思科新SSE初探.pdf

《思科新SSE初探.pdf》由會員分享，可在線閱讀，更多相關《思科新SSE初探.pdf（59頁珍藏版）》請在三個皮匠報告上搜索。

1、#CiscoLive#CiscoLiveNeil Patel Engineering Product Managerneilnpate1BRKSEC 2285An SSE SolutionFirst Look at Cisco Secure AccessCisco Secure Access 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App 3Questions?Use Cisco Webex App t

2、o chat with the speaker after the sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until June 9,2023.12343https:/ 2023 Cisc

3、o and/or its affiliates.All rights reserved.Cisco PublicBRKSEC 2285Agenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicWhat is SSE?What problems can it solve?Cisco Secure AccessArchitectureUse CasesDesign&Admin ExperienceDemonstrationWrap-UpQ&ABRKSEC 22854#CiscoLive 2023 Cisco an

4、d/or its affiliates.All rights reserved.Cisco PublicAbout Me5BRKSEC 228510 years in CybersecurityPassionate SpeakerHome Automation EnthusiastCloud,Endpoint,&NetworkAPI AficionadoAll things BatmanWhat is SSE?2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive7BRKSEC 2285S Secu

5、rity S Service E EdgeSolution to secure access to Web,SaaS,and Private applicationsProtect users wherever they are,wherever they are going,all the time WebSaaSPrivateSSE 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco Secure AccessAll New SSE from Cisco!Secure Web Ga

6、teway(SWG)Cloud Access Security Broker(CASB)&DLPZero Trust Network Access(ZTNA)Firewall as a Service(FWaaS)&IPSCoreCapabilitiesBeyondCore CapabilitiesDNS SecurityMultimode DLPRemote Browser IsolationAdvanced Malware ProtectionFile SandboxVPN as a ServiceEven MoreCisco value-addCisco SD-WAN integrati

7、on Synergistic Cisco solutions:DEM,XDR,DUO/SSO,CSPM,ISE and more 3rdparty integrations(SD-WAN and other security tools)8BRKSEC 2285What problems does SSE aim to solve?2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco Secure AccessConsolidate Security&maintain consisten

8、t enforcementProvide flexible deployment optionsEnable a secure hybrid enterpriseOffer Seamless admin&end user experienceL ts g t sta t d!10BRKSEC 2285Cisco Secure AccessArchitecture 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveArchitecture OverviewCisco Secure Access12

9、BRKSEC 2285Breakout(unmonitored internet and trusted SaaS)Public ApplicationsPrivate ApplicationsClientless AccessZTNA Private Applications via App Connector or Backhaul VPNPublic ApplicationsDC/Colo/BranchUnified Dashboard Identity and Continuous Posture-based Controls Single SLA Single Policy Magn

10、etic Design SystemPOPs in Public Cloud and Cisco Edge Data CentersInternet/SaaSPublic/Private CloudOn Premise,Users,Devices&ThingsManaged EndpointUnmanagedPrivate ApplicationsSD-WANSecure AccessUnified Security Single data path Consistent inspection for all traffic Flexible ingress/egress connectivi

11、tyInternet TrafficPrivate TrafficSecure TunnelHowHowWhatWhatWhoWho 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveArchitecture DetailWhoWho(is accessing)Users&Devices13BRKSEC 2285Breakout(unmonitored internet and trusted SaaS)Public ApplicationsPrivate ApplicationsClientl

12、ess AccessZTNA Private Applications via App Connector or Backhaul VPNPublic ApplicationsDC/Colo/BranchUnified Dashboard Identity and Continuous Posture-based Controls Single SLA Single Policy Magnetic Design SystemPOPs in Public Cloud and Cisco Edge Data CentersInternet/SaaSPublic/Private CloudOn Pr

13、emise,Users,Devices&ThingsManaged EndpointUnmanagedPrivate ApplicationsSD-WANSecure AccessUnified Security Single data path Consistent inspection for all traffic Flexible ingress/egress connectivityInternet TrafficPrivate TrafficSecure TunnelHowHowWhatWhatWhoWho 2023 Cisco and/or its affiliates.All

14、rights reserved.Cisco Public#CiscoLiveArchitecture DetailWhoWho(is accessing)Users&Devices14BRKSEC 2285UsersUnmanaged EndpointManaged EndpointCisco Secure Client Anyconnect VPN ZTNA ModuleThird Party Web BrowserVPNZTNAZTNAAnyconnect VPN Authentication&Posture Connect time TLS Tunnel Carry Internet&P

15、rivate Traffic(all ports)SAML,(+)Cert,&(+)Multi-Cert AuthenticationZTNA Module Authentication&Posture per connection QUIC tunnel(MASQUE proxy)Carry Private Traffic(All ports&protocols)SAML Auth+Auto re-newWeb Roaming Module Device Enrollment(profile)Carry Internet Web Traffic(80/443)WebClientless ZT

16、NA Accessible from any browser that supports SAML/Cookies Request based posture(geolocation,browser version,OS)Web Apps Only 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveArchitecture DetailWhoWho(is accessing)Users&Devices15BRKSEC 2285UsersBranch Devices Edge Device Tun

17、nel to CSA All internet traffic is routed to CSA Auto Tunnels with Viptela SD-WAN DIA branches Private traffic respects optimized SD-WAN*Branch DevicesDC/Colo/BranchSD-WANBranch Edge(Router/Firewall)*ZTNA use case changes behavior in certain scenarios(will be covered later)Internet/SaaSSecure Access

18、 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveArchitecture DetailWhatWhat(are they accessing)Internet&Private Resources16BRKSEC 2285Breakout(unmonitored internet and trusted SaaS)Public ApplicationsPrivate ApplicationsClientless AccessZTNA Private Applications via App C

19、onnector or Backhaul VPNPublic ApplicationsDC/Colo/BranchUnified Dashboard Identity and Continuous Posture-based Controls Single SLA Single Policy Magnetic Design SystemPOPs in Public Cloud and Cisco Edge Data CentersInternet/SaaSPublic/Private CloudOn Premise,Users,Devices&ThingsManaged EndpointUnm

20、anagedPrivate ApplicationsSD-WANSecure AccessUnified Security Single data path Consistent inspection for all traffic Flexible ingress/egress connectivityInternet TrafficPrivate TrafficSecure TunnelHowHowWhatWhatWhoWho 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAppConn

21、.Architecture DetailWhatWhat(are they accessing)Private Resources17BRKSEC 2285AppsNetwork Tunnel IPSec Backhaul Automated SD-WAN Backhaul Static or BGP based routing Auto Failover/RedundancyApplication Connector Software deployment(VM or Cloud Instance)Deploy closest to application Outbound connecti

22、vity(no holes in firewall)Auto failover/load balancingApp B()IPSecAppConn.App A()Public or Private CloudDC/Colo/BranchOutboundDTLS tunnelsInternet TrafficPrivate TrafficSecure TunnelSecure AccessSD-WAN 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveArchitecture DetailWhat

23、What(are they accessing)Internet18BRKSEC 2285AppsInternet/SaaSManaged EndpointTrusted SaaS/Bypass Bypass inspection for trusted web applications route traffic directly to internet from host Secure Internet Access All internet traffic filtered through CSA Branch traffic routed via network and IP sec

24、Tunnel Remote traffic acquired via Secure ClientTrusted SaaSInternet TrafficPrivate TrafficSecure TunnelSecure Access 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveArchitecture DetailHowHow(are they accessing)Cisco Secure Access19BRKSEC 2285Breakout(unmonitored internet

25、and trusted SaaS)Public ApplicationsPrivate ApplicationsClientless AccessZTNA Private Applications via App Connector or Backhaul VPNPublic ApplicationsDC/Colo/BranchUnified Dashboard Identity and Continuous Posture-based Controls Single SLA Single Policy Magnetic Design SystemPOPs in Public Cloud an

26、d Cisco Edge Data CentersInternet/SaaSPublic/Private CloudOn Premise,Users,Devices&ThingsManaged EndpointUnmanagedPrivate ApplicationsSD-WANSecure AccessUnified Security Single data path Consistent inspection for all traffic Flexible ingress/egress connectivityInternet TrafficPrivate TrafficSecure T

27、unnelHowHowWhatWhatWhoWho 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveArchitecture DetailHow How(are they accessing)Cisco Secure AccessBRKSEC 2285POPs in Public Cloud and Cisco Edge Data CentersSecure AccessService EdgeAuthDevice Posture&HealthMFASupportCASBSWGDLPNATWe

28、b Internet TrafficPrivate TrafficNon-Web Internet TrafficServicesRouterTraffic AcquisitionZTNAProxyNetworkTunnelZTNAClientlessService EdgeL3/4/7 FW IPSRemoteVPNServicesRouter20 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveArchitecture DetailHow How(are they accessing)Ci

29、sco Secure Access(Authentication)BRKSEC 2285MFA Support Layer MFA via SAML Provider Native browser based authentication(support WebAuth etc.)Authentication IdP/CSV/AD Sync User Provisioning SAML AuthenticationAuthDevice Posture&HealthMFASupportDevice Posture&Health Operating System Geolocation Check

30、(Policy)Firewall Disk Encryption Browser Check Anti-Malware File Check Registry Check(windows only)Process Check System Password Certificate Check21 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveArchitecture DetailHow How(are they accessing)Cisco Secure Access(Security I

31、nspection)BRKSEC 2285CASBSWGDLPNATWeb Internet TrafficPrivate TrafficNon-Web Internet TrafficL3/4/7 FW IPSServicesRouterSWG(Secure Web Gateway)Full forward proxy TLS Decryption(Internet)Inline SAML authentication Cloud Tennant ControlsDLP(Data Loss Prevention)Exact Data Matching Inline detection&pre

32、vention Out of Band Detection and remediationCASB(Cloud Access Security Broker)Tunable Application Control Inline detection&prevention Out of Band Detection and remediationL3-7 Firewall(Transparent)Intent based policy TLS Decryption IPS signature detection and/or prevention22 2023 Cisco and/or its a

33、ffiliates.All rights reserved.Cisco Public#CiscoLiveWhat have we solved so far?Consolidate Security&maintain consistent enforcementProvide flexible deployment optionsEnable a secure hybrid enterpriseOffer Seamless admin&end user experienceL ts K p Going!23BRKSEC 2285Cisco Secure AccessUse Cases#Cisc

34、oLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicUse Case SummaryPrivate Network AccessRemote User needs access to Private NetworkRemote Access VPN connectionRoaming User(Secure Client)Onsite(SD-WAN)Application in Private DC/Public Cloud25BRKSEC 2285 2023 Cisco and/or its affil

35、iates.All rights reserved.Cisco Public#CiscoLivePrivate Network AccessRemote user Network access via VPN26BRKSEC 2285VPNPOPs in Public Cloud and Cisco Edge Data CentersSecure AccessAuthDevice Posture&HealthMFASupportServicesRouterTraffic AcquisitionL3/4/7 FW IPSRemoteVPNService EdgeSecure Private Ac

36、cess(VPN)User Connects to Secure AccessAuthentication&Posture is evaluatedTunnel established(persists until timeout)Access&Security policy evaluatedEstablish connection to private resourceSplit IncludeRFC191812312344IPSecPrivate NetworkRFC 1918Public or Private CloudDC/Colo/BranchNetworkTunnelTraffi

37、c Acquisition55Service EdgeInternet TrafficPrivate TrafficSecure TunnelServicesRouter 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePrivate Network AccessOnsite user Network access via SD-WAN27VPNSecure Private Access(SD-WAN)User Comes OnsiteSecure Client VPN goes to sle

38、ep(Trusted Network)Private traffic is routed via optimized SD-WANApplication Access is grantedInternet traffic remains secure through DIA tunnel231234Private NetworkRFC 1918Public or Private CloudDC/Colo/Branch4SD-WANInternet/SaaS155Internet TrafficPrivate TrafficSecure TunnelSecure AccessBRKSEC 228

39、5 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePrivate Network AccessInter Remote user P2P28BRKSEC 2285VPNPOPs in Public Cloud and Cisco Edge Data CentersSecure AccessAuthDevice Posture&HealthMFASupportServicesRouterTraffic AcquisitionL3/4/7 FW IPSRemoteVPNService EdgeS

40、ecure Peer Access(VPN)User1 Connected to Secure AccessAuthentication&Posture is evaluatedTraffic Inspected through FirewallTraffic Routed to User2Split IncludeRFC191812312344NetworkTunnelTraffic AcquisitionService EdgeInternet TrafficPrivate TrafficSecure TunnelServicesRouterVPNSplit IncludeRFC1918U

41、ser 2User 1#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicUse Case SummaryPrivate Application AccessRemote User needs access to ZTNA ApplicationSecure Client ZTNA ModuleConsistent when Roaming&OnsiteApplication in Private DC/Public CloudPrivate application accessed via I

42、PsecPrivate application accessed via Application Connector29BRKSEC 2285ZTNA End-to-EndArchitecture 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveZTNA Architecture31BRKSEC 2285Secure AccessServicesRouterService EdgeApp A()Public or Private CloudDC/Colo/BranchApp GatewaySe

43、rvice EdgeZTNAZTNAProxyOutboundDTLS App Connector Group ADC/CloudConnector Group Assigned CGNAT IP100.64.10.1Application Defined and DNS Mapped to Connector GConnector Group A100.64.0.1DNSWeb Internet TrafficPrivate TrafficOther TrafficQUERY A:? IS 100.64.0.1End to End ZTNA Prevent leak of true IP t

44、o cloud Per connection security Dynamic App Connector Group selection(Can have multiple)2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveZTNA ArchitectureModule Socket Interception32BRKSEC 2285VPNZTNAApplicationSocket Intercept/FilterPacket Intercept/FilterRouting TablePack

45、et Intercept/FilterVirtual InterfacePhysical InterfaceSocket Filter Advantages Control of over DNS and application traffic before VPN No route table manipulation Capture Traffic based on FQDN,Wildcard,IP,or CIDR Interoperate with existing Cisco&Non-Cisco VPN solutions 2023 Cisco and/or its affiliate

46、s.All rights reserved.Cisco Public#CiscoLiveZTNA ArchitectureWhy MASQUE?33BRKSEC 2285No direct application access Proxy ArchitecturePer-Connection,application,or device tunnelsFallback to HTTP/2(TCP)of QUIC is blocked(UDP)Native device OS Support(no added client)Broad application support;TCP,UDP,IP

47、2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveZTNA ArchitectureWhy QUIC?34BRKSEC 2285Fast Connection times(0-RTT)Change IPs without renegotiation(Connection migration)Individually encrypted packetsUDP transport(safe from TCP Meltdown)No head-of-line blocking(Stream Multi

48、plexing)Can simultaneously use multiple interfaces(Multipath)Cisco Secure AccessUse Cases(Cont.)2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePrivate Application AccessRemote user ZTNA Access via Secure Client(IPSec)36BRKSEC 2285VPNPOPs in Public Cloud and Cisco Edge Dat

49、a CentersSecure AccessAuthDevice Posture&HealthMFASupportServicesRouterTraffic AcquisitionL3/4/7 FW IPSService EdgeSecure Private Access(ZTNA)User connects to application(ZTNA Match)Connection initiated via ZTNADevice credentials&posture evaluatedAccess&Security policy evaluatedEstablish connection

50、to private resource1312344IPSecApp BPublic or Private CloudDC/Colo/BranchNetworkTunnelTraffic Acquisition55Service EdgeZTNAZTNAProxyInternet TrafficPrivate TrafficSecure TServicesRouterQUIC2 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePrivate Application AccessRemote u

51、ser ZTNA Access via Secure Client(App Conn.)37BRKSEC 2285VPNPOPs in Public Cloud and Cisco Edge Data CentersSecure AccessAuthDevice Posture&HealthMFASupportServicesRouterTraffic AcquisitionL3/4/7 FW IPSService EdgeSecure Private Access(ZTNA)User connects to application(ZTNA Match)Connection initiate

52、d via ZTNADevice credentials&posture evaluatedAccess&Security policy evaluatedEstablish connection to private resource1312344App A()Public or Private CloudDC/Colo/BranchApp GatewayTraffic Acquisition55Service EdgeZTNAZTNAProxyAppConn.AppConn.OutboundDTLS Internet TrafficPrivate TrafficSecure TunnelS

53、ervicesRouterQUIC2#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicUse Case SummaryPrivate Application Access3rdParty needs access to private resourceZTNA ControlsBrowser based access(Clientless)Private application accessed via IPsec Private application accessed via Applic

54、ation Connector38BRKSEC 2285 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePrivate Application Access3rdParty Clientless Access(IPSec)39BRKSEC 2285POPs in Public Cloud and Cisco Edge Data CentersSecure AccessAuthDevice Posture&HealthMFASupportServicesRouterTraffic Acquis

55、itionL3/4/7 FW IPSService EdgeClientless ZTNA AccessUser requests application via URLChallenged for SAML+MFA Access&Security policy evaluatedEstablish connection to private resource13212344IPSechttps:/198.51.100.10:443Public or Private CloudDC/Colo/BranchNetworkTunnelTraffic AcquisitionService EdgeZ

56、TNAClientlessInternet TrafficPrivate TrafficSecure TunnelServicesRouterhttps:/SAML Authentication 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePrivate Application Access3rdParty Clientless Access(App Conn.)40BRKSEC 2285POPs in Public Cloud and Cisco Edge Data CentersSec

57、ure AccessAuthDevice Posture&HealthMFASupportServicesRouterTraffic AcquisitionL3/4/7 FW IPSService Edge4https:/198.51.100.10:443Public or Private CloudDC/Colo/BranchApp GatewayTraffic AcquisitionService EdgeZTNAClientlessAppConn.AppConn.OutboundDTLS tunnelsInternet TrafficPrivate TrafficSecure Tunne

58、lServicesRouter12https:/SAML AuthenticationClientless ZTNA AccessUser requests application via URLChallenged for SAML+MFA Access&Security policy evaluatedEstablish connection to private resource12343#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicUse Case SummarySecure In

59、ternet AccessManaged endpointsSecure Client Remote usersOnsite UsersUnmanaged endpointsIn branch OT/IoT devices41BRKSEC 2285 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSecure Internet Access Remote User Cisco Secure Client(Full tunnel)Secure Internet AccessRequest web

60、 application(Bypass or CSA)FWaaS inspects and directs trafficWeb&Security policy evaluatedEstablish connection to web application1234Web Internet TrafficPrivate TrafficNon-Web Internet TrafficVPNPOPs in Public Cloud and Cisco Edge Data CentersSecure AccessAuthDevice Posture&HealthMFASupportServicesR

61、outerTraffic AcquisitionL3/4/7 FW IPSRemoteVPNService EdgeFull Tunnel1234CASBSWGDLPNATService EdgeServicesRouterInternet/SaaSTrusted SaaS Bypass42BRKSEC 2285 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSecure Internet Access Remote User Cisco Secure Client(Roaming Modu

62、le)Secure Internet AccessRequest web application(Bypass or Secure)FWaaS Directs Web Traffic to SWGWeb&Security policy evaluatedEstablish connection to web application1234Web Internet TrafficPrivate TrafficWebPOPs in Public Cloud and Cisco Edge Data CentersSecure AccessAuthDevice Posture&HealthMFASup

63、portServicesRouterTraffic AcquisitionL3/4/7 FW IPSWebTunnelService EdgeWeb Tunnel1234CASBSWGDLPNATService EdgeServicesRouterInternet/SaaSTrusted SaaS Bypass43BRKSEC 2285 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSecure Internet Access Onsite User Cisco Secure Client(

64、DIA)Secure Internet AccessUser comes onsite Secure Client SleepTraffic routed through DIA tunnel to CSAFWaaS inspects and directs trafficWeb&Security policy evaluatedEstablish Connect to web application1234Web Internet TrafficPrivate TrafficNon-Web Internet TrafficVPNPOPs in Public Cloud and Cisco E

65、dge Data CentersSecure AccessAuthDevice Posture&HealthMFASupportServicesRouterTraffic AcquisitionL3/4/7 FW IPSRemoteVPNService Edge1245CASBSWGDLPNATService EdgeServicesRouterInternet/SaaSTrusted SaaS Bypass3IPsec DIABranch544BRKSEC 2285 2023 Cisco and/or its affiliates.All rights reserved.Cisco Publ

66、ic#CiscoLiveSecure Internet Access Onsite User PAC RedirectionSecure Internet AccessUser is onsite and has PAC configurationWeb Traffic routed to Secure AccessFWaaS inspects and directs trafficWeb&Security policy evaluatedEstablish Connect to web application1234Web Internet TrafficPrivate TrafficNon

67、-Web Internet TrafficPOPs in Public Cloud and Cisco Edge Data CentersSecure AccessAuthDevice Posture&HealthMFASupportServicesRouterTraffic AcquisitionL3/4/7 FW IPSRemoteVPNService Edge1245CASBSWGDLPNATService EdgeServicesRouterInternet/SaaSPAC Exclude3Branch5System Proxy Configuration80/443 Web45BRK

68、SEC 2285 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSecure Internet Access Onsite User Unmanaged DevicesSecure Internet AccessDevice requests web applicationSAML to validated identity(if supported)FWaaS inspects and directs trafficWeb&Security policy evaluatedEstablis

69、h Connect to web application1234Web Internet TrafficPrivate TrafficNon-Web Internet TrafficPOPs in Public Cloud and Cisco Edge Data CentersSecure AccessAuthDevice Posture&HealthMFASupportServicesRouterTraffic AcquisitionL3/4/7 FW IPSRemoteVPNService Edge145CASBSWGDLPNATService EdgeServicesRouterInte

70、rnet/SaaSTrusted SaaS Bypass3IPsec DIABranch5246BRKSEC 2285 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhat have we solved so far?Consolidate Security&maintain consistent enforcementProvide flexible deployment optionsEnable a secure hybrid enterpriseOffer Seamless adm

71、in&end user experienceAlmost There!47BRKSEC 2285Cisco Secure AccessDesign&Admin Experience 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDesign and Experience ChallengesFlexible deployment optionsNumerous ways for end users to connectDifferent policy/inspection for diffe

72、rent trafficEnterprise scale Does more flexibility mean more complex?All New UI Designed with Admin Experience as#1 Priority49BRKSEC 2285 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMagnetic Design SystemModular,simple,effective50BRKSEC 2285Throughout using the product

73、,the admins intent is kept at the forefront,while the complexity of the underlying engines is hidden to ensure a simplified,user-friendly experience.What does Magnetic mean for Cisco Secure Access?“”2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBuilding BlocksThe Modular

74、 pieces of ConfigurationNetwork ConnectivityApplication DefinitionEndpoint ConfigurationSecurity ControlsPolicyCreationApplication ConnectorIPsec TunnelVPN ApplicationZTNA ApplicationClientless ApplicationVPN ProfileZTNA ProfileRoaming ProfileEndpoint PostureWeb SecurityIPS ProfileIdentity51BRKSEC 2

75、285 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveConfigure Once-Use EverywhereExample Use Case Private Access52BRKSEC 2285Application ConnectorIPsec TunnelVPN ApplicationZTNA ApplicationClientless ApplicationVPN ProfileZTNA ProfileRoaming ProfileAuto-InformEndpoint Post

76、ureLink ApplicationApplyWeb SecurityIPS ProfileIdentityPolicyCreationApply 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhat have we solved so far?Consolidate Security&maintain consistent enforcementProvide flexible deployment optionsEnable a secure hybrid enterpriseOff

77、er Seamless admin&end user experienceW did it Almost!53BRKSEC 2285Cisco Secure AccessLive First Look Demo!2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fill out a minimum of four session surveys and the overall event survey wil

78、l get Cisco Live-branded socks(while supplies last)!55BRKSEC 2285These points help you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in theCisco Live Challenge for every survey completed.2023 Cisco and/or its affiliates.All righ

79、ts reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-Demand Library for more sessions at www.CiscoL IDThank you#CiscoLive 2023 C

80、isco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive58Gamify your Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:123458 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKSEC 2285#CiscoLive