Brksec 1138
Brksec 1138
Brksec 1138
BRKSEC-1138
#CiscoLiveAPJC
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Abstract
Cisco Defense Orchestrator is a SaaS that provides management to your Firewall wherever it sits: Physical, Virtual, On
Prem, Public Cloud, Private Cloud even in a container.
Cisco Defense Orchestrator (CDO) is a SaaS that is delivered from the Cloud but provides management to your Firewall
wherever it sits: Physical, Virtual, On Prem, Public Cloud, Private Cloud, or even in a container. Cloud Deleivered Firewall
Management Center (cdFMC) is a cloud delivered, turnkey SaaS for managing all of your FTD needs without the need to
manage FMC infrastructure. Cisco Secure Analytics and Logging (SAL) is a SaaS that enables Firewalls to send their logs
safely and securely to the Cloud while providing one convenient place to troubleshoot, audit, and analyze your events. In this
session, you will learn:
1. How these services integrate and work together to provide a comprehensive, end to end Firewall Management solution, no
matter the platform.
2. The architecture of the CDO, cdFMC, Multi-Cloud Defense (MCD), & SAL deployment models
3. How to use CDO to operationalize your logging views under a single pane of glass
4. How SAL leverages log data to provide actionable analytics using an embedded Cisco Secure Analtics integration
5. Best practices for operationalizing CDO, cdFMC, MCD & SAL together in your environment
The session will include a mixture of lecture and real product demos.
A basic understanding of Cisco Firewalls (ASA and/or FTD) by attendees is assumed for this session.
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Cisco Webex App
Questions?
Use Cisco Webex App to chat
with the speaker after the session
How
1 Find this session in the Cisco Live Mobile App
3 Install the Webex App or go directly to the Webex space Enter your personal notes here
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Your Speaker
Anshul Kaushik
• ankaushi@cisco.com
• CCIE Security #23790
• 20 Years in Industry, 18 with Cisco
• TAC – Presales - Channels
• Drive end to end Security Enablement
• Lives in Melbourne and like outdoors
#CiscoLiveAPJC BRKSEC-11138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
• Introduction/Overview – What,
Where & Why?
• Cloud Delivered FMC and
Managing FTD
• Multi-Cloud Defense
• Managing ASA and other
Platforms
Agenda • Security Analytics and Logging
• API Integrations with API and
Devops
• Wrap up
BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Why Cisco
Defense
Orchestrator
What is Cisco Defense Orchestrator (CDO)?
Consistently manage policies across your Cisco security products. CDO is a cloud-based application that cuts through complexity
to save time and keep your organization protected against the latest threats.
management
AS A FT D
enforcement HQ
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Challenges to Securing an Enterprise
Perimeters are no longer geographically defined, so a single perimeter firewall is no longer the norm.
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Managing network
and application
security is hard
work.
BRKSEC-1138
BRKSEC-1138 © 2023 Cisco
© 2023 and/or
Cisco its affiliates.
and/or All rights
its affiliates. reserved.
All rights Cisco
reserved. Public
Cisco Public 11
CDO Solves Problems
CDO Solves Problems FAST
Releases/Sprints Plan
Release/Deploy
• cdFMC 4-6 Weeks Code
• Customers ask...we deliver Continuous Testing
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
CDO Needs NO Inbound Access
• Devices initiate connection via
Internet
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
CDO “Outbound Only” Connectivity
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
CDO Manages Devices Anywhere
Physical Hardware, Public or Private Cloud Virtual, FTD Instances,
ASA Contexts, and even containerized
CDO
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
CDO Simplifies Advanced Tooling
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
CDO Simplifies Advanced Tooling
• ASA → cdFMC/FTD
• FDM → cdFMC/FTD
• PAN → cdFMC/FTD
• Fortinet → cdFMC/FTD
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
CDO Simplifies Advanced Tooling
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
CDO Simplifies Fleet Management
❖ New notifications coming for AnyConnect Certificate Expiration
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
CDO Simplifies Fleet Management
• Scheduled code upgrades
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
CDO Simplifies Fleet Management
• Notifications via email or webhooks
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
CDO Simplifies Visibility
• Device configuration changes
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
CDO Simplifies Visibility
• Remote Access VPN (Live and Historical)
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
CDO Simplifies Visibility
• Site-to-Site VPN
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
CDO Simplifies Visibility
• Centralized Logging and Analytics for ASA and FTD
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
CDO Simplifies FTD Management at Scale
• Manage up to 1000 FTDs from a single instance of cdFMC
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
CDO Simplifies Cloud Security
• Integration with Multicloud Defense
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
CDO to integrate
with “all the things”
BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
OnPrem FMCs
Auto-Discover and share
objects with OnPrem FMCs
BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASA Object and
Policy Management
BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
AWS VPC Security
Group Policy
Management
BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Meraki MX Policy
Management
BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
IOS Bulk CLI Access
& Config Visibility
BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Multicloud Defense
Multicloud Defense
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Multicloud Defense
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Cloud Delivered
Firewall Management Center
(cdFMC)
Cloud Delivered Firewall Management Center
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Cloud Delivered Firewall Management Center
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Cloud Delivered Firewall Management Center
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Complete FTD Mgmt with cdFMC
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Deploy FTD to Cloud of Choice
❖ Wizard Driven
❖ Deploy instance
❖ Auto-Add to cdFMC
❖ All from CDO
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Onboard Cisco Secure Firewall
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Onboard Cisco Secure Firewall
Select FTD
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Onboard Cisco Secure Firewall
Low touch provisioning for
“configure manager” CLI method FPR1000, FPR2100, FPR3100
See demo video here
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Onboard Cisco Secure Firewall
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Onboard Cisco Secure Firewall
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Onboard Cisco Secure Firewall
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Onboard Cisco Secure Firewall Refresh connectivity status
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Onboard Cisco Secure Firewall
Ensure management-plane
has outbound Internet
access and DNS resolution
is working
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Onboard Cisco Secure Firewall
Paste the CDO generated configuration to the FTD CLI
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Onboard Cisco Secure Firewall
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Onboard Cisco Secure Firewall
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Onboard Cisco Secure Firewall
Launch into
Cloud Delivered
Firewall Management Center
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Onboard Cisco Secure Firewall
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
Onboard Cisco Secure Firewall
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Onboard Cisco Secure Firewall
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Cloud Delivered FMC
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Live demo of cdFMC and FTD management
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
ASA Management
ASA Management
Platform Settings
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASA Management
Interface Settings
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASA Management
Static Routing
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASA Management
New Policy Editor Coming Soon!
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASA Management
Objects and Policy Management
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
ASA Management
Policy Based and VTI/Route-Based VPN Wizards
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
ASA Management
ASA Bulk CLI and Macros
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
ASA Management
Scheduled ASA Upgrades
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
ASA Management
Detailed Changelogs and Diff Views Available
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
ASA Management
Troubleshooting Tools From CDO – No CLI required
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
ASA Management Lots more functionality including:
• Configuration visibility
• NAT policy
• Backups
• File management
• Certificate management
• Out of band change management
• Interface configuration
• Routing configuration
• Platform Settings Policy
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Live demo of common ASA tasks
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
CDO Visibility
Security Analytics and Logging
Security Analytics and Logging
Unified views:
• FTD Connection Events
• FTD IPS/Threat Events
• FTD Malware Events
• FTD URL Events
• FTD Threat Intelligence Events
• ASA Connections, Syslog,
Netflow, etc.
SCALE BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Security Analytics and Logging
Log from anywhere securely
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Security Analytics and Logging
FTD Analytics Dashboard
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Security Analytics and Logging
Telemetry for each event is visible
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Security Analytics and Logging
Background Search
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
Security Analytics and Logging
Scheduled Searches
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
Security Analytics and Logging
Feeds Telemetry to Cisco Secure Analytics (Formerly Stealthwatch Cloud)
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
Security Analytics and Logging
What’s coming for Security Analytics and Logging*
* Subject to change
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
Security Analytics and Logging
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Devops
CDO Terraform Provider
CDO terraform provider available through the Terraform Registry
https://registry.terraform.io/providers/CiscoDevNet/cdo/latest
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
CDO Ansible Collection
CDO Ansible collection available through Ansible-Galaxy
https://galaxy.ansible.com/ui/repo/published/cisco/cdo
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
CDO API
A NEW customer API is coming! (March/April 2024*)
Both fully documented and DevNet community supported
* Subject to change
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
CDO API
Step 1: Create an API only user for your tenant and select RBAC role
*Disclaimer: API is not fully supported (YET!) today but nothing is stopping your careful use of it.
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
CDO API
Step 2: Authentication and content-type
• Each API call requires an HTTP authentication header
• It is a simple bearer token (Use API token from step 1)
• Must also include a content-type “application/json” header
Postman Example:
cURL Example:
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
CDO API
Step 3: How does the CDO UI do it?
Using “Developer Tools” in Firefox, you can see the API endpoints and
the data structures of the POST/PUT payloads in the “network” tab.
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
CDO API
Step 3: How does the CDO UI do it?
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
Automating CDO using Terraform and Ansible
#CiscoLiveAPJC Session ID © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
Wrap-Up
Register today for your free Demo/POV of
CDO and cloud delivered FMC
[APJ] https://apj.cdo.cisco.com
[US] https://www.defenseorchestrator.com
Try it out!
[EMEA] https://www.defenseorchestrator.eu
Or go to https://getcdo.com
BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
Summary
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
Cisco Secure Firewall YouTube Channel
Cisco Secure Firewall YouTube Channel
Low Touch Provisioning Demo
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
Session Surveys
We would love to know your feedback on this session!
• Complete a minimum of four session surveys and the overall event surveys to claim
a Cisco Live T-Shirt
#CiscoLiveAPJC BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 98
• Visit the Cisco Showcase for
related demos
BRKSEC-1138 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 99
Thank you
#CiscoLiveAPJC
#CiscoLiveAPJC