《采用思科 Meraki 的安全、敏捷的 SD 分支机构.pdf》由会员分享,可在线阅读,更多相关《采用思科 Meraki 的安全、敏捷的 SD 分支机构.pdf(100页珍藏版)》请在三个皮匠报告上搜索。
1、#CiscoLive#CiscoLiveChad Yates,Technical Solutions ArchitectMoe Ali,Product ManagerBRKSEC-2449With Cisco MerakiA Secure,Agile SD-Branch 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App Questions?Use Cisco Webex App to chat with
2、the speaker after the sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until June 9,2023.12343https:/ 2023 Cisco and/or its
3、 affiliates.All rights reserved.Cisco PublicBRKSEC-24493 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEngage with us.Become a Cisco Meraki Insider.4BRKSEC-2449CompleteCompletechallengesReceiveReceiverewardsJoinJointhe community 2023 Cisco and/or its affiliates.All right
4、s reserved.Cisco PublicMuhammad AliJOURNEY TO THE Meraki WORLDMeraki MX Software PMTorontoFormer SWE in IAM&CybersecurityHuge foodie,amateur cookBRKSEC-24495 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicChad YatesJOURNEY TO THE Meraki WORLDMeraki Technical Solutions ArchitectHusb
5、and/Father/CoachChicagoHockey LifeBRKSEC-24496 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePervasiveSecurityBRKSEC-24497 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMSPEnterprise CustomerSOCBRKSEC-24498 2023 Cisco and/or its affiliates.Al
6、l rights reserved.Cisco Public#CiscoLivePlatform Names and AbbreviationsDashboard:cloud-management tool of the Cisco Meraki platform MX:Security and SD-WAN applianceFull stack:Cisco Meraki platform consisting at a minimum of MR,MS,MX,MG.Talos:industry-leading cybersecurity threat intelligenceAMP:Adv
7、anced Malware ProtectionSnort:network intrusion prevention systemBRKSEC-24499 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMX:Our Primary Focus TodayMX BRKSEC-244910 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKSEC-244911MX SECURITY&SD-W
8、AN PORTFOLIOA Model For Every LocationMX67/68MX67C/68CWMX75Up to 50 users600 Mbps FW throughputWi-Fi&PoEUp to 50 users600 Mbps FW throughputWi-Fi&PoECAT 6 LTE modemUp to 200 users1 Gbps FW throughputWAN PoEVPN THROUGHPUTSmall200 MbpsMedium500 MbpsLarge1 GbpsMX85MX95MX105Up to 250 users1 Gbps FW thro
9、ughputUp to 500 users2 Gbps FW throughputUp to 750 users3 Gbps FW throughputMX250MX450Up to 2,000 users4 Gbps FW throughputUp to 10,000 users6 Gbps FW throughputSMALL BRANCHMEDIUM TO LARGE BRANCHCAMPUS OR CONCENTRATORVIRTUALAgenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicExpe
10、riential HistorySAFEManagementThreat Defense VisibilitySecure EdgeRetrospectionBRKSEC-244912 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIT SecurityManualComplexityBad User Experience(UX)Difficult Forensic VisibilityHistorical ProblemBRKSEC-244913 2023 Cisco and/or its
11、 affiliates.All rights reserved.Cisco Public#CiscoLive42%of IT decision makers indicate a level of cybersecurity fatigue1Contributors:Too many toolsData not standardized across the industryLots of manual review,research,and action.1Cisco Cybersecurity Report Series 2020BRKSEC-244914 2023 Cisco and/o
12、r its affiliates.All rights reserved.Cisco Public#CiscoLive75%of employees find it difficult to access the information they need1Contributors to this:PC Slowness(too many security/monitoring tools)No clear message of what is going on.Clunky workflows1Forrester Study on Accelerating Digital Transform
13、ationBRKSEC-244915SAFE 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThe SAFE ArchitectureBRKSEC-244917 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicWhat is SAFE?A SecuritySecurity-CentricCentricmethodology and model for an effective Security Architec
14、ture.Focuses on addressing RisksRisksand ThreatsThreats by identifying required capabilities through gap analysis and aligning business priorities business priorities to IT initiatives.BRKSEC-244918 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveExample Capabilities Flows
15、ShareholderCEOSecure email communicationsFirewallIntrusionPreventionTaggingAnti-MalwareThreat IntelligenceFlowAnalyticsClient-BasedSecurityIdentityPosture AssessmentApplication Visibility ControlEmail SecurityServer-BasedSecurityRemote TechnicianThermostatIoT CommunicationsFirewallIntrusionPreventio
16、nTaggingAnti-MalwareThreat IntelligenceFlowAnalyticsClient-BasedSecurityIdentityPosture AssessmentIdentityDNSSecurityVirtualPrivate NetworkApplicationGuestGuest Internet accessDNSSecurityWirelessRogue DetectionWirelessIntrusion PreventionFirewallIntrusionPreventionTaggingAnti-MalwareThreat Intellige
17、nceFlowAnalyticsBRKSEC-244919 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSecure Web Access Example FlowEmployeeApplicationAnti-VirusPersonalFirewallDNSSecurityFirewallAccess Control Using TrustSecThreat IntelligenceNetworkAnti-MalwareGeoFilteringSSLDecryptionDNS Secur
18、ityIntrusion PreventionSIEMPostureAssessmentAnti-MalwareCloud Access Security BrokerApplication Visibility Control(AVC)Identity LoggingReportingWeb SecurityENDPOINTData Loss Prevention(DLP)Flow AnalyticsBRKSEC-244920 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBreakout
19、s Focus AreasBRKSEC-244921Management 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhy Management?BRKSEC-244923 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBuilt-in solutionsMERAKI DASHBOARDAPITailored solutionsCUSTOM BUILT PARTNERSapps.mer
20、aki.ioThe Cisco Meraki Platform:A foundation for agilityagility at scaleBRKSEC-244924 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive650K+Customers99.99%Cloud SLAExternal API monthly callsDaily end-userdevicesDaily splashpages served4.3M+Customernetworks13.2M+Meraki devic
21、es online190+Countriesin network8.9B+346M+250M+First and only IPv6 ready cloud-managed platformIPv6Trusted to Simplify Experiences EverywhereBRKSEC-24492525B+Flows secured per week on MX and Z devices4T+Security threats blocked per month 2023 Cisco and/or its affiliates.All rights reserved.Cisco Pub
22、lic#CiscoLiveThe Ultimate Management PlatformPolicy Control AuditUpdatesBRKSEC-244926 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThe Ultimate Management PlatformPolicy ControlCentralized managementTemplatesOrg scope objectsCentral orchestrationBRKSEC-244927 2023 Cisco
23、 and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThe Ultimate Management PlatformAuditBRKSEC-2449Firmware Release notes directly in the platformExport tools for audit controlChange log28 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThe Ultimate Managemen
24、t PlatformUpgrades&UpdatesIn In-place updatesplace updatesNBARBRKSEC-244929 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveA SoftwareA Software-Defined StateDefined StateBRKSEC-244930Threat Defense 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiv
25、eSecurity Unified Threat Management Next-Gen Firewall Capabilities IDS/IPSContent Filtering&Threat Category Filtering Advanced Malware Protection(AMP)Cisco Secure Malware Analytics(Threat Grid)DNS Layer Protection(Cisco Umbrella)BRKSEC-244932 2023 Cisco and/or its affiliates.All rights reserved.Cisc
26、o Public#CiscoLiveInformed by World-Renowned Cisco Talos Threat IntelligenceTalos Threat IntelligenceBRKSEC-244933625B web requests per day200+vulnerabilities discovered per year1.4M+new malware samples per day30B endpoint events per dayLeadingThreat IntelligenceGlobal Threat Hunting Team43 language
27、s60+government and law enforcement partnerships 30K critical infrastructure endpoints monitored in UkraineFounded in Fightingthe Good fight1.7M networks protected50M mailboxes protected87M endpoints protectedRaising the Barfor Defensive TechnologyPowered by Industry Leading Threat 2023 Cisco and/or
28、its affiliates.All rights reserved.Cisco Public#CiscoLiveAMP-Powered Protection Security&SD-WAN Threat protectionSoftware-definedEvolved protection modelAutomationAnalysis and blocking based on dispositionScaleOne subscription to rule them allBRKSEC-244934 2023 Cisco and/or its affiliates.All rights
29、 reserved.Cisco Public#CiscoLiveSecure Malware AnalyticsService available to ALLALL MX networks in the organizationOrganization SettingsBRKSEC-244935 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAMP-Powered Protection FlowLANWANRetrospectivedispositionFile download requ
30、estFile download5201c5c551063912a55f794e9b26352fAMPFile dispositionclean|malicious|unknownMalicious-ALERTURL/SHA256 in allow list?-ALLOW Not in allow list-Send hash to AMPcloudMalicious-DENYClean or Unknown-ALLOWBRKSEC-244936 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiv
31、eAMPAMP-Powered Protection FlowLANWANFile download requestFile download5201c5c551063912a55f794e9b26352fFile dispositionclean|malicious|unknownURL/SHA256 in allow list?-ALLOW Not in allow list Send hash to AMPcloudMalicious-DENYClean-ALLOWThreat scoreMalicious-DENYClean-ALLOW72Threatscore15Behavioral
32、indicatorsunknownThreat GridBRKSEC-244937 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSnort-Powered IDS/IPSSecurity&SD-WAN Threat protectionUltimate protection on the fly withoutwithout needing to upgrade firmware or rebootsBRKSEC-244938An industry lead:An industry lea
33、d:2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSnort-Powered IDS/IPSRelevant,real-time traffic analysisLANWANURL requestURL responseSnortRuleset:Connectivity(CVSS=10)Balanced(CVSS=9,10)-default Security(CVSS=8,9,10)CVSS 8|9|10-DENYCVSS less than 8|9|10-ALLOWRule ID in a
34、llow list?-ALLOW Not in allow list-Snort serviceBRKSEC-244939 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveExample:Log4j Visibility and DefenseAny ruleset works!Automatically updated!BRKSEC-244940 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLi
35、veExample:Log4j Visibility and ProtectionOrganization SettingsBRKSEC-244941 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKSEC-2449Performing deep packet inspection on this traffic adds little value but impacts performance Trusted Traffic Exclusions Exclude user-define
36、d IPs/subnets or NBAR IDs to improve performance Problem SolutionMore than 50%of internet traffic is made up of trusted SaaS applications 42 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTrusted Traffic Exclusions BRKSEC-2449NEW12345L3 Firewall L7 Firewall Content Filter
37、ingIDS/IPSAMP Default Trusted Traffic Exclusions 43 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveScale Through a DNS VectorLeverage the plumbing of the Internet through DNS to provide a layer of securityEnd UserMeraki MX or MRCisco UmbrellaInternetBRKSEC-244944 2023 Cis
38、co and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDNS Threat ProtectionSecurity&SD-WAN Threat protectionDNSBringing order to the chaos of the Internet through software-defined adaptionBRKSEC-244945 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKSEC-244
39、9Tag based identity and policy enforcement Use Security Group Tags(SGTs)to identify source and destinationSingle org wide policy based on intent,not IPProvides micro-segmentation within VLANsFlexible tag assignmentAPI supportSRC|DSTEmployeeIoTIoT ServerEmployeeIoTIoT ServerIntroducing Introducing Ad
40、aptive PoliciesAdaptive Policies46 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAvailable in MX18.1.6+Includes SGT transport on LAN and AutoVPNISE integration BRKSEC-244947Introducing Introducing Adaptive PoliciesAdaptive Policies 2023 Cisco and/or its affiliates.All ri
41、ghts reserved.Cisco Public#CiscoLiveBRKSEC-244948 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveContent FilteringLANWANURL request1.URL in allow list?-ALLOW2.URL in deny list?-BLOCKa.Top list:URL in local database?-BLOCKURL NOT in local database?-ALLOWb.Full list:URL in
42、local database?-BLOCKURL NOT in local database?-Send to cloud lookup3.Add to MX local databaseIn blocked category-BLOCKNOT in blocked category-ALLOWIf HTTP:redirected tocustom block pageIf HTTPS:website timesoutMX17Software-defined modernization of a mature technologyBRKSEC-244949 2023 Cisco and/or
43、its affiliates.All rights reserved.Cisco Public#CiscoLiveUpgrade Your Content Filtering ExperienceSecurity&SD-WAN Content filteringMX17+BRKSEC-244950 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKSEC-244951 2023 Cisco and/or its affiliates.All rights reserved.Cisco Pu
44、blic#CiscoLiveDemo TakeawayOne consistent Cisco content filtering policy across platformsMXSecure Web(WSA)UmbrellaSecure Firewall(FTD)BRKSEC-244952 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhat about encrypted traffic?BRKSEC-244953 2023 Cisco and/or its affiliates.A
45、ll rights reserved.Cisco Public#CiscoLiveInternet Security Research Group(ISRG)2021 report“encrypted page loads have gone from under 40%to 92%in the U.S.and 83%globally.”BRKSEC-244954 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePersonal Encryption Example 1Secure Cloud
46、 AnalyticsDECDEC 2021 SnapshotBRKSEC-244955 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePersonal Encryption Example 2Secure Cloud AnalyticsApril 2023April 2023 SnapshotBRKSEC-244956 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveHTTPS Inspec
47、tion Peak Into the UnknownBRKSEC-244957 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAgile DecryptionNBAR power:Accurate detection and visibility are keySM agility:improves user experience for all parties(i.e.,end user,admin)Cisco cloud platforms:Use appropriate tools(e
48、.g.,Umbrella DLP,Umbrella SIG)BRKSEC-244958Visibility 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIn DashboardVisibility Place CategoriesOutside of DashboardTech PartnersIntegrationsBRKSEC-244960 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLi
49、veWiWi-Fi FiSwitchSwitchSecurity&SDSecurity&SD-WANWANWANWANClientClientApplicationsApplicationsUnique end-to-end platform visibilityLeveraging NBAR2BRKSEC-244961 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveClassic Visibility EnhancedTraffic AnalyticsNBAR2750%increase i
50、n application visibilityBRKSEC-244962 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSecurity CenterFinding the needle in the haystack!Organization Security centerBRKSEC-244963 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSecurity Center Pro
51、TipSeeing the Seeing the unseenunseenOrganization Security centerBRKSEC-244964 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNetwork Detection&ResponseAdvanced Threat Analytics via NetflowBRKSEC-2449Netflow collector Anomaly/behavioral analysisSecureCloud AnalyticsNetwor
52、k-wide General65 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSecurity telemetryFlowsURLs visibilityL3/L7 FirewallIDSKIAH_MX67 security_event ids_alerted signature=1:45237:2 priority=1 timestamp=1650830600.311111 dhost=10:DD:B1:C7:FC:20 direction=ingress protocol=tcp/ip
53、 src=193.124.7.9:53892 dst=10.11.11.125:8000 decision=blocked message:SERVER-WEBAPP Axis Communications IP camera SSI command injection attemptSend to favorite SIEMNetwork-wide GeneralBRKSEC-244966Network Detection&ResponseSIEM-Based Visibility 2023 Cisco and/or its affiliates.All rights reserved.Ci
54、sco Public#CiscoLive and more and moreBRKSEC-244967Network Detection&ResponseMeraki SIEM IntegrationsAdd-On for Cisco MerakiMeraki Connector for SentinelMeraki IntegrationMeraki Platform IntegrationFor more information on Meraki third-party integrations,please visit BRKMER-2006 2023 Cisco and/or its
55、 affiliates.All rights reserved.Cisco Public#CiscoLiveBuilt-in Dashboard Firewall VisibilityLive Troubleshooting&Testing for FW Rules and DecisionsOn-demand visibility into L3/L7,group policies,site-to-site VPN,cellular failover!BRKSEC-244968Security&SD-WAN Appliance Status-Tools 2023 Cisco and/or i
56、ts affiliates.All rights reserved.Cisco Public#CiscoLiveWeb App HealthAt-a-glance performance of critical applications across LAN,WAN,and application serverwherever it is.WAN HealthMonitor ALL of your diverse uplinks,including cellular,and home-user uplinks,in one view.At-a-glance health monitoringC
57、ritical apps&WAN uplinksBRKSEC-244969 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive Monitor performance of critical Web Apps critical Web Apps Data trends Data trends(LAN,WAN or Server)Smart ThresholdsSmart Thresholds:ML-based algorithm to baseline expected performanceB
58、RKSEC-244970 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAt-a-glance NOC viewNOC viewMonitor performance of uplinks(active and failover)Provide granular&historical data for monitoring&monitoring&troubleshootingtroubleshootingBRKSEC-244971Better Together Unified Experie
59、nce 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive73Fast Scalable Continuous SaaS App MonitoringLearn more about ThousandEyes with Meraki,at BRKMER-2007BRKSEC-2449 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSaaS Application VisibilityBRKSE
60、C-244974 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTrack whether your network is part of a larger outageoutageBRKSEC-244975 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive1.Identify1.Identify2.Analyze2.Analyze3.Correct3.CorrectVisibility o
61、n your Meraki SD-Branchwith ThousandEyes in DashboardBRKSEC-244976For more information on ThousandEyes with Meraki,please visit BRKMER-2007Secure Edge 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFocus Areas RevisitedBRKSEC-244978 2023 Cisco and/or its affiliates.All ri
62、ghts reserved.Cisco Public#CiscoLiveCisco+Secure Connect OverviewSecure Internet AccessProvide safe access to the internet and cloud applications from any location and block malicious activity and threatsSecure Private AccessDefine policy to control branch workers access to private apps behind data
63、center,private or public cloud,or branches.Secure Remote AccessConnect remote IdP workers to cloud fabric for secure internet access.Enable unmanaged devices to access private apps in browser.CampusCampusRemote workersRemote workersBranch officeBranch officeOne experienceOne experiencePrivate cloudP
64、ublic cloudInternetSaaSCisco+Secure ConnectSecure Remote WorkerSecure EdgeBRKSEC-244979Site InterconnectInterconnect sites,branch users,and apps with integration of Meraki Secure SD-WAN,IPSec VPN support and direct SaaS/IaaS Peering.2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#C
65、iscoLiveMeraki SDWANCisco SDWANor IPSecCustomer SiteManaged(Client)EndpointInternetSaaSPublic CloudData CenterZTNA ProxySWGCASBUnmanagedEndpointService EdgeCisco+Secure ConnectCisco+Secure ConnectInterconnectService EdgeDNS Layer SecurityPrivate Application trafficWeb Internet trafficNon-web Interne
66、t trafficNATCDFWMeraki SDWANCisco SDWANor IPSecUnlocking the Power of Unified SASEInterconnect EverythingSecurity EverywhereMixedPrivateInternetBRKSEC-244980 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMeraki SDWANCisco SDWANor IPSecCustomer SiteManaged(Client)Endpoint
67、InternetSaaSPublic CloudData CenterZTNA ProxySWGCASBUnmanagedEndpointService EdgeCisco+Secure ConnectCisco+Secure ConnectInterconnectService EdgeDNS Layer SecurityMixedPrivateInternetPrivate Application trafficCDFWMeraki SDWANCisco SDWANor IPSecSecure Branch TrafficSite InterconnectSite Interconnect
68、Secure Internet AccessSecure Internet AccessWeb Internet trafficNon-web Internet trafficNATCustomer SiteSecure Private AccessSecure Private AccessBRKSEC-2449BRKSEC-244981 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDynamic scaling performance and capacity up to 500Mbps
69、 per branchSimplifying admin experience,reducing manual deployments and load balancingStandardizing traffic acquisition for Meraki and Cisco SD-WAN to the cloud fabricSecure SD-WAN Traffic AcquisitionIncreased performance and scalability with enhanced Headend Acquire traffic Acquire traffic into the
70、 Cisco Secure into the Cisco Secure Connect FabricConnect FabricService edgeService edgeCloud Traffic AcquisitionAcquire informationAcquire informationfrom the edgefrom the edgeCustomer edgeCustomer edgeSDWAN Branch NetworkSDWAN Branch NetworkUsers and DevicesStreamlined regional deployments,reducin
71、g the number of configuration templates.BRKSEC-244982 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePolicy ImportPolicy Import is a tool that allows administrator to import existing Meraki firewall policies into Secure Connect.Reduce to cloud transition time by bulk impo
72、rt of rulesStreamline remote access to internet rules by removing duplicated rulesFind unused rules prior to make informed import decisionsBRKSEC-244983BRKSEC-2449 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKSEC-244984Configuring Secure Connect in Meraki Dashboard 2
73、023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTransition ToMeraki MX+Umbrella SIG SD-WAN connectivity using Meraki Auto VPN-Limited BW capability-Disaggregated User experience-Disaggregated SupportTransition to Transition to C+SC FoundationC+SC FoundationAvailable NowCisc
74、o+Secure Connect integration Cisco+Secure Connect integration with Meraki MX and Umbrella using with Meraki MX and Umbrella using Meraki Auto VPNMeraki Auto VPN-Enhance BW with unified dashboard-Unified support-Simplified user experience-Secure Branch to BranchThe SASE Foundation journeyStarted with
75、Meraki MX+Umbrella SIG IPsec tunnel connectivityFuture proof to TransitionFuture proof to TransitionIPSECMeraki Umbrella SDWAN ConnectorCisco+Secure Connect FoundationFor a deeper dive on Secure Connect or SASE,please visit BRKSEC-2129BRKSEC-244985Retrospection 2023 Cisco and/or its affiliates.All r
76、ights reserved.Cisco Public#CiscoLiveThreat Rules Processing Order(I)BRKSEC-2449Auto VPNIDS/IPSLANAMPBetween sites Over Auto VPNLANAutoVPNTraffic shapingIDS/IPSVPN firewallContent filteringAMPGroup PolicyA SAFE,software-defined approach87 2023 Cisco and/or its affiliates.All rights reserved.Cisco Pu
77、blic#CiscoLiveThreat Rules Processing Order(II)BRKSEC-2449IDS/IPSL3 FirewallGroup PolicyTraffic ShapingL7 FirewallVLAN BVLAN ABetween VLANsA SAFE,software-defined approach88 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThreat Rules Processing Order(III)BRKSEC-2449LANInt
78、ernetTo the InternetGroup PolicyIDS/IPSL7 FirewallContent filteringAMPL3 FirewallTraffic shapingA SAFE,software-defined approach89 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThreat Intelligence|Malware Analytics|Actionable Intelligence|Unmatched Visibility|Collective
79、ResponsesUser/Device SecurityAdaptive MFA|Passwordless|TrustSASE/REMOTE WORKERZERO TRUST WORKFORCE Secure E-mailDuo Secure AccessUnified Client|EDR|Cloud ManagedPostureTelemetryThreatQueryVPNCisco Secure ClientThousandEyes(Visibility)Network SecurityThreat Protection|Secure Access Control|Managed Re
80、mote AccessCloud EdgeDNS-layersecurityL7 firewall+IPSSecure webgatewayCloud accesssecurity broker/shadow ITSSL decryptionRemote browserIsolationDatalosspreventionCloud malware detectionRAaaSZTNAUmbrella/DuoSECURE ACCESS SERVICE EDGE(SASE)PRIVATE CLOUD EDGE(MSP or CUSTOMER)On-PremisesReliable|Scalabl
81、e|FlexibleThousandEyesSecure FirewallSDWANby ViptelaSDWANSDWANIoT/OT SECURITYSecure Critical Infrastructure|Unified IT and OT CyberVisionISETrustSecIndustrial RouterIndustrial FirewallIndustrial Switch/APNetworkEdgeScalable|Flexible|Visibility|Comprehensive Security ThousandEyesSecureFirewallSDWANby
82、 ViptelaSDWANSASE/SDWANSegmentation|Identity and Context|Profiling|Containment|Encrypted VisibilitySecure FirewallDuoCloudSSO+IDPSecure WebApplianceSecure Network AnalyticsISECisco DNA CenterTrustSecSecurity Analytics and LoggingFull StackSecureDDoSNetworkGatewayZERO TRUST WORKPLACE (XDR)Threat Visi
83、bility&HuntingManaged Detection and Response Services3rd Party IntegrationsSecurity,Orchestration,Automation and Response Incident Response and Remediation ServicesSecure Cloud InsightsKenna Vuln MgmtDevice InsightsSecurity OperationsApplication SecurityZERO TRUST WORKLOADHybrid PrivateSecure Firewa
84、llThousandEyesApp Visibility|Detection|ResponseSecure Cloud AnalyticsPublic Cloud*Policy|API Security Application SegmentationRun-time Application Security Application Security StackCloud Native SecuritySecure WorkloadSecure Applicationby AppDynamicsAPICSystems ManagerSecurity Reference Architecture
85、BRKSEC-244990 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco Secure EndpointCisco UmbrellaMXMXSplunkCiscoUmbrellaCisco Cloud AnalyticsCisco Identity Services EngineMXSplunkCisco CloudLockCisco UmbrellaSystem OSSecure Web Access-Cisco RecommendationEmployeeApplicatio
86、nAnti-VirusPersonalFirewallDNSSecurityFirewallAccess Control Using TrustSecThreat IntelligenceNetworkAnti-MalwareGeoFilteringSSLDecryptionDNS SecurityIntrusion PreventionSIEMPostureAssessmentAnti-MalwareCloud Access Security BrokerApplication Visibility Control(AVC)Identity LoggingReportingENDPOINTD
87、ata Loss Prevention(DLP)Flow AnalyticsCisco SolutionNon-Cisco SM DeliveryBRKSEC-244991 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTime savings thanks to:Automatic analysis,remediation,and communication among platforms Seamless stitching/sharing/updating of dataAgile A
88、gile ResponseResponseBRKSEC-244992 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveChanging the EquationSecurity ComplexityScalable and software-defined automation creates a SAFE environment for business transformationBRKSEC-244993 2023 Cisco and/or its affiliates.All righ
89、ts reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fill out a minimum of four session surveys and the overall event survey will get Cisco Live-branded socks(while supplies last)!These points help you get on the leaderboard and increase your chances of winning daily and gra
90、nd prizesAttendees will also earn 100 points in the Cisco Live Challenge for every survey completed.BRKSEC-244994 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEngage with us.Become a Cisco Meraki Insider.95BRKSEC-2449CompleteCompletechallengesReceiveReceiverewardsJoinJo
91、inthe community 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-Demand Library for
92、 more sessions at www.CiscoL you#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive99Gamify your Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:123499 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKSEC-2449#CiscoLive