Fully Integrated, Threat-Focused Next-Generation Firewall ... · Oriol Madriles Security Virtual...
Transcript of Fully Integrated, Threat-Focused Next-Generation Firewall ... · Oriol Madriles Security Virtual...
Oriol Madriles
Security Virtual Systems Engineer
March 2016
Fully Integrated, Threat-Focused Next-Generation Firewall
Cisco NGFW
In our live Security Experts Webinars discover all the items needed to help set up the best security architecture.
Get ahead of attackers with threat-centric security solutions
What a Next Generation
Firewall should be Advanced Malware
Protection
Protect your email
and web gateways ISE/Access Control
And many other hot security topics so check our Security Experts Page
and register to our upcoming webinars- ww.cisco.com/go/securityexperts
Title Goes Here Digital Transformation on a Massive Scale
Attack
Sophistication
Threat
Actors
Attack
Surface
Global Cybercrime Market: $450B to $1T
15B
500B
$19T Opportunity
Next 10 Years
Devices
In 2030
Devices
Today
Title Goes Here
Focused on apps, not threats Another silo to manage
Content
Network
Access
Web Security
Email Security
VPN
Access Control
Malware Protection
Malware Analysis
IPS
NGFW
Firewall
Threat
Threat
Threat
Typical NGFWs are focused too narrowly
and are too hard to manage
Attack Continuum
GAP
They protect before an attack but are less effective during or after one
Enable applications
Typical NGFW
BEFORE AFTER DURING
Silos
DDoS Sandbox URL IPS Incident
Response
John Chambers
Executive Chairman, Cisco
April 2015
Security is Cisco’s number 1 priority.
We are going big and making
strategic investments to become our
customers’ and partners’ most
trusted security advisor.
“ We are committed to addressing this problem
In the last 18 months, we invested over $3.7B in security
“
Detect earlier,
act faster
Gain more
insight
Reduce
complexity
Get more from
your network Stop more
threats
Enable your business with a fully integrated, threat-focused solution
Threat Focused Fully Integrated
Cisco NGFW
Stop more threats across the entire attack continuum
Remediate breaches and
prevent future attacks
Detect, block, and defend
against attacks
Discover threats and enforce
security policies
Cisco NGFW
BEFORE AFTER DURING
“You can’t protect what you can’t see”
Gain more insight with increased visibility
Malware
Client applications
Operating systems
Mobile devices
VoIP phones
Routers and switches
Printers
Command
and control
servers
Network servers
Users
File transfers
Web
applications
Application
protocols
Threats
Typical IPS
Typical NGFW
Cisco NGFW
Cisco: 17.5 hours Industry TTD rate:* 100 days
Detect infections earlier and act faster
• Automated attack
correlation
• Indications of
compromise
• Local or cloud
sandboxing
• Malware infection
tracking
• Two-click containment
• Malware analysis
Source: Cisco® 2016 Annual Security Report
*Median time to detection (TTD)
JAN
MONDAY
1
JAN
FEB
MAR
APR
Cisco Firepower™ Management Center
Reduce complexity with simplified, consistent management
• Network-to-endpoint visibility
• Manages firewall, applications, threats, and files
• Track, contain, and recover remediation tools
Unified
• Central, role-based management
• Multitenancy
• Policy inheritance
Scalable
• Impact assessment
• Rule recommendations
• Remediation APIs
Automated
Shared intelligence
Shared contextual
awareness
Consistent policy
enforcement Cisco Firepower™ Management Center
Get more from your network through integrated defenses
Talos
Firepower 4100 Series Firepower 9300 Platform
Visibility Radware
DDoS Network analysis Email Threats
Identity and NAC DNS Firewall URL
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
100 TB
Intelligence
1.6M sensors
150 million+
endpoints
35%
email world wide
FireAMP™, 3+
million
13B web req
AEGIS™ &
SPARK
Open Source
Communities
180,000+ Files per
Day
1B SBRS Queries
per Day
3.6PB Monthly
though CWS
Advanced Industry Disclosures
Outreach Activities
Dynamic Analysis
Threat Centric Detection Content
SEU/SRU
Sandbox
VDB
Security Intelligence
Email & Web Reputation
Email Endpoints Web Networks IPS Devices
WWW
10I000 0II0 00 0III000 II1010011 101 1100001 110
110000III000III0 I00I II0I III0011 0110011 101000 0110 00
I00I III0I III00II 0II00II I0I000 0110 00
101000 0II0 00 0III000 III0I00II II II0000I II0
1100001110001III0 I00I II0I III00II 0II00II 101000 0110 00
100I II0I III00II 0II00II I0I000 0II0 00
Research Response
[Talos]
Threat
Intelligence
Threat Focused
With Cisco NGFW, security can be a business growth engine
Detect earlier,
act faster
Gain more
insight
Reduce
complexity
Get more from
your network Stop more
threats
Threat Focused Fully Integrated
Cisco NGFW
Product and Services
Fully Integrated Threat Focused Unified Management
• FW / applications / IPS
• Cisco® AMP – network /
endpoint
• Analysis and remediation
• Cisco security solutions
• Networkwide visibility
• Industry-best threat
protection
• Known and unknown
threats
• Track / contain / recover
• Across attack continuum
• Manage, control, and
investigate
• Automatically protect
Introducing Cisco NGFW
Cisco NGFW Platforms
*5585-X management available 2H CY16
All* Managed by Cisco Firepower Management Center
Cisco Firepower™ 4100
Series and 9300
Cisco FirePOWER™ Services
on ASA 5585-X
Cisco ASA with Firepower
Services on ASA 5500-X
New Appliances
Cisco Firepower 4100 Series Introducing four new high-performance models
Performance and
Density Optimization Unified Management
Multiservice
Security
• Integrated inspection engines
for FW, NGIPS, Application
Visibility and Control (AVC),
URL, Cisco Advanced
Malware Protection
(AMPRadware DefensePro
DDoS)
• ASA and other future
third party
• 10-Gbps and 40-Gbps
interfaces
• Up to 80-Gbps throughput
• 1-rack-unit (RU) form factor
• Low latency
• Single management interface
with Firepower Threat Defense
• Unified policy with inheritance
• Choice of management
deployment options
Cisco Firepower 9300 Platform
Benefits • Integration of best-in-class security • Dynamic service stitching
Features* • Cisco® ASA container • Cisco Firepower™ Threat Defense
containers: • NGIPS, AMP, URL, AVC
• Third-party containers: • Radware DDoS • Other ecosystem partners
Benefits • Standards and interoperability • Flexible architecture
Features • Template-driven security • Secure containerization for
customer apps • RESTful/JSON API • Third-party orchestration and
management
Benefits • Industry-leading performance:
• 600% higher performance • 30% higher port density
Features • Compact, 3RU form factor • 10-Gbps/40-Gbps I/O; 100-Gbps
ready • Terabit backplane • Low latency, intelligent fast path • Network Equipment-Building
System (NEBS) ready
* Contact Cisco for services availability
Modular Carrier Class Multiservice
Security
High-speed, scalable security
Features
Context
and Threat
Correlation
Automated, Integrated Defenses
Context and Threat Correlation
Priority 1
Priority 2
Priority 3
Impact Assessment
Automated, Integrated Defenses
Dynamic
Security Control
WWW WWW WWW http://
http:// WWW WEB
Dynamic Security Control
Adapt Policy to Risks
Automated, Integrated Defenses
Multivector
Correlation
PDF Mail
Admin
Request
Admin
Request
Host A
Host B
Host C
3 IoCs
5 IoCs
Multivector Correlation
Early Warning for Advanced Threats
Advanced Malware Protection - Preventive
Reputation Filtering and File Sandboxing
All detection is less than 100%
Dynamic
Analysis
Machine
Learning
Fuzzy
Finger-Printing
Advanced
Analytics
One-to-One
Signature
Automated, Integrated Defenses
Retrospective
Security
Retrospective Security
Shrink Time Between Detection and Cure
Enterprise
Capabilities
Continuous &
Zero-Day Detection Advanced Analytics
And Correlation
Expanding Advanced Malware Protection Everywhere
Dedicated FirePOWER
Appliance
Web & Email Security
Appliances
Private Cloud
Cloud Based Web Security
& Hosted Email ASA
NGIPS /NGFW on
FirePOWER
PC / MAC
Virtual Mobile
John Chambers
Executive Chairman, Cisco
April 2015
Security is Cisco’s number 1 priority.
We are going big and making
strategic investments to become our
customers’ and partners’ most
trusted security advisor.
“ We are committed to addressing this problem
In the last 18 months, we invested over $3.7B in security
“