思科无边界云安全解决方案ppt课件.ppt

思科安全无边界网络架构及解决方案支撑企业业务创新的商业平台,Wind Wan Borderless Network,议程,思科安全无边界网络架构外联业务安全思科云火墙解决方案内网业务安全思科攻击定位与响应解决方案问与答,攻击威胁与防御体系的演进有边界网络 - 无边界网络,过去,现在,集中计算 云计算,有边界网络 无边界网络,外部入侵DDoS 内部木马僵尸利用,网络应用 内容数据,边界单点 全网多点,固定静态特征 移动动态变化,IT行业,攻击威胁,防御体系,传统的企业网络边界,攻击者,客户,合作伙伴,一个没有边界的网络已形成,攻击者,Home Office,咖啡店,客户,机场,合作伙伴,任何时间,任何地点,任何设备,任何资源,移动与协作、以及云计算打破了企业数据中心边界,任何人,思科无边界网络安全,Home Office,攻击者,咖啡店,客户,机场,合作伙伴,正确人员、正确终端、正确地点正确时间、正确资源无边界网络安全,从自防御网络SDN到安全无边界网络SBN,自防御网络 SDN,安全无边界访问,把坏人阻挡在外,移动安全 MobilityAlways On,安全无边界网络 SBN,策略 & 身份受信任访问 Trust,云安全 Cloud主机托管/混合托管,思科安全智能运营中心 Cisco SIO,防火墙 Firewall访问控制,侵扰防御 IPS防止攻击,内容安全 Content邮件 & Web,思科安全架构核心: CSIO - Sensor Base,SensorBase 全球覆盖: 美国圣何塞, 圣布鲁诺, 澳大利亚, 北卡罗莱纳和中国上海来自中国互联网的安全数据占17%之多实时采集全球30%的IP流量,主动防御: 全面及时的安全防护体系联动IPS全球入侵防御系统；ASA僵尸网络数据流过滤器；病毒蠕虫爆发预防过滤器；全球名誉度过滤器（IPS；邮件及Web）,准确可靠: 源于思科全球安全设备及第三方机构信息采集EmailURLSignatureDomainBotnet,思科无边界网络安全-实践,议程,思科安全无边界网络架构外联业务安全思科云火墙解决方案内网业务安全思科攻击定位与响应解决方案问与答,IPS,Firewall / VPN,Anti-Maleware,接入突破网络滥用端口扫描畸形数据包,应用滥用停止服务 / Hacking已知的攻击,被感染的流量,植入应用中的攻击,外联业务多功能防护需求,下一代防火墙：主动防御僵尸网络，智能入侵防护.,思科“云”火墙应对五大信息安全最新挑战,如何避免内部感染木马与僵尸网络潜伏?“云”火墙 Sensorbase动态策略技术,如何阻断外部黑客攻击?IPS Global Correlation 全球信誉协防技术,如何划分安全域与安全接入?虚拟防火墙技术与xVPN技术,如何实现内容安全与数据防泄漏?云火墙与Ironport 邮件安全、Web安全网关,如何提高Session性能实效? Real World 性能，IPS硬件，Session Reputation,一. 防内部木马僵尸潜伏 Anti-Botnet,Infected Clients,ASA 5500 Series,扫描流量，端口，协议， 恶意 “回拨” 流量警示被感染客户端，清除木马僵尸流量,Malware Command & Control,“云”火墙,Threat ProtectionBotnet Traffic Filter on ASA 5500 Series,监控恶意流量扫描全部流量，端口和协议通过追踪“回拨”流量发现被感染的客户端高准确度每周识别超过10万恶意连接自动DNS地址查询与CSIO实时连动,二. 防外部攻击入侵 IPS Global Correlation, 2009 Cisco Systems, Inc. All rights reserved.,Cisco Confidential,16,Empowered Branch,协同: 特征库+ 全球信誉关联 特点:鉴别新增的威胁种类增加安全团队的工作效率,Internet,攻击者不在现在数据库中,IPS 检查 signatures 结果是可疑攻击,威胁确认执行阻断,Report Attack to SIO*,下载全球威胁数据,最新恶意攻击信息更新,未知攻击者,关联信息: 特征数据 + 全球威胁数据,CiscoIPS,Server,Client,Call Manager,全球协防 - - IPS Global Correlation,08:00 GMT一个新恶意软件正在澳大利亚被发现一个正在俄罗斯活跃的僵尸网络正在广泛的发送新内容在韩国，一个病毒正在网络上肆虐在佛罗里达，一个电脑黑客正在为主要的金融机构发送探通 08:15 GMT所有的Cisco IPS用户已经被保护，免于以上威胁的攻击,Collaborative IPS遥感, 全球一体化关联, 先发制人的保护,Cisco IPS比其他IPS技术提前两倍的时间发现威胁入侵,收集数十亿全球范围内的数据点,三.清理恶意 Session ，提高并发实效Real World 性能，IPS硬件，Session Reputation,Access ControlGranular Policy for Modern Networks,ASA 支持数十万条策略能够基于接口或全局设定策略强大的NAT引擎,Protocol InspectionPowerful Network Security and Controls,Fragmentation and Obscured ContentPiggybacked SessionsOverloaded Sessions,Source Address VerificationSequence RandomizationRetransmitted Packets,Connection and Embryonic LimitsSYN Flood ProtectionChecksum Testing,Malformed Packets and State ChecksTCP Window Size AnomaliesSelective Resets and TimeoutsDead Connections,规避,欺骗,拒绝服务,连接滥用,Anti-Evasion,Anti-Spoofing,Denial of Service Protection,Anti-Connection Abuse,四. 安全域隔离 ASA 虚拟火墙,云火墙,.,.,安全区1,安全区2,安全区3(多个VLAN）,安全区4,安全区5,安全区n,Server,企业网,基于身份的准入控制 xVPN,工程师,合作伙伴,ASA,ASA,SW,技术部经理,A,B,C,D,策略认证中心,Cut-Through,SSL VPN,SSL VPN,SSL VPN,互联网,SSL VPN,选择Diverse EndpointSupport for Greater Flexibility,安全Rich, Granular SecurityIntegrated Into the network,体验Always-on IntelligentConnection for SeamlessExperience andPerformance,Secure Mobility Web Security with Next Generation Remote Access,Acceptable Use,Access Control,Intranet,Corporate File Sharing,Access Granted,Data Loss Prevention,Threat Prevention,解决方案 :Secure Mobility,互联网出口安装ASA + WSA,家庭,咖啡店,机场,接入点,INTERNET,应用,企业托管SaaS,News,Email,AnyConnect Client,接入设备,社交网络,Flexible DeliveryAppliance, Cloud & Hybrid,News,Email,Social Networking,Enterprise SaaS,Cisco Web Security Appliance,Information Sharing Between ASA and WSA,Corporate AD,ASA,AnyConnect,Anywhere+(Transitioning to AnyConnect),思科下一代移动安全解决方案,永久在线自动寻找最优接入点自动识别设备当前所在的网络区域应用控制单点登录,五.内容安全与数据防泄露,ASA “云”火墙 - URL、IP层面过滤IronPort 网关 内容层面过滤,Email内容,Email/Web策略制定,Web内容,ASA云火墙,ESA（硬件网关） - Email安全硬件网关层面的邮箱防护 *防垃圾，防病毒，防攻击 邮件的政策性管理 *防泄密，备份等邮件相关应用 *营销邮件，业务通知 *信用卡账单，话费账单等邮件加密需求WSA（硬件网关）- Web安全上网行为管理上网加速缓存防毒墙,思科信息安全架构信誉度 邮件及Web安全,Web 安全 | Email 安全 | 安全管理 | 加密,邮件安全网关,互联网安全网关,安全管理设备,SensorBase安全威胁数据库,应用安全网关,终端客户,阻挡来自互联网络的威胁,保护企业信息资产与信息丢失防护,集中安全管理与维护,Internet,邮件加密设备,Internet,用户体验,思科云火墙、Web云服务,企业网络云组件,Web 安全,Email 安全,IPS入侵检测 7.0,具有防木马感染的ASA防火墙,ASR1000的WebEx节点,ISR G2 可用服务模块SRE,思科 AXP,弹性应用、 本地性能、 安全法规遵从,广域网,企业,分支机构,思科WebEx 协同云,全球协同邮件安全,应用云,领先的实时安全情报中心日均50亿次查询量超过150个 Email与Web参数监控全球近30%流量,思科安全云服务,Anyconnect移动安全互联,Netflow v9异常流量监控,ScanSafe云服务,数据库Sensorbase,Cisco ASA Industrys Most Proven Firewall,Trusted15+ years of proven innovationBroad portfolio of devicesVersatile, multi-service platformAdaptiveGranular policy enforcementIn-depth defense for todays highly collaborative environmentLeader in secure business connectivity,Cisco Adaptive Security Appliances,Granular Access ControlsAdvanced Threat ProtectionSecure ConnectivitySecure Unified CommunicationsComprehensive Management,Summary：Cisco ASA 5500 SeriesComprehensive Solutions from Branch to the Data Center,Teleworker,Branch Office,InternetEdge,ASA 5550 (1.2 Gbps, 36K conn/s),ASA 5505 (150 Mbps, 4K Conn/s),Cisco ASA 5500: Branch to the Data Center,Data Center,ASA 5540 (650 Mbps, 25K conn/s),ASA 5520 (450 Mbps, 12K conn/s),ASA 5510 (300 Mbps, 9K conn/s),ASA 5580-20 (5-10 Gbps, 90K conn/s),ASA 5580-40 (10-20 Gbps, 150K conn/s),Campus,Cisco ASA 5500 Platforms,FWSM*(5 Gbps)*PIX feature set,新产品发布：Cisco ASA 5585,为数据中心设计的下一代防火墙,业界最快的连接建立速度最多的VPN数目,业界最优的防火墙、入侵防御和VPN的整合云智能安全永久在线的远程访问,部署灵活领先的性能密度领先的能耗比,Cisco ASA 5500 Series Portfolio Comprehensive Solutions from SOHO to the Data Center,Multi-Service (Firewall/VPN and IPS),Performance and Scalability,Data Center,Campus,Branch Office,SOHO,Internet Edge,ASA 5585 SSP-60(35 Gbps, 350K cps),ASA 5585 SSP-40(20 Gbps, 200K cps),ASA 5585 SSP-20(10 Gbps, 125K cps),ASA 5585 SSP-10(4 Gbps, 50K cps),ASA 5540 (650 Mbps,25K cps),ASA 5520 (450 Mbps,12K cps),ASA 5510 (300 Mbps,9K cps),ASA 5505 (150 Mbps, 4K cps),ASA 5550 (1.2 Gbps, 36K cps),ASA 5580-20 (10 Gbps, 90K cps),ASA 5580-40 (20 Gbps, 150K cps),Firewall and VPN Appliance,议程,思科安全无边界网络架构外联业务安全思科云火墙解决方案内网业务安全思科攻击定位与响应解决方案问与答,Infected Host,内部网络的复杂性,安全监控与响应的挑战,Action Steps:AlertInvestigateMitigate,网络运营,安全运营,Security Knowledge- Base,总是太迟,Firewall,IDS/IPS,VPN,VulnerabilityScanners,AuthenticationServers,Router/Switch,Antivirus,10K Win,100s UNIX,真实的攻击导致出现大量的独立警告事件实时停止威胁传播保护公司资产,如何快速准确定位与响应安全攻击发生在,思科Global Correlation IPS Changing Network IPS to Global IPS,效率2倍于传统仅基于签名的IPS精确度信誉分析的引入大幅降低误报率及时比传统基于签名的IPS快100倍以上对最新型的攻击开始拦截,Harnessing the Power of Cisco Security Intelligence Operations,Results Averaged Over Two Week Period in Pre-release Deployments,Security Infrastructure That Dynamically Protect Against the Latest Threats Through:,The Most Comprehensive Vulnerability and Sender Reputation Database,A Global Team of Security Researchers, Analysts, and Signature Developers,Dynamic Updates and Actionable Intelligence,Cisco Security Intelligence Operations思科安全智能运营中心CSIO,Cisco SensorBase,Threat Operations Center,Dynamic Updates,Powered by Global Correlation,Cisco Intrusion Prevention System更精确的实时威胁防御,智能检测技术,Management and Operations,灵活、安全的平台,动态防护,应用保护,Cisco Security Intelligence Operations (SIO),方便的部署至现有网络Easy Integration into any Network Topology,Virtual Sensors,Inline On-A-Stick,Flexible deploymentInline or out-of-bandInline “on-a-stick” No rewiring of the networkLower operational costsVirtual sensors Device consolidation Policy flexibilityMixed-mode deployment Inline and out-of-band,Prevent Future AttacksDashboard RSS feeds inform operators of widespread threatsOver 150 customizable report templates keep operators up to date on threatsReports include “attacks prevented” and “malware discovered”,See the ThreatPowerful event filtering and customizable color coding reduces network noise,IPS 事件管理Reporting and Event Management Hasten Response,CS-MARS report view,IPS Manager Express (IME) dashboard,Understand the ThreatEasily link directly to Cisco IntelliShield to find vulnerability patches,Performance,Cisco Security Management -CSMCapabilities to Match Your Network Demands,IPS Device Manager Single Device Manager,Event ManagementConfigurationHealth and PerformanceLicense Management,$27,$55,$95,$150,$125/$50,IPS Manager ExpressSMB Multi-Device Manager,ReportingEvent StoreEvent Management ConfigurationHealth and PerformanceLicense Management,CS-ManagerEnterprise SDN Management,Threat ID and ResolutionReportingEvent StoreEvent ManagementConfigurationHealth and PerformanceLicense Management,Summary：威胁防御与响应系统先知先觉，主动防御,快速获知安全攻击事件清晰描绘攻击路径准确定位攻击源头直接提供安全修复方案,Cisco IPS Product Portfolio,IOS IPS,IPS AIM and NME,Small,Medium,Large,Organization Size,ASA5510-AIP10ASA5520-AIP10,ISR,ASA5510-AIP20ASA5520-AIP20ASA5540-AIP20,IPS 4240,IPS 4255,IPS 4260,ASA 5500 Series,IPS 4200 Series,Catalyst 6500,Appliance,Switch-Integrated,Branch,Multi-Service,IPS 4270,IDSM2,Catalyst 6500 IDSM2 bundle,ASA5540-AIP40ASA5540-AIP40,