Downloads |
Data Sheet
Cisco® Security Manager is a leading enterprise-class application for managing security. Cisco Security Manager delivers provisioning of firewall, VPN, and intrusion prevention system (IPS) services across Cisco routers, security appliances, and switch services modules.
Figure 1. The Device-Centric View Delivers a Simplified Interface to Add Devices and Edit and Deploy Security Policies
Figure 2. The Map-Centric View Allows You to Manage Policies and Devices Visually
Cisco Security Manager includes "JumpStart", a built-in interactive tutorial that helps new users quickly learn about Cisco Security Manager features and concepts (Figure 3).
Figure 3. The Cisco Security Manager "JumpStart" Interactive Tutorial
Table 1. Cisco Security Manager 3.01 Features and Benefits
|
Feature |
Benefit |
|
Scalable network management |
Cisco Security Manager is suitable for efficiently managing networks that range from a few devices to thousands of devices. Scalability is achieved through powerful policy-based management techniques, which allows defining settings once and then optionally assigning the settings to individual devices, groups of devices, or across the enterprise. When a setting is changed, Cisco Security Manager automatically applies the change to all affected network devices. The firewall or VPN policies are platform-neutral, and can be applied across different device platforms such as Cisco routers, security appliances, or services modules. Cisco Security Manager also provides flexible device-level overrides, which allows policy re-use and sharing while retaining the ability to customize device-specific settings as necessary. |
|
VPN provisioning |
A VPN wizard provides easy configuration of site-to-site, hub-and-spoke, full-mesh, and extranet VPNs. • Cisco Security Manager supports Dynamic Multipoint VPN (DMVPN) and generic routing encapsulation (GRE) IP Security (IPsec), both with dynamic IP and hierarchical certificates.
• VPN and Easy VPN services can be configured remotely.
• The support of secure device provisioning enables zero-touch deployment.
• Configurations for automatic failover and load-balancing for headends are supported.
|
|
Firewall provisioning |
Cisco Security Manager enables administrators to configure policies for Cisco ASA 5500 Series appliances, Cisco PIX appliances, Cisco Catalyst 6500 Series firewall services modules, and Cisco integrated services router platforms running a Cisco IOS Software security image. • The software provides a single rule table for all platforms. Customers benefit from being able to manage these devices through one solution.
• The rule analysis feature reports firewall rules that overlap or conflict with other rules.
• The object grouping feature dramatically compresses the number of access rules required to implement a particular security policy. Object grouping uses an algorithm to group objects of a similar type so that a single access rule can apply to all objects in the group.
• The software helps identify and delete rules that have no effect on the network.
• The access control list (ACL) hit count feature checks to ensure traffic is flowing correctly.
• The policy query feature displays which rules match a specific source, destination, and service flow, including wildcards.
• To ease configuration, device information can be imported from a device repository, imported from a configuration file, or added in the software. Additionally, firewall policies can be discovered from the device itself.
• Interface roles allow a user to apply a rule policy on groups of interfaces in a scalable manner.
|
|
IPS provisioning |
Cisco Security Manager supports the following with the IPS Manager for IPS Sensors: • Cisco IPS Sensor Software-An inline, network-based software solution designed to accurately identify, classify, and stop malicious traffic, including worms, spyware and adware, network viruses, and application abuse, before it affects business continuity.
• Cisco IOS IPS-Inline intrusion capabilities make Cisco IOS IPS the first system in the industry to provide an inline, deep-packet-inspection-based IPS solution that helps Cisco routers effectively mitigate a wide range of network attacks without compromising traffic-forwarding performance. Able to accurately identify, classify, and stop malicious or damaging traffic in real time, Cisco IOS IPS is a core component of the Cisco Self-Defending Network. Cisco IOS IPS can drop traffic, send an alarm, or reset a connection, enabling a router to respond immediately to security threats. The IPS Manager provides in-depth configuration of Cisco IOS IPS.
• Single-interface, multi-VLAN IPS configuration-With the introduction of inline support, the IPS Manager now gives the user the ability to assign VLAN pairs to a single interface.
• Rate limiting configuration-Allows an IPS device to limit certain types of traffic by preventing it from using excessive bandwidth. This feature can also signal external devices, such as Cisco IOS routers, to perform rate limiting to accomplish the same function.
• Auto-apply signature update-Allows the user to download and automatically update Cisco IPS sensors with signature updates, minor releases, and patches from Cisco.com.
• Copy signature wizard-The ability to copy signature tunings from one device to many devices.
• Global event configurations-Globally apply event action overrides, event action filters, and event variables to all Cisco IPS sensors.
• Out-of-band configuration detection-The IPS Manager detects out-of-band configuration changes made to devices by other management components. Once an out-of-band configuration is detected, users can be notified via the Sensor Health and Welfare feature.
|
|
Integrated security services management |
Cisco Security Manager enables the management of integrated security services, including quality of service (QoS) for VPN, routing, Network Admission Control (NAC), and more. |
|
Flexible device grouping options |
Users can create and define device groups based on business function or location to accurately represent their organizational structure. All devices in a group can be managed as easily as a single device. |
|
Multiple application views |
Cisco Security Manager provides multiple views into the application to support different use cases and experience levels. The device-centric view is useful for novice users or those more familiar with using single device managers. The map-centric view helps in visualizing the topologies of VPNs or containment relationships between Cisco Catalyst 6500 Series service modules and security contexts. The policy-centric view excels at performing highly efficient and scalable multi-device management. |
|
Policy object manager |
Re-usable objects can be created (for example, to represent network addresses, services, device settings, time ranges, or VPN parameters). Objects can be defined once and used any number of times to avoid manually entering values. |
|
Deployment manager-flexible deployment options |
Cisco Security Manager supports both on-demand and scheduled deployments to a device or to files. |
|
Rollback |
Cisco Security Manager provides the ability to roll back to a previous configuration, if required. |
|
Role-based access control |
With Cisco Security Manager, access rights can be defined for multiple administrators, with appropriate controls. Cisco Security Manager is delivered with five user roles; additional roles are available with the optional Cisco Secure ACS. |
|
Workflow |
Cisco Security Manager optionally allows assigning specific tasks to each administrator during the deployment of a policy, with formal change control and tracking. The workflow helps improve staff collaboration (for example, between network and security operations). |
|
Distributed deployment methodologies-Auto Update Server, Cisco Network Services Configuration Engine |
Cisco Security Manager simplifies updates to large numbers of remote firewalls, which may have dynamic addresses or NAT addresses. This is a valuable feature for customers with remote locations with intermittent networks links and minimal technical staff at the remote site. |
|
Operational management |
Cisco Security Manager helps with operational functions such as software distribution or device inventory reporting. The software integrates with the Device and Credentials Repository (DCR) and CiscoWorks Resource Manager Essentials (RME). |
|
Health and performance monitoring |
Customers with a Cisco Security Manager service contract can download the CiscoWorks Monitoring Center for Performance application when available from Cisco.com. This application provides health and performance monitoring data for Cisco network devices and specific security services. |
Changes in Cisco Security Manager 3.01
• Added support for Cisco Catalyst 6500 Series Firewall Services Module 3.1
• Added support for Cisco ASA Software 7.1 and Cisco PIX Software 7.1
• Added support for the Cisco 7600 Series/Cisco Catalyst 6500 Series IPsec VPN Shared Port Adapter device
• Added support for the management of Cisco Catalyst 6500 Series router access control lists (ACLs)
• Added support for the configuration of Network Time Protocol (NTP) and syslog on Cisco IOS routers
• Includes an updated version of CiscoWorks RME (Version 4.04)
• Includes fixes to several known software bugs
http://www.cisco.com/en/US/products/ps6498/prod_bulletins_list.html
Table 2. Server Requirements and Restrictions
Table 3. Client Requirements and Restrictions
Table 4. Overview of Cisco Devices Supported by Cisco Security Manager
http://www.cisco.com/en/US/products/sw/cscowork/ps2073/products_device_support_tables_list.html.
ORDERING INFORMATION