Cisco Blogs
Share

Cisco Defense Orchestrator: The Security Policy Management “Easy Button”

- July 13, 2016 - 0 Comments

Staying on top of security is hard, especially for network operations staff. If you’re like most of your peers, you probably have lots of devices, tons of policies and many locations and even cloud deployments to account for. Every time you need to change a policy, the complexity and time involved to do it right is all consuming and stressful. One hasty change can lead to an unwanted chain reaction, exposing your entire company to a potential security threat.

Don’t you wish you had an easy button? Now you do. Cisco Defense Orchestrator cuts through complexity so you can make policy management simpler and your security policy stronger, without having to be a security expert. As the name suggests, it’s a cloud-based solution that allows you, from one simple portal, to orchestrate security policy across your portfolio of Cisco security solutions (Next-Generation Firewall (NGFW), Cisco ASA Firewall, ASAv, and OpenDNS) and across your entire network.

Whether you have a dozen or thousands of locations, Cisco Defense Orchestrator gives you comprehensive visibility and control, so that you can easily optimize, configure, and manage policies across these different security devices and services. Defense Orchestrator shows you any policy misconfigurations and inconsistencies so you can make policy changes quickly and know your policies are airtight.

Don’t believe in an easy button? Here are a couple of real-world examples of Cisco Defense Orchestrator at work.

Let’s say you are managing 1,000 stores and need a way to deploy policies across your entire enterprise quickly and easily. Using Cisco Defense Orchestrator, you could discover and analyze the current policy structure and then establish consistent security configurations using standardized policy templates. You can modify templates as needed for certain locations and model and verify changes before deployment to make sure they’re right and don’t introduce unintended risks. Because Cisco Defense Orchestrator is cloud-based, policies and changes are pushed out quickly from a single location. The NetOps team also has enterprise-wide visibility into Internet access to ensure it is being used for business purposes. And as the business grows and new locations open, you can apply the same security policy template with a simple cut and paste.

Manage firewall rules at scale through named policy blocks.

Manage firewall rules at scale through named policy blocks.

CDO-APM

Contextualized search is a powerful tool for getting the full picture and taking action on your security posture.

Cisco Defense Orchestrator: Security Policy Management

Customizable reporting dashboard gives you a quick view into your policy effectiveness.

“Cisco Defense Orchestrator has been a tremendous help maintaining consistent security policies across the 24 firewall contexts (and growing) spread across our two data centers,” said Stan Hembrough, Senior Network Analyst, Insurance Corporation of British Columbia (ICBC.) “Using Cisco Defense Orchestrator has simplified our firewall rule maintenance and is saving us several hours of work every week.”

Cisco Defense Orchestrator also makes it easy for network administrators to enhance security by adding new solutions without adding complexity. Another customer needed to improve its security posture by upgrading aging infrastructure to next-generation firewalls. It also needed to eliminate policy sprawl stemming from years of multiple admins and consultants. With a lean staff, lots of remote users, and a financial goal of reducing capital expenditures, like hardware costs, as much as possible, they looked for a cloud-based solution. Using Cisco Defense Orchestrator they could take stock quickly of their existing policy structure by doing a simple search for all existing rules and instantly seeing results. Security policy templates made it easy to model a configuration that adheres to an updated corporate policy standard. Any member of the IT team can push new and updated polices across the new Cisco ASA and FirePOWER modules to protect all their users, wherever they are.

With Cisco Defense Orchestrator Network Ops teams can do more and save more – staying on top of security challenges throughout the company with a simple cloud-based console. It’s your easy button, making security effective yet simple.

For more information, check us out at cisco.com/go/cdo.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.