP1) UK DC-RTP (SCM2) CA DC-RTP (ESXix) Security Group Filtering Source SGT: Destination SGT: Employee (10) Production Server (50) permit from Employee / Server regardless of topology Policy stays with User to Production Server eq HTTPS deny Simpler Auditing Processto Lower OperationalServer eq SQL from Employee  Production Cost deny from Employee to Production Server eq SSH Simpler Security Operation  Resource Optimization (e.g. Global bank estimates 6 global resources with SGFW/SGACL) Clear ROI in OPEX © 2012 Cisco and/or its affiliates. All rights reserved. 10
Legacy Emerging  Accidental Architectures  Data Center and Server Consolidation  Applications deployed in fixed  Server Virtualization positions (ex. multi-tier deployment)  “Any workload on any server”  Predictable traffic flows  Unpredictable traffic flows as  Security often deployed workloads migrate to each pod or silo © 2012 Cisco and/or its affiliates. All rights reserved. 11
Physical and Virtual Servers SegmentedVLAN? VLAN App using Policy Stays with VLAN or IP address, Not with Servers Which Policy? Web Servers Network Ops, Server Ops, and Security Ops are App Servers Database Web Server VLAN App VLAN involved in Operation Cluster Database VLAN DR As the number of server grows… Complexity and OPEX follow © 2012 Cisco and/or its affiliates. All rights reserved. 12
Web Server SGT (10) Application Server SGT (20) Database Server SGT (30) Server, Network, and Security Team share common security object Policy Stays with Servers, Not based on Topology Web Web App App DB DB Works for both Physical and Virtual Servers Production Server VLAN DR Cluster permit tcp from src Web to dst App eq HTTPS permit tcp from src App to dst DB eq SQL deny any from src Web to dst grows… As the number of serversDB eq SQL Management complexity and OPEX do not © 2012 Cisco and/or its affiliates. All rights reserved. 13
• Supports VXI use case SGACL enabled Device with Nexus 1000v SG Firewall enabled Device VDI Connection • Common classification Broker and enforcement for Physical Servers physical & virtual Campus Network environment VDI Endpoint • Simpler security management for Nexus 1000v Virtual Servers frequent VM Virtual Access Hosted Virtual provisioning Desktop (HVD) • SGT assigned to vEthernet port UCS © 2012 Cisco and/or its affiliates. All rights reserved. 14
Data Center Core Layer Security Group Firewalling Firewall rule automation using Security Group (ASA) DC Aggregation Layer Security Group Firewalling Firewall rule automation DC Service using Security Group (ASA) Layer DC Access Layer Security Group ACLs • Segmentation defined in a simple policy table or matrix Virtual Access • Applied across Nexus 7000/5500/2000 independent of the topology Physical Servers Virtual Servers SGACL enabled Device SG Firewall enabled Device © 2012 Cisco and/or its affiliates. All rights reserved. 15
DEPLOYMENT USE CASES Healthcare: Ensure Privacy of Patient Data by Enforcing Roles Based Access and Segmentation Across the Network Retail: Intra Store Communication for Networked Devices While Ensuring . That Only Authorized Users and Devices Have Access to PCI Data Technology: Allowing Approved Employee-Owned Tablets Access to Internal Portals and Corporate App Store Manufacturing: Marking Extranet Traffic to Allow PLC Vendor Remote Access to Specific Manufacturing Zone Only, and Offshore Development Partners Access to Development Servers Only © 2012 Cisco and/or its affiliates. All rights reserved. 16
Classification Policy Management Catalyst 2K Catalyst 4K WLC (7.2) Nexus 7000 Nexus 1000v Catalyst 3K Catalyst 6K Nexus 5000 (Q4CY12) Identity Services Engine Enforcement N7K / N5K Cat6K Cat3K-X ASA (SGFW) ASR1K/ISRG2 WLAN LAN Remote (SGACL) (SGACL) (SGACL) (SGFW) Access (roadmap) Transport Cat 2K-S (SXP) N7K (SXP/SGT) ASR1K (SXP/SGT) Cat 3K (SXP) N5K (SGT) ISR G2 (SXP) AnyConnect Cat 3K-X (SXP/SGT) N1Kv (SXP) - Q4CY12 ASA (SXP) (Attribute provider) Cat 4K (SXP) Cat 6K Sup2T (SXP/SGT) © 2012 Cisco and/or its affiliates. All rights reserved. 17
Secure Efficient Demonstrable ROI  Embed security within  Simplifies implementation  Reduces ACL and VLAN the infra of security policy complexity & maintenance  Enforcement based on  Highly scalable  Automates FW policy rich context & Inline rate  Improve both performance  Solution simplicity  Simplifies Data Center & availability enables end-to-end network design approach © 2012 Cisco and/or its affiliates. All rights reserved. 18
Thank you. © 2012 Cisco and/or its affiliates. All rights reserved. 19

Recomendados

From Physical to Virtual to Cloud
From Physical to Virtual to CloudFrom Physical to Virtual to Cloud
From Physical to Virtual to CloudCisco Security
 
Data Center Security Now and into the Future
Data Center Security Now and into the FutureData Center Security Now and into the Future
Data Center Security Now and into the FutureCisco Security
 
How SASE can help you move securely from the PSN with VMware and Breeze Networks
How SASE can help you move securely from the PSN with VMware and Breeze NetworksHow SASE can help you move securely from the PSN with VMware and Breeze Networks
How SASE can help you move securely from the PSN with VMware and Breeze NetworksArticulate Marketing
 
Security as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentSecurity as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentKaashivInfoTech Company
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data CenterCisco Canada
 
Monetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless NetworksMonetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless NetworksCisco Service Provider Mobility
 
Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Cisco Canada
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 

Recomendados

From Physical to Virtual to Cloud
From Physical to Virtual to CloudFrom Physical to Virtual to Cloud
From Physical to Virtual to CloudCisco Security
 
Data Center Security Now and into the Future
Data Center Security Now and into the FutureData Center Security Now and into the Future
Data Center Security Now and into the FutureCisco Security
 
How SASE can help you move securely from the PSN with VMware and Breeze Networks
How SASE can help you move securely from the PSN with VMware and Breeze NetworksHow SASE can help you move securely from the PSN with VMware and Breeze Networks
How SASE can help you move securely from the PSN with VMware and Breeze NetworksArticulate Marketing
 
Security as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentSecurity as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentKaashivInfoTech Company
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data CenterCisco Canada
 
Monetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless NetworksMonetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless NetworksCisco Service Provider Mobility
 
Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Cisco Canada
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Strategy Cloud and Security as a Service
Strategy Cloud and Security as a ServiceStrategy Cloud and Security as a Service
Strategy Cloud and Security as a ServiceAberla
 
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...NetworkCollaborators
 
Cisco Meraki Overview
Cisco Meraki OverviewCisco Meraki Overview
Cisco Meraki OverviewSSISG
 
Cisco Meraki Portfolio Guide
Cisco Meraki Portfolio GuideCisco Meraki Portfolio Guide
Cisco Meraki Portfolio GuideMaticmind
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaWise Pacific Venture
 
Netpluz corp presentation 2020
Netpluz corp presentation 2020Netpluz corp presentation 2020
Netpluz corp presentation 2020Netpluz Asia Pte Ltd
 
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks
 
Cisco Collaboration-Spark Presentation
Cisco Collaboration-Spark PresentationCisco Collaboration-Spark Presentation
Cisco Collaboration-Spark PresentationSimplex
 
Vfm palo alto next generation firewall
Vfm palo alto next generation firewallVfm palo alto next generation firewall
Vfm palo alto next generation firewallvfmindia
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Trend Micro
 
The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)F5 Networks
 
IT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersIT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersCisco Mobility
 
Layer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public SectorLayer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public SectorCA API Management
 
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...Nur Shiqim Chok
 
Barracuda ng firewall
Barracuda ng firewallBarracuda ng firewall
Barracuda ng firewallKappa Data
 
BIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionBIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionF5 Networks
 
Safe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsSafe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsASBIS SK
 
CloudGen Firewall, SD-WAN, WAF security - Protection and Performance in the C...
CloudGen Firewall, SD-WAN, WAF security - Protection and Performance in the C...CloudGen Firewall, SD-WAN, WAF security - Protection and Performance in the C...
CloudGen Firewall, SD-WAN, WAF security - Protection and Performance in the C...DATA SECURITY SOLUTIONS
 
Cisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For YouCisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For YouCisco Canada
 
Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Sean Xie
 
2013 Cisco Annual Security Report
2013 Cisco Annual Security Report2013 Cisco Annual Security Report
2013 Cisco Annual Security ReportCisco Security
 
Enterprise Strategy Group: Security Survey
Enterprise Strategy Group: Security SurveyEnterprise Strategy Group: Security Survey
Enterprise Strategy Group: Security SurveyCisco Security
 

Más contenido relacionado

La actualidad más candente

Strategy Cloud and Security as a Service
Strategy Cloud and Security as a ServiceStrategy Cloud and Security as a Service
Strategy Cloud and Security as a ServiceAberla
 
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...NetworkCollaborators
 
Cisco Meraki Overview
Cisco Meraki OverviewCisco Meraki Overview
Cisco Meraki OverviewSSISG
 
Cisco Meraki Portfolio Guide
Cisco Meraki Portfolio GuideCisco Meraki Portfolio Guide
Cisco Meraki Portfolio GuideMaticmind
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaWise Pacific Venture
 
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks
 
Cisco Collaboration-Spark Presentation
Cisco Collaboration-Spark PresentationCisco Collaboration-Spark Presentation
Cisco Collaboration-Spark PresentationSimplex
 
Vfm palo alto next generation firewall
Vfm palo alto next generation firewallVfm palo alto next generation firewall
Vfm palo alto next generation firewallvfmindia
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Trend Micro
 
The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)F5 Networks
 
IT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersIT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersCisco Mobility
 
Layer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public SectorLayer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public SectorCA API Management
 
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...Nur Shiqim Chok
 
Barracuda ng firewall
Barracuda ng firewallBarracuda ng firewall
Barracuda ng firewallKappa Data
 
BIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionBIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionF5 Networks
 
Safe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsSafe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsASBIS SK
 
CloudGen Firewall, SD-WAN, WAF security - Protection and Performance in the C...
CloudGen Firewall, SD-WAN, WAF security - Protection and Performance in the C...CloudGen Firewall, SD-WAN, WAF security - Protection and Performance in the C...
CloudGen Firewall, SD-WAN, WAF security - Protection and Performance in the C...DATA SECURITY SOLUTIONS
 
Cisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For YouCisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For YouCisco Canada
 
Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Sean Xie
 

La actualidad más candente (20)

Strategy Cloud and Security as a Service
Strategy Cloud and Security as a ServiceStrategy Cloud and Security as a Service
Strategy Cloud and Security as a Service
 
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
 
Cisco Meraki Overview
Cisco Meraki OverviewCisco Meraki Overview
Cisco Meraki Overview
 
Cisco Meraki Portfolio Guide
Cisco Meraki Portfolio GuideCisco Meraki Portfolio Guide
Cisco Meraki Portfolio Guide
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, Indonesia
 
Netpluz corp presentation 2020
Netpluz corp presentation 2020Netpluz corp presentation 2020
Netpluz corp presentation 2020
 
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
 
Cisco Collaboration-Spark Presentation
Cisco Collaboration-Spark PresentationCisco Collaboration-Spark Presentation
Cisco Collaboration-Spark Presentation
 
Vfm palo alto next generation firewall
Vfm palo alto next generation firewallVfm palo alto next generation firewall
Vfm palo alto next generation firewall
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
 
The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)
 
IT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersIT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leaders
 
Layer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public SectorLayer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public Sector
 
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
 
Barracuda ng firewall
Barracuda ng firewallBarracuda ng firewall
Barracuda ng firewall
 
BIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionBIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall Solution
 
Safe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsSafe Net: Cloud Security Solutions
Safe Net: Cloud Security Solutions
 
CloudGen Firewall, SD-WAN, WAF security - Protection and Performance in the C...
CloudGen Firewall, SD-WAN, WAF security - Protection and Performance in the C...CloudGen Firewall, SD-WAN, WAF security - Protection and Performance in the C...
CloudGen Firewall, SD-WAN, WAF security - Protection and Performance in the C...
 
Cisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For YouCisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For You
 
Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019
 

Destacado

2013 Cisco Annual Security Report
2013 Cisco Annual Security Report2013 Cisco Annual Security Report
2013 Cisco Annual Security ReportCisco Security
 
Enterprise Strategy Group: Security Survey
Enterprise Strategy Group: Security SurveyEnterprise Strategy Group: Security Survey
Enterprise Strategy Group: Security SurveyCisco Security
 
Cisco 2015 Midyear Security Report Slide Deck
Cisco 2015 Midyear Security Report Slide DeckCisco 2015 Midyear Security Report Slide Deck
Cisco 2015 Midyear Security Report Slide DeckCisco Security
 
Infographic: Security for Mobile Service Providers
Infographic: Security for Mobile Service ProvidersInfographic: Security for Mobile Service Providers
Infographic: Security for Mobile Service ProvidersCisco Security
 
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...Cisco Security
 
Cisco ISE Reduces the Attack Surface by Controlling Access
Cisco ISE Reduces the Attack Surface by Controlling AccessCisco ISE Reduces the Attack Surface by Controlling Access
Cisco ISE Reduces the Attack Surface by Controlling AccessCisco Security
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Security
 
McAllen Intermediate School District
McAllen Intermediate School DistrictMcAllen Intermediate School District
McAllen Intermediate School DistrictCisco Security
 
Midsize Business Solutions: Cybersecurity
Midsize Business Solutions: CybersecurityMidsize Business Solutions: Cybersecurity
Midsize Business Solutions: CybersecurityCisco Security
 
Integrated Network Security Strategies
Integrated Network Security StrategiesIntegrated Network Security Strategies
Integrated Network Security StrategiesCisco Security
 
Balance Data Center Security and Performance
Balance Data Center Security and PerformanceBalance Data Center Security and Performance
Balance Data Center Security and PerformanceCisco Security
 
Data Center Security Challenges
Data Center Security ChallengesData Center Security Challenges
Data Center Security ChallengesCisco Security
 
A Reality Check on the State of Cybersecurity
A Reality Check on the State of CybersecurityA Reality Check on the State of Cybersecurity
A Reality Check on the State of CybersecurityCisco Security
 
Pervasive Security Across Your Extended Network
Pervasive Security Across Your Extended NetworkPervasive Security Across Your Extended Network
Pervasive Security Across Your Extended NetworkCisco Security
 
Malware and the Cost of Inactivity
Malware and the Cost of InactivityMalware and the Cost of Inactivity
Malware and the Cost of InactivityCisco Security
 
William Paterson University
William Paterson UniversityWilliam Paterson University
William Paterson UniversityCisco Security
 
Converged IoT Systems: Bringing the Data Center to the Edge of Everything
Converged IoT Systems: Bringing the Data Center to the Edge of EverythingConverged IoT Systems: Bringing the Data Center to the Edge of Everything
Converged IoT Systems: Bringing the Data Center to the Edge of EverythingDana Gardner
 
KSDG BaaS Intro
KSDG BaaS IntroKSDG BaaS Intro
KSDG BaaS Introericpi Bi
 

Destacado (19)

2013 Cisco Annual Security Report
2013 Cisco Annual Security Report2013 Cisco Annual Security Report
2013 Cisco Annual Security Report
 
Enterprise Strategy Group: Security Survey
Enterprise Strategy Group: Security SurveyEnterprise Strategy Group: Security Survey
Enterprise Strategy Group: Security Survey
 
Cisco 2015 Midyear Security Report Slide Deck
Cisco 2015 Midyear Security Report Slide DeckCisco 2015 Midyear Security Report Slide Deck
Cisco 2015 Midyear Security Report Slide Deck
 
Infographic: Security for Mobile Service Providers
Infographic: Security for Mobile Service ProvidersInfographic: Security for Mobile Service Providers
Infographic: Security for Mobile Service Providers
 
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...
 
Cisco ISE Reduces the Attack Surface by Controlling Access
Cisco ISE Reduces the Attack Surface by Controlling AccessCisco ISE Reduces the Attack Surface by Controlling Access
Cisco ISE Reduces the Attack Surface by Controlling Access
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security Overview
 
McAllen Intermediate School District
McAllen Intermediate School DistrictMcAllen Intermediate School District
McAllen Intermediate School District
 
Midsize Business Solutions: Cybersecurity
Midsize Business Solutions: CybersecurityMidsize Business Solutions: Cybersecurity
Midsize Business Solutions: Cybersecurity
 
Integrated Network Security Strategies
Integrated Network Security StrategiesIntegrated Network Security Strategies
Integrated Network Security Strategies
 
Balance Data Center Security and Performance
Balance Data Center Security and PerformanceBalance Data Center Security and Performance
Balance Data Center Security and Performance
 
Data Center Security Challenges
Data Center Security ChallengesData Center Security Challenges
Data Center Security Challenges
 
A Reality Check on the State of Cybersecurity
A Reality Check on the State of CybersecurityA Reality Check on the State of Cybersecurity
A Reality Check on the State of Cybersecurity
 
Pervasive Security Across Your Extended Network
Pervasive Security Across Your Extended NetworkPervasive Security Across Your Extended Network
Pervasive Security Across Your Extended Network
 
Malware and the Cost of Inactivity
Malware and the Cost of InactivityMalware and the Cost of Inactivity
Malware and the Cost of Inactivity
 
William Paterson University
William Paterson UniversityWilliam Paterson University
William Paterson University
 
Smart Data as a Service
Smart Data as a ServiceSmart Data as a Service
Smart Data as a Service
 
Converged IoT Systems: Bringing the Data Center to the Edge of Everything
Converged IoT Systems: Bringing the Data Center to the Edge of EverythingConverged IoT Systems: Bringing the Data Center to the Edge of Everything
Converged IoT Systems: Bringing the Data Center to the Edge of Everything
 
KSDG BaaS Intro
KSDG BaaS IntroKSDG BaaS Intro
KSDG BaaS Intro
 

Similar a Defending the Data Center: Managing Users from the Edge to the Application

Accel Partners New Data Workshop 7-14-10
Accel Partners New Data Workshop 7-14-10Accel Partners New Data Workshop 7-14-10
Accel Partners New Data Workshop 7-14-10keirdo1
 
Ixia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsetsIxia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsetsresponsedatacomms
 
Ixia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsetsIxia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsetsresponsedatacomms
 
Leveraging IMS for VoLTE and RCS Services in LTE Networks Presented by Adnan ...
Leveraging IMS for VoLTE and RCS Services in LTE Networks Presented by Adnan ...Leveraging IMS for VoLTE and RCS Services in LTE Networks Presented by Adnan ...
Leveraging IMS for VoLTE and RCS Services in LTE Networks Presented by Adnan ...Radisys Corporation
 
ActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar
ActionPacked! Networks Hosts Cisco Application Visibility & Control WebinarActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar
ActionPacked! Networks Hosts Cisco Application Visibility & Control WebinarActionPacked Networks
 
Microsoft Direct Access (Part II)_John Delizo
Microsoft Direct Access (Part II)_John DelizoMicrosoft Direct Access (Part II)_John Delizo
Microsoft Direct Access (Part II)_John DelizoQuek Lilian
 
ReadyCloud Collaboration, a Cisco Powered service
ReadyCloud Collaboration, a Cisco Powered serviceReadyCloud Collaboration, a Cisco Powered service
ReadyCloud Collaboration, a Cisco Powered serviceGen-i
 
Protect Your Big Data with Intel<sup>®</sup> Xeon<sup>®</sup> Processors a..
Protect Your Big Data with Intel<sup>®</sup> Xeon<sup>®</sup> Processors a..Protect Your Big Data with Intel<sup>®</sup> Xeon<sup>®</sup> Processors a..
Protect Your Big Data with Intel<sup>®</sup> Xeon<sup>®</sup> Processors a..Odinot Stanislas
 
Express Data - BYOD
Express Data - BYODExpress Data - BYOD
Express Data - BYODGen-i
 
Express Data - BYOD
Express Data - BYODExpress Data - BYOD
Express Data - BYODGen-i
 
Core Network Optimization: The Control Plane, Data Plane & Beyond
Core Network Optimization: The Control Plane, Data Plane & BeyondCore Network Optimization: The Control Plane, Data Plane & Beyond
Core Network Optimization: The Control Plane, Data Plane & BeyondRadisys Corporation
 
Развитие технологий SDN для сетей ЦОД
Развитие технологий SDN для сетей ЦОДРазвитие технологий SDN для сетей ЦОД
Развитие технологий SDN для сетей ЦОДCisco Russia
 
Solving Compliance for Big Data
Solving Compliance for Big DataSolving Compliance for Big Data
Solving Compliance for Big Datafbeckett1
 
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...IMEX Research
 
Application-Aware Network Performance Management
Application-Aware Network Performance ManagementApplication-Aware Network Performance Management
Application-Aware Network Performance ManagementRiverbed Technology
 
CA Nimsoft xen desktop monitoring
CA Nimsoft xen desktop monitoring CA Nimsoft xen desktop monitoring
CA Nimsoft xen desktop monitoring CA Nimsoft
 
Technology Disruption Brings New VAS Opportunities
Technology Disruption Brings New VAS OpportunitiesTechnology Disruption Brings New VAS Opportunities
Technology Disruption Brings New VAS OpportunitiesRadisys Corporation
 
Cccc net app_wallacefung
Cccc net app_wallacefungCccc net app_wallacefung
Cccc net app_wallacefungCloud Congress
 

Similar a Defending the Data Center: Managing Users from the Edge to the Application (20)

Accel Partners New Data Workshop 7-14-10
Accel Partners New Data Workshop 7-14-10Accel Partners New Data Workshop 7-14-10
Accel Partners New Data Workshop 7-14-10
 
Ixia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsetsIxia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsets
 
Ixia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsetsIxia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsets
 
Guard Era Corp Brochure 2008
Guard Era Corp Brochure 2008Guard Era Corp Brochure 2008
Guard Era Corp Brochure 2008
 
Leveraging IMS for VoLTE and RCS Services in LTE Networks Presented by Adnan ...
Leveraging IMS for VoLTE and RCS Services in LTE Networks Presented by Adnan ...Leveraging IMS for VoLTE and RCS Services in LTE Networks Presented by Adnan ...
Leveraging IMS for VoLTE and RCS Services in LTE Networks Presented by Adnan ...
 
ActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar
ActionPacked! Networks Hosts Cisco Application Visibility & Control WebinarActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar
ActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar
 
Microsoft Direct Access (Part II)_John Delizo
Microsoft Direct Access (Part II)_John DelizoMicrosoft Direct Access (Part II)_John Delizo
Microsoft Direct Access (Part II)_John Delizo
 
ReadyCloud Collaboration, a Cisco Powered service
ReadyCloud Collaboration, a Cisco Powered serviceReadyCloud Collaboration, a Cisco Powered service
ReadyCloud Collaboration, a Cisco Powered service
 
Protect Your Big Data with Intel<sup>®</sup> Xeon<sup>®</sup> Processors a..
Protect Your Big Data with Intel<sup>®</sup> Xeon<sup>®</sup> Processors a..Protect Your Big Data with Intel<sup>®</sup> Xeon<sup>®</sup> Processors a..
Protect Your Big Data with Intel<sup>®</sup> Xeon<sup>®</sup> Processors a..
 
Express Data - BYOD
Express Data - BYODExpress Data - BYOD
Express Data - BYOD
 
Express Data - BYOD
Express Data - BYODExpress Data - BYOD
Express Data - BYOD
 
Core Network Optimization: The Control Plane, Data Plane & Beyond
Core Network Optimization: The Control Plane, Data Plane & BeyondCore Network Optimization: The Control Plane, Data Plane & Beyond
Core Network Optimization: The Control Plane, Data Plane & Beyond
 
Развитие технологий SDN для сетей ЦОД
Развитие технологий SDN для сетей ЦОДРазвитие технологий SDN для сетей ЦОД
Развитие технологий SDN для сетей ЦОД
 
Solving Compliance for Big Data
Solving Compliance for Big DataSolving Compliance for Big Data
Solving Compliance for Big Data
 
End-to-End QoS in LTE
End-to-End QoS in LTEEnd-to-End QoS in LTE
End-to-End QoS in LTE
 
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
 
Application-Aware Network Performance Management
Application-Aware Network Performance ManagementApplication-Aware Network Performance Management
Application-Aware Network Performance Management
 
CA Nimsoft xen desktop monitoring
CA Nimsoft xen desktop monitoring CA Nimsoft xen desktop monitoring
CA Nimsoft xen desktop monitoring
 
Technology Disruption Brings New VAS Opportunities
Technology Disruption Brings New VAS OpportunitiesTechnology Disruption Brings New VAS Opportunities
Technology Disruption Brings New VAS Opportunities
 
Cccc net app_wallacefung
Cccc net app_wallacefungCccc net app_wallacefung
Cccc net app_wallacefung
 

Más de Cisco Security

Incident Response Services Template - Cisco Security
Incident Response Services Template - Cisco SecurityIncident Response Services Template - Cisco Security
Incident Response Services Template - Cisco SecurityCisco Security
 
3 Tips for Choosing a Next Generation Firewall
3 Tips for Choosing a Next Generation Firewall3 Tips for Choosing a Next Generation Firewall
3 Tips for Choosing a Next Generation FirewallCisco Security
 
AMP Helps Cisco IT Catch 50% More Malware threats
AMP Helps Cisco IT Catch 50% More Malware threatsAMP Helps Cisco IT Catch 50% More Malware threats
AMP Helps Cisco IT Catch 50% More Malware threatsCisco Security
 
The Cost of Inactivity: Malware Infographic
The Cost of Inactivity: Malware InfographicThe Cost of Inactivity: Malware Infographic
The Cost of Inactivity: Malware InfographicCisco Security
 
Cisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Security
 
Infonetics Network and Content Security Vendor Scorecard
Infonetics Network and Content Security Vendor ScorecardInfonetics Network and Content Security Vendor Scorecard
Infonetics Network and Content Security Vendor ScorecardCisco Security
 
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...Cisco Security
 
The Evolution of and Need for Secure Network Access
The Evolution of and Need for Secure Network AccessThe Evolution of and Need for Secure Network Access
The Evolution of and Need for Secure Network AccessCisco Security
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco Security
 
String of Paerls Infographic
String of Paerls InfographicString of Paerls Infographic
String of Paerls InfographicCisco Security
 
Midyear Security Report Infographic
Midyear Security Report InfographicMidyear Security Report Infographic
Midyear Security Report InfographicCisco Security
 
Cisco Annual Security Report Infographic
Cisco Annual Security Report InfographicCisco Annual Security Report Infographic
Cisco Annual Security Report InfographicCisco Security
 
City of Tomorrow Builds in Next-Generation Security
City of Tomorrow Builds in Next-Generation SecurityCity of Tomorrow Builds in Next-Generation Security
City of Tomorrow Builds in Next-Generation SecurityCisco Security
 
Laser Pioneer Secures Network End-to-End to Protect Assets
Laser Pioneer Secures Network End-to-End to Protect AssetsLaser Pioneer Secures Network End-to-End to Protect Assets
Laser Pioneer Secures Network End-to-End to Protect AssetsCisco Security
 
Leveraging Context-Aware Security to Safeguard Patient Data
Leveraging Context-Aware Security to Safeguard Patient DataLeveraging Context-Aware Security to Safeguard Patient Data
Leveraging Context-Aware Security to Safeguard Patient DataCisco Security
 

Más de Cisco Security (15)

Incident Response Services Template - Cisco Security
Incident Response Services Template - Cisco SecurityIncident Response Services Template - Cisco Security
Incident Response Services Template - Cisco Security
 
3 Tips for Choosing a Next Generation Firewall
3 Tips for Choosing a Next Generation Firewall3 Tips for Choosing a Next Generation Firewall
3 Tips for Choosing a Next Generation Firewall
 
AMP Helps Cisco IT Catch 50% More Malware threats
AMP Helps Cisco IT Catch 50% More Malware threatsAMP Helps Cisco IT Catch 50% More Malware threats
AMP Helps Cisco IT Catch 50% More Malware threats
 
The Cost of Inactivity: Malware Infographic
The Cost of Inactivity: Malware InfographicThe Cost of Inactivity: Malware Infographic
The Cost of Inactivity: Malware Infographic
 
Cisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack Continuum
 
Infonetics Network and Content Security Vendor Scorecard
Infonetics Network and Content Security Vendor ScorecardInfonetics Network and Content Security Vendor Scorecard
Infonetics Network and Content Security Vendor Scorecard
 
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...
 
The Evolution of and Need for Secure Network Access
The Evolution of and Need for Secure Network AccessThe Evolution of and Need for Secure Network Access
The Evolution of and Need for Secure Network Access
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security Report
 
String of Paerls Infographic
String of Paerls InfographicString of Paerls Infographic
String of Paerls Infographic
 
Midyear Security Report Infographic
Midyear Security Report InfographicMidyear Security Report Infographic
Midyear Security Report Infographic
 
Cisco Annual Security Report Infographic
Cisco Annual Security Report InfographicCisco Annual Security Report Infographic
Cisco Annual Security Report Infographic
 
City of Tomorrow Builds in Next-Generation Security
City of Tomorrow Builds in Next-Generation SecurityCity of Tomorrow Builds in Next-Generation Security
City of Tomorrow Builds in Next-Generation Security
 
Laser Pioneer Secures Network End-to-End to Protect Assets
Laser Pioneer Secures Network End-to-End to Protect AssetsLaser Pioneer Secures Network End-to-End to Protect Assets
Laser Pioneer Secures Network End-to-End to Protect Assets
 
Leveraging Context-Aware Security to Safeguard Patient Data
Leveraging Context-Aware Security to Safeguard Patient DataLeveraging Context-Aware Security to Safeguard Patient Data
Leveraging Context-Aware Security to Safeguard Patient Data
 

Último

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 

Último (20)

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 

Defending the Data Center: Managing Users from the Edge to the Application

  • 1. MANAGING USERS FROM THE EDGE TO THE APPLICATION Russell Rice Senior Director Product Management Dec 5, 2012 © 2012 Cisco and/or its affiliates. All rights reserved. 1
  • 2. 7.7 Billion In next 5 Years Accessing Application and Data Wi-Fi devices © 2012 Cisco and/or its affiliates. All rights reserved. 2
  • 3. • How do I classify so many devices coming onto my network every hour? • Do we have any visibility on those devices connecting to our application & data in DC? • Virtual Machine Sprawl! How should I manage security for all of those VMs we are being asked to provision everyday? • My critical services are still running on physical servers. Do I maintain separate policies? © 2012 Cisco and/or its affiliates. All rights reserved. 3
  • 4. Simplifying network security and engineering • Secure  Embeds security within the infrastructure  Enforcement based on rich contextual identify of users and systems  Solution simplicity enables end-to-end approach • Efficient  Simplifies implementation of security policy  Highly scalable & Inline rate  Simplifies Data Center network design • Demonstrable ROI  Reduces ACL and VLAN complexity & maintenance  Can automate Firewall policy administration  Can improve both performance & availability © 2012 Cisco and/or its affiliates. All rights reserved. 4
  • 5. Translating Business Policy to the Network TrustSec lets you define policy Context Classification in meaningful business terms Business Policy TAG Security Group Tag Destination HR Database Prod HRMS Storage Source Exec BYOD X X X Distributed Enforcement throughout Network Exec PC X X Prod HRMS X Switch Router DC FW DC Switch HR Database © 2012 Cisco and/or its affiliates. All rights reserved. 5
  • 6. Device Type: Apple iPAD Classification Result: User: Mary Group: Employee Personal Asset SGT Corporate Asset: No ISE Profiling Along with authentication, various data is sent to ISE for device profiling ISE (Identity Services Engine) SGT Profiling Data ID & Security Group Policy DC Resource Company asset NetFlow DCHP Access DNS HTTP OUI RADIUS NMAP SNMP AP Wireless LAN Controller Restricted Employee Internet Only Personal asset Distributed Enforcement based on Security Group © 2012 Cisco and/or its affiliates. All rights reserved. 6
  • 7. Classification ISE Directory Fin Servers SGT = 4 Users, Device Enforcement SGT:5 HR Servers SGT = 10 Switch Router DC FW DC Switch SGT Propagation TrustSec SGA is a context-based firewall or access control solution: • Classification of systems/users based on context (user role, device, location, access method) • The context-based classification propagates using SGT • SGT used by firewalls, routers and switches to make intelligent forwarding or blocking decisions in the DC © 2012 Cisco and/or its affiliates. All rights reserved. 7
  • 8. Data Center Core Layer Stateful Firewalling Initial filter for all ingress and egress DC Aggregation Layer Stateful Firewalling Additional Firewall Services for server DC Service farm specific protection Layer DC Access Layer Server Segmentation IP-Based Access Control Lists VLANs, Private VLANs Virtual Access Physical Servers Virtual Servers © 2012 Cisco and/or its affiliates. All rights reserved. 8
  • 9. NY 10.2.34.0/24 10.2.35.0/24 10.2.36.0/24 NY 10.3.102.0/24 DC-MTV (SRV1) VPN 10.3.152.0/24 DC-MTV (SAP1) UK 10.4.111.0/24 DC-RTP (SCM2) …. SJC DC-RTP (ESXix) Traditional ACL or Source Destination FW Rules permit NY to SRV1 for HTTPS deny NY to SAP2 for SQL deny NY to SCM2 forGlobal bank dedicates 24 global resources A SSH permit VPN to SRV1 for HTTPS deny VPN to SAP1 for SQL to manage for 3 source objects & 3 destination objects ACL Firewall rules currently deny VPN to SCM2 for SSH permit UK to SRV1 for HTTPS deny UK to SAP1 for SQL deny Permit UK SJC Complex Task and High OPEX Continues to to SAP for SSH SRV1 for HTTPS deny SJC to SAP1 for SQL Adding source Object deny SJC to SCM2 permit NY to ESXis for RDP deny VPN to ESXis for RDP Adding destination Object deny UK to ESXis for RDP deny SJC to ESXis for RDP © 2012 Cisco and/or its affiliates. All rights reserved. 9
  • 10. NY DC-MTV (SRV1) VPN DC-MTV (SAP1) UK DC-RTP (SCM2) CA DC-RTP (ESXix) Security Group Filtering Source SGT: Destination SGT: Employee (10) Production Server (50) permit from Employee / Server regardless of topology Policy stays with User to Production Server eq HTTPS deny Simpler Auditing Processto Lower OperationalServer eq SQL from Employee  Production Cost deny from Employee to Production Server eq SSH Simpler Security Operation  Resource Optimization (e.g. Global bank estimates 6 global resources with SGFW/SGACL) Clear ROI in OPEX © 2012 Cisco and/or its affiliates. All rights reserved. 10
  • 11. Legacy Emerging  Accidental Architectures  Data Center and Server Consolidation  Applications deployed in fixed  Server Virtualization positions (ex. multi-tier deployment)  “Any workload on any server”  Predictable traffic flows  Unpredictable traffic flows as  Security often deployed workloads migrate to each pod or silo © 2012 Cisco and/or its affiliates. All rights reserved. 11
  • 12. Physical and Virtual Servers SegmentedVLAN? VLAN App using Policy Stays with VLAN or IP address, Not with Servers Which Policy? Web Servers Network Ops, Server Ops, and Security Ops are App Servers Database Web Server VLAN App VLAN involved in Operation Cluster Database VLAN DR As the number of server grows… Complexity and OPEX follow © 2012 Cisco and/or its affiliates. All rights reserved. 12
  • 13. Web Server SGT (10) Application Server SGT (20) Database Server SGT (30) Server, Network, and Security Team share common security object Policy Stays with Servers, Not based on Topology Web Web App App DB DB Works for both Physical and Virtual Servers Production Server VLAN DR Cluster permit tcp from src Web to dst App eq HTTPS permit tcp from src App to dst DB eq SQL deny any from src Web to dst grows… As the number of serversDB eq SQL Management complexity and OPEX do not © 2012 Cisco and/or its affiliates. All rights reserved. 13
  • 14. • Supports VXI use case SGACL enabled Device with Nexus 1000v SG Firewall enabled Device VDI Connection • Common classification Broker and enforcement for Physical Servers physical & virtual Campus Network environment VDI Endpoint • Simpler security management for Nexus 1000v Virtual Servers frequent VM Virtual Access Hosted Virtual provisioning Desktop (HVD) • SGT assigned to vEthernet port UCS © 2012 Cisco and/or its affiliates. All rights reserved. 14
  • 15. Data Center Core Layer Security Group Firewalling Firewall rule automation using Security Group (ASA) DC Aggregation Layer Security Group Firewalling Firewall rule automation DC Service using Security Group (ASA) Layer DC Access Layer Security Group ACLs • Segmentation defined in a simple policy table or matrix Virtual Access • Applied across Nexus 7000/5500/2000 independent of the topology Physical Servers Virtual Servers SGACL enabled Device SG Firewall enabled Device © 2012 Cisco and/or its affiliates. All rights reserved. 15
  • 16. DEPLOYMENT USE CASES Healthcare: Ensure Privacy of Patient Data by Enforcing Roles Based Access and Segmentation Across the Network Retail: Intra Store Communication for Networked Devices While Ensuring . That Only Authorized Users and Devices Have Access to PCI Data Technology: Allowing Approved Employee-Owned Tablets Access to Internal Portals and Corporate App Store Manufacturing: Marking Extranet Traffic to Allow PLC Vendor Remote Access to Specific Manufacturing Zone Only, and Offshore Development Partners Access to Development Servers Only © 2012 Cisco and/or its affiliates. All rights reserved. 16
  • 17. Classification Policy Management Catalyst 2K Catalyst 4K WLC (7.2) Nexus 7000 Nexus 1000v Catalyst 3K Catalyst 6K Nexus 5000 (Q4CY12) Identity Services Engine Enforcement N7K / N5K Cat6K Cat3K-X ASA (SGFW) ASR1K/ISRG2 WLAN LAN Remote (SGACL) (SGACL) (SGACL) (SGFW) Access (roadmap) Transport Cat 2K-S (SXP) N7K (SXP/SGT) ASR1K (SXP/SGT) Cat 3K (SXP) N5K (SGT) ISR G2 (SXP) AnyConnect Cat 3K-X (SXP/SGT) N1Kv (SXP) - Q4CY12 ASA (SXP) (Attribute provider) Cat 4K (SXP) Cat 6K Sup2T (SXP/SGT) © 2012 Cisco and/or its affiliates. All rights reserved. 17
  • 18. Secure Efficient Demonstrable ROI  Embed security within  Simplifies implementation  Reduces ACL and VLAN the infra of security policy complexity & maintenance  Enforcement based on  Highly scalable  Automates FW policy rich context & Inline rate  Improve both performance  Solution simplicity  Simplifies Data Center & availability enables end-to-end network design approach © 2012 Cisco and/or its affiliates. All rights reserved. 18
  • 19. Thank you. © 2012 Cisco and/or its affiliates. All rights reserved. 19