Cisco Cisco NAC Appliance 4.6 Leaflet
5
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
Session Number
Presentation_ID
Presentation_ID
C97-347999-00 05/06
Complexity Demands Defense-in-Depth
identity
guest access
guest access
AAA
AAA
employee
employee
endpoint
security
Anti
Anti
-
-
spyware
spyware
personal
personal
firewalls
firewalls
HIPS
HIPS
anti
anti
-
-
virus
virus
network
security
security
IDS/IPS
IDS/IPS
VPNs
VPNs
perimeter
perimeter
firewalls
firewalls
X
Endpoint security alone fails:
99% have AV, but infections persist!
Host based apps are easily manipulated—
even unintentionally
Time gap between virus and virus def/repair
Host based apps are easily manipulated—
even unintentionally
Time gap between virus and virus def/repair
X
Identity alone fails:
Protects against unauthorized
access, but not malware
Identifies user, but not device
access, but not malware
Identifies user, but not device
X
Network security alone fails:
Firewalls cannot block legitimate ports
VPNs cannot block legitimate users
Malware signatures must be known
Detection often occurs after-the-fact
VPNs cannot block legitimate users
Malware signatures must be known
Detection often occurs after-the-fact