Atanas Gergiminov, profile picture
Uploaded byAtanas Gergiminov
PPTX, PDF2,853 views

Cisco Security portfolio update

The document provides an overview of Cisco's updated switching and security portfolio, highlighting new features in their firewall and security management solutions. Key updates include advancements in the Firepower portfolio, enhanced performance metrics for next-generation firewalls (NGFW), and the introduction of new SMB switches and models. Additionally, it discusses smart licensing options and management tools designed to simplify policy management across various Cisco security products.

Embed presentation

Downloaded 92 times
Cisco Switching and Security portfolio update Atanas Gergiminov System Engineer PolyComp 2019
Agenda What’s new in the firewall? • Firepower portfolio • Device Management • Subscriptions New SMB switches Demo
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Cisco’s Comprehensive Security Portfolio Integrated security portfolioWorld-class security controls Consistent policies and visibility Duo Multi-Factor Authentication Identity Services Engine (ISE) AMP for Endpoints Firepower Management Center (FMC) Firepower Device Manager (FDM) Cisco Threat Response (CTR) Application Centric Infrastructure Cisco Defense Orchestrator (CDO) Rapid Threat Containment TrustSec Firepower Threat Defense (FTD) Multi-Instance ASA Clustering Firepower Platforms Talos Stealthwatch
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Firewall Validated Use Cases Branch RA VPN Cloud/Virtual Data Center NGIPS Internet Edge Where Cisco can help
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Firepower Portfolio ASA 5508/16 NEW FPR 4115/25/45 NEW FPR 1010 NEW FPR 1120/40 FPR 2110/20/30/40 FPR 9300 Series SM-40 SM-48 SM-56 NEW ASA 5525/45/55 FPR 4110/20/40/50 SM-24 SM-36 SM-44 650 Mbps AVC 650 Mbps AVC+IPS 1.5-2.2 Gbps AVC 1.5-2.2 Gbps AVC+IPS 2-8.5 Gbps AVC 2-8.5 Gbps AVC+IPS Stand-alone device: 12-53 Gbps AVC 10-47 Gbps AVC+IPS 6 Six node cluster: Up to 254 Gbps AVC Up to 226 Gbps AVC+IPS One Module: 30-70 Gbps AVC 24-64 Gbps AVC+IPS Six node (2 chassis) cluster: Up to 336 Gbps AVC Up to 307 Gbps AVC+IPS SOHO/ SMB Branch Office Mid-Size Enterprise Large Enterprise Data Center Service Provider
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential 4 Core • 1.2 Gbps AVC • 1.1 Gbps AVC+IPS 8 Core • 2.4 Gbps AVC • 2.2 Gbps AVC+IPS 12 Core • 3.6 Gbps AVC • 3.3 Gbps AVC+IPS Firepower NGFW: FTD Virtual Platforms Private Cloud • 1.2 Gbps AVC • 1.1 Gbps AVC+IPSc AWS Instance types • c3.xlarge • c4.xlarge • c5.xlarge Azure Instance types • Standard D3 • D3v2 Public Cloud
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential NGFW Hardware 2019 Update As the threat landscape evolves, our NGFW portfolio does too. Gain more features and better performance at the same or lower price point. Better performance • Up to 3.5x boost in NGFW throughput • Up to 5x boost in VPN throughput More connections • Up to 2x more connections per second (CPS) Improved encrypted traffic throughput • Up to 3x boost in encrypted traffic performance
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential NEW: Firepower 1000 Series Small business and branch office security with superior price / performance NEW *POE and L2 support expected 2H CY2019 NEW Firepower 1010 • High–performance desktop NGFW • PoE, 8 10/100/1000 Base-T RJ45 switching ports* • Stateful firewall, AVC, NGIPS, AMP, URL filtering 650Mbps NGFW throughput Firepower 1120/40 • High–performance Rackmount NGFW • 8 10/100/1000Base-T RJ45 switching ports, 4 1000Base-F SFP switching ports • Stateful firewall, AVC, NGIPS, AMP, URL filtering 1120-1.5Gbps NGFW Throughput 1140-2.2Gbps NGFW Throughput
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Firepower NGFW: ISA3000 Provides FTD to Manufacturing Maximum Firewall Throughput 2 Gbps Ideal for industrial environments • Hardened design • DC power supply • DIN rail Two models of ISA 3000 • 2 x Copper + 2 x Fiber data interfaces • 4 x Copper data interfaces Industrial features include • Alarm port: 2 x alarm input, 1 x alarm output • SD card auto backup/restore • Hardware bypass for transparent mode firewall
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Firewall Policy Powered by Talos & OpenApp ID Security Intelligence: Block latest malicious IPs, URLs and FQDNs AVC with OpenAppID: Identify and control over 4,000+ pre-defined apps AVC with OpenAppID: Easily create custom application detectors URL Categories: Classify 280M+ URLs using 80+ categories Category-based Policy Creation Admin Allow Block DNS Sinkhole 01001010100 00100101101 Security feeds URL | IP | DNS Control traffic based on IP, URL, FQDN, or application NGFW Allow BlockWarn
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Integrated TLS Decryption Decrypt traffic in hardware or software Inspect deciphered packets Track and log all TLS sessions Finds encrypted threat while reducing performance impact • TLS hardware acceleration delivers high-performance inspection of encrypted traffic • Centralized enforcement of TLS certificate policies • Examples: Blocking self-signed encrypted traffic, specified TLS version, cypher suites Encrypted Traffic Log TLS decryption engine NGIPS Enforcement decisions AVC elicit gambling https://www.%$*#$@#$.com https://www.%$*#$@#$.com https://www.%$*#$@#$.com https://www.%$*#$@#$.com https://www.%$*#$@#$.com https://www.%$*#$@#$.com https://www.%$*#$@#$.com https://www.%$*#$@#$.com https://www.%$*#$@#$.com https://www.%$*#$@#$.com https://www.%$&^*#$@#$.com https://www.%$&^*#$@#$.com
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Site-to-Site VPN Easily and securely interconnect remote sites • IKEv1/IKEv2 policy-based VPN • Easy topology-based management of VPN on multiple peers • Point-to-point • Hub and Spoke • Full Mesh • Flexible authentication options – pre-shared key (automatic) and certificates Point-to-Point Hub and Spoke Full Mesh FTD FTD FTD FTD Router Third Party Device or or Hub
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Remote Access VPN with DUO Provide ubiquitous secure access from remote and roaming users • Posture assessment • Uses TLS, DTLS or IKEv2 • Easy wizard-based configuration • Integration with LDAP and RADIUS • Identity based security policies • Enhanced security with 2 FA/MFA provided by Duo Extend access remotely Protect important data Maintain application performance Support multiple sites AnyConnect RA VPN Client
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Smart Licenses Smart Licensing is Different Limited View Customers do not know what they own. PAK Registration Manually register each device. Device-Specific Licenses are specific to only one device. Complete View Software, services, and devices in easy-to-use portal. Easy Registration No PAKs. Easy activation. Ready to use. Company-Specific Flexible licensing. Use across devices. Classic Licenses Automated Provisioning | Efficient Consumption | License Portability
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Partner Holding Account Smart Account Types Customer Smart Account • Where licenses are deposited and managed • Can be managed by customer directly, designated VAR or authorized party through CSSM or LRP Virtual Accounts (Organize by business unit, product type, geo, etc.) • Partner or reseller store smart enabled products temporarily, before depositing them into an end customer Smart Account. • Note: It is recommended that partners deposit licenses directly into the Customer Smart Account because licenses can only be consumed in the Customer Smart Account
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Smart Licensing Deployment Options
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Management Designed for the User For easy on-box management of single FTD or pair of FTDs running in HA For centralized cloud-based policy management of multiple deployments *For FTD release 6.4 or higher Helps administrators enforce consistent access policies, rapidly troubleshoot security events, and view summarized reports across the deployment Cisco Firepower Device Manager (FDM) Cisco Defense Orchestrator (CDO) Cisco Firepower Management Center (FMC) On premise Centralized Manager SecOps Focused On-box manager NetOps Focused Cloud Based Centralized Manager NetOps Focused Coexist Flexibility of cloud or on-premises options Common APIsSecurity Integrations
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Wizard-Based Guided Workflows Optimized for Commercial Co-exists with Cloud Management Firepower Device Manager
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Network Users HQ Data Center Admin Branch What is Cisco Defense Orchestrator (CDO)? Roaming Users Cloud applicationsSD-WAN Policy - CDO Visibility & Evening - SAL Incident response - CTR FTD AMP ASA FTD Consistently manage policies across your Cisco security products. CDO is a cloud-based application that cuts through complexity to save time and keep your organization protected against the latest threats.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential CDO Supported Platforms Hardware Minimum Software ASA 5500-X ASA 8.4 FTD 6.4 Firepower 1000 ASA 9.13 FTD 6.4 Firepower 2100 ASA 8.4 FTD 6.4 Firepower 4100 ASA 8.4 Coming soon Firepower 9300 ASA 8.4 Coming soon Virtual – Private Cloud KVM, VMWare ASA 8.4 FTD 6.4 Virtual – Public Cloud AWS, Azure ASA 8.4 Coming soon Meraki MX Latest software update
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Firewall Throughput 250 Mbps 250 Mbps 450 Mbps 450 Mbps 450 Mbps 450 Mbps VPN Throughput 100 Mbps 100 Mbps 200 Mbps 200 Mbps 200 Mbps 200 Mbps Gigabit WAN Ports 2 (1 shared) 2 2 (1 shared) 2 2 (1 shared) 2 Gigabit LAN Ports 4 10 4 10 4 10 PoE+ Ports - 2 - 2 - 2 Wi-Fi (on W models) 802.11ac 802.11ac 802.11ac Wave 2 802.11ac Wave 2 - 802.11ac Wave 2 Embedded Cellular - - - - CAT 6 LTE CAT 6 LTE MX64/64W MX67CMX67/67W MX68/68W MX68CWMX65/65W MX Security & SD-WAN Small Branch Portfolio Improved performance and embedded LTE Advanced
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Ready to get started? Upgrade your NGFW today! Sign up for a free trial: FMC Trial CDO Trial
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential • Fire Jumper Program https://communities.cisco.com/docs/DOC-55046 • NGFW & NGIPS Competency Area https://communities.cisco.com/docs/DOC-57815 • Web & Email Security Competency Area https://communities.cisco.com/docs/DOC-57817 • Policy & Access Competency Area https://communities.cisco.com/docs/DOC-57780 • Advanced Threat Competency Area https://communities.cisco.com/docs/DOC-57818 • Proof of Value (PoV) & Best Practice Docs https://communities.cisco.com/docs/DOC-65405 • dCloud https://dcloud.cisco.com • Digital Network Architecture (DNA) https://dcloud2-rtp.cisco.com/dCloud/dna.jsp Resources  Security Community https://www.cisco.com/go/securitychannels  Voice of the Engineer https://communities.cisco.com/docs/DOC-30718  Tech Talks https://communities.cisco.com/docs/DOC-30977  Competitive Battle cards https://communities.cisco.com/docs/DOC-56271  Partner Help http://www.cisco.com/go/ph  Umbrella Partner Portal https://communities.cisco.com/docs/DOC-64565  NGFW Sizing guide https://communities.cisco.com/docs/DOC-70837
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Partner Incentives and Promotions • ASA Refresh: www.cisco.com/go/asamigration • IPS Refresh: www.cisco.com/go/ipsmigration • AnyConnect Refresh: www.cisco.com/go/anyconnectmigration • ACS to ISE Refresh: www.cisco.com/acs-ise-migration • Security Ignite: http://www.cisco.com/web/partners/incentives_and_promotions/security-ignite.html • Security Bundles: http://www.cisco.com/c/en/us/partners/sell-integrate-consult/incentives-promotions/security-solution-bundle.html Additional Resources
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Key Help Resources Customer Facing Websites • Smart Account Home CCO Page: www.cisco.com/go/smartaccounts • Smart Licensing CCO Page: www.cisco.com/go/smartlicensing • Smart Licensing ‘Satellite’ CCO Page: www.cisco.com/go/smartsatellite • Best Practices & Usage Guides: http://forums.cisco.com/ecom/web/operations-exchange/sot • Sample Config Guide: http://www.cisco.com/c/dam/en/us/products/collateral/cloud-systems-management/smart- software-manager-satellite/smart-software-prod-config-guide.pdf • Cisco Security Licensing and Software Access: https://communities.cisco.com/docs/DOC-55301 • Security Voice of the Engineer (VoE): https://communities.cisco.com/docs/DOC-30718 Getting Help • GLO Support: Fully supported by GLO 24x7. • licensing@cisco.com • General Questions: ask-smartlicensing@cisco.com • Portal Issues: smart-ops-support@cisco.com • Migration Issues: smart-ops-support@cisco.com • Satellite Issues: cs-cssm-satellite@cisco.com Training • Live Training: Register for you or your customer at: • https://communities.cisco.com/docs/DOC-59481#anch2 • Youtube Training Videos: https://www.youtube.com/channel/UCABaWsiDScw_w6kvPcDIjHw • Cisco.com Training Videos & Demos: • http://www.cisco.com/web/ordering/smart-software- manager/index.html
ThankYou cisco@polycomp.b g

More Related Content

PDF
Putting Firepower Into The Next Generation Firewall
byCisco Canada
 
PDF
Meraki SD-WAN.pdf
byssuser7ba9b8
 
PDF
TechWiseTV Workshop: Cisco DNA Center Assurance
byRobb Boyd
 
PPTX
SD-WAN Catalyst a brief Presentation of solution
bypepegaston2030
 
PPTX
Cisco Identity Services Engine (ISE)
byAnwesh Dixit
 
PPTX
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
byRobb Boyd
 
PDF
ASA Firepower NGFW Update and Deployment Scenarios
byCisco Canada
 
PDF
Ccnp presentation day 4 sd-access vs traditional network architecture
bySagarR24
 
Putting Firepower Into The Next Generation Firewall
byCisco Canada
 
Meraki SD-WAN.pdf
byssuser7ba9b8
 
TechWiseTV Workshop: Cisco DNA Center Assurance
byRobb Boyd
 
SD-WAN Catalyst a brief Presentation of solution
bypepegaston2030
 
Cisco Identity Services Engine (ISE)
byAnwesh Dixit
 
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
byRobb Boyd
 
ASA Firepower NGFW Update and Deployment Scenarios
byCisco Canada
 
Ccnp presentation day 4 sd-access vs traditional network architecture
bySagarR24
 

What's hot

PPTX
Wazuh Security Platform
byPituphong Yavirach
 
PPTX
SD-WAN_MoD.pptx for SD WAN networks connectivity
bybayusch
 
PDF
Cisco Meraki Portfolio Guide
byMaticmind
 
PPTX
Cisco ASA Firepower
byAnwesh Dixit
 
PPTX
McAfee SIEM solution
byhashnees
 
PPTX
Azure Sentinel.pptx
byMohit Chhabra
 
PDF
Understanding Cisco Next Generation SD-WAN Solution
byCisco Canada
 
PDF
Meraki Overview
byCloud Distribution
 
PDF
Splunk-Presentation
byPrasadThorat23
 
PDF
Cisco Meraki- Simplifying IT
byCisco Canada
 
PDF
ISE-CiscoLive.pdf
byssuserf4db0a
 
PPTX
Cisco Web and Email Security Overview
byCisco Security
 
PDF
Cisco umbrella overview
byCisco Canada
 
PDF
What is SASE
byAdi Ruppin
 
PDF
Understanding Cisco’ Next Generation SD-WAN Technology
byCisco Canada
 
PPTX
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
byVignesh Ganesan I Microsoft MVP
 
PDF
Fortinet_ProductGuide_NOV2021_R127.pdf
byAlonzoJames2
 
PPTX
Splunk for Enterprise Security and User Behavior Analytics
bySplunk
 
PPTX
Getting Started with Splunk (Hands-On)
bySplunk
 
PDF
Cisco Security Presentation
bySimplex
 
Wazuh Security Platform
byPituphong Yavirach
 
SD-WAN_MoD.pptx for SD WAN networks connectivity
bybayusch
 
Cisco Meraki Portfolio Guide
byMaticmind
 
Cisco ASA Firepower
byAnwesh Dixit
 
McAfee SIEM solution
byhashnees
 
Azure Sentinel.pptx
byMohit Chhabra
 
Understanding Cisco Next Generation SD-WAN Solution
byCisco Canada
 
Meraki Overview
byCloud Distribution
 
Splunk-Presentation
byPrasadThorat23
 
Cisco Meraki- Simplifying IT
byCisco Canada
 
ISE-CiscoLive.pdf
byssuserf4db0a
 
Cisco Web and Email Security Overview
byCisco Security
 
Cisco umbrella overview
byCisco Canada
 
What is SASE
byAdi Ruppin
 
Understanding Cisco’ Next Generation SD-WAN Technology
byCisco Canada
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
byVignesh Ganesan I Microsoft MVP
 
Fortinet_ProductGuide_NOV2021_R127.pdf
byAlonzoJames2
 
Splunk for Enterprise Security and User Behavior Analytics
bySplunk
 
Getting Started with Splunk (Hands-On)
bySplunk
 
Cisco Security Presentation
bySimplex
 

Similar to Cisco Security portfolio update

PDF
Cisco connect winnipeg 2018 putting firepower into the next generation fire...
byCisco Canada
 
PDF
Cisco Next Generation Firewall with Firepower
byhumayun1343
 
PDF
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
byCisco Canada
 
PDF
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
byCisco Canada
 
PDF
Putting Firepower into the Next Generation Firewall
byCisco Canada
 
PDF
Cisco connect montreal 2018 secure dc
byCisco Canada
 
PDF
Cisco Connect Halifax 2018 Putting firepower into the next generation firewall
byCisco Canada
 
PPTX
Isday 2017 - Atelier Cisco
byInforsud Diffusion
 
PDF
Cisco Firewall secure firewall configuration
byvadiraja6
 
PDF
Cisco Connect Ottawa 2018 data centre security
byCisco Canada
 
PDF
Proteja seus clientes - Gerenciamento dos Serviços de Segurança
byCisco do Brasil
 
PDF
Protegendo sua rede
byCisco do Brasil
 
PDF
Cisco Secure Firewall Test Drive Presentation
byDeepankarMitra5
 
PPTX
Secure Data Center Solution with FP 9300 - BDM
byBill McGee
 
PDF
Cisco Network Insider Series: Securing Your Branch for DIA
byRobb Boyd
 
PPTX
New ThousandEyes Product Innovations: Cisco Live June 2025
byThousandEyes
 
PDF
Putting firepower into the next generation firewall
byCisco Canada
 
PPTX
New ThousandEyes Product Innovations: Cisco Live June 2025
byThousandEyes
 
PPTX
Idc security roadshow may2015 Adrian Aron
byDejan Jeremic
 
PDF
Scalar Security Roadshow - Toronto Presentation
byScalar Decisions
 
Cisco connect winnipeg 2018 putting firepower into the next generation fire...
byCisco Canada
 
Cisco Next Generation Firewall with Firepower
byhumayun1343
 
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
byCisco Canada
 
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
byCisco Canada
 
Putting Firepower into the Next Generation Firewall
byCisco Canada
 
Cisco connect montreal 2018 secure dc
byCisco Canada
 
Cisco Connect Halifax 2018 Putting firepower into the next generation firewall
byCisco Canada
 
Isday 2017 - Atelier Cisco
byInforsud Diffusion
 
Cisco Firewall secure firewall configuration
byvadiraja6
 
Cisco Connect Ottawa 2018 data centre security
byCisco Canada
 
Proteja seus clientes - Gerenciamento dos Serviços de Segurança
byCisco do Brasil
 
Protegendo sua rede
byCisco do Brasil
 
Cisco Secure Firewall Test Drive Presentation
byDeepankarMitra5
 
Secure Data Center Solution with FP 9300 - BDM
byBill McGee
 
Cisco Network Insider Series: Securing Your Branch for DIA
byRobb Boyd
 
New ThousandEyes Product Innovations: Cisco Live June 2025
byThousandEyes
 
Putting firepower into the next generation firewall
byCisco Canada
 
New ThousandEyes Product Innovations: Cisco Live June 2025
byThousandEyes
 
Idc security roadshow may2015 Adrian Aron
byDejan Jeremic
 
Scalar Security Roadshow - Toronto Presentation
byScalar Decisions
 

More from Atanas Gergiminov

PDF
Azure hands on lab
byAtanas Gergiminov
 
PDF
Modern Devices Management
byAtanas Gergiminov
 
PDF
Microsoft Azure - Introduction to microsoft's public cloud
byAtanas Gergiminov
 
PDF
Microsoft Azure for Small and Medium Businesses
byAtanas Gergiminov
 
PDF
New Cisco Small Business Products
byAtanas Gergiminov
 
PDF
Meraki cloud managed products
byAtanas Gergiminov
 
PDF
New Cisco Access Points
byAtanas Gergiminov
 
PDF
Cisco Small and Midsize Business Training
byAtanas Gergiminov
 
Azure hands on lab
byAtanas Gergiminov
 
Modern Devices Management
byAtanas Gergiminov
 
Microsoft Azure - Introduction to microsoft's public cloud
byAtanas Gergiminov
 
Microsoft Azure for Small and Medium Businesses
byAtanas Gergiminov
 
New Cisco Small Business Products
byAtanas Gergiminov
 
Meraki cloud managed products
byAtanas Gergiminov
 
New Cisco Access Points
byAtanas Gergiminov
 
Cisco Small and Midsize Business Training
byAtanas Gergiminov
 

Cisco Security portfolio update

  • 1.
    Cisco Switching and Securityportfolio update Atanas Gergiminov System Engineer PolyComp 2019
  • 2.
    Agenda What’s new inthe firewall? • Firepower portfolio • Device Management • Subscriptions New SMB switches Demo
  • 3.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential Cisco’s Comprehensive Security Portfolio Integrated security portfolioWorld-class security controls Consistent policies and visibility Duo Multi-Factor Authentication Identity Services Engine (ISE) AMP for Endpoints Firepower Management Center (FMC) Firepower Device Manager (FDM) Cisco Threat Response (CTR) Application Centric Infrastructure Cisco Defense Orchestrator (CDO) Rapid Threat Containment TrustSec Firepower Threat Defense (FTD) Multi-Instance ASA Clustering Firepower Platforms Talos Stealthwatch
  • 4.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential Firewall Validated Use Cases Branch RA VPN Cloud/Virtual Data Center NGIPS Internet Edge Where Cisco can help
  • 5.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential Firepower Portfolio ASA 5508/16 NEW FPR 4115/25/45 NEW FPR 1010 NEW FPR 1120/40 FPR 2110/20/30/40 FPR 9300 Series SM-40 SM-48 SM-56 NEW ASA 5525/45/55 FPR 4110/20/40/50 SM-24 SM-36 SM-44 650 Mbps AVC 650 Mbps AVC+IPS 1.5-2.2 Gbps AVC 1.5-2.2 Gbps AVC+IPS 2-8.5 Gbps AVC 2-8.5 Gbps AVC+IPS Stand-alone device: 12-53 Gbps AVC 10-47 Gbps AVC+IPS 6 Six node cluster: Up to 254 Gbps AVC Up to 226 Gbps AVC+IPS One Module: 30-70 Gbps AVC 24-64 Gbps AVC+IPS Six node (2 chassis) cluster: Up to 336 Gbps AVC Up to 307 Gbps AVC+IPS SOHO/ SMB Branch Office Mid-Size Enterprise Large Enterprise Data Center Service Provider
  • 6.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential 4 Core • 1.2 Gbps AVC • 1.1 Gbps AVC+IPS 8 Core • 2.4 Gbps AVC • 2.2 Gbps AVC+IPS 12 Core • 3.6 Gbps AVC • 3.3 Gbps AVC+IPS Firepower NGFW: FTD Virtual Platforms Private Cloud • 1.2 Gbps AVC • 1.1 Gbps AVC+IPSc AWS Instance types • c3.xlarge • c4.xlarge • c5.xlarge Azure Instance types • Standard D3 • D3v2 Public Cloud
  • 7.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential NGFW Hardware 2019 Update As the threat landscape evolves, our NGFW portfolio does too. Gain more features and better performance at the same or lower price point. Better performance • Up to 3.5x boost in NGFW throughput • Up to 5x boost in VPN throughput More connections • Up to 2x more connections per second (CPS) Improved encrypted traffic throughput • Up to 3x boost in encrypted traffic performance
  • 8.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential NEW: Firepower 1000 Series Small business and branch office security with superior price / performance NEW *POE and L2 support expected 2H CY2019 NEW Firepower 1010 • High–performance desktop NGFW • PoE, 8 10/100/1000 Base-T RJ45 switching ports* • Stateful firewall, AVC, NGIPS, AMP, URL filtering 650Mbps NGFW throughput Firepower 1120/40 • High–performance Rackmount NGFW • 8 10/100/1000Base-T RJ45 switching ports, 4 1000Base-F SFP switching ports • Stateful firewall, AVC, NGIPS, AMP, URL filtering 1120-1.5Gbps NGFW Throughput 1140-2.2Gbps NGFW Throughput
  • 9.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential Firepower NGFW: ISA3000 Provides FTD to Manufacturing Maximum Firewall Throughput 2 Gbps Ideal for industrial environments • Hardened design • DC power supply • DIN rail Two models of ISA 3000 • 2 x Copper + 2 x Fiber data interfaces • 4 x Copper data interfaces Industrial features include • Alarm port: 2 x alarm input, 1 x alarm output • SD card auto backup/restore • Hardware bypass for transparent mode firewall
  • 10.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential Firewall Policy Powered by Talos & OpenApp ID Security Intelligence: Block latest malicious IPs, URLs and FQDNs AVC with OpenAppID: Identify and control over 4,000+ pre-defined apps AVC with OpenAppID: Easily create custom application detectors URL Categories: Classify 280M+ URLs using 80+ categories Category-based Policy Creation Admin Allow Block DNS Sinkhole 01001010100 00100101101 Security feeds URL | IP | DNS Control traffic based on IP, URL, FQDN, or application NGFW Allow BlockWarn
  • 11.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential Integrated TLS Decryption Decrypt traffic in hardware or software Inspect deciphered packets Track and log all TLS sessions Finds encrypted threat while reducing performance impact • TLS hardware acceleration delivers high-performance inspection of encrypted traffic • Centralized enforcement of TLS certificate policies • Examples: Blocking self-signed encrypted traffic, specified TLS version, cypher suites Encrypted Traffic Log TLS decryption engine NGIPS Enforcement decisions AVC elicit gambling https://www.%$*#$@#$.com https://www.%$*#$@#$.com https://www.%$*#$@#$.com https://www.%$*#$@#$.com https://www.%$*#$@#$.com https://www.%$*#$@#$.com https://www.%$*#$@#$.com https://www.%$*#$@#$.com https://www.%$*#$@#$.com https://www.%$*#$@#$.com https://www.%$&^*#$@#$.com https://www.%$&^*#$@#$.com
  • 12.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential Site-to-Site VPN Easily and securely interconnect remote sites • IKEv1/IKEv2 policy-based VPN • Easy topology-based management of VPN on multiple peers • Point-to-point • Hub and Spoke • Full Mesh • Flexible authentication options – pre-shared key (automatic) and certificates Point-to-Point Hub and Spoke Full Mesh FTD FTD FTD FTD Router Third Party Device or or Hub
  • 13.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential Remote Access VPN with DUO Provide ubiquitous secure access from remote and roaming users • Posture assessment • Uses TLS, DTLS or IKEv2 • Easy wizard-based configuration • Integration with LDAP and RADIUS • Identity based security policies • Enhanced security with 2 FA/MFA provided by Duo Extend access remotely Protect important data Maintain application performance Support multiple sites AnyConnect RA VPN Client
  • 14.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential
  • 15.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential
  • 16.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential Smart Licenses Smart Licensing is Different Limited View Customers do not know what they own. PAK Registration Manually register each device. Device-Specific Licenses are specific to only one device. Complete View Software, services, and devices in easy-to-use portal. Easy Registration No PAKs. Easy activation. Ready to use. Company-Specific Flexible licensing. Use across devices. Classic Licenses Automated Provisioning | Efficient Consumption | License Portability
  • 17.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential Partner Holding Account Smart Account Types Customer Smart Account • Where licenses are deposited and managed • Can be managed by customer directly, designated VAR or authorized party through CSSM or LRP Virtual Accounts (Organize by business unit, product type, geo, etc.) • Partner or reseller store smart enabled products temporarily, before depositing them into an end customer Smart Account. • Note: It is recommended that partners deposit licenses directly into the Customer Smart Account because licenses can only be consumed in the Customer Smart Account
  • 18.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential Smart Licensing Deployment Options
  • 19.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential Management Designed for the User For easy on-box management of single FTD or pair of FTDs running in HA For centralized cloud-based policy management of multiple deployments *For FTD release 6.4 or higher Helps administrators enforce consistent access policies, rapidly troubleshoot security events, and view summarized reports across the deployment Cisco Firepower Device Manager (FDM) Cisco Defense Orchestrator (CDO) Cisco Firepower Management Center (FMC) On premise Centralized Manager SecOps Focused On-box manager NetOps Focused Cloud Based Centralized Manager NetOps Focused Coexist Flexibility of cloud or on-premises options Common APIsSecurity Integrations
  • 20.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential Wizard-Based Guided Workflows Optimized for Commercial Co-exists with Cloud Management Firepower Device Manager
  • 21.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential Network Users HQ Data Center Admin Branch What is Cisco Defense Orchestrator (CDO)? Roaming Users Cloud applicationsSD-WAN Policy - CDO Visibility & Evening - SAL Incident response - CTR FTD AMP ASA FTD Consistently manage policies across your Cisco security products. CDO is a cloud-based application that cuts through complexity to save time and keep your organization protected against the latest threats.
  • 22.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential CDO Supported Platforms Hardware Minimum Software ASA 5500-X ASA 8.4 FTD 6.4 Firepower 1000 ASA 9.13 FTD 6.4 Firepower 2100 ASA 8.4 FTD 6.4 Firepower 4100 ASA 8.4 Coming soon Firepower 9300 ASA 8.4 Coming soon Virtual – Private Cloud KVM, VMWare ASA 8.4 FTD 6.4 Virtual – Public Cloud AWS, Azure ASA 8.4 Coming soon Meraki MX Latest software update
  • 23.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential Firewall Throughput 250 Mbps 250 Mbps 450 Mbps 450 Mbps 450 Mbps 450 Mbps VPN Throughput 100 Mbps 100 Mbps 200 Mbps 200 Mbps 200 Mbps 200 Mbps Gigabit WAN Ports 2 (1 shared) 2 2 (1 shared) 2 2 (1 shared) 2 Gigabit LAN Ports 4 10 4 10 4 10 PoE+ Ports - 2 - 2 - 2 Wi-Fi (on W models) 802.11ac 802.11ac 802.11ac Wave 2 802.11ac Wave 2 - 802.11ac Wave 2 Embedded Cellular - - - - CAT 6 LTE CAT 6 LTE MX64/64W MX67CMX67/67W MX68/68W MX68CWMX65/65W MX Security & SD-WAN Small Branch Portfolio Improved performance and embedded LTE Advanced
  • 24.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential
  • 25.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential
  • 26.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential
  • 27.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential
  • 28.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential
  • 29.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential
  • 30.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Ready to get started? Upgrade your NGFW today! Sign up for a free trial: FMC Trial CDO Trial
  • 31.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential • Fire Jumper Program https://communities.cisco.com/docs/DOC-55046 • NGFW & NGIPS Competency Area https://communities.cisco.com/docs/DOC-57815 • Web & Email Security Competency Area https://communities.cisco.com/docs/DOC-57817 • Policy & Access Competency Area https://communities.cisco.com/docs/DOC-57780 • Advanced Threat Competency Area https://communities.cisco.com/docs/DOC-57818 • Proof of Value (PoV) & Best Practice Docs https://communities.cisco.com/docs/DOC-65405 • dCloud https://dcloud.cisco.com • Digital Network Architecture (DNA) https://dcloud2-rtp.cisco.com/dCloud/dna.jsp Resources  Security Community https://www.cisco.com/go/securitychannels  Voice of the Engineer https://communities.cisco.com/docs/DOC-30718  Tech Talks https://communities.cisco.com/docs/DOC-30977  Competitive Battle cards https://communities.cisco.com/docs/DOC-56271  Partner Help http://www.cisco.com/go/ph  Umbrella Partner Portal https://communities.cisco.com/docs/DOC-64565  NGFW Sizing guide https://communities.cisco.com/docs/DOC-70837
  • 32.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential Partner Incentives and Promotions • ASA Refresh: www.cisco.com/go/asamigration • IPS Refresh: www.cisco.com/go/ipsmigration • AnyConnect Refresh: www.cisco.com/go/anyconnectmigration • ACS to ISE Refresh: www.cisco.com/acs-ise-migration • Security Ignite: http://www.cisco.com/web/partners/incentives_and_promotions/security-ignite.html • Security Bundles: http://www.cisco.com/c/en/us/partners/sell-integrate-consult/incentives-promotions/security-solution-bundle.html Additional Resources
  • 33.
    © 2019 Ciscoand/or its affiliates. All rights reserved. Cisco Partner Confidential Key Help Resources Customer Facing Websites • Smart Account Home CCO Page: www.cisco.com/go/smartaccounts • Smart Licensing CCO Page: www.cisco.com/go/smartlicensing • Smart Licensing ‘Satellite’ CCO Page: www.cisco.com/go/smartsatellite • Best Practices & Usage Guides: http://forums.cisco.com/ecom/web/operations-exchange/sot • Sample Config Guide: http://www.cisco.com/c/dam/en/us/products/collateral/cloud-systems-management/smart- software-manager-satellite/smart-software-prod-config-guide.pdf • Cisco Security Licensing and Software Access: https://communities.cisco.com/docs/DOC-55301 • Security Voice of the Engineer (VoE): https://communities.cisco.com/docs/DOC-30718 Getting Help • GLO Support: Fully supported by GLO 24x7. • licensing@cisco.com • General Questions: ask-smartlicensing@cisco.com • Portal Issues: smart-ops-support@cisco.com • Migration Issues: smart-ops-support@cisco.com • Satellite Issues: cs-cssm-satellite@cisco.com Training • Live Training: Register for you or your customer at: • https://communities.cisco.com/docs/DOC-59481#anch2 • Youtube Training Videos: https://www.youtube.com/channel/UCABaWsiDScw_w6kvPcDIjHw • Cisco.com Training Videos & Demos: • http://www.cisco.com/web/ordering/smart-software- manager/index.html
  • 34.

Editor's Notes

  • #4 Speaker Notes Format Why is this slide covered? – a high level overview to show Cisco has a wide breadth of platforms – we are not just a End Point, or Firewall, or IPS, or Email, Web, DNS, Analytics …….. We have proven evidence we are leaders in all of these What are the 2 or 3 specific points we must get across on this slide? – It takes contextual knowledge of the entire eco system to provide those last few percentage points of confidence in stopping threats. Blended Advanced Persistent Threats that are very stealthy and try to get past point in time solutions can be uncovered quicker when we have visibility across all of these. Customers don’t need to purchase all of Cisco’s solutions to get all of these benefits because Talos correlates and consolidates data globally from customers to leverage specific data locally to all customers. Is this a competitive positive for Cisco?
  • #7 13 x4 ==52
  • #11  Talos is the threat intelligence group at Cisco. We are here to fight the good fight — we work to keep our customers, and users at large, safe from malicious actors. Defense in depth even within a firewall is a key design goal for any security policy. FTD has a variety controls to ensure the tightest security layer as well as enforce acceptable use policies.   The flexibility in place includes inspection and controls across the L4-7 packet information. FTD can be configured to pull in feeds from Talos in the form of Security intelligence. This feed allows the NGFW to intelligently block or allow flows based on IP, URLs and FQDN.   Application control is also a critical requirement. What apps are end users allowed to use and from which zone in your network? Are they allowed to interact with all the micro apps on a website? Can they even use the app in the first place? We have over 4000 pre-defined apps at your control. But we know apps are always changing and you may have your own app you want to control, so AVC and OpenAppID can be easily customized to meet your specific application control needs   Yet another layer of security control fall under the URL categories. Based on Cisco’s Talos intelligence, administrators can define the processing of DNS layer requests. Do you want to block certain categories? Or just report the end user visiting those sites? Do you want to block on the reputation of a specific site based on the possibility of a site being compromised?   Combining all of these controls within the very easy to understand and control policy definition process provides a superior defense in depth layer of security.
  • #12 Speaker Notes Format Why is this slide covered? This is a critical value that addresses a significant pain point for our customers. Encrypted traffic causes a blind spot to our customers. This blind spot can be for good reasons because the stream should not be investigated, maybe it’s an employees banking information or HR data. BUT – what about the malicious traffic now also hiding in the encrypted flows. We must provide the ability to intelligently chose what to decrypt and analyze and more importantly not severely impact the performance of the solution. What are the 2 or 3 specific points we must get across on this slide? We provide industry leading performance and control capabilities around how we handle encrypted traffic. We can do this in software and in purpose built hardware. We also provide very detailed logging information around these sessions. Is this a competitive positive for Cisco? Encryption can be used for good, we secure our banking information, we like to see that lock on the website when we do our online shopping. But it is also used for the questionable and in many cases used by the criminal actors. With today’s networks becoming more and more blind to the ever increasing percentage of encrypted traffic, we can no longer take it for granted. Your firewall must be able to understand what is going on. This is usually done by decrypting the flow as a man in the middle. We then scan and understand what is going on with our access policy rules. The firewall, for the allowed/good traffic then needs to re-encrypt the traffic on and send it on its way. This, when done in SW only, imposes a significant inspection tax. Your firewall slows down. You end up tuning or turning off engines in your firewall in order to maintain performance. Many times you are forced to buy a much larger firewall to just support this inspection. Not with Cisco’s NGFW architecture. Imbedded in our hardware we have architected TLS decrypt and encrypt with HW assistance. This greatly reduces the performance impact of understanding what is flowing over those encrypted conversations. With over 80% of your traffic being encrypted, you also require a method to enforce what type of encryption is used for the traffic you want to allow. FTD can enforce the version of TLS encryption as well as the cipher strength. We can allow or block if the cert is self signed or not, what cypher suites are allowed or not allowed. The combination of these controls allows our customers to enforce the policies around what types of encryption is used as well as what flows over or is allowed to pass. We provide detailed an extensive tracking and logging the TLS sessions themselves.
  • #13 Speaker Notes Format Why is this slide covered? While this may not be a significant differentiation for a NGFW, it is required for many deployments. We support the majority of the VPN architectures. What are the 2 or 3 specific points we must get across on this slide? Is this a competitive positive for Cisco? Speaker’s Notes: Your firewall in many cases is also the termination point for your VPN connections as well. These connections can be site to site or end user vpn tunnels. FTD has inherited much of the VPN technology from our long history with ASA. We have added in enhanced configuration and reporting tools to make deployment easier. These VPN architectures can be defined as point to point, hub and spoke or full mesh. We provide an easy to understand graphical representation of these deployments to reduce the potential of errors and decrease the amount of time to setup, enforce and trouble-shoot VPN configurations.
  • #16 Firepower Performance Estimator https://ngfwpe.cisco.com/dashboard?code=r9CcrIc4_LfbNA5yj8mJMiISP0fWAz1WPRwAAADO
  • #20 Speaker Notes Format Why is this slide covered? To review with the customer that we have many ways to manage our environment. See if the customer has a requirement or desire for on prem or cloud based management. Explain that we have flexible choice and over time, the power to choose which consumption model required will improve (CDO on 4100 and 9300 coming in 6.5, etc) What are the 2 or 3 specific points we must get across on this slide? Cisco provides in depth management solutions across the consumption models. These models can be chosen by either where they want to manage their devices OR what group is managing the devices (Security or Network) Is this a competitive positive for Cisco? Choosing the correct manager for your next generation firewall is an important step in designing your deployment. it really comes down to your core cases and requirements when you are choosing the right manager for your deployment. Cisco provides several options to its customers, ranging from on-box, to on-prem, to cloud based management. We will dive deeper into each of these in the following slides. The on-box manager which for the Firepower Threat Defense (FTD) is the graphical, intuitive, firepower device manager is a free with the FTD device but limits you to managing devices individually. Firepower Device Manager (FDM) enables easy on box reporting, policy and configuration management of common tasks. Centralized management is available in two consumption models; on premise and cloud. Lets take a look at on-prem first. The Firepower Management Center (FMC) which provides comprehensive security administration and automation of multiple devices. Customers can leverage FMC to centrally manage both stateful services, configurations and policies and the Firepower firewall features in a single image. In the cloud, we have the Cisco Defense Orchestrator (CDO) which enable centralized cloud-based policy orchestrations and reporting for multiple sites and multiple security products (ASA, FTD, Meraki with more being added over time) from a single cloud based interface.
  • #21 As we step into achieving a larger GOAL You can already get a glimpse of it with FDM; our local FTD manager which is supported on low and mid range platforms today, with modern ux and workflows which are optimized for the commercial usecase And one of the key benefits is that it is made to co-exist with our Cloud Manager CDO
  • #22 The network operations teams need a solution that can: Manage Policy Changes Across Many Devices Consistently and Easily: Critical to maintaining your security posture, but is time consuming and prone to human error when doing this across MANY devices. Simple, Efficient and Effective policy management is critical. Your Business Is Not Static: As your business evolves you need a solution that will scale to meet the needs of your business! Adding devices needs to be easier and consistent. Ongoing management holistically across devices is critical! Running the most optimal, secure environment is required! We Must Be Ahead of the Threats: Updating a platforms firmware or policy cannot take days when our company is at risk. It MUST happen quickly! And lastly, Do More With Less: On top of the increased workload, you are often expected to meet growing demands with a team that just isn’t getting any bigger. Overall, this means you need an integrated security solution that is not only effective, but also simpler and consistent to manage. You need a systematic to improve your security posture and provide robust security policy management across all of your locations. In addition CDO will soon add, AWS, Umbrella SIG, Meraki MX, and Cisco Secure SD-WAN to its capability set. Write and set policy once, eliminating the chance of human error, and bringing consistency to your security posture across the entire hybrid network Speaker - FYI Where are CDO Data Centers? AWS – US West (Oregon) AWS – US East  (Virginia) AWS – EU Central (Frankfurt) Can I sell CDO if out of region?   YES!   CDO transactions are low overhead and we have clients all over the world with services out of the US or EMEAR. ASA (available) - Shared objects, Shared policies, Device management, CLI automation FTD (June 2019) - Layer 3, 4 and 7, IPS and malware, Objects, policies, Device management Meraki (June 2019) - Layer 3 rules, NAT Shared objects with ASA and FTD AWS (August 2019) - Security groups orchestration, VPN topology SD-WAN (Dec 2019) - Policy management, VPN management
  • #23 CDO is an open platform leveraging APIs, making it easy for us to extend CDO to additional platforms Note: Meraki support available August 2019 FTD 6.5 is expected in Fall 2019 Cisco.com/go/cdo Find details about pricing and demos on Salesconnect Free CDO with new hardware sales as part of our “Ignite the Firewall” partner program
  • #32 Slide 21-23: Should clean up, but I can take the lead on this one. I’ll probably incorporate into one or two slides.
  • #33 Slide 21-23: Should clean up, but I can take the lead on this one. I’ll probably incorporate into one or two slides.
  • #34 Slide 21-23: Should clean up, but I can take the lead on this one. I’ll probably incorporate into one or two slides.