《隨時隨地進行安全管理:Cisco Defense Orchestrator & cdFMC 以及安全分析和日志記錄.pdf》由會員分享,可在線閱讀,更多相關《隨時隨地進行安全管理:Cisco Defense Orchestrator & cdFMC 以及安全分析和日志記錄.pdf(91頁珍藏版)》請在三個皮匠報告上搜索。
1、#CiscoLive#CiscoLiveAaron K.Hackney,Technical Product OwnerBRKSEC-1138Manage Your Cisco Firewalls AnywhereCisco Defense Orchestrator 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveYour SpeakerAaron K.HTechnical Product OwnerCisco Defense OrchestratorLiving in San Antonio,
2、Texas,Aaron comes from a service provider background,specializing in large firewall fleet operations with an emphasis on devops and operating at scale.Aaron holds an MS in computer science and is also a 15+year veteran instructor of the Cisco Networking Academy having taught at colleges in both Illi
3、nois and Texas.BRKSEC-11384 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App Questions?Use Cisco Webex App to chat with the speaker after the sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install
4、 the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until June 9,2023.12345https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKSEC-11385Agenda 2023 Cisco and/or its affiliates.All rights r
5、eserved.Cisco PublicIntroduction/Overview Introduction/Overview What,What,Where&Why?Where&Why?Cloud Delivered FMC and Cloud Delivered FMC and Managing FTDManaging FTDMultiMulti-Cloud DefenseCloud DefenseManaging ASA and other Managing ASA and other PlatformsPlatformsSecurity Analytics and Security A
6、nalytics and LoggingLoggingAPI Integrations with API and API Integrations with API and DevopsDevopsWrap upWrap upBRKSEC-11386Why Cisco Defense Orchestrator 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicManaging network and application security is hard work.BRKSEC-11381010 2023 Cis
7、co and/or its affiliates.All rights reserved.Cisco PublicBRKSEC-1138CDO Solves Problems 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCDO Solves Problems FASTCDO is a SaaS leveraging a CI/CD Pipeline(Continuous Integration,Continuous Delivery)PlanCodeBuildContinuous Test
8、ingRelease/DeployReleases/Sprints CDO 1 Week cdFMC 4-6 Weeks Customers ask.we deliver BRKSEC-113812 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCDO Needs NONO Inbound AccessCDO Devices initiate connection via Internet CDO does not need inbound connectivity Flexible con
9、nectivity options CLI and API access via CDO SDC/SEC for ASA IOSBRKSEC-113813 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCDO“Outbound Only”ConnectivityBRKSEC-113814 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCDO Manages Devices Anywhere
10、Physical Hardware,Public or Private Cloud Virtual,FTD Instances,ASA Contexts,and even containerizedCDOBRKSEC-113815 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCDO Simplifies Advanced Tooling Migrate FTD from On-Prem FMC to cdFMCBRKSEC-113816 2023 Cisco and/or its affi
11、liates.All rights reserved.Cisco Public#CiscoLiveCDO Simplifies Advanced Tooling Firewall Migration Tool ASA cdFMC/FTD FDM cdFMC/FTD PAN cdFMC/FTD Fortinet cdFMC/FTDBRKSEC-113817 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCDO Simplifies Advanced Tooling Cisco Secure D
12、ynamic Attributes Connector(CSDAC)BRKSEC-113818 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCDO Simplifies Fleet Management Code version visibility Hardware/Serial number visibility High AvailabilityBRKSEC-113819 2023 Cisco and/or its affiliates.All rights reserved.Cis
13、co Public#CiscoLiveCDO Simplifies Fleet Management Scheduled code upgradesBRKSEC-113820 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCDO Simplifies Fleet Management Notifications via email or webhooksBRKSEC-113821 2023 Cisco and/or its affiliates.All rights reserved.Cis
14、co Public#CiscoLiveCDO Simplifies Visibility Device configuration changesBRKSEC-113822 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCDO Simplifies Visibility Remote Access VPN(Live and Historical)BRKSEC-113823 2023 Cisco and/or its affiliates.All rights reserved.Cisco P
15、ublic#CiscoLiveCDO Simplifies Visibility Site-to-Site VPNBRKSEC-113824 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCDO Simplifies Visibility Centralized Logging and Analytics for ASA and FTDBRKSEC-113825 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public
16、#CiscoLiveCDO Simplifies FTD Management at Scale Manage up to 1000 FTDs from a single instance of cdFMCBRKSEC-113826 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCDO Simplifies Cloud Security Integration with Multicloud Defense BRKSEC-113827 2023 Cisco and/or its affili
17、ates.All rights reserved.Cisco PublicCDO to integrate with“all the things”BRKSEC-113828 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicASA Object and Policy ManagementBRKSEC-113829 2023 Cisco and/or its affiliates.Al
18、l rights reserved.Cisco PublicAWS VPC Security Group Policy ManagementBRKSEC-113830 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicMeraki MX Policy ManagementBRKSEC-113831 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicIOS Bulk CLI Access&Config VisibilityBRKSEC-1
19、13832Multicloud Defense 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMulticloud DefenseBRKSEC-113834 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMulticloud Defense35BRKSEC-1138Cloud Delivered Firewall Management Center(cdFMC)2023 Cisco and
20、/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCloud Delivered Firewall Management Center Cloud native FMC platform provided by Cisco Defense Orchestrator Not just a lift-and-shift VM of FMC Manage any FTD from any form factor physical or virtual Manage any FTD from anywhereBRKSEC-1138
21、37 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCloud Delivered Firewall Management Center Manage up to 1000 FTDs from a SINGLE INSTANCE of cdFMC Roadmap is 2000 FTDs from a single instance Rapid release CI/CD pipeline=new features in weeksweeks instead of months SaaS C
22、isco FULLY manages and maintains the FMC SaaS Focus on managing security posture,not“managing the manager”BRKSEC-113838 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCloud Delivered Firewall Management Center FTD Version 7.0.3+minimum FTD Version 7.2+to use Low Touch Pro
23、visioning(LTP)OnPrem FMC 7.2+to migrate FTD to cdFMC(Manager migration)Internet access from management-interface oror from a data-interface Legacy FMC migration coming soon!Requirements to be managed by cdFMC:BRKSEC-113839 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicComplete FTD
24、 Mgmtwith cdFMC40BRKSEC-1138 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDeploy FTD to Cloud of Choice41BRKSEC-1138 Wizard Driven Deploy instance Auto-Add to cdFMC All from CDO 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOnboard Cisco Sec
25、ure Firewall42BRKSEC-1138 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOnboard Cisco Secure FirewallSelect FTDBRKSEC-113843 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive“configure manager”CLI methodLow touch provisioning forFPR1000,FPR2100,
26、FPR3100See demo video hereOnboard Cisco Secure FirewallBRKSEC-113844 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOnboard Cisco Secure FirewallAssign the default policyBRKSEC-113845 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOnboard Cisco
27、 Secure Firewall Select the device form factor Select the tier(virtual only)Select the feature entitlementsBRKSEC-113846 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOnboard Cisco Secure FirewallBRKSEC-113847 2023 Cisco and/or its affiliates.All rights reserved.Cisco Pu
28、blic#CiscoLiveOnboard Cisco Secure FirewallRegistration will retry every 5 minutes or We can click“Retry Onboarding”for on-demand retry.Refresh connectivity statusBRKSEC-113848 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOnboard Cisco Secure FirewallEnsure managementma
29、nagement-planeplanehas outbound Internet access and DNS resolution is workingping system BRKSEC-113849 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOnboard Cisco Secure FirewallPaste the CDO generated configuration to the FTD CLIBRKSEC-113850 2023 Cisco and/or its affil
30、iates.All rights reserved.Cisco Public#CiscoLiveOnboard Cisco Secure Firewall SFTunnel was successfully built Initial device config and default policyare being pushed to the FTDBRKSEC-113851 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOnboard Cisco Secure Firewall Devi
31、ce fully onboarded Ready to manage with cdFMCBRKSEC-113852 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOnboard Cisco Secure FirewallLaunch intoCloud Delivered Firewall Management CenterBRKSEC-113853 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Cisc
32、oLiveOnboard Cisco Secure FirewallBRKSEC-113854 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOnboard Cisco Secure FirewallWhen secondary device is initially added,it will show up as a distinct deviceBRKSEC-113855 2023 Cisco and/or its affiliates.All rights reserved.Cisc
33、o Public#CiscoLiveOnboard Cisco Secure FirewallOnce the HA has been configured in firewall management center,the CDO device objects will be automatically merged into 1 device HA roles and status(green/red)HA Group NameBRKSEC-113856 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Ci
34、scoLiveCloud Delivered FMC57BRKSEC-1138 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLive demo of cdFMC and FTD management58BRKSEC-1138ASA Management 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveASA ManagementObjects and Policy ManagementBR
35、KSEC-113860 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveASA ManagementPolicy Based and VTI/Route-Based VPN WizardsBRKSEC-113861 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveASA ManagementASA Bulk CLI and MacrosBRKSEC-113862 2023 Cisco and/
36、or its affiliates.All rights reserved.Cisco Public#CiscoLiveASA ManagementScheduled ASA UpgradesBRKSEC-113863 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveASA ManagementDetailed Changelogs and Diff Views AvailableBRKSEC-113864 2023 Cisco and/or its affiliates.All rights
37、 reserved.Cisco Public#CiscoLiveASA Management65BRKSEC-1138Troubleshooting Tools From CDO No CLI required 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveASA Management66BRKSEC-1138Lots more functionality including:Configuration visibility NAT policy Backups File managemen
38、t Certificate management Out of band change management Interface configuration Routing configuration Platform Settings Policy 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLive demo of common ASA tasksBRKSEC-113867CDO VisibilitySecurity Analytics and Logging 2023 Cisco a
39、nd/or its affiliates.All rights reserved.Cisco PublicSecurity Analytics and LoggingUnified views:FTD Connection EventsFTD IPS/Threat EventsFTD Malware EventsFTD URL EventsFTD Threat Intelligence EventsASA Connections,Syslog,Netflow,etc.BRKSEC-113869SCALESCALE 2023 Cisco and/or its affiliates.All rig
40、hts reserved.Cisco Public#CiscoLiveSecurity Analytics and LoggingLog from anywhere securelyBRKSEC-113870 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSecurity Analytics and LoggingFTD Analytics DashboardBRKSEC-113871 2023 Cisco and/or its affiliates.All rights reserved.
41、Cisco Public#CiscoLiveTelemetry for each event is visibleSecurity Analytics and LoggingBRKSEC-113872 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBackground SearchSecurity Analytics and LoggingBRKSEC-113873 2023 Cisco and/or its affiliates.All rights reserved.Cisco Publ
42、ic#CiscoLiveScheduled SearchesSecurity Analytics and LoggingBRKSEC-113874 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFeeds Telemetry to Cisco Secure Analytics(Formerly Stealthwatch Cloud)Security Analytics and LoggingBRKSEC-113875 2023 Cisco and/or its affiliates.All
43、rights reserved.Cisco Public#CiscoLiveBRKSEC-113876Security Analytics and LoggingWhats coming for Security Analytics and Logging*Security Analytics and Logging 2.0 Improved search times Closer alignment to OnPrem FMC event viewer Packet Payload Capture for IPS Events*Subject to change 2023 Cisco and
44、/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLive demo of SALSecurity Analytics and LoggingBRKSEC-113877Devops 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCDO APICDO APIStep 1:Create an API only user for your tenant and select RBAC role*Disclaimer:API i
45、s not fully supported(YET!)today but nothing is stopping your careful use of it.BRKSEC-113879 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCDO APICDO APIStep 2:Authentication and content-type Each API call requires an HTTP authentication header It is a simple bearer tok
46、en(Use API token from step 1)Must also include a content-type“application/json”headerPostman Example:cURL Example:BRKSEC-113880 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCDO APICDO APIStep 3:How does the CDO UI do it?Using“Developer Tools”in Firefox,you can see the A
47、PI endpoints and the data structures of the POST/PUT payloads in the“network”tab.BRKSEC-113881 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCDO APICDO APIStep 3:How does the CDO UI do it?BRKSEC-113882 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Cis
48、coLiveLive demo of API automation via some API and Ansible PlaybooksBRKSEC-113883Wrap-Up 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicTry it out!Register today for your freefree Demo/POV of CDO and cloud delivered FMCAPJ https:/US https:/EMEA https:/www.defenseorchestrator.euOr g
49、o to https:/BRKSEC-113885 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDemo of spinning up a CDO TenantBRKSEC-113886 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSummary Firewall management platform and orchestration You You aintaint seen n
50、othing yet!seen nothing yet!CI/CD=Rapid innovation!cdFMC is a game changer Focus on policy not the manager cdFMC LTP makes remote branch deployments plug-and-play Shared Objects=more consistent policy and fewer mistakes RA VPN visibility is excellent for managing work-from-anywhere Operation at scal
51、e is possibleBRKSEC-113887 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco Secure Firewall YouTube ChannelCisco Secure Firewall YouTube ChannelLow Touch Provisioning Demo88BRKSEC-1138 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFrom tec
52、hnology training and team development to Cisco certifications and learning plans,let us help you empower your business and Learning and CertificationsPay for Learning with Pay for Learning with Cisco Learning Credits Cisco Learning Credits(CLCs)are prepaid training vouchers redeemed directly with Ci
53、sco.Cisco Training BootcampsIntensive team&individual automation and technology training programsCisco Learning Partner ProgramAuthorized training partners supporting Cisco technology and career certificationsCisco Instructor-led and Virtual Instructor-led trainingAccelerated curriculum of product,t
54、echnology,and certification coursesCisco Certifications and Specialist CertificationsAward-winning certification program empowers students and IT Professionals to advance their technical careersCisco Guided Study Groups180-day certification prep program with learning and supportCisco Continuing Educ
55、ation ProgramRecertification training options for Cisco certified individualsLearnCisco U.IT learning hub that guides teams and learners toward their goalsCisco Digital LearningSubscription-based product,technology,and certification trainingCisco Modeling LabsNetwork simulation platform for design,t
56、esting,and troubleshootingCisco Learning Network Resource community portal for certifications and learningTrainCertifyBRKSEC-113889 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fill out a minimum of four session surveys and th
57、e overall event survey will get Cisco Live-branded socks(while supplies last)!These points help you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in the Cisco Live Challenge for every survey completed.BRKSEC-113890 2023 Cisco an
58、d/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-Demand Library for more sessions at www.CiscoL
59、you#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive93Gamify your Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:123493 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKSEC-1138#CiscoLive