Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Advanced Firewalls Progress Report

693 views

Published on

This is the deck for a speech at AITP St Louis chapter in March 2014 about next generation firewalls and using advanced persistent threats

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Advanced Firewalls Progress Report

  1. 1. Next Generation Firewalls: Ready or Not David Strom AITP St. Louis March 2014 david@strom.com 1
  2. 2. Who am I? • Long time tech journalist, product reviewer and speaker • IT manager from the dawn of the PC era • Former editor-in-chief at Network Computing, Tom’s Hardware.com • Author of two books on computer networking • Based here 2
  3. 3. Agenda • • • • Next Gen distinguishing characteristics Issues with next gen deployment UTM pro and con Advanced persistent threat tools 3
  4. 4. The older firewall generation 4
  5. 5. Cisco ASA: what it used to be like 5
  6. 6. Next Gen distinguishing characteristics • • • • Applications granularity and awareness Integrated IPS IP Reputation management Geolocation 6
  7. 7. 7
  8. 8. Cisco ASA applications granularity 8
  9. 9. New Cisco ASA Dashboard 9
  10. 10. And another Cisco view 10
  11. 11. Palo Alto Networks “Applipedia” 11
  12. 12. 12
  13. 13. Reputation management 13
  14. 14. 14
  15. 15. McAfee Enterprise Firewall geolocation feature 15
  16. 16. Deployment issues • Next gen does things differently from old school: – NAT – QoS – Outbound vs. inbound rule focus 16
  17. 17. 17
  18. 18. Understanding app ID implications for users 18
  19. 19. One obstacle to switching to next-gen 19
  20. 20. Network documentation isn’t current 20
  21. 21. Handling VMs still an issue 21
  22. 22. Lots of VM security products… 22
  23. 23. Catbird’s compliance radar graph 23
  24. 24. 24
  25. 25. Infrastructure misuse 25
  26. 26. What about UTMs? • Pro: – A lot of protection for the $ nowadays (Juniper/Check Point) – One box does it all • Con: – Complex licensing issues – Can get expensive if you have high bandwidth needs – Latency can kill you if you turn on Anti-Virus 26
  27. 27. Juniper SRX dashboard 27
  28. 28. SonicWall 28
  29. 29. 29
  30. 30. Watchguard UTM 30
  31. 31. APT tools • Try to catch the bad guys before they actually deploy their payloads, such as from Norse Corp. (local boys) and Cyphort 31
  32. 32. 32
  33. 33. For more info • • • • • david@strom.com Twitter: @dstrom http://strominator.com TechTarget article: http://bit.ly/1dISmx4 Network World review ofUTMs: http://bit.ly/1fJtmHE 33

×