Cisco Defense Orchestrator Technical Decision Maker Presentation June 2016 Hello, my name is _______________ and I have been with Cisco for X years. Thank you for agreeing to discuss Cisco Defense Orchestrator. [CLICK]
Get The Most Out of Your Expanding Security Tool Set Cisco ASA with FirePOWER™ Services and Cisco Firepower™ Next-Generation Firewalls Cisco® ASA 5500-X Series Firewalls OpenDNS Umbrella
We’ve Heard from Distributed Businesses Like Yours That Maintaining an End-to-End Security Posture Is Increasingly Complex for Network Ops Manage constant changes in security policy and rules Keep up with business needs Stay ahead of the latest security threats Do more with fewer resources and cut costs We’ve heard from distributed businesses like yours that maintaining end-to-end security posture is becoming increasingly complex. “Plugging holes" in the proverbial security dam with point products doesn't work – it’s no longer an option to be reactive to security. Customers like you have said they’re faced with several changes. Here are just a few examples. You’re required to: Manage constant changes in security policy and rules. Sometimes the workarounds created to give your team the instant access or updates they’re asking for aren’t as secure as they should be or don’t get written into the proper policy. This opens you up to vulnerabilities. You also have to keep up with business needs. For example, as your business expands, you’ll have more Cisco devices, more policy requests and technologies to manage. It’s also super critical that your team stays ahead of the latest security threats. Often times this means you’ll need some way to leverage NGFW functionality with Security Intelligence Feeds to help you get cutting-edge IPS and Advanced Malware Protection. Your team might not have the expertise or time to keep up. And lastly, you’re required to do more with fewer resources. On top of the increased workload, you are often expected to meet growing demands with a team that just isn’t getting any bigger. Overall, this means you need an integrated security solution that is not only effective, but also simpler and consistent to manage. You need a systematic way to up your security game and provide robust Cisco security policy management across all of your locations. T: We know it hasn’t been easy. [CLICK]
Does This Sound Familiar? My team is stretched thin. We just keep up with the policy-change requests that hit us every day. I want to add new next-gen tools to keep up with the latest threats, but I don’t have the knowledge, the time or the resources to do it – it’s just too complicated. It’s a struggle for us to maintain consistent security as our company grows. [Presenter guidance: Get up close and personal with your audience. Use this opportunity to get your customer talking. Take notes and use these points to frame the rest of your conversation.] Does any of the following sound familiar? Perhaps you’re hearing or experiencing this on your team: It’s complex to manage security policy across multiple layers, with multiple technologies that don’t always play nicely together. The need to figure out what works and what doesn’t, while maintaining uptime and protecting against breaches can be difficult to balance. You’ve got barely enough time and resources to keep up with the status quo, let alone think of ways to make it better or improve your strategy. It’s a lot to manage, especially because there’s no room for mistakes or downtime. T: The good news is, we have built a solution that addresses these kinds of challenges. Our solution is informed from the ground up with input from customers, and it’s their feedback that has helped us deliver a solution that meets core needs. Hopefully your needs, as well. [CLICK]
Cisco Defense Orchestrator Introducing Cisco Defense Orchestrator A cloud-based policy management solution for Cisco security products T: I’d like to introduce Cisco Defense Orchestrator, a cloud-based policy management solution for Cisco security products. [CLICK]
And Cisco Defense Orchestrator Is Here to Help Simple Efficient Effective Streamline security policy management and next-generation defense Extend the reach of your resources Achieve better security without adding complexity Using Cisco Defense Orchestrator will strengthen your security posture. This security management system is simple, efficient and effective. It will streamline your security policy management and next-gen firewall defense, enable you to do more with less, and we promise, it will strengthen your security without complicating your life. T: And you get all of this from a central location. [CLICK]
Cisco Defense Orchestrator: Security Policy Management Simplified Reports Simple search Notifications Device onboarding Policy change management Policy modeling, analysis and optimization Policy monitoring and reporting Scalable orchestration of changes Import from offline Discover direct from device Security policy management Cisco Defense Orchestrator enables you to manage your policies through the cloud with 7 key capabilities: Device onboarding Object and policy analysis Security templates Simple search-based management Change impact modeling Out-of-band notifications Automatic reports Each of these features enable you to strengthen your next-gen firewall security posture. T: But how easy is it to get started? [CLICK]
Onboard Security Devices Easily in One of Two Ways Device onboarding Get started through a simple interface Customer Network Cisco® Defense Orchestrator Connect directly through the cloud Set up a secure connection within your data center Secure Data Connector Choose between cloud or on-premises connection Security policy management Object and policy analysis Security templates Simple search-based management Change impact modeling Out-of-band notifications Reports 1 2 Onboarding devices is easy, and managing security should be, too. Get started with our simple onboarding interface. If you’re onboarding with a device, Defense Orchestrator supports ASAs, as well as ASAs with FirePOWER Services. And connecting to Cisco Defense Orchestrator is simple, regardless of whether you choose to onboard in the cloud or on your own premises. T: Once you’re onboarded, then the real fun begins. [CLICK]
Security Policy Management Device onboarding Defense Orchestrator helps you manage your security policy holistically Security policy management Change Management: Get visibility to change impact across affected security services and devices Auditing: Gain policy awareness and identify issues Cisco Defense Orchestrator Change Impact Modeling Object & Policy Analysis Object and policy analysis Security templates Simple search-based management Import From Offline Discover Direct From Device Device Onboarding Change impact modeling Security Policy Management Reports Out-of-band notifications Monitoring: Track policy implementation and activity across all impacted security services and devices Optimization: Adjust security policy rulesets to optimize performance Reports OOB Notifications Once your devices are connected, Defense Orchestrator helps you orchestrate all four aspects of security policy management – through change management, auditing, optimization and monitoring. For Change Management, you get visibility to change impact across affected Cisco security services and devices. You can visualize and orchestrate how changes affect global security posture using change impact modeling. For Auditing, you gain policy awareness and identify issues. You have the ability to compare and edit duplicate, unused, and inconsistent configurations by conducting object and policy analysis. In terms of Optimization, you can adjust Cisco security policy rulesets to optimize performance using change impact modeling. You can also easily apply policy configurations across all Cisco devices. And lastly, for Monitoring, you can track policy implementation and activity across all impacted Cisco security services and devices through aggregated reports and out-of-band notifications.
Optimize your firewall by correcting duplicates Effectively Analyze Policies and Objects Across Your Entire Infrastructure Device onboarding Optimize your firewall by correcting duplicates Security policy management Policies Quickly see duplicate objects Object and policy analysis Duplicate Object 1 Object 1 Security templates Inconsistent Object 1 Simple search-based management Rename Policy Unused Edit Policy Change impact modeling Out-of-band notifications Reports Now that you have devices in the Defense Orchestrator environment, you are able to interact with all of your Cisco security devices to ensure that your security posture is sound. Let’s say you have 5 branches, including your headquarters, and you need to make sure they’re secure. Defense Orchestrator enables you to see where you have duplicate policies and gives you the option to either rename them if they are in fact protecting your infrastructure, or to edit the policies to remove any overlapping instructions. Removing duplicate policies and objects from your network helps optimize your firewall. By removing duplicate properties, your firewall doesn’t spin its wheels trying to protect your system in multiple ways using the same policies and objects. T: Cisco Defense Orchestrator also enables you to spot inconsistencies within your network. [CLICK]
Address inconsistencies Effectively Analyze Policies and Objects Across Your Entire Infrastructure Device onboarding Address inconsistencies Security policy management Policies Quickly see inconsistent policies Quickly see Duplicate Policies Object and policy analysis Duplicate Policy 1 Objects 1 2 3 Duplicate Policy 1 Policy 2 Objects 1 2 3b Policy 1 Security templates Inconsistent Policy 1 Simple search-based management Rename Policy Unused Edit Policy Change impact modeling Out-of-band notifications Reports Defense Orchestrator not only lets you see where inconsistencies exist, but it lets you dive into the details and see exactly where they reside. The detailed view within Cisco Defense Orchestrator allows you to easily remediate any anomalies in your network. T: You can also confidently identify policies and objects that are being used in your network. [CLICK]
Remove unused policies to instantly improve your security posture Effectively Analyze Policies and Objects Across Your Entire Infrastructure Device onboarding Remove unused policies to instantly improve your security posture Security policy management Policies Quickly see Inconsistent Policies Quickly see Duplicate Policies Quickly see unused policies Object and policy analysis Policy 1 Objects 1 2 3 Policy 5 Duplicate Policy 1 Objects 1 2 3b Policy 6 Security templates Inconsistent Inconsistent Policy 7 Delete Policy Simple search-based management Unused Edit Policy Change impact modeling Out-of-band notifications Reports Unused policies and objects just take up energy and space in your system. When these unused policies and objects take up memory space, it slows down your entire system, weakening your security performance. Defense Orchestrator automatically identifies which policies and objects are going unused. This enables you to confidently remove any unused policies, with the knowledge that your security posture will not be impacted by these changes. T: Cisco Defense Orchestrator helps you set up your security policies right the first time. [CLICK]
Precisely Manage Device Configuration from Start to Finish Device onboarding Security policy management </p> /> </p> </p> /> Object and policy analysis </p> /> </p> /> </p> /> </p> /> <location server> </p> /> </p> /> <IP address> Security templates /> <Host name> </p> /> </p> /> Simple search-based management Export New Branch Change impact modeling Out-of-band notifications Reports Defense Orchestrator drives efficiency in Cisco security deployments without compromising your security. How does it do that? Templates. Templates allow you to determine the best security practices for your company and apply those practices out across your entire business. Each template is parameterized by specifying things like Location server, IP address, and Host name. And you can also use templates to assign device-specific values. Defense Orchestrator helps your business to scale by making it easy to save and export security template. Want to open another branch? Not a problem. You can arm your new branch with the same exact template that is protecting the rest of your infrastructure. T: Once you have all of your security templates set up, it’s important that you’re able to easily find and manage your security assets. [CLICK]
Easily See Which Policies Are Enforced Across Your Infrastructure Device onboarding F a c e b o o k Security policy management www Searching 5024 records www Object and policy analysis Search results for “Facebook” Security templates Facebook. com Domain/IP OpenDNS 15 Block 13 Allow Facebook Chat Application FirePOWER Facebook Games 20 Block 15 Allow Social Networking URL Category Firepower Threat Defense 10 Block 10 Allow Simple search-based management Change impact modeling Out-of-band notifications Reports Seeing how many policies and objects are sitting in Cisco Defense Orchestrator can be daunting. You’re probably managing thousands of policies and objects. If you want to know how a particular object is interacting in different locations on different policies, the last thing you want to do is manually sift through all of your device information. The simple search-based management feature allows you to do just that. Simple search-based management provides you a single-pane view across all of your Cisco security devices. Simply search by policy, object, ACL name, and/or network name to find exactly what you want to know. We know you’re busy and we know that managing security can be tedious and time consuming. Cisco wants to make managing security simple, so we made it as easy as a web search. T: And what you can do once you find what you’re looking for can make a big impact on your security posture. [CLICK]
Rapidly Determine Impact of Policy Changes Before Deployment Device onboarding Review policy and object changes in a safe environment Security policy management Object and policy analysis Instant Messaging Policy Active Review current policy Turn off Instant Messaging Google chat Google talk Facebook messenger Yahoo chat AOL chat View change impact Validate change Security templates Deploy broadly Sync Simple search-based management Change impact modeling Revise if needed Revise if needed Out-of-band notifications Reports Making changes to your security policies without fully understanding the impact of that change opens you up to a lot of risk. Cisco Defense Orchestrator makes it easy for you to determine the impact of policy changes prior to deploying the change out to your entire organization. For instance, say I have a policy in place to block access to all instant messaging applications. As long as that policy is active, people on my network cannot access those sites. Say, however, that I have a business need that requires access to Google Talk. I can turn on the Google Talk as an application through my network and continue to block the rest of the instant messaging applications. As you see in this slide, even if I allow Google Talk, none of the other instant messaging objects or policies are impacted. They remain blocked. As the admin, I can then decide whether or not I want to deploy the change broadly across my network. If I decide everything is good to go, I can sync the policy with all of my security devices. If I decide that this isn’t the change I want to make, I simply revise the change and find another way to achieve the outcome I’m looking for. T: But what happens if someone else decides to make a change to my network? [CLICK]
Automatically Receive Notifications When Policy Changes Occur Device onboarding Branch office makes unplanned changes to the network Security policy management Object and policy analysis Security templates Simple search-based management Policy change Policy 1 Policy 2 Policy 3 Policy 4 Change impact modeling Discard change Out-of-band notifications Deploy change Reports Headquarters receives automatic notification. Choice to discard change or deploy broadly When unplanned changes are made to your security policies, you’re weakening the defense of your entire infrastructure. Defense Orchestrator helps keep your security posture consistent by sending you automatic out-of-band notifications. As soon as a field tech makes an unplanned change at a specific branch, the lead IT administrator is notified regarding those changes and can to decide whether or not that change should be blocked or distributed to all of the other branches. If the IT administrator chooses to deploy the change, all branches will be protected by the updated template. Should the change be blocked, the branch that initiated the unplanned change will revert back to the original template. This ensures that your organization has a consistent, strong, security posture. T: To understand how your network is behaving overtime, Cisco Defense Orchestrator provides several automatic reports. [CLICK]
Efficiently Track Policy Effectiveness Device onboarding Top destination Top applications Attacks and threats Security policy management Analyze where people in your network are most often visiting. Learn which applications your network is using the most. Identify where any potential and current attacks and threats might be coming from and how they’re affecting your network. Object and policy analysis Security templates Top web categories Simple search-based management Evaluate the top web categories that people are using on your network and determine where there might be gaps in security. Change impact modeling Out-of-band notifications Reports Cisco Defense Orchestrator provides four automatic reports Attacks and threats Top destinations Top web categories Top applications With these reports, you’re able to view aggregated information about your Cisco security solution, not just the performance of one device. This enables a deep analysis of what’s working, what policies or objects need to be improved and which locations are lacking protection, if any. It also makes any potential threats or attack easily visible, so you and your organization can address problems quickly. T: Cisco wants to make keeping your company secure, easy. [CLICK]
And Increase Visibility into Your Cisco Security Network Device onboarding Analyze the performance of your entire infrastructure Security policy management Get visibility into Layer 7 Identify trends within your network with reports on top destination, applications, and web categories Object and policy analysis Security templates Simple search-based management Change impact modeling Out-of-band notifications Reports These reports help you analyze the performance of your entire Cisco infrastructure. They grant visibility into Layer-7 and identify trends within your network, enabling your organization to gain a stronger, more consistent security posture. T: But let’s see what this looks like in reality. [CLICK]
Demo of Cisco Defense Orchestrator
Cisco Defense Orchestrator Security, Deployment, and Architecture I’ll now walk you through how it all works in terms of deployment options.
Cisco Defense Orchestrator Is Secure at Every Level, Regardless of Connection Method Secure multitenant architecture within Cisco Defense Orchestrator 1 Cisco® Defense Orchestrator Customer Customer Data in motion is encrypted with Secure Sockets Layer (SSL) on a per-customer basis 2 2FA 2FA 3 3 4 4 1 Secure multitenant architecture Two-factor authentication (2FA) is required for users to connect to their tenant SSL 2 2 SSL 3 Customer Data Center Customer Data Center Data at rest is encrypted on a per-customer basis in a separate database instance 4 Secure data connector in the cloud Secure data connector in the customer data center There are two primary ways to connect with Cisco Defense Orchestrator. The first is with a Secure Data Connector in the cloud and the second through a Secure Data Connector in your Data Center. Regardless of the connection method, Defense Orchestrator is secure at every level. It starts with a secure, multi-tenant cloud, where your data is secured in your own tenant. All data in motion is encrypted with Secure Sockets Layer (SSL) on a per-customer basis. Next, Two-factor Authentication is required for all users to access their tenant within Defense Orchestrator. And lastly, all data at rest is encrypted on a per-customer basis in a separate database instance. T: Now, let’s look at the two connection methods in a little more detail. [CLICK]
Cisco® Defense Orchestrator One Way to Connect Is If All Your Devices Have Internet Connectivity Secure Data Connector in the Cloud – Customer 1 Cisco® Defense Orchestrator Customer 1 SSL Customer 1 Data Center SSL SSL Public Internet access Secure data connector in the cloud In this example, Customer 1 has internet connectivity to all of their Cisco security devices in their data center and branches. This customer has multiple locations with ASA and ASA+FirePOWER services, which are directly connected to their customer tenant using their Secure Data Connector in the cloud. Each ASA and ASA+FirePOWER Services device will establish secure communication with Defense Orchestrator via the Secure Data Connector.
Cisco® Defense Orchestrator Another Way to Connect Is If Your ASA + FirePOWER Device or FTD Has Private IP Address Connectivity Secure Data Connector in the Cloud – Customer 2 Cisco® Defense Orchestrator Customer 2 SSL Customer 2 Data Center SSL SSL IP forwarding Public Internet access Secure data connector in the cloud Similar to the previous example, in this scenario, the Secure Data Connector is also in the cloud. Customer 2 also has multiple locations with ASA and ASA+FirePOWER services devices and their datacenter and branches have internet connectivity. The difference here is that only the ASA module in the device has public internet access while the FirePOWER services module in the device has a private IP address. In this scenario, the customer can use the Secure Data Connector in the cloud to communicate with Defense Orchestrator. Each customer has their own secure data connector deployed in the cloud. We’ll take care of the inter-device communication by forwarding the traffic from private to public within the modules.
Cisco® Defense Orchestrator Or When Your Security Requirements Limit Cloud Connectivity Secure Data Connector in the Customer Data Center – Customer 4 Cisco® Defense Orchestrator Customer 4 SSL Customer 4 Data Center No Internet access Secure data connector in the customer data center This final scenario is very similar to the previous. This customer has security requirements that limit their cloud connectivity. In order to deploy Defense Orchestrator in this environment, the customer can download the Secure Data Connector in their data center. They’re limited to cloud connectivity, not due to lack of internet on their devices (they may or may not have internet on their devices), but because their security requirements mandate limited cloud connectivity. So in this case, the customer could connect the same way as the last example. T: Next, we’ll talk about Defense Orchestrator’s scalability availability. [CLICK]
Strengthen The Security Posture of Your Cloud Simplify security policy management in the cloud with Cisco Defense Orchestrator Security Plan and model security policy changes before deploying them across the cloud to ensure consistency with other security devices Deploy changes across virtual environments in real time or offline Receive notifications about any unplanned changes to security policies and objects Reports Simple search Notifications Device Onboarding Policy change management Policy modeling, analysis and optimization Policy monitoring and reporting Scalable orchestration of changes Import from offline Discover direct from device Security policy management Cisco Defense Orchestrator enables you to manage your policies through the cloud with 7 key capabilities: Device onboarding Object and policy analysis Security templates Simple search-based management Change impact modeling Out-of-band notifications Automatic reports Each of these features enable you to strengthen your next-gen firewall security posture. Security policy change management Plan and model security policy changes before you deploy them Confidently deploy changes in real time or offline, and verify that they do what they should Be notified about any unplanned changes to security policies and objects Respond to threats quickly by orchestrating security policy changes Periodically analyze the security policy configuration
Defense Orchestrator Is Highly Scalable and Highly Available Add more servers to scale All traffic is load balanced MESSAGE QUEUE REPLICA SET All services are stateless Elastic infrastructure allows for the addition of services Defense Orchestrator is highly scalable and highly available. It is built to manage any number of devices, so as you grow your business, it can meet your scale needs. Defense Orchestrator has highly reliable, always-on availability. We have an exact replica of the cloud environment in another location, so your data is always backed-up. T: Another aspect of our cloud architecture is being multi-tenant. [CLICK]
Multitenancy Isolates Your Data APPLICATION SERVER Connections in the connection pool are unauthenticated. Requires key to access database AUTHORIZATION SERVER INJECTED PRINCIPAL Customer A MT INFRASTRUCTURE Worker Threads SPRING FRAMEWORK Connection Pool Authenticate Get OAuth token Customer B BROWSER RESTCall Send Oauth Token Customer C Use OAuth token to retrieve a key to authenticate to the database and encrypt traffic KEY MANAGER Multi-tenancy helps you keep your data isolated. The multi-tenant environment allows us to isolate tenant data and encrypt it between the database and the application server. What you are seeing here is that the data is on a per-customer, per-tenant level, right from the browser to their database in the database server. Your data is encrypted at rest and in motion with Oauth tokens. Every customer is authorized with their own token. This means that in case of a security incident, the threat would need to go trough several layers of security encryption to get to data, all which are refreshed every 60 seconds. T: You can be confident that your security posture is strong through Defense Orchestrator. [CLICK]
We Understand the Problems You’re Experiencing Manage constant changes in security policy and rules Keep up with business needs Stay ahead of the latest security threats Do more with fewer resources We understand the problems you’ve been facing. It’s tough to keep up with constantly changing security policy, keep up with business expansion and stay ahead of the latest security threats, ALL while your resources are being trimmed. T: We want to make managing your security posture easier. [CLICK]
And Cisco Defense Orchestrator Is Here to Help Simple Efficient Effective Streamline security policy management and next-generation defense Extend the reach of your resources and cut costs Achieve better security without adding complexity Defense Orchestrator is simple, efficient and effective to use in your Cisco security environment. T: But don’t take our word for it. [CLICK]
Learn More and Schedule a Proof of Value Discover more about Cisco® Defense Orchestrator Email us to learn more about Defense Orchestrator cisco.com/go/cdo cdosales@cisco.com Find out for yourself how powerful this tool can be. You’ve seen the demo today, but we want you to understand how this will help your day-to-day security operations. Schedule a proof of value today and see how powerful Defense Orchestrator can be in your own security environment. T: Of course, you can always contact our team with any questions, but I’d be happy to answer any questions you have right now. [CLICK]
Thank you for your time.