© 2014 Cisco and/or its affiliates. All rights reserved. 1© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
CYBERSECURITY for ENTERPRISE
INFRASTRUCTURE: Protecting your DataCenter
Marco MazzoleniConsulting Systems Engineer, Cisco GSSO
© 2014 Cisco and/or its affiliates. All rights reserved. 2
Data Center Security Challenges
Without integrated security, our customer’s data centers are at risk
60%of data isstolen in
HOURS
54%of data center breaches remain undiscovered for
MONTHS
YEARSMONTHSWEEKSHOURSSTART
85%of data center intrusions
aren’t discovered for WEEKS
51%increase in companies reporting a $10M loss
or more in the last YEAR
Source: Verizon 2014 Data Breach Investigations Report (DBIR)
© 2014 Cisco and/or its affiliates. All rights reserved. 3
Data Center Administrators Need New Security
�IT professionals don’t know what they’re protecting
�They can’t see or recognize what’s in their environment
�They can’t deal with unknown attacks
�Even if technologies are purchased, in many cases, IT
profesionals cannot use them properly
�Complexity and fragmentation
�Operational challenges
ImpactChallenges Why Cisco? SolutionCustomer Stats
Fitness Company Builds Secure Data Center
• Industry: Health,
Wellness and Fitness
• Location: Santa Monica,
California
• Employees: 600
• Reduce data center footprint
by 50 percent
• Provides holistic view of
threat environment for all
customer
• Simplifies security
management and operations,
and provides economic
sustainability for IT
infrastructure
• Provide advanced IT
services, Visibility across
the network
• Help ensure security in
multitenant environment
• Simplify network and
security operations
• Has long relied on Cisco for
nearly all IT needs, from
metro fiber network to data
center infrastructure
• Considered other vendors,
but while their devices may
be capable, Cisco provides a
fully integrated solution
• Most capable solution for
meeting multitenancy, other
project-related demands
• Cisco ASA 5585-X Adaptive
Security Appliance with Next-
Generation Firewall Services
with IPS and Global Threat
Correlation
• Cisco Identity Service Engine
• Cisco Trutsec
“With the converged Cisco
solution, we can now centralize
monitoring and management for
all our resources and provide
better support and services to
users without increasing IT staff.”
— Brian C. Young, Infrastructure
Manager, Adena Health System
Beachbody quote: on ASA 5585-X: “We can cluster without losing performance. It’s the perfect firewall platform to insert into the compute environment of our UCS.”
Beachbody quote: on ASA 5585-X: “We can cluster without losing performance. It’s the perfect firewall platform to insert into the compute environment of our UCS.”
ASA + FirePOWER provides:
• Data Center Integration• Physical and virtual solutions
• Support for asymmetric traffic
• Policy-based provisioning
• Full integration with ACI APIC
• Data Center Performance• High availability and failover
• Advanced multi-site clustering
• Before/During/After protection at data center speeds
• Data Center Protection• Protection against advanced threats
• Inspection of custom applications
• Retrospective analysis and remediation
Cisco Security: Secure the Data Center
ASA w/FirePOWER Services
ASA and ASAv FirePOWER NGIPS and vNGIPS
Cisco has been identified as the clear Data Center security leader by data center administrators for the second year in a rowNumber 1 in All 10 Infonetics Leadership Criteria
How
What
Who
Where
When
Cisco Identity Services Engine (ISE)Delivering the Visibility and Control for Secure Network Access
Network
Partner Context Data
Consistent SecureAccess Policy
Cisco ISE
7© 2013-2014 Cisco and/or its affiliates. All rights reserved.
The New Security Model
BEFOREDiscoverEnforce Harden
AFTERScope
ContainRemediate
Attack Continuum
Detect Block
Defend
DURING
Network Endpoint Mobile Virtual Cloud
Point in Time Continuous
Thank You