next generation security

Download Next Generation Security

Post on 12-Jul-2015

457 views

Category:

Technology

1 download

Embed Size (px)

TRANSCRIPT

  • Next Generation Security

    Rob Bleeker

    Security Consulting Systems Engineer

    CCIE# 2926, CISSP

    Justin Malczewski

    1234567890

  • 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

    The Industrialization of Hacking

    1990 2020 2015 2010 2005 2000 1995

    Phishing, Low

    Sophistication

    Hacking Becomes

    an Industry

    Sophisticated

    Attacks, Complex

    Landscape

    Viruses 19902000

    Worms 20002005

    Spyware and Rootkits 2005Today

    APTs Cyberware Today +

  • 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

    How Bad 2013 and Beyond

    145 Million 152 Million

    70 Million

    60 Million

    50 Million

    50 Million and a lot more!!!!!!

  • 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

    Needs to be a Better Approach

    Current approach has never worked!

    Imagine Security as an Architecture

  • 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6

    The New Security Model

    BEFORE Discover

    Enforce

    Harden

    AFTER Scope

    Contain

    Remediate

    Attack Continuum

    Network Endpoint Mobile Virtual Cloud

    Detect

    Block

    Defend

    DURING

    Point in Time Continuous

  • 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

    Cyber Attack Chain

    Recon Package Deliver Exploit Install CnC Act

    BEFORE Discover

    Enforce

    Harden

    AFTER Scope

    Contain

    Remediate

    During Detect

    Block

    Prevent

    Visibility and Context

    Firewall

    NGFW

    NAC + Identity Services

    VPN

    UTM

    NGIPS

    Web Security

    Email Security

    Advanced Malware Protection

    Network Behavior Analysis

  • 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

    The better you can protect.

    The More You See

  • 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9

    Visibility Control

    0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101 101000 0110 00 0111000 111010011 101 1100001

    0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101 101000 0110 00 0111000 111010011 101 1100001 11000

    CiscoSecurity Intelligence Operation (SIO)

    Cisco SIO

    WWW Email Web Devices

    IPS Endpoints Networks

    More Than 150 Million DEPLOYED ENDPOINTS

    100 TB DATA RECEIVED PER DAY

    1.6 Million GLOBAL SENSORS

    40% WORLDWIDE EMAIL TRAFFIC

    13 Billion WEB REQUESTS

    Cloud AnyConnect IPS

    ESA WSA ASA WWW

    3 to 5 MINUTE UPDATES

    More Than 200 PARAMETERS TRACKED

    More Than 5500 IPS SIGNATURES PRODUCED

    More Than 8 Million RULES PER DAY

    More Than 70 PUBLICATIONS PRODUCED

    Information

    Actions

    More Than 40 LANGUAGES

    More Than 80 PH.D, CCIE, CISSP, MSCE

    More Than $100

    Million SPENT IN DYNAMIC RESEARCH

    AND DEVELOPMENT

    24 Hours Daily OPERATIONS

    More Than 800 ENGINEERS, TECHNICIANS,

    AND RESEARCHERS

  • 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10

    Collective Security Intelligence

    IPS Rules

    Malware Protection

    Reputation Feeds

    Vulnerability Database Updates

    Sourcefire AEGIS Program

    Private and Public

    Threat Feeds Sandnets

    FireAMP Community

    Honeypots

    Advanced Microsoft

    and Industry Disclosures

    SPARK Program Snort and ClamAV

    Open Source Communities

    File Samples (>380,000 per Day)

    Sourcefire VRT

    (Vulnerability Research Team)

    Sandboxing Machine Learning

    Big Data Infrastructure

  • 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

    ASA with FirePower Services

  • Mission:

    Founded in 2001 by Marty Roesch

    Security from Cloud to Core

    Market leader in (NG)IPS

    Recent entrant to NGFW space with strong offering

    Groundbreaking Advanced Malware Protection solution

    Innovative 52+ patents issued or pending

    Pioneer in IPS, context-driven security, advanced malware

    World-class research capability

    Owner of major Open Source security projects

    Snort, ClamAV, Razorback

  • 13

    Sourcefire Security Solutions

    COLLECTIVE

    SECURITY

    INTELLIGENCE

    Management Center APPLIANCES | VIRTUAL

    NEXT- GENERATION

    FIREWALL

    NEXT- GENERATION

    INTRUSION

    PREVENTION

    ADVANCED

    MALWARE

    PROTECTION

    CONTEXTUAL AWARENESS HOSTS | VIRTUAL MOBILE

    APPLIANCES | VIRTUAL

  • 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14

    FirePOWER Services for ASA: Components

    ASA 5585-X

    FirePOWER Services Blade

    Models: ASA 5512-X, 5515-X, 5525-X, 5545-X, and 5555-X

    SSD Drive Required

    FirePOWER Services Software Module

    Licenses and Subscriptions

    Models: ASA 5585-X-10, ASA 5585-X-20, ASA 5585-X-40, ASA 5585-X-60

    New FirePOWER Services Hardware Module Required

    Licenses and Subscriptions

  • 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15

    2014 NSS Labs SVM for NFGW

  • 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16

    Functional Distribution

    ACL

    NAT

    VPN Termination

    Routing

    Advanced Malware Protection

    AVC (App Control)

    NGIPS

    URL Filtering

    FirePOWER Services

    Module

    Base ASA

  • 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17

    Next Generation Security on a Trusted Firewall

    FirePOWER Services

    NGIPS, NGFW/AVC, AMP

    FireSIGHT Management Center

    Comprehensive SECOPS Workflows

    Cisco Security Manager (CSM) or ASDM

    Comprehensive NETOPS Workflows

    ASA Software

  • 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19

    Why does this matter Application visibility efficacy is NOT a 100%.Today the best efficacy around App ID is about 65%. If you are looking to strengthen your overall security posture then building policies with 65%

    efficacy is putting your organization at risk. This creates a hit and miss security model.

    Application ID is non deterministic, applications are evasive, what happens with unknown applications.

    Logging of unknown application should take place and silent drops are forbidden in security you need to know what has happened even if the applications has not been identified

    Cisco Still Understands the Value of APP Visibility/Control Application visibility and control and web filtering has been within Ciscos portfolio for 5+ years.

    We have led this with our Cisco Ironport WSA and our CWS (Scansafe) solutions. (we have

    brought this quadrant leading product to our next generation ASA platform)

    Built upon a strong traditional stateful firewall platform that has been proven within the industry.

    Cisco is solving the application ID efficacy with OpenAppID

    NGFW RealitiesOpenAppID

  • 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20

    NGFW Realities The Blocks of Building the Best NGFW Difficult to Build at Best

    Good Great Poor

    How Cisco will be adding FireAMP for Malware and

    SourceFire NGIPS and further

    ISE integration.

    Very Difficult to build the best of

    breed for all elements that make

    a NGFW. Note: the great, good,

    and poor changes depending on

    the product referenced.

    NGFW Today

    Traditional FW

    VPN APP URL IPS

    Malware

    Visibility and Integration

    ASA with

    Firepower Services

    Traditional FW

    VPN APP URL IPS

    Malware

    Visibility and Integration

  • 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21

    FirePOWER Services: Application Control

    Control access for applications, users and devices

    Employees may view Facebook, but only Marketing may post to it

    No one may use peer-to-peer file sharing apps

    Over 3,000

    apps, devices,

    and more!

  • 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22

    Application Control

    Social:

    Security and

    DLP

    Mobile:

    Enforce

    BYOD Policy Bandwidth:

    Recover

    Lost

    Bandwidth

    Security:

    Reduce

    Attack

    Surface

  • 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23

    FirePOWER Services: URL Filtering

    Block non-business-related sites by category

    Based on user and user group

  • 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24

    FireSIGHT Full Stack Visibility

    CATEGORIES

    EXAMPLES

    FirePOWER Services TYPICAL

    IPS

    TYPICAL

    NGFW

    Threats

Recommended

View more >