Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

ASK THE EXPERT - SECURING CUSTOMER DATA FROM THE INSIDE THREAT

Welcome to the Cisco Networking Professionals Ask the Expert conversation for small and medium business. For a one-week period, small and medium business and technology leaders and Cisco engineers are available to continue discussing issues and ideas from scheduled live web broadcasts.

This is an opportunity to learn with experts Jackie Wah, Christina Hausman and Robb Boyd how to secure customer data from the inside threat. Jackie a 10-year veteran at RSA, has held a number of positions within marketing and sales. His primary responsibilities include teaming with sales to provide best-of-breed solutions (strong two-factor authentication, PKI, authorization and single sign-on) based on customer needs, critical success factors, and network designs. Christina a product manager in the Security Technology Group at Cisco, is responsible for strategy for the Cisco Security Agent product family. She has spent the last six years as a product manager for the Cisco VPN 3000 Concentrator, PIX, and ASA 5500 Series Security Appliances, defining product requirements and planning launch activities. Robb a security marketing manager who functions most visibly as the Cisco Security Expert on Cisco's Techwise TV, is certified by ISC2 as a Certified Information Systems Security Professional and has a Global Information Assurance Certification Security Essentials Certification from SANS.

Remember to use the rating system to let Jackie, Christina and Robb know if you have received an adequate response.

They might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through September 20, 2006. Visit this forum often to view responses to your questions and the questions of other community members.

9 REPLIES
New Member

Re: ASK THE EXPERT - SECURING CUSTOMER DATA FROM THE INSIDE THRE

Hello all

What is CSA's role in NAC/NAC Appliance deployments?

Thanks,

Bill

Cisco Employee

Re: ASK THE EXPERT - SECURING CUSTOMER DATA FROM THE INSIDE THRE

CSA protects the integrity of the endpoint participating in NAC/NAC Appliance deployments. Its default policies prevent known and unknown attacks (day zero) without requiring updates or emergency patching. In addition to providing day zero protection, CSA's Trusted QoS feature improves the delivery of mission-critical traffic when the network is under heavy load.

Silver

Re: ASK THE EXPERT - SECURING CUSTOMER DATA FROM THE INSIDE THRE

Can you tell me how does CSA fit in with the rest of Cisco?s Security portfolio?

Thanks,

Tom

Cisco Employee

Re: ASK THE EXPERT - SECURING CUSTOMER DATA FROM THE INSIDE THRE

Endpoints running CSA share security information with Cisco network security devices allowing more accurate real-time security enforcement. CSA provides endpoint security for Cisco VPN devices for IPSec and SSL-based remote access VPN. CSA QoS markings on application traffic can be used by Cisco ASA and PIX devices to customize inspection policies on an individual traffic flow basis.

Those same CSA QoS markings can be used in a NAC Appliance, NAC Framework deployment to improve the delivery of mission-critical traffic when the network is under heavy load (Trusted QoS).

Cisco Employee

Re: ASK THE EXPERT - SECURING CUSTOMER DATA FROM THE INSIDE THRE

Thomas, securing endpoints is always a worthwhile discussion in addition to the things we do to secure the network. Christina's answer highlights how we are able to do some unique things whereby the endpoint protection can 'share' information with the network so that we can take more creative, security/productivity enhancing actions.

I have historically divided my thoughts on how to secure an endpoint based first on whether I controlled the endpoint or not. I think CSA is ideal for securing endpoints that I own and thus can centrally manage. There is a ton of things I can do in this situation including the more advanced stuff that Christina mentions...this highlights how CSA starts to 'play' with the rest of the system (Self-Defending Network).

When it comes to the fact that we need to allow un-managed endpoints on the network as well...we need a way to manage/control that situation too...NAC or Network Admission Control plays the most visible role here...this way, we can use the network to specify and control exactly what minimum requirements we need to have met prior to allowing an endpoint on the network. What is cool about this too however with CSA is that CSA can certainly be one of those minimum requirements...you can dictate that the network not allow a PC to access the network if your policy has indicated that this PC belongs to a 'role' that requires CSA be activated.

The places where we can tie information from a formerly distinct entity like the endpoint and then leverage that information to make better decisions..manually or automatically...is where things begin to get really interesting.

Silver

Re: ASK THE EXPERT - SECURING CUSTOMER DATA FROM THE INSIDE THRE

Do I need to tune CSA to block activity on my server to be able to get the benefit of CSA cooperation with IPS?

Thanks -

Cisco Employee

Re: ASK THE EXPERT - SECURING CUSTOMER DATA FROM THE INSIDE THRE

No, not really. The server protection provided by CSA is quite capable on its own. At this point, it is not feeding information to the IPS sensor and as such does not need to be tuned specifically for that.

Bronze

Re: ASK THE EXPERT - SECURING CUSTOMER DATA FROM THE INSIDE THRE

How does CSA fit in with the rest of Cisco?s Security portfolio?

Thanks

Frank

Cisco Employee

Re: ASK THE EXPERT - SECURING CUSTOMER DATA FROM THE INSIDE THRE

CSA provides endpoint security for desktops and servers offering protection for critical data and guarding against day zero malware.

Endpoints running CSA share security information with Cisco network security devices allowing more accurate real-time security enforcement. CSA provides endpoint security for Cisco VPN devices for IPSec and SSL-based remote access VPN. CSA QoS markings on application traffic can be used by Cisco ASA and PIX devices to customize inspection policies on an individual traffic flow basis.

Those same CSA QoS markings can be used in a NAC Appliance, NAC Framework deployment to improve the delivery of mission-critical traffic when the network is under heavy load (Trusted QoS).

Using CSA to collaborate with network security devices allows you to leverage critical information from your endpoints to make better security decisions.

33
Views
4
Helpful
9
Replies
CreatePlease login to create content