Cisco Self Defending Network Phases

As shown in Figure 10-8, the Cisco Self-Defending Network contains three characteristic phases that together provide continuous, intelligent, future-proofed security, from the network through to the application layer:

■ Integrated security: Security defense technologies are incorporated across all network elements, including routing, switching, wireless, and security platforms so that every point in the network can defend itself. These security features include firewalls, VPNs, and trust and identity capabilities. An example is the use of the Cisco Security Agent, which provides endpoint server and desktop protection against new and emerging threats stemming from malicious network activity.

■ Collaborative security systems: The secure network components work together as a security system that adheres to and responds to an organization's security policies. An example of this collaborative characteristic is NAC, implemented in devices from multiple vendors.

■ Adaptive threat defense: The secure network uses several tools to defend against new security threats and changing network conditions. Application awareness defends against security threats entering the network from within Internet-enabled applications. Behavioral recognition defends against worms, viruses, spyware, DDoS attacks, and other threats. Network control intelligently monitors and manages the security infrastructure and provides tools for IT managers to audit, control, and correlate.

Figure 10-8 Cisco Self-Defending Network Phases

Integrated Security

Figure 10-8 Cisco Self-Defending Network Phases

Integrated Security

IPsec VPN

Adaptive Threat Defense

Collaborative Security

IPsec VPN

Cisco Security Agent

Firewalls and Intrusion Detection

Firewalls and Intrusion Detection

DDos Mitigation

Encrypted LAN and WAN / Antivirus Communications / Agent

Encrypted LAN and WAN / Antivirus Communications / Agent

Network Infection Containment

Identity-Based Networking

Cisco Security Agent

Identity-Based Networking

DDos Mitigation

Network

Admission

Control

Network

Admission

Control

The Cisco Self-Defending Network products can be deployed independently of one another or as part of a solution that links multiple products.

Was this article helpful?

0 0

Post a comment