14. Контроль виртуальной сети
Контроль трафика между ВМ
Безопасность виртуального уровня доступа
Сохранение контроля за уровнем доступа
Обеспечение выполнения
виртуальных политик
Обеспечение выполнения политик
контроля доступа в виртуальной среде
Выполнение политик в физической и
виртуальной средах
Эксплуатация и управление
Единая среда для управления
физической и виртуальной ИТ-
инфраструктурами
Защита виртуальной среды
Виртуальный сервер
Зона 1 Зона 2
Виртуальный
коммутатор
Физические
МСЭ и IPS
51. Формирование
доверительных отношений
Защищенная инфраструктура
распределенных сетевых сервисов
Защищенные подключения и доступ
Защищенное увеличение емкости
Защищенный доступ для
пользователей, работающих
в офисе, и мобильных пользователей
Защищенные приложения на
распределенной платформе
Защита от угроз
Подтверждение соответствия
нормативным требованиям
Безопасное расширение в среды XaaS
SaaS
IaaS
PaaS
Защищенный
доступ
Филиал
Мобильные
пользователи
Внутренние
пользователи
Защищенное
подключение
51
UC.4 – need to create a very complex large network environment, provides rapid turn-up w/o resource planning, space, procurement, etc.
Visibility into the new network isn’t the only challenge that IT faces. There continues to be a lingering disconnect between the goals and objectives of the Network and Security teams. What is needed is a holistic approach that addresses the big picture that the CEO is facing. You need a solution that drives these different objectives towards each other – that enables business acceleration while securing the entire distributed environment. But how do you do that?
PhysicalVirtual (VLAN, VRF)Virtualized (Zones)
The virtual environment brings with it a host of new security problems. These problems can be divided into two groups:Security in the Server Access Layer: These are today’s largest pain pointsRegaining visibility in the access layer is the first step at securing it. Regaining inter-host visibility in the virtual world provides key security forensics intelligence – which hosts are communicating, and in the event of an outbreak, where did it originate.Securing the access layer from DCHP and ARP attacks such as eavesdropping and VLAN hopping.Security at Higher Layers: These are emerging pain points that we need to addressVirtual policy enforcement creates segmentation and separation in the virtual world similar to that available in the physical. Note that this can be provided either through fully virtual enforcement points, or physical enforcement points that are virtual awareFinally, the physical and virtual worlds need to be tied together in a common operational environment with a common policy infrastructure.
Thanks for sharing. In general looks good. Some remarks:- Instead of “Cloud Services Agent”, please use “Cloud Connectors”- you could say something like: that onePK provides the foundational APIs allowing customers to build their own “Cloud Connectors”. The onePK APIs make it possible to leverage intelligent network services and apply these through “Cloud Connectors” residing on the ISR to the delivery of cloud services to users in the branch resulting in improved user experience, improved security and/or simplified operations.Cisco is showing in the “routing booth” a proof of concept for a “Cloud Connector Development Environment” with as an “Example a Storage Connector” leveraging In this case, we could use the CTERA example as a talking point. This shows how the OnePK API enables the CTERA 3rd party storage cloud connector to deliver additional customer value, by leveraging knowledge from the network. Learn more at the demo pods, etc.
Unlike other next-generation firewalls, ASA CX addresses today’s evolving security needs by delivering end-to-end network intelligence to help administrators make effective security decisions. With fine-grain control of applications, micro applications, and tasks within specific micro-applications, plus threat intelligence feeds for near-real-time protection from zero-day threats, AS CX is a comprehensive context-aware solution.
The key to Cisco’s Cyber Threat Defense Solution is NetFlow. NetFlow is a very simple technology that Cisco created in the early 90s as a way of providing visibility into the network.As data flows between a source and destination, Cisco equipment collects key information about that data and sends it to a device called a NetFlow Collector.This exchange of data is called a “flow”. Flows can tell you what kind of data was exchanged, how much, and at what rate. The information in a flow can be used to describe network behaviors, and by applying the correct analysis, can also be used to detect threats.
Flow Action field can provide additional contextState-based NSEL reporting is taken into consideration in StealthWatch’s behavioral analysisConcern Index points accumulated for Flow Denied eventsNAT stitching
Public and Private Clouds are an architecture that brings together all elements of Scale and Simplicity, Openness, and Virtualization into an elastic, on demand environment. This environment brings with it a new set of security concerns.First, the need to establish trust on the cloud infrastructure itself. How does one maintain the integrity of the cloud environment?Second, the need to connect users and internal networks into the cloud infrastructure. How do users get access to the cloud services?Third, how do I secure the applications in the cloud, whether in a public cloud or a private?