TechWiseTV Workshop: Firepower Next Generation Firewall
-
Upload
robb-boyd -
Category
Technology
-
view
1.119 -
download
1
Transcript of TechWiseTV Workshop: Firepower Next Generation Firewall
Title Goes Here
Firepower NGFW Bill Mabon and Jason Wright
March 23, 2016
Bill Mabon, Sr. Manager, Network Security Product Marketing
March 23, 2016
Announcing the First Fully Integrated, Threat-Focused, Next-Generation Firewall with Unified Management
Firepower NGFW
Jason Wright, Sr. Manager, Vertical and Solutions Marketing
What we’ve just announced
Firepower NGFW
Firepower 4100 Series
Firepower Management
Center 6.0
Firepower NGFW is the
industry’s first fully
integrated threat-focused
next-generation firewall with
unified management.
Firepower 4100 Series
appliances provide a threat-
focused NGFW security
platform; the industry’s first
1RU platform with 40Gb
interfaces.
Firepower Management
Center provides complete,
unified management of
Firepower NGFW,
Firepower NGIPS and Cisco
AMP deployments.
Branding Terms
Firepower NGFW New NGFW brand
Firepower Threat Defense New unified appliance software
Firepower Management Center New unified manager
Firepower Appliances New Firepower 4100 Series and Firepower
9300 appliances.
ASA with FirePOWER Services
• ASA Appliances with ASA and
Firepower software, application
firewalling and threat defense.
• The ASA and FirePOWER functions
have separate managers.
What You Know Just Announced
Integrated Architectural Approach
Best of Breed Portfolio
Cisco’s Unique Approach
Cisco Security Momentum
Customers Prefer Cisco 2016 CIO Survey Findings
Piper Jaffray
Customers Prefer Cisco 2016 CIO Survey Findings
UBS
Customers Prefer Cisco 2016 CIO Survey Findings
Barclays
Advanced Malware Protection: Exponential Growth
0
2000
4000
6000
8000
10000
12000
Q3 FY14 Q4 FY14 Q1 FY15 Q2 FY15 Q3 FY15 Q4 FY15 Q1 FY16 Q2 FY16 Proj
To
tal #
of
Ad
v.
Th
reat
Cu
sto
mers
Cisco AMP Vendor A Vendor B
10,800+ Total Customers
The NGFW Problem, and How Cisco Has Responded
Legacy NGFWs are app, not threat, focused. And they compound the management burden.
NGFW
DDoS Sandbox URL IPS
Focused on apps; ineffective threat defense. And become yet another silo to manage …
Threat
Threat
Threat
Attack Continuum
GAP
The industry focus has been protecting before, but not during and after, attacks
Enable applications
Typical NGFW
BEFORE AFTER DURING
Silos
DDoS Sandbox URL IPS Incident
Response
What does a fully integrated NGFW with unified management do?
Detect earlier,
act faster
Gain more
insight Reduce
complexity
Get more from
your network
Stop more
threats
T h r e a t - f o c u s e d F u l l y I n t e g r a t e d
Cisco Firepower NGFW
- Superior
effectiveness
before, during,
and after
attacks
- Detect and
contain rapidly
— as quickly as
hours — not
months
- Industry
leading
visibility, with
automated
and prioritized
response
- Unified
management
and fewer
vendors
- Enhance security,
leverage existing
investments, with
Cisco and 3rd
party integrations
“You can’t protect what you can’t see”
Gain more insight with increased visibility
Malware
Client applications
Operating systems
Mobile Devices
VOIP phones
Routers & switches
Printers
C & C
Servers
Network Servers
Users
File transfers
Web
applications
Application
protocols
Threats
Typical IPS
Typical NGFW
Cisco Firepower NGFW
Speed Impact Assessment and Response
Correlates all intrusion events
to an impact of the attack against the target
Impact Flag Administrator
Action Why
1 Act immediately;
vulnerable
Event corresponds
to vulnerability
mapped to host
2 Investigate;
potentially vulnerable
Relevant port open
or protocol in use,
but no vulnerability
mapped
3 Good to know;
currently not
vulnerable
Relevant port not
open or protocol
not in use
4 Good to know;
unknown target
Monitored network,
but unknown host
0 Good to know;
unknown network Unmonitored network
1
6
Streamline Operations Recommend Rules to Improve Defenses
1
7
Indications of Compromise (IoCs)
IPS Events
Malware backdoors
Exploit kits
Web app attacks
CnC connections
Admin privilege escalations
Security Intelligence
Connections
to suspect
IP, DNS, URL
Malware Events
Malware detections
Office/PDF/Java
compromises
Malware executions
Dropper infections
1
8
IOC Data In Context Explorer
1
9
Cisco: 17.5 hours Industry TTD rate*: 100 days
Earlier detection, faster action, less damage
• Automated attack
correlation
• Indications of
compromise
• Local or cloud
sandboxing
• Malware infection
tracking
• Two-click
containment
• Malware analysis
Source: Cisco 2016 Annual Security Report
*Median Time to Detection (TTD)
JAN
MONDAY
1
JAN
FEB
MAR
APR
Value of Retrospective Security
0
100000
200000
300000
400000
500000
600000
700000
800000
Detection RestrospectiveDetection
Detection RestrospectiveDetection
Detection RestrospectiveDetection
Detection RestrospectiveDetection
Sep Oct Nov Dec
TOTAL
Relying on
initial detection
technologies alone is
insufficient.
Firepower Management Center
Reduce complexity with simplified, consistent management
• Network to endpoint visibility
• Manages firewall, applications, threats, & files
• Track, contain, recover remediation tools
Unified
• Central, role-based management
• Multi tenancy
• Policy inheritance
Scalable
• Impact assessment
• Rule recommendations
• Remediation APIs
Automated
Shared intelligence
Shared contextual
awareness
Consistent policy
enforcement Firepower Management Center
Get more with advanced intelligence and integrated defense
Talos
Firepower 4100 Series Firepower 9300 Platform
Visibility Radware
DDoS Network analysis Email Threats
Identity & NAC DNS Firewall URL
New Platforms: Take a Look …
Firepower 4100 Series Introducing four new high-performance models
Performance and
Density Optimization Unified Management
Multi-service
Security
• Firepower Threat Defense
integrated inspection for FW,
NGIPS, AVC, URL, AMP
• Containerization for third-party
security services
• 10G and 40G interfaces
• Up to 60 Gbps throughput
• 1 RU form factor
• Low Latency
• Single management interface
with Firepower Threat Defense
• Unified policy with inheritance
• Choice of management
deployment options
Firepower 9300 Platform
Benefits • Integration of best-of-breed
security • Dynamic service stitching
Features* • ASA container • Firepower Threat Defense
container • NGIPS, AMP, URL, AVC
• 3rd Party containers • Radware DDoS
Benefits • Standards and interoperability • Flexible Architecture
Features • Template driven security • Secure containerization for
customer apps • Restful/JSON API • 3rd party orchestration /
management
Benefits • Industry Leading Performance / RU
• 600% Higher Performance • 30% higher port density
Features • Compact, 3RU form factor • 10G/40G I/O; 100G ready • Terabit backplane • Low latency, Intelligent fastpath • NEBS ready
* Contact Cisco for services availability
Modular Carrier Class Multi-service
Security
High-speed, scalable security
Firepower with Leading DDoS Mitigation
DDoS FW NGIPS
Radware
DefensePro
for Firepower
DDoS Attack
Protection
Behavioral analysis
technology
Real-time attacks
protection
Widest attacks
coverage Most accurate
detection and mitigation
Detect and mitigate
attacks in seconds
Cisco Firepower 9300
Third-Party Validation
Cisco is the ONLY NGFW with a Market Leading NGIPS
Gartner’s Magic Quadrant for Intrusion Prevention Systems
Craig Lawson, Adam Hils, Claudio Neiva 16 November 2015
This graphic was published by Gartner,
Inc. as part of a larger research
document and should be evaluated in
the context of the entire document. The
Gartner document is available upon
request from Cisco.
Gartner does not endorse any vendor, product or service
depicted in its research publications, and does not advise
technology users to select only those vendors with the highest
ratings. Gartner research publications consist of the opinions
of Gartner's research organization and should not be
construed as statements of fact. Gartner disclaims all
warranties, expressed or implied, with respect to this research,
including any warranties of merchantability or fitness for a
particular purpose.
AMP: Ranked Superior 2 Years Running
99.2% Security Effectiveness rating in BDS testing, the
highest of all vendors tested.
Only vendor to block 100% of evasion techniques
during testing.
Excellent performance with minimal impact on network,
endpoint, or application latency.
Download the flysheet and full report here.
Cisco AMP offers superior security effectiveness,
excellent performance, and provides security across
more attack vectors than any other vendor
Title Goes Here
Thank you for watching.