Upload
buinga
View
224
Download
1
Embed Size (px)
Citation preview
Cisco Confidential © 2016 Cisco and/or its affiliates. All rights reserved. 1
Secure Digital Business by Gaining Full Visibility and Security across Your Network
Presented by:
Henry Ong
Technical Manager – GSSO, Cisco ASEA
March 2017
ASEAN
w
If you knew you were going to be compromised, would you do security differently
It’s no longer a question of “if” you’ll be breached, it’s a question of “when”
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
“65% of CEOs say their risk management approach is falling behind. In a new reality where security breaches come at a daily rate, we must move away from trying to achieve the impossible perfect protection and instead invest in detection and response. Organizations should move their investments from 90 percent prevention and 10 percent detection and response to a 60/40 split.”
Peter SondergaardSenior VP and Global Head of Research
Gartner
Nov 2015
Jan 2016
Apr 2016 July
2016 Nov. 2016
‘Time To Evolve’ TTE Vs ‘Time To Detection’ TTD Reducing TTD Forces Adversaries to Speed Up Their Effort Just to Keep Up
Median TTD in Hours
Percentage of Total Unique Hashes
Locky Ransomware
Cisco 2017 Annual Cybersecurity Report
5 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Endpoints Endpoints
AMP Threat Intelligence Cloud
Meraki® MX
ISR with FirePOWER Services
ASA Firewall with FirePOWER™ Services
FirePOWER NGIPS Appliance
(AMP for Networks) AMP Private Cloud Virtual Appliance
Web and Email Security Appliances
AMP for Endpoints
Network Edge
AMP for Endpoints
CentOS, Red Hat Linux for servers and datacenters
Windows OS Android Mobile Virtual MAC OS Cloud Web Security and Hosted Email
CWS/ CES
Data Center
Threat Grid Malware Analysis + Threat
Intelligence Engine
Protection Across the Extended Network See It Once, Protect Everywhere
Branch
6 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Continuously Visibility Of Malware Propagation
Reduce The Time To Scope A Malware Breach
“We detected the latest Java 0-day 2 days before it was announced and were clean 40 minutes after it was first seen. A Cisco Power Utility Customer
Continuously Visibility Of Activities on Devices
Understand Root Causes After A Compromise And Reduce TTR
Adding DNS as the 1st Layer of Security
91.3% of malware uses DNS
68% of organizations don’t monitor it
A blind spot for attackers to gain command and control, exfiltrate data and redirect traffic
Source : Cisco 2016 Cybersecurity Report
First line
PROXY NETFLOW
NGFW
SANDBOX
AV AV
AV AV AMP
AMP
AV AV
ROUTER/UTM
AV AV
ROUTER/UTM
Mid layer
Last line
Mid layer
Last line
Mid layer
Perimeter
Perimeter Perimeter
Endpoint
Endpoint
Internet Malware
C2 Callbacks
Phishing
Challenges Too many alerts via appliances and AV
Wait until payloads reaches target
Too much time to deploy everywhere
Benefits Malicious traffic and pay-loads never reach target
Alerts reduced 2-10x; Improves your SIEM
Provision globally in under 30 minutes
Enforcement Built Into Foundation Of Internet
Safe request
Malicious request
ANY DEVICE ON NETWORK
ROAMING LAPTOP
BRANCH OFFICES
Cisco Umbrella provides: • Connection for safe requests
• Prevention for malicious requests
• Proxy inspection for risky requests
Cisco Talos feeds Cisco WBRS Partner feeds
Custom URL block list
Requests for “risky” domains Intelligent proxy
URL inspection
File inspection AV Engines Cisco AMP
AMP retrospective updates
COMPROMISED SITES AND
MALVERTISING
PHISHING SPAM
Blocked by Umbrella
Blocked by Cisco AMP for Endpoints
Web link
Web redirect
C2
File drop
Email attachment
EXPLOIT KIT
DOMAINS
Angler
Nuclear
Rig
C2
RANSOMWARE PAYLOAD
Malicious Infrastructure
Encryption Key Infrastructure
Blocked by Email Security
Prevent & Contain Malware with: Cisco Umbrella & AMP for Endpoints
Scenario 1 : Ransomware Protection by Cisco Umbrella
Scenario 2 : Ransomware Protection by Cisco AMP for Endpoint
Scenario 3 : System infected with Ransomware Executable
Prevent & Contain Ransomware Cisco Umbrella & AMP for Endpoints
Demo
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
PaaS IaaS
Cisco Cloudlock Cloud Access Security Broker (CASB)
Users Data Apps
SaaS
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Cisco Cloudlock addresses customers’ most critical cloud security use cases
Discover and Control
User and Entity Behavior Analytics
Cloud Data Loss Prevention (DLP) Apps Firewall
Cloud Malware
Shadow IT/OAuth Discovery and Control
Data Exposures and Leakages
Privacy and Compliance Violations
Compromised Accounts
Insider Threats
“ Network security architects should accept the reality that, in 2016, it is unreasonable to expect that they can build perimeter defenses that will block every attack and prevent every security breach…
Lawrence Orans, Gartner, Network and Gateway Security Primer for 2016
January 22, 2016
Instead, they need to adopt new products and/or services that will enable the network to be an integral part of a strategy that focuses on detecting and responding to security incidents.”
Dissecting a Data Breach
Reconnaissance
Target acquisition
Infiltration point
Footprint expansion
Staging
Data Exfiltration Information monetized after breach
Exploration
Network as the Platform for Security
During Detect Block
Defend
After Scope
Contain Remediate
Before Discover Enforce Harden
Network as a Sensor
Network as an Enforcer
Network As The Platform To Deliver Intelligence, Visibility And Control To Defend Critical Assets.
Cisco Network as a Sensor (NaaS)
Detect Anomalous Traffic Flows, Malware
Identify User Access Policy Violations
Obtain Broad Visibility into All Network Traffic
NetFlow for Dynamic Network Awareness Understand Network Behavior and Establish a Network’s Normal
Network Flows Highlight Attack Signatures
A Powerful Information Source for Every Network Conversation
Each and Every Network Conversation over an Extended Period of Time
Source and Destination IP Address, IP Ports, Time, Data Transferred, and More
Stored for Future Analysis
A Critical Tool to Identify a Security Breach
Identify Anomalous Activity
Reconstruct the Sequence of Events
Forensic Evidence and Regulatory Compliance
NetFlow for Full Details, NetFlow-Lite for 1/n Samples
Behavioral and Anomaly Detection Behavioral Algorithms Are Applied to Build “Security Events”
SECURITY EVENTS (94 +)
ALARM CATEGORY RESPONSE
Addr_Scan/tcp Addr_Scan/udp Bad_Flag_ACK** Beaconing Host Bot Command Control Server Bot Infected Host - Attempted Bot Infected Host - Successful Flow_Denied . . ICMP Flood . . Max Flows Initiated Max Flows Served . Suspect Long Flow Suspect UDP Activity SYN Flood .
Concern
Exfiltration
C&C
Recon
Data Hoarding
Exploitation
DDoS Target
Alarm Table
Host Snapshot
Syslog / SIEM
Mitigation
COLLECT AND ANALYZE FLOWS
FLOWS
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Cisco Identity Services Engine (ISE) Adding Visibility and Context to NetFlow
INTEGRATED PARTNER CONTEXT
NETWORK / USER CONTEXT
How
What Who
Where When
Send Contextual Data Collected From Users, Devices, And Networks To Stealthwatch For Advanced Insights And NetFlow Analytics
Cisco Network as an Enforcer (NaaE)
Implement Access Controls to Secure Resources
Contain the Scope of an Attack on the Network
Quarantine Threats, Reduce Time-to-Remediation
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Identity Services Engine
Oracle
AD
SAP
Tablet
Laptop
Desktop
What are you?
Mitsue (sales)
Shree (HR)
Santoso (IT)
Who are you?
Japan
India
India
Where are you connecting?
19:30
16:00
16:00
When are you connecting? VPN
WiFi
Wired
How are you connecting?
Network as an Enforcer Identity-Based Access Control
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Identity Services Engine
Oracle
AD
SAP
88
15
1
Tablet
Laptop
Desktop
Network as an Enforcer Security Group Tagging (SGT)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Oracle
AD
SAP 88 15 1
❌ ❌
88 15 1
❌
88 15 1
❌ ❌
88
15
1
Tablet
Laptop
Desktop
Sales No access to SAP over VPN after 18:00 No access to Oracle No access to AD
HR Full access to Oracle over Wireless No access to SAP over Wireless No access to AD
IT Full access over Wired
Network as an Enforcer Security Group Access Control (SGACL)
Identity Services Engine
29 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
access-list 102 permit udp 126.183.90.85 0.0.0.255 eq 3256 114.53.254.245 255.255.255.255 lt 1780 access-list 102 deny icmp 203.36.110.37 255.255.255.255 lt 999 229.216.9.232 0.0.0.127 gt 3611 access-list 102 permit tcp 131.249.33.123 0.0.0.127 lt 4765 71.219.207.89 0.255.255.255 eq 606 access-list 102 deny tcp 112.174.162.193 0.255.255.255 gt 368 4.151.192.136 0.0.0.255 gt 4005 access-list 102 permit ip 189.71.213.162 0.0.0.127 gt 2282 74.67.181.47 0.0.0.127 eq 199 access-list 102 deny udp 130.237.66.56 255.255.255.255 lt 3943 141.68.48.108 0.0.0.255 gt 3782 access-list 102 deny ip 193.250.210.122 0.0.1.255 lt 2297 130.113.139.130 0.255.255.255 gt 526 access-list 102 permit ip 178.97.113.59 255.255.255.255 gt 178 111.184.163.103 255.255.255.255 gt 959 access-list 102 deny ip 164.149.136.73 0.0.0.127 gt 1624 163.41.181.145 0.0.0.255 eq 810 access-list 102 permit icmp 207.221.157.104 0.0.0.255 eq 1979 99.78.135.112 0.255.255.255 gt 3231 access-list 102 permit tcp 100.126.4.49 0.255.255.255 lt 1449 28.237.88.171 0.0.0.127 lt 3679 access-list 102 deny icmp 157.219.157.249 255.255.255.255 gt 1354 60.126.167.112 0.0.31.255 gt 1025 access-list 102 deny icmp 76.176.66.41 0.255.255.255 lt 278 169.48.105.37 0.0.1.255 gt 968 access-list 102 permit ip 8.88.141.113 0.0.0.127 lt 2437 105.145.196.67 0.0.1.255 lt 4167 access-list 102 permit udp 60.242.95.62 0.0.31.255 eq 3181 33.191.71.166 255.255.255.255 lt 2422 access-list 102 permit icmp 186.246.40.245 0.255.255.255 eq 3508 191.139.67.54 0.0.1.255 eq 1479 access-list 102 permit ip 209.111.254.187 0.0.1.255 gt 4640 93.99.173.34 255.255.255.255 gt 28 access-list 102 permit ip 184.232.88.41 0.0.31.255 lt 2247 186.33.104.31 255.255.255.255 lt 4481 access-list 102 deny ip 106.79.247.50 0.0.31.255 gt 1441 96.62.207.209 0.0.0.255 gt 631 access-list 102 permit ip 39.136.60.170 0.0.1.255 eq 4647 96.129.185.116 255.255.255.255 lt 3663 access-list 102 permit tcp 30.175.189.93 0.0.31.255 gt 228 48.33.30.91 0.0.0.255 gt 1388 access-list 102 permit ip 167.100.52.185 0.0.1.255 lt 4379 254.202.200.26 255.255.255.255 gt 4652 access-list 102 permit udp 172.16.184.148 0.255.255.255 gt 4163 124.38.159.247 0.0.0.127 lt 3851 access-list 102 deny icmp 206.107.73.252 0.255.255.255 lt 2465 171.213.183.230 0.0.31.255 gt 1392 access-list 102 permit ip 96.174.38.79 0.255.255.255 eq 1917 1.156.181.180 0.0.31.255 eq 1861 access-list 102 deny icmp 236.123.67.53 0.0.31.255 gt 1181 31.115.75.19 0.0.1.255 gt 2794 access-list 102 deny udp 14.45.208.20 0.0.0.255 lt 419 161.24.159.166 0.0.0.255 lt 2748 access-list 102 permit udp 252.40.175.155 0.0.31.255 lt 4548 87.112.10.20 0.0.1.255 gt 356 access-list 102 deny tcp 124.102.192.59 0.0.0.255 eq 2169 153.233.253.100 0.255.255.255 gt 327 access-list 102 permit icmp 68.14.62.179 255.255.255.255 lt 2985 235.228.242.243 255.255.255.255 lt 2286 access-list 102 deny tcp 91.198.213.34 0.0.0.255 eq 1274 206.136.32.135 0.255.255.255 eq 4191 access-list 102 deny udp 76.150.135.234 255.255.255.255 lt 3573 15.233.106.211 255.255.255.255 eq 3721 access-list 102 permit tcp 126.97.113.32 0.0.1.255 eq 4644 2.216.105.40 0.0.31.255 eq 3716 access-list 102 permit icmp 147.31.93.130 0.0.0.255 gt 968 154.44.194.206 255.255.255.255 eq 4533 access-list 102 deny tcp 154.57.128.91 0.0.0.255 lt 1290 106.233.205.111 0.0.31.255 gt 539 access-list 102 deny ip 9.148.176.48 0.0.1.255 eq 1310 64.61.88.73 0.0.1.255 lt 4570 access-list 102 deny ip 124.236.172.134 255.255.255.255 gt 859 56.81.14.184 255.55.255.255 gt 2754 access-list 102 deny icmp 227.161.68.159 0.0.31.255 lt 3228 78.113.205.236 255.55.255.255 lt 486 access-list 102 deny udp 167.160.188.162 0.0.0.255 gt 4230 248.11.187.246 0.255.255.255 eq 2165 access-list 102 deny udp 32.124.217.1 255.255.255.255 lt 907 11.38.130.82 0.0.31.255 gt 428 access-list 102 permit ip 64.98.77.248 0.0.0.127 eq 639 122.201.132.164 0.0.31.255 gt 1511 access-list 102 deny tcp 247.54.117.116 0.0.0.127 gt 4437 136.68.158.104 0.0.1.255 gt 1945 access-list 102 permit icmp 136.196.101.101 0.0.0.255 lt 2361 90.186.112.213 0.0.31.255 eq 116 access-list 102 deny udp 242.4.189.142 0.0.1.255 eq 1112 19.94.101.166 0.0.0.127 eq 959 access-list 102 deny tcp 82.1.221.1 255.255.255.255 eq 2587 174.222.14.125 0.0.31.255 lt 4993 access-list 102 deny tcp 103.10.93.140 255.255.255.255 eq 970 71.103.141.91 0.0.0.127 lt 848 access-list 102 deny ip 32.15.78.227 0.0.0.127 eq 1493 72.92.200.157 0.0.0.255 gt 4878 access-list 102 permit icmp 100.211.144.227 0.0.1.255 lt 4962 94.127.214.49 0.255.255.255 eq 1216 access-list 102 deny icmp 88.91.79.30 0.0.0.255 gt 26 207.4.250.132 0.0.1.255 gt 1111 access-list 102 deny ip 167.17.174.35 0.0.1.255 eq 3914 140.119.154.142 255.255.255.255 eq 4175 access-list 102 permit tcp 37.85.170.24 0.0.0.127 lt 3146 77.26.232.98 0.0.0.127 gt 1462 access-list 102 permit tcp 155.237.22.232 0.0.0.127 gt 1843 239.16.35.19 0.0.1.255 lt 4384 access-list 102 permit icmp 136.237.66.158 255.255.255.255 eq 946 119.186.148.222 0.255.255.255 eq 878 access-list 102 permit ip 129.100.41.114 255.255.255.255 gt 3972 47.135.28.103 0.0.0.255 eq 467 access-list 102 permit udp 126.183.90.85 0.0.0.255 eq 3256 114.53.254.245 255.255.255.255 lt 1780 access-list 102 deny icmp 203.36.110.37 255.255.255.255 lt 999 229.216.9.232 0.0.0.127 gt 3611 access-list 102 permit tcp 131.249.33.123 0.0.0.127 lt 4765 71.219.207.89 0.255.255.255 eq 606 access-list 102 deny tcp 112.174.162.193 0.255.255.255 gt 368 4.151.192.136 0.0.0.255 gt 4005 access-list 102 permit ip 189.71.213.162 0.0.0.127 gt 2282 74.67.181.47 0.0.0.127 eq 199 access-list 102 deny udp 130.237.66.56 255.255.255.255 lt 3943 141.68.48.108 0.0.0.255 gt 3782 access-list 102 deny ip 193.250.210.122 0.0.1.255 lt 2297 130.113.139.130 0.255.255.255 gt 526 access-list 102 permit ip 178.97.113.59 255.255.255.255 gt 178 111.184.163.103 255.255.255.255 gt 959 access-list 102 deny ip 164.149.136.73 0.0.0.127 gt 1624 163.41.181.145 0.0.0.255 eq 810 access-list 102 permit icmp 207.221.157.104 0.0.0.255 eq 1979 99.78.135.112 0.255.255.255 gt 3231 access-list 102 permit tcp 100.126.4.49 0.255.255.255 lt 1449 28.237.88.171 0.0.0.127 lt 3679 access-list 102 deny icmp 157.219.157.249 255.255.255.255 gt 1354 60.126.167.112 0.0.31.255 gt 1025 access-list 102 deny icmp 76.176.66.41 0.255.255.255 lt 278 169.48.105.37 0.0.1.255 gt 968 access-list 102 permit ip 8.88.141.113 0.0.0.127 lt 2437 105.145.196.67 0.0.1.255 lt 4167 access-list 102 permit udp 60.242.95.62 0.0.31.255 eq 3181 33.191.71.166 255.255.255.255 lt 2422 access-list 102 permit icmp 186.246.40.245 0.255.255.255 eq 3508 191.139.67.54 0.0.1.255 eq 1479 access-list 102 permit ip 209.111.254.187 0.0.1.255 gt 4640 93.99.173.34 255.255.255.255 gt 28 access-list 102 permit ip 184.232.88.41 0.0.31.255 lt 2247 186.33.104.31 255.255.255.255 lt 4481 access-list 102 deny ip 106.79.247.50 0.0.31.255 gt 1441 96.62.207.209 0.0.0.255 gt 631 access-list 102 permit ip 39.136.60.170 0.0.1.255 eq 4647 96.129.185.116 255.255.255.255 lt 3663 access-list 102 permit tcp 30.175.189.93 0.0.31.255 gt 228 48.33.30.91 0.0.0.255 gt 1388 access-list 102 permit ip 167.100.52.185 0.0.1.255 lt 4379 254.202.200.26 255.255.255.255 gt 4652 access-list 102 permit udp 172.16.184.148 0.255.255.255 gt 4163 124.38.159.247 0.0.0.127 lt 3851 access-list 102 deny icmp 206.107.73.252 0.255.255.255 lt 2465 171.213.183.230 0.0.31.255 gt 1392 access-list 102 permit ip 96.174.38.79 0.255.255.255 eq 1917 1.156.181.180 0.0.31.255 eq 1861 access-list 102 deny icmp 236.123.67.53 0.0.31.255 gt 1181 31.115.75.19 0.0.1.255 gt 2794 access-list 102 deny udp 14.45.208.20 0.0.0.255 lt 419 161.24.159.166 0.0.0.255 lt 2748 access-list 102 permit udp 252.40.175.155 0.0.31.255 lt 4548 87.112.10.20 0.0.1.255 gt 356 access-list 102 deny tcp 124.102.192.59 0.0.0.255 eq 2169 153.233.253.100 0.255.255.255 gt 327 access-list 102 permit icmp 68.14.62.179 255.255.255.255 lt 2985 235.228.242.243 255.255.255.255 lt 2286 access-list 102 deny tcp 91.198.213.34 0.0.0.255 eq 1274 206.136.32.135 0.255.255.255 eq 4191 access-list 102 deny udp 76.150.135.234 255.255.255.255 lt 3573 15.233.106.211 255.255.255.255 eq 3721 access-list 102 permit tcp 126.97.113.32 0.0.1.255 eq 4644 2.216.105.40 0.0.31.255 eq 3716 access-list 102 permit icmp 147.31.93.130 0.0.0.255 gt 968 154.44.194.206 255.255.255.255 eq 4533 access-list 102 deny tcp 154.57.128.91 0.0.0.255 lt 1290 106.233.205.111 0.0.31.255 gt 539 access-list 102 deny ip 9.148.176.48 0.0.1.255 eq 1310 64.61.88.73 0.0.1.255 lt 4570 access-list 102 deny ip 124.236.172.134 255.255.255.255 gt 859 56.81.14.184 255.55.255.255 gt 2754 access-list 102 deny icmp 227.161.68.159 0.0.31.255 lt 3228 78.113.205.236 255.55.255.255 lt 486 access-list 102 deny udp 167.160.188.162 0.0.0.255 gt 4230 248.11.187.246 0.255.255.255 eq 2165 access-list 102 deny udp 32.124.217.1 255.255.255.255 lt 907 11.38.130.82 0.0.31.255 gt 428 access-list 102 permit ip 64.98.77.248 0.0.0.127 eq 639 122.201.132.164 0.0.31.255 gt 1511 access-list 102 deny tcp 247.54.117.116 0.0.0.127 gt 4437 136.68.158.104 0.0.1.255 gt 1945 access-list 102 permit icmp 136.196.101.101 0.0.0.255 lt 2361 90.186.112.213 0.0.31.255 eq 116 access-list 102 deny udp 242.4.189.142 0.0.1.255 eq 1112 19.94.101.166 0.0.0.127 eq 959 access-list 102 deny tcp 82.1.221.1 255.255.255.255 eq 2587 174.222.14.125 0.0.31.255 lt 4993 access-list 102 deny tcp 103.10.93.140 255.255.255.255 eq 970 71.103.141.91 0.0.0.127 lt 848 access-list 102 deny ip 32.15.78.227 0.0.0.127 eq 1493 72.92.200.157 0.0.0.255 gt 4878 access-list 102 permit icmp 100.211.144.227 0.0.1.255 lt 4962 94.127.214.49 0.255.255.255 eq 1216 access-list 102 deny icmp 88.91.79.30 0.0.0.255 gt 26 207.4.250.132 0.0.1.255 gt 1111 access-list 102 deny ip 167.17.174.35 0.0.1.255 eq 3914 140.119.154.142 255.255.255.255 eq 4175 access-list 102 permit tcp 37.85.170.24 0.0.0.127 lt 3146 77.26.232.98 0.0.0.127 gt 1462 access-list 102 permit tcp 155.237.22.232 0.0.0.127 gt 1843 239.16.35.19 0.0.1.255 lt 4384 access-list 102 permit icmp 136.237.66.158 255.255.255.255 eq 946 119.186.148.222 0.255.255.255 eq 878 access-list 102 permit ip 129.100.41.114 255.255.255.255 gt 3972 47.135.28.103 0.0.0.255 eq 467
Traditional Security Policy
Cisco TrustSec Software-Defined Segmentation Provide Role-Based Segmentation to Control Access and Contain Threats
TrustSec Security Policy Segmentation Policy Enforced Across the Extended
Network
Switch Router VPN & Firewall
DC Switch Wireless Controller
Simplifies Firewall Rule, ACL, VLAN Management
Prevents Lateral Movement of Potential Threats
Eliminates Costly Network Re-architecture
Employee Tag
PCI POS Tag
Partner Tag
Non-Compliant Tag
Voice Tag
Employee
Cisco TrustSec Software-Defined Segmentation
Non-Compliant
Campus Core
Data Center
Data VLAN 20 ( PCI Segmentation within the same VLAN)
Non-Compliant
Access Layer
Voice Employee PCI POS Partner
SSL VPN
ISE
ASA
Lancope/Netflow (SMC/FC)
Data VLAN 20 Quarantine
Classification Results: Device Type: Apple iPAD User: Mary Group: Employee Corporate Asset: Yes Malware Detected Yes
Data Center Firewall
31 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Architecting a Secure Network Combining Network as a Sensor / Network as an Enforcer
Network Sensor (Lancope)
Campus/DC Switches/WLC
Cisco Routers / 3rd Vendor Devices
Threat
pxGRID
Network Sensors Network Enforcers Policy & Context Sharing
TrustSec Software-Defined
Segmentation
Cisco Collective Security
Intelligence
Confidential Data
NGIPS
pxGRID
ISE
NGFW
Industry’s Most Effective Security Portfolio
– Threat Intelligence
Services
Integrated Threat Defense
Network Cloud Endpoint
Simple Open Automated
1 2 3