SlideShare una empresa de Scribd logo

Putting firepower into the next generation firewall

Cisco Canada
Cisco Canada

Putting firepower into the next generation firewall

Viajes
1 de 58
Descargar para leer sin conexión
Cisco Public© 2016 Cisco and/or its affiliates. All rights reserved. 1 Putting Firepower into the Next Generation Firewall Intégrer Firepower au pare-feu de prochaine génération Jeff Fanelli Principal Systems Engineer jefanell@cisco.com
Cisco Public 2© 2016 Cisco and/or its affiliates. All rights reserved. About your speaker Jeff Fanelli Principal Systems Engineer Cisco Global Security Sales Organization I’m from the U.S. state with the largest FRESH water coastline in the world!
Cisco Public 3© 2016 Cisco and/or its affiliates. All rights reserved. MICHIGAN (the “mitten” state..)
• Firepower Software Overview • ASA & Firepower NGFW Platforms • Management Options • Integration • Internet Edge Use Case Today’s Agenda
Cisco Public 5© 2016 Cisco and/or its affiliates. All rights reserved. Firepower NGFW Software
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 Firepower Threat Defense Malware Protection Network Profiling CISCO COLLECTIVE SECURITY INTELLIGENCE URL Filtering Integrated Software - Single Management WWW Identity-Policy Control Identity Based Policy Control Network Profiling Analytics & AutomationApplication Visibility &Control Intrusion Prevention High Availability Network Firewall and Routing
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 Firepower Threat Defense ASA (L2-L4) • L2-L4 Stateful Firewall • Scalable CGNAT, ACL, routing • Application inspection Firepower (L7) • Threat-Centric NGIPS • AVC, URL Filtering for NGFW • Advanced Malware Protection Full Feature Set Continuous Feature Migration Firepower Threat Defense Single Converged OS Firewall URL Visibility Threats Firepower Management Center (FMC) ASA with Firepower Services
Cisco Public 8© 2016 Cisco and/or its affiliates. All rights reserved. ASA & Firepower Platforms
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 Cisco NGFW Platforms NGFW capabilities all managed by Firepower Management Center 250 Mb -> 1.75 Gb (NGFW + IPS Throughput) Firepower Threat Defense for ASA 5500-X 2 Gb -> 8 GB (NGFW + IPS Throughput) Firepower 2100 Series 41xx = 10 Gb -> 24 Gb 93xx = 24 Gb -> 53Gb Firepower 4100 Series and Firepower 9300 Up to 16x with clustering!
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 10 Software Support - Virtual Platforms ASA Firepower NGIPS Firepower Threat Defense ASAv (vSphere, AWS, Azure, Hyper-V, KVM) ✓ Firepower NGIPSv (vSphere + ISR UCSE) ✓ Firepower NGFWv (vSphere, AWS, Azure, KVM) ✓
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 OpenAppID Next-generation visibility with OpenAppID Application Visibility & Control See and understand risks Enforce granular access control Prioritize traffic and limit rates Create detectors for custom apps Cisco database • 4,000+ apps • 180,000+ Micro- apps Network & users ü û û ü û û ü 1 2 Prioritize traffic
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 Web acceptable use controls and threat prevention URL Filtering – Security Intelligence Feeds – DNS Sinkhole capability Classify 280M+ URLs Filter sites using 80+ categories Manage “allow/block” lists easily Block latest malicious URLs Category-based Policy Creation Allow Block Admin Cisco URL Database DNS Sinkhole 01001010100 00100101101 Security feeds URL | IP | DNS NGFW Filtering BlockAllow Safe Search ………… ü û
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 Decrypt 3.5 Gbps traffic over five million simultaneous flows Granular SSL Decryption Capabilities SSL TLS handshake certificate inspection and TLS decryption engine Log SSL decryption engine Enforcement decisions Encrypted Traffic AVC http://www.%$&^*#$@#$.com http://www.%$&^*#$@#$.com Inspect deciphered packets Track and log all SSL sessions NGIPS gambling elicit http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com û ü û ü ü ü û ü û û
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 Application and Context aware Intrusion Prevention Next-Generation Intrusion Prevention System (NGIPS) Communications App & Device Data 01011101001 010 010001101 010010 10 10 Data packets Prioritize response Blended threats • Network profiling • Phishing attacks • Innocuous payloads • Infrequent callouts 3 1 2 Accept Block Automate policies ISE Scan network traffic Correlate data Detect stealthy threats Respond based on priority
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 c File Reputation Malware and ransomware detection and blocking Cisco AMP Threat Grid (Advanced Malware Protection and cloud sandboxing) • Known Signatures • Fuzzy Fingerprinting • Indications of compromise û Block known malware Investigate files safely Detect new threats Respond to alerts File & Device Trajectory AMP for Network Log ü Threat Grid Sandboxing • Advanced Analytics • Dynamic analysis • Threat intelligence ? AMP for Endpoint Log Threat Disposition Enforcement across all endpoints RiskySafeUncertain Sandbox Analysis
Cisco Public 16© 2016 Cisco and/or its affiliates. All rights reserved. Management Platform Options
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 Firepower Device Manager Enables easy on-box management of common security and policy tasks Enables comprehensive security administration and automation of multiple appliances Firepower Management Center On-box Centralized Management Options ASDM with FirePOWER Services Enables easy on- box migration and management of ASA with Firepower On-box
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 • On-box manager for managing a single Firepower Threat Defense device • Targeted for SMB market • Designed for Networking Security Administrator • Simple & Intuitive • On-screen troubleshooting Firepower Device Manager
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 Firepower Device Manager Enables easy on-box management of common security and policy tasks Enables comprehensive security administration and automation of multiple appliances Firepower Management Center On-box Centralized Management Options ASDM with FirePOWER Services Enables easy on- box migration and management of ASA with Firepower On-box
Firepower Management Center
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 21 Firepower Device Manager Enables easy on-box management of common security and policy tasks Enables comprehensive security administration and automation of multiple appliances Firepower Management Center ASDM with FirePOWER Services Enables easy on- box migration and management of ASA with Firepower On-box Centralized On-box Management Options
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 Firepower Device Manager Enables easy on-box management of common security and policy tasks Enables comprehensive security administration and automation of multiple appliances Firepower Management Center On-box Centralized Management Options ASDM with FirePOWER Services Enables easy on- box migration and management of ASA with Firepower On-box
Cisco Public 23© 2016 Cisco and/or its affiliates. All rights reserved. Integration Capabilities
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 24 ISE remediation in using pxGrid
Cisco Public 25© 2016 Cisco and/or its affiliates. All rights reserved. 3rd Party Integration SNMP, Syslog, NetFlow or eStreamer
LiveAction
Cisco Public 30© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Threat Intelligence Director
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 31 Cisco Threat Intelligence Director (CTID) • Uses customer threat intelligence to identify threats • Automatically blocks supported indicators on Cisco NGFW • Provides a single integration point for all STIX and CSV intelligence sources
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 32 Hail a TAXII !! • Free source of TAXII feeds • Website URL: http://hailataxii.com • Multiple feeds • To configure the TAXII intelligence source URL: http://hailataxii.com/taxii-discovery-service USERNAME: guest PASSWORD: guest
Cisco Public 33© 2016 Cisco and/or its affiliates. All rights reserved. Deployment Designs Use Case
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 34 Use Case Internet Edge Firewall Requirement Connectivity and Availability Requirement: • High Availability ROUTED mode • Firewall should support Router or Transparent Mode Routing Requirements: • Static and BGP Routing • Dynamic NAT/PAT and Static NAT Security Requirements: • Application Control + URL Acceptable Use enforcement • IPS and Malware protection • SSL Decryption Authentication Requirements: • User authentication and device identity Solution Security Application: Firepower Threat Defense application with FMC ISP FW in HA Private Network Service Provider Campus/Priv ate Network DMZ Network Port- Channel Internet Edge
Cisco Public 35© 2016 Cisco and/or its affiliates. All rights reserved. Connectivity and Availability
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 36 10.1.1.0/24 192.168.1.0/24 192.168.1.1 10.1.1.1 IP:192.168.1.100 GW: 192.168.1.1 NAT DRP Firewall Design: Modes of Operation • Routed Mode is the traditional mode of the firewall. Two or more interfaces that separate L3 domains – Firewall is the Router and Gateway for local hosts. • Transparent Mode is where the firewall acts as a bridge functioning at L2. Transparent mode firewall offers some unique benefits in the DC. Transparent deployment is tightly integrated with our ‘best practice’ data center designs.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 37 Link Redundancy Resiliency with link failures Link and Platform Redundancy Capabilities Firewall Link Aggregation – High Availability - Clustering Inter-chassis Clustering Combine up to 16 9300 blades or 4100 chasses Active / Standby HA LACP Link Redundancy LACP Link Aggregation Control Protocol
Cisco Public 38© 2016 Cisco and/or its affiliates. All rights reserved. Routing Requirements
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 39 Dynamic NAT for Direct Internet Access Automatic and Manual (complex) NAT Support for FTD including IPv6
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 40 Routing Protocol support • OSPF and OSPFv3 (IPv6) • BGP (IPv4 & IPv6) • Static Route Tunneled Route support for VPNs Reverse Route Injection for VPNs • Multicast Routing IGMP PIM • EIGRP via FlexConfig IPv4 and IPv6 advanced routing
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 41 4 1 BRK Rate limiting Cloud File Sharing Traffic QOS Policy is a new policy type with separate policy table Upload and download rate limiting per application with identity!
Cisco Public 42© 2016 Cisco and/or its affiliates. All rights reserved. Security Requirements
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 43 Access Control Policy blocking inappropriate content
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 44 Granular SSL Decrypt Can specify by application, certificate fields / status, ciphers, etc. Decrypt Cert required!
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 45 Custom IPS Policy
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 46 Malware and File Analysis Attached to Access Policy
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 47 URL-Based Security Intelligence • Extension of IP-based SI • TALOS dynamic feed, 3rd party feeds and lists • Multiple categories: Malware, Phishing, CnC,… • Multiple Actions: Allow, Monitor, Block, Interactive Block,… • Policy configured via Access Rules or black- list • IoC tags for CnC and Malware URLs • New Dashboard widget for UR SI • Black/White-list URL with one click URL-SI Categories
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 48 DNS Inspection • Security Intelligence support for domains • Addresses challenges with fast-flux domains • Cisco provided and user defined DNS lists: CnC, Spam, Malware, Phishing • Multiple Actions: Block, Domain Not Found, Sinkhole, Monitor • Indications of Compromise extended with DNS Security Intelligence DNS List Action
Cisco Public 49© 2016 Cisco and/or its affiliates. All rights reserved. Identity Requirements Authentication and Authorization
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 50 Access Control Policy Identity Control Can Mix and Match AD & ISE Identity Groups (Guest, BYOD, etc.)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 51 TrustSec Security Group Tag based identity from ISE Can also reference Identity Services Engine identified Device Profiles
Cisco Public 52© 2016 Cisco and/or its affiliates. All rights reserved. Branch Firewall Use Cases Site to Site and Remote Access VPN
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 53 Headquarters and Branch NGFW Example Use of Groups in FMC for organization • ONE policy sets applied to all branch firewalls
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 54 Headquarters and Branch NGFW Example Dynamic Endpoint option for sites with DHCP Outside Interface • VPN can be backup to MPLS or dedicated WAN
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 55 Secure Remote Access for Roaming User ISP FP2100 in HA Private Network Campus/Priv ate Network Internet Edge • Secure SSL/IPsec AnyConnect access to corporate network • AMP and File inspection Policy to monitor roaming user data. • Easy RA VPN Wizard to configure AnyConnect Remote Access VPN • Advanced Application level inspection can be enabled to enforce security on inbound Remote Access User data. • Monitoring and Troubleshooting to monitor remote access activity and simplified tool for troubleshooting. Secure access using Firepower
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 56 Remote Access VPN • AnyConnect client- based VPN • Use cases: Split or full tunnel Multiple Connection profiles Username / password and or certificate authentication support
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 57 Firepower Threat Defense Summary Power Internet Edge and Branch WAN Platform • Powerful Threat Defense Capabilities • Advanced Site to Site VPN and routing protocol support • AnyConnect Remote Access Unified Management Robust NGFW Feature set Flexible Deployment
Thank you.

Recomendados

Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco connect winnipeg 2018 putting firepower into the next generation fire...Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco connect winnipeg 2018 putting firepower into the next generation fire...Cisco Canada
 
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...Cisco Canada
 
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi ExperienceCisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi ExperienceCisco Canada
 
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...Cisco Canada
 
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WAN
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WANCisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WAN
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WANCisco Canada
 
Gain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC NetworkingGain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC NetworkingCisco Canada
 
Cisco Connect Montreal 2017 - Optimizing Your Client's Wi-Fi Experience
Cisco Connect Montreal 2017 - Optimizing Your Client's Wi-Fi ExperienceCisco Connect Montreal 2017 - Optimizing Your Client's Wi-Fi Experience
Cisco Connect Montreal 2017 - Optimizing Your Client's Wi-Fi ExperienceCisco Canada
 
Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...
Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...
Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...Cisco Canada
 

Recomendados

Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco connect winnipeg 2018 putting firepower into the next generation fire...Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco connect winnipeg 2018 putting firepower into the next generation fire...Cisco Canada
 
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...Cisco Canada
 
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi ExperienceCisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi ExperienceCisco Canada
 
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...Cisco Canada
 
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WAN
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WANCisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WAN
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WANCisco Canada
 
Gain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC NetworkingGain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC NetworkingCisco Canada
 
Cisco Connect Montreal 2017 - Optimizing Your Client's Wi-Fi Experience
Cisco Connect Montreal 2017 - Optimizing Your Client's Wi-Fi ExperienceCisco Connect Montreal 2017 - Optimizing Your Client's Wi-Fi Experience
Cisco Connect Montreal 2017 - Optimizing Your Client's Wi-Fi ExperienceCisco Canada
 
Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...
Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...
Cisco Connect Vancouver 2017 - Gain insight and programmability with Cisco DC...Cisco Canada
 
Cisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attackCisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attackCisco Canada
 
TAC Vision & Strategy
TAC Vision & StrategyTAC Vision & Strategy
TAC Vision & StrategyCisco Canada
 
Cisco Meraki - Simplifying Powerful Technology
Cisco Meraki - Simplifying Powerful TechnologyCisco Meraki - Simplifying Powerful Technology
Cisco Meraki - Simplifying Powerful TechnologyCisco Canada
 
Hosted Security as a Service - Solution Architecture Design
Hosted Security as a Service - Solution Architecture DesignHosted Security as a Service - Solution Architecture Design
Hosted Security as a Service - Solution Architecture DesignCisco Canada
 
Cisco Connect Toronto 2017 - Your time is now
Cisco Connect Toronto 2017 - Your time is nowCisco Connect Toronto 2017 - Your time is now
Cisco Connect Toronto 2017 - Your time is nowCisco Canada
 
Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...
Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...
Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...Cisco Canada
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data CenterCisco Canada
 
Cisco Connect Toronto 2017 - NFV/SDN Platform for Orchestrating Cloud and vBr...
Cisco Connect Toronto 2017 - NFV/SDN Platform for Orchestrating Cloud and vBr...Cisco Connect Toronto 2017 - NFV/SDN Platform for Orchestrating Cloud and vBr...
Cisco Connect Toronto 2017 - NFV/SDN Platform for Orchestrating Cloud and vBr...Cisco Canada
 
Cisco Connect Vancouver 2017 - Optimizing your client's wi fi experience
Cisco Connect Vancouver 2017 - Optimizing your client's wi fi experienceCisco Connect Vancouver 2017 - Optimizing your client's wi fi experience
Cisco Connect Vancouver 2017 - Optimizing your client's wi fi experienceCisco Canada
 
Network Function Virtualization (NFV) using IOS-XR
Network Function Virtualization (NFV) using IOS-XRNetwork Function Virtualization (NFV) using IOS-XR
Network Function Virtualization (NFV) using IOS-XRCisco Canada
 
Magical meeting experiences
Magical meeting experiences Magical meeting experiences
Magical meeting experiences Cisco Canada
 
Cisco Connect Halifax 2018 Putting firepower into the next generation firewall
Cisco Connect Halifax 2018 Putting firepower into the next generation firewallCisco Connect Halifax 2018 Putting firepower into the next generation firewall
Cisco Connect Halifax 2018 Putting firepower into the next generation firewallCisco Canada
 
Leverage the Network
Leverage the NetworkLeverage the Network
Leverage the NetworkCisco Canada
 
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WAN
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WANCisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WAN
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WANCisco Canada
 
Cisco Meraki - Let Simple Work for You
Cisco Meraki - Let Simple Work for YouCisco Meraki - Let Simple Work for You
Cisco Meraki - Let Simple Work for YouCisco Canada
 
Cisco Connect Toronto 2017 - UCS and Hyperflex update
Cisco Connect Toronto 2017 - UCS and Hyperflex updateCisco Connect Toronto 2017 - UCS and Hyperflex update
Cisco Connect Toronto 2017 - UCS and Hyperflex updateCisco Canada
 
Cisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation BranchCisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation BranchCisco Canada
 
Cisco Connect Toronto 2018 dc-aci-anywhere
Cisco Connect Toronto 2018 dc-aci-anywhereCisco Connect Toronto 2018 dc-aci-anywhere
Cisco Connect Toronto 2018 dc-aci-anywhereCisco Canada
 
Accelerating incident response in organizations of any size
Accelerating incident response in organizations of any sizeAccelerating incident response in organizations of any size
Accelerating incident response in organizations of any sizeCisco Canada
 
Cisco Connect Halifax 2018 Cisco Spark hybrid services architectural design
Cisco Connect Halifax 2018 Cisco Spark hybrid services architectural designCisco Connect Halifax 2018 Cisco Spark hybrid services architectural design
Cisco Connect Halifax 2018 Cisco Spark hybrid services architectural designCisco Canada
 
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation FirewallCisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation FirewallCisco Canada
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
 

Más contenido relacionado

La actualidad más candente

Cisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attackCisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attackCisco Canada
 
TAC Vision & Strategy
TAC Vision & StrategyTAC Vision & Strategy
TAC Vision & StrategyCisco Canada
 
Cisco Meraki - Simplifying Powerful Technology
Cisco Meraki - Simplifying Powerful TechnologyCisco Meraki - Simplifying Powerful Technology
Cisco Meraki - Simplifying Powerful TechnologyCisco Canada
 
Hosted Security as a Service - Solution Architecture Design
Hosted Security as a Service - Solution Architecture DesignHosted Security as a Service - Solution Architecture Design
Hosted Security as a Service - Solution Architecture DesignCisco Canada
 
Cisco Connect Toronto 2017 - Your time is now
Cisco Connect Toronto 2017 - Your time is nowCisco Connect Toronto 2017 - Your time is now
Cisco Connect Toronto 2017 - Your time is nowCisco Canada
 
Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...
Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...
Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...Cisco Canada
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data CenterCisco Canada
 
Cisco Connect Toronto 2017 - NFV/SDN Platform for Orchestrating Cloud and vBr...
Cisco Connect Toronto 2017 - NFV/SDN Platform for Orchestrating Cloud and vBr...Cisco Connect Toronto 2017 - NFV/SDN Platform for Orchestrating Cloud and vBr...
Cisco Connect Toronto 2017 - NFV/SDN Platform for Orchestrating Cloud and vBr...Cisco Canada
 
Cisco Connect Vancouver 2017 - Optimizing your client's wi fi experience
Cisco Connect Vancouver 2017 - Optimizing your client's wi fi experienceCisco Connect Vancouver 2017 - Optimizing your client's wi fi experience
Cisco Connect Vancouver 2017 - Optimizing your client's wi fi experienceCisco Canada
 
Network Function Virtualization (NFV) using IOS-XR
Network Function Virtualization (NFV) using IOS-XRNetwork Function Virtualization (NFV) using IOS-XR
Network Function Virtualization (NFV) using IOS-XRCisco Canada
 
Magical meeting experiences
Magical meeting experiences Magical meeting experiences
Magical meeting experiences Cisco Canada
 
Cisco Connect Halifax 2018 Putting firepower into the next generation firewall
Cisco Connect Halifax 2018 Putting firepower into the next generation firewallCisco Connect Halifax 2018 Putting firepower into the next generation firewall
Cisco Connect Halifax 2018 Putting firepower into the next generation firewallCisco Canada
 
Leverage the Network
Leverage the NetworkLeverage the Network
Leverage the NetworkCisco Canada
 
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WAN
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WANCisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WAN
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WANCisco Canada
 
Cisco Meraki - Let Simple Work for You
Cisco Meraki - Let Simple Work for YouCisco Meraki - Let Simple Work for You
Cisco Meraki - Let Simple Work for YouCisco Canada
 
Cisco Connect Toronto 2017 - UCS and Hyperflex update
Cisco Connect Toronto 2017 - UCS and Hyperflex updateCisco Connect Toronto 2017 - UCS and Hyperflex update
Cisco Connect Toronto 2017 - UCS and Hyperflex updateCisco Canada
 
Cisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation BranchCisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation BranchCisco Canada
 
Cisco Connect Toronto 2018 dc-aci-anywhere
Cisco Connect Toronto 2018 dc-aci-anywhereCisco Connect Toronto 2018 dc-aci-anywhere
Cisco Connect Toronto 2018 dc-aci-anywhereCisco Canada
 
Accelerating incident response in organizations of any size
Accelerating incident response in organizations of any sizeAccelerating incident response in organizations of any size
Accelerating incident response in organizations of any sizeCisco Canada
 
Cisco Connect Halifax 2018 Cisco Spark hybrid services architectural design
Cisco Connect Halifax 2018 Cisco Spark hybrid services architectural designCisco Connect Halifax 2018 Cisco Spark hybrid services architectural design
Cisco Connect Halifax 2018 Cisco Spark hybrid services architectural designCisco Canada
 

La actualidad más candente (20)

Cisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attackCisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attack
 
TAC Vision & Strategy
TAC Vision & StrategyTAC Vision & Strategy
TAC Vision & Strategy
 
Cisco Meraki - Simplifying Powerful Technology
Cisco Meraki - Simplifying Powerful TechnologyCisco Meraki - Simplifying Powerful Technology
Cisco Meraki - Simplifying Powerful Technology
 
Hosted Security as a Service - Solution Architecture Design
Hosted Security as a Service - Solution Architecture DesignHosted Security as a Service - Solution Architecture Design
Hosted Security as a Service - Solution Architecture Design
 
Cisco Connect Toronto 2017 - Your time is now
Cisco Connect Toronto 2017 - Your time is nowCisco Connect Toronto 2017 - Your time is now
Cisco Connect Toronto 2017 - Your time is now
 
Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...
Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...
Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data Center
 
Cisco Connect Toronto 2017 - NFV/SDN Platform for Orchestrating Cloud and vBr...
Cisco Connect Toronto 2017 - NFV/SDN Platform for Orchestrating Cloud and vBr...Cisco Connect Toronto 2017 - NFV/SDN Platform for Orchestrating Cloud and vBr...
Cisco Connect Toronto 2017 - NFV/SDN Platform for Orchestrating Cloud and vBr...
 
Cisco Connect Vancouver 2017 - Optimizing your client's wi fi experience
Cisco Connect Vancouver 2017 - Optimizing your client's wi fi experienceCisco Connect Vancouver 2017 - Optimizing your client's wi fi experience
Cisco Connect Vancouver 2017 - Optimizing your client's wi fi experience
 
Network Function Virtualization (NFV) using IOS-XR
Network Function Virtualization (NFV) using IOS-XRNetwork Function Virtualization (NFV) using IOS-XR
Network Function Virtualization (NFV) using IOS-XR
 
Magical meeting experiences
Magical meeting experiences Magical meeting experiences
Magical meeting experiences
 
Cisco Connect Halifax 2018 Putting firepower into the next generation firewall
Cisco Connect Halifax 2018 Putting firepower into the next generation firewallCisco Connect Halifax 2018 Putting firepower into the next generation firewall
Cisco Connect Halifax 2018 Putting firepower into the next generation firewall
 
Leverage the Network
Leverage the NetworkLeverage the Network
Leverage the Network
 
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WAN
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WANCisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WAN
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WAN
 
Cisco Meraki - Let Simple Work for You
Cisco Meraki - Let Simple Work for YouCisco Meraki - Let Simple Work for You
Cisco Meraki - Let Simple Work for You
 
Cisco Connect Toronto 2017 - UCS and Hyperflex update
Cisco Connect Toronto 2017 - UCS and Hyperflex updateCisco Connect Toronto 2017 - UCS and Hyperflex update
Cisco Connect Toronto 2017 - UCS and Hyperflex update
 
Cisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation BranchCisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation Branch
 
Cisco Connect Toronto 2018 dc-aci-anywhere
Cisco Connect Toronto 2018 dc-aci-anywhereCisco Connect Toronto 2018 dc-aci-anywhere
Cisco Connect Toronto 2018 dc-aci-anywhere
 
Accelerating incident response in organizations of any size
Accelerating incident response in organizations of any sizeAccelerating incident response in organizations of any size
Accelerating incident response in organizations of any size
 
Cisco Connect Halifax 2018 Cisco Spark hybrid services architectural design
Cisco Connect Halifax 2018 Cisco Spark hybrid services architectural designCisco Connect Halifax 2018 Cisco Spark hybrid services architectural design
Cisco Connect Halifax 2018 Cisco Spark hybrid services architectural design
 

Similar a Putting firepower into the next generation firewall

Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation FirewallCisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation FirewallCisco Canada
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
 
Firepower ngfw internet
Firepower ngfw internetFirepower ngfw internet
Firepower ngfw internetRony Melo
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallCisco Canada
 
Putting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation FirewallPutting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation FirewallCisco Canada
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation SecurityCisco Canada
 
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation SecurityBGA Cyber Security
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA Cyber Security
 
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attackCisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attackCisco Canada
 
Scalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Decisions
 
Proteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de SegurançaProteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de SegurançaCisco do Brasil
 
SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)
SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)
SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)Cisco Canada
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecRobb Boyd
 
CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...
CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...
CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...Cristian Garcia G.
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...Cisco Canada
 
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...PROIDEA
 
Cisco Connect Vancouver 2017 - Anatomy of Attack
Cisco Connect Vancouver 2017 - Anatomy of AttackCisco Connect Vancouver 2017 - Anatomy of Attack
Cisco Connect Vancouver 2017 - Anatomy of AttackCisco Canada
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Decisions
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Decisions
 

Similar a Putting firepower into the next generation firewall (20)

Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation FirewallCisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment Scenarios
 
Firepower ngfw internet
Firepower ngfw internetFirepower ngfw internet
Firepower ngfw internet
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation Firewall
 
Putting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation FirewallPutting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation Firewall
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
 
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
 
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attackCisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attack
 
Scalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto Presentation
 
Proteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de SegurançaProteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de Segurança
 
SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)
SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)
SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSec
 
CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...
CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...
CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...
 
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
 
Cisco Connect Vancouver 2017 - Anatomy of Attack
Cisco Connect Vancouver 2017 - Anatomy of AttackCisco Connect Vancouver 2017 - Anatomy of Attack
Cisco Connect Vancouver 2017 - Anatomy of Attack
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
 

Más de Cisco Canada

Cisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devopsCisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devopsCisco Canada
 
Cisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018 iot demo kinetic frCisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018 iot demo kinetic frCisco Canada
 
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal VirtualizationCisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal VirtualizationCisco Canada
 
Cisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dcCisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dcCisco Canada
 
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 enterprise networks - say goodbye to vla nsCisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 enterprise networks - say goodbye to vla nsCisco Canada
 
Cisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse localeCisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse localeCisco Canada
 
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec CiscoCisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec CiscoCisco Canada
 
Cisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybridesCisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybridesCisco Canada
 
Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018Cisco Canada
 
Cisco connect montreal 2018 compute v final
Cisco connect montreal 2018 compute v finalCisco connect montreal 2018 compute v final
Cisco connect montreal 2018 compute v finalCisco Canada
 
Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2Cisco Canada
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco Canada
 
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...Cisco Canada
 
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kineticCisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kineticCisco Canada
 
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...Cisco Canada
 
Cisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet OverviewCisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet OverviewCisco Canada
 
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assuranceCisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assuranceCisco Canada
 
Cisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicingCisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicingCisco Canada
 
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Canada
 
Cisco Connect Toronto 2018 sixty to zero
Cisco Connect Toronto 2018 sixty to zeroCisco Connect Toronto 2018 sixty to zero
Cisco Connect Toronto 2018 sixty to zeroCisco Canada
 

Más de Cisco Canada (20)

Cisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devopsCisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devops
 
Cisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018 iot demo kinetic frCisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018 iot demo kinetic fr
 
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal VirtualizationCisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
 
Cisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dcCisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dc
 
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 enterprise networks - say goodbye to vla nsCisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
 
Cisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse localeCisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse locale
 
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec CiscoCisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
 
Cisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybridesCisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybrides
 
Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018
 
Cisco connect montreal 2018 compute v final
Cisco connect montreal 2018 compute v finalCisco connect montreal 2018 compute v final
Cisco connect montreal 2018 compute v final
 
Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
 
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
 
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kineticCisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
 
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
 
Cisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet OverviewCisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet Overview
 
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assuranceCisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assurance
 
Cisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicingCisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicing
 
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
 
Cisco Connect Toronto 2018 sixty to zero
Cisco Connect Toronto 2018 sixty to zeroCisco Connect Toronto 2018 sixty to zero
Cisco Connect Toronto 2018 sixty to zero
 

Último

question 2: airplane vocabulary presentation
question 2: airplane vocabulary presentationquestion 2: airplane vocabulary presentation
question 2: airplane vocabulary presentationcaminantesdaauga
 
5S - House keeping (Seiri, Seiton, Seiso, Seiketsu, Shitsuke)
5S - House keeping (Seiri, Seiton, Seiso, Seiketsu, Shitsuke)5S - House keeping (Seiri, Seiton, Seiso, Seiketsu, Shitsuke)
5S - House keeping (Seiri, Seiton, Seiso, Seiketsu, Shitsuke)Mazie Garcia
 
Haitian culture and stuff and places and food and travel.pptx
Haitian culture and stuff and places and food and travel.pptxHaitian culture and stuff and places and food and travel.pptx
Haitian culture and stuff and places and food and travel.pptxhxhlixia
 
Italia Lucca 1 Un tesoro nascosto tra le sue mura
Italia Lucca 1 Un tesoro nascosto tra le sue muraItalia Lucca 1 Un tesoro nascosto tra le sue mura
Italia Lucca 1 Un tesoro nascosto tra le sue murasandamichaela *
 
Revolutionalizing Travel: A VacAI Update
Revolutionalizing Travel: A VacAI UpdateRevolutionalizing Travel: A VacAI Update
Revolutionalizing Travel: A VacAI Updatejoymorrison10
 
Sicily Holidays Guide Book: Unveiling the Treasures of Italy's Jewel
Sicily Holidays Guide Book: Unveiling the Treasures of Italy's JewelSicily Holidays Guide Book: Unveiling the Treasures of Italy's Jewel
Sicily Holidays Guide Book: Unveiling the Treasures of Italy's JewelTime for Sicily
 
Hoi An Ancient Town, Vietnam (越南 會安古鎮).ppsx
Hoi An Ancient Town, Vietnam (越南 會安古鎮).ppsxHoi An Ancient Town, Vietnam (越南 會安古鎮).ppsx
Hoi An Ancient Town, Vietnam (越南 會安古鎮).ppsxChung Yen Chang
 
69 Girls ✠ 9599264170 ✠ Call Girls In East Of Kailash (VIP)
69 Girls ✠ 9599264170 ✠ Call Girls In East Of Kailash (VIP)69 Girls ✠ 9599264170 ✠ Call Girls In East Of Kailash (VIP)
69 Girls ✠ 9599264170 ✠ Call Girls In East Of Kailash (VIP)Escort Service
 
Where to Stay in Lagos, Portugal.pptxasd
Where to Stay in Lagos, Portugal.pptxasdWhere to Stay in Lagos, Portugal.pptxasd
Where to Stay in Lagos, Portugal.pptxasdusmanghaniwixpatriot
 
Moroccan Architecture presentation ( Omar & Yasine ).pptx
Moroccan Architecture presentation ( Omar & Yasine ).pptxMoroccan Architecture presentation ( Omar & Yasine ).pptx
Moroccan Architecture presentation ( Omar & Yasine ).pptxOmarOuazzani1
 
Authentic Travel Experience 2024 Greg DeShields.pptx
Authentic Travel Experience 2024 Greg DeShields.pptxAuthentic Travel Experience 2024 Greg DeShields.pptx
Authentic Travel Experience 2024 Greg DeShields.pptxGregory DeShields
 
Aeromexico Airlines Flight Name Change Policy
Aeromexico Airlines Flight Name Change PolicyAeromexico Airlines Flight Name Change Policy
Aeromexico Airlines Flight Name Change PolicyFlyFairTravels
 
How Safe Is It To Witness Whales In Maui’s Waters
How Safe Is It To Witness Whales In Maui’s WatersHow Safe Is It To Witness Whales In Maui’s Waters
How Safe Is It To Witness Whales In Maui’s WatersMakena Coast Charters
 
a presentation for foreigners about how to travel in Germany.
a presentation for foreigners about how to travel in Germany.a presentation for foreigners about how to travel in Germany.
a presentation for foreigners about how to travel in Germany.moritzmieg
 
Inspirational Quotes About Italy and Food
Inspirational Quotes About Italy and FoodInspirational Quotes About Italy and Food
Inspirational Quotes About Italy and FoodKasia Chojecki
 

Último (17)

Enjoy ➥8448380779▻ Call Girls In Sector 62 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 62 Noida Escorts Delhi NCREnjoy ➥8448380779▻ Call Girls In Sector 62 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 62 Noida Escorts Delhi NCR
 
question 2: airplane vocabulary presentation
question 2: airplane vocabulary presentationquestion 2: airplane vocabulary presentation
question 2: airplane vocabulary presentation
 
5S - House keeping (Seiri, Seiton, Seiso, Seiketsu, Shitsuke)
5S - House keeping (Seiri, Seiton, Seiso, Seiketsu, Shitsuke)5S - House keeping (Seiri, Seiton, Seiso, Seiketsu, Shitsuke)
5S - House keeping (Seiri, Seiton, Seiso, Seiketsu, Shitsuke)
 
Haitian culture and stuff and places and food and travel.pptx
Haitian culture and stuff and places and food and travel.pptxHaitian culture and stuff and places and food and travel.pptx
Haitian culture and stuff and places and food and travel.pptx
 
Italia Lucca 1 Un tesoro nascosto tra le sue mura
Italia Lucca 1 Un tesoro nascosto tra le sue muraItalia Lucca 1 Un tesoro nascosto tra le sue mura
Italia Lucca 1 Un tesoro nascosto tra le sue mura
 
Revolutionalizing Travel: A VacAI Update
Revolutionalizing Travel: A VacAI UpdateRevolutionalizing Travel: A VacAI Update
Revolutionalizing Travel: A VacAI Update
 
Sicily Holidays Guide Book: Unveiling the Treasures of Italy's Jewel
Sicily Holidays Guide Book: Unveiling the Treasures of Italy's JewelSicily Holidays Guide Book: Unveiling the Treasures of Italy's Jewel
Sicily Holidays Guide Book: Unveiling the Treasures of Italy's Jewel
 
Hoi An Ancient Town, Vietnam (越南 會安古鎮).ppsx
Hoi An Ancient Town, Vietnam (越南 會安古鎮).ppsxHoi An Ancient Town, Vietnam (越南 會安古鎮).ppsx
Hoi An Ancient Town, Vietnam (越南 會安古鎮).ppsx
 
69 Girls ✠ 9599264170 ✠ Call Girls In East Of Kailash (VIP)
69 Girls ✠ 9599264170 ✠ Call Girls In East Of Kailash (VIP)69 Girls ✠ 9599264170 ✠ Call Girls In East Of Kailash (VIP)
69 Girls ✠ 9599264170 ✠ Call Girls In East Of Kailash (VIP)
 
Enjoy ➥8448380779▻ Call Girls In Sector 74 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 74 Noida Escorts Delhi NCREnjoy ➥8448380779▻ Call Girls In Sector 74 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 74 Noida Escorts Delhi NCR
 
Where to Stay in Lagos, Portugal.pptxasd
Where to Stay in Lagos, Portugal.pptxasdWhere to Stay in Lagos, Portugal.pptxasd
Where to Stay in Lagos, Portugal.pptxasd
 
Moroccan Architecture presentation ( Omar & Yasine ).pptx
Moroccan Architecture presentation ( Omar & Yasine ).pptxMoroccan Architecture presentation ( Omar & Yasine ).pptx
Moroccan Architecture presentation ( Omar & Yasine ).pptx
 
Authentic Travel Experience 2024 Greg DeShields.pptx
Authentic Travel Experience 2024 Greg DeShields.pptxAuthentic Travel Experience 2024 Greg DeShields.pptx
Authentic Travel Experience 2024 Greg DeShields.pptx
 
Aeromexico Airlines Flight Name Change Policy
Aeromexico Airlines Flight Name Change PolicyAeromexico Airlines Flight Name Change Policy
Aeromexico Airlines Flight Name Change Policy
 
How Safe Is It To Witness Whales In Maui’s Waters
How Safe Is It To Witness Whales In Maui’s WatersHow Safe Is It To Witness Whales In Maui’s Waters
How Safe Is It To Witness Whales In Maui’s Waters
 
a presentation for foreigners about how to travel in Germany.
a presentation for foreigners about how to travel in Germany.a presentation for foreigners about how to travel in Germany.
a presentation for foreigners about how to travel in Germany.
 
Inspirational Quotes About Italy and Food
Inspirational Quotes About Italy and FoodInspirational Quotes About Italy and Food
Inspirational Quotes About Italy and Food
 

Putting firepower into the next generation firewall

  • 1. Cisco Public© 2016 Cisco and/or its affiliates. All rights reserved. 1 Putting Firepower into the Next Generation Firewall Intégrer Firepower au pare-feu de prochaine génération Jeff Fanelli Principal Systems Engineer jefanell@cisco.com
  • 2. Cisco Public 2© 2016 Cisco and/or its affiliates. All rights reserved. About your speaker Jeff Fanelli Principal Systems Engineer Cisco Global Security Sales Organization I’m from the U.S. state with the largest FRESH water coastline in the world!
  • 3. Cisco Public 3© 2016 Cisco and/or its affiliates. All rights reserved. MICHIGAN (the “mitten” state..)
  • 4. • Firepower Software Overview • ASA & Firepower NGFW Platforms • Management Options • Integration • Internet Edge Use Case Today’s Agenda
  • 5. Cisco Public 5© 2016 Cisco and/or its affiliates. All rights reserved. Firepower NGFW Software
  • 6. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 Firepower Threat Defense Malware Protection Network Profiling CISCO COLLECTIVE SECURITY INTELLIGENCE URL Filtering Integrated Software - Single Management WWW Identity-Policy Control Identity Based Policy Control Network Profiling Analytics & AutomationApplication Visibility &Control Intrusion Prevention High Availability Network Firewall and Routing
  • 7. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 Firepower Threat Defense ASA (L2-L4) • L2-L4 Stateful Firewall • Scalable CGNAT, ACL, routing • Application inspection Firepower (L7) • Threat-Centric NGIPS • AVC, URL Filtering for NGFW • Advanced Malware Protection Full Feature Set Continuous Feature Migration Firepower Threat Defense Single Converged OS Firewall URL Visibility Threats Firepower Management Center (FMC) ASA with Firepower Services
  • 8. Cisco Public 8© 2016 Cisco and/or its affiliates. All rights reserved. ASA & Firepower Platforms
  • 9. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 Cisco NGFW Platforms NGFW capabilities all managed by Firepower Management Center 250 Mb -> 1.75 Gb (NGFW + IPS Throughput) Firepower Threat Defense for ASA 5500-X 2 Gb -> 8 GB (NGFW + IPS Throughput) Firepower 2100 Series 41xx = 10 Gb -> 24 Gb 93xx = 24 Gb -> 53Gb Firepower 4100 Series and Firepower 9300 Up to 16x with clustering!
  • 10. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 10 Software Support - Virtual Platforms ASA Firepower NGIPS Firepower Threat Defense ASAv (vSphere, AWS, Azure, Hyper-V, KVM) ✓ Firepower NGIPSv (vSphere + ISR UCSE) ✓ Firepower NGFWv (vSphere, AWS, Azure, KVM) ✓
  • 11. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 OpenAppID Next-generation visibility with OpenAppID Application Visibility & Control See and understand risks Enforce granular access control Prioritize traffic and limit rates Create detectors for custom apps Cisco database • 4,000+ apps • 180,000+ Micro- apps Network & users ü û û ü û û ü 1 2 Prioritize traffic
  • 12. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 Web acceptable use controls and threat prevention URL Filtering – Security Intelligence Feeds – DNS Sinkhole capability Classify 280M+ URLs Filter sites using 80+ categories Manage “allow/block” lists easily Block latest malicious URLs Category-based Policy Creation Allow Block Admin Cisco URL Database DNS Sinkhole 01001010100 00100101101 Security feeds URL | IP | DNS NGFW Filtering BlockAllow Safe Search ………… ü û
  • 13. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 Decrypt 3.5 Gbps traffic over five million simultaneous flows Granular SSL Decryption Capabilities SSL TLS handshake certificate inspection and TLS decryption engine Log SSL decryption engine Enforcement decisions Encrypted Traffic AVC http://www.%$&^*#$@#$.com http://www.%$&^*#$@#$.com Inspect deciphered packets Track and log all SSL sessions NGIPS gambling elicit http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com û ü û ü ü ü û ü û û
  • 14. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 Application and Context aware Intrusion Prevention Next-Generation Intrusion Prevention System (NGIPS) Communications App & Device Data 01011101001 010 010001101 010010 10 10 Data packets Prioritize response Blended threats • Network profiling • Phishing attacks • Innocuous payloads • Infrequent callouts 3 1 2 Accept Block Automate policies ISE Scan network traffic Correlate data Detect stealthy threats Respond based on priority
  • 15. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 c File Reputation Malware and ransomware detection and blocking Cisco AMP Threat Grid (Advanced Malware Protection and cloud sandboxing) • Known Signatures • Fuzzy Fingerprinting • Indications of compromise û Block known malware Investigate files safely Detect new threats Respond to alerts File & Device Trajectory AMP for Network Log ü Threat Grid Sandboxing • Advanced Analytics • Dynamic analysis • Threat intelligence ? AMP for Endpoint Log Threat Disposition Enforcement across all endpoints RiskySafeUncertain Sandbox Analysis
  • 16. Cisco Public 16© 2016 Cisco and/or its affiliates. All rights reserved. Management Platform Options
  • 17. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 Firepower Device Manager Enables easy on-box management of common security and policy tasks Enables comprehensive security administration and automation of multiple appliances Firepower Management Center On-box Centralized Management Options ASDM with FirePOWER Services Enables easy on- box migration and management of ASA with Firepower On-box
  • 18. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 • On-box manager for managing a single Firepower Threat Defense device • Targeted for SMB market • Designed for Networking Security Administrator • Simple & Intuitive • On-screen troubleshooting Firepower Device Manager
  • 19. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 Firepower Device Manager Enables easy on-box management of common security and policy tasks Enables comprehensive security administration and automation of multiple appliances Firepower Management Center On-box Centralized Management Options ASDM with FirePOWER Services Enables easy on- box migration and management of ASA with Firepower On-box
  • 21. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 21 Firepower Device Manager Enables easy on-box management of common security and policy tasks Enables comprehensive security administration and automation of multiple appliances Firepower Management Center ASDM with FirePOWER Services Enables easy on- box migration and management of ASA with Firepower On-box Centralized On-box Management Options
  • 22. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 Firepower Device Manager Enables easy on-box management of common security and policy tasks Enables comprehensive security administration and automation of multiple appliances Firepower Management Center On-box Centralized Management Options ASDM with FirePOWER Services Enables easy on- box migration and management of ASA with Firepower On-box
  • 23. Cisco Public 23© 2016 Cisco and/or its affiliates. All rights reserved. Integration Capabilities
  • 24. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 24 ISE remediation in using pxGrid
  • 25. Cisco Public 25© 2016 Cisco and/or its affiliates. All rights reserved. 3rd Party Integration SNMP, Syslog, NetFlow or eStreamer
  • 26.
  • 27.
  • 28.
  • 30. Cisco Public 30© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Threat Intelligence Director
  • 31. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 31 Cisco Threat Intelligence Director (CTID) • Uses customer threat intelligence to identify threats • Automatically blocks supported indicators on Cisco NGFW • Provides a single integration point for all STIX and CSV intelligence sources
  • 32. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 32 Hail a TAXII !! • Free source of TAXII feeds • Website URL: http://hailataxii.com • Multiple feeds • To configure the TAXII intelligence source URL: http://hailataxii.com/taxii-discovery-service USERNAME: guest PASSWORD: guest
  • 33. Cisco Public 33© 2016 Cisco and/or its affiliates. All rights reserved. Deployment Designs Use Case
  • 34. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 34 Use Case Internet Edge Firewall Requirement Connectivity and Availability Requirement: • High Availability ROUTED mode • Firewall should support Router or Transparent Mode Routing Requirements: • Static and BGP Routing • Dynamic NAT/PAT and Static NAT Security Requirements: • Application Control + URL Acceptable Use enforcement • IPS and Malware protection • SSL Decryption Authentication Requirements: • User authentication and device identity Solution Security Application: Firepower Threat Defense application with FMC ISP FW in HA Private Network Service Provider Campus/Priv ate Network DMZ Network Port- Channel Internet Edge
  • 35. Cisco Public 35© 2016 Cisco and/or its affiliates. All rights reserved. Connectivity and Availability
  • 36. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 36 10.1.1.0/24 192.168.1.0/24 192.168.1.1 10.1.1.1 IP:192.168.1.100 GW: 192.168.1.1 NAT DRP Firewall Design: Modes of Operation • Routed Mode is the traditional mode of the firewall. Two or more interfaces that separate L3 domains – Firewall is the Router and Gateway for local hosts. • Transparent Mode is where the firewall acts as a bridge functioning at L2. Transparent mode firewall offers some unique benefits in the DC. Transparent deployment is tightly integrated with our ‘best practice’ data center designs.
  • 37. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 37 Link Redundancy Resiliency with link failures Link and Platform Redundancy Capabilities Firewall Link Aggregation – High Availability - Clustering Inter-chassis Clustering Combine up to 16 9300 blades or 4100 chasses Active / Standby HA LACP Link Redundancy LACP Link Aggregation Control Protocol
  • 38. Cisco Public 38© 2016 Cisco and/or its affiliates. All rights reserved. Routing Requirements
  • 39. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 39 Dynamic NAT for Direct Internet Access Automatic and Manual (complex) NAT Support for FTD including IPv6
  • 40. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 40 Routing Protocol support • OSPF and OSPFv3 (IPv6) • BGP (IPv4 & IPv6) • Static Route Tunneled Route support for VPNs Reverse Route Injection for VPNs • Multicast Routing IGMP PIM • EIGRP via FlexConfig IPv4 and IPv6 advanced routing
  • 41. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 41 4 1 BRK Rate limiting Cloud File Sharing Traffic QOS Policy is a new policy type with separate policy table Upload and download rate limiting per application with identity!
  • 42. Cisco Public 42© 2016 Cisco and/or its affiliates. All rights reserved. Security Requirements
  • 43. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 43 Access Control Policy blocking inappropriate content
  • 44. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 44 Granular SSL Decrypt Can specify by application, certificate fields / status, ciphers, etc. Decrypt Cert required!
  • 45. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 45 Custom IPS Policy
  • 46. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 46 Malware and File Analysis Attached to Access Policy
  • 47. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 47 URL-Based Security Intelligence • Extension of IP-based SI • TALOS dynamic feed, 3rd party feeds and lists • Multiple categories: Malware, Phishing, CnC,… • Multiple Actions: Allow, Monitor, Block, Interactive Block,… • Policy configured via Access Rules or black- list • IoC tags for CnC and Malware URLs • New Dashboard widget for UR SI • Black/White-list URL with one click URL-SI Categories
  • 48. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 48 DNS Inspection • Security Intelligence support for domains • Addresses challenges with fast-flux domains • Cisco provided and user defined DNS lists: CnC, Spam, Malware, Phishing • Multiple Actions: Block, Domain Not Found, Sinkhole, Monitor • Indications of Compromise extended with DNS Security Intelligence DNS List Action
  • 49. Cisco Public 49© 2016 Cisco and/or its affiliates. All rights reserved. Identity Requirements Authentication and Authorization
  • 50. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 50 Access Control Policy Identity Control Can Mix and Match AD & ISE Identity Groups (Guest, BYOD, etc.)
  • 51. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 51 TrustSec Security Group Tag based identity from ISE Can also reference Identity Services Engine identified Device Profiles
  • 52. Cisco Public 52© 2016 Cisco and/or its affiliates. All rights reserved. Branch Firewall Use Cases Site to Site and Remote Access VPN
  • 53. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 53 Headquarters and Branch NGFW Example Use of Groups in FMC for organization • ONE policy sets applied to all branch firewalls
  • 54. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 54 Headquarters and Branch NGFW Example Dynamic Endpoint option for sites with DHCP Outside Interface • VPN can be backup to MPLS or dedicated WAN
  • 55. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 55 Secure Remote Access for Roaming User ISP FP2100 in HA Private Network Campus/Priv ate Network Internet Edge • Secure SSL/IPsec AnyConnect access to corporate network • AMP and File inspection Policy to monitor roaming user data. • Easy RA VPN Wizard to configure AnyConnect Remote Access VPN • Advanced Application level inspection can be enabled to enforce security on inbound Remote Access User data. • Monitoring and Troubleshooting to monitor remote access activity and simplified tool for troubleshooting. Secure access using Firepower
  • 56. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 56 Remote Access VPN • AnyConnect client- based VPN • Use cases: Split or full tunnel Multiple Connection profiles Username / password and or certificate authentication support
  • 57. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 57 Firepower Threat Defense Summary Power Internet Edge and Branch WAN Platform • Powerful Threat Defense Capabilities • Advanced Site to Site VPN and routing protocol support • AnyConnect Remote Access Unified Management Robust NGFW Feature set Flexible Deployment