Cisco Security Management Suite

Cisco Security Manager

Overview

EBC Presentation
Presenter:

205523.Y_C97-60001-00 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
 Self-Defending Network Defined
Efficient security
management, control,
Policy–Based Management
and response and Enforcement

Advanced technologies Threat Control

and security services to and Containment Secure Transactions
• Mitigate the effects of
outbreaks
• Protect critical assets Confidential Communications
• Ensure privacy

Security as an integral Secure Network Infrastructure

and fundamental
network feature
Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
 Cisco Self-Defending Network:
Using the Network to Identify, Prevent, and Adapt to Threats

Integrated Collaborative Adaptive

Enabling every element Collaboration among Proactive security
to be a point of defense the services and technologies that
and policy enforcement devices throughout automatically prevent
the network to thwart threats
attacks

Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
 Cisco Security Management Suite
Monitoring, Analysis, and Mitigation
Identity Analysis
How to control access Too much
to network assets… meaningless
Who can do what raw data...
Branch
Branch
Partner
Data
Center
Monitoring Patch
Need to monitor Branch Management
Multivendor Data Image, inventory,
networks… Center Data signature…
Center Partner
SOHO

Mitigation Configuration
How to use network How to rapidly deploy
to eliminate threats… new policies…

Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4
 Cisco’s Security Management Evolution

From To
Network and Security Managing Networks with
Management Separate Embedded Security

Vendor-Specific monitoring Monitoring of Multi-Vendor

Device-Level Management Only System-Wide, End-to-End,

Policy-Based Management

Siloed Operations Teams Support of Integrated

NetOps and SecOps

Point Solutions for Closed Loop Management

Configuration, Monitoring…

Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5
 Cisco Security Management―
Value Summary

Cisco® Management

• Best-of-breed applications • Integrated policy management

which are integrated, and log monitoring
collaborative and adaptive
• Greater visibility of threats
• Reduced TCO
• Set once, deploy network wide
• Simplified service management
• Integrated SecOps and NetOps

Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6
 Cisco Security Management Framework Vision
The Operational Framework

… Partners
…
Clean Access
NAC
Configuration Monitoring, Identity
Management Mitigation Management
Network Access
SDN Security Solutions:

Outbreak prevention Vulnerability

… Assessment
Anti-X

Policy

Intrusion Prevention
…
CSA Desktop/Server Patch
Management
Firewall Identity/Role-
Foundation

Based Auditing and

VPN … Access Compliance Data
Archiving and
SSL VPN
… Reporting

SDN Network Fabric:

ASDM SDM TIDP CVDM CSA MC
Switches
Appliances Routers Svc Modules End Points
Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7
 Today―Cisco Security Management Suite

Cisco®
Security Cisco®
Manager Security
Simplified Policy Mars
Administration Rapid Threat
End-to-End Identification and
Configuration Mitigation

Network wide or Topology

FABRIC Awareness
Device Specific
Data Correlation

• Integration to Cisco Secure Access Control Server

Role Based access control
Privileged based access to management functionality
• With the Context of Auditing Services

Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8
 Transition from CiscoWorks VMS

Cisco® NEW
Security
CiscoWorks Manager
VPN/Security Management Solution CS Manager
Firewall Management Center

Router Management Center

ADVANCED SDN
IDS Management Center SOLUTIONS

Management Center CSA Manager

for Performance FABRIC

Resource Manager Essentials

Cisco Security Agent

Management Center Cisco Security
SecurityMonitor Monitoring,
Analysis, and
Response System
CS MARS

Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9
 Cisco Security Manager
Overview
Superior Usability VPN Administration

VPN Wizard setup

Administer policies site-to-site, hub-spoke,
visually on tables or and full-mesh VPNs
topology map with a few mouse clicks

Centralized Policy Jumpstart help: an extensive Configure remote-access

Administration animated learning tool VPN, DMVPN, and Easy
VPN devices
Flexible management views: Firewall Administration
Centrally provision • Policy-based
policies for firewalls, • Device-based
VPNs, and IPS • Map-based IPS Administration
• VPN Manager Configure policies for ASA,
Very scalable • IPS Manager Cisco® PIX® FW, FW SM
• Deployment Manager and Cisco IOS® Software
Automatic updates to
Policy inheritance Single rule table for all the IPS sensors
feature enables platforms
consistent policies
Intelligent analysis of Support for outbreak
across enterprise
policies prevention services
Powerful device Sophisticated rule table
grouping options editing
Compresses the number
of access rules required

Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10

Cisco Security MARS
Overview
Multivendor
Powerful monitoring,
analysis, response
system
Multivendor support
Correlate events from
multiple sources such
as vulnerability
assessment and NetFlow
data to detect anomalies
Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved.
Security Management EBC
Visualization Reduced Complexity
Visualize attack paths and
Lower TCO
identify network hot spots
Appliance based
Identifies valid incidents Simple to install solution
and minimizes false
positives No hidden customization
Mitigation of Attacks costs
Higher network availability
Identify day-zero attacks, Simple licensing, no
software agents
reduce resolution time
Mitigate attacks by isolating
switch ports and applying
ACLs closest to source
Know “what, where, and
how” of threats
Leverage the intelligence
in the network to enforce
security policies
Cisco Confidential 11
 Cisco Security Management—Value Summary
Best of breed applications which are integrated, collaborative and adaptive

Differentiating Capability Value/Benefit

Policy abstraction, Reduces complexity, do more with
sharing and inheritance fewer resources—Reduce OPex
Domain-based policy Enforce policies based on
enforcement through organizational needs—Reduce Opex
device abstraction
Operations workflow Enable collaboration between SecOps
and NetOps—Advanced flexibility
and control
Scaleable distributed Faster deployment, ensure latest
deployment polices are on the device—Higher
network availability
Security event log to Greater visibility of threats, faster
policy lookup, real time problem isolation and remediation—
event viewer Improved network resiliency
Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12
 Cisco Security Management Suite
Cisco Security Manager

EBC Presentation
Presenter:

205523.Y_C97-60001-00 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13
 Distributed Protection
CS MARS and CS Manager in Action
Protected
• CS MARS detects
an incident Branch
Office
• CS Administrator
updates a shared Branch
policy in one place Office
Data Center CNS-CE
• A single deploy to
Corporate 4
protect the network LAN
• Scale through use
of distributed
deployment using 1
CNS Configuration
Branch
Engine Branch 3 Office
Office
CS-MARS 2
CS Manager

Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14
 Cisco Security Configuration―Agenda

• Focuses on Configuration Management of Security Polices

in the Network
• Usability is Key
Provides multiple views to fit the operational needs
Easy-to-use, visually appealing user interface
Wizards to reduce complexity
Advanced tools for the sophisticated user
• Core-Differentiating Concepts
Policy sharing and inheritance
Domains-based policy enforcement
Decision support workflow for NetOps/SecOps
Rolls-based access control for scaled operations
Distributed large-scale deployment

Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15
 CS Manager
Cisco Security Manager
“It Has to be Easy to Use and Flexible”

• Feature Rich front-end Topology View

• Different views for

different administration
preference
Policy View
Device View
Topology View
Policy View
• Unified security service Device View
management independent
of the enforcing device
Firewall, VPN, IPS…
• Supporting ASA, PIX,
IPS Sensors, ISR’s and
Catalyst Service modules

Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
 CS Manager

Device-Centric View

• Start with single device

• Clone and replicate
• Rapidly deploy the
device settings

Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17
 CS Manager

Policy-Centric View

• Centralized policy
management
• Powerful scalability
via inheritance, reuse,
assignment, and sharing

Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18
 CS Manager

Topology-Centric View

• Put devices on customizable

maps, image backdrops
• Build VPNs with right click
• Launch FW rules and configure
• Build maps-within-maps to scale

Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19
 CS Manager

VPN―Wizard-based Configuration

• Wizard-based 
configuration
• Three steps to
create a VPN!!

 Choose
VPN topology
and technology 
 Choose
participants
 Customize
protected traffic
if needed

Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20
 CS Manager
Multiple VPN Topologies
Site-to-site, DMVPN, RA VPN, EzVPN

Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21
 CS Manager

Power Tools: Config Archive, FlexConfig

• Retrieve and compare delta

configs for deployment
• Ability to roll-back to
“golden” or “last-known
good” configuration
• Compare between previously
deployed configurations

Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22
 Power Tools―FlexConfig
FlexConfig
• Convert Users can create custom
custom CLI CLI and deploy as jobs to
device(s)
to polices
• Powerful
mechanism
to enable
feature
velocity
• Rapidly add
device new
feature
support

Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23
 Going Beyond Ease of Use and Flexibility

• Scaling to many hundreds of remote sites

• Setting corporate rules and providing best-practice
guidelines
• Reducing the complexity of different device classes
• Enabling SecOps and NetOps to work together
• Controlling who can do what on which device
• Efficiency in distributing changes to always on
and intermittently on devices

Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24
 CS Manager
Policy-Sharing and Inheritance Model
“Scaleable Policy Definition; Set Once, Deploy to Many”

What is it? Remote Branch

• Decoupled devices form polices Policy

Example:
• Share common policies across
device groups for: Policy
Branch firewall
Remote Branch
Site-to-site VPN
Policy
Device administration
• Corporate mandatory policies:
No Napster traffic, period
Remote Branch
Allow SSH, SSL
Benefit: Optionally Override
Central Policy at
• Reduced complexity for Local Level
administrators
• Do more with less resources
Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25
 CS
CS Manager
Manager
Domain-Based Policy Enforcement
“Fine-Grain Control of What Traffic Flows Where”

Interface Groups
• Interfaces related
to a domain Marketing

• User customizable
Example Engineering
• Define policy to control
traffic between domains
Benefit

Sales
• Enforce policies based
on organizational needs

Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26
 CS Manager
Workflow
“Enable Different Management Teams to Work Together”

What Is It?
Security
• Structured process for change Operations
management that complements Policy Definition
Create/Edit Review/ Approve/
your operational environment Policy Submit Commit
Undo
Example
• Who can set policies
• Who can approve them Generate/ Approve
Submit Job Job Deploy
• Who can approve deployment
and when Network
Rollback
• Who can deploy them Operations
Policy Deployment
Benefit
Firewall, VPN, and IPS Services
• Enables teamwork and
collaboration between
NetOps and SecOps
• Provides scope of control
Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27
 Role-Based Access Control

What Is It?
• Authenticates admin access Cisco
to management system IOS®
CS-Manager Software
• Determine who has access to Cisco® PIX®
and ASA S/W
specific devices and policy
functions
Example AAA

• Verifies admin and associates

them to specific roles as to Remote
Access
who can do what CS-ACS

Benefit Home
Office
• Enable delegation of admin
tasks to multiple operators
• Provides appropriate
separation of ownership
and controls

Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28
 Scalable Distributed Deployment
Extranet Self-Managed
What Is It? ROBO Telecommuter
• Simplified distributed deployment
method for 1000s remote devices
Example Internet
• Update large numbers of remote
firewalls, which may have dynamic
addresses, intermittent links, or NAT
addresses
Update DMZ
• Update both configurations and
software images Appliance
CNS-CE
• Devices self updated whenever
they come online
• Scales through Web technologies
Benefit Enterprise
• Helps customers with 1000s of INTRAnet
teleworkers and remote locations with Update
minimal technical staff at the remote site Servers
CNS-CE

Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29
 Cisco Security Management Suite
Monitoring, Analysis, and Mitigation
Identity Analysis
How to control access
Too much meaningless
to network assets…
raw data...
Who can do what
Branch
Branch
Partner
Data
Center
Monitoring Branch Patch
Need to monitor Management
multivendor Data Image, inventory,
networks… Center Data signature…
Center Partner

SOHO

Mitigation Configuration
How to use network How to rapidly deploy
to eliminate threats… new policies…

Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30
 CS MARS

Cisco Security MARS

Firewall Log IDS Event Server Log
Switch Log Firewall Cfg. AV Alert
• Gain Network Intelligence Switch Cfg. NAT Cfg. App Log
Topology, Traffic Flow, Router Cfg. Netflow VA Scanner
Netflow Analysis ...
• ContextCorrelation™
Correlates, reduces, Isolated Events
and categorizes events
Validates incidents Sessions
• Extensive Reporting on Events

n
Co

ctio
rre

du
Rules

lati

Re
on
Release 4.2 Verify
• Log data to policy lookup
• Low latency, real-time event viewer
• Relayed syslog handling
• Ticketing system integration via XML Valid Incidents
Incident Notification

Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31
 CS Manager

Cisco Security MARS

Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32
 CS Manager
CS MARS―CS Manager Policy
Lookup View Resultant Rule Table

Aha, there is a permit rule from source 10.1.10.1

to any for IP. Better make the correction over in
CS Manager and deploy to the device.

• Integrating the log and policy views for fast remediation

• XML-based external integration of incidents

Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33
 The Value of Cisco’s Security Management Suite
Best-of-Breed Applications: Integrated, Collaborative and Adaptive
• Workflow to allow NetOps and SecOps
to collaborate
Management of an
• Integration with NetFlow data
Integrated Security Fabric
• Integrates network and security
management components

• Better identification of day-zero attacks

Higher Network • Reduced resolution time
Availability Through
• Mitigation recommendations
Faster Threat Mitigation
• Identify best choke points

• Single app for mgmt of FW, VPN, IPS

Reduced Complexity and network
Through Integrated • Shared device database
Management • Collaboration between provisioning,
monitoring, mitigation, and identity

• Leverage investment in Cisco

Investment based network
Preservation • Preserves investment in other non-Cisco
point solutions, multi-vendor nature of
our monitoring solution
Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 34
Session Number
205523.Y_C97-60001-00
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 35