This document discusses Cisco's cybersecurity solutions, including its FirePOWER next-generation firewall and network security platform. It provides an overview of FirePOWER's key capabilities such as advanced threat prevention, application control, user awareness, automated policy recommendations, and integration with other Cisco security products. The document also presents examples of how FirePOWER's contextual policies and automation features can help organizations better detect, prevent, and respond to cyber threats.
Report
Share
Report
Share
1 of 28
More Related Content
Ict 2015 saga - cisco cybersecurity rešenja- Viktor Varga
2. Četvrt veka oblikujemo budućnost
SAGA
• Established 1989 – 25 years
• System Integrator No.1 in Serbia*
• Member of New Frontier Group
Security
Department
*since 2005 by revenue
3. Četvrt veka oblikujemo budućnost
SAGA Security 360˚
Core Values
Holistic approach
Trusted Advisor
Security = Risk
Security as Enabler
10. Četvrt veka oblikujemo budućnost
FirePOWER
Access Control
• Remote Access VPN
• Gateway VPN
Switching
• Routing
• NAT
• Stateful Inspection
Context Awareness
• Correlate host and user activity
• Passive OS Fingerprinting
• Passive Service Identification
• Passive Vulnerability mapping
• Passive Network Discovery
• Auto Policy Recommendations
• Auto Impact Assessment
Threat Prevention
• Vulnerability facing rules
• Threat facing rules
• Enterprise accuracy and
performance
App Control
• Detection of
applications
• Allow/block apps and
app sub-functions
• Allow/block apps by
user
• Allow/block apps by
type, tag, category,
risk rating
Typical IPSTypical Firewall
Typical NGFWs
FirePOWER NGIPS
FirePOWER – NGFW
11. Četvrt veka oblikujemo budućnost
Context - Traffic Analysis
First packet : 2013-02-22 16:08:46
Last packet : 2013-02-22 16:08:46
Source IP : 10.2.1.51
Destination IP : 10.2.1.121
Protocol : TCP
Source Port : 2314
Destination Port : 3108
---------
Service : HTTP
Application Type : HTTP Browser
Web Application : ACME HR
Client App : Internet Explorer 7
Server App : Apache 2.3.32
Initiator packets: 6
Responder packets: 6
Initiator bytes : 1096
Responder bytes : 2269
URL : /foo/sploits/plugins/
Detection Engine : London Data Center
10.2.1.51 exists
10.2.1.121 exists
10.2.1.121 Has a daemon :3108
10.2.1.121 Is a webserver
10.2.1.51 Has a web browser
10.2.1.51 Has IE 7 installed
10.2.1.121 Needs updating: vulns
12. Četvrt veka oblikujemo budućnost
Impact Assessment
Correlates all intrusion events to an
impact of the attack against the target
IMPACT
FLAG
ADMINISTRATOR
ACTION
WHY
Act Immediately,
Vulnerable
Event corresponds to
vulnerability mapped
to host
Investigate,
Potentially
Vulnerable
Relevant port open or
protocol in use, but
no vuln mapped
Good to Know,
Currently Not
Vulnerable
Relevant port not
open or protocol not
in use
Good to Know,
Unknown Target
Monitored network,
but unknown host
Good to Know,
Unknown Network
Unmonitored network
13. Četvrt veka oblikujemo budućnost
One Size Fits All ?
NSS IPS Test Key Findings:
Protection varied widely between 31% and
98%. Tuning is required, and is most
important for remote attacks against servers
and their applications. Organizations that do
not tune could be missing numerous
“catchable” attacks.
14. Četvrt veka oblikujemo budućnost
One Size Fits All ?
NSS IPS Test Key Findings:
Protection varied widely between 31% and
98%. Tuning is required, and is most
important for remote attacks against servers
and their applications. Organizations that do
not tune could be missing numerous
“catchable” attacks.
15. Četvrt veka oblikujemo budućnost
One Size Fits All ?
NSS IPS Test Key Findings:
Protection varied widely between 31% and
98%. Tuning is required, and is most
important for remote attacks against servers
and their applications. Organizations that do
not tune could be missing numerous
“catchable” attacks.
16. Četvrt veka oblikujemo budućnost
Automation
Impact Assessment and Recommended Rules Automate Routine Tasks
18. Četvrt veka oblikujemo budućnost
Contextual Policy – Primer 1
Trust privileged users access to sshd on
production servers (regardless of port)
19. Četvrt veka oblikujemo budućnost
Contextual Policy – Primer 2
Treat connections to unauthorized
websites as highly hostile.
Trust privileged users access to sshd on
production servers (regardless of port)
20. Četvrt veka oblikujemo budućnost
Contextual Policy – Primer 3
Treat connections to unauthorized
websites as highly hostile.
Trust privileged users access to sshd on
production servers (regardless of port)
Prevent any .exe downloads from
untrusted client apps (e.g. Internet
Explorer)
21. Četvrt veka oblikujemo budućnost
Custom Block Response Pages
Simple update that can be leveraged
for existing infrastructure.
Example: Use a Google Docs
Spreadsheet and Web form for user
access requests.
• Created a Google Spreadsheet and
added a web form to the spreadsheet.
• Added either the urlor the iframeto the
default block page
22. Četvrt veka oblikujemo budućnost
Detekcija
Detects if new application appears or traffic profile changes
Identify Hacked Hosts
Useful in static environments: Scada, DMZ, MEDTEC...
Reduced Risk and Cost ALERT
Host has suddenly
started to use SSH
client and outgoing
traffic volume has
increased by 3
ssh
23. Četvrt veka oblikujemo budućnost
Automatska remediacija
Use pre-defined or custom script to initiate automatic actions
E.g, Quarantine device with ISE API
Reduced Risk and Cost
Indications Of Compromise
- IPS event impact 1
- Malware
- Communication with BOTNET
QUARANTINE
I
S
E
change
VLAN or
SGT
24. Četvrt veka oblikujemo budućnost
Integracija
eStreamer API
Export Events
Vulnerability API
Import
Vulnerabilities
Remediation
Modules
I
S
E
Database
Access
(JDBC)
25. Četvrt veka oblikujemo budućnost
Integracija 2
Platform Exchange Grid – pxGrid
That Didn’t
Work So
Well!
pxGrid Context
Sharing
Single Framework
Direct, Secured
Interfaces
I have NBAR info!
I need identity…
I have firewall logs!
I need identity…
Talos
I have sec events!
I need reputation…
I have NetFlow!
I need entitlement…
I have reputation info!
I need threat data…
I have MDM info!
I need location…
I have app inventory info!
I need posture…
I have identity & device-type!
I need app inventory & vulnerability…
I have application info!
I need location & auth-group…
I have threat data!
I need reputation…
I have location!
I need identity…
26. Četvrt veka oblikujemo budućnost
Two of a kind
• Focused on Threat Detection
• Some Firewall functions, but likely
not enough to meet perimeter use
cases
• Ideal for passive deployments or
augmenting firewalls
• Deployed on FirePOWER
appliances
Different devices for different use cases
• Full ASA firewall capabilities
• Full threat detection stack
• Best for NGFW usage
• Delivered alongside ASA
FirePOWER Appliance & FirePOWER services