Cisco SAFE Overview:Cisco SAFE Overview:Validated Next-Generation Security Architecture
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSAFE 01222008 1
Critical Security Issuesy
Compliance
Data and identity theft
Financial fraud
Virtualization and cloud computing
Network abuseNetwork abuse
Service availability
Security management and operationSecurity management and operation
Cost
L k f i t d ll b ti d t
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSEVT Dec 2008 2
Lack of consistency and collaboration across products
Today’s Complex Security ThreatsRequire Systemwide CollaborationRequire Systemwide Collaboration
Sophisticated website attacksTop-Ten Cyber Security Menaces
Sophisticated website attacksIncreasing botnet sophistication and effectivenessGrowing cyber espionageGrowing cyber espionageEmerging mobile phone threatsInsider attacksAdvanced identity theft Increasingly malicious spywareWeb application security exploitsSophisticated social engineering
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSEVT Dec 2008 3
Supply-chain attacks infecting consumer devices Source: SANS Institute
The Greatest Security Threat?Accidental Security ArchitectureAccidental Security Architecture
Fear-based security ydecisions
Product- or feature-of-the-oduct o eatu e o t emoment purchases
Siloed products andSiloed products and designs
Poor security policyPoor security policy
Poor management, control and visibility
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSEVT Dec 2008 4
control and visibility
Cisco SAFEValidated End-to-End Security Design and Deep Technical Implementation Guide to Complement SDN Messaging
Cisco SAFE
Common security framework Enables ongoing solution development
Implementation Guide to Complement SDN Messaging
Enables ongoing solution developmentCovers network PINs and cross-network solutionsIntegrates comprehensive services to support solution lifecycley
BenefitsComplements and validates software-defined network (SDN) messagingEases transition from concept to design and implementationOffers Cisco® SAFE designs free of charge
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSEVT Dec 2008 5
Enables simple updating and expansion through modular design
Cisco SAFE ObjectivesCisco SAFE ObjectivesCisco® SAFE addresses threats to critical business objectivesobjectives Business Goals and Objectives
Potential Threatsj
Protecting revenue sources Disruption of business, resulting in loss of revenue
Meeting customer requirements
Loss of customer privacy, security, and service levels
Safeguarding corporate Negative effect on marketingSafeguarding corporate identity and brands
Negative effect on marketing campaigns and brand reputation
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSEVT Dec 2008 6
Compliance with regulations and standards
Fines, loss of business, and legal action
Cisco Security FrameworkCisco Security Framework
Cisco® SAFE designs and strategies are based on the Cisco Security Framework for consistent policy deployment and enforcement across the networkfor consistent policy deployment and enforcement across the network
Business Relevance Security Policies Security Principles Security Actions
Business Goals and Objectives
Threat and Risk Assessment Visibility
Identify
MonitorMonitor
CorrelateSecurity Policies
Threats to Goals Security C t lIsolate
HardenPolicies
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSEVT Dec 2008 7
Threats to Goals and Objectives
Security Operations Control
Enforce
Cisco SAFE Security ArchitectureSecurity Solutions (PCI, DLP, etc.)
Visibility Control
Cisco® Security FrameworkPolicy and Device Management
Visibility Control
Serv
ices
Identify Monitor Correlate Harden Isolate Enforce
Branch/WAN Data Center Campus/LANVirtual Office
Network Foundation ProtectionNetwork Foundation Protection
Mobility Unified Communications Network Virtualization
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSEVT Dec 2008 8
Design Principles and BenefitsDesign Principles and Benefits
Defense in depth
Systemwide intelligence and ll b ticollaboration
Service availability and resiliencyresiliency
Modularity
Facilitation of operationsFacilitation of operations
Regulatory compliance
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSEVT Dec 2008 9
Cisco SAFE Network ModulesCisco SAFE Network ModulesWAN EdgeManagement NOC Branch
SiSi
Partner
WAN
CExtranet
Partner
Core
Campus
SiSi
SiSi
Internet Edge
Internet
Core
Data Center
Cisco Virtual OfficeSiSi
SiSi
E-CommerceRemote User
SiSi
SiSi
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSEVT Dec 2008 10
SiSi
Cisco SAFE Next-Generation Lifecycle ServicesServices
Strategy and gyassessment
Deployment andDeployment and migration
Remote management
Security intelligencey g
Security optimization
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSEVT Dec 2008 11
Cisco SAFE BenefitsCisco SAFE BenefitsStep-by-step design and implementation guidance
Fully tested and validated
Solutions-based approach
Layered security using best practices
Threat visibility and coordinated responseresponse
Assurance of business-critical service availability
Modularity to support strategic improvement
Compliance with regulatory requirements
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSEVT Dec 2008 12
Compliance with regulatory requirements
SAFE ResourcesSAFE Resources
Cisco SAFE:
http://www.cisco.com/go/safe
Cisco Design Zone:Cisco Design Zone:
http://www.cisco.com/go/cvd
Cisco Security Lifecycle Services:Cisco Security Lifecycle Services:
http://www.cisco.com/go/services/security
Ci ’ i dCisco’s security products:
http://www.cisco.com/go/security
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSEVT Dec 2008 13