eBooks/eGuides

Ransomware Defense for Dummies eBook

Issue link: https://insights.oneneck.com/i/1093615

Contents of this Issue

Navigation

Page 40 of 52

CHAPTER 4 Deploying Cisco Ransomware Defense 35 These materials are © 2017 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. » Advanced malware protection: Effective breach detection with low total cost of ownership (TCO) offers protection value. Discover, understand, and stop malware and emerg- ing threats missed by other security layers — activated with a simple software license. Use the network as a sensor and enforcer Cisco uses the network to dynamically enforce security policy with software-defined segmentation designed to reduce the overall attack surface, contain attacks by preventing the lateral movement of threats across the network, and minimize the time needed to isolate threats when detected. Cisco solutions enable the network itself to act as a sensor and enforcer. Identity Services Engine (ISE) with TrustSec and Stealth- watch simplifies the provisioning and management of secure network access, provides greater visibility into anomalous net- work activity, accelerates security operations, and consistently enforces policy anywhere in the network. Unlike access control mechanisms, which are based on network topology, Cisco Trust- Sec controls are defined using logical policy groupings, so resource segmentation and secure access are consistently maintained, even as resources move in mobile and virtualized networks. What does all this mean? TrustSec policy enforcement can prevent a ransom- ware attack from spreading throughout your network. Cisco TrustSec functionality is embedded in Cisco switching, routing, wireless LAN (WLAN), and firewall products to protect assets and applications in enterprise and data center networks. Traditional access control methods segment and protect assets using virtual LANs (VLANs) and access control lists (ACLs). Cisco TrustSec instead uses security group policies, which are writ- ten in a plain-language matrix and decoupled from IP addresses and VLANs. Users and assets with the same role classification are assigned to a security group. Cisco TrustSec policies are centrally created and automatically distributed to wired, wireless, and VPN networks so that users and assets receive consistent access and protection as they move in virtual and mobile networks. Software-defined segmentation helps reduce the time spent on network engineering tasks and compliance validation.

Articles in this issue

Archives of this issue

view archives of eBooks/eGuides - Ransomware Defense for Dummies eBook