Businesses are facing daunting new challenges in security operations. A growing number of security technologies, combined with the reduction and redirection of IT headcount once dedicated to security management, has resulted in a challenging operational environment. Security professionals have been stretched to the point where human error now frequently results in security exposure and incidents. Integrated end-to-end tools that enable consistent policy enforcement and quick troubleshooting of security events, in addition to providing summarized reports about the security deployment, are invaluable to operations teams.
Cisco Security Manager Overview
Cisco® Security Manager enables enterprises to manage and scale security operations efficiently and accurately. Cisco Security Manager integrates a powerful suite of capabilities, including policy and object management, event management, reporting, and troubleshooting, which are essential to maintaining security posture in today's ever-changing threat environment. Cisco Security Manager supports a range of security solutions, including Cisco ASA 5500 Series Adaptive Security Appliances, Cisco IPS 4200 Series Sensor Appliances, Cisco Secure Routers, and the Cisco AnyConnect™ Secure Mobility Client.
Security Policy Management
Security administrators can create reusable network objects such as network addresses and services, which are defined once and used any number of times. Cisco Security Manager also allows policies to be defined once and shared across devices. This minimizes errors associated with manual entry of data, and makes the management of security objects and policies more efficient. Administrators can implement both on-demand and scheduled security deployments, and can roll back to a previous configuration if required. Role-based access control and deployment workflows help ensure that compliance processes are followed. See Figure 1.
Figure 1. Security Policy Management
Cisco Security Manager also enables flexible provisioning of IPS signature updates, providing administrators with the ability to incrementally provision new and updated signatures, create IPS policies for those signatures, and then share the policies across devices. Additionally, insight into Cisco Security Intelligence Operations (SIO) recommendations allows administrators to fine-tune their environment prior to deploying signature updates. The following features allow security teams to significantly cut the amount of time spent on manual tasks while reducing errors and optimizing their security environment:
• Policy and object sharing enables security rules and objects to be reused.
• RBAC and workflow ensure error-free deployments and process compliance.
• Flexible deployments and rollback capabilities provide administrators the tools to efficiently implement defined policies.
• Provisioning of IPS signature updates and access to Cisco SIO enhance the ability of security teams to keep up with ever-growing security threats.
Event Management and Troubleshooting
Integrated event management provides administrators with real-time incident analysis and rapid troubleshooting, while advanced filtering and search capabilities enable them to quickly identify and isolate interesting events. Cross-linkages between the event manager and configuration manger reduce troubleshooting time for firewall rules and IPS signatures. See Figure 2.
Figure 2. Event Management and Troubleshooting
The Cisco Security Manager Event Viewer provides:
• Support for syslog messages created by Cisco ASA appliances, Cisco Firewall Services Modules (FWSMs), and Security Device Event Exchange (SDEE) messages from Cisco IPS sensors
• Real-time and historical event viewing
• Cross-linkages to firewall access rules and IPS signatures, for quick navigation to the source policies
• A pre-bundled set of views for firewall, IPS, and VPN
• Customizable views for monitoring select devices or a select time range
• Intuitive GUI controls for searching, sorting, and filtering events
• Administrative options to turn event collection on or off for select security devices
• Tools such as ping, traceroute, and packet tracer for further troubleshooting capabilities
Cisco Security Manager 4.2 includes a report manager, which generates system reports from events that it receives and displays them as either charts or data grids. It also allows administrators to define and save custom reports using advanced report criteria to meet their specific reporting needs. All report data and charts can be exported to PDF and Excel, and they can be scheduled for email delivery as PDF or CSV files. See Figure 3 and Table 1 for a list of system reports.
Figure 3. Reporting
Table 1. System Reports
• Top Infected Hosts
• Top Malware Ports
• Top Malware Sites
• Top Destinations
• Top Services
• Top Sources
• Inspection/Global Correlation
• IPS Simulation Mode
• Target Analysis
• Top Attackers
• Top Blocked/Unblocked Signatures
• Top Signatures
• Top Victims
• Top Bandwidth Users (SSL/IPsec)
• Top Duration Users (SSL/IPsec)
• Top Throughput Users (SSL/IPsec)
• User Report
• VPN Device Usage Report
Cisco Security Manager Use Cases
Table 2 describes the primary use cases for Cisco Security Manager.
Table 2. Cisco Security Manager Primary Use Cases
• Powerful object and rule sharing capabilities enable administrators to efficiently and consistently maintain their firewall estate
• Innovative policy query feature displays which rules match a specific source, destination, and service flow, including wildcards; this feature allows the administrator to define policies more efficiently
• To ease configuration, device information can be imported from a device repository or configuration file, or added in the software; additionally, firewall policies can be discovered from the device itself - this feature simplifies initial security management setup
• Consumption of ASA/ASASM/FWSM syslog events
• System-generated and customized reports, including firewall traffic and botnet reports
• Incremental provisioning of new and updated signatures
• Insight into Cisco SIO recommended defaults allows customers to tune their environment before distributing the signature update
• IPS signature policies and event action filters can be inherited and assigned to any device - all other IPS polices can be assigned to and shared with other IPS devices; IPS management also includes policy rollback, a configuration archive, and cloning or creation of signatures
• IPS update administration and IPS subscription licensing updates allow users to manage IPS software, signature updates, and licensing based on local and shared polices
• Consumption and viewing of IPS SDEE events
• System and custom IPS reports, including top attackers, top signatures
Site-to-Site VPN Management
• Easy configuration of site-to-site, hub-and-spoke, full-mesh, and extranet VPNs
• Support for Group Encrypted Transport VPN (GET VPN), Dynamic Multipoint VPN (DMVPN), and Generic Routing Encapsulation (GRE)
• Support for a variety of site-to-site IPsec VPN configurations, including dynamic IP, hierarchical certificates, and preshared keys
• Extranet IPsec VPN support for establishing tunnels to partner networks and third-party devices
Cisco AnyConnect Management
• Enables large scale Cisco AnyConnect deployments via policy sharing across multiple ASA appliances
• Supports advanced configurations of Cisco Secure Desktop
• Provisioning of IPsec Remote Access and SSL VPNs
• Multiple system reports tailored for remote access administration
For more information on Cisco Security Manager hardware and software requirements, see the Cisco Security Manager Deployment Guide at http://www.cisco.com/go/csmanager.
Cisco Security Manager Pro - Incremental 50 Device License
Cisco Security Manager Pro - Incremental 100 Device License
Cisco Security Manager Pro - Incremental 250 Device License
Note: The incremental device licenses are only available to customers who have bought the Professional Edition of Cisco Security Manager.
Cisco takes a lifecycle approach to services and, with its partners, provides a broad portfolio of security services so enterprises can design, implement, operate, and optimize network platforms that defend critical business processes against attack and disruption, protect privacy, and support policy and regulatory compliance controls.
Cisco services help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business.
• Cisco Security Intelligence Operations (SIO) Service provides a central location for early warning threat and vulnerability intelligence and analysis, Cisco IPS signatures, and mitigation techniques.
• Cisco Security IntelliShield Alert Manager Service provides a customizable, web-based threat and vulnerability alert service that allows organizations to easily access timely, accurate, and credible information about potential vulnerabilities in their environment.
• Cisco Software Application Support (SAS) Service keeps Cisco Security Manager up and running with around-the-clock access to technical support and minor software releases.
• Cisco Security Optimization Service helps organizations maintain peak network health. The network infrastructure is the foundation of an agile and adaptive business. The Cisco Security Optimization Service supports the continuously evolving security system to meet ever-changing security threats through a combination of planning and assessments, design, performance tuning, and ongoing support for system changes.
For More Information
For more information about Cisco Security Manager 4.2, visit http://www.cisco.com/go/csmanager or contact your account manager or a Cisco Authorized Technology Provider.
Related Products and Services
For more information about Cisco security solutions, please visit the links below: