Submit Search
Upload
Cisco Connect Halifax 2018 Putting firepower into the next generation firewall
•
1 like
•
319 views
Cisco Canada
Follow
Cisco Connect Halifax 2018 Putting firepower into the next generation firewall
Read less
Read more
Technology
Report
Share
Report
Share
1 of 68
Download now
Download to read offline
Recommended
Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco Canada
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Canada
Cisco Connect Halifax 2018 Cisco Spark hybrid services architectural design
Cisco Connect Halifax 2018 Cisco Spark hybrid services architectural design
Cisco Canada
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Canada
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Canada
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WAN
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WAN
Cisco Canada
Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...
Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...
Cisco Canada
Cisco Connect Halifax 2018 Application agility and programmability with cis...
Cisco Connect Halifax 2018 Application agility and programmability with cis...
Cisco Canada
Recommended
Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco Canada
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Canada
Cisco Connect Halifax 2018 Cisco Spark hybrid services architectural design
Cisco Connect Halifax 2018 Cisco Spark hybrid services architectural design
Cisco Canada
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Canada
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Canada
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WAN
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WAN
Cisco Canada
Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...
Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...
Cisco Canada
Cisco Connect Halifax 2018 Application agility and programmability with cis...
Cisco Connect Halifax 2018 Application agility and programmability with cis...
Cisco Canada
Cisco Connect Halifax 2018 Accelerating incident response in organizations...
Cisco Connect Halifax 2018 Accelerating incident response in organizations...
Cisco Canada
Cisco connect winnipeg 2018 we make it simple
Cisco connect winnipeg 2018 we make it simple
Cisco Canada
Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...
Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...
Cisco Canada
Cisco Connect Halifax 2018 Simple IT
Cisco Connect Halifax 2018 Simple IT
Cisco Canada
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Canada
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
Cisco Canada
Putting firepower into the next generation firewall
Putting firepower into the next generation firewall
Cisco Canada
Cisco Connect Vancouver 2017 - Anatomy of Attack
Cisco Connect Vancouver 2017 - Anatomy of Attack
Cisco Canada
Cisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Canada
Cisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Canada
Gain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC Networking
Cisco Canada
Leverage the Network
Leverage the Network
Cisco Canada
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...
Cisco Canada
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
Nur Shiqim Chok
Cisco Connect Halifax 2018 Application insight and zero trust policies with...
Cisco Connect Halifax 2018 Application insight and zero trust policies with...
Cisco Canada
Cisco Connect Toronto 2018 dc-aci-anywhere
Cisco Connect Toronto 2018 dc-aci-anywhere
Cisco Canada
Cisco Connect Montreal 2017 - Mise à Jour UCS et Hyperflex
Cisco Connect Montreal 2017 - Mise à Jour UCS et Hyperflex
Cisco Canada
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
Cisco Canada
Cisco connect winnipeg 2018 gain insight and programmability with cisco dc ...
Cisco connect winnipeg 2018 gain insight and programmability with cisco dc ...
Cisco Canada
Secure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDM
Bill McGee
Putting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation Firewall
Cisco Canada
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation Firewall
Cisco Canada
More Related Content
What's hot
Cisco Connect Halifax 2018 Accelerating incident response in organizations...
Cisco Connect Halifax 2018 Accelerating incident response in organizations...
Cisco Canada
Cisco connect winnipeg 2018 we make it simple
Cisco connect winnipeg 2018 we make it simple
Cisco Canada
Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...
Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...
Cisco Canada
Cisco Connect Halifax 2018 Simple IT
Cisco Connect Halifax 2018 Simple IT
Cisco Canada
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Canada
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
Cisco Canada
Putting firepower into the next generation firewall
Putting firepower into the next generation firewall
Cisco Canada
Cisco Connect Vancouver 2017 - Anatomy of Attack
Cisco Connect Vancouver 2017 - Anatomy of Attack
Cisco Canada
Cisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Canada
Cisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Canada
Gain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC Networking
Cisco Canada
Leverage the Network
Leverage the Network
Cisco Canada
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...
Cisco Canada
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
Nur Shiqim Chok
Cisco Connect Halifax 2018 Application insight and zero trust policies with...
Cisco Connect Halifax 2018 Application insight and zero trust policies with...
Cisco Canada
Cisco Connect Toronto 2018 dc-aci-anywhere
Cisco Connect Toronto 2018 dc-aci-anywhere
Cisco Canada
Cisco Connect Montreal 2017 - Mise à Jour UCS et Hyperflex
Cisco Connect Montreal 2017 - Mise à Jour UCS et Hyperflex
Cisco Canada
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
Cisco Canada
Cisco connect winnipeg 2018 gain insight and programmability with cisco dc ...
Cisco connect winnipeg 2018 gain insight and programmability with cisco dc ...
Cisco Canada
Secure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDM
Bill McGee
What's hot
(20)
Cisco Connect Halifax 2018 Accelerating incident response in organizations...
Cisco Connect Halifax 2018 Accelerating incident response in organizations...
Cisco connect winnipeg 2018 we make it simple
Cisco connect winnipeg 2018 we make it simple
Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...
Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...
Cisco Connect Halifax 2018 Simple IT
Cisco Connect Halifax 2018 Simple IT
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
Putting firepower into the next generation firewall
Putting firepower into the next generation firewall
Cisco Connect Vancouver 2017 - Anatomy of Attack
Cisco Connect Vancouver 2017 - Anatomy of Attack
Cisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper dive
Gain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC Networking
Leverage the Network
Leverage the Network
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
Cisco Connect Halifax 2018 Application insight and zero trust policies with...
Cisco Connect Halifax 2018 Application insight and zero trust policies with...
Cisco Connect Toronto 2018 dc-aci-anywhere
Cisco Connect Toronto 2018 dc-aci-anywhere
Cisco Connect Montreal 2017 - Mise à Jour UCS et Hyperflex
Cisco Connect Montreal 2017 - Mise à Jour UCS et Hyperflex
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
Cisco connect winnipeg 2018 gain insight and programmability with cisco dc ...
Cisco connect winnipeg 2018 gain insight and programmability with cisco dc ...
Secure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDM
Similar to Cisco Connect Halifax 2018 Putting firepower into the next generation firewall
Putting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation Firewall
Cisco Canada
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation Firewall
Cisco Canada
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Canada
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment Scenarios
Cisco Canada
Next Generation Security Solution
Next Generation Security Solution
MarketingArrowECS_CZ
Cisco Firepower Next-Generation Firewall (NGFW).pdf
Cisco Firepower Next-Generation Firewall (NGFW).pdf
TaherAzzam2
Firepower ngfw internet
Firepower ngfw internet
Rony Melo
Cisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dc
Cisco Canada
Gain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC Networking
Cisco Canada
Cisco DC Networking: Gain Insight and Programmability with
Cisco DC Networking: Gain Insight and Programmability with
Cisco Canada
Gain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC Networking
Cisco Canada
 Network Innovations Driving Business Transformation
 Network Innovations Driving Business Transformation
Cisco Service Provider
TechWiseTV Workshop: ASR 9000
TechWiseTV Workshop: ASR 9000
Robb Boyd
TechWiseTV Workshop: Cisco SD-WAN
TechWiseTV Workshop: Cisco SD-WAN
Robb Boyd
The Data Center Network Evolution
The Data Center Network Evolution
Cisco Canada
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Cisco Russia
Barracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_Profile
Aliza Ayub
Barracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_Profile
Iqra Hameed
ACI Hands-on Lab
ACI Hands-on Lab
Cisco Canada
Why choose pan
Why choose pan
Achmad Yudo
Similar to Cisco Connect Halifax 2018 Putting firepower into the next generation firewall
(20)
Putting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation Firewall
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment Scenarios
Next Generation Security Solution
Next Generation Security Solution
Cisco Firepower Next-Generation Firewall (NGFW).pdf
Cisco Firepower Next-Generation Firewall (NGFW).pdf
Firepower ngfw internet
Firepower ngfw internet
Cisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dc
Gain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC Networking
Cisco DC Networking: Gain Insight and Programmability with
Cisco DC Networking: Gain Insight and Programmability with
Gain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC Networking
 Network Innovations Driving Business Transformation
 Network Innovations Driving Business Transformation
TechWiseTV Workshop: ASR 9000
TechWiseTV Workshop: ASR 9000
TechWiseTV Workshop: Cisco SD-WAN
TechWiseTV Workshop: Cisco SD-WAN
The Data Center Network Evolution
The Data Center Network Evolution
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Barracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_Profile
ACI Hands-on Lab
ACI Hands-on Lab
Why choose pan
Why choose pan
More from Cisco Canada
Cisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devops
Cisco Canada
Cisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018 iot demo kinetic fr
Cisco Canada
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco Canada
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco Canada
Cisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse locale
Cisco Canada
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Canada
Cisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybrides
Cisco Canada
Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018
Cisco Canada
Cisco connect montreal 2018 compute v final
Cisco connect montreal 2018 compute v final
Cisco Canada
Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco Canada
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco Canada
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Canada
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Canada
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Canada
Cisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet Overview
Cisco Canada
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assurance
Cisco Canada
Cisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicing
Cisco Canada
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Canada
Cisco Connect Toronto 2018 sixty to zero
Cisco Connect Toronto 2018 sixty to zero
Cisco Canada
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Canada
More from Cisco Canada
(20)
Cisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devops
Cisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse locale
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybrides
Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018
Cisco connect montreal 2018 compute v final
Cisco connect montreal 2018 compute v final
Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 sixty to zero
Cisco Connect Toronto 2018 sixty to zero
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Recently uploaded
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Katpro Technologies
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
The Digital Insurer
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
Paola De la Torre
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Sinan KOZAK
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
V3cube
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Allon Mureinik
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
Recently uploaded
(20)
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Cisco Connect Halifax 2018 Putting firepower into the next generation firewall
1.
© 2017 Cisco
and/or its affiliates. All rights reserved. 1 Cisco Connect Your Time Is Now Putting Firepower into the Next Generation Firewall April 3, 2018 Consulting Systems Engineer Cybersecurity Alexandre Argeris
2.
© 2017 Cisco
and/or its affiliates. All rights reserved. 2 • Firepower Software Overview • ASA and Firepower NGFW platforms • Management options • New Capabilities in FMC • Deployment Design Use-case • Policies Today’s agenda Connect Cisco
3.
Cisco Confidential 3©
2016 Cisco and/or its affiliates. All rights reserved.
4.
Cisco Confidential 4©
2016 Cisco and/or its affiliates. All rights reserved. Firepower Threat Defense ASA (L2-L4) • L2-L4 Stateful Firewall • Scalable CGNAT, ACL, routing • Application inspection • RA + L2L VPN • Multi-Context Firepower (L7) • Threat-Centric NGIPS • AVC, URL Filtering for NGFW • Advanced Malware Protection Full Feature Set Continuous Feature Migration Firepower Threat Defense Single Converged OS Firewall URL Visibility Threats Firepower Management Center (FMC) ASA with Firepower Services
5.
Cisco Confidential 5©
2016 Cisco and/or its affiliates. All rights reserved. What are the Firepower Deployment Options? Firepower Appliances Firepower Threat Defense ASA with Firepower Services FirePOWER Services ASA 9.5.x Firepower Threat Defense Firepower Appliances 7000/7100/8000/Virtual ASA 5500X (all models) ASA 5500X / Virtual Firepower 2100 / 4100 / 9300 5585 cannot run FTD Image! All Managed by Firepower Management Center
6.
Cisco Confidential 6©
2016 Cisco and/or its affiliates. All rights reserved. Feature Comparison: ASA with Firepower Services and Firepower Threat Defense Features Firepower Threat Defense Firepower Services for ASA SIMILARITIES Routing +NAT ✔ (OSPF, BGP, Static, RIP, Multicast, EIGRP/PBR via FlexConfig) ✔ (OSPF, BGP, EIGRP, static, RIP, Multicast) OnBox Management ✔ ✔ HA (Active/Passive) ✔ ✔ Clustering (Active/Active) ✔ ✔ Site to Site and Remote Access VPN ✔ ✔ Policy based on SGT tags ✔ ✔ DIFFERENCES Unified ASA and Firepower rules and objects ✔ ❌ Hypervisor Support ✔ (AWS, VMware, KVM, Azure) ❌ Smart Licensing Support ✔ ❌ Multi-Context Support (Coming Soon!) ✔ Note: Not an exhaustive feature list
7.
Cisco Confidential 7©
2016 Cisco and/or its affiliates. All rights reserved. Firepower Threat Defense (FTD)
8.
Cisco Confidential 8©
2016 Cisco and/or its affiliates. All rights reserved. OpenAppID Next-generation visibility with OpenAppID Application Visibility & Control See and understand risks Enforce granular access control Prioritize traffic and limit rates Create detectors for custom apps Cisco database • 4,000+ apps Network & users ü û û ü û û ü 1 2 Rate-limit traffic
9.
Cisco Confidential 9©
2016 Cisco and/or its affiliates. All rights reserved. Web acceptable use controls and threat prevention URL Filtering – Security Intelligence Feeds – DNS Sinkhole capability Classify 280M+ URLs Filter sites using 80+ categories Manage “allow/block” lists easily Block latest malicious URLs Category-based Policy Creation Allow Block Admin Cisco URL Database DNS Sinkhole 01001010100 00100101101 Security feeds URL | IP | DNS NGFW Filtering BlockAllow Safe Search ………… ü û
10.
Cisco Confidential 10©
2016 Cisco and/or its affiliates. All rights reserved. Hardware decryption acceleration in 6.2.3 Granular SSL Decryption Capabilities SSL TLS handshake certificate inspection and TLS decryption engine Log SSL decryption engine Enforcement decisions Encrypted Traffic AVC http://www.%$&^*#$@#$.com http://www.%$&^*#$@#$.com Inspect deciphered packets Track and log all SSL sessions NGIPS gambling elicit http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com û ü û ü ü ü û ü û û TLS1.3: https://tools.ietf.org/html/draft-camwinget-tls-use-cases-00
11.
Cisco Confidential 11©
2016 Cisco and/or its affiliates. All rights reserved. Application and Context aware Intrusion Prevention Next-Generation Intrusion Prevention System (NGIPS) Communications App & Device Data 01011101001 010 010001101 010010 10 10 Data packets Prioritize response Blended threats • Network profiling • Phishing attacks • Innocuous payloads • Infrequent callouts 3 1 2 Accept Block Automate policies ISE Scan network traffic Correlate data Detect stealthy threats Respond based on priority
12.
Cisco Confidential 12©
2016 Cisco and/or its affiliates. All rights reserved. c File Reputation Malware and ransomware detection and blocking Cisco AMP Threat Grid (Advanced Malware Protection and cloud sandboxing) • Known Signatures • Fuzzy Fingerprinting • Indications of compromise û Block known malware Investigate files safely Detect new threats Respond to alerts File & Device Trajectory AMP for Network Log ü Threat Grid Sandboxing • Advanced Analytics • Dynamic analysis • Threat intelligence ? AMP for Endpoint Log Threat Disposition Enforcement across all endpoints RiskySafeUncertain Sandbox Analysis
13.
Cisco Confidential 13©
2016 Cisco and/or its affiliates. All rights reserved. FlexConfig • Provides a way to configure ASA features not exposed directly by Firepower Management Center • EIGRP Routing • PBR • ISIS Routing • NetFlow (NSEL) export • VXLAN • ALG inspections • IPv6 header inspection • Platform Sysopt commands • WCCP
14.
Cisco Confidential 14©
2016 Cisco and/or its affiliates. All rights reserved.
15.
Cisco Confidential 15©
2016 Cisco and/or its affiliates. All rights reserved. Cisco ASA 5500-X 5506 / 5508 / 5516 Performance Unified Management • 1-Gbp interfaces • Up to 1.2 Gbps throughput • 5545 / 5555 Redundant Power Supply and SSD option • Firepower Threat Defense or ASA Software Options • 1-Gbp interfaces • Up to 450 Mbps throughput • Wireless Option for 5506-X • Software Switching capability • Firepower Threat Defense or ASA Software Options • Firepower Management Center (Enterprise Management) • Firepower Device Manager (On Box Manager) • Cisco Defense Orchestrator (Cloud Management) SMB and Enterprise Branch NGFW 5525 / 5545 / 5555 Performance
16.
Cisco Confidential 16©
2016 Cisco and/or its affiliates. All rights reserved. Cisco Firepower 2100 Series Performance and Density Optimization Unified ManagementPurpose Built NGFW • Integrated inspection engines for FW, NGIPS, Application Visibility and Control (AVC), URL, Cisco Advanced Malware Protection (AMP) • 1-Gbp and 10-Gbps interfaces • Up to 8.5-Gbps throughput • 1-rack-unit (RU) form factor • Dual SSD slots • 12x RJ45 ports, 4xSFP(+) • 2130 / 2140 Models • 1x Network Module • Fail to Wire Option* • DC & Dual PSU support • Firepower Management Center (Enterprise Management) • Firepower Device Manager (On Box Manager) • Cisco Defense Orchestrator (Cloud Management) Introducing four high-performance models
17.
Cisco Confidential 17©
2016 Cisco and/or its affiliates. All rights reserved. FPR 2110 FPR 2120 FPR 2130 FPR 2140 Throughput NGFW 1.9 Gbps 3 Gbps 4.75 Gbps 8.5 Gbps Throughput NGFW + IPS 1.9 Gbps 3 Gbps 4.75 Gbps 8.5 Gbps Maximum concurrent sessions 1 M 1.2 M 2 M 3.5 M Maximum new connections per second 12000 16000 24000 40000 NO DROP IN PERFORMACE! Firepower 2100 Series Performance
18.
Cisco Confidential 18©
2016 Cisco and/or its affiliates. All rights reserved. Cisco Firepower 4100 Series High performance campus and data center Performance and Density Optimization Unified Management Multiservice Security • Integrated inspection engines for FW, NGIPS, Application Visibility and Control (AVC), URL, Cisco Advanced Malware Protection (AMP) • Radware WAF & DDoS and other future third party • 10-Gb and 40-Gb interfaces • Up to 24-Gbps throughput • 1-rack-unit (RU) form factor • Low latency • Firepower Management Center (Enterprise Management) • Firepower Device Manager (On Box Manager) • Cisco Defense Orchestrator (Cloud Management)
19.
Cisco Confidential 19©
2016 Cisco and/or its affiliates. All rights reserved. Cisco Firepower 9300 Platform Benefits • Integration of best-in-class security • Dynamic service stitching Features • ASA container option • Firepower™ Threat Defense: • NGIPS, AMP, URL, AVC • Third-party containers: • Radware DDoS Benefits • Standards and interoperability • Flexible architecture Features • Template-driven security • Secure containerization for customer apps • RESTful/JSON API • Third-party orchestration and management Features • Compact, 3RU form factor • 10-Gbps/40-Gbps I/O; 100-Gbps • Terabit backplane • Low latency, intelligent fast path • Network Equipment-Building System (NEBS) ready Modular Carrier Class Multiservice Security High performance data center
20.
Cisco Confidential 20©
2016 Cisco and/or its affiliates. All rights reserved. Cisco NGFW Platforms NGFW capabilities all managed by Firepower Management Center 250 Mb -> 1.75 Gb (NGFW + IPS Throughput) Firepower Threat Defense for ASA 5500-X 2 Gb -> 8 GB (NGFW + IPS Throughput) Firepower 2100 Series 41xx = 10 Gb -> 24 Gb 93xx = 24 Gb -> 53Gb Firepower 4100 Series and Firepower 9300 Up to 16x with clustering!
21.
Cisco Confidential 21©
2016 Cisco and/or its affiliates. All rights reserved. Software Support – Physical Platforms ASA Firepower NGIPS ASA with FirePOWER Services Firepower Threat Defense ASA 5506X -> 5555X (all models) ✅ ✅ ✅ Firepower 2100 (all models) ✅ ✅ Firepower 4100 (all models) ✅ ✅ Firepower 9300 (all models) ✅ ✅ ASA 5585 (With SSP blade) ✅ ✅ Firepower 7000 / 8000 (IPS appliances) ✅
22.
Cisco Confidential 22©
2016 Cisco and/or its affiliates. All rights reserved. Software Support - Virtual Platforms ASA Firepower NGIPS Firepower Threat Defense ASAv (VMware, AWS, Azure, Hyper-V, KVM) ✅ Firepower NGIPSv (VMware + ISR UCS-E) ✅ Firepower NGFWv (VMware AWS, Azure, KVM) ✅
23.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential 23 FTD Deployment Modes • FTD can act as both NGFW and NGIPS on different network interfaces NGIPS operates as standalone Firepower with limited ASA data plane functionality NGIPSNGFW FTDInline Eth1/1 Eth1/2 FTDInline Tap Eth1/1 Eth1/2 Passive Routed inside outside FTD DMZ Transparent inside outside FTD DMZ 10.1.1.0/24 10.1.2.0/24 10.1.3.0/24 10.1.1.0/24 FTD Eth1/1
24.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential 24 Segmentation VLAN Stitching APP IPS AMP APP IPS AMP APP IPS AMP Database Zone Application Zone Web Zone Campus Zone FTD FTD FTD FTD FTD Cluster How do I insert this into the Datacenter without having to change the physical infrastructure or move the routing?
25.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential 25 Segmentation VLAN Stitching - Before Database Zone Application Zone Web Zone FTD FTD FTD FTD FTD Cluster How do I insert this into the Datacenter without having to change the physical infrastructure or move the routing? L2/3 High Speed Switch 192.168.100.0/24 VLAN100 = 192.168.100.0/24 SVI = 192.168.100.1 VLAN100 Traffic never hits FW unless you change the routing or try to insert into the physical path
26.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential 26 Segmentation VLAN Stitching - After Database Zone Application Zone Web Zone FTD FTD FTD FTD FTD Cluster How do I insert this into the Datacenter without having to change the physical infrastructure or move the routing? L2/3 High Speed Switch 192.168.100.0/24 VLAN100 = 192.168.100.0/24 SVI = 192.168.100.1 VLAN101 = 192.168.100.10-50 VLAN102 = 192.168.100.51-100 VLAN103 = 192.168.100.101-110 Ex: Web Zone to get to App Zone has to go through policy on FTD. FTD stitches VLAN 101, 102 and 103. Now I can add additional L7 Inspection.
27.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential 29 The Security-Performance Problem Security Performance
28.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential 30 Fail-to-Wire Interfaces Bypass traffic upon appliance failure, including loss of power. Automatic Application Bypass Restarts Snort processes upon degraded performance Intelligent Application Bypass Application-specific acceleration of defined applications if performance is degraded Trust Rules Acceleration defined traffic but still apply Security Intelligence Prefilter Policy Bypass deep inspection and Security Intelligence based on Port / Protocol / IP Address / Zone Bypass Options 30
29.
Cisco Confidential 31©
2016 Cisco and/or its affiliates. All rights reserved.
30.
Cisco Confidential 32©
2016 Cisco and/or its affiliates. All rights reserved. Firepower Device Manager Enables easy on-box management of common security and policy tasks Enables comprehensive security administration and automation of multiple appliances Firepower Management Center Cisco Defense Orchestrator Enables centralized cloud-based policy management of multiple deployments On-box Centralized Cloud-based Management Options
31.
Cisco Confidential 33©
2016 Cisco and/or its affiliates. All rights reserved. • On-box manager for managing a single Firepower Threat Defense device • Targeted for SMB market • Designed for Networking Security Administrator • Simple & Intuitive • Mutually Exclusive from FMC • CLI for troubleshooting Firepower Device Manager
32.
Cisco Confidential 34©
2016 Cisco and/or its affiliates. All rights reserved. Enables easy on-box management of common security and policy tasks Enables comprehensive security administration and automation of multiple appliances Firepower Management Center Enables centralized cloud-based policy management of multiple deployments On-box Centralized Cloud-based Management Options
33.
Cisco Confidential 35©
2016 Cisco and/or its affiliates. All rights reserved. Enables easy on-box management of common security and policy tasks Enables comprehensive security administration and automation of multiple appliances Firepower Management Center Cisco Defense Orchestrator Enables centralized cloud-based policy management of multiple deployments On-box Centralized Cloud-based Management Options
34.
Cisco Confidential 37©
2016 Cisco and/or its affiliates. All rights reserved. On-box vs Off-box Firepower Management Center (Off-box) Firepower Device Manager (On-box) NAT & Routing Access Control Intrusion & Malware Device & Events Monitoring VPN - Site to Site & RA Security Intelligence Other Policies: SSL, Identity, Rate Limiting (QoS) etc. Active/Passive Authentications Firewall Mode Router / Transparent Routed Threat Intelligence & Analytics Correlation & Remediation Risk Reports Device Setup Wizard IPS Tuning High Availability
35.
Cisco Confidential 38©
2016 Cisco and/or its affiliates. All rights reserved.
36.
Cisco Confidential 39©
2016 Cisco and/or its affiliates. All rights reserved. Troubleshooting: Packet Tracer • Displays logs for a single simulated (virtual) packet • Tracing data will include information from Snort & preprocessors about verdicts and actions taken while processing a packet
37.
Cisco Confidential 40©
2016 Cisco and/or its affiliates. All rights reserved. Troubleshooting: Packet Capture with Trace • Captures and displays packets from live traffic • Allows PCAP file download of the capture buffer
38.
Cisco Confidential 41©
2016 Cisco and/or its affiliates. All rights reserved. Lookup features – Geolocation & WHOIS
39.
Cisco Confidential 42©
2016 Cisco and/or its affiliates. All rights reserved. Lookup Feature: URL
40.
Cisco Confidential 43©
2016 Cisco and/or its affiliates. All rights reserved. ISE remediation in using pxGrid
41.
Cisco Confidential 44©
2016 Cisco and/or its affiliates. All rights reserved. Cisco Threat Intelligence Director (CTID) • Uses customer threat intelligence to identify threats • Automatically blocks supported indicators on Cisco NGFW • Provides a single integration point for all STIX and CSV intelligence sources
42.
Cisco Confidential 45©
2016 Cisco and/or its affiliates. All rights reserved. Cisco Threat Intelligence Director Overview Cisco Threat Intelligence Director
43.
Cisco Confidential 46©
2016 Cisco and/or its affiliates. All rights reserved. Hail a TAXII !! • Free source of TAXII feeds • Website URL: http://hailataxii.com • Multiple feeds • To configure the TAXII intelligence source • URL: http://hailataxii.com/taxii-discovery-service • USERNAME: guest • PASSWORD: guest
44.
Cisco Confidential 47©
2016 Cisco and/or its affiliates. All rights reserved.
45.
Cisco Confidential 48©
2016 Cisco and/or its affiliates. All rights reserved. Use Case Internet Edge Firewall Requirement Connectivity and Availability Requirement: • High Availability ROUTED mode • Firewall should support Router or Transparent Mode Routing Requirements: • Static and BGP Routing • Dynamic NAT/PAT and Static NAT Security Requirements: • Application Control + URL Acceptable Use enforcement • IPS and Malware protection • SSL Decryption Authentication Requirements: • User authentication and device identity Solution Security Application: Firepower Threat Defense application with FMC ISP FW in HA Private Network Service Provider Campus/Priv ate Network DMZ Network Port- Channel Internet Edge
46.
Cisco Confidential 50©
2016 Cisco and/or its affiliates. All rights reserved. 10.1.1.0/24 192.168.1.0/24 192.168.1.1 10.1.1.1 IP:192.168.1.100 GW: 192.168.1.1 NAT Firewall Design: Modes of Operation • Routed Mode is the traditional mode of the firewall. Two or more interfaces that separate L3 domains – Firewall is the Router and Gateway for local hosts. • Transparent Mode is where the firewall acts as a bridge functioning at L2. • Transparent mode firewall offers some unique benefits in the DC. • Transparent deployment is tightly integrated with our ‘best practice’ data center designs.
47.
Cisco Confidential 51©
2016 Cisco and/or its affiliates. All rights reserved. Link Redundancy Resiliency with link failures Link and Platform Redundancy Capabilities Firewall Link Aggregation – High Availability - Clustering Inter-chassis Clustering Combine up to 16 9300 blades or 4100 appliances Active / Standby HA LACP Link Redundancy LACP Link Aggregation Control Protocol
48.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential 52 Firepower 4100/9300 Clustering Inside Switch FTD FTD FTD FTD FTD FTD Outside Switch Port-channel6 Port-channel5 Spanned EtherChannel (recommended) Inside Switch Outside Switch Note: L3 PBR and ECMP models are supported Benefits • High Scale: NGFW • Network Integration: Routing, switching, inter-site DC extensions • High Density: 40G/100G • Clustering: Intra-chassis, Inter- chassis, Inter-site • Consistent Policy Management Pay-As-You-Grow - Traditional ASA 16 node cluster - FTD 6 nodes today will scale to16 in the near future Out_P02 200.1.1.1/24 In_P01 10.1.1.1/24 VSS/VPC complianttotheIEEEstandard(802.3ad) VSS/VPC complianttotheIEEEstandard(802.3ad) Cisco Security Chalk Talk - NGFW Clustering Technology https://www.youtube.com/watch?v=yt8Cc4tS0kE&t=38s&index=3&list=PL FT-9JpKjRTANXKBmLbQ611TPYLXbUL_0
49.
Cisco Confidential 53©
2016 Cisco and/or its affiliates. All rights reserved. Dynamic NAT for Direct Internet Access Automatic and Manual (complex) NAT Support for FTD including IPv6
50.
Cisco Confidential 54©
2016 Cisco and/or its affiliates. All rights reserved. Rate limiting Cloud File Sharing Traffic • QOS Policy is a new policy type with separate policy table • Not associated with an Access Control Policy – directly associated with devices
51.
Cisco Confidential 55©
2016 Cisco and/or its affiliates. All rights reserved.
52.
© 2017 Cisco
and/or its affiliates. All rights reserved. Cisco Public Access Control Policy Access Control Rule Inspection Options Access Control Policy The glue that ties everything together Prefilter Policy SSL Policy Identity Policy Malware & File Policy Criteria (to match) Intrusion Policy Action DNS Policy TECSEC-2600 56
53.
Cisco Confidential 57©
2016 Cisco and/or its affiliates. All rights reserved. Access Control Policy blocking inappropriate content
54.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential 58 Security Intelligence & DNS Global Settings Whitelist / Blacklist capabilities
55.
Cisco Confidential 59©
2016 Cisco and/or its affiliates. All rights reserved. DNS Inspection • Security Intelligence support for domains • Addresses challenges with fast-flux domains • Cisco provided and user defined DNS lists: CnC, Spam, Malware, Phishing • Multiple Actions: Block, Domain Not Found, Sinkhole, Monitor • Indications of Compromise extended with DNS Security Intelligence DNS List Action
56.
Cisco Confidential 60©
2016 Cisco and/or its affiliates. All rights reserved. URL-Based Security Intelligence • Extension of IP-based SI • TALOS dynamic feed, 3rd party feeds and lists • Multiple categories: Malware, Phishing, CnC,… • Multiple Actions: Allow, Monitor, Block, Interactive Block,… • Policy configured via Access Rules or black- list • IoC tags for CnC and Malware URLs • New Dashboard widget for URL SI • Black/White-list URL with one click URL-SI Categories
57.
Cisco Confidential 61©
2016 Cisco and/or its affiliates. All rights reserved. Granular SSL Decrypt Can specify by application, certificate fields / status, ciphers, etc.
58.
Cisco Confidential 62©
2016 Cisco and/or its affiliates. All rights reserved. Custom IPS Policy
59.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential 63 Intrusion Policy and Network Discovery Policy . Firepower Recommended Rules automatically tunes your Snort rules for the applications, servers, and hosts on your network
60.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential 64 FirePower NGFW Intrusion events Impact Flag Administrator Action Why 1 Act immediately, vulnerable Event corresponds to vulnerability mapped to host 2 Investigate, potentially vulnerable Relevant port open or protocol in use, but no vuln mapped 3 Good to know, currently not vulnerable Relevant port not open or protocol not in use 4 Good to know, unknown target Monitored network, but unknown host 0 Good to know, unknown network Unmonitored network
61.
Cisco Confidential 65©
2016 Cisco and/or its affiliates. All rights reserved. Malware and File Analysis Attached to Access Policy
62.
Cisco Confidential 66©
2016 Cisco and/or its affiliates. All rights reserved. Identity Policy based on Passive Authentication
63.
Cisco Confidential 67©
2016 Cisco and/or its affiliates. All rights reserved. Access Control Policy Identity Control Can Mix and Match AD & ISE Identity Groups (Guest, BYOD, etc.)
64.
Cisco Confidential 69©
2016 Cisco and/or its affiliates. All rights reserved. ISE Integration • pxGrid feed to retrieve from ISE: • AD Username (Group lookup via AD Realm) • Device type profile & location • TrustSec Security Group Tag (SGT) • Ability to exert control based on the above in rules • i.e. block HR users from using personal iPads • Reduces ACL size and complexity
65.
Cisco Confidential 71©
2016 Cisco and/or its affiliates. All rights reserved. TrustSec Security Group Tag based identity from ISE Can also reference Identity Services Engine identified Device Profiles
66.
Cisco Confidential 83©
2016 Cisco and/or its affiliates. All rights reserved. Abbreviation Key! ASA = Adaptive Security Appliance FTD = Firepower Threat Defense FPS = Firepower Services FMC = Firepower Management Center FDM = Firepower Device Manager NGFW = Next Generation Firewall NGIPS = Next Generation Intrusion Prevention System AMP = Advanced Malware Protection API = Application Programming Interface ISE = Identity Services Engine IoC = Indicator of Compromise PAN = Place to cook your eggs
67.
Cisco Confidential 84©
2016 Cisco and/or its affiliates. All rights reserved. Useful links FTD: Common Practices Guide: http://cisco.lookbookhq.com/ngfw_ftd_common-practices/ftd-common- practices Short how-to videos: https://www.youtube.com/channel/UCwnm1oSSz8pPwDyfzFS5k3w/playlists Lab minutes videos: www.labminutes.com BU videos: https://www.youtube.com/channel/UCxTz5VApACLnh5_SDjtfoNg/videos?view _as=subscriber
68.
Thank you.
Download now