Documente Academic
Documente Profesional
Documente Cultură
Benjamin Doyle
October 15th, 2015
Agenda
- Sourcefire
- Cisco ASA Next-Gen Firewall (NGFW)
- FireSIGHT Management Center (FMC)
- FirePOWER Services
- Intrusion Prevention System (IPS)
- Advanced Malware Protection (AMP)
- URL Filtering
- Meraki Security Appliance (MX)
Sourcefire
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Sourcefire
Founded in 2001
2013: Acquired by Cisco for US$2.7B
2014: Technology integration within Cisco
Hardware and Software
ClamAV and Snort
File reputation and dynamic analysis
Analysis of behaviours & containment
Retrospective protection
Visibility through dashboards
2015: EoL non-SF IPS appliances
Cisco ASA
Next-Generation
Firewall
(NGFW)
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Cisco ASA and Sourcefire FirePOWER
Cisco ASA Product Line
ASA 5585-SSP60
ASA 5585-SSP40
Performance and Scalability
ASA 5585-SSP20
ASA 5585-SSP10
ASA 5555-X
ASA 5545-X
ASA 5525-X
ASA 5515-X
ASA 5512-X
2 RU Platforms - 5585
1 RU Platforms
Internet Edge/Campus/Data Center
Branch Office/Internet Edge
2 – 20 Gbps: Firewall
200Mbps - 2 Gbps: Firewall
1.2 – 6 Gbps: Next Gen IPS
100 – 725 Mbps: Next Gen IPS
650Mbps – numbers
* Performance to be finalized
2.4 Gbps:NGIPS, AVC, AMP
30-160 Mbps: NGIPS, AVC, AMP
NGFW with NGIPS
Analytics &
Automation ► Industry-leading FirePOWER Next-
Generation IPS (NGIPS)
Application
Network Firewall Visibility & Built-in Network Identity-Policy
Routing | Profiling
Switching
Control Control & VPN
► Reputation- and category-based URL
filtering
Cisco ASA
► Advanced Malware Protection
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
FireSIGHT Components
Host Application
User discovery
discovery identification
Reports on
Identifies OS, Includes
potential FireSIGHT can
protocols and applications that Applications can Monitors for user Integrates with Authoritative
vulnerabilities identify over
run over web be used as IDs transmitted MS AD servers to users can be used
services present on each 1900 unique
services such as criteria for access as services are authoritatively ID as access control
running on host based on the applications using
Facebook or control used users criteria
each host information it’s OpenAppID
LinkedIn
gathered
FireSIGHT Management
Discovery is reported
to you by way of
events
C&C Detection
via Protocol Analysis
Contextual NGIPS
Events (Impact 1)
FireAMP Endpoint
Malware Events
FireSIGHT Discovery
By knowing the details of what’s running in your environment, the
Sourcefire System can produce a list of what vulnerabilities likely exist
This allows the Sourcefire System to put intrusion events in context for
more accurate and actionable alerting
Contextual
Information Superiority Awareness
FireSIGHT Management Center:
Threat Information
FireSIGHT Management Center:
Operational Value
FirePOWER
Services
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Traditional Defense-in-Depth
• Forced to buy multiple security solutions – firewalls, web filters, IPS modules,
etc.
• Often from different vendors – compatibility issues
• Increases complexity, limited visibility
• Vulnerability – lack of unified protection creates gaps and blindspots
• Need several dedicated teams to configure, install, and monitor multiple
systems
• Increased cost and labor, reduced incident response time
Challenges with Traditional Defense-in-Depth Security
Cisco ASA with FirePOWER
Attack Continuum
Advanced Malware
Firewall/VPN NGIPS
Protection
IoCs/Incident
Modern Threat Control Web Security Response
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Sourcefire NGIPS
34
After Attack
The Next Generation Security Model
Attack Continuum
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
AMP
• File Reputation
• Dynamic
Analysis
(Sandboxing)
• Retrospective
Security
Anti-Malware Protection & the Attack Continuum
File Retrospection
File Trajectory
Contextual Awareness In-line Threat Detection
Network Control Automation and Prevention
File Retrospection
File Trajectory
Device Trajectory
Endpoint File Analysis
hash
hash
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
URL Filtering
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
Meraki
• Leader in cloud networking: 20,000+ customer networks
deployed
• Founded in 2006 at MIT - tradition of innovation and R&D
• 350 employees worldwide
• 100% Cloud-managed edge and branch networking portfolio
• Complete line of wireless, switching, security, WAN optimization,
• and mobile device management products
• Now part of Cisco
• Increasing R&D investment in Meraki products
• Leveraging Cisco’s reach to bring Meraki to new markets
• No near-term changes planned to pricing, licenses, product roadmap,
etc.
• Cisco purchased Meraki for 1.2B in 2012.
Order Process
Cloud License
1yr, 3yr, 5yr
Install
Warranty
Meraki Management
WAN Reliable
Management • Highly available cloud with multiple datacenters
data (1 kb/s)
• Network functions even if connection to cloud is interrupted
• 99.99% uptime SLA
Secure
• No user traffic passes through cloud
LAN • Fully HIPAA / PCI compliant (level 1 certified)
• 3rd party security audits, daily penetration test
Hardware – “MX”
o Next Generation Firewall: o 3G / 4G Failover:
Layer 7 traffic classification and control Cellular support for maximum uptime
Intrusion detection engine Seamless, automatic failover with traffic
Identity based and device-aware security prioritization
o WAN Optimization:
o Auto VPN:
Universal data store with de-duplication
Auto-provisioning IPSec VPN
WAN link compression
Automatically configured VPN parameters
Flexible tunneling, topology and security o Content Filtering:
policies Identity-based filtering policies
Meraki Licensing
Subscription/License – “MX”
Meraki Sizing
Hardware – “MX”
MX400 MX100 MX80 MX60W MX60 Z1 (Teleworker)
• Integrated Intrusion Detection
Stateful Firewall
Throughput
1 Gbps 500 Mbps 250 Mbps 100 Mbps 100 Mbps 50 Mbps (IDS)
• Device Aware Access Controls
VPN Throughput 325 Mbps 225 Mbps 125 Mbps 50 Mbps 50 Mbps 10 Mbps
(BYOD) (Layer 7)
WAN • Category-based content filtering
Optimization 1 TB SATA 1 TB SATA 1 TB SATA 100 MB 100 MB N/A • Load Balance WAN connections
Cache
• 3G/4G backup WAN connectivity
8 x GbE
8 x GbE 5 × GbE 1 x GbE WAN • WAN Acceleration/Optimization
Interfaces 8 x GbE (SFP) 5 x GbE 5 x GbE
2 x GbE (SFP) 1 × 802.11n 4 x GbE LAN
4 x 10 GbE (SFP+)
Meraki Cloud
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58