A possible architecture for a self-defending network could include (please note that I have focused on the Cisco platform but other best-of-breed solutions are possible as well): A regular 6500 chassis can be configured to house a firewall blade (ACE/FWSM), an IPS module (IDSM2), content management modules and, potentially, a dedicated Web application firewall (ACE WAF). This provides a platform to protect against signature-based network- and application-level attacks, at the same time providing for zero-day protection through an endpoint security product. The data correlation and analysis of data from each of those appliances is achieved using Cisco's Security Monitoring, Analysis and Response System, or MARS, which is Cisco's proprietary security information event management (SIEM) product.
A typical proactive mitigation example could involve the security agent detecting suspicious activity on a host PC, which it then forwards to the MARS platform. The MARS platform then collaborates with the IPS module to monitor flows to and from that endpoint and cut off any potential attacks.
One thing to keep in mind, however, is that you do not have to be Cisco-centric in building a "self-defending" stack that incorporates the devices listed above. The key to having an effective multi-vendor "self-defending" stack is to ensure each security point product is able to collaborate with the others. This collaboration can be quite complicated and difficult, given that most vendor platforms are either point products built on a closed platform, or are built to support their own integrated security stacks. An example of an open platform that supports multiple vendor security products is Crossbeam X-series platform.
Dig Deeper on Network device security: Appliances, firewalls and switches
Related Q&A from Anand Sastry
While encrypting production servers may seem like a good security move, according to Anand Sastry, doing so may not be worth the resources it uses. Continue Reading
Transferring files from a DMZ to an internal FTP server can be risky. In this expert response, Anand Sastry explains how to use SFTP automation to ... Continue Reading
When setting up a site-to-site VPN, where should the VPN endpoint be in the DMZ? Learn more in this expert response. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.