Embed Size (px)
DESCRIPTION
En la medida que más empresas mueven sus modelos de negocio hacia la movilidad, la nube e Internet de las cosas, sus soluciones de seguridad deben ser más dinámicas y escalables. Sin embargo, hasta la fecha, la mayoría de las soluciones de seguridad no han seguido el ritmo de cambio y no han podido adaptarse a las nuevas amenazas y ataques. Hoy, las soluciones de seguridad están basadas en un modelo binario de “bien vs mal”, el cual carece de la visibilidad necesaria para entender el contexto. El 16 de septiembre, Cisco dio a conocer su más reciente paso en esta dirección.
Citation preview
© 2014 Cisco and/or its affiliates. All rights reserved. 1
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Industry’s First Threat-Focused NGFW
Héctor Casas
Consultor de Seguridad de Cisco para Argentina, Chile, Paraguay y Uruguay
16 de septiembre
Cisco ASA with FirePOWER Services
© 2014 Cisco and/or its affiliates. All rights reserved. 2
Introducing: Cisco ASA with FirePOWER Services Industry’s First Threat-Focused Next-Generation Firewall
► Cisco® ASA firewalling combined with Sourcefire® Next-Generation IPS
► Advanced Malware Protection (AMP)
► Best-in-class security intelligence, application visibility and control (AVC), and URL filtering
Features
► Superior, multilayered threat protection
► Unprecedented network visibility
► Integrated threat defense across the entire attack continuum
► Reduced cost and complexity
Benefits
© 2014 Cisco and/or its affiliates. All rights reserved. 3
100 0111100 011 1010011101 1000111010011101 10001110 10011 101 010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
01000 01000111 0100 11101 1000111010011101 1000111010011101 1100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
The Problem with Legacy Next-Generation Firewalls
Focus on the Apps But totally miss the threat…
Legacy NGFW can reduce attack surface area but advanced malware often evades security controls.
01000 01000111 0100 1110101001 1101 111 0011 0
100 0111100 011 1010011101 1
01000 01000111 0100 111001 1001 11 111 0
© 2014 Cisco and/or its affiliates. All rights reserved. 4
Threat Landscape Demands more than Application Control
100% of companies connect
to domains that host
malicious files or services
54% of breaches
remain undiscovered
for months
60% of data is
stolen in hours
avoids detection and
attacks swiftly
It is a Community
that hides in plain sight
© 2014 Cisco and/or its affiliates. All rights reserved. 5
Legacy NGFWs Lack Complete Visibility and Control
Without Proper Visibility Threat Protection Cannot Be Operationalized
© 2014 Cisco and/or its affiliates. All rights reserved. 6
Integrated Threat Defense Across the Attack Continuum
ATTACK CONTINUUM
Point-in-Time Continuous
Discover Enforce Harden
Detect Block
Defend
Scope Contain
Remediate
Network Endpoint Mobile Virtual Cloud
© 2014 Cisco and/or its affiliates. All rights reserved. 7
Industry’s First Threat-Focused Next-Generation Firewall Cisco ASA with FirePOWER Services
► Cisco® ASA firewalling combined with Sourcefire® Next-Generation IPS
► Advanced Malware Protection (AMP)
► Best-in-class security intelligence, application visibility and control (AVC), and URL filtering
Features
► Superior, multilayered threat protection
► Unprecedented network visibility
► Integrated threat defense across the entire attack continuum
► Reduced cost and complexity
Benefits
“By integrating defense
layers, organizations can
enhance visibility, enable
dynamic controls, and provide
advanced threat protection
that address the entire attack
continuum – before, during,
and after an attack.”
© 2014 Cisco and/or its affiliates. All rights reserved. 8
Superior Integrated & Multilayered Protection
► World’s most widely deployed,
enterprise-class ASA stateful
firewall
► Granular Cisco® Application
Visibility and Control (AVC)
► Industry-leading FirePOWER
next-generation IPS (NGIPS)
► Reputation- and category-based
URL filtering
► Advanced Malware Protection with
Retrospective Security
Cisco ASA
Identity-Policy
Control & VPN
URL Filtering (Subscription)
FireSIGHT
Analytics &
Automation
Advanced
Malware
Protection (Subscription)
Application
Visibility & Control Network Firewall
Routing | Switching
Clustering &
High Availability
Cisco Collective Security Intelligence Enabled
Built-in Network
Profiling
Intrusion
Prevention (Subscription)
© 2014 Cisco and/or its affiliates. All rights reserved. 9
Unprecedented Network Visibility
Categories FirePOWER Services Legacy IPS Legacy NGFW
Threats
Users
Web Applications
Application Protocols
File Transfers
Malware
Command & Control Servers
Client Applications
Network Servers
Operating Systems
Routers & Switches
Mobile Devices
Printers
VoIP Phones
Virtual Machines
© 2014 Cisco and/or its affiliates. All rights reserved. 10
Impact Assessment
Correlates all intrusion events to an
impact of the attack against the target
1
2
3
4
0
IMPACT FLAG ADMINISTRATOR
ACTION WHY
Act Immediately,
Vulnerable
Event corresponds
to vulnerability
mapped to host
Investigate,
Potentially
Vulnerable
Relevant port open
or protocol in use,
but no vuln mapped
Good to Know,
Currently Not
Vulnerable
Relevant port not
open or protocol not
in use
Good to Know,
Unknown Target
Monitored network,
but unknown host
Good to Know,
Unknown Network
Unmonitored
network
© 2014 Cisco and/or its affiliates. All rights reserved. 11
Automated, Integrated Threat Defense Superior Protection for Entire Attack Continuum
Retrospective Security
Shrink Time between Detection and Cure
PDF Mail
Admin
Request
Admin
Request
Multi-vector Correlation
Early Warning for Advanced Threats
Host A
Host B
Host C
3 IoCs
Adapt Policy to Risks
WWW WWW WWW
Dynamic Security Control
http:// http:// WWW WEB
Context and Threat Correlation
Priority 1
Priority 2
Priority 3
Impact Assessment
5 IoCs
© 2014 Cisco and/or its affiliates. All rights reserved. 12
Indicators of Compromise (IoCs)
IPS Events
Malware Backdoors CnC Connections
Exploit Kits Admin Privilege
Escalations
Web App Attacks
SI Events
Connections to Known CnC IPs
Malware Events
Malware Detections Malware Executions
Office/PDF/Java Compromises
Dropper Infections
© 2014 Cisco and/or its affiliates. All rights reserved. 13
Cisco ASA with FirePOWER Services vs. Legacy NGFW
Feature Cisco ASA with
FirePOWER Services Legacy NGFW
Reputation-Based Proactive Protection Superior Not Available
Visibility, Context & Intelligent Security Automation Superior Not Available
File Reputation, File Trajectory, Retrospective Analysis Superior Not Available
IoC’s Superior Not Available
NGIPS Superior Available1
Application Visibility and Control Superior Available
Acceptable Use/URL Filtering Superior Available
Remote Access VPN Superior Not Enterprise-Grade
Stateful Firewall, HA, Clustering Superior Available2
1 – Typically 1st generation IPS, 2 -HA Capabilities vary from NGFW vendor
© 2014 Cisco and/or its affiliates. All rights reserved. 14
Complete Security Solutions
Security Services
Security Products
© 2014 Cisco and/or its affiliates. All rights reserved. 15
Accelerate Migration to Cisco ASA with FirePOWER Services with Professional and Technical Services
SMARTnet Technical Support
Migration Services
Managed Services
Provide full-time,
proactive, systematic
threat monitoring and
management
Move more quickly to
new capabilities and with
minimal disruption
Keep security solutions
available by providing
access to broad Cisco
support tools and
expertise
© 2014 Cisco and/or its affiliates. All rights reserved. 16
Cisco ASA with FirePOWER Services Industry’s First Threat-Focused NGFW
Superior Visibility
Integrated Threat Defense
▶ Best-in-class, multilayered protection in a single
device
▶ Full contextual awareness to eliminate gaps
Automation
▶ Simplified operations and dynamic response and
remediation
© 2014 Cisco and/or its affiliates. All rights reserved. 17
Thank You
