Cisco ASA con fire power services

© 2014 Cisco and/or its affiliates. All rights reserved. 1

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1

Industry’s First Threat-Focused NGFW Cisco ASA with FirePOWER Services


Introducing: Cisco ASA with FirePOWER Services Industry’s First Threat-Focused Next-Generation Firewall

►  Cisco® ASA firewalling combined with Sourcefire® Next-Generation IPS

►  Advanced Malware Protection (AMP)

►  Best-in-class security intelligence, application visibility and control (AVC), and URL filtering

Features

►  Superior, multilayered threat protection

►  Unprecedented network visibility

►  Integrated threat defense across the entire attack continuum

►  Reduced cost and complexity

Benefits


100 0111100 011 1010011101 1000111010011101 10001110 10011 101 010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00

01000 01000111 0100 11101 1000111010011101 1000111010011101 1100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00

The Problem with Legacy Next-Generation Firewalls

Focus on the Apps But totally miss the threat…

Legacy NGFW can reduce attack surface area but advanced malware often evades security controls.

01000 01000111 0100 1110101001 1101 111 0011 0

100 0111100 011 1010011101 1

01000 01000111 0100 111001 1001 11 111 0


Threat Landscape Demands more than Application Control

100% of companies connect to domains that host

malicious files or services

54% of breaches

remain undiscovered for months

60% of data is

stolen in hours

avoids detection and attacks swiftly

It is a Community that hides in plain sight


Legacy NGFWs Lack Complete Visibility and Control

Without Proper Visibility Threat Protection Cannot Be Operationalized


Integrated Threat Defense Across the Attack Continuum

ATTACK CONTINUUM

Point-in-Time Continuous

Discover Enforce Harden

Detect Block

Defend

Scope Contain

Remediate

Network Endpoint Mobile Virtual Cloud


Industry’s First Threat-Focused Next-Generation Firewall Cisco ASA with FirePOWER Services

►  Cisco® ASA firewalling combined with Sourcefire® Next-Generation IPS

►  Advanced Malware Protection (AMP)

►  Best-in-class security intelligence, application visibility and control (AVC), and URL filtering

Features

►  Superior, multilayered threat protection

►  Unprecedented network visibility

►  Integrated threat defense across the entire attack continuum

►  Reduced cost and complexity

Benefits

“By integrating defense layers, organizations can enhance visibility, enable dynamic controls, and provide advanced threat protection that address the entire attack continuum – before, during, and after an attack.”


Superior Integrated & Multilayered Protection

►  World’s most widely deployed, enterprise-class ASA stateful firewall

►  Granular Cisco® Application Visibility and Control (AVC)

►  Industry-leading FirePOWER next-generation IPS (NGIPS)

►  Reputation- and category-based URL filtering

►  Advanced Malware Protection with Retrospective Security

Cisco ASA

Identity-Policy Control & VPN

URL Filtering (Subscription) FireSIGHT

Analytics & Automation

Advanced Malware

Protection (Subscription)

Application Visibility & Control Network Firewall

Routing | Switching

Clustering & High Availability

Cisco Collective Security Intelligence Enabled

Built-in Network Profiling

Intrusion Prevention

(Subscription)


Unprecedented Network Visibility Categories FirePOWER Services Legacy IPS Legacy NGFW

Threats ü ü ü Users ü û ü Web Applications ü û ü Application Protocols ü û ü File Transfers ü û ü Malware ü û û Command & Control Servers ü û û Client Applications ü û û Network Servers ü û û Operating Systems ü û û Routers & Switches ü û û Mobile Devices ü û û Printers ü û û VoIP Phones ü û û Virtual Machines ü û û


Impact Assessment

Correlates all intrusion events to an impact of the attack against the target

1

2

3

4

0

IMPACT FLAG ADMINISTRATOR ACTION WHY

Act Immediately, Vulnerable

Event corresponds to vulnerability mapped to host

Investigate, Potentially Vulnerable

Relevant port open or protocol in use, but no vuln mapped

Good to Know, Currently Not Vulnerable

Relevant port not open or protocol not in use

Good to Know, Unknown Target

Monitored network, but unknown host

Good to Know, Unknown Network

Unmonitored network


Automated, Integrated Threat Defense Superior Protection for Entire Attack Continuum

Retrospective Security

Shrink Time between Detection and Cure

PDF Mail

Admin Request

PDF

Mail

Admin Request

Multi-vector Correlation

Early Warning for Advanced Threats

Host A

Host B

Host C

3 IoCs

Adapt Policy to Risks

WWW WWW WWW

Dynamic Security Control

http:// http:// WWW WEB

Context and Threat Correlation

Priority 1

Priority 2

Priority 3

Impact Assessment

5 IoCs


Indicators of Compromise (IoCs)

IPS Events

Malware Backdoors CnC Connections

Exploit Kits Admin Privilege Escalations

Web App Attacks

SI Events

Connections to Known CnC IPs

Malware Events

Malware Detections Malware Executions

Office/PDF/Java Compromises Dropper Infections


Cisco ASA with FirePOWER Services vs. Legacy NGFW

Feature Cisco ASA with FirePOWER Services Legacy NGFW

Reputation-Based Proactive Protection Superior Not Available

Visibility, Context & Intelligent Security Automation Superior Not Available

File Reputation, File Trajectory, Retrospective Analysis Superior Not Available

IoC’s Superior Not Available

NGIPS Superior Available1

Application Visibility and Control Superior Available

Acceptable Use/URL Filtering Superior Available

Remote Access VPN Superior Not Enterprise-Grade

Stateful Firewall, HA, Clustering Superior Available2

1 – Typically 1st generation IPS, 2 -HA Capabilities vary from NGFW vendor


Complete Security Solutions

Security Services

Security Products


Accelerate Migration to Cisco ASA with FirePOWER Services with Professional and Technical Services

SMARTnet Technical Support

Migration Services

Managed Services

Provide full-time, proactive, systematic threat monitoring and

management Move more quickly to new

capabilities and with minimal disruption

Keep security solutions available by providing access to broad Cisco

support tools and expertise


Cisco ASA with FirePOWER Services Industry’s First Threat-Focused NGFW

Superior Visibility

Integrated Threat Defense ▶  Best-in-class, multilayered protection in a single

device

▶  Full contextual awareness to eliminate gaps

Automation

▶  Simplified operations and dynamic response and remediation


Thank You


AMP + FirePOWER AMP > Managed threat defense

Cisco Threat-Centric Security Vision Realize

Acquisition of Cognitive Security •  Advanced research intelligence •  Real-time advanced behavioral analysis

2013 2015… 2014

Acquisition of Sourcefire Security •  Industry-leading NGIPS •  Network visibility •  Advanced Malware Protection •  VRT Research •  Open source innovation (OpenAppID)

Malware Analysis & Threat IntelligenceAcquisition of ThreatGRID •  Unified malware analysis •  Threat intelligence

Unified Cisco Research – Talos Security Intelligence and Research Group •  Sourcefire VRT •  Cisco TRAC •  Cisco SecApps

Cognitive + AMP Unified malware analysis > Collective Security Intelligence


The Security Operations Maturity Model Se

curit

y Sc

ale

Static Controls

Human intervention

Semi- automatic

Dynamic Controls

Predictive

Current Requirements


Challenges with Traditional ‘Defense-in-Depth’ Security

Poor Visibility

Undetected multi-vector and

advanced threats

Silo-ed Approach

Increased complexity and reduced effectiveness

Manual and Static

Slow, manual, inefficient response


Network-Integrated, Broad Sensor Base,

Context and Automation

Continuous Advanced Threat Protection, Cloud-Based

Security Intelligence

Agile and Open Platforms, Built for Scale, Consistent Control,

Management

How do you build the a Threat-Focused NGFW?

Visibility-Driven Threat-Focused Platform-Based


Wor

kflo

w (a

utom

atio

n) E

ngin

e

AP

Is

Platform-Based: Visibility and Context are the Foundation

Broad visibility for context Visibility

Set policy to reduce surface area of attack Control

Focus on the threat – security is about detecting, understanding, and stopping threats

Threat

Understand scope, contain & remediate Breach


Visibility Must Also Be Pervasive

Visibility

Control

Threat

Breach Scope Contain Remediate

Detect Block Defend

Control Enforce Harden

Discover Monitor Inventory Map

BEFORE

Firewall

App Control

VPN

Patch Mgmt

Vuln Mgmt

IAM

Network / Devices

Users / Applications

Files / Data

DURING AFTER

IDS

FPC

Forensics

AMD

Log Mgmt

SIEM

IPS

AV/Anti-Malware

Mail/Web Gateway

Wor

kflo

w (a

utom

atio

n) E

ngin

e

AP

Is

Cisco ASA con fire power services

Technology

Transcript of Cisco ASA con fire power services