Upload
others
View
16
Download
0
Embed Size (px)
Citation preview
Jesper Rathsach, Consulting Systems Engineer – Cisco Security NorthApril 2017
Techupdate April 2017Firepower 6.2.1
Firepower 6.2.1• Nr. 1 most important!!
Firepower 6.2.1BUGFIXES!!!!!
Alle kendte severity 1 og 2 bugs pr. 30th of March løst til 6.2.1 release
Jesper Rathsach, Consulting Systems Engineer – Cisco Security NorthApril 2017
Remote Access VPNFirepower 6.2.1
Secure Remote Access for Mobile UserISP
FP2100 in HA
Private NetworkCampus/Private Network
Internet Edge
• Secure SSL/IPSec AnyConnect access to corporate network
• AMP / File inspection Policy to monitor roaming user data.
• Easy RA VPN Wizard to configure AnyConnect Remote Access VPN
• Advanced Application level inspection can be enabled to enforce security on inbound Remote Access User data.
• Monitoring and Troubleshooting to monitor remote access activity and simplified tool for troubleshooting.
Secure access using FP2100
Jesper Rathsach, Consulting Systems Engineer – Cisco Security NorthApril 2017
Making Threat Intelligence ActionableThreat Intelligence Director
64%
25%
7%
4%
82%
8%
3%
7%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
Using CTI
Not using CTI currently but plans to
Not using and no plans
Unknown
Do you have a dedicated person or team focusing on CTI?
2017 2015Source: SANS Survey 2015 & 2017 – Cyber Threat Intelligence Uses
Where do customers get their intelligence?
1. Community or industry groups such as ISACs and CERT
2. Internal sources3. Intelligence feeds from security vendors4. Open-source or public CTI feeds5. Intelligence feeds from CTI vendors6. Other formal and informal groups
CTI Is Everywhere
Open-source blacklists – 96% domain and 82% of IP observables unique to one listsSource: CERT-PL
Industry Organizations
Over 20 vendors and organizations distribute …
Intelligence SourcesThreat Intelligence Platforms
Main Issues With CTI
Cisco Threat Intelligence Director (CTID)
Step 1Ingest third-party Cyber Threat Intelligence (CTI)
Step 2Publish observables to sensors
Step 3Detect and alert on incidents
ESA / WSA / AMP
NGFW / NGIPSBlock Monitor
Cisco Threat Intelligence Director
FMC
Cisco Threat Intelligence Director (CTID)
ESA / WSA / AMP
NGFW / NGIPSBlock Monitor
Cisco Threat Intelligence Director
FMC
Requirements and Availability• Requires:
• FMC, if used on virtualized image a minimum 16 GB of memory• SHA256 detection requires a Malware License• The FMC and all sensors need to be upgraded to Firepower 6.2.1
• Availability:• H1 CY 2017 with the release of Firepower 6.2.1
• Performance Impact:• No impact on sensors• Some impact on the FMC
Introducing the New Firepower 2100 series
Business resiliency through superior threat defense – introducing the Firepower 2100 NGFW
Superior threat defenseIndustry best protection and
rapid breach detectionSustained performance
Threat inspection with minimal throughput impact
Simpler managementEasier management,lower operating costs
Choose from four powerful new appliances with industry-best price-performance
Models 2110 & 2120Low-cost, high–performance1 RU NGFW, Fixed 16-port
1GbE connectivity
Models 2130 & 2140High–performance 1 RU NGFW
Network modularity, up to 24-port 1GbE and up to 12 10GbE connectivity
Up to 8.5 Gbps FW+AVC+IPS throughput
Get leading security effectiveness
Optimized architecture
Unique dual multi-core CPUs sustains threat
inspection performance as services are added
Future-proofs your investment
Advanced threat detection
Exclusive integration of Firepower NGIPS and
AMPRanked #1 in breach
detection by NSS Labs in 2016
Superior time to detection of advanced
threats
Superior price-performance
Less than 50% of the cost per-protected Mbps
vs. competitors200% greater
throughput vs. competitors when IPS is
enabled
Superior threat defense Firepower 2100 series NGFWs deliver:
Enable threat defense withoutcompromising throughputSustained throughput performance when threat functions are enabled vs. competing designsFlexibility and future-proofing vs. ASIC-based designs that degrade as new defenses and functions are addedPrefix filtering with fast path verifies flows that do not require threat inspection, further enhancing performance
Sustained performanceDual Multi-Core CPU architecture enables:Layer 7 & advanced threat engine
I/O
Multi-core CPU x86
Internal switch
Layer 2-3 & SSL accelerationMulti-core CPU NPU
Fastpath fordesignatedflows.
Improve IT efficiency with streamlinedmanagementSimpler management Firepower 2100 series NGFWs deliver:
Scalable design Easy setup Faster time-to-valueQuick setup wizard
(FDM)Low-touch provisioningTemplates for multi-site
provisioning
Cloud-based policy delivery (CDO)
Automated executive summary
Demonstrate value more easily
50% increased management capacity
(FMC)Expanded file storage
Network modularity
4X Performance2X Performance
Significantly enhance performance with a Firepower 2100 NGFW
~2X to 4X Firewall Performance Boost; up to 10G Connectivity
Model Form Factor I/O Power Throughput –FW+AVC (1024b) Throughput –
FW+AVC+IPS (1024b) Firepower 2110
ASA 5525-X1RU1RU
12 RJ-45; 4 x SFP8 RJ-45; 6 x SFP
1x Fixed AC1x AC or DC
1.9 Gbps1.1 Gbps
1.9 Gbps650 Mbps
Firepower 2120
ASA 5545-X
1RU
1RU
12 RJ-45; 4 x SFP
8 RJ-45; 6 x SFP
1x Fixed AC
1x or 2xAC/1x or 2x DC
3 Gbps
1.5 Gbps
3 Gbps
1 Gbps
Firepower 2130
ASA 5555-X
1RU
1RU 8 RJ-45; 6 x SFP
1x or 2xAC/1x or 2x DC
1x or 2xAC/1x or 2x DC
4.75 Gbps
1.75 Gbps
4.75 Gbps
1.25 Gbps
Firepower 2140ASA 5585-X
SSP 10 2 RU16 RJ-45, 4 x 10 SFP+
(2 modules)
2x AC/2x DC
2x AC/2x DC
8.5 Gbps
4.5 Gbps
8.5 Gbps
2.5 Gbps
12 RJ-45; 4 x SFP+; 1x NM - 8x10G SFP+
1RU RJ-45; 4 x SFP+; 1 x NM - 8x10G SFP+
12 RJ-45; 4 x SFP+; 1x NM - 8x10G SFP+
1RU RJ-45; 4 x SFP+; 1 x NM - 8x10G SFP+
Firepower 2100 Series ModelsDescription FPR 2110 FPR 2120 FPR 2130 FPR 2140
Chassis & I/O 1RU12 Fixed RJ-45 (1G)
4 x SFP (1G)1RU12 Fixed RJ-45 (1G)4 x SFP (1G)
1RU12 Fixed RJ-45
(1G) 4 x SFP+ (10G)
1 x NM Slot
1RU,12 Fixed RJ-45 (1G)4 x SFP+ (10G)1 x NM SlotCPU x86 4-Core 6-Core 8-Core 16-CoreCPU DDR4 DRAM
16GB 16GB 32GB 64GBNPU Octeon 6-Core 8-Core 12-Core 16-CoreNPU DDR4 DRAM 8 GB 8 GB 16 GB 16 GBSSD 1 x 100GB Default
2nd Optional SSD for MSP 800GB1 x 200GB Default2nd Optional SSD for MSP 800GB
PSU –Default/Options 1x 250W Fixed AC PSU 1x 250W Fixed AC PSU 1x 400W AC default 2x AC, 1x or 2x DC options2x 400W AC default2x 350W DC options
FPR 2110 FPR 2120 FPR 2130 FPR 2140Throughput FW + AVC 1.9 Gbps 3 Gbps 4.75 Gbps 8.5 GbpsThroughput FW + AVC + NGIPS 1.9 Gbps 3 Gbps 4.75 Gbps 8.5 Gbps
Maximum concurrent sessions, with AVC1 M 1.2 M 2 M 3.5 M
Maximum new connections per second, with AVC 12000 16000 24000 40000
Firepower 2100 Series Performance
Note: Early Performance Numbers
Firepower 2100, 4100, 9300 SnapshotFeatures FPR 2100 FPR 4100 FPR 9300Throughput rangeFirewall + AVC
2 to 8 Gbps 12 to 30 Gbps 30 to 54 Gbps
Throughput rangeFirewall + AVC+IPS
2 to 8 Gbps 10 to 24 Gbps 24 to 53 Gbps
Interface Speed 1/10 Gbps 1/10/40 Gbps 1/10/ 40/100 GbpsRack Unit size 1 RU 1 RU 3 RUClustering Roadmap Yes (6.2) Yes (6.2)
Migration
Migration Capabilities – Today & RoadmapFirepower 6.1/6.2
ACLs
NAT
Objects
ASA Versions
Ability to migrate Access Control Rules
Ability to migrate NAT rules
Support for migrating objects corresponding to ACL, NAT rules
Except Users, Time Range, FQDN, SGT
Support for ASA 9.1+ versions
Firepower 6.x- RoadmapAdditional Object Support
User Experience
Device Configurations
ASA Versions
Ability to migrate additional types of objects for access rules-
Users, Time Range, FQDN, SGT
Improved usabilityTool, report improvements
Routing, VPN, Platform Settings etc.
Support for ASA 8.4+ versions
Migration at a GlanceFMCv
(deployed as Migration
Tool)
FMC (managing
FTD Devices)
ASA FTD
ASA .cfgor .txt file
FMC .sfofile
Migration Report
ASA version 9.1.x or higher Single Context Mode Transparent or Routed Active Unit (in HA pair)
Manual Reimage
Import Tool
Regis
ter
Apply Migrated Configs
Run as root: enableMigrationTool.plImport as ACL or Pre-filter policies
Migration of Installed Base (ASA customers)• New OS (ASA -> FTD)• Old configuration needs to be converted• There is a migration tool!• New dCloud lab on migration!
Tak for opmærksomhedenQ&A