“Cisco TechWise TV – Data Center Security” highlights
- IPv6 – is the future
- Cloud – is happening
- Security must be enabled in every Cisco SW, HW and ASIC component (architecture)
- Cisco Security budget for research – more than CheckPoint + Juniper + HP
- Cloud Security integration
- TrustSec embedded – when you ‘enter’ you are tagged and this tag will be with you once you reach inner layers
- ASA multiscale, multiplied in clusters.
- A single appliance is already reaching 40Gbps on FIREWALL and 10Gbps on IPS inspection.
- High Availability is now session-based. Not chassi-based anymore.
IPS 4510 / 4520
- Signatures updated 2x a week + reputation every 15 minutes from SIO
- Cisco still view IPS as a bastion host
Multiple Form Factors for ASA
- Blades (up to four blades per 6500 catalyst chassis)
- Virtuals (ASA 1000V supports vMotions)
- 70% of Internet infra is Cisco-based
- Same base code for all ASAs
Cloud Web Security
- Must follow employee whatever he/she is.
- Security must be invisible. If users realize it’s there, that’s not good for security teams.
Business class email security
- Encrypts the message once it has a confidential label after passing the border.
- Even if it was sent from an android phone.