Watch the TechWiseTV Episode: http://cs.co/9001Bvqpz
Watch the workshop replay: http://bit.ly/2bAsxby
See how the latest evolution of Cisco TrustSec helps protect critical assets by extending and enforcing policies anywhere in your network. Go in-depth with how Cisco TrustSec simplifies your network security with software-defined segmentation.
3. …Or Because Segmentation is Important
“Eataly’s network segmentation
prevented a POS compromise at one
store from compromising systems at the
chain’s 26 other locations across the
globe”
“Network segmentation… is one
of the most effective controls an
agency can implement to
mitigate the second stage of a
network intrusion, propagation
or lateral movement”“Effective network
segmentation… reduces the
extent to which an adversary
can move across
the network”
4. Classification Based on Context
Any user, any device
using with this IP
Rich context awarenessPoor context awareness
Role-based group
assignment
?
??
ISE
Result Result
Who
What
When
Threat
Compliance
How
Where
IP Address 192.168.1.51
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Bob (Employee)
Tablet
11:00 AM EST on April 10th
Building 200, 2nd floor
Wireless
Yes
Monitored by IPS, anomaly
detection
5. Manual, time-consuming
security and maintenance
IP-based security policy tied to network topology results in:
Traditional Segmentation - ACL and VLAN
Complexity
Employee
Info
Developmen
t Servers
Policy inconsistencies
across devices and networks
Enterprise Network
InternetFinancial Servers
Complicated
access management
More policies using more VLANs
Guest
VLANs
Employee
VLANs
Developer
VLANs
Non
Compliant
VLANs
2
Locations
Guest
VLANs
Employee
VLANs
Developer
VLANs
Non
Compliant
VLANs
1
Guest
VLANs
Employee
VLANs
Developer
VLANs
Non
Compliant
VLANs
3
6. TrustSec simplifies security management
Deny Employee to Financial Server
Permit Developer to Developer Server
Permit Guest to Web
Permit Developer to Developer Server
Consistent
Policy Anywhere
Key
Employee Tag
Developer Tag
Voice Tag
Non-Compliant Tag
SGACLs
Employee Info Developer Server
Simplified Access
Management
Accelerated
Security Options
Scalable and agile segmentation technology in over 40 different Cisco product families, enabling
dynamic, role-based policy enforcement anywhere on your network
Simplified Access Management
Manage policies using plain language
and maintain compliance by regulating
access based on business role
Rapid Security Administration
Speed-up adds, moves, and changes,
simplifying firewall administration to
speed up server onboarding
HTTPFinancial Server
Consistent Policy Anywhere
Control all network segments
centrally, regardless of whether or not
devices are wired, wireless or on VPN
Enterprise Network
Guest
endpoint
Employee
endpoint
Developer
endpoint
Non
Compliant
endpoint
8
Employee Info Tag
Developer Server Tag
Financial Server Tag
HTTP Tag