This document discusses Cisco's next generation security strategy and solutions. It outlines Cisco's approach of integrating products to provide unified visibility, advanced threat protection, and consistent control across networks, endpoints, cloud, and mobile environments. It highlights key Cisco security technologies like FirePOWER, Advanced Malware Protection (AMP), and Identity Services Engine (ISE) and how they work together to provide defense, detection, and remediation against evolving threats.
3. Cisco and/or its affiliates. All rights reserved. Cisco Public
All were smart. All had security.
All were seriously compromised.
Today’s Real World: Threats are evolving and evading traditional
defense
4. Cisco and/or its affiliates. All rights reserved. Cisco Public
What would you do if you knew you would be compromised?!
BEFORE
Discover
Enforce
Harden
DURING
Detect
Block
Defend
AFTER
Scope
Contain
Remediate
Network Endpoint Mobile Virtual Email & Web
ContinuousPoint-in-time
Attack Continuum
Cloud
5. Cisco and/or its affiliates. All rights reserved. Cisco Public
The Silver Bullet Does Not Exist…
“Captive Portal”
“It matches the pattern”
“No false positives,
no false negatives.”
Application
Control
FW/VPN
IDS / IPS
UTM
NAC
AV
PKI
“Block or Allow”
“Fix the Firewall”
“No key, no access”
Sandboxing
“Detect the
Unknown”
6. Cisco and/or its affiliates. All rights reserved. Cisco Public
Customer Value Proposition
Cisco
Security
Solutions
Unmatched
Visibility
Advanced
Threat Protection
Consistent
Control
Flexibility
& Choice
7. Cisco’s Strategy
Integrated Platform for Defense, Discovery and Remediation
Firewall Content Gateways Integrated Platform Virtual Cloud
Device
Data
Center
Network
Access Control
Firewall
Content Aware
Applications
Context Aware
Identity, Data,
Location
Threat Aware
Malware, APT
8. Cisco and/or its affiliates. All rights reserved. Cisco Public
Gartner Defines Next-Generation IPS
8
NGIPS Definition
• Standard First-Gen IPS
• Context Awareness
• Application Awareness
and full-stack visibility
• Content Awareness
• Adaptive Engine
Download at Sourcefire.com
*Source: “Defining Next-Generation Network Intrusion Prevention” Gartner, October 7, 2011
9. Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public
FirePOWER Platform
http://
http://WWW WWW
WWW
WWW
FireSIGHT Management
Center
FireSIGHT Management Center
• Context Awareness
• Operating System Identification
• Fingerprint Applications (Web, Protocol & Client Versions)
• Service Enumeration (HTTP, SMPT, RDP…etc)
• Users Awareness
• 24x7 Monitoring (Passive & Inline)
• Identify Assets Potential Vulnerabilities (Weakness)
• Leveraging Visibility/vulnerabilities to “Adapt”
• Access Control Rules Enforcement
• Alerting, Correlation & Packets Capture
FirePOWER Platform/Services
• Inspect, Detect, Drop, Allow…etc
• IPS, Application Control, Malware Inspection & URL
Rating
• Inline, Passive & Hybrid
Context Awareness in Intrusion Events
10. Cisco and/or its affiliates. All rights reserved. Cisco Public
FireSIGHT – Unique Visibility
Typical
NGFW
Cisco
FireSIGHT
System
Typical
IPS
11. Cisco and/or its affiliates. All rights reserved. Cisco Public
Building Host Profile
OS & version
Identified
Server applications
and version
Client Applications
Who is at the host
Client Version
Application
What other systems /
IPs did user have,
when?
§ Converting Data into Information
12. Cisco and/or its affiliates. All rights reserved. Cisco Public
FireSIGHT Impact Assessment
Correlates all intrusion events
to an impact of the attack against the target
Impact Flag
Administrator
Action
Why
1 Act immediately,
vulnerable
Event corresponds
to vulnerability
mapped to host
2 Investigate,
potentially vulnerable
Relevant port open
or protocol in use,
but no vuln mapped
3
Good to know,
currently not
vulnerable
Relevant port not
open or protocol
not in use
4 Good to know,
unknown target
Monitored network,
but unknown host
0 Good to know,
unknown network
Unmonitored network
13. Cisco and/or its affiliates. All rights reserved. Cisco Public
Indications of Compromise (IoCs)
IPS Events
Malware Backdoors
Exploit Kits
Web App Attacks
CnC Connections
Admin Privilege Escalations
SI Events
Connections
to Known CnC IPs
Malware Events
Malware Detections
Office/PDF/Java Compromises
Malware Executions
Dropper Infections
14. Cisco and/or its affiliates. All rights reserved. Cisco Public
Gartner Leadership
Sourcefire has
been a leader in
the Gartner Magic
Quadrant for IPS
since 2006.
As of December 2013
Source: Gartner (December 2013)
Radware
StoneSoft (McAfee)
IBM
Cisco HP
McAfee
Sourcefire
(Cisco)
HuaweiEnterasys Networks
(Extreme Networks)
NSFOCUS
Information Technology
challengers
abilityto
execute
leaders
visionariesniche players
vision
15. Cisco and/or its affiliates. All rights reserved. Cisco Public
2012 NSS Labs SVM for IPS
16. Cisco and/or its affiliates. All rights reserved. Cisco Public
2013 NSS Labs SVM for IPS
17. Cisco and/or its affiliates. All rights reserved. Cisco Public
ASA with FirePOWER Services Available Now!!
Industry’s First Threat-Focused NGFW
#1 Cisco Security announcement of the year!
• Integrating defense layers helps organizations
get the best visibility
• Enable dynamic controls
to automatically adapt
• Protect against advanced threats
across the entire attack continuum
Proven Cisco ASA firewalling
Industry leading NGIPS and AMP
Cisco ASA with FirePOWER Services
19. Cisco and/or its affiliates. All rights reserved. Cisco Public
SecurityEffectiveness
TCO per Protected-Mbps
The Results
CiscoAMP is a Leader in Security Effectiveness and TCO and offers Best Protection Value
Cisco Advanced
Malware Protection
Best Protection Value
99.0% Breach
Detection Rating
Lowest TCO per
Protected-Mbps
NSS Labs Security Value Map (SVM) for Breach Detection Systems