Embed Size (px)
Citation preview
AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment
Edy Almer
BRKPAR-2488
How to Secure and Automate Your Heterogeneous Cisco Environment
Yogesh Kaushik, Senior Director Cisco
Doug Hurd, Alliance Manager Cisco
Edy Almer, VP Product Algosec
Cisco Tetration PlatformHybrid Cloud Workload Protection
Network Traffic
Visibility
App Behavior
Detection
Vulnerability
Detection Attribute based
whitelist policy &
segmentation
Azure Amazon
Googl
e
Visibility & Forensics
Policy SimulationWhitelist Policy
USE CASE I
Map Firewall Rules to Business Applications• Application tags are then visible everywhere – policy searches, security
risks, cleanup, export via API
USE CASE II
Risk, Vulnerability and Compliance
• Application servers are matched with vulnerability scan results
Risk, vulnerability and compliance are managed with correct business application context and priority
USE CASE II
Risk, Vulnerability and Compliance• Tetration Platform
discovers application flows and dependencies
• Application flows are matched with network security risks & vulnerability scan results
USE CASE II
Risk, Vulnerability and Compliance
• Tetration flow data annotated with vulnerability score
USE CASE III
Generate and Push Whitelist Policies• Tetration Analytics generates whitelist policy recommendations and
enforces host based polices
• AlgoSec configures security policies to multi-vendor security devices and SDN controllers (automatically/with modifications)
ACI
Founded 2004
1500+ Enterprise Customers
Serving 20 of the Fortune 50
24/7 Support via 3 Global Centers
Passionate about Customer Satisfaction
CORPORATE OVERVIEW
Business-Driven Security Business-Driven Agility
Business-Driven Network Security Policy Management
Unified Visibility Across Cloud, SDN & On-Premise Enterprise Networks
Auditing &Compliance
Risk Management
Business Continuity
Digital Transformation
Change Management
Incident Response
DevSecOpsMicro-Segmentation
BUSINESS-DRIVEN SECURITY MANAGEMENT
USE CASES
12 | Confidential
NETWORK ABSTRACTION & POLICY ANALYSIS
Topology map and traffic simulation
Firewall rule optimization and cleanup
Network segmentation enforcement
Baseline configuration compliance
Audit-ready compliance reports
Risk assessment
Visibility and analysis of complex network security policies across on premise and cloud networks.
Process firewall changes with zero-touch automation.
13 | Confidential
SECURITY POLICY CHANGE AUTOMATION
Security policy workflow automation
Topology analysis and optimal rule design
SLA tracking and complete audit trail
Integration with ticketing systems
Change validation and reconciliation
Proactive risk and compliance verification
Automated policy push
Discover, provision, maintain and securely decommission network connectivity for critical business applications.
14 | Confidential
APPLICATION CONNECTIVITY MANAGEMENT
Automated discovery and mapping of business connectivity
Translation of business requirements in to networking terms
Secure application decommissioning
Business-centric risk analysis
Impact assessment to avoid outages
Rapid datacenter and cloud migration
Process firewall changes with zero-touch automation.
15 | Confidential
ACI, NX-OS, FIREPOWER, FWSM, IOS (XE,XR)
Automate change for ACI, FWSM, IOS
Plan: Automate Firepower
SLA tracking and complete audit trail
Integration with ticketing systems
Change validation and reconciliation
Risk and Compliance for all
Change recommendation for NX-OS
• eStreamer API• Send Firepower event data to SIEMs
• Host Input API• Collect vulnerability and other host info
• Remediation API• Programmatic response to third parties from FireSIGHT
• JDBC Database Access API• Supports queries from other applications
• Read/Write REST API for Firepower• Supports FW and Risk Management technologies
• Threat Intelligence Director REST API for Firepower• Collect, correlate, take action on third party Threat Intelligence
• Management API for ASA• Third party management of ASA, policy auditing
• pxGrid• Bi-directional context sharing framework for ISE, ecosystem partners
• MDM API• Enables 3rd party MDM partners to make mobile device posture part of ISE access policy
• External Restful Services (ERS)• Adds 3rd party asset data to ISE inventory database
• AMP Cloud-based API • Externalize event data for all 3rd party apps
Integration Points Across the Cisco Security Portfolio• Threat Grid API
• Hand off suspicious files for analysis
• Queries entire dataset for correlation or historical/geographic significance
• Automate submission of files for analysis
• Create custom or batch threat feeds
• FirePOWER 9300 (SSP) REST API• Cisco and third party applications in service chain configuration
• AnyConnect Network Visibility Module Collection • AnyConnect provides IPFIX data
• AnyConnect EDM/MDM• VPN Services
• OpenDNS Investigate• Query OpenDNS for threat intelligence
• OpenDNS Umbrella• Add addresses to customer specific enforcement
• CloudLock Enterprise API• Reporting/Management
• CloudLock Development APIs• Access micro-services
• Other Integration Points• ESA, WSA
• Migration from ASA to Firepower
Gain more insight with increased visibility
Malware
Client applications
Operating systems
Mobile Devices
VOIP phones
Routers & switches
Printers
C & C
Servers
Network Servers
Users
File transfers
Web applications
Application
protocols
Threats
Typical IPS
Typical NGFW
Cisco Firepower NGFW
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Please complete your Online Session Evaluations after each session
• Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt
• All surveys can be completed via the Cisco Live Mobile App or the Communication Stations
Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at www.ciscolive.com/global/on-demand-library/.
Complete Your Online Session Evaluation
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Tech Circle
• Meet the Engineer 1:1 meetings
• Related sessions
24BRKPAR-2488
Thank you
