Cisco Defense Orchestrator A cloud-based policy management solution for Cisco security products Thank you for taking the next 20min to learn more about Cisco Defense Orchestrator   My name is Derek Young and I work for with an internal start-up development group at Cisco called Project Lockhart. We are an innovative group that was chartered to develop a solution from ground up that will address a core fundamental issue for our clients. That issue is to create a simple and consistent way to manage security policy across Cisco’s security platforms. The solution is Cisco Defense Orchestrator. We didn’t start development blindly, but we based it on feedback from our clients…..your clients! Here is what they had to say!

Agenda What Problems Are We Addressing? What is CDO? Multi-Tenant Architecture Security Architecture Demo Time!

The Problem? Manage constant changes in security policy and rules Keep up with business needs Stay ahead of the latest security threats Do more with fewer resources Maintaining end-to-end security posture is becoming increasingly complex. “Plugging holes" in the proverbial security dam with point products doesn't work. Being reactive to security challenges is no longer an option to driving end to end security posture. Here are just a few examples of these challenges. First, managing constant changes in security policy and rules is a challenge. Today’s goal is to simply keep up with the vulnerabilities or changes in the business. This is forcing clients to focus on adding more rules rather than managing them of which leads to all sorts of issues, but most importantly, could leave them vulnerable to a new attack! Keeping up with business needs is also challenging. As your client’s business expands, they constantly have to evaluate and introduce more security solutions, policy requests and technologies to manage. Complex….not simple! It’s critical that your team stay ahead of the latest security threats. Evaluating the latest technology is critical to your clients, but it also presents new challenges to their day/day operations. Embracing technology like NGFW to protect the business is important, but it needs to be efficient and simple! And lastly, you’re required to do more with fewer resources. On top of the increased workload, you are often expected to meet growing demands with a team that just isn’t getting any bigger. Overall, these challenges indicate that your clients would be well served by an truly integrated solution, but it has to be consistent and simple to manage.

Defense Orchestrator Strengthen Your Security Posture End to End Simple Streamline security policy management and next-gen defense Efficient Extend the reach of your resources Effective Achieve better security without adding complexity Introducing Defense Orchestrator: Leveraging Defense Orchestrator, your clients are able to simply and consistently manage security policy across multiple Cisco security devices from the cloud. (3) design principles we kept in mind as we built this solution was to keep it simple….make it efficient and to be effective. Simple: You can streamline security policy management and next-gen defense, Efficient: Extend the reach of your current resources Effective: Most security tools add management complexity. This is one of the only tools that will actually reduce the complexity and improve your security at the same time.

Position CDO to Manage Both ASA and Firepower Policy! Who is our Audience? Security Focused Buyer NetOps Buyer Staffed and funded for security analytics, does it today, needs more in intelligence from the network Manages primarily connectivity, needs to care about security but does not responsibility to investigate it Position FMC to Managed Firepower and CDO to Managed ASA Policy! Position CDO to Manage Both ASA and Firepower Policy! Target Audience There are (2) personas that we will talk to when discussing CDO; Security Buyer: This company has made a significant investment into security analysts, security NOC or security engineering. They have the resources and skills to work with technologies like FMC/Defense Center. IF this is the case, then we should be talking to them all day long. Few scenarios might be: IF the client has ASA with Firepower, maybe they use FMC to manage firepower policy and use CDO to manage ASA policy IF the client is going the the route of FTD, then maybe they use solely FMC Network Buyer: This is the “jack of all trades”. This person is the systems, storage, network and now…security admin. They don’t have the luxury of time and most likely skill to learn a solution like FMC. What they need is to ensure that they have the protection of Firepower. These are the folks that need CDO to help keep it simple and consistent.

Multi-Tenancy Environment AUTHORIZATION SERVER APPLICATION SERVER Connections in the connection pool are unauthenticated. Requires key to access DB INJECTED PRINCIPAL MT INFRASTRUCTURE Customer A SPRING FRAMEWORK Worker Threads Connection Pool Authenticate Get OAuth Token Customer B BROWSER REST Call Send OAuth Token Customer C Use OAuth token to retrieve a key to authenticate to the database and encrypt traffic KEY MANAGER Multi-tenancy helps you keep your data isolated. The multi-tenant environment allows us to isolate tenant data and encrypt it between the database and the application server. What you are seeing here is that the data is on a per-customer, per-tenant level, right from the browser to their database in the database server. Your data is encrypted at rest and in motion with Oauth tokens. Every customer is authorized with their own token. This means that in case of a security incident, the threat would need to go trough several layers of security encryption to get to data, all which are refreshed every 60 seconds. T: You can be confident that your security posture is strong through Defense Orchestrator. [CLICK]

https://cisco.jiveon.com/groups/cisco-defense-orchestrator Need Further Help? Contact Us At: cdosales@cisco.com