Cisco ASA con fire power services
-
Upload
felipe-lamus -
Category
Technology
-
view
2.190 -
download
0
description
Transcript of Cisco ASA con fire power services
© 2014 Cisco and/or its affiliates. All rights reserved. 1
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Industry’s First Threat-Focused NGFW Cisco ASA with FirePOWER Services
© 2014 Cisco and/or its affiliates. All rights reserved. 2
Introducing: Cisco ASA with FirePOWER Services Industry’s First Threat-Focused Next-Generation Firewall
► Cisco® ASA firewalling combined with Sourcefire® Next-Generation IPS
► Advanced Malware Protection (AMP)
► Best-in-class security intelligence, application visibility and control (AVC), and URL filtering
Features
► Superior, multilayered threat protection
► Unprecedented network visibility
► Integrated threat defense across the entire attack continuum
► Reduced cost and complexity
Benefits
© 2014 Cisco and/or its affiliates. All rights reserved. 3
100 0111100 011 1010011101 1000111010011101 10001110 10011 101 010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
01000 01000111 0100 11101 1000111010011101 1000111010011101 1100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
The Problem with Legacy Next-Generation Firewalls
Focus on the Apps But totally miss the threat…
Legacy NGFW can reduce attack surface area but advanced malware often evades security controls.
01000 01000111 0100 1110101001 1101 111 0011 0
100 0111100 011 1010011101 1
01000 01000111 0100 111001 1001 11 111 0
© 2014 Cisco and/or its affiliates. All rights reserved. 4
Threat Landscape Demands more than Application Control
100% of companies connect to domains that host
malicious files or services
54% of breaches
remain undiscovered for months
60% of data is
stolen in hours
avoids detection and attacks swiftly
It is a Community that hides in plain sight
© 2014 Cisco and/or its affiliates. All rights reserved. 5
Legacy NGFWs Lack Complete Visibility and Control
Without Proper Visibility Threat Protection Cannot Be Operationalized
© 2014 Cisco and/or its affiliates. All rights reserved. 6
Integrated Threat Defense Across the Attack Continuum
ATTACK CONTINUUM
Point-in-Time Continuous
Discover Enforce Harden
Detect Block
Defend
Scope Contain
Remediate
Network Endpoint Mobile Virtual Cloud
© 2014 Cisco and/or its affiliates. All rights reserved. 7
Industry’s First Threat-Focused Next-Generation Firewall Cisco ASA with FirePOWER Services
► Cisco® ASA firewalling combined with Sourcefire® Next-Generation IPS
► Advanced Malware Protection (AMP)
► Best-in-class security intelligence, application visibility and control (AVC), and URL filtering
Features
► Superior, multilayered threat protection
► Unprecedented network visibility
► Integrated threat defense across the entire attack continuum
► Reduced cost and complexity
Benefits
“By integrating defense layers, organizations can enhance visibility, enable dynamic controls, and provide advanced threat protection that address the entire attack continuum – before, during, and after an attack.”
© 2014 Cisco and/or its affiliates. All rights reserved. 8
Superior Integrated & Multilayered Protection
► World’s most widely deployed, enterprise-class ASA stateful firewall
► Granular Cisco® Application Visibility and Control (AVC)
► Industry-leading FirePOWER next-generation IPS (NGIPS)
► Reputation- and category-based URL filtering
► Advanced Malware Protection with Retrospective Security
Cisco ASA
Identity-Policy Control & VPN
URL Filtering (Subscription) FireSIGHT
Analytics & Automation
Advanced Malware
Protection (Subscription)
Application Visibility & Control Network Firewall
Routing | Switching
Clustering & High Availability
Cisco Collective Security Intelligence Enabled
Built-in Network Profiling
Intrusion Prevention
(Subscription)
© 2014 Cisco and/or its affiliates. All rights reserved. 9
Unprecedented Network Visibility Categories FirePOWER Services Legacy IPS Legacy NGFW
Threats ü ü ü Users ü û ü Web Applications ü û ü Application Protocols ü û ü File Transfers ü û ü Malware ü û û Command & Control Servers ü û û Client Applications ü û û Network Servers ü û û Operating Systems ü û û Routers & Switches ü û û Mobile Devices ü û û Printers ü û û VoIP Phones ü û û Virtual Machines ü û û
© 2014 Cisco and/or its affiliates. All rights reserved. 10
Impact Assessment
Correlates all intrusion events to an impact of the attack against the target
1
2
3
4
0
IMPACT FLAG ADMINISTRATOR ACTION WHY
Act Immediately, Vulnerable
Event corresponds to vulnerability mapped to host
Investigate, Potentially Vulnerable
Relevant port open or protocol in use, but no vuln mapped
Good to Know, Currently Not Vulnerable
Relevant port not open or protocol not in use
Good to Know, Unknown Target
Monitored network, but unknown host
Good to Know, Unknown Network
Unmonitored network
© 2014 Cisco and/or its affiliates. All rights reserved. 11
Automated, Integrated Threat Defense Superior Protection for Entire Attack Continuum
Retrospective Security
Shrink Time between Detection and Cure
PDF Mail
Admin Request
Admin Request
Multi-vector Correlation
Early Warning for Advanced Threats
Host A
Host B
Host C
3 IoCs
Adapt Policy to Risks
WWW WWW WWW
Dynamic Security Control
http:// http:// WWW WEB
Context and Threat Correlation
Priority 1
Priority 2
Priority 3
Impact Assessment
5 IoCs
© 2014 Cisco and/or its affiliates. All rights reserved. 12
Indicators of Compromise (IoCs)
IPS Events
Malware Backdoors CnC Connections
Exploit Kits Admin Privilege Escalations
Web App Attacks
SI Events
Connections to Known CnC IPs
Malware Events
Malware Detections Malware Executions
Office/PDF/Java Compromises Dropper Infections
© 2014 Cisco and/or its affiliates. All rights reserved. 13
Cisco ASA with FirePOWER Services vs. Legacy NGFW
Feature Cisco ASA with FirePOWER Services Legacy NGFW
Reputation-Based Proactive Protection Superior Not Available
Visibility, Context & Intelligent Security Automation Superior Not Available
File Reputation, File Trajectory, Retrospective Analysis Superior Not Available
IoC’s Superior Not Available
NGIPS Superior Available1
Application Visibility and Control Superior Available
Acceptable Use/URL Filtering Superior Available
Remote Access VPN Superior Not Enterprise-Grade
Stateful Firewall, HA, Clustering Superior Available2
1 – Typically 1st generation IPS, 2 -HA Capabilities vary from NGFW vendor
© 2014 Cisco and/or its affiliates. All rights reserved. 14
Complete Security Solutions
Security Services
Security Products
© 2014 Cisco and/or its affiliates. All rights reserved. 15
Accelerate Migration to Cisco ASA with FirePOWER Services with Professional and Technical Services
SMARTnet Technical Support
Migration Services
Managed Services
Provide full-time, proactive, systematic threat monitoring and
management Move more quickly to new
capabilities and with minimal disruption
Keep security solutions available by providing access to broad Cisco
support tools and expertise
© 2014 Cisco and/or its affiliates. All rights reserved. 16
Cisco ASA with FirePOWER Services Industry’s First Threat-Focused NGFW
Superior Visibility
Integrated Threat Defense ▶ Best-in-class, multilayered protection in a single
device
▶ Full contextual awareness to eliminate gaps
Automation
▶ Simplified operations and dynamic response and remediation
© 2014 Cisco and/or its affiliates. All rights reserved. 17
Thank You
© 2014 Cisco and/or its affiliates. All rights reserved. 18
AMP + FirePOWER AMP > Managed threat defense
Cisco Threat-Centric Security Vision Realize
Acquisition of Cognitive Security • Advanced research intelligence • Real-time advanced behavioral analysis
2013 2015… 2014
Acquisition of Sourcefire Security • Industry-leading NGIPS • Network visibility • Advanced Malware Protection • VRT Research • Open source innovation (OpenAppID)
Malware Analysis & Threat IntelligenceAcquisition of ThreatGRID • Unified malware analysis • Threat intelligence
Unified Cisco Research – Talos Security Intelligence and Research Group • Sourcefire VRT • Cisco TRAC • Cisco SecApps
Cognitive + AMP Unified malware analysis > Collective Security Intelligence
© 2014 Cisco and/or its affiliates. All rights reserved. 19
The Security Operations Maturity Model Se
curit
y Sc
ale
Static Controls
Human intervention
Semi- automatic
Dynamic Controls
Predictive
Current Requirements
© 2014 Cisco and/or its affiliates. All rights reserved. 20
Challenges with Traditional ‘Defense-in-Depth’ Security
Poor Visibility
Undetected multi-vector and
advanced threats
Silo-ed Approach
Increased complexity and reduced effectiveness
Manual and Static
Slow, manual, inefficient response
© 2014 Cisco and/or its affiliates. All rights reserved. 21
Network-Integrated, Broad Sensor Base,
Context and Automation
Continuous Advanced Threat Protection, Cloud-Based
Security Intelligence
Agile and Open Platforms, Built for Scale, Consistent Control,
Management
How do you build the a Threat-Focused NGFW?
Visibility-Driven Threat-Focused Platform-Based
© 2014 Cisco and/or its affiliates. All rights reserved. 22
Wor
kflo
w (a
utom
atio
n) E
ngin
e
AP
Is
Platform-Based: Visibility and Context are the Foundation
Broad visibility for context Visibility
Set policy to reduce surface area of attack Control
Focus on the threat – security is about detecting, understanding, and stopping threats
Threat
Understand scope, contain & remediate Breach
© 2014 Cisco and/or its affiliates. All rights reserved. 23
Visibility Must Also Be Pervasive
Visibility
Control
Threat
Breach Scope Contain Remediate
Detect Block Defend
Control Enforce Harden
Discover Monitor Inventory Map
BEFORE
Firewall
App Control
VPN
Patch Mgmt
Vuln Mgmt
IAM
Network / Devices
Users / Applications
Files / Data
DURING AFTER
IDS
FPC
Forensics
AMD
Log Mgmt
SIEM
IPS
AV/Anti-Malware
Mail/Web Gateway
Wor
kflo
w (a
utom
atio
n) E
ngin
e
AP
Is