Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 Advanced Security Management with PRSM & CSM 4.3

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 2

Cisco Confidential 3 At the end of the session, the participants should be able to: Present Prime Security Manager Architecture & Components Learn about PRSM “under the hood” Details on components, roles and benefits Sell PRSM Multi Device Manager Explain the value of PRSM Demonstrate PRSM by highlighting core strengths Deploy Next Generation Security Management Assist customers with deploying PRSM Multi Device Manager Provide guidance on events, reports and storage requirements

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 4

Cisco Confidential 5 Two deployment Options Virtual Machine (VM) CCO UCS Bundle November 14th Virtual Machine Delivered as single file with.ova extension Open Virtual Appliance (OVA) format VMware vSphere Hypervisor 4.1 (Update 2) UCS Bundle UCS C220 M3 Server + ESXi 4.1 U2 + VM

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 Deployment Planning Guide Available November ‘12

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 CX Managed by PRSM, event store and reporting engine are disabled on CX therefore, no events/reports are logged locally Raw events are sent to PRSM where events are stored and reports are processed Events are in google protobuf binary format CX PRSM SSL Event Forwarder Event Server Reliable Binary Logging

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Event Server Use up to 75% of the total available HDD space (events), greater than 75%, begin immediately overwriting old events in the event store. No API to pull data out of the event store Event Forwarding to 3 rd Party SIEM not supported PRSM SSL Event Forwarder Event Store CX

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 Event Server No batch query required for Reports (IE: MARS) Report Engine displays reports from Shared Buffer & Report Store Report data instantly available via browser refresh PRSM SSL Event Forwarder Event Store Report Engine Report Store CX

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 10

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 Small Deployment of 250 Users : 25 EPS A Single Binary Event consumes 300 Bytes Formula: (300x3600x12x25)/1,000,000 Disclaimer: Customer results may vary depending on application and usage. 10:1 Ratio of User to Events Per Second

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 Medium Deployment of 1,000 Users : 100 EPS A Single Binary Event consumes 300 Bytes Formula: (300x3600x12x100)/1,000,000,000 Disclaimer: Customer results may vary depending on application and usage. 10:1 Ratio of User to Events Per Second

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 Medium to Large Deployment of 10,000 Users : 1,000 EPS A Single Binary Event consumes 300 Bytes Formula: (300x3600x12x1000)/1,000,000,000 Disclaimer: Customer results may vary depending on application and usage. 10:1 Ratio of User to Events Per Second

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Very Large Deployment of 50,000 Users : 5000 EPS A Single Binary Event consumes 300 Bytes Formula: (300x3600x12x5000)/1,000,000,000 Disclaimer: Customer results may vary depending on application and usage. 10:1 Ratio of User to Events Per Second

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 Latest policy objects management tools Enhanced Policy Objects Manager Global Search/Find Usage ASA Image Management Advanced policy deployments Policy Bundle Deployment Latest optimization/troubleshooting tools Auto Conflicts Detection (ACD) Health & Performance Manager (HPM) Native RBAC configuration CSM 4.4 new features References

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 What it does Manages all policy objects Dockedable mode, Favorites & Recent lists Supports drag-and-drop (to policy) Better Find-usage, Search and Query tools How it works All objects are globally defined Most contents of objects are overridable with specific contents using Overrides feature (see notes) Find-usage tool includes results per device, policy & other objects Benefits Enhances policy troubleshooting and editing Simplifies policy management workflow Recommendations All objects can be queried only if changes are committed

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 What it does Quick and simple way to query/search for any objects: Polices, Objects, Devices, Tickets …etc Search by name or intelligent content search (e.g. tcp/22 for SSH or in /24) How it works Based on text or numeric inputs Supports wildcard (e.g * or datacenter*) Search results can be looked up with Find-usage tool, edited directly or exported to CSV Find-usage tool can be used to look up policies Benefits Quickly locates and finds specific objects Fully integrated with Objects Editor and Find-Usage Simplifies policy troubleshooting and editing processes Recommendations Large object database utilizes more system resources Run Search/Query in specific category

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 What it does Identical global set of rules that can be applied (shared or assigned) on multiple devices How it works A device’s policy can be shared as a shared policy Device(s) can be assigned with a shared policy, destination device’s local rule will be erased Device(s) can inherit a shared policy, destination device can inherit new policy and retain local rules “Un-share Policy” will convert policy to local rules. “Un- assign Policy” will remove all rules on device Benefits Simplifies deployment of global policy to device(s) in Branch Offices or Cookie-cutter Keeps single policy consistent among devices Recommendations Large shared policy assigned to too many devices can create performance issues Use Policy Clone feature to edit existing shared policy Share should be done in Device View

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 What it does Supports more complex policy requirements Creates policy hierarchy with multiple shared policies Mandatory/Default sections provide flexibility How it works A shared policy can inherit other shared policies (as parent) Device(s) can be assigned with inherited policy in hierarchy Device can retain local rules after inheritance Un-assigning inherited policy will remove all rules on device Benefits Multiple shared policies (hierarchy) deployment Useful for firewalls/policies consolidation & merging Recommendations Minimize number of layers in hierarchy Use Interface rules in Mandatory section Use Global rules in Default section Should be managed via Policy View

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 What it does Creates logical grouping of different shared policy (e.g. FW rules + Inspection + BTF …) Efficiently assigns different shared policies to applicable device(s) How it works Shared policies can be group in a bundle from new Policy Bundle View Policy bundle can be assigned to device(s) in single operation. Device can also inherit policy in bundle Benefits Useful for Branches or Cookie-cutters with complete policy deployment (FW/IPS/VPN …etc) Most efficient way to deploy and manage complete policy deployment Recommendations Bundle should have same type of platform’s policies. For example ASA policy bundle have ASA policies only When un-assigning bundle, device policy will be emptied

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 What it does Automatically locates and finds conflicts between rules Generates Conflicts Report and recommendation for resolutions How it works Analyzes overlaps in contents based on Users, Src, Dst, Svc Determines type of conflicts based on matches between rules: Redundant/Shadowed Rules (Full or Partial), Redundant Objects Benefits Minimizes duplicates when adding/modifying rules Maintains Cleaner/simpler policy with fewer rules Improves firewall performance Recommendations On by default, turn off when not need or when working on a large rule table Use Filter tool to locate specific conflict type Rules Combiner can be used to minimize conflicts

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 What it does Monitors device (ASA/IPS) operational status: CPU/Mem/Interface/License/Certificate/Traffic …etc. Monitors policy usages (FW/NAT connections, VPN …etc) Alerts Admin when problems detected ( ) How it works Priority monitored device: Polls device every 5 mins Normal monitored device: every 10 mins Alerts are raised when configured Thresholds are reached Stores collected data for 30 days Benefits Centrally monitors and proactively detects problems Provides device’s live and historical data for troubleshooting Alerts Admins in real-time Recommendations Tune polling interval for larger number of devices Tune thresholds to work properly with specific environments or device types C:\Program Files (x86)\CSCOpx\MDC\hpm\config

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 23

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 Overview Simplified RBAC integration and implementation Native RBAC provides similar RBAC functionalities without using ACS Users, their roles and privileges are defined locally in CSM/Common Services Uses CSM’s native device group and inventory External user authentication can be done with external AAA or AD server Co-exist with ACS 4.x support for legacy ACS RBAC Mode

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 Full customization for specific roles with specific tasks (Modify, Approve, Assign …etc) Roles Import/Export functions Application Tasks specifics (CSM, AUS & CS) privileges Factory roles (non-editable) 5 roles are common for CS and CSM 1 role is specific to CS 2 roles are specific to CSM

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 Defines and authenticates local users & passwords Authorization Types: Full Authorization: No restrictions (admin users) Enable Task Authorization: No device restrictions Supports multiple roles Enable Device Authorization: Supports multiple roles Restricts device access based on device groups

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 Same remote AAA users (External) should be created locally in CSM Recommended external authentication servers: ACS 5.x as TACACS+ server, Microsoft AD, Local Windows ACS 4.x in ACS RBAC mode is still supported as-is (ACS mode). Re- registration required because additional Privilege Strings added to CSM for new features

Thank you.