Which type of security control is defense in depth?
overt and covert channels
SAFE Design Blueprint
The Cisco SAFE uses the infrastructure-wide intelligence and collaboration capabilities provided
by Cisco products to control and mitigate well-known and zero-day attacks. Under the Cisco SAFE
design blueprints, intrusion protection systems, firewalls, network admission control, endpoint
protection software, and monitoring and analysis systems work together to identify and
dynamically respond to attacks. As part of threat control and containment, the designs have the
ability to identify the source of a threat, visualize its attack path, and to suggest, and even
dynamically enforce, response actions. Possible response actions include the isolation of
compromised systems, rate limiting, packet filtering, and more.
Control is improved through the actions of harden, isolate, and enforce. Following are some of the
objectives of the Cisco SAFE design blueprints:
•Adaptive response to real-time threats—Source threats are dynamically identified and may be
blocked in realtime.
•Consistent policy enforcement coverage—Mitigation and containment actions may be enforced at
different places in the network for defense in-depth.
•Minimize effects of attack—Response actions may be dynamically triggered as soon as an attack
is detected, minimizing damage.
•Common policy and security management—A common policy and security management platform
simplifies control and administration, and reduces operational expense.