Cisco Cisco NAC Appliance 4.9 Leaflet
5
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
Session Number
Presentation_ID
Presentation_ID
C97-348014-00 05/06
Complexity Demands Defense-in-Depth
Identity
Guest access
AAA
Employee
Endpoint
Security
Anti-spyware
Personal
Firewalls
HIPS
Anti-virus
Network
Security
Security
VPNs
IDS/IPS
Perimeter
Firewalls
Firewalls
X
Identity alone fails:
Protects against unauthorized
access, but not malware
Identifies user, but not device
access, but not malware
Identifies user, but not device
X
Endpoint security alone fails:
99% have AV, but infections persist!
Host based apps are easily
manipulated—even unintentionally
Time gap between virus and virus def/repair
Host based apps are easily
manipulated—even unintentionally
Time gap between virus and virus def/repair
X
Network security alone fails:
Firewalls cannot block legitimate ports
VPNs cannot block legitimate users
Malware signatures must be known
Detection often occurs after-the-fact
VPNs cannot block legitimate users
Malware signatures must be known
Detection often occurs after-the-fact