Cisco just recently introduced an updated version of its security management tool CSM. The new release brings with it some nice new features and functionality to the tool. If you haven't heard of Cisco Security Manager (CSM) before, in a nutshell it is Cisco's consolidated GUI for management, monitoring, reporting and troubleshooting of its VPN, Firewall and IPS product lines. Cisco Security Manager, with version 4.3, now includes a suite of automated capabilities including health and performance monitoring, software image updates, auto-conflict resolution, and ticketing integration.
Cisco Security Manager manages the Cisco security environment, including Cisco ASA 5500 Series Adaptive Security Appliances, Cisco IPS 4200/4300 Series Sensor Appliances, the Cisco AnyConnect Secure Mobility Client, and Cisco Secure Routers.
Features now supported in CSM 4.3:
1. Proactive health and performance monitoring: The latest release of Cisco Security Manager - 4.3, has added the capability to provide insight into the health and performance of your network and devices. CPU metrics, memory utilization, firewall traffic patterns, VPN tunneling issues and network performance priblems can be monitored and alerts can be set to make sure these exceptions are caught and resolved in a timely manner. Due to resource constraints, companies might not have dedicated manpower to monitor these cases, but CSM allows you to pre-define such alerts and send them to concerned parties when these thresholds are encountered. This highly reduces the operational downtime, lowers the time to resolution and eventually reduces costs by pro-actively monitoring security threats.
2. ASA software image upgrades: Today enterprises have 100s of firewalls deployed in their network environments and it is practically impossible to update each device individually. Cisco Security Manager 4.3 helps to deploy commonalities between the various firewall configurations and push updates, security policies and rules across the entire environment. You can create specific bundles catering to specific scenarios; for example, the basic ASA OS image can be bundled with an AnyConnect image and efficiently deployed across the network. This reduces the time needed to deploy upgrades, minimizes the scope for potential errors, adds consistency during the upgrades and highly improves scalability.
3. Northbound API access: Cisco security Manager has a lot of valuable information pertaining to the network and security deployment. It has data on device configurations, security policies, deployment rules and administrator changes that are made to the security environment. The latest release provides APIs that partnes such as Algosec, Tufin and Skybox can use to optimize policy/object definitions, perform advanced security analysis and also test if these changes are in sync with corporate compliance policies.
4. Ticketing management: Cisco Security Manager 4.3 provides a feature to integrate with ticketing softwares within your organization. If an administrator makes changes to the environment configurations or policies as part of a resolution, it can become cumbersome to back-trace the modifications. The ticketing integration support allows us to get insight into such modifications and simplifies the audit process.
5. Granular Role-based access control: Pre- Cisco Security Manager 4.3 releases integrated with ACS 4.2 version for granular role-based access control to check which firewalls can be accessed by whom and if they were authorized to do so. The new management release provides this capability natively and one does not need to integrate with external tools such as ACS. This provides a simpler and faster method to deploy granular policies across the network.
6. Auto-conflict detection: When new rules are introduced into the environment, Cisco Security Manager performs an analysis to make sure that these new rules do not conflict with the existing set of defined rules. This improves compliance and also minimizes potential errors due to rule conflicts and mismatch. Also a hit count analysis can be run to check which rules are being executed most frequently. This is a powerful tool to keep a check on the proliferation of rules and efficiently manage the rule table, thereby reducing complexities and rule management overheads.
7. Event Management and Logging: Integrated event management helps the administrators to view real-time and historical events, and provide rapid navigation from events to defined source policies. In addition to this, logs from various devices - ASAs, IPS - can directly be sent to the Cisco security management tool where one can perform analysis and troubleshooting. These usability enhancements with aggregated event logging in various formats such as CSV, PDF and troubleshooting allow you to access detailed and relevant information with ease and flexibility.
Also relatively new with CSM is the appliance based offering. So along with the traditional Software form factor, CSM now is available in a UCS hardware Bundle.
Cisco Security Manager UCS Bundles Include:
The nice thing is that all components are pre-tested and pre-loaded to ensure compatibility, eliminating guesswork and speeding time to deployment.
For more information go to www.cisco.com/go/csmanager
Cisco Partner links
Jamey Heary, CCIE #7680, sits on the PCI Security Standards Council- Board of Advisors where he provides strategic and technical guidance for future PCI standards. Jamey is the author of Cisco NAC Appliance: Enforcing Host Security with Clean Access. (Check out all of Jamey Heary's books from Cisco Press.) He also has a patent pending on a new DDoS mitigation technique.
Jamey sits on several security advisory boards for Cisco Systems and is a founding member of the Colorado Healthcare InfoSec Users Group. He is an experienced speaker who is recognized as an expert in network security architecture, regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP, and he is a Certified HIPAA Security Professional. He has been working in the IT field for 15 years and in IT security for 10 years. Jamey is currently a Distinguished Systems Engineer at Cisco Systems.