Intelligent Cybersecurity for the Real World

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1

Intelligent Cybersecurity for the Real WorldHermes RomeroRegional Security Sales, Sourcefire

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

Comprehensive Security Portfolio

IPS & NGIPS

• Cisco IPS 4300 Series

• Cisco ASA 5500-X

Series integrated IPS

• FirePOWER NGIPS

• FirePOWER NGIPS w/

Application Control

• FirePOWER Virtual

NGIPS

Web Security

• Cisco Web Security

Appliance (WSA)

• Cisco Virtual Web Security

Appliance (vWSA)

• Cisco Cloud Web Security

Firewall & NGFW

• Cisco ASA 5500-X Series

• Cisco ASA 5500-X w/

NGFW license

• Cisco ASA 5585-X w/

NGFW blade

• FirePOWER NGFW

Advanced Malware Protection

• FireAMP

• FireAMP Mobile

• FireAMP Virtual

• AMP for FirePOWER

license

• Dedicated AMP

FirePOWER appliance

NAC +Identity Services

• Cisco Identity Services

Engine (ISE)

• Cisco Access Control

Server (ACS)

Email Security

• Cisco Email Security

Appliance (ESA)

• Cisco Virtual Email

Security Appliance

(vESA)

• Cisco Cloud Email

• Cisco• Sourcefire

UTM

• Meraki MX

VPN

• Cisco AnyConnect VPN

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3Cisco Confidential 3© 2013 Cisco and/or its affiliates. All rights reserved.

SourcefireBackground andMarket Leadership


Leveraging A Powerful Community


BEFOREDiscoverEnforce Harden

AFTERScope

ContainRemediate

Attack Continuum

Network Endpoint Mobile Virtual Cloud

Detect Block Defend

DURING

Point in Time Continuous

The New Security Model


CUBRIENDO EL ATAQUE CONTINUO

Visibility and Context

Firewall

NGFW

NAC + Identity Services

VPN

UTM

NGIPS

Web Security

Email Security

Advanced Malware Protection

Network Behavior Analysis

Attack Continuum

ANTESControlPolíticaTuning

DURANTEDetectarBloquearDefender

DESPUÉSAlcance

ContenerRemediar


LeadershipThe Path “Up and Right”

Sourcefire has been a leader in the Gartner Magic

Quadrant for IPS since 2006.

As of December 2013Source: Gartner (December 2013)

Radware

StoneSoft (McAfee)

IBM

Cisco HP

McAfee

Sourcefire(Cisco)

HuaweiEnterasys Networks(Extreme Networks)

NSFOCUSInformation Technology

challengers

abili

ty to

exe

cute

leaders

visionariesniche playersvision


Top Ratings (8290)*

99.4% detection & protection 136Gbps inspected throughput 60M concurrent connections $13.6 TCO / protected Mbps

*NSS Labs 2014 Data Center IPS Product Analysis Report

FirePOWER™ NGIPS Best-in-Class

• Best Threat Effectiveness• Highest Throughput• Most Sessions• Best Value

(lowest TCO/protected Mbps)

"For the past five years, Sourcefire has consistently

achieved excellent results in security effectiveness based on our real-world evaluations of exploit evasions, threat block

rate and protection capabilities.”

Vikram Phatak, CTO NSS Labs, Inc.


Sourcefire NGIPS


Security is About Detecting, Understanding, & Stopping Threats

High speed inspection of content

123.45.67.89

Johnson-PC

OS: Windows 7hostname: laptop1User: jsmithIP: 12.134.56.78

12.122.13.62

SQL

Reality: today's threats require a philosophy of threat prevention as core to security.

Today’s Reality:621 breaches in 2012

• 92% stemmed from external agents

• 52% utilized some form of hacking

• 40% incorporated malware

• 78% of attacks not highly difficult

2013 Verizon Data Breach

Investigation Report


Sourcefire’s Security Solutions

COLLECTIVESECURITYINTELLIGENCE

Management CenterAPPLIANCES | VIRTUAL

NEXT- GENERATION

FIREWALL

NEXT- GENERATION INTRUSION

PREVENTION

ADVANCED MALWARE

PROTECTION

CONTEXTUAL AWARENESS HOSTS | VIRTUAL MOBILE

APPLIANCES | VIRTUAL


FireSIGHT™ Full Stack VisibilityCATEGORIES EXAMPLES

SOURCEFIRE FireSIGHT

TYPICAL IPS

TYPICAL NGFW

Threats Attacks, Anomalies ✔ ✔ ✔

Users AD, LDAP, POP3 ✔ ✗ ✔

Web Applications Facebook Chat, Ebay ✔ ✗ ✔

Application Protocols HTTP, SMTP, SSH ✔ ✗ ✔

File Transfers PDF, Office, EXE, JAR ✔ ✗ ✔

Malware Conficker, Flame ✔ ✗ ✗Command & Control Servers C&C Security Intelligence ✔ ✗ ✗Client Applications Firefox, IE6, BitTorrent ✔ ✗ ✗Network Servers Apache 2.3.1, IIS4 ✔ ✗ ✗Operating Systems Windows, Linux ✔ ✗ ✗Routers & Switches Cisco, Wireless ✔ ✗ ✗Mobile Devices iPhone, Android, Jail ✔ ✗ ✗Printers HP, Xerox, Canon ✔ ✗ ✗VoIP Phones Cisco, Avaya, Polycom ✔ ✗ ✗Virtual Machines VMware, Xen, RHEV ✔ ✗ ✗

Contextual AwarenessInformation Superiority


FireSIGHT™ Context ExplorerView all application traffic…

Look for risky applications… Who is using them?

On what operating systems?What else have these users been up to?

What does their traffic look like over time?


FireSIGHT™ Enables Automation

IT InsightSpot rogue hosts, anomalies, policy

violations, and more

Impact AssessmentThreat correlation reduces

actionable events by up to 99%

Automated TuningAdjust IPS policies automatically

based on network change

User IdentificationAssociate users with security

and compliance events


Robust Partner Ecosystem

Combined API Framework

BEFOREPolicy and

Control

AFTERAnalysis and Remediation

Identificationand Block

DURING

Infrastructure & Mobility

NACVulnerability Management Custom Detection Full Packet Capture

Incident Response

SIEMVisualizationNetwork Access Taps


Sourcefire NGFWApplication Control


Reduce Risk Through Granular Application ControlControl access for applications, users and devices

• “Employees may view Facebook, but only Marketing may post to it”

• “No one may use peer-to-peer file sharing apps”

Over 2,200 apps, devices, and more!


Dashboard


Application Control ExamplePrevent BitTorrent


URL Filtering

• Block non-business-related sites by category

• Based on user and user group


Don’t Forget: Apps are Often Encrypted! and default to SSL

Benefits of Sourcefire off-box decryption solution:• Improved Performance – acceleration and policy• Centralized Key Management• Interoperable with 3rd party products

SSL1500 SSL2000 SSL82001.5 Gbps 2.5 Gbps 3.5 Gbps4 Gbps total 10 Gbps total 20 Gbps total


FirePOWER™ & FireAMP™ Advanced Malware Protection (AMP) Solution


In Spite of Layers of Defense

Malware is getting through control based

defenses

MalwarePrevention

is NOT100%

Breach

Existing tools arelabor intensive and require

expertise

Each stage represents a separate process silo attackers use to their advantage.

Attack Continuum

BEFOREDiscoverEnforce Harden

AFTERScope

ContainRemediate

Detect Block Defend

DURING


APT / Advanced MalwareIs now a tool for financial gain

• Uses formal Development Techniques• Sandbox aware• Quality Assurance to evade detection• 24/7 Tech support available

• Has become a math problem• End Point AV Signatures ~20 Million• Total KNOWN Malware Samples ~100 M• AV Efficacy Rate ~50%


Sourcefire Advanced Malware ProtectionRetrospective Security

• ComprehensiveNetwork + Endpoint

• Continuous Analysis

• Integrated Response

• Big Data Analytics

• Control & Remediation


The Real Cost of MalwareResponding to an infection = Headaches = Time = $$

• Where do I start?

• How bad is the situation?

• What systems were impacted?

• How do we recover?

• How do we keep it from happening again?


The Real Cost of MalwareResponding to an infection = Headaches = Time = $$


Actual Disposition = Bad = Blocked

Antivirus

SandboxingInitial Disposition = Clean

Point-in-time Detection

Retrospective Detection,Analysis Continues

Initial Disposition = Clean

Continuous

Blind to scope of

compromise

Sleep TechniquesUnknown ProtocolsEncryptionPolymorphism

Actual Disposition = Bad = Too Late!!

Turns back time

Visibility and Control are Key

Not 100%

Analysis StopsBeyond the Event HorizonAddresses limitations of point-in-time detection


File Trajectory Quickly understand the scope of malware problem

Network+

Endpoint


FirePOWER™


All appliances include:• Integrated lights-out

management

• Sourcefire acceleration technology

• LCD display

FirePOWER™ Appliances Summary


Network Virtual Appliances

• Inline or passive deployment• Full NGIPS Capabilities• Deployed as virtual appliance• Use Cases

o SNORT Conversiono Small / Remote Siteso Virtualized workloads (PCI)

• Manages up to 25 sensorso physical and virtual o single pane-of-glass

• Use Caseso Rapid Evaluationo Pre-production Testingo Service Providers

NOTE: Supports ESX(i) 4.x and 5.x on Sourcefire 5.x platforms. Supports RHEV 3.0 and Xen 3.3.2/3.4.2 on Soucefire 4.x platforms only.

• Virtual Defense Center• Virtual Sensor

DC


PREGUNTAS??

Gracias!

Documents

Intelligent Cybersecurity for the Real World