Embed Size (px)
Citation preview
ACCELERATING DATA CENTER APPLICATION DEPLOYMENTS WITH CISCO ACI AND ALGOSEC
Juan Lage, Principal Engineer at Cisco
Anner Kushnir, VP Technology at AlgoSec
AGENDA
• AlgoSec overview
• Cisco ACI overview
• AlgoSec & Cisco ACI - integrated solution
• Solution demo
• Summary
• Q&A
Founded 2004
1500+ Enterprise Customers
Serving 20 of the Fortune 50
24/7 Support via 3 Global Centers
Passionate about Customer Satisfaction
3
ALGOSEC OVERVIEW
4 | Confidential
Security Management Automation
Single Pane of Glass
Business Driven Security
Provide Business Application context to
Security and Risk
Provide uniform visibility across the entire network security infrastructure –
on premise, private cloud & SDN, and in public cloud
Intelligently enhance and automate time-consuming
security processes and activities with business
context
Manage Security at the Speed of Business
KEY BUSINESS CHALLENGES THAT ALGOSEC ADDRESSES
Automating security change
management
Tying cyber threats to business
processes
Single pane of glass for network
security policy management
Securing business transformation to
the cloud
Ensuring continuous compliance
Effectively managing
application connectivity
Reducing risk from misconfigurations
Avoiding application
outages due to connectivity issues
Business-Driven
SECURITY
Business-Driven
AGILITY
THE ALGOSEC SECURITY POLICY MANAGEMENT SUITE
CISCO ACI - OVERVIEW
* Cisco Global IT Impact Survey
APPLICATIONS ARE CHANGING
Type ConsumptionDelivery
78% The network is even more critical to delivering applications than a year ago*
Big Data, Distributed
Apps, Mobile
Cloud–public, Private, Hybrid
Anywhere, Anytime, Any
Device
THE NETWORK IS THE BEST PLACE TO PUT POLICY
Because it touches everything, the network never lies
POLICY
DATA CENTER
Public Cloud
APPAPP APP
Edge
Cisco® ACI Fabric
App DBWeb
QoS
Filter
Filter
Service
QoS
FilterOutside
Cisco Application
Policy Infrastructure
Controller (APIC)
CISCO ACI – MULTI-TENANT INTENT DRIVEN NETWORKING
6
Security Everywhere9
Analytics Everywhere10
8 Policy Everywhere
POLICY-DRIVEN INTEGRATED INFRASTRUCTURE ANSWERS CUSTOMERS’ REQUEST
1
Modernize Infrastructure:
Open and Programmable
Network / L4-7
Compute
Storage
Security
Data Center
5
Move Data and
Workloads Securely
6
Self-Service Portal
(IT as a Service)
7
Extend Policy
Model
2
Automate
and Simplify
POLICY
3
Build Your
Hybrid Cloud
Private Cloud Stack
Integrated Infrastructure
4
Choose any
Other Cloud
Managed
Public
Private
ACI, CLOUDCENTER AND TETRATIONAUTOMATE APPLICATION POLICY
App Level Policy Enforcement / Visibility
Self-documenting Network
Real-time Change Notification
Real Time
DataNetwork
Policy
App Policy
Tetration
8
CUSTOMER ACCEPTANCE CONTINUES
17,100+ 652,700+Nexus 9K and Nexus 3K
Customers GloballyEcosystemPartners
ACI Customers
NEW ECOSYSTEM
CISCO ACI SECURITYAUTOMATED SECURITY WITH BUILT-IN MULTI-TENANCY
Distributed stateless firewall
Line-rate security enforcement
Open: Integrate any security device
PCI and FIPS (new)
Embedded Security
• Whitelist firewall policy model• Authenticated northbound API (X.509)• Encrypted management plane (TLS 1.2)
Microsegmentation
• vDS, Hyper-V, and bare-metal workloads• Intra-EPG isolation• Attribute-based isolation and quarantine
Security Automation
• Dynamic service insertion and chaining• Security policy follows workloads• Centralized security provisioning and visibility
Cisco ACI™ Services Graph
11
• Application-centric policy management
• Automation and agile application delivery
• Built for enterprise customers
• Full support for Cisco firewalls and routers
• Integrated with Cisco CloudCenter (CliQr)
• Full support for all leading security vendors
ALGOSEC AND CISCO ACI – BETTER TOGETHER
Data Center
ACI
SOLUTION ARCHITECTURE
Visibility & Compliance Automatic Provisioning Business Applications
Data Center FWs (L4-L7 services)Perimeter & Upstream FWs
ALGOSEC & CISCO ACI - KEY VALUE POINTS
• Security policy visibility across the entire networkWithin Data Center - Cisco ACI and underlying firewallsPerimeter and upstream firewallsCloud security groups
• Monitor and proactively identify security policy changesTrack changes in application profiles, contracts, EPGs, filtersVerify no out of band changes in underlying firewalls
• TroubleshootingEnd-to-end connectivity
• Full multi-tenant support
End-to-End Visibility
ALGOSEC & CISCO ACI - KEY VALUE POINTSAutomation & Business Agility
• AlgoSec extends Cisco ACI policy-based automation across the entire network
Automated security policy change management for multi-vendor devices
• Avoid misconfigurations and outages
• End-to-end automationSecurity is no longer the bottleneck for agile application delivery
• Continuous compliance and documentation is retained
ALGOSEC & CISCO ACI - KEY VALUE POINTS
• Risk and compliance analysis for Cisco ACI contracts alongside firewall security policies
• Significantly simplify and reduce audit preparation efforts and costs
Supports all the industry regulatory standards
• Automated workflow’s “what-if” risk check assures continuous compliance
• Full audit trail for all policy changes
Security & Compliance
SOLUTION DEMO
USE CASE 1END-TO-END VISIBILITY
USE CASE 2SECURITY POLICY CHANGE AUTOMATION
USE CASE 3PREPARING FOR AUDITS
CISCO ACI APP CENTER:ALGOSEC CONNECTIVITY AND COMPLIANCE APP
CISCO ACI APP CENTER: ALGOSEC APP
Risk and Compliance• Visibility into ACI contracts risk and compliance posture
• Visibility into risk and compliance posture of the underlying firewalls in the ACI fabric
Network Connectivity• Automate security policy changes on underlying and upstream
firewalls
• Contract connectivity check
SUMMARY
SUMMARYACCELERATING DATA CENTER APPLICATION DEPLOYMENTS WITH CISCO ACI AND ALGOSEC
• Security policy visibility across the entire network, including Cisco ACI
• Automated security policy change management for multi-vendor devices across the entire estate
• Risk and compliance analysis for Cisco ACI contracts alongside firewall security policies
• Significantly simplify and reduce audit preparation efforts and costs - supports all the industry regulatory standards
DON’T FORGET!
If you would like more information or a personal demo, please email us at [email protected]
Make sure to visit us at Cisco Live in Berlin in a couple of weeks time!
MORE RESOURCES
48
