This chapterdiscusses the concept of borderless Networks. It discusses Cisco borderless Network architecture, including the components and underlying technologies. You will learn about the Cisco security portfolio products that address specifically issues of borderless Networks, and more precisely about Cisco SecureX. This chapter introduces Cisco threat control and containment products and VPN technologies that will be covered in greater detail in subsequent chapters.
Trang 1Security Strategy and Cisco Borderless
Network
Trang 2In this chapter, you learn about the following Cisco Borderless Networks
topics:
• Cisco Borderless Network Architecture
• Cisco security portfolio of products solving issues of Borderless Networks
• Cisco SecureX Architecture presenting its features and benefits
• Cisco threat control and containment products and technologies
• Cisco content security products and technologies
• Cisco VPN solutions and technologies
• Security management products and technologies
http://www.cisco.com/en/US/products/ps10906/Products_Sub_Category_Home.html#
Trang 3Borderless Networks
Cisco Borderless Network Security Architecture
Trang 4Borderless End Zone
Trang 5Borderless Internet
Intelligent Access Policies Provides Context Awareness for Adaptive
Securing of Endpoints
Trang 6Borderless Data Center
Evolution of Security in the Data Center
Trang 7Policy Management Layer
Trang 8Borderless Security Products
Policy Management Provided by Cisco Borderless Security Products
Trang 9SecureX, a Context-Aware Security
Approach
SecureX Context Awareness
Trang 10Cisco SecureX Security Products
Trang 11Context-Aware Policies
Context-Aware Policies Decide Access Privileges
Trang 12Secure Resources Using TrustSec
Trang 13AnyConnect at Work
Trang 14• Cisco Identity Services Engine (ISE) is the centralized policy engine for business-relevant policy definition and enforcement.
Cisco SIO
the Cisco Secure Access Control Server for authentication,
authorization, and accounting (AAA) services and Cisco NAC, into this next-generation policy server
Cisco Identity Services Engine
Trang 15• Cisco ASA : provide proven firewall services and context- and
application-aware capabilities for comprehensive, real-time threat
defense
• Cisco ISR : Through software- and hardware-integrated security
functions, ISRs can easily become part of the army of security controls
in networks of all kinds
• Cisco IPS : Intrusion prevention is accomplished in a distributed fashion, from IPS 4200 appliances to integrated hardware modules such as the Advanced Inspection and Prevention Security Services Module (AIP-
SSM) for ASA or the Intrusion Detection Services Module (IDSM) for
Cisco Catalyst 6500
Threat Control and Containment
Trang 16• Threat intelligence, which is called Cisco SensorBase
• The automatic and human development process, called the IronPort
Threat Operations Center
• The automated and best practices content that is pushed to network
elements in the form of dynamic updates
Cisco Security Intelligence Operation
Trang 17• Abuse and nefarious use of cloud computing
• Insecure interfaces and APIs
• Malicious insiders
• Shared technology issues
• Data loss or leakage
• Account or service hijacking
• Unknown risk profile
Cloud Security, Content Security, and Data Loss
Prevention
Trang 18Web Security
ScanSafe Integration with Cisco AnyConnect
Trang 19Web Security
Cisco IronPort WSA on Premises
Trang 20Email Security
Cisco IronPort Email Security Solutions
Trang 21Secure Connectivity Through VPNs
VPN Deployment Options
Trang 22• Device managers
Security Management
Trang 23In this chapter, you learned about the Cisco Borderless Network
Architecture This chapter examined the Cisco Security portfolio of
products and, more specifically, reviewed the following:
• Cisco SecureX Architecture (at a high level), highlighting its features and benefits and providing examples of Cisco products that fall within this
category
• Cisco threat control and containment products and technologies, such
as the Cisco ASA and Cisco IPS, and illustrating their high-level features and benefits
• Cisco content security and data loss prevention technologies, such as
Cisco IronPort WSA and ESA, and illustrating their high-level features and benefits
• Cisco VPN solutions and technologies, and illustrating their high-level
features and benefits
• The different security management products and technologies, focusing
Summary