Next Generation Firewall

1y ago

35 Views

1 Downloads

2.71 MB

29 Pages

Report/dmca

Download PDF

Transcription

Next Generation FirewallAnticipate, block, and respond to threatsLuc BillotCyber Security Technical Architect - CiscoApril 2019

It is a 2.7 Billion question 2018 Cisco and/or its affiliates. All rights reserved. 2019 Cisco and/or its affiliates. All rights reserved.Cisco Confidential SNORT VRT Immunet ClamAV FirePower FireSight

Security is an Integration Game3rd Party Vuln Data3rd Party ThreatIntelligenceFirepower etrationThreatgridWeb SecurityAMP forEndpointsDNSSending Datato SEIMAPI brellaInvestigateIdentity from ISE 2019 Cisco and/or its affiliates. All rights reserved. 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public4

PRODUCTS & INTELLIGENCETalos is the intelligence backbone for all Cisco Security Products and Services.IntelligenceEnd PointNetworkCloudEmailWebOpen /ASAISRMerakiOpenDNSCESESA ClamAVSpamCopSenderBaseWSASnort RulesClamAV ctionPolicy & ControlCloud & EndPoint IOCsMalwareProtectionURL, Domain, nDETECTION SERVICESCloud & EndPoint IOCsMalwareProtectionURL, Domain, IPReputationNetworkProtectionCloud & EndPoint IOCsMalwareProtectionIP Reputation 2019 Cisco and/or its affiliates. All rights reserved.Policy & ControlURL, Domain, IPReputationMalwareMalwareProtectionProtectionURL, Domain, IP AVCReputationVulnerabilityProtectionEmail ReputationMalwareProtectionURL, Domain, IPReputationPhishingProtectionSpam DetectionURL, Domain, IPReputationMalwareProtectionAVC

Cisco Firewalls have you coveredProductWannaCryNotPetyaVPNFilterMay 2017June 2017May 2018ProtectionProtectionAMPCWSN/AFirewallThreat GridUmbrellaN/AWSAN/A 2019 Cisco and/or its affiliates. All rights reserved.Protection

Block or allow access to URLs and domainsSecurity Intelligence, URL Filtering, DNS Sinkhole0100101010000100101101Security feedsURL IP DNSNGFWFilteringSafe SearchgamblingAllowBlock AllowDNS SinkholeClassify 280M URLsCategory-basedPolicy CreationFilter sites using 80 categoriesManage Acceptable Use PolicyBlockAdminBlock latest malicious URLs

Understand threat details and quickly respondNext-Generation Intrusion Prevention System (NGIPS)ISEApp & Device DataBlended threatsPrioritizeresponse01011101001010 010001101010010 10 10Automatepolicies1Block2Data packets Network profilingCommunications Phishing attacks3Accept Innocuous payloads Infrequent calloutsScan network trafficCorrelate dataDetect stealthy threatsRespond based on priority

Automated Impact AssessmentCorrelates all intrusion eventsto an impact of the attack against the targetImpact FlagAdministrator ActionWhy1Act immediately; vulnerableEvent correspondsto vulnerability mapped tohost2Investigate;potentially vulnerableRelevant port openor protocol in use,but no vulnerability mapped3Good to know; currently notvulnerableRelevant port not open orprotocolnot in use4Good to know; unknowntargetMonitored network, butunknown host0Good to know; unknownnetworkUnmonitored network

Indications of Compromise (IoCs) Detection & ThreatCorrelationSecurity IntelligenceEventsIPS EventsMalware BackdoorsCnC ConnectionsExploit KitsAdmin PrivilegeEscalationsWeb App AttacksConnections to KnownCnC IPs; DNS Servers,Suspect URLsMalwareEventsMalware DetectionsMalware ExecutionsOffice/PDF/JavaCompromisesDropper Infections

Firepower Recommendations Knows what I Do Not

Uncover hidden threats in the environmentAdvanced Malware Protection (AMP)Breadth and Control pectiveDetectionTelemetry StreamFile Fingerprint and MetadataFile and Network I/OProcess InformationTrajectoryThreatHuntingContinuous feed1000111010011101 11000011100011100001110BehavioralIndicationsof Compromise1001 1101 1110011 0110011 101000 0110 001001 1101 1110011 0110011 101000 0110 00 0111000 1110100110100001100001 1100 0111010011101 1100001110001110101 1100001 1101001 1101 1110011 0110011 101000 0110 00Continuous analysisTalos Threat Grid Intelligence

AMP in ActionFocus on these users firstWhoThese applications are affectedWhatThe breach impactedthese areasWhereThis is the scope of exposureover timeWhenHowHere is the origin andprogressionof the threatNetwork and Endpoint CorrelationIN FIREPOWER MANAGEMENT CENTER

The results speak for themselves4.6 HoursMedian time to detectionwith Cisco security*WeeksIndustry average timeto detection* Source: Cisco 2018 Annual CyberSecurity Report

More visibilityequals faster time todetectionNetwork and SecurityVisibility and AnalysisSee more and detectthreats faster 2018 Cisco and/or its affiliates. All rights reserved.Cisco Confidential Visibility into threat activityacross users, hosts, networks,and infrastructure Network file trajectory mapshow hosts transfer files,including malware files, acrossyour network to scope anattack, set outbreak controls,and identify the source of thethreat Centralized managementprovides contextual threatanalysis and reporting, withconsolidated visibility intosecurity and networkoperations

Gain more insight with increased visibility“You can’t protect against what you can’t see”Client applicationsOperating systemsFile transfersCommandand controlserversMobile devicesThreatsRouters and switchesUsersApplicationprotocolsWeb applicationsPrintersTypical IPSMalwareTypical NGFWNetwork serversVoIP phonesCisco Firepower NGFW 2018 Cisco and/or its affiliates. All rights reserved.Cisco Confidential

Provide next-generation visibility into app usageApplication Visibility & Control Cisco database 4,000 pre-defined apps Network & users1 OpenAppID2 Prioritize traffic See and understand risksEnforce granular access controlPrioritize traffic and limit ratesCreate detectors for custom apps

Extend AVC to proprietary and custom appsOpenAppID - Crowdsourcing Application DetectionSelf-ServiceEasily customize application detectorsOpen-SourceDetect custom and proprietary applicationsShare detectors with other users

Uncover hidden threats at the edgeTLS/SSL decryption engineTLSdecryption engineNGIPSAVChttps://www.% & *# @# .comEnforcementdecisionshttps://www.% *# @# .com https://www.% *# @# .com https://www.% *# @# .com https://www.% *# @# .com https://www.% *# @# .com https://www.% *# @# .com https://www.% *# @# .com https://www.% *# @# .com https://www.% *# @# .com https://www.% *# @# .com gamblinghttps://www.% & *# @# .comelicitLogEncrypted TrafficDecrypt traffic in hardware and softwareInspect deciphered packetsTrack and log all TLS sessions

urity/firewalls/index.html# productsCisco Firepower 2100 Series Internet edge to small datacenter environments.Better security, morevisibilityFirewall throughput andsustained performance withthreat inspection from 2.0to 8.5 gigabytesCisco Firepower4100 Series Firewall throughput andthreat inspection from20 to 60 gigabytes Stateful firewall, AVC,NGIPS, AMP, URL filtering,DDoS (Radware vDP)Stateful firewall, AVC,NGIPS, AMP, URL filteringTo learn more, visit Cisco Next-Generation Firewalls 2019 Cisco and/or its affiliates. All rights reserved.Internet edge,high-performanceenterprise environmentsCisco Firepower 9300Security Appliance Service provider,data center Firewall throughput up to225 gigabytes and threatinspection up to 90gigabytes Firewall, AVC, NGIPS,AMP, URL filtering, DDoS(Radware vDP)

Virtual and Cloud SolutionsNGIPSAVCFirewallAMPURLVPN(IPSEC and SSL)Managed by FMC and FDM 2019 Cisco and/or its affiliates. All rights reserved. 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public28

Protection URL, Domain, IP Reputation Phishing Protection Spam Detection Open Source Snort Rules ClamAV Sigs ClamAV Vulnerability Protection Malware Protection Policy & Control End Point AMP Cloud & End Point IOCs Malware Protection IP Reputation Cloud OpenDNS CES URL, Domain, IP Reputation Malware Protection AVC Web WSA URL, Domain, IP Reputation Malware Protection AVC Network FirePower/ASA .