Cisco Data Center security – the highlights

“Cisco TechWise TV – Data Center Security” highlights

http://www.cisco.com/web/learning/le21/onlineevts/offers/twtv/twtv120port/reg.html?PRIORITY_CODE=000143256

  • IPv6 – is the future
  • Cloud – is happening
  • Security must be enabled in every Cisco SW, HW and ASIC component (architecture)
  • Cisco Security budget for research – more than CheckPoint + Juniper + HP

ASA 9.0

  • Cloud Security integration
  • TrustSec embedded – when you ‘enter’ you are tagged and this tag will be with you once you reach inner layers
  • ASA multiscale, multiplied in clusters.
  • A single appliance is already reaching 40Gbps on FIREWALL and 10Gbps on IPS inspection.
  • High Availability is now session-based. Not chassi-based anymore.

IPS 4510 / 4520

  • Signatures updated 2x a week + reputation every 15 minutes from SIO
  • Cisco still view IPS as a bastion host

Multiple Form Factors for ASA

  • Blades (up to four blades per 6500 catalyst chassis)
  • Appliances
  • Virtuals (ASA 1000V supports vMotions)
  • 70% of Internet infra is Cisco-based
  • Same base code for all ASAs

Cloud Web Security

  • Must follow employee whatever he/she is.
  • Security must be invisible. If users realize it’s there, that’s not good for security teams.

Business class email security

  • Encrypts the message once it has a confidential label after passing the border.
  • Even if it was sent from an android phone.
  • by RLM