SAFE Security

Architecture
Toolkit

July 2018
 SAFE Security Architecture Toolkit
Table of Contents
• SAFE Toolkit Overview
• Capabilities Flows and Endpoints
• Architectures
• Designs
• SAFE Icon Library
• Tools, Rules and Techniques
• Contact

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 SAFE Toolkit Overview

Cisco SAFE simplifies security so your conversations can focus on the

needs of a business. By mapping the flows of the business, specific threats
can be addressed with corresponding security capabilities, architectures,
and designs.
The SAFE Toolkit includes the elements required to facilitate security
discussions. You can use the items on these slides to build presentations
using SAFE best-practice illustrations and diagrams. And you can
customize the diagrams to suit your business.
This toolkit complements the SAFE Overview, Architecture and Design
Guides which can be found at www.cisco.com/go/safe

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 The following slides contain
High-level SAFE graphics that you can use to
Graphics introduce SAFE and explain
SAFE concepts and components.

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 The Key to SAFE

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 SAFE Progression
of Capabilities

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 SAFE Architecture
Wheel

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 First, identify the capabilities your
customer needs their network to
provide to the business.

SAFE Capabilities Next, you can use the endpoints

and capabilities icons to map the
Flows and Endpoints business flows.
Mapping the threats the customer
faces onto the capabilities is the
key to SAFE.

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 SAFE Master Capabilities Flows
Internal Business Flows:

Secure communications for email: CEO sending email to shareholder

Client- Identity Posture Firewall Intrusion Flow Threat Anti- Tagging Application Email Server-
Based Assessment Prevention Analytics Intelligence Malware Visibility Security Based
CEO Security Control Security Shareholder

Secure applications for PCI: Clerk processing credit card transaction

Client- Identity Posture Firewall Intrusion Flow Threat Anti- Tagging Application Web Server-
Based Assessment Prevention Analytics Intelligence Malware Visibility Application Based
Clerk Security Control Firewall Security Payment Application

Secure web access for employees: Employee researching product information

\
Client- Identity Posture Firewall Intrusion Flow Threat Anti- Tagging Application Web
Based Assessment Prevention Analytics Intelligence Malware Visibility Security
Employee Security Control Website

Secure communications for collaboration: Subject matter expert consultation

Client- Identity Posture Firewall Intrusion Flow Threat Anti- Tagging Posture Identity Client-
Based Assessment Prevention Analytics Intelligence Malware Assessment Based
Expert Security Security Colleague

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 SAFE Master Capabilities Flows
Third-Party Business Flows:

Secure remote access for third party: Connected device with remote vendor support

DNS Identity Firewall Intrusion Flow Threat Anti- Tagging Virtual Posture Identity Client-
Security Prevention Analytics Intelligence Malware Private Assessment Based
Thermostat Network Security Remote Technician

Secure remote access for employees: Field engineer updating work order

Client- Identity Posture Virtual Firewall Intrusion Flow Threat Anti- Tagging Distributed Web Server-
Based Assessment Private Prevention Analytics Intelligence Malware Denial Application Based
Engineer Security Network of Service Firewall Security Workflow Application
Protection

Secure east-west traffic for compliance: PCI compliance for financial transactions

Server- Firewall Intrusion Flow Threat Anti- Tagging Server-

Based Prevention Analytics Intelligence Malware Based
Database Security Security Payment Application

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 SAFE Master Capabilities Flows
Customer Business Flows:

Secure web access for guests: Guest accessing the Internet for comparative shopping

DNS Wireless Wireless Firewall Intrusion Flow Threat Anti- Tagging

Security Intrusion Rogue Prevention Analytics Intelligence Malware
Guest Prevention Detection
Website

Secure web access for guests: Guest accessing the Internet to watch hosted video

DNS Wireless Wireless Firewall Intrusion Flow Threat Anti- Tagging Distributed Application Web Server-
Security Intrusion Rogue Prevention Analytics Intelligence Malware Denial Visibility Application Based
Guest Prevention Detection of Service Control Firewall Security
Protection Website

Secure applications for PCI: Customer making purchase

Identity Firewall Intrusion Flow Threat Anti- Tagging Distributed Application Web Server-
Prevention Analytics Intelligence Malware Denial Visibility Application Based
Customer of Service Control Firewall Security
Protection E-commerce

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 SAFE Master Endpoints
Use these endpoints to further customize your SAFE capabilities flows. Industry-
specific endpoints are provided on the following slides.

CEO Shareholder Guest Server Customer Guest Salesperson Shareholder Server Server Automated
Process

Manager Manager Salesperson Technician Server Clerk Server Customer Technician Remote Server Building
Employee Controls

Subject Matter Remote Remote Video Server Video CEO Shareholder Customer Manager Clerk Guest Subject
Expert Colleague Employee Surveillance Camera Matter Expert

Technician Automated Server Building Building Remote Secure Server Server Building Building
Remote
Technician Process Controls Controls Employee Partner Controls Controls

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 SAFE architecture diagrams
SAFE Architecture convey the network structure at a
high level without naming specific
Diagrams products. Architectures can also
reference capabilities.

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 The following architecture
diagrams are best-practice
references for each Place in
the Network (PIN).

They may be used as is or

you may customize them.
Customization instructions
are in the Tools and Rules
section beginning on slide 38.

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 Small Branch Architecture

HUMAN DEVICES NETWORK APPLICATIONS

Secure Web

Branch Manager
browsing
information
Corporate
Wi-Fi Device \
Product Information
Website

Guest Wireless

Customer
browsing prices Mobile Wireless
Device Access Point Comparative
Shopping Website

Secure Applications

Clerk processing Corporate Payment Processing

credit card Access Switch Router
Device

Secure Communications
Remote Colleague

Subject Matter Employee

Expert Phone

Third-party Technician
accessing logs
Secure Third Parties

Building Environmental Server

Controls Controls

Business Endpoints Access Services

Use Cases
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 Medium Branch Architecture

HUMAN DEVICES NETWORK APPLICATIONS

Secure Web

Branch Manager Corporate

browsing Wi-Fi Device Wireless Controller
information
Product Information
Website
Guest Wireless

Customer Mobile Wireless

browsing prices Device Access Point Comparative
Shopping Website

Secure Applications

Clerk processing Corporate Access Switch Distribution Router Payment Processing

credit card Device Switch

Secure Communications
Remote Colleague

Subject Matter Employee

Expert Phone

Third-party Technician
Secure Third Parties accessing logs

Building Environmental Server

Controls Controls

Business Endpoints Access Services

Use Cases
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 Large Branch Architecture

HUMAN DEVICES NETWORK APPLICATIONS

Secure Web

Branch Manager Corporate

browsing Wireless
Wi-Fi Device Controller
information

Product Information
Website
Guest Wireless

Customer
browsing prices Mobile Wireless Switch Web Security
Device Access Point
Comparative
Shopping Website

Secure Applications

Clerk processing Corporate Switch Distribution Firewall Switch Router Payment Processing
credit card Device Switch

Secure Communications
Remote Colleague
Subject Matter
Expert Employee Switch Communications
Phone Manager

Third-party Technician
Secure Third Parties accessing logs

Building Environmental Server

Controls Controls

Business Endpoints Access Collapsed Core Services

Use Cases & Distribution
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 Campus Architecture
HUMAN DEVICES NETWORK APPLICATIONS

Secure Email

CEO sending Corporate Web Security Guest Wireless

email to Wi-Fi Device
Shareholders

Shareholder receiving
email from CEO
Guest Wireless

Guest
browsing Mobile Wireless Wireless Switch
Device Access Point Controller
Comparative
Shopping Website

Secure Web

Employee Corporate Switch Distribution Core Switch Firewall Switch Router Wholesaler Website
browsing Device Switch

Secure Communications
Remote Colleague

Subject Matter Employee Firewall Switch

Expert Phone

Third-party Technician
accessing logs
Secure Third Parties

Building
Controls Environmental Blade Server Communications
Controls Manager

Business Endpoints Access Distribution Core Services

Use Cases

BUILDING BLOCK CORE BLOCK

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Employee Guest CEO sending email Building Clerk processing Payment Third-party Shareholder Comparative Wholesaler
browsing browsing to Shareholders Controls credit card Processing Technician receiving email Shopping Website Website
accessing logs from CEO

WAN Architecture

NETWORK

Router Switch Firewall Switch

TO CAMPUS/ TO DATA
BRANCH CENTER
Services
 Third-party Field Engineer Wholesaler Shareholder Comparative
Technician submitting Website receiving Email Shopping
accessing logs work order from CEO Website Data Center Architecture
NETWORK SERVERS APPLICATIONS

East/West
Traffic

Wireless Firewall Controller Load Balancer Secure Server Database

TO EDGE Controller Appliance

Payment
Processing
Communications Firewall Leaf Switch Spine Switch Leaf Switch Secure Server Payment
Manager Application

Software-defined

Distribution Core Switch

Switch
Clerk processing
credit card
Workflow
Automation

Building Management Distribution Switch Fabric Switch Secure Server Workflow

Firewall Application
Controls Console

Shareholder
CEO sending Emails
email to
Shareholders
Identity Firewall Load Balancer Secure Server Communication
Server Appliance Services

Guest
browsing
Services Core Distribution Access Endpoints Business
TO WAN Use Cases

Employee
browsing
 Edge Architecture

NETWORK
TO INTERNET TO ENTERPRISE
CORE

Comparative Email Security Switch Wireless

Shopping Website Controller
Perimeter Services
Corporate Guest
accessing Internet

Shareholder receiving
email from CEO
Web Security Switch Firewall Trusted
Untrusted Enterprise CEO sending
email to Shareholders

Wholesaler
Website

Payment Employee
Router Switch Firewall Switch Load Balancer Switch Secure Server Application Switch browsing
Appliance

Customer DMZ
making purchase

Workflow
Application

Firewall
Field engineer
submitting work order
VPN
Building
Controls

Third-party Technician
accessing logs
VPN Switch SD WAN
Concentrator
 Cloud Architecture
SERVICES NETWORK APPLICATIONS SERVICES

East/West
Traffic
Anti-Malware Identity
Authorization
Firewall vSwitch Storage Server Database
Virtual Appliance Zone

Threat
Intelligence Payment DNS Security
Processing

Firewall Load vSwitch Secure Server Payment

Virtual Appliance Balancer Application

Web Reputation/ Distributed

Filtering/DCS Denial of
Service
Protection

Anomaly vRouter vSwitch

Detection

Workflow
Automation
Application
TO INTERNET Visibility
Control (AVC) Workflow
Firewall vSwitch Secure Server Application
Virtual Appliance

Customer
making purchase Shareholder
Emails
Hosted
Firewall Load vSwitch Secure Server E-Commerce
Virtual Appliance Balancer
Technician
submitting task

Services Business
Use Cases
Guest browsing
 SAFE design diagrams show the
specific products and flow/
structure needed to satisfy the
desired security capabilities of a
particular network.
SAFE Design
The following design diagrams are
Diagrams best-practice references for
selected Places in the Network
(PINs). Contact the Cisco SAFE
Team for assistance in building
customized SAFE designs in Visio.

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 If you need to customize
SAFE capabilities flows or
SAFE Icon Library architectures, you’ll find the
icons on the following slides.

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Human Icons
Users: Rogue: Identity: Identity Directory • Cisco Identity Services Engine Appliance
Employees, third parties, Attackers accessing restricted Identity-based access. • Cisco Identity Services Engine Virtual Appliance
customers, and administrators. information resources.

Identity
Identity
Directory

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Additional Humans Icons

CEO Clerk Customer Expert Guest Manager Remote Secure Shareholder

Employee Partner

Identity
Directory

Identity Directory

Identity Directory

Person People MS Active MS Active

Directory Directory

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 Devices Icons
Clients: Malware: Client-Based Security: Corporate Device • Cisco Advanced Malware Protection for Endpoints
Devices such as PCs, laptops, Viruses, malware, and attacks This capability represents • Cisco Umbrella
smartphones, tablets. that compromise systems. multiple types of security
software to protect clients. • Cisco AnyConnect
• Built-in OS Firewall or Partner Products

Workstation Client-Based
Security Corporate Device

Malware: Anti-Malware • Cisco Advanced Malware Protection for Endpoints

Viruses, malware, and attacks
that compromise systems.

Anti-Malware

Virus: Anti-Virus • Cisco Advanced Malware Protection for Endpoints (TETRA)

Viruses compromising
systems.

Anti-Virus

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 Devices Icons
Clients: Exploit Redirection: Personal Firewall Corporate Device • Built-in OS Firewall
Devices such as PCs, laptops, Unauthorized access and • Partner Products
smartphones, tablets. malformed packets connecting
to client.

Firewall
Workstation Corporate Device

Phish Link: Cloud Security: • Cisco Umbrella - Secure Internet Gateway (SIG)
Redirection of user to malicious Combination icon representing • Cisco AnyConnect Agent
web site. several security capabilities
provided by the cloud. • Cisco Cloudlock
• Cisco Web Security Appliance
• Cisco Meraki MX
• Cisco Firepower with URL Filtering
Cloud Security
• Cisco Viptela SD-WAN

Botnets DDOS: Posture Assessment: • Cisco AnyConnect Agent

Compromised devices Client endpoint • Cisco Identity Services Engine
connecting to infrastructure. compliance verification
and authorization. • Cisco Meraki MDM

Posture
Assessment

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 Devices Icons
Voice: Rogue: Phone • Cisco Unified Communications
Phone Attacker accessing private • Cisco IP Phones
information.

phone
Phone

Video: Rogue: Video Endpoint • Cisco Unified Communications

Displays, collaboration, Attacker accessing private • Cisco Telepresence
smartboards. information.
• Cisco WebEx Teams
• Cisco IP Phones

Video Video Endpoint

Endpoint

Autonomous Device: Rogue: Environmental Controls • Partner devices and controllers

Building controls, manufacturing Attacker accessing private
systems, automation. information.

sensor
Environmental
Controls

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Additional Devices Icons

Server Building Server Camera Building

Controls Controls

Corporate Corporate Mobile Phone Video Endpoint Actuator Sensor Automated

Device Wireless Device System

Corporate Device Corporate Mobile Phone Video Endpoint Actuator Sensor Automated
Wireless Device System

Phone Video Endpoint Automated

System

Standardized Infrastructure
System Images Redundancy

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 Network Icons
Wired Network:
Physical network infrastructure;
routers, switches, used to
connect access, distribution, core,
and services layers together
Exploit Redirection:
Unauthorized access and
malformed packets connecting
to client.
Firewall: Firewall • Cisco Adaptive Security Appliance (ASA)
Stateful filtering and protocol • Cisco Firepower Appliance
inspection.
• Cisco Next Generation Firewall
• Cisco Next Generation Firewall Virtual

Firewall
Firewall

L2/L3 Router
Network
Exploit Redirection: Intrusion Prevention: Intrusion Prevention • Cisco Adaptive Security Appliance (ASA)
Attacks using worms, viruses, or Blocking of attacks by • Cisco Firepower Appliance
other techniques. signatures and anomaly
analysis. • Cisco Next Generation Intrusion Prevention System
Fabric Distribution
Switch Switch • Cisco Next Generation Intrusion Prevention System Virtual

Intrusion Prevention
Intrusion
Access Prevention
Switch

Unauthorized Network Access:
Lateral spread of infiltration.
Tagging: Switch • Cisco Adaptive Security • Cisco Aggregation Services
Policy-based, software-defined Appliance (ASA) Routers
segmentation. • Cisco Firepower Appliance • Cisco Nexus Switches
• Cisco Catalyst Switches • Cisco ACI Fabric
• Cisco Wireless Controller and • Cisco DNA Fabric
Access Points
• Cisco Tetration
Tagging • Cisco Identity Services Engine
Switch
• Cisco Integrated Services
Routers

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Icons
Wireless Network: Malware: Mobile Device MDM Appliance • Cisco Identity Services Engine
Physical network infrastructure; Compromised devices Management (MDM): • Cisco Meraki Mobile Device Management
access points and controllers connecting to infrastructure. Endpoint access control
used to connect mobile devices based on policies.
to the access layer.

Mobile Device
Management (MDM) MDM Appliance

Wireless

Rogue: Wireless Rogue Detection: Wireless LAN Controller • Cisco Catalyst Switches with Unified Access
Unauthorized access and Detection and containment of • Cisco Wireless Controller and Access Points
disruption of wireless network. malicious wireless devices not
controlled by the company. • Cisco Mobility Services Engine

Wireless Rogue
Detection Wireless LAN
Controller

Rogue: Wireless Intrusion Prevention Wireless Access Point • Cisco Catalyst Switches with Unified Access
Attacks on the infrastructure (WIPS): • Cisco Wireless Controller and Access Points
via wireless technology. Blocking of wireless attacks by
signatures and anomaly analysis.

Wireless Intrusion
Prevention (WIPS) Wireless
Access Point

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Icons
Analysis: Malware:
Telemetry and analysis of Malware distribution across
traffic across the enterprise. networks or between servers
and devices.
Analytic
Engine
Advanced Threat:
Zero-day malware and attacks.
Exfiltration:
Traffic, telemetry, and data
exfiltration from successful
attacks.
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Anti-Malware for Networks:
Identify, block, and analyze
malicious files and
transmissions.
Network
Anti-Malware
Threat Intelligence:
Contextual knowledge
of emerging hazards.
Threat
Intelligence
Flow Analytics:
Network traffic metadata
identifying security Incidents.
Flow Analytics
Firewall • Cisco Advanced Malware Protection for Networks
• Cisco Next Generation Firewall
• Cisco Next Generation Firewall Virtual
• Cisco Next Generation Intrusion Prevention System
• Cisco Next Generation Intrusion Prevention System Virtual
Firewall
Threat Intelligence • Cisco Collective Security Intelligence
is a capability leveraged • Cisco Global Threat Analytics and Encrypted Traffic Analytics
by many systems and
not deployed separately; • Cisco Talos Security Intelligence
there is no dedicated • Cisco Firepower Management Center
architecture icon.
• Cisco Umbrella Investigate
• Cisco AMP Console – Telemetry
• Cisco Stealthwatch Management Console
Flow Sensor Flow Sensors and Collectors: • Cisco NetFlow Generation
Appliance
• Cisco Integrated Services
Router • Cisco Stealthwatch Flow
Sensor
• Cisco Adaptive Security
Appliance Analysis:
• Cisco Wireless LAN Controller • Cisco Stealthwatch
Management Console
• Cisco Catalyst Switch
Flow Sensor • Cisco Stealthwatch Cloud
• Cisco Nexus Switch
Network Icons
WAN:
Public and untrusted Wide Area
Networks that connect to the
company, such as the Internet.
WAN
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Exfiltration:
Traffic, telemetry, and data
exfiltration from successful
attacks.
Man-in-the-Middle:
Connection of information and
identities.
Botnets DDOS:
Massively scaled attacks that
overwhelm services.
VPN Concentrator:
Encrypted remote access.
VPN Concentrator
Virtual Private Network (VPN):
Encrypted communication
tunnels.
Virtual Private
Network (VPN)
DDOS Protection:
Protection against scaled
attack forms.
Distributed Denial
of Service Protection
VPN Concentrator • Cisco Adaptive Security Appliance (ASA)
• Cisco Firepower Appliance
• Cisco Next Generation Firewall
• Cisco Next Generation Firewall Virtual
VPN Concentrator
SD WAN • Cisco Adaptive Security • Cisco Meraki SD-WAN
Appliance (ASA)
• Cisco IWAN
• Cisco Aggregation Services
Routers • Cisco Next Generation
Firewall
• Cisco Cloud Services Router
• Cisco Next Generation
• Cisco Integrated Services Firewall Virtual
Router
• Cisco Viptela SD-WAN vEdge
SD WAN • Cisco Firepower Appliance
DDOS Protection Appliance • Cisco Aggregation Services Routers with Radware
• Cisco Firepower Appliance with Radware
• Distributed Denial of Service Technology Partner
DDOS Protection
Appliance
Network Icons
Cloud: Phish Link: Cloud Security: VPN Concentrator • Cisco Umbrella - Secure • Cisco Meraki MX
Security services from the Attacks from malware, Combination icon representing Internet Gateway (SIG)
• Cisco Firepower with URL
cloud. viruses, and malicious URLs. several security capabilities • Cisco AnyConnect Agent Filtering
provided by the cloud.
• Cisco Cloudlock • Cisco Viptela SD-WAN
• Cisco Cloud Services Router
• Cisco Web Security
Cloud Security Appliance
Cloud Security

Cloud

Phish Link: DNS Security: Secure DNS • Cisco Umbrella

Redirection of user to Name resolution filtering.
malicious website.

DNS Security
Secure DNS

Rogue: Cloud Access Security Broker • Cisco CloudLock

Unauthorized access to cloud (CASB):
SaaS services, data loss. Monitor and protect SaaS
services.

CASB

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Icons
Cloud: Redirect Link: Web Security: Web Security • Cisco Umbrella - Secure Internet Gateway (SIG)
Security services from the Infiltration and exfiltration via Internet access integrity • Cisco Web Security Virtual Appliance
cloud. Web protocols. and protections.
• Cisco Meraki URL Filtering

Web Security
Web Security

Cloud
Malware C2: Web Reputation/Filtering: Web Reputation Filtering • Cisco Umbrella - Secure Internet Gateway (SIG)
Attacks directing to a Tracking against URL-based • Cisco Web Security Virtual Appliance
malicious URL. threats.
• Cisco Meraki URL Filtering

Web Reputation/
Filtering/DCS Web Filtering

Redirect Link: Cloud-based Firewall: • Cisco Adaptive Security Virtual Appliance (ASAv)
Unauthorized access and Filter and inspect traffic via the • Cisco Cloud Services Router
malformed packets connecting cloud.
to services. • Cisco Next Generation Firewall Virtual (NGFWv)

Firewall

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Additional Network Icons

Firewall Intrusion Router VPN Concentrator DDOS Identity Web Security

Prevention Protection Directory

Firewall IPS Router VPN Concentrator DDOS Identity Web Security Web Filtering
Protection Directory

Firewall IPS Router VPN Concentrator DDOS Identity Web Security Web Filtering
Protection Directory

Adaptive Security Firepower

Appliance Appliance

MS Active MS Active
Directory Directory

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Additional Network Icons

Access Distribution Core Fabric Leaf Spine SD SD WAN Wireless Mobile Device Wireless
Switch Switch Switch Switch Switch Switch Controller Access Point Management (MDM) LAN Controller

Distribution Core Fabric Leaf Spine ACI SD WAN Access Point Mobile Device Wireless
Access Switch Switch Switch Switch Switch Controller Management (MDM) LAN Controller
Switch

ACI SD WAN Mobile Device Wireless

Access Controller Management (MDM) LAN Controller
Switch

Switch
Stack

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Additional Network Icons

Flow Sensor Flow Endpoint UDP Management Secure

Connector Concentrator Director Console DNS

Flow Sensor Flow Endpoint UDP Management Secure

Connector Concentrator Director Console DNS

Flow Sensor Flow Endpoint UDP Management Secure

Connector Concentrator Director Console DNS

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Applications Icons
Applications: Redirect Link: Web Application Firewalling: Web Application Firewall • Web Application Firewall Technology Partner
Application-specific security Attacks against poorly- Advanced application inspection
services. developed applications. and monitoring.

Application Web Application

Firewall Web Application
Firewall

C2 Sites: Application Visibility Control • Cisco Aggregation Services Router

Attack tools hiding in permitted
applications.
(AVC): • Cisco Cloud Services Router
Deep packet inspection of
application flows. • Cisco Integrated Services Router
• Cisco Next Generation Firewall
• Cisco Next Generation Firewall Virtual

Application Visibility
Control (AVC)

Spying: TLS Encryption Offload: TLS Appliance • Cisco Next Generation Firewall
Theft of unencrypted traffic. Accelerated encryption/ • Transport Layer Security Offload Technology Partner
decryption of data services.

TLS Offload
TLS Appliance

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 Applications Icons
Applications: Phishing: Email Security: Email Security • Cisco Email Security Appliance
Application-specific security Infiltration and exfiltration via Messaging integrity • Cisco Cloud Email Security
services. email. and protections.

Email
Application Security Email Security

Malware: Malware Sandbox: Sandbox Appliance • Cisco Threatgrid

Polymorphic threats. Detonation and analysis
of file behavior.

Malware
Sandbox Sandbox
Appliance

Storage: Spying: Disk Encryption: • Disk Encryption Technology Partner

Drives, databases, media. Theft of unencrypted traffic. Encryption of data at rest.

Storage Disk
Encryption

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Applications Icons
Servers: Malware: Server-based Security: Secure Server • Cisco Advanced Malware Protection for Endpoint
Application hosting operation Viruses, malware and attacks Combination icon representing • Cisco Umbrella
systems. that compromise systems. several security capabilities to
secure the server. • Cisco Tetration
• Built-in OS Firewall or Partner Products

Secure Server Server-Based

Security Secure Server

Load
Balancer

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Additional Applications Icons

Server Secure Blade Storage Load Wide Area TLS Appliance

Server Server Balancer Application Engine

Server Secure Blade Storage Load Wide Area TLS Appliance

Server Server Balancer Application Engine

Server Secure Blade Storage Load Wide Area TLS Appliance

Server Server Balancer Application Engine

Radware Cisco Cisco

Appliance AnyConnect AMP

Generic Cisco Radware

Appliance Appliance Appliance

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Management Icons
Management: Analysis/Correlation: SIEM • Cisco Stealthwatch
Infrastructure systems Security event management of • Cisco Stealthwatch Cloud
management and orchestration. real-time information.
• Cisco Visibility
• SIEM Technology Partner Products

Central Analysis/
Correlation SIEM
Management

Anomaly Detection: • Cisco Identity Services Engine

Identification of infected hosts • Cisco Meraki
scanning for other vulnerable
hosts. • Cisco Tetration
• Cisco Stealthwatch

Anomaly
Detection

Identity/Authorization: Identity Directory • Cisco Identity Services Engine

Centralized identity and
administration policy.

Identity/
Authorization Identity
Directory

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Management Icons
Management: Logging/Reporting: Log Collector • Cisco Stealthwatch
Infrastructure systems Centralized event information • Logging Technology Partner Products
management and orchestration. collection.

Central Logging/
Reporting Log Collector
Management

Monitoring: Monitoring • Cisco Stealthwatch

Network traffic inspection. • Cisco Stealthwatch Cloud
• Cisco Tetration

Monitoring
Monitoring

Name Resolution: Secure DNS • Cisco Umbrella

Centralized DNS Services

Name
Resolution Secure
DNS

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Management Icons
Management: Policy/Configuration: Policy • Cisco Firepower • Cisco Advanced Malware
Infrastructure systems Unified infrastructure Management Center Protection Console
management and orchestration. management and compliance • Cisco Identity Services • Cisco Defense Orchestrator
verification. Engine
• Cisco Tetration
• Cisco DNA Center
• Cisco Security Manager
• Cisco ACI APIC
• Cisco Prime LMS
Central Policy/ • Cisco Stealthwatch
Configuration Policy Management Console
Management

Time Synchronization: NTP • Cisco Firewalls, Routers, and Switches

Device clock calibration for
accurate event correlation.

Time
Synchronization NTP

Vulnerability Management: Vulnerability Management • Endpoint Technology Partner

Continuous scanning,
patching, and reporting of
infrastructure.

Vulnerability
Management Vulnerability
Management

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Additional Management Icons

Secure DNS NTP Monitoring Vulnerability Policy Log SIEM Identity

Management Collector Directory

Secure NTP Monitoring Vulnerability Policy Log SIEM Identity

DNS Management Collector Directory

Secure NTP Monitoring Vulnerability Policy Log SIEM Identity

DNS Management Collector Directory

MS Active MS Active
Directory Directory

Generic
Appliance

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 Please refer to the guidelines and
helpful elements on these pages
Tools and Rules to ensure that your diagrams and
presentations are SAFE!

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 Building SAFE Architectures
To customize one of the
architecture diagrams on slides
20-27, or to build one, please
refer to this key as well as the
Architecture Toolkit and the
Dos and Don’ts information on
the following slides.
For assistance, contact
Christian Janoff.
[email protected]

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 Title Example

Area Title Example Icon Title Example

Icon Title Example

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Using Selection Pane
The Selection Pane enables you to view and access layers easily
1. Turn on the Selection Pane
2. Each object in the pane is listed in the hierarchical order (depth) that it is on the slide.
3. Click the eye to make them invisible/visible so you can access objects below them without having
to move them from their position
4. By clicking on an object or group name you can select objects that are hard to grab
5. Once selected, you can change their order via the Arrange menu, or move them with cursor keys

1 2 3 4 5

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
How to draw smooth business flows
By editing the points of a freeform shape you can create smooth consistent corners (steps 1-8).
• Make the line with square turns, click and drag to make each segment (hold shift to constrain)
• Select Edit Shape then Edit Points from the Drawing Tools menu
• Using the gridlines from the View menu, add points before and after (Ctrl+click)
• After adding the new points, then select and delete the corner point
• Stretch handles as appropriate (back to where the corner point was, and the next corner)
to create a smooth arching corner

1 2 3

4 5 6 7 8

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Design/Drawing Elements

VLAN201

VLAN201
HSRP G1/6

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 If you have questions about SAFE and constructing SAFE architectures with
the resources in this toolkit, contact Christian Janoff. [email protected]

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public