We are ushering in a new era of capabilities around discovering and stopping threats. Let me demonstrate how through the typical anatomy of a threat.
Many of us have web and email gateways to stop infections from a user host. But it’s very easy today for the user to go outside the enterprise and get infected.
Once inside, they’ll move around throughout the enterprise, propagating from host to host to execute their mission.
For a long time, we’ve used cloud based threat defense, but now we’re adding intelligence to detect things like known bad IPs, bad web locations, and with this, can help our customers analyze their networks. So we’re adding intelligence to defense.
Cybercriminals are learning that harnessing the power of the Internet’s infrastructure yields far more benefits than simply gaining access to individual computers. The newest twist in malicious exploits is to gain access to web hosting servers, name servers, and data centers and to take advantage of the tremendous processing power and bandwidth they provide. Through this approach, exploits can reach many more unsuspecting computer users and have a far greater impact on the organizations targeted, whether the goal is to make a political statement, undermine an adversary, or generate revenue.
You are already compromised. For large and small enterprises, breaches occur within minutes of the attack, yet we don’t discover it for months.
Cisco ASA with FirePOWER Services addresses the full attack continuum before, during and after an attack, with a truly integrated threat defense.
THE WAY WE ANALYZE THE PROBLEM IS BY LOOKING AT THE ENTIRE ATTACK CONTINUUM OF THINGS YOU MUST DO: BEFORE, DURING AND AFTER AN ATTACK TAKES PLACE.
IN ORDER TO DEAL WITH THE INDUSTRIALIZED THREAT, WE NEED TO LOOK AT THESE PHASES COMPREHENSIVELY:
BEFORE AN ATTACK:
WE NEED TO KNOW WHAT WE ARE DEFENDING….YOU NEED TO KNOW WHATS ON YOUR NETWORK TO BE ABLE TO DEFEND IT – DEVICES / OS / SERVICES / APPLICATIONS / USERS
WE NEED TO IMPLEMENT ACCESS CONTROLS, ENFORCE POLICY AND BLOCK APPLICATIONS AND OVERALL ACCESS TO ASSETS.
HOWEVER POLICY AND CONTROLS ARE A SMALL PIECE OF WHAT NEEDS TO HAPPEN. THEY MAY REDUCE THE SURFACE AREA OF ATTACK, BUT THERE WILL STILL BE HOLES THAT THE BAD GUYS WILL FIND.
ATTACKERS DO NOT DISCRIMINATE. THEY WILL FIND ANY GAP IN DEFENSES AND EXPLOIT IT TO ACHIEVE THEIR OBJECTIVE.
DURING THE ATTACK:
WE MUST HAVE THE BEST DETECTION OF THREATS THAT YOU CAN GET
ONCE WE DETECT ATTACKS, WE CAN BLOCK THEM AND DEFEND OUR ENVIRONMENT
AFTER THE ATTACK:
INVARIABLY ATTACKS WILL BE SUCCESSFUL, AND WE NEED TO BE ABLE TO DETERMINE THE SCOPE OF THE DAMAGE, CONTAIN THE EVENT, REMEDIATE, AND BRING OPERATIONS BACK TO NORMAL
YOU ALSO NEED TO ADDRESS A BROAD RANGE OF ATTACK VECTORS, WITH SOLUTIONS THAT OPERATE EVERYWHERE THE THREAT CAN MANIFEST ITSELF – ON THE NETWORK, ENDPOINT, MOBILE DEVICES, VIRTUAL ENVIRONMENTS.
FINALLY, TRADITIONAL SECURITY TECHNOLOGIES ONLY OPERATE AT A POINT IN TIME. THEY HAVE ONE SHOT TO DETERMINE IF SOMETHING IS BAD OR NOT. WITH TODAY’S THREAT LANDSCAPE FULL OF ADVANCED MALWARE AND ZERO DAY ATTACKS POINT IN TIME ALONE DOES NOT WORK. WHAT IS NEEDED IS A CONTINUOUS CAPABILITY, ALWAYS WATCHING, ALWAYS ANALYZING AND CAN DETECT, CONTAIN AND REMEDIATE A THREAT REGARDLESS OF TIME.
AMY TO UPDATE
To summarize, Cisco ASA with FirePOWER harnesses best-in-class technology with truly integrated multilayer protection in a single device. It provides superior visibility that helps you detect and prioritize threats. And it automates security, to simplify operations and improve response time. Find out more at www.cisco.com/XXXX.