wireless and network security integration defense by hi-5 marc hogue chris jacobson alexandra korol...
TRANSCRIPT
![Page 1: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/1.jpg)
Wireless and Network Wireless and Network Security IntegrationSecurity Integration
Defense by Hi-5Defense by Hi-5
Marc HogueMarc HogueChris JacobsonChris JacobsonAlexandra KorolAlexandra KorolMark OrdonezMark Ordonez
Jinjia XiJinjia Xi
![Page 2: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/2.jpg)
IntroductionIntroduction
► Importance of Integrated Network Importance of Integrated Network SecuritySecurity Example of disjointed solutionExample of disjointed solution Example of properly integrated solutionExample of properly integrated solution
► Importance to IT LeadersImportance to IT Leaders
![Page 3: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/3.jpg)
AgendaAgenda
►Integrated Solution ArchitectureIntegrated Solution Architecture► Integrated Solution ComponentsIntegrated Solution Components
Cisco Security Agent (CSA)Cisco Security Agent (CSA) Cisco NAC Appliance Cisco NAC Appliance Cisco FirewallCisco Firewall Cisco IPSCisco IPS CS-MARSCS-MARS
![Page 4: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/4.jpg)
Cisco Unified Wireless Cisco Unified Wireless NetworkNetwork
►Anytime, anywhere access to information.Anytime, anywhere access to information.►Real-time access to instant messaging, e-Real-time access to instant messaging, e-
mail, and network resources.mail, and network resources.►Mobility services, such as voice, guest Mobility services, such as voice, guest
access, advanced security, and location.access, advanced security, and location.►Modular architecture that supports 802.11n, Modular architecture that supports 802.11n,
802.11a/b/g, and enterprise wireless mesh 802.11a/b/g, and enterprise wireless mesh for indoor and outdoor locations, while for indoor and outdoor locations, while ensuring a smooth migration path to future ensuring a smooth migration path to future technologies and servicestechnologies and services
![Page 5: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/5.jpg)
Secure Wireless ArchitectureSecure Wireless Architecture
►The following five interconnected The following five interconnected elements work together to deliver a elements work together to deliver a unified enterprise-class wireless unified enterprise-class wireless solution:solution: Client devicesClient devices Access pointsAccess points Wireless controllersWireless controllers Network managementNetwork management Mobility servicesMobility services
![Page 6: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/6.jpg)
Campus ArchitectureCampus Architecture
► High availability High availability ► Access services Access services ► Application optimization and protection services Application optimization and protection services ► Virtualization services Virtualization services ► Security services Security services ► Operational and management servicesOperational and management services
![Page 7: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/7.jpg)
Branch ArchitectureBranch Architecture
![Page 8: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/8.jpg)
Cisco Unified Wireless Cisco Unified Wireless NetworkNetwork
►Anytime, anywhere access to information.Anytime, anywhere access to information.►Real-time access to instant messaging, e-Real-time access to instant messaging, e-
mail, and network resources.mail, and network resources.► Mobility services, such as voice, guest Mobility services, such as voice, guest
access, advanced security, and location.access, advanced security, and location.►Modular architecture that supports 802.11n, Modular architecture that supports 802.11n,
802.11a/b/g, and enterprise wireless mesh 802.11a/b/g, and enterprise wireless mesh for indoor and outdoor locations, while for indoor and outdoor locations, while ensuring a smooth migration path to future ensuring a smooth migration path to future technologies and servicestechnologies and services
![Page 9: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/9.jpg)
AgendaAgenda
► Integrated Solution ArchitectureIntegrated Solution Architecture► Integrated Solution ComponentsIntegrated Solution Components
Cisco Security Agent (CSA)Cisco Security Agent (CSA) Cisco NAC Appliance Cisco NAC Appliance Cisco FirewallCisco Firewall Cisco IPSCisco IPS CS-MARSCS-MARS
![Page 10: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/10.jpg)
Where CSA Fits into ArchitectureWhere CSA Fits into Architecture
![Page 11: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/11.jpg)
CSACSA
►CSA is an endpoint security solutionCSA is an endpoint security solution►Single agent that provides:Single agent that provides:
zero update attack protectionzero update attack protection data loss preventiondata loss prevention signature based antivirus signature based antivirus
►Two Components:Two Components: CSA MC CSA MC CSACSA
![Page 12: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/12.jpg)
Need for CSA Need for CSA
![Page 13: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/13.jpg)
Threats and CSA MitigationThreats and CSA Mitigation
![Page 14: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/14.jpg)
Threats and CSA MitigationThreats and CSA Mitigation
![Page 15: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/15.jpg)
Prevent Wireless Ad hoc Prevent Wireless Ad hoc Communications ModuleCommunications Module
► If a wireless ad-hoc connection is active, all If a wireless ad-hoc connection is active, all UDP or TCP traffic over any active wireless UDP or TCP traffic over any active wireless ad-hoc connection is denied, regardless of ad-hoc connection is denied, regardless of the application or IP address.the application or IP address.
► Alerts are logged and reported any time the Alerts are logged and reported any time the rule module is triggeredrule module is triggered
► Customization allows:Customization allows: User Query User Query Test DeploymentTest Deployment
![Page 16: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/16.jpg)
Prevent Wireless if Ethernet Prevent Wireless if Ethernet Active ModuleActive Module
► If an Ethernet connection is active, all UDP If an Ethernet connection is active, all UDP or TCP traffic over any active 802.11 or TCP traffic over any active 802.11 wireless connection is denied, regardless of wireless connection is denied, regardless of the application or IP address.the application or IP address.
► An alert is logged and reported for each An alert is logged and reported for each unique instance that the rule module is unique instance that the rule module is triggered.triggered.
► Supports customizationSupports customization Customized user query as a rule actionCustomized user query as a rule action Customized rule module based on locationCustomized rule module based on location Customized rule module in test modeCustomized rule module in test mode
![Page 17: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/17.jpg)
Location Aware Policy Location Aware Policy EnforcementEnforcement
►Enforces different security policies Enforces different security policies based on the location of a mobile clientbased on the location of a mobile client
►Determines state of mobile client based Determines state of mobile client based on:on: System state conditionsSystem state conditions Network interface set characteristicsNetwork interface set characteristics
►CSA location-aware policy may leverage CSA location-aware policy may leverage any of the standard CSA featuresany of the standard CSA features
![Page 18: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/18.jpg)
Roaming Force VPN ModuleRoaming Force VPN Module
► If the CSA MC is not reachable and a If the CSA MC is not reachable and a network interface is active, all UDP or network interface is active, all UDP or TCP traffic over any active interface is TCP traffic over any active interface is denied, regardless of the application or denied, regardless of the application or IP address, with the exception of web IP address, with the exception of web traffic, which is permitted for 300 traffic, which is permitted for 300 seconds.seconds.
► Informs user that VPN connection is Informs user that VPN connection is requiredrequired
►Message is loggedMessage is logged
![Page 19: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/19.jpg)
AgendaAgenda
► Integrated Solution ArchitectureIntegrated Solution Architecture► Integrated Solution ComponentsIntegrated Solution Components
Cisco Security Agent (CSA)Cisco Security Agent (CSA) Cisco NAC Appliance Cisco NAC Appliance Cisco FirewallCisco Firewall Cisco IPSCisco IPS CS-MARSCS-MARS
![Page 20: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/20.jpg)
Cisco NAC Appliance Cisco NAC Appliance OverviewOverview
►Admission Control and compliance Admission Control and compliance enforcementenforcement
►Features:Features: In-band or out-of-band deployment optionsIn-band or out-of-band deployment options User authentication toolsUser authentication tools Bandwidth and traffic filtering controlsBandwidth and traffic filtering controls Vulnerability assessment and remediation (also Vulnerability assessment and remediation (also
referred to as posture assessment)referred to as posture assessment) Network ScanNetwork Scan Clean Access AgentClean Access Agent
![Page 21: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/21.jpg)
NAC ArchitectureNAC Architecture
![Page 22: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/22.jpg)
Out-of-Band ModesOut-of-Band Modes
![Page 23: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/23.jpg)
In-Band ModesIn-Band Modes
![Page 24: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/24.jpg)
NAC Appliance Positioning:NAC Appliance Positioning:Edge DeploymentEdge Deployment
![Page 25: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/25.jpg)
NAC Appliance Positioning:NAC Appliance Positioning:Centralized DeploymentCentralized Deployment
![Page 26: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/26.jpg)
NAC AuthenticationNAC Authentication
►802.1x/EAP authentication does 802.1x/EAP authentication does not not pass through to NACpass through to NAC
►Authentication methods include:Authentication methods include: Web authenticationWeb authentication Clean Access AgentClean Access Agent Single sign-on (SSO) with Clean Access Single sign-on (SSO) with Clean Access
Agent with the following:Agent with the following: VPN RADIUS accountingVPN RADIUS accounting Active DirectoryActive Directory
![Page 27: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/27.jpg)
Authentication Process:Authentication Process:AD SSOAD SSO
![Page 28: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/28.jpg)
Posture Assessment ProcessPosture Assessment Process
![Page 29: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/29.jpg)
Remediation ProcessRemediation Process
![Page 30: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/30.jpg)
Authenticated UserAuthenticated User
![Page 31: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/31.jpg)
AgendaAgenda
► Integrated Solution ArchitectureIntegrated Solution Architecture► Integrated Solution ComponentsIntegrated Solution Components
Cisco Security Agent (CSA)Cisco Security Agent (CSA) Cisco NAC Appliance Cisco NAC Appliance Cisco FirewallCisco Firewall Cisco IPSCisco IPS CS-MARSCS-MARS
![Page 32: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/32.jpg)
Firewall Placement OptionsFirewall Placement Options
Source: Cisco, Deploying Firewalls Throughout Your Organization
![Page 33: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/33.jpg)
Why Placing Firewalls in Multiple Why Placing Firewalls in Multiple Network Segments? Network Segments?
►Provide the first line of defense in network Provide the first line of defense in network security infrastructuressecurity infrastructures
►Prevent access breaches at all key network Prevent access breaches at all key network juncturesjunctures
►Help organizations comply with the latest Help organizations comply with the latest corporate and industry governance corporate and industry governance mandatesmandates Sarbanes-Oxley (SOX)Sarbanes-Oxley (SOX) Gramm-Leach-Bliley (GLB)Gramm-Leach-Bliley (GLB) Health Insurance Portability and Accountability Act Health Insurance Portability and Accountability Act
(HIPAA)(HIPAA) Payment Card Industry Data Security Standard (PCI DSS)Payment Card Industry Data Security Standard (PCI DSS)
![Page 34: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/34.jpg)
► Cisco Catalyst 6500 Cisco Catalyst 6500 Wireless Services Module Wireless Services Module (WiSM) and Cisco Firewall (WiSM) and Cisco Firewall Services Module (FWSM)Services Module (FWSM)
► Cisco Catalyst 6500 Cisco Catalyst 6500 Wireless Services Module Wireless Services Module (WiSM) and Cisco Adaptive (WiSM) and Cisco Adaptive Security Appliances (ASA)Security Appliances (ASA)
► 2100 family WLCs with a 2100 family WLCs with a Cisco IOS firewall in an ISR Cisco IOS firewall in an ISR routerrouter
Firewall IntegrationFirewall Integration
![Page 35: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/35.jpg)
FWSM and ASA Modes of FWSM and ASA Modes of OperationOperation
Transparent ModeTransparent ModeRouted ModeRouted Mode
![Page 36: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/36.jpg)
High Availability High Availability ConfigurationConfiguration
ASA High AvailabilityASA High AvailabilityFWSM High AvailabilityFWSM High Availability
![Page 37: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/37.jpg)
WLC Deployments and IOS WLC Deployments and IOS FirewallFirewall
![Page 38: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/38.jpg)
AgendaAgenda
► Integrated Solution ArchitectureIntegrated Solution Architecture► Integrated Solution ComponentsIntegrated Solution Components
Cisco Security Agent (CSA)Cisco Security Agent (CSA) Cisco NAC Appliance Cisco NAC Appliance Cisco FirewallCisco Firewall Cisco IPSCisco IPS CS-MARSCS-MARS
![Page 39: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/39.jpg)
IPS Threat Detection and Migration IPS Threat Detection and Migration RolesRoles
![Page 40: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/40.jpg)
WLC and IPS CollaborationWLC and IPS Collaboration
►Cisco WLC and IPS Cisco WLC and IPS synchronization synchronization
►WLC enforcement of a Cisco IPS WLC enforcement of a Cisco IPS host block host block
►Cisco IPS host block retractionCisco IPS host block retraction
![Page 41: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/41.jpg)
Example of WLC enforcementExample of WLC enforcement
![Page 42: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/42.jpg)
AgendaAgenda
► Integrated Solution ArchitectureIntegrated Solution Architecture► Integrated Solution ComponentsIntegrated Solution Components
Cisco Security Agent (CSA)Cisco Security Agent (CSA) Cisco NAC Appliance Cisco NAC Appliance Cisco FirewallCisco Firewall Cisco IPSCisco IPS CS-MARSCS-MARS
![Page 43: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/43.jpg)
CS-MARSCS-MARS
►Cisco Security Monitoring, Analysis and Cisco Security Monitoring, Analysis and Reporting SystemReporting System
►Monitor the networkMonitor the network►Detect and correlate anomaliesDetect and correlate anomalies►Mitigate threatsMitigate threats
![Page 44: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/44.jpg)
Cross-Network Cross-Network Anomaly Anomaly Detection and Detection and CorrelationCorrelation► MARS is configured to MARS is configured to
obtain the obtain the configurations of configurations of other network other network devices.devices.
► Devices send events Devices send events to MARS via SNMP.to MARS via SNMP.
► Anomalies are Anomalies are detected and detected and correlated across all correlated across all devices.devices.
![Page 45: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/45.jpg)
Monitoring, Anomalies, & Monitoring, Anomalies, & MitigationMitigation
►Discover Layer 3 devices on networkDiscover Layer 3 devices on network Entire network can be mappedEntire network can be mapped Find MAC addresses, end-points, topologyFind MAC addresses, end-points, topology
►Monitors wired and wireless devicesMonitors wired and wireless devices Unified monitoring provides complete pictureUnified monitoring provides complete picture
►Anomalies can be correlatedAnomalies can be correlated Complete view of anomalies (e.g. host names, Complete view of anomalies (e.g. host names,
MAC addresses, IP addresses, ports, etc.)MAC addresses, IP addresses, ports, etc.)►Mitigation responses triggered using rulesMitigation responses triggered using rules
Rules can be further customized to extend MARSRules can be further customized to extend MARS
![Page 46: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/46.jpg)
ReportingReporting
►MARS provides reportingMARS provides reporting Detected events (e.g. DoS, probes, etc.)Detected events (e.g. DoS, probes, etc.) Distinguish between LAN and WLAN Distinguish between LAN and WLAN
eventsevents Leverage reporting from other Leverage reporting from other
components (e.g. WLC, WCS, etc.)components (e.g. WLC, WCS, etc.)►Allows detailed analysis ofAllows detailed analysis of
EventsEvents ThreatsThreats AnomaliesAnomalies
![Page 47: Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi](https://reader037.vdocument.in/reader037/viewer/2022110320/56649cb75503460f9497dbf8/html5/thumbnails/47.jpg)
Q & AQ & A