Page 1
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Mitigating Threats with NGFW and NGIPS Neal Humphrey CSE, Cisco Security Business Group [email protected]
Page 2
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
The Security Problem
Changing Business Models
Dynamic Threat Landscape
Complexity and Fragmentation
Page 3
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
The Industrialization of Hacking
2000 1990 1995 2005 2010 2015 2020 Viruses 1990–2000
Worms 2000–2005
Spyware and Rootkits 2005–Today
APTs Cyberware Today +
Hacking Becomes an Industry
Sophisticated Attacks, Complex Landscape
Phishing, Low Sophistication
Page 4
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
The New Security Model
BEFORE Discover Enforce Harden
AFTER Scope
Contain Remediate
Attack Continuum
Network Endpoint Mobile Virtual Cloud
Detect Block
Defend
DURING
Point in Time Continuous
Page 5
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Network-Integrated, Broad Sensor Base,
Context and Automation
Continuous Advanced Threat Protection, Cloud-Based
Security Intelligence
Agile and Open Platforms, Built for Scale, Consistent Control,
Management
Strategic Imperatives
Network Endpoint Mobile Virtual Cloud
Visibility-Driven Threat-Focused Platform-Based
Page 6
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Visibility-Driven
Page 7
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Need Both Breadth and Depth
Network Endpoint Mobile Virtual Cloud
BREADTH
DEPTH Who What Where When How
Page 8
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Cisco Sees More Than the Competition
Network Servers
Operating Systems
Routers and Switches
Mobile Devices
Printers
VoIP Phones
Virtual Machines
Client Applications
Files
Users
Web Applications
Application Protocols
Services
Malware
Command and Control
Servers
Vulnerabilities NetFlow
Network Behavior
Processes
Page 9
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
?
Threat-Focused
Page 10
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Collective Security Intelligence
IPS Rules
Malware Protection
Reputation Feeds
Vulnerability Database Updates
Sourcefire AEGIS™ Program
Private and Public Threat Feeds Sandnets FireAMP™
Community Honeypots
Advanced Microsoft and Industry Disclosures
SPARK Program Snort and ClamAV
Open Source Communities
File Samples (>180,000 per Day)
Sourcefire VRT®
(Vulnerability Research Team)
Sandboxing Machine Learning
Big Data Infrastructure
Page 11
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
The Security Perimeter in the Cloud
The Distributed Perimeter
Cloud Connected Network
Collective Security Intelligence
Telemetry Data Threat Research Advanced Analytics
Mobile Router Firewall
3M+ Cloud Web Security Users
6 GB Web Traffic Examined, Protected Every Hour
75M Unique Hits Every Hour
10M Blocks Enforced Every Hour
Page 12
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Detect, Understand, and Stop Threats
?
Collective Security Intelligence
Threat Identified
Event History
How
What
Who
Where
When
ISE + Network, Appliances (NGFW/NGIPS) Context
AMP, CWS, Appliances
Recorded
Enforcement
Page 13
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Continuous Advanced Threat Protection
ISE + Network, Appliances (NGFW/NGIPS)
How
What
Who
Where
When
Collective Security
Intelligence
AMP, CWS, Appliances Enforcement
Event History
AMP, Threat Defense Continuous Analysis Context
Page 14
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Today’s Security Appliances
WWW
Context- Aware
Functions IPS
Functions Malware
Functions
VPN Functions
Traditional Firewall
Functions
Page 15
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Reduce Complexity and Increase Capability
Cloud Services Control Platform
Hosted
Collective Security Intelligence
Centralized Management Appliances, Virtual
Network Control Platform
Device Control Platform
Cloud Services Control Platform
Appliances, Virtual Host, Mobile, Virtual Hosted
Page 16
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Management
Security Services and Applications
Security Services Platform
Infrastructure Element Layer
Platform-Based Security Architecture
Common Security Policy & Management
Common Security Policy and Management
Orchestration
Security Management APIs
Cisco ONE APIs
Platform APIs
Cloud Intelligence APIs
Physical Appliance Virtual Cloud
Access Control
Context Awareness
Content Inspection
Application Visibility
Threat Prevention
Device API: OnePK™, OpenFlow, CLI
Cisco Networking Operating Systems (Enterprise, Data Center, Service Provider)
Route–Switch–Compute ASIC Data Plane Software Data Plane
APIs APIs
Cisco Security Applications Third-Party Security Applications
Page 17
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Visibility and Context
Firewall
NGFW
NAC + Identity Services
VPN
UTM
NGIPS
Web Security
Email Security
Advanced Malware Protection
Network Behavior Analysis
Covering the Entire Attack Continuum
BEFORE Discover Enforce Harden
AFTER Scope
Contain Remediate
Attack Continuum
Detect Block
Defend
DURING
Page 18
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Only Cisco Delivers
Consistent Control
Complexity Reduction
Consistent Policies Across the
Network and Data Center
Fits and Adapts to Changing
Business Models
Global Intelligence With the Right
Context
Detects and Stops Advanced Threats
Advanced Threat Protection
Unmatched Visibility
Page 19
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Develop Ecosystems for Cisco Security
Cisco Current Partner Ecosystem
Mobility (MDM), Threat (SIEM), Cloud Partner to Deliver Complete Solutions
Open Platform Architecture Enables Develop SSP Partner Ecosystem
ISE as “Context Directory Service” Embed Security in Broader IT Solutions
Lancope, Network as a Sensor Drive the Value of the Network
Page 20
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Technical Details
DEMO
Page 21
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Thank You
Page 22
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 Cisco Confidential 22 © 2013 Cisco and/or its affiliates. All rights reserved.
Backup Slides