ISE Training

 

 

 

Training Partners

 

Customers or Channel Partners needing specific or extensive training that you cannot find in our Community or below should consider contacting one of our global training partners to fulfill your needs via the Cisco Learning Locator.

 

Channel Partners and Sellers

 

Cisco Channel Partners and Sellers will find in-depth training, VT content and Labs available at Selling ISE: Training (http://cs.co/selling-ise-training) partner designation required] and in Cisco SalesConnect.

 

 

 

Product Training

 

FUN Image
ISE CommunityCiscoISE ChannelTechWise TVNetwork Node

 

 

 

Cisco Live Global Events

 

Our Technical Marketing Engineers (TMEs) present to customers and partners on many topics at our Cisco Live conferences around the world every year. We highly recommend attending Cisco Live in your part of the world for an incredible learning experience! But if you cannot make it in person, most of the sessions are still made available to you for free on the Cisco Live site.

 

We hope to see you at one of the upcoming shows around the world!

June 10 – 14, 2018

Orlando

Florida, US

December 4 – 7, 2018

Cancun

Mexico

Jan 28 – Feb 1, 2019

Barcelona

Spain

March 5 – 8, 2019

Melbourne

Australia

 

We have consolidated the ISE-related topics for you from the Cisco Live On-Demand Library!

 

2018 Cisco Live Melbourne

March 6-10, 2018

 

Designing ISE for Scale & High Availability - BRKSEC-3699

Jason Kunst, Technical Marketing Engineer, Cisco

 

Inside Cisco IT: How Cisco Deployed ISE and TrustSec, Globally - BRKCOC-2015

Simon Finn, Senior Security Solutions Architect, Cisco

 

Building an Enterprise Access Control Architecture using ISE and TrustSec - BRKSEC-2695

Jatin Sachdeva, Security Architect, Cisco

Advanced Security Integration, Tips & Tricks - BRKSEC-2774

Aaron Woland, Principal Engineer, Cisco

Building Network Security Policy Through Data Intelligence - BRKSEC-2026

Matthew Robertson, Technical Marketing Engineer

Darrin Miller, Distinguished Technical Marketing Engineer

Security Monitoring with Stealthwatch: The Detailed Walkthrough - BRKSEC-3014

Matthew Robertson, Technical Marketing Engineer, Cisco

Unified Network and Endpoint Security with Cisco Meraki - BRKSEC-2770

Joe Aronow, Portfolio Marketing Manager, Cloud Managed IT

 

 

2018 Cisco Live Barcelona

January 29- February 3, 2018

ISE under magnifying glass. How to troubleshoot ISE - BRKSEC-3229

Eugene Korneychuk, Customer Support Engineer Serhii Kucherenko, Engineer Customer Support

Designing ISE for Scale & High Availability - BRKSEC-3699

Craig Hyps, Prinicipal Technical Marketing Engineer

Deploying ISE in a Dynamic Environment - BRKSEC-2059

Clark Gambrel, TECHNICAL LEADER.ENGINEERING

Lets get practical with your network security by using Cisco Identity Services Engine (Cisco ISE) - BRKSEC-2464

Imran Bashir, Technical Marketing Engineer

Inside Cisco IT: How Cisco IT deploy ISE and TrustSec across the Enterprise. - BRKCOC-2279

Donald Gunn, Program Manager IT Adam Cobbsky, Senior IT Engineer

Advanced Security Integration, Tips & Tricks - BRKSEC-3557

Aaron Woland, Principal Engineer

Integrating and Troubleshooting Identity Features on the Firepower System - BRKSEC-3227

Justin Roberts, Firepower TAC Tech Lead

You Got Hacked! Here is What To Do (AMP For Endpoints, Threat Grid, CTA...) - LTRSEC-2200

Karel Simek, Engineer - Technical Marketing, Advanced Threats Brian McMahon, Technical Marketing Engineer

From Prime Infrastructure to Software Defined Network (SDA) Management with DNA-Center - BRKNMS-2573

Toni Beck, Systems Engineer Holger Schmidt, Systems Engineer

Security Monitoring with Stealthwatch: The Detailed Walkthrough - BRKSEC-3014

Matthew Robertson, Technical Marketing Engineer

The Integrated Cisco Security Portfolio for a more effective security posture - PSOSEC-2559

William Young, Security Solutions Architect

Advanced Security Architecture Integrations using APIs and pxGrid - BRKSEC-3889

Jamie Sanbower, Technical Solutions Architect

Behind the Perimeter: Fighting Advanced Attackers - BRKSEC-2047

Karel Simek, Engineer - Technical Marketing, Advanced Threats

Using Cisco pxGrid for Security Platform Integration - DEVNET-1010

Brian Gonsalves, Sr. Product Manager Syam Appala

 

 

2017 Cisco Live Cancun

November 6-10, 2017

Matt Robertson, Technical Marketing Engineer , Cisco

Advanced Security Integration, Tips & Tricks - BRKSEC-2078

Aaron Woland, Sr. Secure Access Engineer , Cisco

David Iacobacci, Member of Technical Staff , Cisco

Mark Bernard, CSE , Cisco

 

 

2017 Cisco Live Las Vegas

June 25 – 29, 2017

DEVNET-1010 - Using Cisco pxGrid for Security Platform Integration (2017 Las Vegas)

Brian Gonsalves - Sr. Manager Product & Business Development, Cisco

Nancy Cam-Winget - Distinguished Engineer, Cisco

Learn about the Cisco Platform Exchange Grid (pxGrid) publish/subscribe/query information exchange framework that enables multi-vendor, cross-platform network system collaboration among IT infrastructure such as security monitoring and detection systems, network policy platforms, identity and access management platforms, and virtually any other IT operations platform. This session will cover pxGrid architecture, integration use-cases, and how ecosystem partners can integrate with Cisco Identity Services Engine (ISE) and other Cisco security platforms using the pxGrid SDK. This session will cover: Functional and architectural basics of Cisco Platform Exchange Grid (pxGrid) for information exchange framework for creating integration between DevNet partner platforms and Cisco security products. Integration use-cases such as utilizing pxGrid for executing threat response actions on the network and using identity, endpoint device and user access privilege context to enhance our DevNet partners analytics, forensics and reporting.

PSODGT-1077 - Secure Data Center, WAN with FirePower services (AMP, IPS,URL), and Access with ISE and AnyConnect from multi vector attacks through Cisco ONE Software (2017 Las Vegas)

William Young - Security Solutions Architect, Cisco

Pooja Kapoor - Senior Manager, Product Management, Cisco

Security made Simple - Network buyers can now minimize the time spent in figuring what security features to buy and deploy with the network assets. With Cisco ONE Advanced Security offers they can now purchase & manage security with infrastructure software to protect assets across Data Center, WAN and Access. It includes features like threat defense with FirePOWER services, Policy control with ISE Plus, ISE Apex and AnyConnect Apex; Join us to learn about Cisco ONE advanced security offers

CCS-2001 - Cisco Secure Hospital (2017 Las Vegas)

Marvin Dsouza - Systems Engineer, Cisco

Larry Gress - AM, Cisco

Tyler Palmer - Network Architect, LAWRENCE MEMORIAL HOSPITAL

Lawrence Memorial Hospital has had some business issues related to PCI compliance and a need to modernize enterprise security and infrastructure. Their roadmap over the course of this year is to leverage Cisco ACI, ISE, ASR and other technologies to make their network more agile while securing it and giving them visibility and control.

BRKEWN-2005 - Securely Designing Your Wireless LAN for Threat Mitigation, Policy and BYOD (2017 Las Vegas)

Kanu Gupta - Technical Marketing Engineer, Cisco

Learn how to design a secure wireless networks from A to Z. In this session we will cover some of the major threats associated with wireless networks and the tools we have to mitigate and prevent them, such as rogue AP detection, wIPS and spectrum intelligence. We will also take a look at the principles of secured wireless networks (encryption, 802.1X, guest access, etc.) and will dive into the latest identity services available to address different kinds of devices (laptops, tablets, smartphones, etc.) and users (employees, guests, contractors, etc.). Prerequisites: knowledge of 802.11 and 802.1X fundamentals is recommended.

BRKCOC-2018 - Inside Cisco IT: How Cisco Deployed ISE and TrustSec throughout the Enterprise (2017 Las Vegas)

Bassem Khalife - Member of Technical Staff, Cisco

David Iacobacci - Member of Technical Staff, Cisco

This session will illustrate how Cisco IT deployed Identity Services Engine and TrustSec to solve real world business and security problems. Today, access for wireless, wired, guest and remote access VPN is managed for over 440 sites worldwide, and over 1 million endpoints. The session will share Cisco IT efforts on wired 802.1x, Security Group Tagging (SGT), Device Posture and Integration with Mobile Device Management (MDM), Quarantine, and the use of PxGrid data to incorporate other products such as WSA's and Stealthwatch. The session will also include a brief overview on how Cisco IT uses Splunk for data analysis, reporting, and troubleshooting. Cisco IT will be sharing actual examples and metrics from their deployment, making this session ideal for mid-level technical IT professionals, project managers, and decision makers who are looking to, or are in the process of, deploying a large scale ISE solution.

BRKSEC-2026 - Building Network Security Policy Through Data Intelligence (2017 Las Vegas)

Darrin Miller - Distinguished Technical Marketing Engineer, Cisco

Matthew Robertson - Technical Marketing Engineer, Cisco

Recent attacks have demonstrated it has become necessary to implement security policies inside the network. This session leverages the foundation of the Cisco network and the building blocks of Security Group Tags (SGT) and NetFlow together with Cisco Identity Services Engine (ISE) and Cisco StealthWatch to design and build effective security policy to secure the network interior. Using these technologies the session will explore how to transform the network infrastructure to protect critical assets and to limit the movement of attackers inside the networks: effectively improving security posture and the ability to respond to attacks. This session will cover design and deployment scenarios, use cases, best practices and configuration examples as well as how to monitor and troubleshoot the deployment. The target audience for this session are network security administrators and analysts interested in learning this novel approach to network security.

BRKSEC-2039 - Cisco Medical Device NAC (2017 Las Vegas)

Tim Lovelace - Systems Engineer, Cisco

Mark Bernard - CSE, Cisco

Healthcare customers have many security challenges that Medical NAC can help address. Lack of visibility of medical devices accessing their network make it impossible to implement device segmentation. This session explains how customers can leverage Cisco ISE and Cisco StealthWatch to identify and classify most devices as well as users accessing the network. Both clinical and non-clinical devices are accessing the same network. A breach could compromise patient safety as well as protected health information. Effective segmentation of clinical and non-clinical devices with Cisco TrustSec software-defined segmentation can protect patients from security threats. We will first explain Medical Device NAC and the challenges of securing medical devices. This includes secure authentication for medical devices to include 802.1x, Web Portal and MAC authentication methods. Next we discuss how ISE profiles medical devices using the following probes: Radius; SNMP; DHCP; HTTP; DNS; NMAP and Netflow. We will spend time explaining Cisco ISE medical NAC profile Library and how to install this library into ISE. Next, we will spend time talking about how to utilize Cisco StealthWatch to accurately baseline medical device behavior using the flow sensor and Packetwatch. Cisco StealthWatch can be leveraged to understand medical device baselines and port usage in order to more accurately profile devices to create policy. Finally we will summarize the steps and checklists that customers can use on their networks to move towards Medical Device Segmentation using Cisco Medical Device NAC.

BRKSEC-2047 - Operationalizing Advanced Threat Solutions (2017 Las Vegas)

Karel Simek - Technical Marketing Engineer, Cisco

The need for threat detection solutions on the network interior is apparent, however, unless they are effectively operationalized network interiors remain unprotected and attackers can still wreck havoc on an organization. This session will leverage the experience gathered from past years working closely with selected companies and cover day-to-day threat hunting work with technologies such as AMP, CTA, StealthWatch, ISE and ThreatGrid. This session will then present workflows and experiences that evolved from incident response environments heavily optimized towards much faster response times. Answers such as "What risk are we undertaking by not resolving this right now?" need to be given very quickly in order to prioritize breaches with other security agendas and avoid data leaks. As there is large amount of available data and security intelligence in today's networks, we show which information (both local and global) is most useful at each step and where technology can prevent overburden and provide good coverage of latest malware - both known and unknown. The target audience for this session are network and security administrators and analysts interested in learning how to best operationalize components of the Cisco Advanced Threat portfolio as components of their breach mitigation strategies and security operations centers.

BRKSEC-2059 - Deploying ISE in a Dynamic Environment (2017 Las Vegas)

Clark Gambrel - TECHNICAL LEADER.ENGINEERING, Cisco

Managing a secure, yet flexible network in today's network access environments can be very challenging. Network access in areas like universities, hospitals and airports host a broad array of devices, both privately owned and corporately managed. With the increasing importance of the Internet of Things, the variety of devices that need to connect to these public networks is rapidly increasing. Cisco Identity Services Engine (ISE) plays an integral role in controlling the access to these dynamic networks. This session will share lessons learned from an ISE escalation engineer in troubleshooting complex customer environments.

BRKSEC-2134 - Intermediate - Building a Highly Secure Internet Edge (2017 Las Vegas)

Michal Garcarz - Engineering Lead, Cisco

The Internet Edge is a critical functional module of the Enterprise network, acting as a well-defined yet increasingly complex construct, providing a secure perimeter between the Internet Peering, Internal Network, DMZs, Remote Sites and Mobile Users. Thus, in order to achieve a highly secure demarcation, control and threat protection of the traffic traversing the Internet Edge, we will employ a rich set of Cisco Security technologies. ASA Firewall, FirePOWER Next-Generation Firewall and Next-Generation IPS, unified Firepower Threat Defense, Web Security Appliance, Umbrella, Advanced Malware Protection and ThreatGrid, Identity Services Engine with pxGrid, Cisco AnyConnect Secure Mobility, as well as Cyber Threat Defense with Stealthwatch, Cognitive CTA and Stealthwatch Learning Networks. We will analyze most interesting scenarios by identifying common traffic patterns involving Inside, DMZ, Remote and Guest Users, in order to achieve superior visibility, combat threats and deliver meaningful ways to provide attack mitigation mechanisms in a systematic step-by-step fashion. This Intermediate Session requires technical knowledge and experience and is recommended for Security Engineers, Architects, Officers and Incident Responders responsible for securing the Enterprise IT. It is also designed to be a platform to grasp new ideas of Cisco recent and upcoming innovations. It is recommended to get the most of the Cisco Live! Security Track experience by attending more advanced sessions on specific subjects of interest as a follow up to this breakout.

BRKSEC-2203 -   Enabling Software-Defined Segmentation with TrustSec (2017 Las Vegas)

Fay Lee - Technical Marketing Engineer, Cisco

Network segmentation is essential for protecting critical business assets, but traditional segmentation approaches involve operational complexity and can be difficult to introduce to existing environments gracefully. Balancing these demands for agility and security requires a new approach. This session will cover to use software-defined segmentation, allowing segmentation patterns to be implemented and changed without reconfiguring network devices or redesigning the network. This session will cover how to implement segmentation based upon endpoint roles, called security groups, instead of endpoint IP addresses. IP addresses do not indicate the role of a system, the type of application a server hosts, the purpose of an IoT device or the threat-state of a system, but a TrustSec Security Group can denote any of these roles. By classifying systems using logical groups, group-based policies can be used to simplify management of security rules in firewalls, VPN appliance, Web Security Appliances, routers, switches Wireless LAN Controllers and Access Points. The session is targeted at network and security architects who want to know more about group-based policies and software-defined segmentation.

DEVNET-2433 - DevNet Workshop-Learning Cisco Platform Exchange Grid (pxGrid) Dynamic Topics (2017 Las Vegas)

Gajveer Singh - Developer, Cisco

Syam Appala - Principal Engineer, Cisco

Cisco platform Exchange Grid (pxGrid) is a framework for sharing topic information between pxGrid clients. This session will illustrate this concept by using the pxGrid SDK to create a pxGrid publisher and a pxGrid subscriber and having the subscriber consume inventory Information from a published Auction topic. The developer should have some familiarity with Cisco Identity Services Engine (ISE) and Cisco platform Exchange Grid (pxGrid).Taking place in the DEVNET Zone.

BRKSEC-2695 - Building an Enterprise Access Control Architecture using ISE and TrustSec (2017 Las Vegas)

Imran Bashir - Technical Marketing Engineer, Cisco

Tomorrow's requirement to network the Internet of Things requires an access control architecture that contextually regulates who and what is allowed onto the network. Identity Service Engines (ISE) plays a central role in providing network access control for Wired, Wireless and VPN networks. In addition, ISE is the policy control point for TrustSec, which controls access from the network edge to resources. This session will focus on: 1. Emerging business requirements and ISE services such as: Guest, profiling, posture, BYOD and MDM. 2. Secure policy based access control including 802.1X, MAB, Web Authentication, and certificates/PKI. The session will show you how to expand policy decisions to include contextual information gathered from profiling, posture assessment, location, and external data stores such as AD and LDAP. 3. Enforcing network access policy through conventional means such as VLANs and ACLS and emerging technologies such as TrustSec. Cisco TrustSec technology is used to segment the campus and datacenter to increase security and drive down the operational expenses associated with managing complex ACL firewall rule tables and ACLs lists.   This session is an introduction to the following advanced sessions: BRKSEC-3699; BRKSEC-3698; BRKSEC-3690; TECSEC-3691

BRKNMS-2800 - Putting the Puzzle Together: The Architecture of Cisco Network Management Tools (2017 Las Vegas)

Lewis Hickman - CSE, Cisco

Jennifer Valentine - Systems Engineer, Cisco

Anyone who has tried to wrap their heads around successfully managing and operating a network has come up against the vast expanse of tools, each with its own functionality. Developing a network management architecture is as critical as designing your infrastructure's architecture. As we evaluate tools and make decisions to efficiently manage our networks, it becomes clear as mud. Which tool will accomplish what job? Where does it fit in the overall scheme of your arsenal of tools? Cisco offers many solutions that touch network management; some sit at a higher level of automation and orchestration, such as APIC-EM, while others drill down into the nuts and bolts of the enterprise, such as Prime Infrastructure, Identity Services Engine, StealthWatch, and Network Analysis Module. This session will dive into a view of tool offerings, how and why they exist for the required job, and which can work together to move towards an overall network management strategy.

BRKCRS-2893 -   Choice of Segmentation and Group based Policies for Enterprise Networks (2017 Las Vegas)

Hariprasad Holla - Technical Marketing Engineer, Cisco

Network segmentation is an idea of splitting a network physically and/or logically with the goal of controlling network traffic based on business requirements. There are two major motivators for network segmentation: Manageability and Security. The former helps limit broadcasts, enhance user and application experience, the later is centered around limiting the scope of cyber attacks. Network segmentation for traffic management is far more static compared to segmentation for security. Over the years various solutions have been proposed and implemented to achieve both. This intermediate session focusses on those various options for user centric network segmentation and group based policies for Enterprise Networks. IP based polices, TrustSec and Campus Fabric solutions are some of the key topics that will be covered during the session. The target audience for this session is security and network administrators and architects.

BRKSEC-3014 - Security Monitoring with StealthWatch: The detailed walkthrough (2017 Las Vegas)

Matthew Robertson - Technical Marketing Engineer, Cisco

The realities of insider threats and determined attackers have made it necessary to implement security technologies on the network interior. This session will perform a detailed walkthrough of the Cisco StealthWatch System and its use for monitoring the network interior to detect and respond to threats. This session will deep dive into data analytics with Stealthwatch: where data comes from, how it is processed and how to use it. This session will explore the analytic and detection capabilities of StealthWatch and how to best leverage the alarms and alerts as well as to drive an investigation using NetFlow data and StealthWatch to increase the security posture of an organization. The target audience for this session are network and security administrators and analysts interested in learning how to best leverage NetFlow, ISE, and StealthWatch as a component of their security operations centre.

BRKCCIE-3222 - Identity Management and Access Control for CCIE Candidates (2017 Las Vegas)

Mark Bernard - CSE, Cisco

This technical breakout is designed for CCIE Security Candidates that are getting ready to study for their lab exam. The main objective on this breakout is to cover some of the core topics of Identity Management, Information Exchange, and Access Control. The topics that will be covered will closely follow the topics in the CCIE lab version 5 Blueprint to include the following: How to install, implement, and troubleshoot various personas of ISE in a multi-node deployment. How to troubleshoot network access device (NAD), ISE, and ACS configuration for AAA. Implement, verify, and troubleshoot AAA for network access with 802.1X and MAB using ISE. Verify, and troubleshoot profiling and posture assessment with ISE. Describe, implement, and troubleshoot pxGrid between security devices such as WSA, ISE, and Cisco FMC Describe, implement, verify, and troubleshoot guest life cycle management using ISE and Cisco network infrastructure.

BRKSEC-3690 -   Advanced Security Group Tags: The Detailed Walk Through (2017 Las Vegas)

Darrin Miller - Distinguished Technical Marketing Engineer, Cisco

This session examines the lower level design, configuration, monitoring and troubleshooting of SGTs and SGACLs applied to use cases like user segmentation, mDNS policy controls and malware/advanced persistent threats (APTs). Security Group technology will be discussed as applied to LAN, WLAN, WAN and Data Center networks. This session will include security policy management, SGT propagation strategies, and platform specific considerations that should be considered when addressing these use cases.. This session is aimed at Network/Network Security Specialists and Architects involved in designing and building advanced security solutions scenarios using Cisco network and security appliance deployment models. Attendees should be familiar with Cisco routing, switching, wireless and security appliances at a conceptual level and a detail knowledge of one of those disciplines.

BRKSEC-3697 - Advanced ISE Services, Tips and Tricks (2017 Las Vegas)

Aaron Woland - Principal Engineer, Cisco

The Cisco Identity Services Engine (ISE) provides so many functions to the security of a network. ISE can provide Asset Visibility, Guest Access, Bring Your Own Device (BYOD), Software Defined Segmentation, Context Sharing, Threat Centric Network Access Control, as well as controlling access to network devices for configuration. Advanced ISE Services, Tips and Tricks is all new for 2017. We will examine using ISE for context sharing as part of the Rapid Threat Containment solution with a strong focus on deploying pxGrid and Identity Sharing. Leveraging ISE to provide other systems with the identities of users on the network for identity based policy is a major use-case and focus of the ISE product, and will be covered in depth. Integrations details will be covered to include Stealthwatch, Firepower Management Center (FMC) and the Web Security Appliance (WSA). Additional focus will be paid to the future of secure network access with technologies such as RFC-7170 (Tunneled EAP [TEAP]) to provide much needed certificate provisioning, certificate renewal, trust list distribution and EAP-Chaining to identify computers and the users logged into them. Attendees will also benefit from the following related sessions: BRKSEC-3699:Designing ISE for Scale and High Availability; BRKSEC-2059:Deploying ISE in a Dynamic Environment; BRKCOC-2018:Inside Cisco IT: How Cisco Deployed ISE and TrustSec Throughout the Enterprise; BRKSEC-2052:It's all about Securing the Endpoint!; LTRSEC-2002: ISE Integration with Firepower using pxGrid Protocol; BRKSEC-2695:Building and Enterprise Access Control Architecture using ISE and TrustSec; TECSEC-3672:Identity Services Engine 2.2 Best Practices; BRKSEC-3014:Security Monitoring with Stealthwatch: The detailed walkthrough; BRKSEC-2026:Building Network Security Policy Through Data Intelligence; and BRKSEC-2047:Operationalizing Advanced Threat Solutions

BRKSEC-3699 - Designing ISE for Scale & High Availability (2017 Las Vegas)

Craig Hyps - Prinicipal Technical Marketing Engineer, Cisco

Cisco Identity Services Engine (ISE) delivers context-based access control for every endpoint that connects to your network. This session will show you how to design ISE to deliver scalable and highly available access control services for wired, wireless, and VPN from a single campus to a global deployment. Focus is on design guidance for distributed ISE architectures including high availability for all ISE nodes and their services as well as strategies for survivability and fallback during service outages. Methodologies for increasing scalability and redundancy will be covered such as load distribution with and without load balancers, optimal profiling design, and the use of Anycast. Attendees of this session will gain knowledge on how to best deploy ISE to ensure peak operational performance, stability, and to support large volumes of authentication activity. Various deployment architectures will be discussed including ISE platform selection, sizing, and network placement.

 

 

2017 Cisco Live Melbourne

March 7 – 10, 2017

BRKSEC-2013 -   Responding To Real World Threats with Cisco: Cyber Threat Response Clinic (2017 Melbourne)

Joseph Muniz - Technical Solutions Architect - TheSecurityBlogger.com, Cisco

VideoSlides

BRKEWN-2015 -   Wireless LAN Security and Threat Mitigation (2017 Melbourne)

Karan Sheth - Sr. Technical Marketing Engineer, Cisco

VideoSlides

BRKSEC-2026 -   Building Network Security Policy Through Data Intelligence (2017 Melbourne)

Matthew Robertson - Technical Marketing Engineer, Cisco

Darrin Miller - Distinguished Technical Marketing Engineer, Cisco

VideoSlides

BRKSEC-2051 -   Security Everywhere with Cisco AnyConnect Mobility Client (2017 Melbourne)

Chirag Saxena - Security Consulting System Engineer, Cisco

VideoSlides

BRKSEC-2081 -   Security Overview - How it Works Inside Cisco (2017 Melbourne)

Richard Gore - IT Senior Manager, Cisco on Cisco Team, Cisco

VideoSlides

BRKSEC-2203 -   Enabling Software-Defined Segmentation with TrustSec (2017 Melbourne)

Kevin Regan - Product Manager, Cisco

VideoSlides

BRKSEC-2695 -   Building an Enterprise Access Control Architecture using ISE and TrustSec (2017 Melbourne)

Jatin Sachdeva - Consulting Systems Engineer, Cisco

VideoSlides

BRKSEC-2771 -   Cisco Security and Threat Intelligence: Multiplying Threat Indicators and Improving Detection (2017 Melbourne)

Gavin Reid - CyberCzar, Cisco

VideoSlides

BRKSEC-3004 -   Deep Dive on Cisco Security in ACI (2017 Melbourne)

Goran Saradzic - Technical Marketing Engineer and Manager, Cisco

VideoSlides

BRKSEC-3014 -   Security Monitoring with StealthWatch: The Detailed Walkthrough (2017 Melbourne)

Speaker(s)   Matthew Robertson - Technical Marketing Engineer, Cisco

VideoSlides

BRKSEC-3690 -   Advanced Security Group Tags: The Detailed Walk Through (2017 Melbourne)

Darrin Miller - Distinguished Technical Marketing Engineer, Cisco

VideoSlides

BRKSEC-3697 -   Advanced ISE Services, Tips and Tricks (2017 Melbourne)

Craig Hyps - Prinicipal Technical Marketing Engineer, Cisco

Video

Session Slides

Reference Slides

BRKSEC-3699 -   Designing ISE for Scale and High Availability (2017 Melbourne)

Craig Hyps - Prinicipal Technical Marketing Engineer, Cisco

Video

Session Slides

Reference Slides

 

 

2017 Cisco Live Berlin

February 20-24, 2017

BRKSEC-2344 - Device Administration with TACACS+ using Identity Services Engine 2.X (2017 Berlin)

Aaron Woland - Principal Engineer, Cisco

Device administration using TACACS+ is a key new function for Identity Services Engine (ISE). With it an enterprise can control administrative access of all their devices, and monitor the operation to ensure compliance with enterprise auditing or regulatory requirements. This session will cover topics from the basic configuration of device administration in ISE up to how to combine fine granularity command authorization with policy rules to allow an enterprise to control precisely who can do what to which devices under what specific circumstances. We will cover some common customer pitfalls, enterprise scalability issues, and considerations when migrating from ACS 5.

VideoSlides

DEVNET-1010 -   Using Cisco pxGrid for Security Platform Integration (2017 Berlin)

Syam Appala - Principal Engineer, Cisco Systems

Brian Gonsalves - Sr. Manager Product & Business Development, Cisco

Learn about the Cisco Platform Exchange Grid (pxGrid) publish/subscribe/query information exchange framework that enables multi-vendor, cross-platform network system collaboration among IT infrastructure such as security monitoring and detection systems, network policy platforms, identity and access management platforms, and virtually any other IT operations platform. This session will cover pxGrid architecture, integration use-cases, and how ecosystem partners can integrate with Cisco Identity Services Engine (ISE) and other Cisco security platforms using the pxGrid SDK. This session will cover: Functional and architectural basics of Cisco Platform Exchange Grid (pxGrid) for information exchange framework for creating integration between DevNet partner platforms and Cisco security products. Integration use-cases such as utilizing pxGrid for executing threat response actions on the network and using identity, endpoint device and user access privilege context to enhance our DevNet partners analytics, forensics and reporting.

VideoSlides

BRKSEC-2059 -   Deploying ISE in a Dynamic Public Environment (2017 Berlin)

Clark Gambrel - TECHNICAL LEADER.ENGINEERING, Cisco

Managing a secure, yet flexible network in today's public access environments can be very challenging. Public access networks in areas like universities, hospitals and airports host a broad array of devices, both privately owned and corporately managed. With the increasing importance of the Internet of Things, the variety of devices that need to connect to these public networks is rapidly increasing. Cisco Identity Services Engine (ISE) plays an integral role in controlling the access to these dynamic public networks. This session will share lessons learned from an ISE escalation engineer in troubleshooting complex customer environments.

VideoSlides

BRKEWN-2005 -   Securely Designing Your Wireless LAN for Threat Mitigation, Policy and BYOD (2017 Berlin)

Federico Ziliotto - Consulting Systems Engineer, Cisco Systems

Learn how to design a secure wireless networks from A to Z. In this session we will cover some of the major threats associated with wireless networks and the tools we have to mitigate and prevent them, such as rogue AP detection, wIPS and spectrum intelligence. We will also take a look at the principles of secured wireless networks (encryption, 802.1X, guest access, etc.) and will dive into the latest identity services available to address different kinds of devices (laptops, tablets, smartphones, etc.) and users (employees, guests, contractors, etc.). Prerequisites: knowledge of 802.11 and 802.1X fundamentals is recommended.

VideoSlides

BRKSEC-3697 -   Advanced ISE Services, Tips and Tricks (2017 Berlin)

Aaron Woland - Principal Engineer, Cisco

The Cisco Identity Services Engine (ISE) provides so many functions to the security of a network.  ISE can provide Asset Visibility, Guest Access, Bring Your Own Device (BYOD), Software Defined Segmentation, Context Sharing, Threat Centric Network Access Control, as well as controlling access to network devices for configuration.   Advanced ISE Services, Tips and Tricks is all new for 2017.  We will examine using ISE for context sharing as part of the Rapid Threat Containment solution with a strong focus on deploying pxGrid and Identity Sharing.  Leveraging ISE to provide other systems with the identities of users on the network for identity based policy is a major use-case and focus of the ISE product, and will be covered in depth.  Integrations details will be covered to include Stealthwatch, Firepower Management Center (FMC) and the Web Security Appliance (WSA).   Additional focus will be paid to the future of secure network access with technologies such as RFC-7170 (Tunneled EAP (TEAP) to provide much needed certificate provisioning, certificate renewal, trust list distribution and EAP-Chaining to identify computers and the users logged into them.   Lastly, time permitting, attendees will be introduced to troubleshooting and serviceability tips. Attendees will also benefit from the following related sessions: BRKSEC-3699 Designing ISE for Scale and High Availability; BRKSEC-2344 Device Administration with TACACS+ using Identity Services Engine; BRKSEC-2059 Deploying ISE in a Dynamic Public Environment; and BRKCOC-2255 Inside Cisco IT: How Cisco Deployed ISE and TrustSec, Globally.

VideoSlides

BRKSEC-3699 -   Designing ISE for Scale & High Availability (2017 Berlin)

Craig Hyps - Prinicipal Technical Marketing Engineer, Cisco Systems

Cisco Identity Services Engine (ISE) delivers context-based access control for every endpoint that connects to your network. This session will show you how to design ISE to deliver scalable and highly available access control services for wired, wireless, and VPN from a single campus to a global deployment. Focus is on design guidance for distributed ISE architectures including high availability for all ISE nodes and their services as well as strategies for survivability and fallback during service outages. Methodologies for increasing scalability and redundancy will be covered such as load distribution with and without load balancers, optimal profiling design, and the use of Anycast. Attendees of this session will gain knowledge on how to best deploy ISE to ensure peak operational performance, stability, and to support large volumes of authentication activity. Various deployment architectures will be discussed including ISE platform selection, sizing, and network placement. Attendees will also benefit from the following related sessions: BRKSEC-2695 - Building an Enterprise Access Control Architecture using ISE and TrustSec, BRKSEC-3697 Advanced ISE Services, Tips and Tricks

VideoSlides

CCSRST-2003 -   Bechtle on Bechtle: How we reinvent our corporate network (2017 Berlin)

The history of the Bechtle group goes back to the early 80s, when Bechtle started its business in its first office in the city of Heilbronn. Soon Bechtle began its expansion and now is servicing its customers in about 130 offices spread over 14 European countries. A major driver for success was and is its decentralized business model, enabling each individual company of the Bechtle Group to adapt their business model to the special demands of their customers. While decentralization is a keystone for success it is also a challenge for the CIO Organization, the internal IT of the Bechtle Group. In 2016 the CIO Organization started its Bechtle Corporate Network Program to renew the enterprise network and to enable 7500 employees to collaborate without losing the advantages of the agile decentralized business structure. Bechtle employees should be able to use all IT services in the same way, independent from where they access them. In this talk we want to give an overview, how we achieve this by combining various Cisco technologies like  iWAN , ISR4K, Catalyst switching, ISE Identity Services, 802.11ac wireless networking, LTE mobile networking, ASA firewalling and prime network management to a standardized blueprint.  This blueprint is used to connect every branch office to each other and to the datacenters where the CIO Organization runs centralized IT services like voice and video, Citrix, Exchange, SharePoint, Navision, SAP and storage for the whole group. This project focuses also on a lot of other interesting demands like modular design, high level of automation and other details which allow us to run the system very efficiently and offer a unique usability. Beside the technical implementation we will also talk about how we run the project and how to make progress when implementing the blueprint in all 130 offices of the Bechtle Group in a short amount of time. We will also talk about how internal engineers and specialists from our business units work hand in hand to achieve our goals.

VideoSlides

DEVNET-2433 -   DevNet Workshop-Learning Cisco platform Exchange Grid (pxGrid) Dynamic Topics (2017 Berlin)

Brian Gonsalves - Sr. Manager Product & Business Development, Cisco

Syam Appala - Principal Engineer, Cisco Systems

Cisco platform Exchange Grid (pxGrid) is a framework for sharing topic information between pxGrid clients. This workshop will illustrate this concept by using the pxGrid SDK to create a pxGrid publisher and a pxGrid subscriber and having the subscriber consume inventory Information from a published Auction topic. The developer should have some familiarity with Cisco Identity Services Engine (ISE) and Cisco platform Exchange Grid (pxGrid)

VideoSlides

BRKCOC-2255 -   Inside Cisco IT: How Cisco deployed ISE and TrustSec, globally (2017 Berlin)

Simon Finn - Security Architect, Cisco

Learn how Cisco's own internal IT department have deployed Identity Services Engine (ISE) and TrustSec, globally, and solved real world business and security problems by doing so. Cisco's network is authenticated and controlled by ISE across wired, wireless and VPN connections at over 440 sites worldwide, with over 1 million endpoints. The session will share Cisco IT's effort on Quarantine, Security Group Tagging (SGT), Posture and Integration with Mobile Device Management (MDM), the use of PxGrid data, Cisco  IT’s ISE global architecture, our approach to deployment and operations, lessons learned and roadmap. Cisco IT will be sharing actual examples and metrics from our deployment, making this session ideal for architects, mid-level technical IT professionals, project managers, and decision makers who are looking to, or are in the process of, deploying a large scale ISE solution.

VideoSlides

PSOSDN-1202 -   Secure Data Center, WAN with FirePOWER services (AMP, IPS, URL), and Access with ISE and AnyConnect from multi vector attacks through Cisco ONE Software (2017 Berlin)

Dan Lohmeyer - Sr. Director, Cisco

William Young - Security Solutions Architect, Cisco Systems

Software made Simple - Network buyers can purchase & manage end-to-end secure infrastructure software from Cisco to protect assets across Data Center, WAN and Access. It includes features like threat defense for WAN and Edge with FirePOWER services, Policy and threat defense with ISE Plus, ISE Apex and AnyConnect Apex,  and threat defense for data center with FirePOWER.  Join us to learn about Cisco ONE advanced security offers

VideoSlides

BRKGS-2002 -   Advanced Security Analytics: NetFlow for Incident Response (2017 Berlin)

Your organization is valuable and the cyber criminals know it. Malicious actors constantly make attempts to exploit users for privileged access to your enterprise network. The biggest challenge is revealing network behavior using disparate data to identify when threats breach traditional security architecture. In this session, learn about security practices that reduce the complexity involved with advanced threat protection. Leverage the network as a sensor to manage the entire attack continuum. Find out how deeper insight into the extended network is gained by exporting Cisco AVC flows. Visualize and verify traffic policy and security of your IWAN deployment. Acquire insight into DNS communications and the Cisco ASA with FirePOWER that allows the security team to maintain continuous control and visibility during a targeted attack. Find out how to decrease time to network remediation with Cisco ISE, Splunk, Elasticsearch, and ArcSight integration.

VideoSlides

BRKSEC-3014 -   Security Monitoring with StealthWatch: The detailed walkthrough (2017 Berlin)

Matt Robertson - Technical Marketing Engineer, Cisco

The realities of insider threats and determined attackers have made it necessary to implement security technologies on the network interior. This session will perform a detailed walkthrough of the Cisco StealthWatch System and its use for monitoring the network interior to detect and respond to threats. This session will cover design, deployment and operational best practices of the StealthWatch System as well as NetFlow and the Cisco ISE as components of the solution. This session will explore the analytic and detection capabilities of StealthWatch and how to best leverage the alarms and alerts as well as to drive an investigation using NetFlow data and StealthWatch to increase the security posture of an organization. The target audience for this session are network and security administrators and analysts interested in learning how to best leverage NetFlow, ISE, and StealthWatch as a component of their security operations center.

VideoSlides

BRKSEC-2444 -   CTA - detecting advanced malware with machine learning (2017 Berlin)

Michal Svoboda - Engineer, Cisco

Today's malware is built to bypass existing line of defense from the get-go. Gaining visibility of threats in local network is a critical part of security. Cisco's Cognitive Threat Analytics (CTA) uses machine learning algorithms to analyze web traffic and discover active malware in your infrastructure. CTA utilizes logs from compatible Cisco or 3rd party web proxy (e.g. WSA, CWS, BlueCoat). CTA is available either stand-alone or as a part of Cisco Advanced Malware Protection (AMP). In this intermediate level session, you will learn about CTA from both product and technical perspective. We will introduce examples of threats, the techniques that they use, and malware life cycle - from exploit kits, through infections, monetization, and data exfiltration. Then, we will cover CTA's unique detection techniques, with in-depth coverage of some algorithms. Finally, we will wrap up with the CTA executive dashboard, integrations, automated quarantine via ISE, and incident response workflow.

VideoSlides

 

 

2016 Cisco Live Cancun

November 7-10, 2016

BRKCOC-2121 - Inside Cisco IT: Enable contextual Security and Trusted access to any Cloud using Cisco ISE

Saswat Praharaj - Technical Leader, Cisco

Ranjan Jain - Security Architect - IT, Cisco

This session along with a demo will give a true insight into how Cisco IT is working on enabling a trusted and secure access to any Cloud offering (both public and private) by leveraging Cisco ISE. Cisco ISE provides the capability to leverage location and device management to be used as some of the contextual signals for the web application layer in a federated manner. Using these contextual signals, Cisco IT is enabling the fine grained security policy so that when a user accesses any type of cloud, these policies can allow access to the right type of data, when the user meets the trusted service profile. As a part of this session, you will see a demo of how ISE will provide the contextual attributes for any device and location. This session would be very useful for professionals in the security, Identity and access, networking area as well as architects and/or management professionals.

Video - Spanish

 

Video - English

Slides

 

 

2016 Cisco Live US Las Vegas

July 10 – 14, 2016

DEVNET-1010 -   Using Cisco pxGrid for Security Platform Integration (2016 Las Vegas) 45 minutes

Nancy Cam-Winget - Distinguished Engineer, Cisco

Brian Gonsalves - Product Manager, Cisco

Syam Appala - Principal Engineer, Cisco Systems

Learn about the Cisco Platform Exchange Grid (pxGrid) publish/subscribe/query information exchange framework that enables multi-vendor, cross-platform network system collaboration among IT infrastructure such as security monitoring and detection systems, network policy platforms, identity and access management platforms, and virtually any other IT operations platform. This session will cover pxGrid architecture, integration use-cases, and how ecosystem partners can integrate with Cisco Identity Services Engine (ISE) and other Cisco security platforms using the pxGrid SDK. This session will cover: Functional and architectural basics of Cisco Platform Exchange Grid (pxGrid) for information exchange framework for creating integration between DevNet partner platforms and Cisco security products. Integration use-cases such as utilizing pxGrid for executing threat response actions on the network and using identity, endpoint device and user access privilege context to enhance our DevNet partners analytics, forensics and reporting.

VideoSlides

DEVNET-1217 - DevNet Workshop - Integrating to Cisco pxGrid: Sharing Your Telemetry & Context with Other pxGrid Partners (2016 Las Vegas) 45 minutes

Gajveer Singh - Software Engineer, CISCO INTERNAL

This workshop will provide a brief overview of the Cisco pxGrid security integration framework, then focus on how DevNet partners can share telemetry and contextual information from their system with other DevNet partners using the pxGrid publish/subscribe and query framework. This will be a hands-on technical working session.

VideoSlides

PCSTHT-2001 - Advanced Security Analytics: NetFlow at Terabit-Scale (2016 Las Vegas) - 30 Mins

Your organization is valuable, and the cyber criminals know it. Malicious actors regularly make attempts to exploit users for privileged access to your enterprise network. The biggest challenge is revealing network behavior, using disparate data, to identify when threats breach traditional security architecture. In this session, learn about security practices that reduce the complexity involved in advanced threat protection. Leverage the network as a sensor to manage the entire attack continuum. Find out how deeper insight into the extended network is gained by exporting Cisco AVC flows. Visualize and verify traffic policy and security of your IWAN deployment. Acquire insight into DNS communications and the Cisco ASA with FirePOWER that allows the security team to maintain continuous control and visibility during a targeted attack. Find out how to decrease time to network remediation with Cisco ISE, Splunk, Elasticsearch, and ArcSight integration.

VideoSlides

PCSTHT-2004 - Greater Operational and Security Insight Within & Across Your Cisco Environment (2016 Las Vegas) - 30 Mins

Splunk and Cisco are working together to provide unified visibility into your application and infrastructure health, better and faster response into security incidents and potential breaches, dramatic reductions in troubleshooting times and the ability to proactively fine-tune your infrastructure capacity to boost your applications needs. Discover ways to immediately do even more with a range of Cisco technologies and solutions ACI, UCS, pxGrid, ISE, SourceFire, WSA, IoT, and many others with Splunk software.

VideoSlides

PSOSEC-2009 -   ISE 2.0 & 2.1 Features (2016 Las Vegas)  1 hour

Daniel Stotts - Security Product Marketing Manager, Cisco

This session will demonstrate the ISE 2.0 and 2.1 new features. Like device administration with TACACS+, streamlined visibility, and threat-centric NAC. It will also cover what's new with Cisco TrustSec and pxGrid.

VideoSlides

BRKCOC-2015 -   Inside Cisco IT: Cisco IT's Assured Network Access: Identity Services Engine (ISE) Deployment and Best Practices (2016 Las Vegas) 90 minutes

Bassem Khalife - Program Manager, Cisco

This session will illustrate how Cisco IT has deployed ISE globally, the challenges we encountered, and the best practices that we recommend. Gain insight on how Cisco IT deployed Guest Access, Wireless, Wired, VPN, and Cisco Virtual Home Office (CVO) services across 440 sites worldwide, with over 300K endpoints connected on a daily basis for over 90K users. The session will also share Cisco IT's effort on Quarantine, Security Group Tagging (SGT), integration with Mobile Device Management (MDM), and the use of PxGrid data. Finally, the session will also include a brief view on how Cisco IT uses Splunk for data analysis, reporting, and troubleshooting. Cisco IT will be sharing actual examples and metrics from their deployment, making this session ideal for mid-level technical IT professionals, project managers, and decision makers who are looking to, or are in the process of, deploying a large scale ISE solution.

VideoSlides

BRKSEC-2026 -   Building Network Security Policy Through Data Intelligence (2016 Las Vegas) 90 minutes

Matthew Robertson - Technical Marketing Engineer, Cisco

Darrin Miller - Distinguished Technical Marketing Engineer, Cisco

Recent attacks have demonstrated insider threats and determined attackers are effectively able to operate on the network interior where they can wreak havoc on an organization and as a result it has become necessary to implement security policies inside the network. This session leverages the foundation of the Cisco network and the building blocks of Security Group Tags (SGT) and NetFlow together with Cisco Identity Services Engine (ISE) and Cisco StealthWatch to design and build effective security policy to secure the network interior. Using these technologies the session will explore how to transform the network infrastructure to protect critical assets and to limit the movement of attackers inside the networks: effectively improving security posture and the ability to respond to attacks. This session will cover design and deployment scenarios, use cases, best practices and configuration examples as well as how to monitor and troubleshoot the deployment. The target audience for this session are network security administrators and analysts interested in learning this novel approach to network security.

VideoSlides

BRKSEC-2059 -   Deploying ISE in a Dynamic Public Environment (2016 Las Vegas) 2 hours

Clark Gambrel - Technical Leader - Engineering, Cisco

Managing a secure, yet flexible network in today's public access environments can be very challenging. Public access networks in areas like universities, hospitals and airports host a broad array of devices, both privately owned and corporately managed. With the increasing importance of the Internet of Things, the variety of devices that need to connect to these public networks is rapidly increasing. Cisco Identity Services Engine (ISE) plays an integral role in controlling the access to these dynamic public networks. This session will share lessons learned from an ISE escalation engineer in troubleshooting complex customer environments.

VideoSlides

BRKSEC-2060 -   Device Administration with TACACS+ using Identity Services Engine (2016 Las Vegas) 2 hours

Gennady Yakubovich - Technical Leader, Cisco

Device administration using TACACS+ is a key new function for Identity Services Engine (ISE). With it an enterprise can control administrative access of all their devices, and monitor the operation to ensure compliance with enterprise auditing or regulatory requirements. This session will cover topics from the basic configuration of device administration in ISE up to how to combine fine granularity command authorization with policy rules to allow an enterprise to control precisely who can do what to which devices under what specific circumstances. We will cover some common customer pitfalls, enterprise scalability issues, and considerations when migrating from ACS 5.

VideoSlides

BRKSEC-2203 - Deploying TrustSec Security Group Tagging (2016 Las Vegas) 2 hours

Kevin Regan - Product Manager, Cisco

This session will explain how TrustSec Security Group Tagging can be used to simplify access controls and provide software-defined segmentation. We will cover how to extend context-aware controls from the access layer to data centres in order to reduce operational effort, support compliance initiatives and facilitate BYOD. The session is targeted at network and security architects who want to know more about the TrustSec solution.

VideoSlides

BRKSEC-2695 -   Building an Enterprise Access Control Architecture using ISE and TrustSec (2016 Las Vegas) 2 hours

Imran Bashir - Technical Marketing Engineer, Cisco Systems

Tomorrow's requirement to network the Internet of Things requires an access control architecture that contextually regulates who and what is allowed onto the network. Identity Service Engines (ISE) plays a central role in providing network access control for Wired, Wireless and VPN networks. In addition, ISE is the policy control point for TrustSec, which controls access from the network edge to resources. This session will focus on: 1. Emerging business requirements and ISE services such as: Guest, profiling, posture, BYOD and MDM. 2. Secure policy based access control including 802.1X, MAB, Web Authentication, and certificates/PKI. The session will show you how to expand policy decisions to include contextual information gathered from profiling, posture assessment, location, and external data stores such as AD and LDAP. 3. Enforcing network access policy through conventional means such as VLANs and ACLS and emerging technologies such as TrustSec. Cisco TrustSec technology is used to segment the campus and datacenter to increase security and drive down the operational expenses associated with managing complex ACL firewall rule tables and ACLs lists. This session is an introduction to the following advanced sessions: BRKSEC-3699; BRKSEC-3698; BRKSEC-3690; TECSEC-3691

Video

Slides

BRKSEC-3014 -   Security Monitoring with StealthWatch: The detailed walkthrough (2016 Las Vegas) 2 hours

Matthew Robertson - Technical Marketing Engineer, Cisco

The realities of insider threats and determined attackers have made it necessary to implement security technologies on the network interior. This session will perform a detailed walkthrough of the Cisco StealthWatch System and its use for monitoring the network interior to detect and respond to threats. This session will cover design, deployment and operational best practices of the StealthWatch System as well as NetFlow and the Cisco ISE as components of the solution. This session will explore the analytic and detection capabilities of StealthWatch and how to best leverage the alarms and alerts as well as to drive an investigation using NetFlow data and StealthWatch to increase the security posture of an organization. The target audience for this session are network and security administrators and analysts interested in learning how to best leverage NetFlow, ISE, and StealthWatch as a component of their security operations center.

VideoSlides

BRKSEC-3697 -   Advanced ISE Services, Tips and Tricks (2016 Las Vegas) 2 hours

Aaron Woland - Principal Engineer, Cisco

The Cisco Identity Services Engine (ISE), a policy engine, enables contextual network access control across wired, wireless networks and remote access VPN. ISE extends to mobile connectivity as well (Bring Your Own Device, or BYOD). This advanced session will focus on the advanced services of ISE, successful deployment strategies, integration with Cisco as well as third party network infrastructure, as well as deployment tips and tricks. We will examine best practices for Bring Your Own Device (BYOD) deployments with the most common mobile platforms, including multiple tiers of registered devices. We will perform a detailed examination of certificate usage including integration of ISE with your enterprise certificate authority (CA), endpoint certificate usage, and wildcard certificates. There will be a detailed examination of advanced topics such as configurations for certificate renewal, and the new Guest functionality in the ISE 1.3 and newer versions. Lastly, attendees will be introduced to troubleshooting and serviceability tips. Attendees will also benefit from the following related sessions: BRKSEC-3699 Designing ISE for Scale and High Availability; BRKSEC-2060 Device Administration with TACACS+ using Identity Services Engine; BRKSEC-2059 Deploying ISE in a Dynamic Public Environment; COCSEC-2015 Inside Cisco IT: Cisco IT's Assured Network Access: Identity Services Engine (ISE) Deployment and Best Practices; BRKSEC-2026 Network as a Sensor and Enforcer; and BRKSEC-3053 Practical PKI for Remote Access VPN with ISE.

VideoSlides

BRKSEC-3699 -   Designing ISE for Scale & High Availability (2016 Las Vegas) 2 hours

Craig Hyps - Technical Marketing Engineer, Cisco

Cisco Identity Services Engine (ISE) delivers context-based access control for every endpoint that connects to your network. This session will show you how to design ISE to deliver scalable and highly available access control services for wired, wireless, and VPN from a single campus to a global deployment. Focus is on design guidance for distributed ISE architectures including high availability for all ISE nodes and their services as well as strategies for survivability and fallback during service outages. Methodologies for increasing scalability and redundancy will be covered such as load distribution with and without load balancers, optimal profiling design, and the use of Anycast. Attendees of this session will gain knowledge on how to best deploy ISE to ensure peak operational performance, stability, and to support large volumes of authentication activity. Various deployment architectures will be discussed including ISE platform selection, sizing, and network placement. Attendees will also benefit from the following related sessions: BRKSEC-2695 - Building an Enterprise Access Control Architecture using ISE and TrustSec, BRKSEC-3697 Advanced ISE Services, Tips and Tricks

Video

Session Slides

 

Reference Slides

TECSEC-4273 -   Cisco Security for Traditional and ACI Data Centers (2016 Las Vegas)

2 hours

Fabien Gandola - CSE, Cisco

Charlie Stokes - Technical Marketing Engineer, Cisco

Goran Saradzic - Technical Marketing Engineer, Cisco

Abhishek Singh - Technical Marketing Engineer, Cisco

Over the years, your most important Data Center assets have evolved massively. The pace of change continues to ramp with new Architectures, Virtualization, Fabrics and Clouds. This new landscape is threatened more then ever by the latest security threats. How do you evolve your data centers and ensure they are secure and compliant for an audit? Using a practical and pragmatic approach, we will present how Cisco can help you tackle your security challenges in traditional and ACI Data Centers, leveraging the intelligent network infrastructure and the broadest security portfolio in the industry: NGFW - FP9300/4100, ASA5585-X with Firepower services, AMP, virtual appliance variants, Stealthwatch, and TrustSec with ISE. Throughout the day, we will show how a holistic architectural approach is the only effective way to solve your current security challenges, for your traditional and next generation SDN-focused Data Centers.

VideoSlides

BRKSEC-2051 -   It's all about Securing the Endpoint! (2016 Las Vegas) 90 minutes

Ned Zaldivar - Consulting Systems Engineer, Cisco

In today's security landscape, network security services(FW, IPS, VPN, https, etc) can only provide limited visibility into the real-time behavior of endpoints. Corporations are struggling with network and endpoint inspection tools that are standalone technologies and don't address the true business problems. This session will clearly outline different client use cases and discuss the various endpoint solutions available to address today's business needs. Technology solutions such as AnyConnect VPN, Cloud Web Security, Advanced Malware Protection, Netflow/IPFIX using Network Visibility Module, DNS Security, 802.1x Supplicant and Endpoint Posture Client will be covered Configuration and Best Practice guidelines will be covered in this session. The target Audience is Network, Security and Endpoint Teams.

VideoSlides

BRKSEC-3033 -   Advanced AnyConnect Deployment and Troubleshooting with ASA (2016 Las Vegas)   2 hours

Hakan Nohre - Consulting Systems Engineer, Cisco

Remote access VPN can provide a flexible, transparent and yet secure working environment for mobile workers. This advanced session will explain different deployment options using Cisco AnyConnect Client with ASA. We will cover different options for strong authentication, One-time-password and client certificates and how these authentication options can be used together with posture assessment and enterprise directories for granular authorization. We will also cover AnyConnect customization and how to create an office like user experience by allowing domain logon and mapping of disk drives, whilst connected over the internet. Coverage of IPv6 when using AnyConnect is also included in this session. The expected audience are network or security engineers with previous experience of AnyConnect and ASA 5500, and with a good understanding of enterprise IT infrastructure, PKI and Active Directory.

VideoSlides