ciscoworks network compliance manager · ncm alert center – security alerts automatically...
Post on 08-Mar-2020
7 Views
Preview:
TRANSCRIPT
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 1© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 1
CiscoWorks NetworkCompliance Manager
Stuart Parham
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 2
Challenges faced by ITteams today
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 3
Network
Auditor
Manager
Director
Clients directlyconnect tonetwork devices
Lack of controlover the network
Data manuallycollected &reported
Costly,tedious andincomplete
Devicesconfiguredmanually one byone
Costly & errorprone manualchanges
Tools Manager
Network Architect
Network Manager
Security Engineers
Network Engineers
NOC Operators
IT Staff
Configuration, scriptsand OS images stored onvarious IT workstations
Lack of security &standardization
Challenged with manual, ad-hoc networkconfiguration
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 4
Tools Manager
Network Architect
Network Manager
Security Engineers
Network Engineers
NOC Operators
IT Staff
Automate complex networkmanagement tasks throughmulti-threaded event-drivenautomation engine
Control and standardizeacross infrastructure in acentral, secure location
Auditor
Manager
Director
NetworkManagement
Tools
Track all activity down to thevery operator keystrokes
Prevent errors & enforceprocess through centralizedpoint of control
Network
Fully automated network configurationand change management
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 5
Automated Configuration
NCM drastically reduces down-time causedby configuration errors
Manual Configuration
MTTR from configuration error:15 minutes
Outages & security incidents dueto manual mis-configurations: 20%
Average time to discover securityvulnerability: Less than 2 minutes
Provision new device: 20 minutes
Changes per hour: 5,000
Average amount of network incompliance: 100%
MTTR from configuration error:150 minutes
Outages & security incidents due tomanual mis-configurations: 80%
Average time to discover securityvulnerability: 2 weeks
Provision new device: 6 hours
Changes per hour: 20
Average amount of network incompliance: 3%
Source: 2005 EMA Survey and customer feedback
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 6
What is NCM?
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 7
CiscoWorks Network ComplianceManager (NCM)
A scalable, multi-vendor offering forcentralized network configurationand compliance management
Network Configuration and ChangeManagement (NCCM)
• real-time change detection• pre-deployment validation• policy enforcement
Audit and Compliance Analysis• set policy to track compliance• automated generation of compliancereports (SOX, VISA PCI, HIPAA, GLBA,ITIL, CobiT, COSO)
Advanced Workflows• model complex projects• define custom approval policies
Extensive Reporting• network status• compliance
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 8
Functional Overview
• Device provisioning
• Configuration
• Scripting
• OS image updates
Change &
Configuration
Management
• Network audits
• Best practices enforcement
• SOX, VISA CISP, HIPAA,
GLBA, ITIL, CobiT, COSO
Audit &
Compliance
Policy-Based or Ad Hoc
Inte
gra
tion
Co
nn
ecto
rs
Central Data
Repository
Member of
Federated CMDB
• Network compliance
• Deployed assets
• Change history
Reporting
CiscoWorks Network
Compliance Manager• Sequencing
• Scheduling
• Process model
• Change approvals
Workflows &
Approvals
Other Network
Management
Systems
Automated
Discovery &
Inventory Import
• Individual devices (e.g.,
from CiscoWorks DCR)
• Network topology
• Detailed asset inventory
• OS images
Cisco NMS
and 3rd party
applications
Network
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 9
CiscoWorks NCMHardware/Software Platform
Server platforms supported
Windows Server 2000
Windows Server 2003
Solaris 9
Solaris 10
Linux RedHat ES/AS 3UP2/4
SUSE Enterprise Linux 9
Database platforms supported
Oracle 9
Oracle 10g
MySQL
Microsoft SQL Server 2000
Microsoft SQL Server 2005
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 10
SecurityManagement
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 11
Security Management
Maintain comprehensive config change history archive forsecurity audits
Monitor and enforce compliance with security standards such asVisa CISP / PCI for credit card transactions
Create security compliance policies (regex pattern match onfirewall configs) and check if firewall configs are in compliancewith applied security policies
Provide role-based access control and lockdown to devices andtheir configurations
Provision configuration changes on firewall devices
Maintain an up to the keystroke level audit trail of changes madeon firewall devices
Maintain a history of changes made to ACLs
Easily deploy ACL changes
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 12
Security Device Support
Cisco PIX
Cisco Guard (Riverhead DDOS) blades
Cisco FWSM (this device driver is on the roadmap)
CheckPoint Firewall-1
Juniper Netscreen Firewalls
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 13
What is Alert Center ?
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 14
NCM Alert Center
Security Alerts– vendor security alerts translatedinto NCM software policies
Shared Product Extensions – leverage scripts,packages and policies
Functionality Updates – new capabilitiesavailable outside the release cycle
What is it?
New, optional subscription service that provides NCM users with
ongoing updates of security alerts and automation packs
Benefits:
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 15
NCM Alert Center – Security Alerts
Automatically downloads and continuously updatesNetwork Vulnerability Alerts
Based on industry leading alert service
NCM translates alerts into Software CompliancePolicies
NCM server securely downloads new alerts (approx.~3-5 per week)
Users can review and activate desired policies in theirenvironment
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 16
VulnerabilityAwareness
OngoingCompliance
IdentificationandRemediation
VulnerabilityTranslation
Automated deliveryof vulnerability alerts
Immediatelyactionable policies
Automated alertson any regression
The right people get
alerted immediately
and everyone has a
consistent view of
the vulnerabilities
Vulnerability alerts
come pre-
translated and are
immediately
actionable
Customers can
easily choose
which alerts to
activate based on
pre-attached risk
levels
Immediately alerts
when existing devices
regress or new devices
with known
vulnerabilities are
added to the network
Security Alert Service
Rapididentification andremediation
Automatically
identifies all
vulnerable devices
and provides an ‘at-a-
glance’ dashboard
view
NCM will remediate
all vulnerable devices
concurrently
NCM Alert CenterAutomated, Reliable, and Rapid Remediation
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 17
Major Features andCustomer Benefits
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 18
CiscoWorks NCM Features & Benefits - 1
Key Features Benefits
EoX (End of Sale, Endof Life) Reports
Helps keep your network up to date with the latesthardware and to help maximize your availability anduptime
Real-time ChangeDetection
Integrated Telnet/SSH proxy can detect changes to akey stroke level.
Fool proof change detection via Syslog, regular polling,tailing AAA logs.
Open architecture
APIs available to integrate with third party applications.
Extensive scripting support for multiple scriptinglanguages.
Ability to send SNMP traps, Syslog messages and opentrouble tickets and integrate with existing workflows.
Powerful reportingHighly granular Boolean-based search and reportcapabilities on broad range of attributes and historicaldata.
Auto RemediationEvent based architecture allows non compliance issuesto be fixed automatically.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 19
CiscoWorks NCM Features & Benefits - 2
Key Features Benefits
Enhanced Software ImageManagement
Provides image recommendation, verification with reliable andschedulable image management on the device
Integration withCiscoWorks applications
Easy cross launch of CiscoWorks NCM and CiscoWorks LMS
Consistent network database via Device Credential Repository(DCR)
Combination of network configuration, change, compliance,Cisco IOS/CatOS image management
Security managementRole-based access control and lock down
Centralized ACL management
Advanced workflow andapprovals
Close the change loop with real-time process enforcement
Multivendor support
Thousands of device models/versions supported out of the boxacross Cisco and 35 other vendors
Object-oriented driver architecture enables rapid driverdevelopment
Frequent driver releases
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 20
Additional Feature LevelDetails
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 21
Configuration and Change Management
Centralized software andconfiguration deployment
Real-time changedetection
Visual configurationscomparisons
Configuration templates
Pre-deployment validationof changes and pro-activepolicy enforcement
Secure device access
Historical configurationarchive
Maximized Uptime During Change Management
Visual DifferenceComparisons
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 22
Audit and Compliance Management
ComprehensiveCompliance Center
Set policies to track compliance
Enforce policies in real-time
Visual device comparisons
Non-compliance notificationand auto-remediation
Automatic generation ofregulatory and corporatecompliance reports
SOX, PCI, HIPAA, GLBA,ITIL, CobiT, COSO
Automated Audits and Compliance Reporting
Full ComplianceCenter
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 23
Prioritized Triage of Compliance Violations
The Problem
Compliance violations arenot all created equal
No way to filter and triagehundreds or thousands ofcompliance violationsbesides manual review
Each violation has a riskrating
Automated triage based onrisk ratings, such as:
Auto-remediate
Open new trouble ticket
Send email/page
Email daily summary
PrioritizeCompliance Rules
Pushing the Most Critical Violations to the Forefront
PrioritizedCompliance Rules
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 24
Reporting
Report on device inventory
By group, vendor, user
Change reporting
Who changed what,why & when
Compliance reporting
Regulatory compliance
Corporate compliance
NSA Router best practices
Network status reports
Policy compliance at-a-glance
Identify and address risk factors
NetworkStatus
Reports
Pre-defined and Custom Reports
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 25
Close The Change Loop withReal-Time Process Enforcement
Advanced Workflow and Approvals
Model complex projects
Combine automated and manualactivities
Define custom approval policies
Require approval based on user,activity and/or device affected
Require approvals for manual orautomated activities
Grant permission for approvaloverrides
Integrate with external workflowand process systems
Daily activity calendar
Conflict alerts
Flexible reporting and notification
Change reporting dashboard
Email /other notifications
Change ApprovalRules
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 26
Why buy CiscoWorksNCM from Cisco Today ?
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 27
NCM Cisco Differentiation
NCM 1.3 - Current selling version
– EoX scheduled reporting using Cisco internal backendinformation and automated notification. Provides details at
• Module level
• Device level
– Enhanced Software Image Management
– Integration with CW Homepage, Device Center and CiscoView
– Automated device inventory sync with CW DCR
– Automated config updates from NCM to CAS
– Automated events from NCM to CAS
– Phase 1 Cisco Network Collector integration to reduce pollingwhen using Cisco Adv Services offerings
– NCM Alert Center will provide additional Cisco value-add thrulinks and reporting to Cisco backend databases
Priority new Cisco platform driver support
Cisco brand – TAC support
In NCM Only
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 28
For More Information
Product Web Portal:
– http://www.cisco.com/go/cwncm
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential13284_01_2007_c1 29
top related