Cisco Firepower NGFWCisco Firepower NGFW is a complete solution Detect earlier, act faster Gain more...
Transcript of Cisco Firepower NGFWCisco Firepower NGFW is a complete solution Detect earlier, act faster Gain more...
Anticipate, block, and respond to threats
Cisco Firepower NGFW
You have a mandate to build and secure a network that supports ongoing innovation
IT is now an enabler
Social collaboration
Mobile access
Cloud applications
Public / private hybrid cloud
Which dramatically expands what you have to worry about
New
demands
More
things
Threats are harder to stopVisibility is more elusiveAccess is tougher to manage
Specialized
threatsGlobal collaboration
Anywhere access
BYOD
Source: 2016 Verizon Data Breach Investigations Report
30%Phishing
messages
opened by the
target across
campaigns
They can’t help you once you’ve
been breached…
They’re only app-focused…
They’re another silo to manage…
Threat
Threat
Threat
Attack Continuum
BEFORE AFTERDURING
NGFW DDoS SandboxAcceptable useIPS
Other “next-generation” firewalls fix some problems but create new ones
Cisco Firepower NGFW is a complete solution
Detect earlier,
act faster
Gain more
insight
Reduce
complexity
Stop more
threats
Get more from
your network
Cisco Firepower™ NGFW
Fully IntegratedThreat Focused
Malware
Client applications
Operating systems
Mobile Devices
VOIP phones
Routers & switches
Printers
C & C
Servers
Network Servers
Cisco Firepower NGFW
Users
File transfers
Web applications
Application
protocols
Typical NGFW
The more you see, the better you can protect
Offering extensive contextual visibility
Threats
Typical IPS
Firewall & AVCThreat DefenseManagementIntegrations
Features:
Firewall & AVC
Decrypt 3.5 Gbps traffic over
five million simultaneous flows
SSL decryption engine
Uncover hidden threats at the edge
Log
SSL
decryption engine
Enforcement
decisions
Encrypted Traffic
AVC
http://www.%$&^*#$@#$.com
http://www.%$&^*#$@#$.com
Inspect deciphered packets Track and log all SSL sessions
NGIPS
gambling
elicit
http://www.%$*#$@#$.com
http://www.%$*#$@#$.com
http://www.%$*#$@#$.com
http://www.%$*#$@#$.com
http://www.%$*#$@#$.com
http://www.%$*#$@#$.com
http://www.%$*#$@#$.com
http://www.%$*#$@#$.com
http://www.%$*#$@#$.com
http://www.%$*#$@#$.com
Web controls
Block or allow access to URLs and domains
Classify 280M+ URLs Filter sites using 80+ categories Manage “allow/block” lists easily Block latest malicious URLs
Category-based
Policy Creation
Allow Block
Admin
Cisco URL Database
DNS Sinkhole
01
00
10
10
10
0
00
10
01
01
10
1
Security feeds
URL | IP | DNS
NGFWFiltering
BlockAllow
Safe Search
gambling
OpenAppID
Application Visibility & Control
Provide next-generation visibility into app usage
See and understand risks Enforce granular access control Prioritize traffic and limit rates Create detectors for custom apps
Cisco database
• 4,000+ apps
• 180,000+ Micro-appsNetwork & users
1
2
Prioritize traffic
OpenAppID
Extend AVC to proprietary and custom apps
Easily customize application detectors Detect custom and proprietary apps Share detectors with other users
Open-SourceSelf-Service
Inline or Passive Fail-to-wire NetMods Additional options
NetMod
Virtual or Physical
Routed
Transparent
101110
101110
Inline
Inline Tap
Passive
Pick from many deployment modesFirewall deployment modes
Threat Defense
Next-Generation Intrusion Prevention System (NGIPS)
Understand threat details and quickly respond
Communications
App & Device Data
010111010010
10 010001101
010010 10 10
Data packets
Prioritize
response
Blended threats
• Network
profiling
• Phishing
attacks
• Innocuous
payloads
• Infrequent
callouts
3
1
2
Accept
Block
Automate
policies
ISE
Scan network traffic Correlate data Detect stealthy threats Respond based on priority
c
File Reputation
Advanced Malware Protection (AMP)
Uncover hidden threats in the environment
• Known Signatures
• Fuzzy Fingerprinting
• Indications of compromise
Block known malware Investigate files safely Detect new threats Respond to alerts
File & Device TrajectoryAMP for
Network Log
Threat Grid Sandboxing
• Advanced Analytics
• Dynamic analysis
• Threat intelligence
?
AMP for
Endpoint Log
Threat Disposition
Enforcement across
all endpoints
RiskySafeUncertain
Sandbox Analysis
Understand risks using reputation scoring See more through industry-leading research
Stop known threats from getting inSecurity Intelligence
URL Based
Block risky sites using a
classified database of
270 million+known URLs
DNS Based
Get real-time threat
intelligence based on
80 billion+daily DNS requests
IP Based
Filter out bad IPs
using a blacklist of
70,000+known IPs
Talos
Get real-time protection against global threats
Identify advanced threats Get specific intelligence Catch stealthy threats Stay protected with updates
Endpoints
Devices
Networks
NGIPS
WWW Web250+Researchers
Jan
24 x 7 x 365 Operations
Security Coverage Research Response
1.5 million daily malware samples
600 billion daily email messages
16 billion daily web requests
Threat Intelligence
Management
Firepower Management Center
Easily manage NGFWs across multiple sites
Manage across many sites Control access and set policies Investigate incidents Prioritize response
Firepower Management CenterCentralized management for multi-site deployments
Multi-domain management
Role-based access control
High availability
APIs and pxGrid integration
NGIPS
Firewall & AVC
AMP
Security Intelligence
…Available in physical and virtual options
Firepower Device Manager
Easily manage individual NGFWs
Set up easily Control access and set policies Investigate incidents Prioritize response
Firepower Device ManagerIntegrated on-box option for single instance deployment
Physical and virtual options
Easy set-up NAT and Routing
Role-based access controlIntrusion and Malware
prevention
High availability Device monitoring
VPN support
Migration assistance tool
Get help making the transition to Firepower
Prior ASA appliance Firepower NGFW
Policies Settings Groups Policies Settings Groups
Integrations
TrustSec
Identity Services Engine (ISE)
Ensure compliance before granting access
Set access control policies Propagate rules and contextRemediate breaches
automatically
pxGrid
Propagate
• User Context
• Device context
• Access policies
Employee Tag
Supplier Tag
Server Tag
Guest Tag
Quarantine Tag
Suspicious Tag
ISE
Policy automation
ISE
Establish a secure network
Firepower
Management Center
BYOD
Guest Access
Segmentation
Defend the network with Rapid Threat Containment
Firepower
Management Center
ISE
Alerts
pxGrid
Automatic Isolation
I want to…
www
Isolate compromised
resources quickly before
the problem grows.
TrustSec
Employee Tag
Supplier Tag
Guest Tag
Quarantine Tag
Quarantine Tag
Alerts
pxGrid Receive alert of
intrusion event
Issue quarantine
command
Firepower Management Center
REST APIs and Third-party integration
Build on your solution with an open platform
Augment functionality with third party solutions Integrate custom-built features
Custom functionality
Third-party solutions
• Authentication tokens
• Access control
• Virtual switch
• Radware DDoS
• VDI identity
• VPN capabilities
APIs
API Explorer
SYN Flood attacks
DDoS attacks
Nonstandard packet attacks
Flood
Traffic
Radware DDoS vDP
Prevent network and application downtime
Stop attacks within seconds of detection Block or allow traffic automatically
Maintain up to 30 Gbpsthroughput for legitimate traffic
Handle 140,000connections per second
Block 1,200,000 packets of
flood traffic per second
110101010101000101011011101010010010101010101001010101011101010
010101101010101010001010110111010100100101010101010010101010111
010101001010100101010111010101010100010101101110101001001010101
Legitimate
Traffic Network and
Applications
Cloud scrub
Terminal Services Agent
10
11
01
10
10
10
11
11
Virtual Desktop Infrastructure (VDI) Identity
Identify threats hidden by desktop virtualization
Route user information to Terminal Services Capture information using APIs Identify risky behavior
192.068.0.23
123.018.6.53
135.036.5.49
User IPs
www
User 1 User 2 User 3
Firepower Management Center
User 1
User 2
User 3
APIs
VDI 192.068.0.23
Improve scalability and control with ACI
I want to…
Host 1 Host 2 Host 3
Application 1
(Physical)
Application 2
(Physical)VM VM VM
Detect threats with NGIPS
using ACI fabric visibility
Set policies with integrated
management tool
Refine policies over time
through activity analysis
Block
Allow
AVC NGIPS
Firepower Management
Center
Application Policy Infrastructure
Controller (APIC)
Integrated Management
White list policies
Multi-tenancy
SegmentationAPIC APIs
Protect the data center
with consistent and
targeted security policies.
Spine
Leaf
Nodes
Available in multiple deployment options
Cisco FirePOWER™
Services on ASA 5585-X
Cisco Firepower Threat
Defense on ASA 5500-X
Cisco Firepower™ 4100
Series and 9300
New
Appliances
And on high-end performance appliances…
Also available as standalone solutions
Dedicated
AMPNGIPS
only
Physical, virtual, and cloud options
• AWS
• Azure
Only Cisco delivers…
… superior protection and visibility to address new demands, more things, and specialized threats
Detect earlier,
act faster
Gain more
insight
Reduce
complexity
Stop more
threats
Get more from
your network
Fully IntegratedThreat Focused
Next steps
1
2
3
Learn more about what
Firepower NGFW can do for you
Schedule a demo today
for a hands-on experience
Set up a POV to see how it
can improve your network
• With this offer, you will:
• Gain valuable information on your network including critical attacks
• Reduce risk and make security a growth engine for your business
• This offer is valid through December 29th, 2016 in Austria, Belgium, Denmark, Finland, France, Germany, Ireland, Italy, Luxemburg, Netherlands, Norway, Spain, Sweden, Switzerland and United Kingdom.
• For more information and to request a Threat Scan POV, go to www.cisco.com/go/threatscanpov
How to benefit from our Free Risk Assessment?
Cisco Threat Scan Proof of Value Programme