8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security

Next Generation Security

Fuat KILIÇ

Consulting Systems Engineer - Security

Ali Fuat TÜRKAY

Product Sales Specialist - Security

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

Cisco and/or its affiliates. All rights reserved. Cisco Public

All were smart. All had security. All were seriously compromised.

Today’s Real World: Threats are evolving and evading traditional defense


What would you do if you knew you would be compromised?!

BEFORE Discover Enforce Harden

DURING Detect Block

Defend

AFTER Scope

Contain Remediate

Network Endpoint Mobile Virtual Email & Web

Continuous Point-in-time

Attack Continuum

Cloud


The Silver Bullet Does Not Exist…

“Captive Portal”

“It matches the pattern”

“No false positives, no false negatives.”

Application Control

FW/VPN

IDS / IPS UTM

NAC

AV PKI

“Block or Allow”

“Fix the Firewall”

“No key, no access”

Sandboxing “Detect the Unknown”


Customer Value Proposition

Cisco Security Solutions

Unmatched Visibility

Advanced Threat Protection

Consistent Control

Flexibility & Choice

Cisco’s Strategy Integrated Platform for Defense, Discovery and Remediation

Firewall Content Gateways Integrated Platform Virtual Cloud

Device

Data Center

Network Access Control

Firewall

Content Aware Applications

Context Aware Identity, Data,

Location

Threat Aware Malware, APT


Gartner Defines Next-Generation IPS

8

NGIPS Definition

•  Standard First-Gen IPS •  Context Awareness •  Application Awareness

and full-stack visibility •  Content Awareness •  Adaptive Engine

Download at Sourcefire.com

*Source: “Defining Next-Generation Network Intrusion Prevention” Gartner, October 7, 2011

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

FirePOWER Platform

http:// http:// WWW WWW

WWW WWW

FireSIGHT Management Center

FireSIGHT Management Center •  Context Awareness

•  Operating System Identification •  Fingerprint Applications (Web, Protocol & Client Versions) •  Service Enumeration (HTTP, SMPT, RDP…etc) •  Users Awareness •  24x7 Monitoring (Passive & Inline)

•  Identify Assets Potential Vulnerabilities (Weakness) •  Leveraging Visibility/vulnerabilities to “Adapt” •  Access Control Rules Enforcement •  Alerting, Correlation & Packets Capture FirePOWER Platform/Services •  Inspect, Detect, Drop, Allow…etc •  IPS, Application Control, Malware Inspection & URL

Rating •  Inline, Passive & Hybrid

Context Awareness in Intrusion Events


FireSIGHT – Unique Visibility

Typical NGFW

Cisco FireSIGHT System

Typical IPS


Building Host Profile

OS & version Identified

Server applications and version

Client Applications

Who is at the host

Client Version

Application

What other systems / IPs did user have,

when?

§ Converting Data into Information


FireSIGHT Impact Assessment

Correlates all intrusion events to an impact of the attack against the target

Impact Flag Administrator Action Why

1 Act immediately, vulnerable

Event corresponds to vulnerability mapped to host

2 Investigate, potentially vulnerable

Relevant port open or protocol in use, but no vuln mapped

3 Good to know, currently not vulnerable

Relevant port not open or protocol not in use

4 Good to know, unknown target

Monitored network, but unknown host

0 Good to know, unknown network Unmonitored network


Indications of Compromise (IoCs)

IPS Events

Malware Backdoors Exploit Kits

Web App Attacks CnC Connections

Admin Privilege Escalations

SI Events

Connections to Known CnC IPs

Malware Events

Malware Detections Office/PDF/Java Compromises

Malware Executions Dropper Infections


Gartner Leadership

Sourcefire has been a leader in

the Gartner Magic Quadrant for IPS

since 2006.

As of December 2013 Source: Gartner (December 2013)

Radware

StoneSoft (McAfee)

IBM Cisco HP

McAfee

Sourcefire (Cisco)

Huawei Enterasys Networks (Extreme Networks)

NSFOCUS Information Technology

challengers

abili

ty to

ex

ecut

e

leaders

visionaries niche players vision


2012 NSS Labs SVM for IPS


2013 NSS Labs SVM for IPS


ASA with FirePOWER Services Available Now!!

Industry’s First Threat-Focused NGFW

#1 Cisco Security announcement of the year!

•  Integrating defense layers helps organizations get the best visibility

•  Enable dynamic controls to automatically adapt

•  Protect against advanced threats across the entire attack continuum

Proven Cisco ASA firewalling

Industry leading NGIPS and AMP

Cisco ASA with FirePOWER Services

Cisco Confidential 18 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

NSS Labs – Next-Generation Firewall Security Value Map

Source: NSS Labs 2014

The NGFW Security Value Map shows the placement of Cisco ASA with FirePOWER Services and the FirePOWER 8350 as compared to other vendors. All three products achieved 99.2 percent in security effectiveness and now all can be confident that they will receive the best protections possible regardless of deployment.


Secu

rity

Effe

ctiv

enes

s

TCO per Protected-Mbps

The Results Cisco AMP is a Leader in Security Effectiveness and TCO and offers Best Protection Value

Cisco Advanced Malware Protection

Best Protection Value

99.0% Breach

Detection Rating

Lowest TCO per Protected-Mbps

NSS Labs Security Value Map (SVM) for Breach Detection Systems

Security Effectiveness

Overall Product Ratings

Cisco-Sourcefire AMP Results – For Detection Capability Only

Fire and ISE

Cisco Confidential 21 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

EPS REST API

Threat Detection •  IDS Sig •  Malware •  Traffic •  Application •  And Many More..

Automagical, Dynamic, Squirrely Threat/Malware/Attack Response/Defense

Quarantine Action •  VLAN Assignment •  dACLs •  SGT •  QoS TAG

ISE


Network as a Sensor

© 2014 Lancope, Inc. All rights reserved.

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 © 2014 Lancope, Inc. All rights reserved.

Flow – The Network Phone Bill

Flow Cache Destination IP

Origin IP

Destination Port

Origin Port

L3 Protocol

DSCP

Flow Info Packet Bytes/Packet

Origin IP , Port, Proto...

11000 1528

… … … … … …

Monthly Statement Bill At-A-Glance

Flow Record

Telephone Bill


Internet

Atlanta

San Jose

New York

Remote Sites

WAN

Firewall & IPS

Datacenter

DMZ

User Network

3G Internet


Internet

Atlanta

San Jose

New York

NetFlow

Remote Sites

NetFlow

NetFlow

WAN NetFlow

Firewall

Datacenter NetFlow

NetFlow NetFlow

DMZ

NetFlow

NetFlow

User Network

3G Internet

NetFlow

NetFlow

NetFlow

NetFlow

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 © 2014 Lancope, Inc. All rights reserved.

How CTD Analyzes Devices

31


•  Cisco Bulut ve mobilite gibi günlük hayatımızı oldukça değiştiren trendlern ışığında, gereken güvenlik uzmanlığı ve eğitimi alanında aşağıdaki yenilikleri, uzmanların, mühendislerin ve operasyon ekiplerinin eğitimi için yayınlamıştır:

•  Yenilenen CCNP Güvenlik sertifikasyon programı •  Yeni Cisco Sibergüvenlik Uzmanlığı •  Daha önceki Cisco Güvenlik Uzmanlığı sertifikasyonunun sonlanması •  Yeni ve güncellenmiş ürün eğitimleri

•  Yeniden dizayn edilen CCNP Security sertifikasyonu, bugün çok daha geniş bir bkış açısıyla, uçtan uça mimari kurmaları gereken güvenlik uzmanlarını hedeflemektedir:

•  300-206 Implementing Cisco Edge Network Security Solutions (SENSS) •  300-207 Implementing Cisco Threat Control Solutions (SITCS) •  300-208 Implementing Cisco Secure Access Solutions (SISAS) •  300-209 Implementing Cisco Secure Mobility Solutions (SIMOS)