cisco security @ comstor · cisco has an ngfw solution for every business small and midsized...
TRANSCRIPT
2
Agenda
• Cyber Security?
• Cisco Security Solutions
- Cisco NGFW
- Cisco Umbrella
• Cisco Meraki, MR, MS, MV and MX
• Meraki Insight
1.Cisco Security Fundamentals
4
The consequences of insufficient security
• Identity Theft
• Equipment Theft
• Compromised Customer Confidence
– Loss of Business
• Compromised Employee Confidence
– Turnover / Weak Retention of Staff
• Service Interruption (e.g. e-mail and application)
• Loss of Competitive Advantage
• Loss of Reputation (e.g. embarrassing media coverage)
• Legal Penalties – fines and other legal action
5
Basic PrinciplesAllowing only authorized subjects to access to information
Allowing only authorized subjects to modify information
Ensuring that information and resources are accessible when needed
6
The threat-centric security model
Network Endpoint Mobile Virtual Cloud
Point in Time ContinuousThreat Intelligence
DURINGDetect
Block
Defend
AFTERScope
Contain
Remediate
BEFOREDiscover
Enforce
Harden
7
Which dramatically expands what you have to worry about
Newdemands
Morethings
Threats are harder to stopVisibility is more elusiveAccess is tougher to manage
Specialized threats
Global collaboration
Anywhere access
BYOD
Source: 2016 Verizon Data Breach Investigations Report
30%
Phishing messages opened by the target across campaigns
8
Cisco NGFWNext Generation Firewalling – Beyond packets, Ports and traffic1.
Cisco Security Fundamentals
9
They can’t help you once you’ve been breached…
They’re only app-focused…
They’re another silo to manage…
Threat
Threat
Threat
Attack Continuum
BEFORE AFTERDURING
NGFW DDoS SandboxAcceptable useIPS
Other “next-generation” firewalls fix some problems but create new ones
10
Cisco Firepower NGFW is a complete solution
Detect earlier, act faster
Gain more insight
Reducecomplexity
Stop more threats
Get more fromyour network
Cisco Firepower™ NGFW
Fully IntegratedThreat Focused
11
Malware
Client applications
Operating systems
Mobile Devices
VOIP phones
Routers & switches
Printers
C & C Servers
Network Servers
Cisco Firepower NGFW
Users
File transfers
Web applications
Applicationprotocols
Typical NGFW
The more you see, the better you can protect
Offering extensive contextual visibility
Threats
Typical IPS
12
Cisco has an NGFW solution for every business
Small and Midsized Business Midrange Enterprise
ASA 5525-X/ ASA 5545-X/
ASA 5555-X
Firepower
2130/2140
Firepower
2110/2120
ASA 5506-X / 5506W-X / 5506H-X /
5508-X / 5516-X
Firepower
4110/4120/4140/4150
Firepower 9300
ASA 5585-X
NGFWs for SMBs and distributed
enterprises with integrated threat defense, a
low TCO, and simplified security
management.
Enterprise-class security for the internet
edge, with superior threat defense,
sustained performance, and simple
management.
From the internet edge to carrier grade
security for data centers and other high-
performance settings, with multiservice
security, flexible architecture, and unified
management.
13
Choose from four powerful new appliances with industry-best price-performance
Models 2110 & 2120Low-cost, high–performance
1 RU NGFW, Fixed 16-port
1GbE connectivity
Models 2130 & 2140High–performance 1 RU NGFW
Network modularity, up to 24-port 1GbE
and up to 12 10GbE connectivity
Up to 8.5 Gbps FW+AVC+IPS throughput
14
Pack in more value with the Firepower 2100 series
ModelForm
Factor
Throughput –
FW+AVC (1024b)
Throughput –
FW+AVC+IPS (1024b)
Firepower 2110
ASA 5525-X
Firepower 2120
ASA 5545-X
ASA 5555-X
Firepower 2140
1RU
1RU
1RU
1RU
1RU
1RU
1RU
2 RU
1.9 Gbps
1.1 Gbps
3 Gbps
1.5 Gbps
4.75 Gbps
1.75 Gbps
8.5 Gbps
4.5 Gbps
1.9 Gbps
3 Gbps
1 Gbps
4.75 Gbps
1.25 Gbps
8.5 Gbps
2.5 Gbps
2X - 4X throughput increase
650 Mbps
ASA 5585-X
SSP 10
Firepower 2130
Space & eco-design packaging /
redundancy / network modularity
Higher connectivity – up to 24
1GbE and 12 10GbE ports
Sustained performance as
threat functions are enabled
4X Performance2X Performance
16
c
File Reputation
Advanced Malware Protection (AMP)
Uncover hidden threats in the environment
• Known Signatures
• Fuzzy Fingerprinting
• Indications of compromise
Block known malware Investigate files safely Detect new threats Respond to alerts
File & Device TrajectoryAMP for
Network Log
Threat Grid Sandboxing
• Advanced Analytics• Dynamic analysis• Threat intelligence
?
AMP for Endpoint Log
Threat Disposition
Enforcement across all endpoints
RiskySafeUncertain
Sandbox Analysis
17
Talos
Get real-time protection against global threats
Identify advanced threats Get specific intelligence Catch stealthy threats Stay protected with updates
Endpoints
Devices
Networks
NGIPS
WWW Web250+Researchers
Jan
24 x 7 x 365 Operations
Security Coverage Research Response
1.5 million daily malware samples
600 billion daily email messages
16 billion daily web requests
Threat Intelligence
18
17.5 hoursAverage time to detectionwith Cisco security
100 daysIndustry average time to detection
The results speak for themselves
Source: Cisco Annual Security Report 2016
20
Cisco offers management designed for the user
Cloud-based policy orchestration for multiple sites
Cisco Defense Orchestrator
On-box, web-based
management
Firepower Device Manager
Consolidated
management
Streamlined
user experienceEnhanced
control
Centralized management
for multiple devices
Firepower Management Center
Unified
insight
Intelligent
automation
Scalable
management
Simple
interface
Efficient
managementEasy
set-up
22
Cisco Umbrella and where does it fit?Malware
C2 Callbacks
Phishing
HQ
Sandbox
NGFW
Proxy
Netflow
AV AV
BRANCH
Router/UTM
AV AV
ROAMING
AV
First lineNetwork and endpoint
Network and endpoint
Endpoint
It all starts with DNS
Precedes file execution and IP connection
Used by all devices
Port agnostic
24
Why Umbrella:1. Protection against malware,
phishing and C&C
2. Security without adding appliances or extra latency
3. Protects on and OFFnetwork
4. 92% of Ransomware is dependent on DNS to work
How does it work: 1. Umbrella sees over 5% of the
global DNS traffic
2. Security Research team analyze and models all data to predict attacks
3. Umbrella uses DNS to stop threats over all ports and protocols
What is Meraki?
MR WirelessLAN MS Ethernet Switches MX Security Appliances Systems Manager EMM MV Security Cams
SecureNo user traffic passes through cloudFully HIPAA / PCI compliant (level 1certified)meraki.cisco.com/trust
26
Future-proofNew features pushed through firmware,Automatic firmware and security updates (user-scheduled)
Scalableno bottlenecks Add devices or sites inminutes
ReliableHighly available cloud with multiple datacenters
Network functions even if connection to cloud is interrupted
MR Wireless LAN MS Ethernet Switches MX Security Appliances Systems Manager EMM MV Security Cams
Application ControlApplication traffic shaping
LocationEmbedded location analyticsHeatmaps
Secure AccessGuest accessEnterprise security WIDS / WIPS
30MR Wireless LAN MS Ethernet Switches MX Security Appliances Systems Manager EMM MV Security Cams
L7 Application and controlApplication visibilityVoice and Video QoSEnterprise Security
StackVirtual StackingPhysical Stacking
ToolsRemote Live ToolsNetwork TopologyL3 Scalability
32MR Wireless LAN MS Ethernet Switches MX Security Appliances Systems Manager EMM MV Security Cams
SecurityNG Firewall, Client VPN, Site to Site VPN, IDS/IPS, Malware Protection, Geo-Firewall
NetworkingNAT/DHCP, 3G/4G Cellular, SD-WAN
Application ControlWeb Caching, TrafficShaping, Content Filtering
33
All MX devices support 3G/4G
Medium Branch
MX84
~200 users
FW throughput: 500 Mbps
MX100
~500 users
FW throughput: 750 Mbps
New
vMX100 for AWS &Azure
FW throughput: 750 Mbps
VPN & SD-WAN features
Virtual
MX400
~2,000 users
FW throughput: 1 Gbps
MX600
~10,000 users
FW throughput: 1 Gbps
New
MX250
~2,000 users
FW throughput: 4 Gbps
New
MX450
~10,000 users
FW throughput: 6 Gbps
Large Branch, Campus or Concentrator
Small Branch
MX64 MX65
~50 users
802.11ac wireless & PoE
FW throughput: 250 Mbps
Teleworker
Z1
~5 users
802.11ac Wireless & PoE
FW throughput: 50-100 Mbps
New
Z3
MX Portfolio
34
MR Wireless LAN MS Ethernet Switches MX Security Appliances Systems Manager EMM MV Security Cams
Security CamerasThe MV family brings Meraki magic
to the video security world.
35
MV Security Cameras
Hardware Features
IR Illumination
On-Device 128GB solid state storage
720p HD recording with H.264 encoding
(5 Megapixel sensor)
Automatic DSCP marking
IP66 and IK10 rated (MV71)
Mounting kits available
indoor and outdoor security
3 year hardware replacement warranty
MV21 Indoor
MV71 Outdoor
36
Introducing MV12
A family of indoor
mini dome
cameras designed
with more than
just security in
mind
3 SKUs – 256GB and 128GB storage models
High definition 1080p
Microphone
Wireless capable*
Compact form factor
Qualcomm Snapdragon processor
Advanced on-board analytics and machine learning
*Wireless Functionality
(Software Update) & Power Converter
Available Fall 2018
*Wireless Functionality
(Software Update) & Power Converter
Available Fall 2018
39
Sound familiar?
“The network’s slow”
“My Wi-Fi is broken”
“My Internet is down”
“This is IT. How can I help?”
40
What are Contributors to poor end-user experience?
LAN congestion
Rogue actors
Network design
Network capacity limits
WAN congestion
Application errors
Application server processing time
Authentication / DNS server response time
Inte
rnal
Exte
rnal
Deploy Meraki Dashboard Tools (Traffic shaping, QoS, Air Marshal)LAN congestion
Rogue actors
Network design
Network capacity limitsAddress with training, more infrastructure
WAN congestion
Application errors
Application server processing time
Authentication / DNS server response time
Apply Meraki Insight