Upload
lynda
View
79
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Intelligent Cybersecurity for the Real World. Hermes Romero. Regional Security Sales, Sourcefire. Comprehensive Security Portfolio . Cisco Sourcefire. Firewall & NGFW Cisco ASA 5500-X Series Cisco ASA 5500-X w/ NGFW license Cisco ASA 5585-X w/ NGFW blade FirePOWER NGFW. IPS & NGIPS - PowerPoint PPT Presentation
Citation preview
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Intelligent Cybersecurity for the Real WorldHermes RomeroRegional Security Sales, Sourcefire
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Comprehensive Security Portfolio
IPS & NGIPS
• Cisco IPS 4300 Series
• Cisco ASA 5500-X
Series integrated IPS
• FirePOWER NGIPS
• FirePOWER NGIPS w/
Application Control
• FirePOWER Virtual
NGIPS
Web Security
• Cisco Web Security
Appliance (WSA)
• Cisco Virtual Web Security
Appliance (vWSA)
• Cisco Cloud Web Security
Firewall & NGFW
• Cisco ASA 5500-X Series
• Cisco ASA 5500-X w/
NGFW license
• Cisco ASA 5585-X w/
NGFW blade
• FirePOWER NGFW
Advanced Malware Protection
• FireAMP
• FireAMP Mobile
• FireAMP Virtual
• AMP for FirePOWER
license
• Dedicated AMP
FirePOWER appliance
NAC +Identity Services
• Cisco Identity Services
Engine (ISE)
• Cisco Access Control
Server (ACS)
Email Security
• Cisco Email Security
Appliance (ESA)
• Cisco Virtual Email
Security Appliance
(vESA)
• Cisco Cloud Email
• Cisco• Sourcefire
UTM
• Meraki MX
VPN
• Cisco AnyConnect VPN
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3Cisco Confidential 3© 2013 Cisco and/or its affiliates. All rights reserved.
SourcefireBackground andMarket Leadership
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Leveraging A Powerful Community
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
BEFOREDiscoverEnforce Harden
AFTERScope
ContainRemediate
Attack Continuum
Network Endpoint Mobile Virtual Cloud
Detect Block Defend
DURING
Point in Time Continuous
The New Security Model
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
CUBRIENDO EL ATAQUE CONTINUO
Visibility and Context
Firewall
NGFW
NAC + Identity Services
VPN
UTM
NGIPS
Web Security
Email Security
Advanced Malware Protection
Network Behavior Analysis
Attack Continuum
ANTESControlPolíticaTuning
DURANTEDetectarBloquearDefender
DESPUÉSAlcance
ContenerRemediar
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
LeadershipThe Path “Up and Right”
Sourcefire has been a leader in the Gartner Magic
Quadrant for IPS since 2006.
As of December 2013Source: Gartner (December 2013)
Radware
StoneSoft (McAfee)
IBM
Cisco HP
McAfee
Sourcefire(Cisco)
HuaweiEnterasys Networks(Extreme Networks)
NSFOCUSInformation Technology
challengers
abili
ty to
exe
cute
leaders
visionariesniche playersvision
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Top Ratings (8290)*
99.4% detection & protection 136Gbps inspected throughput 60M concurrent connections $13.6 TCO / protected Mbps
*NSS Labs 2014 Data Center IPS Product Analysis Report
FirePOWER™ NGIPS Best-in-Class
• Best Threat Effectiveness• Highest Throughput• Most Sessions• Best Value
(lowest TCO/protected Mbps)
"For the past five years, Sourcefire has consistently
achieved excellent results in security effectiveness based on our real-world evaluations of exploit evasions, threat block
rate and protection capabilities.”
Vikram Phatak, CTO NSS Labs, Inc.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9Cisco Confidential 9© 2013 Cisco and/or its affiliates. All rights reserved.
Sourcefire NGIPS
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Security is About Detecting, Understanding, & Stopping Threats
High speed inspection of content
123.45.67.89
Johnson-PC
OS: Windows 7hostname: laptop1User: jsmithIP: 12.134.56.78
12.122.13.62
SQL
Reality: today's threats require a philosophy of threat prevention as core to security.
Today’s Reality:621 breaches in 2012
• 92% stemmed from external agents
• 52% utilized some form of hacking
• 40% incorporated malware
• 78% of attacks not highly difficult
2013 Verizon Data Breach
Investigation Report
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Sourcefire’s Security Solutions
COLLECTIVESECURITYINTELLIGENCE
Management CenterAPPLIANCES | VIRTUAL
NEXT- GENERATION
FIREWALL
NEXT- GENERATION INTRUSION
PREVENTION
ADVANCED MALWARE
PROTECTION
CONTEXTUAL AWARENESS HOSTS | VIRTUAL MOBILE
APPLIANCES | VIRTUAL
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
FireSIGHT™ Full Stack VisibilityCATEGORIES EXAMPLES
SOURCEFIRE FireSIGHT
TYPICAL IPS
TYPICAL NGFW
Threats Attacks, Anomalies ✔ ✔ ✔
Users AD, LDAP, POP3 ✔ ✗ ✔
Web Applications Facebook Chat, Ebay ✔ ✗ ✔
Application Protocols HTTP, SMTP, SSH ✔ ✗ ✔
File Transfers PDF, Office, EXE, JAR ✔ ✗ ✔
Malware Conficker, Flame ✔ ✗ ✗Command & Control Servers C&C Security Intelligence ✔ ✗ ✗Client Applications Firefox, IE6, BitTorrent ✔ ✗ ✗Network Servers Apache 2.3.1, IIS4 ✔ ✗ ✗Operating Systems Windows, Linux ✔ ✗ ✗Routers & Switches Cisco, Wireless ✔ ✗ ✗Mobile Devices iPhone, Android, Jail ✔ ✗ ✗Printers HP, Xerox, Canon ✔ ✗ ✗VoIP Phones Cisco, Avaya, Polycom ✔ ✗ ✗Virtual Machines VMware, Xen, RHEV ✔ ✗ ✗
Contextual AwarenessInformation Superiority
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
FireSIGHT™ Context ExplorerView all application traffic…
Look for risky applications… Who is using them?
On what operating systems?What else have these users been up to?
What does their traffic look like over time?
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
FireSIGHT™ Enables Automation
IT InsightSpot rogue hosts, anomalies, policy
violations, and more
Impact AssessmentThreat correlation reduces
actionable events by up to 99%
Automated TuningAdjust IPS policies automatically
based on network change
User IdentificationAssociate users with security
and compliance events
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Robust Partner Ecosystem
Combined API Framework
BEFOREPolicy and
Control
AFTERAnalysis and Remediation
Identificationand Block
DURING
Infrastructure & Mobility
NACVulnerability Management Custom Detection Full Packet Capture
Incident Response
SIEMVisualizationNetwork Access Taps
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16Cisco Confidential 16© 2013 Cisco and/or its affiliates. All rights reserved.
Sourcefire NGFWApplication Control
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Reduce Risk Through Granular Application ControlControl access for applications, users and devices
• “Employees may view Facebook, but only Marketing may post to it”
• “No one may use peer-to-peer file sharing apps”
Over 2,200 apps, devices, and more!
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Dashboard
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Application Control ExamplePrevent BitTorrent
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
URL Filtering
• Block non-business-related sites by category
• Based on user and user group
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Don’t Forget: Apps are Often Encrypted! and default to SSL
Benefits of Sourcefire off-box decryption solution:• Improved Performance – acceleration and policy• Centralized Key Management• Interoperable with 3rd party products
SSL1500 SSL2000 SSL82001.5 Gbps 2.5 Gbps 3.5 Gbps4 Gbps total 10 Gbps total 20 Gbps total
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22Cisco Confidential 22© 2013 Cisco and/or its affiliates. All rights reserved.
FirePOWER™ & FireAMP™ Advanced Malware Protection (AMP) Solution
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
In Spite of Layers of Defense
Malware is getting through control based
defenses
MalwarePrevention
is NOT100%
Breach
Existing tools arelabor intensive and require
expertise
Each stage represents a separate process silo attackers use to their advantage.
Attack Continuum
BEFOREDiscoverEnforce Harden
AFTERScope
ContainRemediate
Detect Block Defend
DURING
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
APT / Advanced MalwareIs now a tool for financial gain
• Uses formal Development Techniques• Sandbox aware• Quality Assurance to evade detection• 24/7 Tech support available
• Has become a math problem• End Point AV Signatures ~20 Million• Total KNOWN Malware Samples ~100 M• AV Efficacy Rate ~50%
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Sourcefire Advanced Malware ProtectionRetrospective Security
• ComprehensiveNetwork + Endpoint
• Continuous Analysis
• Integrated Response
• Big Data Analytics
• Control & Remediation
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
The Real Cost of MalwareResponding to an infection = Headaches = Time = $$
• Where do I start?
• How bad is the situation?
• What systems were impacted?
• How do we recover?
• How do we keep it from happening again?
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
The Real Cost of MalwareResponding to an infection = Headaches = Time = $$
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Actual Disposition = Bad = Blocked
Antivirus
SandboxingInitial Disposition = Clean
Point-in-time Detection
Retrospective Detection,Analysis Continues
Initial Disposition = Clean
Continuous
Blind to scope of
compromise
Sleep TechniquesUnknown ProtocolsEncryptionPolymorphism
Actual Disposition = Bad = Too Late!!
Turns back time
Visibility and Control are Key
Not 100%
Analysis StopsBeyond the Event HorizonAddresses limitations of point-in-time detection
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
File Trajectory Quickly understand the scope of malware problem
Network+
Endpoint
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30Cisco Confidential 30© 2013 Cisco and/or its affiliates. All rights reserved.
FirePOWER™
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
All appliances include:• Integrated lights-out
management
• Sourcefire acceleration technology
• LCD display
FirePOWER™ Appliances Summary
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Network Virtual Appliances
• Inline or passive deployment• Full NGIPS Capabilities• Deployed as virtual appliance• Use Cases
o SNORT Conversiono Small / Remote Siteso Virtualized workloads (PCI)
• Manages up to 25 sensorso physical and virtual o single pane-of-glass
• Use Caseso Rapid Evaluationo Pre-production Testingo Service Providers
NOTE: Supports ESX(i) 4.x and 5.x on Sourcefire 5.x platforms. Supports RHEV 3.0 and Xen 3.3.2/3.4.2 on Soucefire 4.x platforms only.
• Virtual Defense Center• Virtual Sensor
DC
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33Cisco Confidential 33© 2013 Cisco and/or its affiliates. All rights reserved.
PREGUNTAS??
Gracias!