Cisco Security Architecture
Upcoming SlideShare
Loading in...5
×
 

Cisco Security Architecture

on

  • 913 views

This presentations highlights the Cisco Security Architecture. For more information Cisco's security products and solutions please visit our website here: ...

This presentations highlights the Cisco Security Architecture. For more information Cisco's security products and solutions please visit our website here: http://www.cisco.com/web/CA/products/vpn.html

Statistics

Views

Total Views
913
Views on SlideShare
904
Embed Views
9

Actions

Likes
1
Downloads
78
Comments
0

1 Embed 9

https://twitter.com 9

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Cisco Security Architecture Cisco Security Architecture Presentation Transcript

  • Sourcefire Seminar Series 2014 North American Roadshow
  • 2© 2014 Cisco and/or its affiliates. All rights reserved. The  Silver  Bullet  Does  Not  Exist…   “Self  Defending  Network”   “It  matches  the  pa8ern”   “No  false  posi9ves,   no  false  nega9ves.”   Applica9on   Control   FW/VPN   IDS  /  IPS   UTM   NAC   AV   PKI   “Block  or  Allow”   “Fix  the  Firewall”   “No  key,  no  access”   Sandboxing   “Detect  the     Unknown”  
  • 3© 2014 Cisco and/or its affiliates. All rights reserved. BEFORE Discover Enforce Harden AFTER Scope Contain Remediate Attack Continuum Network Endpoint Mobile Virtual Cloud Detect Block Defend DURING Point in Time Continuous The New Security Model
  • 4© 2014 Cisco and/or its affiliates. All rights reserved. Sourcefire’s Security Solutions COLLECTIVE SECURITY INTELLIGENCE Management Center APPLIANCES | VIRTUAL NEXT- GENERATION FIREWALL NEXT- GENERATION INTRUSION PREVENTION ADVANCED MALWARE PROTECTION CONTEXTUAL  AWARENESS   HOSTS  |  VIRTUAL  MOBILE   APPLIANCES  |  VIRTUAL  
  • 5© 2014 Cisco and/or its affiliates. All rights reserved. Covering the Entire Attack Continuum Visibility and Context Firewall NGFW NAC + Identity Services VPN UTM NGIPS Web Security Email Security Advanced Malware Protection Network Behavior Analysis BEFORE Discover Enforce Harden AFTER Scope Contain Remediate Attack Continuum Detect Block Defend DURING
  • Sourcefire NGIPS and NGFW
  • 7© 2014 Cisco and/or its affiliates. All rights reserved. Leadership The Path “Up and Right” Sourcefire has been a leader in the Gartner Magic Quadrant for IPS since 2006. As of December 2013 Source: Gartner (December 2013)
  • 8© 2014 Cisco and/or its affiliates. All rights reserved. 2012 NSS Labs IPS SVM
  • 9© 2014 Cisco and/or its affiliates. All rights reserved. NSS Labs Security Value Map (SVM) for Breach Detection Systems SecurityEffectiveness TCO per Protected-Mbps
  • 10© 2014 Cisco and/or its affiliates. All rights reserved. FirePOWER™  InnovaDons   LCD  Display   Quick  and  easy  headless  configura3on   Device  Stacking   Scale  monitoring  capacity   through  stacking   ConnecDvity  Choice   Change  and  add  connec3vity   inline  with  network  requirements   Hardware  AcceleraDon   For  best  in  class  throughput,   security,  Rack  size/Mbps,  and   price/Mbps   Lights  Out  Management   Minimal  opera3onal  impact   SSD   Solid  State  Drive  for  increased  reliability   Configurable  Bypass  or     Fail  Closed  Interfaces   For  IDS,  IPS  or  Firewall     deployments  
  • 11© 2014 Cisco and/or its affiliates. All rights reserved. IPSPerformanceandScalability Data CenterCampusBranch OfficeSOHO Internet Edge FirePOWER 7100 Series 500 Mbps – 1 Gbps FirePOWER 7120/7125/8120 1 Gbps - 2 Gbps FirePOWER 8100/8200 2 Gbps - 10 Gbps FirePOWER 8300 Series 15 Gbps – 60 Gbps Platforms and Places in the Network FirePOWER 7000 Series 50 Mbps – 250 Mbps
  • 12© 2014 Cisco and/or its affiliates. All rights reserved. Collective Security Intelligence IPS Rules Malware Protection Reputation Feeds Vulnerability Database Updates Sourcefire AEGIS™ Program Private and Public Threat Feeds Sandnets FireAMP™ Community Honeypots Advanced Microsoft and Industry Disclosures SPARK Program Snort and ClamAV Open Source Communities File Samples (>380,000 per day) Sourcefire VRT® (Vulnerability Research Team) Sandboxing Machine Learning Big Data Infrastructure
  • 13© 2014 Cisco and/or its affiliates. All rights reserved. 2  SEU/SRU,  1  VDB     updates  per  week   2   380,000   samples  per  day   >300,000  sandbox   convic3ons  per  month   4,310  new  IPS   rules     100%   Same-­‐day   protec3on  for     MicrosoL  vulnerabili3es     99.4%   Vulnerability   coverage  per  NSS  Labs  IPS   group  test*   Protecting Your Network 2013 Output * Source: NSS Labs Data Center IPS Comparative Analysis, 2014
  • 14© 2014 Cisco and/or its affiliates. All rights reserved. Robust Partner Ecosystem Combined API Framework BEFORE Policy and Control AFTER Analysis and Remediation Identification and Block DURING Infrastructure & Mobility NACVulnerability Management Custom Detection Full Packet Capture Incident Response SIEMVisualizationNetwork Access Taps
  • 15© 2014 Cisco and/or its affiliates. All rights reserved. FireSIGHT™ Visibility CATEGORIES EXAMPLES SOURCEFIRE FireSIGHT TYPICAL IPS TYPICAL NGFW Threats Attacks, Anomalies ✔ ✔ ✔ Users AD, LDAP, POP3 ✔ ✗ ✔ Web Applications Facebook Chat, Ebay ✔ ✗ ✔ Application Protocols HTTP, SMTP, SSH ✔ ✗ ✔ File Transfers PDF, Office, EXE, JAR ✔ ✗ ✔ Malware Conficker, Flame ✔ ✗ ✗ Command & Control Servers C&C Security Intelligence ✔ ✗ ✗ Client Applications Firefox, IE6, BitTorrent ✔ ✗ ✗ Network Servers Apache 2.3.1, IIS4 ✔ ✗ ✗ Operating Systems Windows, Linux ✔ ✗ ✗ Routers & Switches Cisco, Nortel, Wireless ✔ ✗ ✗ Mobile Devices iPhone, Android, Jail ✔ ✗ ✗ Printers HP, Xerox, Canon ✔ ✗ ✗ VoIP Phones Avaya, Polycom ✔ ✗ ✗ Virtual Machines VMware, Xen, RHEV ✔ ✗ ✗ Contextual Awareness Information Superiority
  • FireSIGHT Demo
  • 17© 2014 Cisco and/or its affiliates. All rights reserved. Save Money and Improve Security IT  Insight   Spot  rogue  hosts,  anomalies,  policy   violaDons,  and  more   Impact  Assessment   Threat  correlaDon  reduces   acDonable  events  by  up  to  99%   Automated  Tuning   Adjust  IPS  policies  automaDcally     based  on  network  change   User  Iden9fica9on   Associate  users  with  security   and  compliance  events  
  • 18© 2014 Cisco and/or its affiliates. All rights reserved. One of the world’s 3 largest credit reporting agencies: •  20,000 nodes •  7,500 employees Generic Work Rate: $75/hour FireSIGHT™ Operational Savings Source:  SANS  "Calcula3ng  TCO  on  Intrusion  Preven3on  Technology“  whitepaper,  December  2013  
  • 19© 2014 Cisco and/or its affiliates. All rights reserved. Customer Testimonial: Nathan Romine, Western Union
  • Policy Demo
  • 21© 2014 Cisco and/or its affiliates. All rights reserved. Benefits of Application Control Social: Security and DLP Mobile: Enforce BYOD Policy Bandwidth: Recover Lost Bandwidth Security: Reduce Attack Surface
  • 22© 2014 Cisco and/or its affiliates. All rights reserved. Application Control is Cool!
  • AMP: Advanced Malware Protection
  • 24© 2014 Cisco and/or its affiliates. All rights reserved. In Spite of Layers of Defense Malware  is   geUng   through   control  based   defenses   Malware   PrevenDon   is  NOT   100%   Breach   ExisDng  tools  are   labor  intensive  and  require   experDse     Attack Continuum BEFORE Discover Enforce Harden AFTER Scope Contain Remediate Detect Block Defend DURING Point in Time Continuous
  • 25© 2014 Cisco and/or its affiliates. All rights reserved. APT / Advanced Malware A  tool  for  financial  gain   •  Uses  formal  Development  Techniques   •  Sandbox  aware   •  Quality  Assurance  to  evade  detecDon   •  24/7  Tech  support  available   •  Has  become  a  math  problem   •  End  Point  AV  Signatures  ~20  Million   •  Total  KNOWN  Malware  Samples    ~100  M   •  AV  Efficacy  Rate  ~50%  
  • 26© 2014 Cisco and/or its affiliates. All rights reserved. When Malware Strikes, You Have Questions Where did it come from? Who else is infected? What is it doing? How do I stop it?
  • 27© 2014 Cisco and/or its affiliates. All rights reserved. Visibility and Control
  • 28© 2014 Cisco and/or its affiliates. All rights reserved. AMP Everywhere AMP for Networks AMP for Endpoints ESA Email WSA Web CWS Web
  • AMP for FirePOWER and FireAMP Demo
  • 31© 2014 Cisco and/or its affiliates. All rights reserved. When Malware Strikes, Have Answers Where did it come from? Who else is infected? What is it doing? How do I stop it? Device Trajectory File Trajectory File Analysis Automated Remediation
  • 32© 2014 Cisco and/or its affiliates. All rights reserved. Right in the Middle Of…
  • Better Together
  • 34© 2014 Cisco and/or its affiliates. All rights reserved. Visibility FirePower FireAMP IntelligenceSpark Sensors 20 100 Detections 30 Exploit Kits 595K Lookups 293K New files 6450 Detections 33M Lookups 10K Detections 28M Network lookups 3K Network Blocks 600K Files 100K Sandbox 60K IPS 100K Detections Retrospective Intelligence Sourcefire Vulnerability Research
  • 35© 2014 Cisco and/or its affiliates. All rights reserved. Visibility FirePower FireAMP IntelligenceSpark Sensors 20 100 Detections 30 Exploit Kits 595K Lookups 293K New files 6450 Detections 33M Lookups 10K Detections 28M Network lookups 3K Network Blocks 600K Files 100K Sandbox 60K IPS 100K Detections Retrospective Intelligence ESA/WSA CWS 93B Messages 4.5B Blocks 20K New Files 80M Web Blocks 16B Web Requests 1M Blocks 20K New Files Sourcefire+Cisco Vulnerability Research
  • 36© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Security Architecture SMB / Branch Campus Data Center Internet ASA ISR IPS ASA Email Web ISE ADWireless Switch Router Content Policy ISR-G2 Integrated Services CSM ASA ASAv ASAvASAv ASAv Hypervisor Virtual Data Center Physical Data Center Global Threat Intelligence Remote Devices Access Cloud Security Gateway Cloud Security Gateway ASAv in the Fabric (SDN)
  • 37© 2014 Cisco and/or its affiliates. All rights reserved. Comprehensive Security Portfolio IPS & NGIPS •  Cisco IPS 4300 Series •  Cisco ASA 5500-X Series integrated IPS •  FirePOWER NGIPS •  FirePOWER NGIPS w/ Application Control •  FirePOWER Virtual NGIPS Web Security •  Cisco Web Security Appliance (WSA) •  Cisco Virtual Web Security Appliance (vWSA) •  Cisco Cloud Web Security Firewall & NGFW •  Cisco ASA 5500-X Series •  Cisco ASA 5500-X w/ NGFW license •  Cisco ASA 5585-X w/ NGFW blade •  FirePOWER NGFW Advanced Malware Protection •  FireAMP •  FireAMP Mobile •  FireAMP Virtual •  AMP for FirePOWER license •  Dedicated AMP FirePOWER appliance NAC + Identity Services •  Cisco Identity Services Engine (ISE) •  Cisco Access Control Server (ACS) Email Security •  Cisco Email Security Appliance (ESA) •  Cisco Virtual Email Security Appliance (vESA) •  Cisco Cloud Email •  Cisco •  Sourcefire UTM •  Meraki MX VPN •  Cisco AnyConnect VPN
  • 38© 2014 Cisco and/or its affiliates. All rights reserved. ASA 5500-X Advantages Up to 4X faster than legacy ASA Integrated security acceleration hardware NG Services: Application control (AVC), Web security (WSE), Sourcefire (NGIPS - FireSIGHT) Technology Migration Program (TMP) •  10% off ASA-X Firewalls •  15% off NGFW Services ASA 5512-X 1 Gbps FW Throughput ASA 5515-X 1.2 Gbps FW Throughput ASA 5525-X 2 Gbps FW Throughput ASA 5545-X 3 Gbps FW Throughput ASA 5555-X 4 Gbps FW Throughput
  • Cisco ASA 5585-X Firewall for Data Centers •  World’s fastest firewall solution – up to 640 Gbps clustered •  16 chassis clustering can be managed as a single device and across multiple data centers •  Purpose-built data center security supports traditional, SDN, and ACI data center environments Market-leading DC Firewall
  • 40© 2014 Cisco and/or its affiliates. All rights reserved. Real-Time ProtectionNetwork / Security Devices Cisco Unified Threat Intelligence Actionable Intelligence Vendor, Industry and Agency Alliances Managed Honeypots, Mantraps 1100101001001011100110100111 0100010 01001001011100101001001011100110100111 01001001001011100101001001011100110100111 0100010 0100100101110010100100101 0010111001010010010111001101001110010 00010 01001001011100101001001011100110100111 0100010 01001001011100101001000100010 01001001011100101001001011100 •  Multiple, non-integrated intelligence sources •  Limited Intelligence footprint •  Slow, inconsistent threat updates •  No consistency between security solutions Challenge •  Largest unified threat database •  Global intelligence from millions of devices, billions of websites, emails/day •  Threat updates every 3-5 minutes •  Unified intelligence: (Cisco + Sourcefire) ASA, IPS, CWS, ESA, WSA, ISE Solution Global Threat Operations
  • 41© 2014 Cisco and/or its affiliates. All rights reserved. Local and Global Threat Intelligence Integrated and Centralized Policy Embedding Security in the Infrastructure Comprehensive Visibility and Scalable Enforcement NETWORK Sees All Traffic Routes All RequestsSources All Data Controls All Flows Handles All Devices Touches All Users Shapes All Streams Visibility Enforcement Behavioral Analysis EncryptionIdentity Awareness Device Visibility Policy Enforcement Access Control Threat Defense
  • 42© 2014 Cisco and/or its affiliates. All rights reserved. Risk  Reports   •  Samples   •  Eval  Output   •  ExecuDve  focus