Chapter 9. Cisco Security Manager

This book details how a layered defense is the best defense to protect a network against attacks. A layered defense as part of a self-defending network is similar to layered defenses in sports such as football and soccer. These sports have an initial defense against the opposition followed by additional layers of defense closer to the critical resource of the team. In a soccer or football analogy, the critical resource is the goal, and in a network environment, the critical resource is often a server or remote PC. In the sports analogy, a layered defense is only effective if the different layers are implementing a consistent strategy and are on the same page as to what they are trying to accomplish. For example, a football defense in which the cornerbacks are playing zone defense while the safeties think that everyone is playing man defense is probably not going to be very effective because the layered defense is not coordinated and is inconsistent.

In the network environment, centralized management is an effective way to ensure that the layered defenses are all executing the same plan. Centralized management is also an effective tool to let the security operations manager know when part of the layered defense is behaving incorrectly or is being ineffective.

Centralized management is composed of two main functional areas:

• Configuration

• Monitoring/mitigation

Cisco offers a centralized management product line called the Cisco Security Management Suite. The Cisco Security Management Suite is composed of the Cisco Security Manager and Cisco Security MARS. Cisco Security Manager and Cisco Security MARS are the follow-on products to the CiscoWorks VPN and Security Management Solution (VMS) product.