next generation security
TRANSCRIPT
The Internet of Everything is changing Everything
Next Generation Security
John Tzortzakakis
Security Solutions Architect, Security Business Group
November 2014
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Threat Landscape evolution
100% of companies connect
to domains that host
malicious files or services
54% of breaches
remain undiscovered
for months
60% of data is
stolen in
hours
avoids detection and
attacks swiftly
It is a Community
that hides in plain sight
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
‘Defense-in-Depth’ Security Alone is Not Enough
Poor Visibility
Undetected
multivector and
advanced threats
Siloed Approach
Increased complexity
and reduced
effectiveness
Manual and Static
Slow, manual,
inefficient
response
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Building a Threat-Centric Cisco Security Architecture
BEFORE Discover
Enforce
Harden
AFTER Scope
Contain
Remediate
Detect
Block
Defend
DURING
Attack Continuum
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Security Intelligence and Services 6
BEFORE Discover
Enforce
Harden
AFTER Scope
Contain
Remediate
Detect
Block
Defend
DURING
Attack Continuum
Building a Threat-Centric Cisco Security Architecture
NGFW
Secure Access + Identity Services
VPN
UTM
NGIPS
Web Security
Email Security
Advanced Malware Protection
Network Behavior Analysis
Sandboxing
TrustSec
Visibility - Automation - Management
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
100 0111100 011 1010011101 1000111010011101 10001110 10011 101 010011101 1100001110001110 1001 1101 1110011 01100110 0110 00
01000 01000111 0100 11101 1000111010011101 1000111010011101 1100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011
Security is more than Application Control
Focus on the Apps
Legacy NGFWs can reduce attack surface area but advanced malware often evades security controls.
0100001000111 0100 1110101001 1101 111 0011 0
100 0111100 011 1010011101 1
01000 01000111 0100 01000111 0100 1001 11 0011 111 00111 1110101001 1101 111 0011 0111001 1110101001 1101 111 0011 0111001 1110101001 1101 111 0011 0111001
01000111 0100 01000111 0100 1001 11 0011 111 00111 1110101001 1101 111 0011 0111001 1110101001 1101 111 0011 0111001 1110101001 1101 111 0011 0111001?
Application Detection is NOT Security
But miss the threat…
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco’s Next Generation Security Offerings
FirePOWER NGIPS
• Best-of-Breed NGIPS for
Advanced Threat Protection
• Scalability up to 60Gbps+
• Application and Identity Aware
• Lower TCO Through Automation
ASA w/ FirePOWER Services Embedded Advanced
Malware Prevention (AMP) • Class-leading advanced
malware solution
• File reputation and sandboxing
• Malware Forensics reports
• Malware and file Retrospection
• Cisco AMP Everywhere ensures pervasive coverage
Appliance Virtual Flexible Deployment Cloud
• Only threat-focused NGFW to cover full attack continuum
• Available on existing ASA-x platforms
• Integrated NGIPS + AMP
• Ultra-Granular Policies: App, Identity, Risk, Business Relevance
Cisco NGFW
Common Technology across all offerings
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Introducing Industry’s First Adaptive Threat-Focused NGFW
#1 Cisco Security announcement of the year! Cisco Confidential 9 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco ASA with FirePOWER Services
Proven Cisco ASA firewalling
+ Industry leading NGIPS and AMP
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco Adaptive Security Appliance (ASA)
► Built upon 15 years of security innovation
► Widely deployed stateful firewall in Enterprise networks
► Class-leading AnyConnect® VPN
► Network-wide identity and device access policy
► Multiple form factors (Physical & Virtual)
► Ready for Next Generation Networks like Software Defined Networks (SDN), Application Centric Infrastructure (ACI), NFV architectures and Open APIs.
ASA Platform
World’s most proven Stateful inspection firewall
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco ASA with FirePOWER Services Industry’s First Adaptive, Threat-Focused NGFW
► Cisco® ASA firewalling combined with Sourcefire® next-generation IPS
► Integrated threat defense over the entire attack continuum
► Best-in-class security intelligence, application visibility and control (AVC), and URL filtering
Features
► Superior, multilayered threat protection
► Unprecedented network visibility
► Advanced malware protection
► Reduced cost and complexity
Benefits
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Superior Integrated & Multilayered Protection
► Cisco ASA enterprise-class stateful
firewall
► Granular Cisco® Application
Visibility and Control (AVC)
► Industry-leading FirePOWER next-
generation IPS (NGIPS)
► Reputation- and category-based
URL filtering
► Advanced malware protection Cisco ASA
Identity-Policy
Control & VPN
URL Filtering (Subscription)
FireSIGHT
Analytics &
Automation
Advanced
Malware
Protection (Subscription)
Application
Visibility &
Control
Network Firewall
Routing | Switching
Clustering &
High Availability
WWW
Cisco Collective Security Intelligence Enabled
Built-in Network
Profiling
Intrusion
Prevention (Subscription)
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco ASA with FirePOWER Services A New, Adaptive, Threat-Focused NGFW
Superior Visibility
Integrated
Threat Defense
Best-in-class, multilayered
protection in a
single device
Full contextual
awareness to
eliminate gaps
Automation
Simplified operations
and dynamic response
and remediation
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Unprecedented Network Visibility
Categories FirePOWER Services Typical IPS Typical NGFW
Threats
Users
Web Applications
Application Protocols
File Transfers
Malware
Command & Control Servers
Client Applications
Network Servers
Operating Systems
Routers & Switches
Mobile Devices
Printers
VoIP Phones
Virtual Machines
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Pervasive Enforcement
Security Intelligence and Research Group
ANY EDGE
Network
Internet
ANY WHERE
Private DC
Public DC
Cisco Cloud
Cisco’s Information Superiority
93B Daily Email Messages
Endpoints
100M
100TB Security Intelligence
Daily Web Request
16B
180K Daily Malwares
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Indications of Compromise (IoCs)
IPS Events
Malware Backdoors
CnC Connections
Exploit Kits Admin Privilege
Escalations
Web App Attacks
SI Events
Connections to Known CnC IPs
Malware Events
Malware Detections
Malware Executions
Office/PDF/Java Compromises
Dropper Infections
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Impact Assessment
Correlates all intrusion events to an
impact of the attack against the target
1
2
3
4
0
IMPACT FLAG ADMINISTRATOR
ACTION WHY
Act Immediately,
Vulnerable
Event corresponds
to vulnerability
mapped to host
Investigate,
Potentially
Vulnerable
Relevant port open
or protocol in use,
but no vuln mapped
Good to Know,
Currently Not
Vulnerable
Relevant port not
open or protocol not
in use
Good to Know,
Unknown Target
Monitored network,
but unknown host
Good to Know,
Unknown Network
Unmonitored
network
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
AMP Provides Continuous Retrospective Security
1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110
Continuous Feed
Continuous Analysis
Telemetry
Stream
Web
WWW
Endpoints Network Email
Devices
IPS
File Fingerprint and Metadata
File and Network I/O
Process Information
Breadth of
Control Points
Cisco FireSIGHT Management Center Demo
19
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco FireSIGHT Management Center Demo The Power of FireSIGHT
“So do any network security vendors understand data center and what’s needed to accommodate network security? Cisco certainly does.”
“Cisco is disrupting the advanced threat defense industry.” “… AMP will be one of the
most beneficial aspects of the [Sourcefire] acquisition.”
“Based on our (Breach Detection Systems) reports, Advanced Malware Protection from Cisco should be on everyone’s short list.”
2014 Vendor Rating for Security: Positive
Recognition Market
The AMP products will provide deeper capability to
Cisco's role in providing secure services for the Internet
of Everything (IoE).
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Reduced Cost and Complexity
Annual Costs of IPS Maintenance
Impact Assessment of IPS Events
IPS Tuning Linking IPS Events to Users
$144.000
$72.000
$59.400
$24.300 $18.000
$3.000
Typical IPS Next-Generation IPS
Cisco’s FirePOWER Next-Generation
IPS collectively saves this customer
$230,100 per year.
Source: SANS
• Multilayered
protection in a single
device
• Highly scalable
• Automates security
tasks
Impact assessment
Policy tuning
User identification
• Integrates with third-
party security
solutions
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Reduced time for:
Security management:
– 26.4%
Address and remediate
security breaches:
– 78.2%
Security audits:
– 49.3%
IDC STAP Analysis (Specialized Threat Analysis and Protection products)
http://idcdocserv.com/251134
Annual Benefits of Limiting the Impact of Malware Infections
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Start with Best-of-breed Products NSS Labs Testing – Sept, 2014 NEXT GENERATION FIREWALL COMPARATIVE ANALYSIS
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
NSS Labs – Breach Detection Systems Security Value Map
Source: NSS Labs 2014
Cisco Advanced Malware
Protection (AMP) has the
lowest TCO of any product
tested. It is also a a leader in
security effectiveness
achieving detection of 99
percent of all tested attacks
AMP excelled in time-to-
detection, catching threats
faster than competing
Breach Detection Systems.
Source: NSS Labs 2014
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
NSS Labs – Intrusion Prevention Systems Security Value Map
Sourcefire Virtual IPS Sourcefire 3D8120 Sourcefire 3D8250
Sourcefire 3D8260
Source: NSS Labs 2012
Based on individual and comparative testing of vendors in the IPS market Cisco* FirePOWER NGIPS leads the Security Value Map and provides the best protection possible while also leading the class in total cost of ownership. * Formerly Sourcefire FirePOWER
Source: NSS Labs 2012
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
2014 NSS Labs NGFW Security Value MapTM
http://www.cisco.com/go/nssngfw2014
• Consistent, industry-
leading security
effectiveness
• Strong resistance to
evasion
• High performance –
above published
throughput
• Competitive total cost
of ownership
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco ASA with FirePOWER Services
Base Hardware and Software
New ASA 5585-X Bundle SKUs with FirePOWER Services Module
New ASA 5500-X SKUs running FirePOWER Services Software
FirePOWER Services Spare Module/Blade for ASA 5585-X Series
Spare SSD SKU for upgrading existing ASA 5500-X
FirePOWER Services Software
Hardware includes Application Visibility and Control (AVC)
Management
FireSIGHT Management Center (HW Appliance or Virtual)
Cisco Security Manager (CSM) or ASDM
Support
SmartNET
Software Application Support plus Upgrades
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Five Subscription Packages to Choose From for Each Appliance
URL
IPS
URL
• AVC is part of the default
offering
• 1 & 3 year terms
• SMARTnet is ordered
separately with the
appliance IPS
AMP
IPS
“NGFW”
Packages
“NGIPS”
Packages
AMP
URL
IPS
Cisco ASA - Stateful Firewall Licenses
Performance and Deployment Options
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco ASA Multi-scale Performance
Security for the Internet Edge
1 Gbps Max
100K Connections
10,000 CPS
Branch Locations Small / Medium Internet Edge
ASA 5512-X
1.2 Gbps Max
250K Connections
15,000 CPS
ASA 5515-X
2 Gbps Max
500K Connections
20,000 CPS
3 Gbps Max
750K Connections
30,000 CPS
4 Gbps Max
1M Connections
50,000 CPS
ASA 5525-X
ASA 5545-X
ASA 5555-X
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco ASA Multi-scale Performance
Security for the Enterprise and Data Center
Enterprise Internet Edge and Data Center
4 Gbps Max
1 Million Connections
50,000 CPS
ASA 5585-SSP10 10 Gbps Max
2 Million Connections
125,000 CPS
ASA 5585-SSP20 20 Gbps Max
4 Million Connections
200,000 CPS
ASA 5585-SSP40 40 Gbps Max
10 Million Connections
360,000 CPS
ASA 5585-SSP60
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Performance Impacts by Location
Firewall max throughput numbers tend to be based on non-helpful packet
sizes (UDP 1518 byte packet size is fairly common)
IPS performance range is much more variable than firewalls, and partly
because of industry choice (TCP 440 byte HTTP is fairly common)
NGFW Performance Impact Factors
Direct • Different traffic types
• Different average packet
• Sizes
Indirect • Physical Placement
• Amount of traffic to be
inspected
• Level of malicious traffic
• Level of analysis and
logging
Multi-features devices must somehow provide useful, accurate performance numbers
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Location Specific Traffic Profiles
– When deploying FirePOWER Services for ASA, the traffic profiles at the location can impact the performance of the device differently than standard test methods.
– Educational, ISP, and SMB protocol mixes have a slight impact
– Enterprise applications and Enterprise Datacenter have a greater impact
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
FirePOWER Services for ASA Data Sheet
FirePOWER Services for ASA will include both a maximum throughput number as well as a TCP 440 Byte HTTP number more relevant for sizing.
Model 5512-X 5515-X 5525-X 5545-X 5555-X 5585-10 5585-20 5585-40 5585-60
Maximum
Application
Control
Throughput in
Mbps
300 500 1100 1500 1750 4500 7000 10000 15000
Maximum
Application
Control and IPS
Throughput in
Mbps
150 250 650 1000 1250 2000 3500 6000 10000
Application
Control or IPS
Sizing
Throughput in
Mbps (440 Byte
HTTP)
100 150 375 575 725 1200 2000 3500 6000
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
FirePOWER Services vs. ASA Classic IPS
– IPS-only test comparing throughput of FirePOWER Services for ASA to the classic IPS only module.
– Tested using the same 440 byte HTTP Transactional test that was the benchmark for classic IPS.
5512 5515 5525 5545 5555 5585-10 5585-20 5585-40 5585-60
FirePOWER
Services
On ASA
100 150 375 575 725 1200 2000 3500 6000
Classic IPS on
ASA 150 250 400 600 850 1150 1500 3000 5000
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Upgrading from ASA Classic IPS to FirePOWER Services for ASA
When upgrading from classic IPS to FirePOWER services, adding new features can require a platform change. Generally each new major feature is a step up, assuming the box is near capacity.
Model 5512-X 5515-X 5525-X 5545-X 5555-X 5585-10 5585-20 5585-40 5585-60
Original IPS
Module 150 250 400 600 850 1150 1500 3000 5000
FirePOWER
IPS + AVC 75 100 255 360 450 800 1200 2100 3500
FirePOWER
IPS + AVC + AMP 60 85 205 310 340 550 850 1500 2300
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Investment Protection: Pay as you Grow Horizontal Scaling
FW MAX Throughput: 640 Gbps
FW+FirePOWER IPS Maximum Throughput: 160+ Gbps
FirePOWER IPS 440 Byte Throughput: 96 Gbps
Up to 16 ASA 5585-X Devices
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
FirePOWER Services Support All Current ASA Deployment Models*
Multi-context mode for policy flexibility
Each ASA Interface appears as a separate interface to FirePOWER Services module
Allows for granular policy enforcement on both ASA and FirePOWER services
*State sharing does not occur between FirePOWER Services Modules
Clustering for linear scalability
Up to 16x ASA in cluster
Eliminates Asymmetrical traffic issues
Each FirePOWER Services module inspects traffic independently
HA for increased redundancy
Redundancy and state sharing (A/S & A/A pair)
L2 and L3 designs
Features - Packet Flow
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Functional Distribution of Features
IP Fragmentation
IP Option Inspection
TCP Intercept
TCP Normalization
ACL
NAT
VPN Termination
Routing
*Botnet Traffic Filter
Advanced Malware Protection
File Type filtering Application Visibility and Control
NGIPS
URL Category/Reputation
File capture FirePOWER Services
ASA
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Packet Processing Order of Operations
– ASA Module processes all ingress packets against ACL, Connection tables, Normalization and CBAC before traffic is forwarded to the FirePOWER Services module
– ASA provides flow normalization and context-aware selection/filtering to the FirePOWER Services
– Clustered ASA provides flow symmetry and HA to the FirePOWER Services
– Packets and flows are not dropped by FirePOWER Services – Packets are marked for Drop or Drop with Reset and sent back to ASA
– This allow the ASA to clear the connection from the state tables and send resets if needed
RX
Pkt Ingress
Interface
Existing
Conn NAT
Rule
ACL
Permit MPF
Inspection
Sec
Checks
NAT IP
Header
Egress
Interface
L3
Route TX
Pkt
L2
Addr
Yes
No
Yes
No
No
DROP
Yes Yes
No
Yes
No
FirePOWER
Services
Module
DROP
Original IP
Session
metadata
No
DROP
No
DROP DROP
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
ASA 5585-X Data Port Utilization
ASA SSP processes all ingress and egress packets
– No packets are directly processed by FirePOWER SSP ports except for the FirePOWER SSP management port.
– ASA configures and controls the FirePOWER SSP data ports
CPU
Complex
Fabric
Switch
Signature
Engine
SFR-SSP Module
CPU
Complex
Fabric
Switch
Mezzanine
Slot
ASA-SSP Module
PORTS
PORTS
ASA5585-X
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
ASA 5500-X Data Port Utilization
SFR S/W Module
ASA KVM
Firewall Services
ASA OS
Memory
Based
Packet
Rings
PORTS
ASA5500-X Mid-Range
ASA OS processes all ingress and egress packets
– No packets are directly processed by FirePOWER Services
– Backplane communication between ASA and FirePOWER Services
– Traffic is dropped at ASA OS Level
Management
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Managing Cisco ASA FirePOWER Services
Two Managers with Cross-launch
Cisco FireSIGHT Management Center
Models: 750, 1500, 3500,
Virtual Appliance (Promo PID available)
Cisco Security Manager
(CSM) or ASDM
CSM version 4.7
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
ASA Single Device Manager
Device Dashboard
Firewall Dashboard
FireSIGHT*
Traffic Reports *Roadmap
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
FirePOWER & FireSIGHT benefits
Enhanced Visibility
1,800+ Applications + stats
File types, transfer direction/protocol
Mobile Device type, OS, version
Geolocation (country, postcode, time zone, lat/long., ISP, etc.)
IPv6 address support throughout
Improved UI/Admin
Visual Device Management
Security and Network Admin Roles
Admin Role Editor
Dashboards/Reporting
Customizable Widgets
Graphical Reports – Report Creator
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
FirePOWER & FireSIGHT benefits
• Expanded Controls
Application Control on NGIPS
URL Filtering
File Blocking
Security Intelligence / IP Blacklisting
Geolocation Blocking (in v5.3)
• Security Automation
Impact Assessment
Recommended Rules
• Advanced Malware Protection
Network File Trajectory
Network Malware Blocking
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
FireSIGHT Management Center Models
* Max number of devices is dependent upon sensor type and event rate
750 1500 2000 3500 4000 Virtual
Max. Devices
Managed 10 35 70 150 300 Virtual FireSIGHT
Management
Center
Up to 25
Managed Devices
Event
Storage 100 GB 125 GB 1.8 TB 400 GB 4.8/6.3 TB
Max. Network
Map (hosts /
users)
2K/2K 50K/50K 150K/150K 300K/300K 600K/600K Virtual FireSIGHT
Management
Center offerings
limited to 2 or 10
Managed Devices FS-VMW-2-SW-K9
FS-VMW-10-SW-K9
Events per
Sec (EPS) 2000 6000 12000 10000 20000
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco Security Manager Multi-Device Management Centralized, Unified and comprehensive Firewall, VPN and IPS management
Device View
Policy View
Map View
Event View
Device View
Policy View
Map View
Event View
Report View
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco Security Manager At-a-Glance
Comprehensive Policy Management for FW,
VPN & IPS on heterogeneous devices (ASA,
Cisco classic IPS, FWSM, PIX, ISR/ASR)
Log Management – Firewall (Syslogs) and
Cisco classic IPS (SDEE) events
Health & Performance Monitoring for ASA
and Cisco classic IPS
Reports for Firewall and Cisco classic IPS
Devices
Image Management for ASA and Cisco
classic IPS
API for Policy Access
Supports hundreds of devices in a single
deployment
Windows Based: Appliance Form factor and
also available as a Software Installable
Cisco Security Manager
Policy
Log
Reports
Network Health
Image
API
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
FireSIGHT Management Center Cross-launch Menu CSM Client FMC WEB UI
Crosslaunches directly to FMC
without prompting for login and
navigates to dashboard of device
in context
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Enhance with Cisco Security Services
Advisory Integration
Managed
Custom Threat
Intelligence
Technical Security
Assessments
Integration
Services
Security Optimization
Services
Managed Threat
Defense
Remote Managed
Services
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco Services Portfolio
Managed Security
Hosted Security
Product Support
Deployment
Migration
Optimization Program Strategy
Architecture and Design
Assessments
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
3rd Party
Response
Forensics
Threat Summary
Execution Reports Save File Content
Policy Control Safe Retrieval
File Detection
Custom Apps
SHA256
Dynamic Analysis File Threat Scores
Block by Threat Score
FirePOWER Services New Capabilities
Block Source
Block Destination
Country
Continent
Prioritize Response
Discover infected hosts Correlates data from all engines
Endpoint and Network working
together
Thank you