SlideShare uma empresa Scribd logo

Building Up Network Security: Intrusion Prevention and Sourcefire

Transferir como PPTX, PDF
Global Knowledge Training
Global Knowledge Training

Network security specialist Catherine Paquetl fills you in on advanced threat protection that integrates real-time contextual awareness, intelligent security automation and superior performance with industry-leading network intrusion prevention, Sourcefire. ABOUT THE PRESENTER Catherine Paquet, CCSI, CCNP Security, CCNP Routing and Switching, is a network security specialist. She began her internetworking career as a LAN manager, then MAN manager, and eventually became a nationwide WAN manager with the Department of National Defence. Paquet lectures around the world on security topics, including firewalls, VPNs, intrusion prevention, identity systems, email and Web security, and router and switch security. During her spare time, she authors Cisco Press books, and she volunteers as a network security analyst to nonprofit organizations. Paquet attended the Royal Military College Saint-Jean (Canada) and holds an MBA in Management Information Systems (MIS) from York University.

Tecnologia
1 de 49
Building Up Network Security: Intrusion Prevention and Sourcefire Overview
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 2 Presenter Catherine Paquet, MBA (MIS) CCSI, CICSI, CCNP Sec, CCNP R&S Cisco Security Instructor
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 3 Catherine Paquet  Cisco security instructor  Cisco Press author  Cisco Systems emerging countries guest speaker  Graduate of Royal Military College and York University  Previously: DND WAN Manager  Lives in Toronto
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 4 Topics 1. Evolution of IDS / IPS 2. Sourcefire overview 3. FSMC 4. ASA FirePOWER 5. NGFW / URL Filtering 6. NGIPS 7. AMP 8. IoC and File Trajectory
Terminology
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 6 Glossary (available from GoToWebinar handout section) AD: Active Directory AEGIS: Awareness, Education, Guidance, and Intelligence Sharing AMP: Advanced Malware Protection ASA: Adaptive Security Appliance (firewall) CnC: Command and Control CWA: Centralized Web Authentication CWS: Cloud Web Security DMZ: Demilitarized Zone DC: Domain Controller ESA: Email Security Appliance FSMC: FireSIGHT Mgmt Center (formerly SFDC) IDS: Intrusion Detection System IoC: Indication of Compromise IP: Internet Protocol IPS: Intrusion Prevention System ISE: Identity Services Engine LAN: Local Area Network MAC: Media Access Control Malvertising: Malware hidden in advertisement MPF: Modular Policy Framework NIC: Network Interface Card NGFW: Next Generation Firewall NGIPS: Next Generation IPS RNA: Real-time Network Awareness (Context) SaaS: Security as a Service SF: Sourcefire SFDC: Sourcefire Defense Center (now FSMC) SHA: Secure Hash Algorithm SIEM: Security Information and Event Management SIO: Security Intelligence Operations (Cisco) SSL: Secure Socket Layer SSM: Security Services Module TALOS: Cisco SIO + Sourcefire VRT TCP: Transmission Control Protocol URL: Uniform Resource Locator VRT: Vulnerability Research Team (Sourcefire) WSA: Web Security Appliance
Security Roadmap Topology
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 8
Once upon a time, there was… Intrusion Detection
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 10 Passive IDS  Packet analysis  Signature-based  Promiscuous mode .1 INTERNET DMZ-Srv Perim-Rtr Management Subnet 10.10.2.0/24 L3-Switch HQ-ASA End User Subnet DMZ Subnet 172.16.1.0/24 HQ Outside HQ Inside .1 Sensor10.10.2.200 SIEM 10.10.2.100 .15 Administrator 10.10.2.50
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 11 Active IDS  June 2003 Gartner announces: Death of IDS  Recommends that firewall blocks attacks .1 INTERNET DMZ-Srv Perim-Rtr Management Subnet 10.10.2.0/24 L3-Switch HQ-ASA End User Subnet DMZ Subnet 172.16.1.0/24 HQ Inside .1 Sensor10.10.2.200 SIEM 10.10.2.100 .15 Administrator 10.10.2.50 HQ Outside
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 12 IPS: inline to data flow  Powerful enough to work at wire speed .1 DMZ-Srv Perim-Rtr Management Subnet 10.10.2.0/24 L3-Switch HQ-ASA End User Subnet DMZ Subnet 172.16.1.0/24 HQ Inside .1 Sensor 10.10.2.200 SIEM 10.10.2.100 .15 Administrator 10.10.2.50 INTERNETHQ Outside
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 13 IPS integrated  ASA IPS SSM – traditional IPS  ASA Sourcefire SSM DMZ-Srv Perim-Rtr Management Subnet 10.10.2.0/24 L3-Switch HQ-ASA End User Subnet DMZ Subnet 172.16.1.0/24 HQ Inside .1 Sensor 10.10.2.200 SIEM 10.10.2.100 .15 Administrator 10.10.2.50 INTERNETHQ Outside
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 14 IPS Deployment  Promiscuous vs Inline mode  Fail open vs. Fail close  Network-based  Host-based  Anomaly Detection  Finally: Context DMZ-Srv Perim-Rtr Management Subnet L3-Switch HQ-ASA End User Subnet DMZ Subnet HQ Outside HQ Inside .1 Sensor SIEM Administrator INTERNET Endpoint Mngt Center Endpoint Protection
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 15 Context: Passive Network Detection and Context  RNA provides visibility:  IP address  OS  Services  Ports
Sourcefire Overview
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 17
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 18 Cisco acquires Sourcefire Source: Gartner  Founded in 2001  2013: Acquired by Cisco for US$2.7B  2014: Technology integration within Cisco  Hardware and Software  ClamAV Snort  File reputation and dynamic analysis  Analysis of behaviours & containment  Retrospective protection  Visibility through dashboards  2015: EoL non-SF IPS appliances
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 19 Sourcefire name changes (available from GoToWebinar handout section) Former Sourcefire Product Names Current Cisco Product Names Sourcefire Defense Center Cisco FireSIGHT Management Center FirePOWER Series Appliances Cisco FirePOWER Series Appliances AMP for FirePOWER Cisco AMP for Networks FireAMP for Endpoints Cisco AMP for Endpoints FireAMP Private Cloud Virtual Appliance Cisco AMP Private Cloud Virtual Appliances Sourcefire SSL Appliances Cisco SSL Appliance Collective Security Intelligence Cloud Cisco Cloud, Cloud Services
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 20 The Sourcefire Advantage: NGFW – NGIPS - AMP  Real before, during, after (+ URL filtering)
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 21 NGFW Source: Cisco Live! BRKSEC-2762 San Diego 2015
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 22 NGFW with NGIPS Source: Cisco Live! BRKSEC-2762 San Diego 2015
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 23 AMP  File Reputation  Dynamic Analysis (Sandboxing)  Retrospective Security
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 24 Cisco’s offerings  FireSIGHT platforms(NGFW, NGIPS, AMP)  AMP appliance  ASA module  AMP-only platforms:  ESA  WSA  CWS  AMP for Endpoints Desktop: AnyConnect 4.1 AMP Enabler Cisco WSA with AMP (software) Cisco AMP 8350 Cisco AMP for Endpoints
FireSIGHT Management Centre
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 26
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 27 FireSIGHT Management Center: Managing FirePOWER Appliances
ASA FirePOWER
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 29 FirePOWER integrated services in ASA  Security Services Module  Software  Hardware (5585-X) DMZ-Srv Perim-Rtr Management Subnet 10.10.2.0/24 L3-Switch HQ-ASA End User Subnet DMZ Subnet 172.16.1.0/24 HQ Outside 200.200.1.0/24 HQ Inside .1 Sensor 10.10.2.200 SIEM 10.10.2.100 .15 Administrator 10.10.2.50 INTERNET HQ-ASA# show module sfr details Getting details from the Service Module, please wait... Card Type: FirePOWER Services Software Module Model: ASA5515 Hardware version: N/A Serial Number: FCH180278XU
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 30 Cisco ASA and Sourcefire FirePOWER services module
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 31 Redirecting traffic from ASA to FirePOWER SSM  Class-map  Identify traffic flow  Policy-map  Action to be applied on traffic flow  Service-policy  Interface(s) responsible to enforce the action on traffic flow asa(config)# access-list DMZ permit tcp any host 172.16.1.15 eq www asa(config)# class-map TrafficDMZ asa(config-cmap)# match access-list DMZ asa(config)# policy-map SFR-DMZ asa(config-pmap)# class TrafficDMZ asa(config-pmap-c)# sfr fail-close asa(config)# service-policy SFR-DMZ interface dmz identify action enforce
NGFW
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 33 NGFW – file processing Source: FireSIGHT User Guide 5.4.0.1
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 34 Separate license: URL Filtering
NGIPS
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 36 Sourcefire NGIPS Source: Cisco Live! BRKSEC-1030 San Diego 2015
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 37 IPS Automation
AMP
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 39 AMP: File Disposition and Dynamic Analysis Source: Cisco Live! BRKSEC-2028 Melbourne 2015 Cisco Cloud is TALOS => Cisco SIO + Sourcefire VRT hash hash Retrospective Security
Indication of Compromise File Trajectory
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 41 Correlation analysis with Context produces IoC Source: Cisco Live! BRKSEC-1030 San Diego 2015
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 42 Host Profile
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 43 Network File Trajectory
Conclusion
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 45 Sourcefire Summary Source: Cisco Live! BRKSEC-1030 San Diego 2015
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 46 Sources  FireSIGHT User Guide 5.4.0.1  Cisco Security Blog  Cisco SAFE Design Guide  Cisco Live 365 presentations (CCO login required)  BRKSEC-1030 San Diego 2015  BRKSEC-2139 San Diego 2015  BRKSEC-2762 San Diego 2015  BRKSEC-2028 Melbourne 2015  BRKSEC-2016 San Francisco 2014
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 47 Cisco Security Courses  CCNA Security e-Camp  IINS - Implementing Cisco IOS Network Security  SAEXS - Cisco ASA Express Security  SENSS - Implementing Cisco Edge Network Security Solutions  SIMOS - Implementing Cisco Secure Mobility Solutions  SISAS - Implementing Cisco Secure Access Solutions  SITCS - Implementing Cisco Threat Control Solution  ASA Lab Camp v9.0  SASAA - Implementing Advanced Cisco ASA Security  SASAC - Implementing Core Cisco ASA Security  ACS - Cisco Secure Access Control System  SISAS - Implementing Cisco Secure Access Solutions  SISE - Implementing and Configuring Cisco Identity Services Engine  SESA - Securing Email with Cisco Email Security Appliance  SWSA - Securing the Web with Cisco Web Security Appliance  Cisco FirePOWER Services and Cloud Web Security Workshop v1.0  SSFAMP - Securing Cisco Networks with Sourcefire FireAMP Endpoints  SSFIPS - Securing Cisco Networks with Sourcefire Intrusion Prevention System  SSFRULES - Securing Cisco Networks with Snort Rule Writing Best Practices  SSFSNORT - Securing Cisco Networks with Open Source Snort
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 48 GK Cisco Training Exclusives  6 months of  Anytime access to Cisco Practice Labs  Anytime Access to Boson Practice Exams  On-Demand Access to Searchable Class Recordings of Your Virtual Class  Unlimited Retakes of Your Class  Free Cisco Certification Exam Voucher
© Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 49 Find Out More www.globalknowledge.ca On-demand & live webinars, white papers, blog... www.globalknowledge.ca/security Courses

Recomendados

Cisco Security Architecture
Cisco Security ArchitectureCisco Security Architecture
Cisco Security Architecture
Cisco Canada
 
Cisco ASA con fire power services
Cisco ASA con fire power services Cisco ASA con fire power services
Cisco ASA con fire power services
Felipe Lamus
 
Presentation cisco cloud security strategy
Presentation cisco cloud security strategyPresentation cisco cloud security strategy
Presentation cisco cloud security strategy
xKinAnx
 
Presentación - Cisco ASA with FirePOWER Services
Presentación - Cisco ASA with FirePOWER ServicesPresentación - Cisco ASA with FirePOWER Services
Presentación - Cisco ASA with FirePOWER Services
Oscar Romano
 
Building Up Network Security: An Introduction
Building Up Network Security: An Introduction Building Up Network Security: An Introduction
Building Up Network Security: An Introduction
Global Knowledge Training
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPS
mmiznoni
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment Scenarios
Cisco Canada
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real World
Cisco Canada
 

Recomendados

Cisco Security Architecture
Cisco Security ArchitectureCisco Security Architecture
Cisco Security Architecture
Cisco Canada
 
Cisco ASA con fire power services
Cisco ASA con fire power services Cisco ASA con fire power services
Cisco ASA con fire power services
Felipe Lamus
 
Presentation cisco cloud security strategy
Presentation cisco cloud security strategyPresentation cisco cloud security strategy
Presentation cisco cloud security strategy
xKinAnx
 
Presentación - Cisco ASA with FirePOWER Services
Presentación - Cisco ASA with FirePOWER ServicesPresentación - Cisco ASA with FirePOWER Services
Presentación - Cisco ASA with FirePOWER Services
Oscar Romano
 
Building Up Network Security: An Introduction
Building Up Network Security: An Introduction Building Up Network Security: An Introduction
Building Up Network Security: An Introduction
Global Knowledge Training
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPS
mmiznoni
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment Scenarios
Cisco Canada
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real World
Cisco Canada
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
Cisco Canada
 
SourceFire IPS Overview
SourceFire IPS OverviewSourceFire IPS Overview
SourceFire IPS Overview
GuardEra Access Solutions, Inc.
 
TechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectTechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnect
Robb Boyd
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the Noise
Cisco Canada
 
Cisco ASA Firepower
Cisco ASA FirepowerCisco ASA Firepower
Cisco ASA Firepower
Anwesh Dixit
 
IPS Best Practices
IPS Best PracticesIPS Best Practices
IPS Best Practices
Heather Axworthy
 
The Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeThe Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and Lancope
Cisco Enterprise Networks
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overview
Cisco Canada
 
Asa sslvpn security
Asa sslvpn securityAsa sslvpn security
Asa sslvpn security
Jack Melson
 
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco Canada
 
Sasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protectionSasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protection
Dejan Jeremic
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced Threats
Cisco Canada
 
Scalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto Presentation
Scalar Decisions
 
Cisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat IntelligenceCisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco Canada
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
Simplex
 
Cisco asa fire power services
Cisco asa fire power servicesCisco asa fire power services
Cisco asa fire power services
Tapan Doshi
 
Secure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDMSecure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDM
Bill McGee
 
Proteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de SegurançaProteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de Segurança
Cisco do Brasil
 
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Erin Sweeney
 
CCNP Security-Firewall
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewall
mohannadalhanahnah
 
Joseph Mann
Joseph MannJoseph Mann
Joseph Mann
Joe Mann, CISSP,SSFIPS
 
Secure Data Center for Enterprise
Secure Data Center for EnterpriseSecure Data Center for Enterprise
Secure Data Center for Enterprise
Cisco Russia
 

Mais conteúdo relacionado

Mais procurados

Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced Threats
Cisco Canada
 
Secure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDMSecure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDM
Bill McGee
 
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Erin Sweeney
 

Mais procurados (20)

Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
 
SourceFire IPS Overview
SourceFire IPS OverviewSourceFire IPS Overview
SourceFire IPS Overview
 
TechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectTechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnect
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the Noise
 
Cisco ASA Firepower
Cisco ASA FirepowerCisco ASA Firepower
Cisco ASA Firepower
 
IPS Best Practices
IPS Best PracticesIPS Best Practices
IPS Best Practices
 
The Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeThe Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and Lancope
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overview
 
Asa sslvpn security
Asa sslvpn securityAsa sslvpn security
Asa sslvpn security
 
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
 
Sasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protectionSasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protection
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced Threats
 
Scalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto Presentation
 
Cisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat IntelligenceCisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat Intelligence
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
Cisco asa fire power services
Cisco asa fire power servicesCisco asa fire power services
Cisco asa fire power services
 
Secure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDMSecure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDM
 
Proteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de SegurançaProteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de Segurança
 
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
 
CCNP Security-Firewall
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewall
 

Destaque

Intelligent Security, Compliance and Privacy in Office 365
Intelligent Security, Compliance and Privacy in Office 365Intelligent Security, Compliance and Privacy in Office 365
Intelligent Security, Compliance and Privacy in Office 365
Miguel Isidoro
 
Cybersecurity R&D briefing
Cybersecurity R&D briefingCybersecurity R&D briefing
Cybersecurity R&D briefing
Naba Barkakati
 
Security For Outsourced IT Contracts
Security For Outsourced IT ContractsSecurity For Outsourced IT Contracts
Security For Outsourced IT Contracts
Bill Lisse
 
Unpacking Intuition - Prof Sadler-Smith
Unpacking Intuition - Prof Sadler-SmithUnpacking Intuition - Prof Sadler-Smith
Unpacking Intuition - Prof Sadler-Smith
Mike Morrison
 
080529 yashima ppfinal [compatibility mode]
080529 yashima ppfinal [compatibility mode]080529 yashima ppfinal [compatibility mode]
080529 yashima ppfinal [compatibility mode]
MoonKJun
 

Destaque (20)

Joseph Mann
Joseph MannJoseph Mann
Joseph Mann
 
Secure Data Center for Enterprise
Secure Data Center for EnterpriseSecure Data Center for Enterprise
Secure Data Center for Enterprise
 
Vulnerability Management V0.1
Vulnerability Management V0.1Vulnerability Management V0.1
Vulnerability Management V0.1
 
Enterprise Vulnerability Management - ZeroNights16
Enterprise Vulnerability Management - ZeroNights16Enterprise Vulnerability Management - ZeroNights16
Enterprise Vulnerability Management - ZeroNights16
 
Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherCisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better Together
 
Globalizing management education_issues_&_challenges_for___industry_&...
Globalizing management education_issues_&_challenges_for___industry_&...Globalizing management education_issues_&_challenges_for___industry_&...
Globalizing management education_issues_&_challenges_for___industry_&...
 
Intelligent Security, Compliance and Privacy in Office 365
Intelligent Security, Compliance and Privacy in Office 365Intelligent Security, Compliance and Privacy in Office 365
Intelligent Security, Compliance and Privacy in Office 365
 
Cybersecurity R&D briefing
Cybersecurity R&D briefingCybersecurity R&D briefing
Cybersecurity R&D briefing
 
Absenteeism and performance the challenge of summer 2012 events
Absenteeism and performance the challenge of summer 2012 eventsAbsenteeism and performance the challenge of summer 2012 events
Absenteeism and performance the challenge of summer 2012 events
 
Security Administration Intro
Security Administration IntroSecurity Administration Intro
Security Administration Intro
 
Security For Outsourced IT Contracts
Security For Outsourced IT ContractsSecurity For Outsourced IT Contracts
Security For Outsourced IT Contracts
 
Peter Cheese webinar slides April 2013
Peter Cheese webinar slides April 2013Peter Cheese webinar slides April 2013
Peter Cheese webinar slides April 2013
 
Unpacking Intuition - Prof Sadler-Smith
Unpacking Intuition - Prof Sadler-SmithUnpacking Intuition - Prof Sadler-Smith
Unpacking Intuition - Prof Sadler-Smith
 
080529 yashima ppfinal [compatibility mode]
080529 yashima ppfinal [compatibility mode]080529 yashima ppfinal [compatibility mode]
080529 yashima ppfinal [compatibility mode]
 
PPM Security Manifesto - Gulhigen #Olhuvaalimanifesto
PPM Security Manifesto - Gulhigen #Olhuvaalimanifesto PPM Security Manifesto - Gulhigen #Olhuvaalimanifesto
PPM Security Manifesto - Gulhigen #Olhuvaalimanifesto
 
Human security introduction by dr. ghassan shahrour
Human security introduction by dr. ghassan shahrourHuman security introduction by dr. ghassan shahrour
Human security introduction by dr. ghassan shahrour
 
Watermarking & Encryption
Watermarking & EncryptionWatermarking & Encryption
Watermarking & Encryption
 
ISSA Data Retention Policy Development
ISSA Data Retention Policy DevelopmentISSA Data Retention Policy Development
ISSA Data Retention Policy Development
 
9 June 2009 المحاضرة INFOSEC
9 June 2009 المحاضرة INFOSEC9 June 2009 المحاضرة INFOSEC
9 June 2009 المحاضرة INFOSEC
 
التشفير
التشفيرالتشفير
التشفير
 

Semelhante a Building Up Network Security: Intrusion Prevention and Sourcefire

Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data Center
Cisco Canada
 
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series SwitchesTechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches
Robb Boyd
 
Cumbre PR/AR sobre el mercado Telco en America Latina
Cumbre PR/AR sobre el mercado Telco en America LatinaCumbre PR/AR sobre el mercado Telco en America Latina
Cumbre PR/AR sobre el mercado Telco en America Latina
Felipe Lamus
 
AHMED+MORSY+ABD+EL+BAKI+v1.1+updated+2016
AHMED+MORSY+ABD+EL+BAKI+v1.1+updated+2016AHMED+MORSY+ABD+EL+BAKI+v1.1+updated+2016
AHMED+MORSY+ABD+EL+BAKI+v1.1+updated+2016
Ahmed Morsy
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
Chrysostomos Christofi
 
Cisco Firepower Next-Generation Firewall (NGFW).pdf
Cisco Firepower Next-Generation Firewall (NGFW).pdfCisco Firepower Next-Generation Firewall (NGFW).pdf
Cisco Firepower Next-Generation Firewall (NGFW).pdf
TaherAzzam2
 

Semelhante a Building Up Network Security: Intrusion Prevention and Sourcefire (20)

Firepower ngfw internet
Firepower ngfw internetFirepower ngfw internet
Firepower ngfw internet
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data Center
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...
 
Cisco Security portfolio update
Cisco Security portfolio updateCisco Security portfolio update
Cisco Security portfolio update
 
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
 
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco #ITSitioEnRSA - Presentacion de Jeef Reed de Cisco
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco
 
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
 
Hosted Security as a Service - Solution Architecture Design
Hosted Security as a Service - Solution Architecture DesignHosted Security as a Service - Solution Architecture Design
Hosted Security as a Service - Solution Architecture Design
 
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series SwitchesTechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches
 
Cumbre PR/AR sobre el mercado Telco en America Latina
Cumbre PR/AR sobre el mercado Telco en America LatinaCumbre PR/AR sobre el mercado Telco en America Latina
Cumbre PR/AR sobre el mercado Telco en America Latina
 
Building The Right Network
Building The Right NetworkBuilding The Right Network
Building The Right Network
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
 
AHMED+MORSY+ABD+EL+BAKI+v1.1+updated+2016
AHMED+MORSY+ABD+EL+BAKI+v1.1+updated+2016AHMED+MORSY+ABD+EL+BAKI+v1.1+updated+2016
AHMED+MORSY+ABD+EL+BAKI+v1.1+updated+2016
 
Meraki SD-WAN.pdf
Meraki SD-WAN.pdfMeraki SD-WAN.pdf
Meraki SD-WAN.pdf
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NAT
 
Presentation capturing the cloud opportunity
Presentation capturing the cloud opportunityPresentation capturing the cloud opportunity
Presentation capturing the cloud opportunity
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
 
Cisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dcCisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dc
 
Cisco Firepower Next-Generation Firewall (NGFW).pdf
Cisco Firepower Next-Generation Firewall (NGFW).pdfCisco Firepower Next-Generation Firewall (NGFW).pdf
Cisco Firepower Next-Generation Firewall (NGFW).pdf
 
Debunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN SecurityDebunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN Security
 

Mais de Global Knowledge Training

Taking Advantage of Microsoft PowerShell
Taking Advantage of Microsoft PowerShell Taking Advantage of Microsoft PowerShell
Taking Advantage of Microsoft PowerShell
Global Knowledge Training
 
PAN-OS - Network Security/Prevention Everywhere
PAN-OS - Network Security/Prevention EverywherePAN-OS - Network Security/Prevention Everywhere
PAN-OS - Network Security/Prevention Everywhere
Global Knowledge Training
 
How To Troubleshoot Group Policy in Windows 10
How To Troubleshoot Group Policy in Windows 10How To Troubleshoot Group Policy in Windows 10
How To Troubleshoot Group Policy in Windows 10
Global Knowledge Training
 
Why Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD WorkforceWhy Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD Workforce
Global Knowledge Training
 
How to Build a Winning Cybersecurity Team
How to Build a Winning Cybersecurity TeamHow to Build a Winning Cybersecurity Team
How to Build a Winning Cybersecurity Team
Global Knowledge Training
 
How to Migrate a Web App to AWS
How to Migrate a Web App to AWSHow to Migrate a Web App to AWS
How to Migrate a Web App to AWS
Global Knowledge Training
 
How to Make Agile Project Management Work in Your Organization
How to Make Agile Project Management Work in Your OrganizationHow to Make Agile Project Management Work in Your Organization
How to Make Agile Project Management Work in Your Organization
Global Knowledge Training
 

Mais de Global Knowledge Training (20)

Taking Advantage of Microsoft PowerShell
Taking Advantage of Microsoft PowerShell Taking Advantage of Microsoft PowerShell
Taking Advantage of Microsoft PowerShell
 
PAN-OS - Network Security/Prevention Everywhere
PAN-OS - Network Security/Prevention EverywherePAN-OS - Network Security/Prevention Everywhere
PAN-OS - Network Security/Prevention Everywhere
 
The Basics of Computer Networking
The Basics of Computer NetworkingThe Basics of Computer Networking
The Basics of Computer Networking
 
How To Troubleshoot Group Policy in Windows 10
How To Troubleshoot Group Policy in Windows 10How To Troubleshoot Group Policy in Windows 10
How To Troubleshoot Group Policy in Windows 10
 
Accelerating with Ansible
Accelerating with AnsibleAccelerating with Ansible
Accelerating with Ansible
 
Why Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD WorkforceWhy Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD Workforce
 
How to Maximize Your Training Budget
How to Maximize Your Training BudgetHow to Maximize Your Training Budget
How to Maximize Your Training Budget
 
Develop Your Skills with Unlimited Access to Red Hat Online Learning
Develop Your Skills with Unlimited Access to Red Hat Online LearningDevelop Your Skills with Unlimited Access to Red Hat Online Learning
Develop Your Skills with Unlimited Access to Red Hat Online Learning
 
Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7
Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7
Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7
 
What’s Next For Your Azure Certification Journey
What’s Next For Your Azure Certification JourneyWhat’s Next For Your Azure Certification Journey
What’s Next For Your Azure Certification Journey
 
Cisco's Intent-Based Networking and the Journey to Software Defined Networks
Cisco's Intent-Based Networking and the Journey to Software Defined NetworksCisco's Intent-Based Networking and the Journey to Software Defined Networks
Cisco's Intent-Based Networking and the Journey to Software Defined Networks
 
How to Build a Winning Cybersecurity Team
How to Build a Winning Cybersecurity TeamHow to Build a Winning Cybersecurity Team
How to Build a Winning Cybersecurity Team
 
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
 
How to Build a Web Server with AWS Lambda
How to Build a Web Server with AWS LambdaHow to Build a Web Server with AWS Lambda
How to Build a Web Server with AWS Lambda
 
The Essence of DevOps: What it Can Mean for You and Your Organization
The Essence of DevOps: What it Can Mean for You and Your OrganizationThe Essence of DevOps: What it Can Mean for You and Your Organization
The Essence of DevOps: What it Can Mean for You and Your Organization
 
How to Migrate a Web App to AWS
How to Migrate a Web App to AWSHow to Migrate a Web App to AWS
How to Migrate a Web App to AWS
 
How to Make Agile Project Management Work in Your Organization
How to Make Agile Project Management Work in Your OrganizationHow to Make Agile Project Management Work in Your Organization
How to Make Agile Project Management Work in Your Organization
 
What is Cryptojacking and How Can I Protect Myself?
What is Cryptojacking and How Can I Protect Myself?What is Cryptojacking and How Can I Protect Myself?
What is Cryptojacking and How Can I Protect Myself?
 
How the Channel Can Break Down the Barriers to Cloud Success
How the Channel Can Break Down the Barriers to Cloud Success How the Channel Can Break Down the Barriers to Cloud Success
How the Channel Can Break Down the Barriers to Cloud Success
 
How to Avoid Cloud Migration Pitfalls
How to Avoid Cloud Migration PitfallsHow to Avoid Cloud Migration Pitfalls
How to Avoid Cloud Migration Pitfalls
 

Último

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Último (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

Building Up Network Security: Intrusion Prevention and Sourcefire

  • 1. Building Up Network Security: Intrusion Prevention and Sourcefire Overview
  • 2. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 2 Presenter Catherine Paquet, MBA (MIS) CCSI, CICSI, CCNP Sec, CCNP R&S Cisco Security Instructor
  • 3. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 3 Catherine Paquet  Cisco security instructor  Cisco Press author  Cisco Systems emerging countries guest speaker  Graduate of Royal Military College and York University  Previously: DND WAN Manager  Lives in Toronto
  • 4. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 4 Topics 1. Evolution of IDS / IPS 2. Sourcefire overview 3. FSMC 4. ASA FirePOWER 5. NGFW / URL Filtering 6. NGIPS 7. AMP 8. IoC and File Trajectory
  • 6. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 6 Glossary (available from GoToWebinar handout section) AD: Active Directory AEGIS: Awareness, Education, Guidance, and Intelligence Sharing AMP: Advanced Malware Protection ASA: Adaptive Security Appliance (firewall) CnC: Command and Control CWA: Centralized Web Authentication CWS: Cloud Web Security DMZ: Demilitarized Zone DC: Domain Controller ESA: Email Security Appliance FSMC: FireSIGHT Mgmt Center (formerly SFDC) IDS: Intrusion Detection System IoC: Indication of Compromise IP: Internet Protocol IPS: Intrusion Prevention System ISE: Identity Services Engine LAN: Local Area Network MAC: Media Access Control Malvertising: Malware hidden in advertisement MPF: Modular Policy Framework NIC: Network Interface Card NGFW: Next Generation Firewall NGIPS: Next Generation IPS RNA: Real-time Network Awareness (Context) SaaS: Security as a Service SF: Sourcefire SFDC: Sourcefire Defense Center (now FSMC) SHA: Secure Hash Algorithm SIEM: Security Information and Event Management SIO: Security Intelligence Operations (Cisco) SSL: Secure Socket Layer SSM: Security Services Module TALOS: Cisco SIO + Sourcefire VRT TCP: Transmission Control Protocol URL: Uniform Resource Locator VRT: Vulnerability Research Team (Sourcefire) WSA: Web Security Appliance
  • 8. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 8
  • 9. Once upon a time, there was… Intrusion Detection
  • 10. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 10 Passive IDS  Packet analysis  Signature-based  Promiscuous mode .1 INTERNET DMZ-Srv Perim-Rtr Management Subnet 10.10.2.0/24 L3-Switch HQ-ASA End User Subnet DMZ Subnet 172.16.1.0/24 HQ Outside HQ Inside .1 Sensor10.10.2.200 SIEM 10.10.2.100 .15 Administrator 10.10.2.50
  • 11. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 11 Active IDS  June 2003 Gartner announces: Death of IDS  Recommends that firewall blocks attacks .1 INTERNET DMZ-Srv Perim-Rtr Management Subnet 10.10.2.0/24 L3-Switch HQ-ASA End User Subnet DMZ Subnet 172.16.1.0/24 HQ Inside .1 Sensor10.10.2.200 SIEM 10.10.2.100 .15 Administrator 10.10.2.50 HQ Outside
  • 12. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 12 IPS: inline to data flow  Powerful enough to work at wire speed .1 DMZ-Srv Perim-Rtr Management Subnet 10.10.2.0/24 L3-Switch HQ-ASA End User Subnet DMZ Subnet 172.16.1.0/24 HQ Inside .1 Sensor 10.10.2.200 SIEM 10.10.2.100 .15 Administrator 10.10.2.50 INTERNETHQ Outside
  • 13. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 13 IPS integrated  ASA IPS SSM – traditional IPS  ASA Sourcefire SSM DMZ-Srv Perim-Rtr Management Subnet 10.10.2.0/24 L3-Switch HQ-ASA End User Subnet DMZ Subnet 172.16.1.0/24 HQ Inside .1 Sensor 10.10.2.200 SIEM 10.10.2.100 .15 Administrator 10.10.2.50 INTERNETHQ Outside
  • 14. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 14 IPS Deployment  Promiscuous vs Inline mode  Fail open vs. Fail close  Network-based  Host-based  Anomaly Detection  Finally: Context DMZ-Srv Perim-Rtr Management Subnet L3-Switch HQ-ASA End User Subnet DMZ Subnet HQ Outside HQ Inside .1 Sensor SIEM Administrator INTERNET Endpoint Mngt Center Endpoint Protection
  • 15. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 15 Context: Passive Network Detection and Context  RNA provides visibility:  IP address  OS  Services  Ports
  • 17. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 17
  • 18. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 18 Cisco acquires Sourcefire Source: Gartner  Founded in 2001  2013: Acquired by Cisco for US$2.7B  2014: Technology integration within Cisco  Hardware and Software  ClamAV Snort  File reputation and dynamic analysis  Analysis of behaviours & containment  Retrospective protection  Visibility through dashboards  2015: EoL non-SF IPS appliances
  • 19. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 19 Sourcefire name changes (available from GoToWebinar handout section) Former Sourcefire Product Names Current Cisco Product Names Sourcefire Defense Center Cisco FireSIGHT Management Center FirePOWER Series Appliances Cisco FirePOWER Series Appliances AMP for FirePOWER Cisco AMP for Networks FireAMP for Endpoints Cisco AMP for Endpoints FireAMP Private Cloud Virtual Appliance Cisco AMP Private Cloud Virtual Appliances Sourcefire SSL Appliances Cisco SSL Appliance Collective Security Intelligence Cloud Cisco Cloud, Cloud Services
  • 20. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 20 The Sourcefire Advantage: NGFW – NGIPS - AMP  Real before, during, after (+ URL filtering)
  • 21. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 21 NGFW Source: Cisco Live! BRKSEC-2762 San Diego 2015
  • 22. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 22 NGFW with NGIPS Source: Cisco Live! BRKSEC-2762 San Diego 2015
  • 23. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 23 AMP  File Reputation  Dynamic Analysis (Sandboxing)  Retrospective Security
  • 24. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 24 Cisco’s offerings  FireSIGHT platforms(NGFW, NGIPS, AMP)  AMP appliance  ASA module  AMP-only platforms:  ESA  WSA  CWS  AMP for Endpoints Desktop: AnyConnect 4.1 AMP Enabler Cisco WSA with AMP (software) Cisco AMP 8350 Cisco AMP for Endpoints
  • 26. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 26
  • 27. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 27 FireSIGHT Management Center: Managing FirePOWER Appliances
  • 29. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 29 FirePOWER integrated services in ASA  Security Services Module  Software  Hardware (5585-X) DMZ-Srv Perim-Rtr Management Subnet 10.10.2.0/24 L3-Switch HQ-ASA End User Subnet DMZ Subnet 172.16.1.0/24 HQ Outside 200.200.1.0/24 HQ Inside .1 Sensor 10.10.2.200 SIEM 10.10.2.100 .15 Administrator 10.10.2.50 INTERNET HQ-ASA# show module sfr details Getting details from the Service Module, please wait... Card Type: FirePOWER Services Software Module Model: ASA5515 Hardware version: N/A Serial Number: FCH180278XU
  • 30. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 30 Cisco ASA and Sourcefire FirePOWER services module
  • 31. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 31 Redirecting traffic from ASA to FirePOWER SSM  Class-map  Identify traffic flow  Policy-map  Action to be applied on traffic flow  Service-policy  Interface(s) responsible to enforce the action on traffic flow asa(config)# access-list DMZ permit tcp any host 172.16.1.15 eq www asa(config)# class-map TrafficDMZ asa(config-cmap)# match access-list DMZ asa(config)# policy-map SFR-DMZ asa(config-pmap)# class TrafficDMZ asa(config-pmap-c)# sfr fail-close asa(config)# service-policy SFR-DMZ interface dmz identify action enforce
  • 32. NGFW
  • 33. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 33 NGFW – file processing Source: FireSIGHT User Guide 5.4.0.1
  • 34. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 34 Separate license: URL Filtering
  • 35. NGIPS
  • 36. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 36 Sourcefire NGIPS Source: Cisco Live! BRKSEC-1030 San Diego 2015
  • 37. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 37 IPS Automation
  • 38. AMP
  • 39. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 39 AMP: File Disposition and Dynamic Analysis Source: Cisco Live! BRKSEC-2028 Melbourne 2015 Cisco Cloud is TALOS => Cisco SIO + Sourcefire VRT hash hash Retrospective Security
  • 41. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 41 Correlation analysis with Context produces IoC Source: Cisco Live! BRKSEC-1030 San Diego 2015
  • 42. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 42 Host Profile
  • 43. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 43 Network File Trajectory
  • 45. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 45 Sourcefire Summary Source: Cisco Live! BRKSEC-1030 San Diego 2015
  • 46. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 46 Sources  FireSIGHT User Guide 5.4.0.1  Cisco Security Blog  Cisco SAFE Design Guide  Cisco Live 365 presentations (CCO login required)  BRKSEC-1030 San Diego 2015  BRKSEC-2139 San Diego 2015  BRKSEC-2762 San Diego 2015  BRKSEC-2028 Melbourne 2015  BRKSEC-2016 San Francisco 2014
  • 47. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 47 Cisco Security Courses  CCNA Security e-Camp  IINS - Implementing Cisco IOS Network Security  SAEXS - Cisco ASA Express Security  SENSS - Implementing Cisco Edge Network Security Solutions  SIMOS - Implementing Cisco Secure Mobility Solutions  SISAS - Implementing Cisco Secure Access Solutions  SITCS - Implementing Cisco Threat Control Solution  ASA Lab Camp v9.0  SASAA - Implementing Advanced Cisco ASA Security  SASAC - Implementing Core Cisco ASA Security  ACS - Cisco Secure Access Control System  SISAS - Implementing Cisco Secure Access Solutions  SISE - Implementing and Configuring Cisco Identity Services Engine  SESA - Securing Email with Cisco Email Security Appliance  SWSA - Securing the Web with Cisco Web Security Appliance  Cisco FirePOWER Services and Cloud Web Security Workshop v1.0  SSFAMP - Securing Cisco Networks with Sourcefire FireAMP Endpoints  SSFIPS - Securing Cisco Networks with Sourcefire Intrusion Prevention System  SSFRULES - Securing Cisco Networks with Snort Rule Writing Best Practices  SSFSNORT - Securing Cisco Networks with Open Source Snort
  • 48. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 48 GK Cisco Training Exclusives  6 months of  Anytime access to Cisco Practice Labs  Anytime Access to Boson Practice Exams  On-Demand Access to Searchable Class Recordings of Your Virtual Class  Unlimited Retakes of Your Class  Free Cisco Certification Exam Voucher
  • 49. © Global Knowledge Training LLC. All rights reserved. 9/1/2015 Page 49 Find Out More www.globalknowledge.ca On-demand & live webinars, white papers, blog... www.globalknowledge.ca/security Courses