Cisco created Cisco SAFE as an answer to increasing threats in the cyber world.
Cisco SAFE is an architectural framework that helps with designing secure solutions in the following places in the network (PINs):
Places in Network
Branches are less secure than the campus and data centre places in network (PINs) as the possible large amount of branches makes it cost prohibitive to try apply all the security controls that may be found in the campus and data centres.
Branch locations become prime targets for intrusion and attack so it is important to ensure that vital security capabilities are included whilst keeping in mind cost.
Top threats on the branch include endpoint malware, wireless infrastructure exploits, unauthorised client activity, and exploitation of trust.
The campus can contain a large amount of users: employees, contractors, guests and partners. Campuses become easy targets for phishing, web based exploits, unauthorised network access, malware propagation and botnet infestation.
The Data Centre
Data centres contain the enterprises must critical information, and are a primary goal of a targeted threat.
The data centre can contain hundreds if not thousands of servers which makes it difficult to create proper security controls for network access.
Typically network threats that are seen in data centres are data extraction, malware propagation, unauthorised network access, botnet infestation, data loss, privilege escalation and reconnaissance
The edge is the point of ingress and egress traffic to and from the internet.
It is the highest risk place in network. Threats can include web server vulnerabilities, distributed denial-of-service attacks, data loss and man in the middle attacks.
Security in the cloud is dictated by service-level agreements (SLAs) with the cloud service provider and requires independent certification audits and risk assessments.
The primary threats are web server vulnerabilities, loss of access, data loss, malware, and man in the middle attacks.
The Wide Area Network
The wide area network connects the places in network together. In a large organisation, managing security on the WAN can be challenging. Threats in the WAN can be malware propagation, unauthorised network access, WAN sniffing, and man in the middle attacks.
Cisco SAFE defines secure domains, operational areas used to protect the different PINs. The following security concepts can be used to evaluate each PIN:
Management of devices and systems using centralised services is critical for consistent policy deployment, workflow change management, and keeping systems patched. Management coordinates policies, objects, and alerting.
Security intelligence provides detection of emerging malware and cyber threats. It allows an infrastructure to enforce policy dynamically. It enables accurate and timely security protection
PCI DSS 3.0 and HIPAA are examples of compliance
Segmentation establishes boundaries of data and users.
A traditional form of segmentation is different VLANs for policy enforcement.
A more advanced form of segmentation is leveraging identity-aware infrastructure to enforce policies in an automated manner
Threat defence demonstrates that is important to have isnight into the most dangerous cyber threats.
Threat defence can provide this through network traffic telemetry, file reputation, and contextual information.
It allows the assessment of the nature and risk of suspicious activity to the correct steps can be taken
Secure services include technologies such as access control, virtual private networks, and encryption.
By implementing the Cisco SAFE framework, the organisation can have a capability of advanced threat detection and protection before, during, and after an attack
Before an Attack
Full knowledge of all the assets that need to be protected is required, and the types of threats that could target these assets need to be identified.
Establish policies and implement preventative measures to reduce risk.
Cisco proposed solutions for this are next-generation firewalls, network access control, network security analysis, and identity services
During an Attack
During an attack that gets through the perimeter. Threat analysis and incident response are some typical activities that are associated with this phrase.
Organisations can leverage next generation intrusion prevention systems, next-generation firewalls, malware protection and e-mail and web security solutions that make it possible to detect, block, and defend against attacks that in progress against the network
After an Attack
After the attack has been detected, contained and remediated. Any lessons learned need to incorporated into the existing security solution.
Organisations can leverage advanced Cisco Advanced Malware Protection, next generation firewalls and malicious network behaviour using StealthWatch to quickly effectively scope, contain and remediate against an attack.