Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Cisco ASA con fire power services

5 363 vues

Publié le

Cisco presenta primer Firewall de próxima generación enfocado en amenazas

Publié dans : Technologie

Cisco ASA con fire power services

  1. 1. Industry’s First Threat-Focused NGFW Cisco ASA with FirePOWER Services © 2014 Cisco and/or its affiliates. All rights reserved. 1 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
  2. 2. Introducing: Cisco ASA with FirePOWER Services Industry’s First Threat-Focused Next-Generation Firewall Features ► Cisco® ASA firewalling combined with Sourcefire® Next-Generation IPS ► Advanced Malware Protection (AMP) ► Best-in-class security intelligence, application visibility and control (AVC), and URL filtering Benefits ► Superior, multilayered threat protection ► Unprecedented network visibility ► Integrated threat defense across the entire attack continuum ► Reduced cost and complexity © 2014 Cisco and/or its affiliates. All rights reserved. 2
  3. 3. The Problem with Legacy Next-Generation Firewalls Focus on the Apps But totally miss the threat… 0100 111001 1001 11 111 0 0100 1110101001 1101 111 0011 0 100 0111100 011 1010011101 1000111010011101 10001110 10011 101 010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 01000 01000111 0100 11101 1000111010011101 1000111010011101 1100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0111100 011 1010011101 1 Legacy NGFW can reduce attack surface area but advanced malware often evades security controls. © 2014 Cisco and/or its affiliates. All rights reserved. 3
  4. 4. Threat Landscape Demands more than Application Control 100% of companies connect to domains that host malicious files or services 54% of breaches remain undiscovered for months 60% of data is stolen in hours It is a Community that hides in plain sight avoids detection and attacks swiftly © 2014 Cisco and/or its affiliates. All rights reserved. 4
  5. 5. Legacy NGFWs Lack Complete Visibility and Control Without Proper Visibility Threat Protection Cannot Be Operationalized © 2014 Cisco and/or its affiliates. All rights reserved. 5
  6. 6. Integrated Threat Defense Across the Attack Continuum ATTACK CONTINUUM Detect Block Defend Network Endpoint Mobile Virtual Cloud Point-in-Time Continuous Discover Enforce Harden Scope Contain Remediate © 2014 Cisco and/or its affiliates. All rights reserved. 6
  7. 7. Industry’s First Threat-Focused Next-Generation Firewall Cisco ASA with FirePOWER Services Features ► Cisco® ASA firewalling combined with Sourcefire® Next-Generation IPS ► Advanced Malware Protection (AMP) ► Best-in-class security intelligence, application visibility and control (AVC), and URL filtering Benefits ► Superior, multilayered threat protection ► Unprecedented network visibility ► Integrated threat defense across the entire attack continuum ► Reduced cost and complexity “By integrating defense layers, organizations can enhance visibility, enable dynamic controls, and provide advanced threat protection that address the entire attack continuum – before, during, and after an attack.” © 2014 Cisco and/or its affiliates. All rights reserved. 7
  8. 8. Superior Integrated & Multilayered Protection ► World’s most widely deployed, enterprise-class ASA stateful firewall ► Granular Cisco® Application Visibility and Control (AVC) ► Industry-leading FirePOWER next-generation IPS (NGIPS) ► Reputation- and category-based URL filtering ► Advanced Malware Protection with Retrospective Security Cisco Collective Security Intelligence Enabled Advanced Malware Protection (Subscription) (Subscription) FireSIGHT Analytics & Automation Cisco ASA URL Filtering Identity-Policy Control & VPN Intrusion Prevention (Subscription) Application Clustering & High Availability Network Firewall Visibility & Control Routing | Switching Built-in Network Profiling © 2014 Cisco and/or its affiliates. All rights reserved. 8
  9. 9. Unprecedented Network Visibility Categories FirePOWER Services Legacy IPS Legacy NGFW Threats ü ü ü Users ü û ü Web Applications ü û ü Application Protocols ü û ü File Transfers ü û ü Malware ü û û Command & Control Servers ü û û Client Applications ü û û Network Servers ü û û Operating Systems ü û û Routers & Switches ü û û Mobile Devices ü û û Printers ü û û VoIP Phones ü û û Virtual Machines ü û û © 2014 Cisco and/or its affiliates. All rights reserved. 9
  10. 10. Impact Assessment Correlates all intrusion events to an impact of the attack against the target IMPACT FLAG ADMINISTRATOR 1 2 3 4 0 ACTION WHY Act Immediately, Vulnerable Event corresponds to vulnerability mapped to host Investigate, Potentially Vulnerable Relevant port open or protocol in use, but no vuln mapped Good to Know, Currently Not Vulnerable Relevant port not open or protocol not in use Good to Know, Unknown Target Monitored network, but unknown host Good to Know, Unknown Network Unmonitored network © 2014 Cisco and/or its affiliates. All rights reserved. 10
  11. 11. Automated, Integrated Threat Defense Superior Protection for Entire Attack Continuum Multi-vector Correlation Admin Request Mail PDF Early Warning for Advanced Threats Retrospective Security Admin Request PMDaiFl Shrink Time between Detection and Cure Host A Host B Host C 5 IoCs 3 IoCs Context and Threat Correlation Impact Assessment WWWWWWWWW Dynamic Security Control Adapt Policy to Risks http:// WWWhWEtt pB:// Priority 1 Priority 2 Priority 3 © 2014 Cisco and/or its affiliates. All rights reserved. 11
  12. 12. Indicators of Compromise (IoCs) IPS Events Malware Backdoors CnC Connections Exploit Kits Admin Privilege Escalations Web App Attacks SI Events Connections to Known CnC IPs Malware Events Malware Detections Malware Executions Office/PDF/Java Compromises Dropper Infections © 2014 Cisco and/or its affiliates. All rights reserved. 12
  13. 13. Cisco ASA with FirePOWER Services vs. Legacy NGFW Feature Cisco ASA with FirePOWER Services Legacy NGFW Reputation-Based Proactive Protection Superior Not Available Visibility, Context & Intelligent Security Automation Superior Not Available File Reputation, File Trajectory, Retrospective Analysis Superior Not Available IoC’s Superior Not Available NGIPS Superior Available1 Application Visibility and Control Superior Available Acceptable Use/URL Filtering Superior Available Remote Access VPN Superior Not Enterprise-Grade Stateful Firewall, HA, Clustering Superior Available2 1 – Typically 1st generation IPS, 2 -HA Capabilities vary from NGFW vendor © 2014 Cisco and/or its affiliates. All rights reserved. 13
  14. 14. Security Services Security Products Complete Security Solutions © 2014 Cisco and/or its affiliates. All rights reserved. 14
  15. 15. Accelerate Migration to Cisco ASA with FirePOWER Services with Professional and Technical Services SMARTnet Technical Support Migration Services Managed Services Provide full-time, proactive, systematic threat monitoring and management Move more quickly to new capabilities and with minimal disruption Keep security solutions available by providing access to broad Cisco support tools and expertise © 2014 Cisco and/or its affiliates. All rights reserved. 15
  16. 16. Cisco ASA with FirePOWER Services Industry’s First Threat-Focused NGFW Superior Visibility ▶ Full contextual awareness to eliminate gaps Integrated Threat Defense ▶ Best-in-class, multilayered protection in a single device Automation ▶ Simplified operations and dynamic response and remediation © 2014 Cisco and/or its affiliates. All rights reserved. 16
  17. 17. Thank You © 2014 Cisco and/or its affiliates. All rights reserved. 17
  18. 18. Cisco Threat-Centric Security Vision Realize Acquisition of Sourcefire Security • Industry-leading NGIPS • Network visibility • Advanced Malware Protection • VRT Research • Open source innovation (OpenAppID) AMP + FirePOWER AMP > Managed threat defense Unified Cisco Research – Talos Security Intelligence and Research Group • Sourcefire VRT • Cisco TRAC • Cisco SecApps 2013 2014 2015… Cognitive + AMP Unified malware analysis > Acquisition of Cognitive Security • Advanced research intelligence • Real-time advanced behavioral analysis Collective Security Intelligence Malware Analysis & Threat Intelligence Acquisition of ThreatGRID • Unified malware analysis • Threat intelligence © 2014 Cisco and/or its affiliates. All rights reserved. 18
  19. 19. The Security Operations Maturity Model Security Scale Static Controls Human intervention Current Requirements Semi-automatic Dynamic Controls Predictive © 2014 Cisco and/or its affiliates. All rights reserved. 19
  20. 20. Challenges with Traditional ‘Defense-in-Depth’ Security Poor Visibility Undetected multi-vector and advanced threats Silo-ed Approach Increased complexity and reduced effectiveness Manual and Static Slow, manual, inefficient response © 2014 Cisco and/or its affiliates. All rights reserved. 20
  21. 21. How do you build the a Threat-Focused NGFW? Visibility-Driven Threat-Focused Platform-Based Network-Integrated, Broad Sensor Base, Context and Automation Continuous Advanced Threat Protection, Cloud-Based Security Intelligence Agile and Open Platforms, Built for Scale, Consistent Control, Management © 2014 Cisco and/or its affiliates. All rights reserved. 21
  22. 22. Platform-Based: Visibility and Context are the Foundation Workflow (automation) Engine APIs Understand scope, contain & remediate Focus on the threat – security is about detecting, understanding, and stopping threats Set policy to reduce surface area of attack Broad visibility for context Breach Threat Control Visibility © 2014 Cisco and/or its affiliates. All rights reserved. 22
  23. 23. Visibility Must Also Be Pervasive Breach Scope Threat Control Visibility Contain Remediate Detect Block Defend Control Enforce Harden Discover Monitor Inventory Map BEFORE Firewall App Control VPN Patch Mgmt Vuln Mgmt IAM DURING AFTER IPS AV/Anti-Malware Mail/Web Gateway Network / Devices Users / Applications Files / Data IDS FPC Forensics AMD Log Mgmt SIEM Workflow (automation) Engine APIs © 2014 Cisco and/or its affiliates. All rights reserved. 23

×