Cisco's Secure Architecture for Enterprise (SAFE) is an awesome designing and management system for Enterprise security, but most of the time people either ignore these strandards or fails to understand them. Lets try to understand Cisco's SAFE in plain and simple manner. So, lets start with a question -
What is SAFE ?
Cisco SAFE is a reference security architecture that provides prescriptive Cisco Validated Design guides that address the planning, design and deployment of security solutions for the unique requirements of the different places in the network, such as Campus, Internet edge, Branches, and Data Center.
These blueprints also provide best practices guidance for securing critical data and transactions as they traverse the entire networked infrastructure.
SAFE’s unique defense-in-depth approach blends security elements with the network infrastructure so that event and posture information is shared between devices to create greater visibility, and enhances threat control through responses coordinated under a common control strategy.
These blueprints also provide best practices guidance for securing critical data and transactions as they traverse the entire networked infrastructure.
SAFE’s unique defense-in-depth approach blends security elements with the network infrastructure so that event and posture information is shared between devices to create greater visibility, and enhances threat control through responses coordinated under a common control strategy.
How do SAFE helps in Business Transformation ?
•Step-by-step network security design and implementation guidance shortens deployment
•Solutions-based approach focused on risk management rather than product placement
•Designed using the Cisco Security Control Framework to enable support by Cisco Lifecycle Security Services
•Layered security design helps prevent being overwhelmed by a large or unexpected attack
•Threat visibility and coordinated response reduces exposure and IT overhead
•Layered security + network architecture ensures business-critical services availability
•Modular design allows gradual improvement based on priority
•Delivers best practices and functions commonly required by regulations and standards
•Solutions-based approach focused on risk management rather than product placement
•Designed using the Cisco Security Control Framework to enable support by Cisco Lifecycle Security Services
•Layered security design helps prevent being overwhelmed by a large or unexpected attack
•Threat visibility and coordinated response reduces exposure and IT overhead
•Layered security + network architecture ensures business-critical services availability
•Modular design allows gradual improvement based on priority
•Delivers best practices and functions commonly required by regulations and standards
How would my Network look with SAFE ?
So, SAFE ensures a consistent policy deployment and enforcement strategy for the SAFE architecture to enhance visibility and control across each place in the network, and across the entire infrastructure, explained better in the diagram below -
It adds the following management features to your network security management mechanism -
Visibility:
- Identify and classify users, traffic, and devices
- Monitor and record events and behaviors
- Collect and correlate data from multiple sources
- Identify and detect anomalous traffic and threats
- Classify traffic to apply security controls
- Harden network and endpoint devices
- Limit access and usage per user, application and device
- Protect against known and unknown threats
- Isolate users, systems, services, and applications
- Collaborative response to anomalous events
- Enforce access controls and security policies, and mitigate security events
Legacy security competitors, such as CheckPoint and Symantec:
Point products lack the ability to collaborate with other security devices or the network infrastructure. Because they are siloed in a single point in a network they provide limited threat visibility and control.
Network security competitors, such as Juniper:
Like point product vendors, devices such as Juniper’s NetScreen are still poorly integrated into the network, so they suffer from poor visibility and control. Furthermore, they often do not provide solutions for many critical business applications and services, such as virtualization or UC
Cisco SAFE Strategy:
- Focused on solutions and risk management rather than products and features
- Fully tested and validated architecture based on best security practices that cover the entire network.
- Emphasizes collaboration between devices and PINS for increased visibility and control
- Designed to secure and enhance business-critical applications and services
- Maximizes customer value by providing design and deployment guidelines for Cisco platforms and capabilities.