a new paradigm networking in healthcare - vde itg...digital business agility hyper-awareness...

30
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential A new paradigm Networking in Healthcare Christian Korff Cisco Deutschland September 2017

Upload: others

Post on 05-Mar-2021

3 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

A new paradigmNetworking in Healthcare

Christian Korff

Cisco Deutschland

September 2017

Page 2: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

For 30 years, we’ve focused on helping to change the way the world works, lives, plays, and learns.

Our Vision

Page 3: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability
Page 4: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability

Digitalisierungals Essenz

StückkostenKopierfähigkeit

Kosten gegen 0

Wiederverwendungvon InnovationRapid Prototyping

Moore‘s LawMiniaturisierung

exponentielle Verbreitung

Page 5: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability

Stückkosten

Page 6: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability

Modularisierung

Rapid

Prototyping

Page 7: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability

Miniaturisierung

Page 8: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability

„Leben und Arbeiten

im Computer?“

© Prof. Dr. Ing. Andreas Schrader

Page 9: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability

Digital Business Agility

Hyper-

awareness

Informed

Decision-

MakingDigitalBusiness

Agility

Fast

Execution

A company’s ability

to detect and monitor

changes in its

business environment

A company’s ability to

make the best decision in

a given situation

A company’s ability to carry

out its plans quickly and

effectively

Digital Business Agility

Page 10: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability

So What?

Page 11: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability

Start with the Core

! "#$%&' ( $#

Add in theDistribution Layer …

! "#$%&' ( $#

) *+,#*- . / "0%&' ( $#

Traditional Multi-Layer Distribution …

! "#$%&' ( $#

) *+,#*- . / "0%&' ( $#

VSS-basedDistribution …

! "#$%&' ( $#

) *+,#*- . / "0%&' ( $#

122

Add in theAccess Layer …

! "#$%&' ( $#

) *+,#*- . / "0%&' ( $#

122

344$++&' ( $#

Multi-Layer Access …L3 terminated at Dist.

! "#$%&' ( $#

) *+,#*- . / "0%&' ( $#

122

344$++&' ( $#

Routed Access …L3 terminated at Access

! "#$%&' ( $#

) *+,#*- . / "0%&' ( $#

122

344$++&' ( $#

Converged Access …Wired / Wireless

! "#$%&' ( $#

) *+,#*- . / "0%&' ( $#

122

344$++&' ( $#

Instant Access …

! "#$%&' ( $#

) *+,#*- . / "0%&' ( $#

122

344$++&' ( $#

Add inWired clients ...

! "#$%&' ( $#

) *+,#*- . / "0%&' ( $#

122

344$++&' ( $#

Add inAccess Points …

! "#$%&' ( $#

) *+,#*- . / "0%&' ( $#

122

344$++&' ( $#

… and someWireless clients …

! "#$%&' ( $#

) *+,#*- . / "0%&' ( $#

122

344$++&' ( $#

Add in a CampusServices Layer …

! "#$%&' ( $#

) *' #$+! ' , - . /) $#012$/

31/4#15. 6"7%&' ( $#

8) )

922$//&' ( $#

… with some WirelessLAN Controllers (WLCs)

! "#$%&' ( $#

) *' #$+! ' , - . /) $#012$/

31/4#15. 6"7%&' ( $#

8) )

922$//&' ( $#

! "# ! "#

… and some Firewalls

! "#$%&' ( $#

) *' #$+! ' , - . /) $#012$/

31/4#15. 6"7%&' ( $#

8) )

922$//&' ( $#

! "#

$%&' ( ) **

! "#

$%&' ( ) **

Form the WLCs intoa Mobility Group …

! "#$%&' ( $#

) *' #$+! ' , - . /) $#012$/

31/4#15. 6"7%&' ( $#

8) )

922$//&' ( $#

! "#

$%&' ( ) **

! "#

$%&' ( ) **

Create the CUWN CAPWAP overlay …

! "#$%&' ( $#

) *' #$+! ' , - . /) $#012$/

31/4#15. 6"7%&' ( $#

8) )

922$//&' ( $#

! "#

$%&' ( ) **

! "#

$%&' ( ) **

Add in Converged Access to the mix …… and add in theData Center for the siteInternet access, dual-homed, with RA VPNGuest wireless access,terminated in DMZNow, let’s move outto the WAN …First, we may haveMAN connectivity …We may also have atraditional WAN (T1, etc)

We may have an SP-provided MPLS serviceWe may be using DMVPN over InternetWe may be using GET VPN over WAN/MPLS …… or we may be using DMVPN over 3G/4G/SatBranches may be single-attached to the WAN …Or branches may be dual-WAN-attachedAdd in remote teleworkers …We may have an second, backup Data Center …… using a variety of DCI options for connectivityFinally, all of this may be virtualized “N” times …

Non-Prescriptive Topology (Too many variations)

Complex Addressing(IP Address tied to topology)

Disruptive Device Growth(IOT and mobility)

Static Resource Allocation

Manual Processes

Complex Provisioning

Rigid Policies(Policy based on IP Address)

Networks Today…

Page 12: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability
Page 13: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability

Controller

Software Defined Networking

Services

Orchestration

and Policy

Infrastructure

Endpoints

SecurityCollaborationMobility

Branch

Intent / Policy

Configuration

Page 14: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

I N T E N T CONTEXT

S E C U R I T Y

L E A R N I N G

THE NETWORK.INTUITIVE.Powered by intent, informed by context.

Page 15: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

THE NETWORK. INTUITIVE.Powered by Intent. Informed by Context.

Intent-based Network Infrastructure

Command and Control Center

AnalyticsPolicy Automation

I N T E N T C O N T E X T

S E C U R I T Y

L E A R N I N G

Programmable

Integrated

Secure

Software Defined Accesspowered by DNA Center

Assurance powered by Network Data Platform

Security Policypowered by Identity Services Engine

Page 16: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability
Page 17: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability

C97-739103-00 © 2017 Cisco and/or its affiliates. All rights reserved. Public

Encrypted Traffic is increasing

75 % of web traffic will be encrypted by 2019**

SSL/TLS encrypted traffic grew 90% year

over year from July 2015 to July 2016.*

* Source: NSS Labs

2015

40%

2016

75%

2019

21%

15% of all Malware utilizes TLS and rising*

**Cisco ThreatGrid Analysis 2015

Page 18: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability

C97-739103-00 © 2017 Cisco and/or its affiliates. All rights reserved. Public

How to identify Malware hidden under TLS?Endpoint Internet

. . .

?

Page 19: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability

C97-739103-00 © 2017 Cisco and/or its affiliates. All rights reserved. Public

Behavioral Patterns w.r.t. Packet Lengths/Times

Bestafera

Self-Signed Certificate

Data Exfiltration

C2 Message

Google Search

Initial Page LoadPage Refresh

Autocomplete

Page 20: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability

C97-739103-00 © 2017 Cisco and/or its affiliates. All rights reserved. Public

TLS Client Fingerprinting (Bestafera)

TLS ClientHello Possible Clients True Client

(v: 1.0.1r)

Page 21: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability

C97-739103-00 © 2017 Cisco and/or its affiliates. All rights reserved. Public

Why This Approach is Successful

(v: 1.0.1r)

(v: 52.0)

+

+

=

=

Page 22: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability
Page 23: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability

SD-Access - Two Level Hierarchy

Building Management

VN

Network

Campus Users

VN

First level Segmentation that

ensures zero Communication

between Building Management

and Campus Users

1

2

Virtual Network (VN) VRF

Second level Segmentation

ensures role based access control

between two groups within a

Virtual Network

Scalable Group SGT/SGACL

1

2

Group Policy

Page 24: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability
Page 25: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability

CollaborationSecurity Networking

Page 26: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability

Expanded data usage increases need

for efficient, reliable networks

Business-critical apps require priority

and real-time access

Increased number of mobile devices

requires even better analytics

Network Utilization Growth

Page 27: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability

iOS and Cisco devices recognize

each other

Enabled with a “handshake”—unique

to Apple and Cisco

Fast roaming and load balancing

automatically enabled

Optimizing Wi-Fi Connectivity

Page 28: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Page 29: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability

• ETA Solution Overview in BRKCRS-1560 -https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=95570&backBtn=true

• Research behind ETA BRKSEC-2809 -https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=94399&backBtn=true

• Cognitive Analytics overview BRKSEC-3106 -https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=95774&backBtn=true

• Hidden Figures - Securing what you cannot see INSSEC-103 -https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=95318&backBtn=true

• Overview of ETA https://www.youtube.com/watch?v=JpbL6DC-JlM

• Demo of ETA https://www.youtube.com/watch?v=6f5INflDRto

RessourcesFor YourReference

Page 30: A new paradigm Networking in Healthcare - VDE ITG...Digital Business Agility Hyper-awareness Informed Decision-Digital Making Business Agility Fast Execution A company’s ability