Cisco, Sourcefire and Lancope - Better Together

4. Attack Continuum BEFORE AFTER Control Enforce Harden Network DURING Detect Block Defend Scope Contain Remediate Endpoint Mobile Point in time © 2013 Cisco and/or its affiliates. All rights reserved. Virtual Cloud Continuous Cisco Confidential 4

5. Attack Continuum BEFORE DURING AFTER Control Enforce Harden Detect Block Defend Scope Contain Remediate Firewall Patch Mgmt IPS IDS AMD App Control Vuln Mgmt Anti-Virus FPC Log Mgmt VPN IAM/NAC Email/Web Forensics SIEM Visibility and Context © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

6. Attack Continuum BEFORE DURING AFTER Control Enforce Harden Detect Block Defend Scope Contain Remediate Firewall VPN NGFW UTM NAC + Identity Services NGIPS Advanced Malware Protection Web Security Email Security Lancope StealthWatch System Visibility and Context © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6

7. Attack Continuum • BREADTH BEFORE • Monitor and profile network Control traffic and application data for up Enforce Harden to 25M+ hosts • Monitor policy • Provide intelligence to improve defenses • Identify precursors to an attack (example: reconnaissance) • DEPTH • Host map and risk profile up to 300K hosts • Identify application and services (over 2000) • Identify Operating Systems • Leverage network awareness as a component of NGIPS • help tune policy Visibility and Context © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

8. Attack Continuum • NETWORK FOCUS DURING • Leverages Cisco infrastructure Detect for detection Block Defend • Detection using behavioral profiles & statistical modeling • Detect attacks that do not violate policy (low and slow attacks, data loss) • Detect ongoing attacks (DDoS) • HOST/APPLICATION FOCUS • Network probes and host agents • DPI & rules engine (Snort) to alert/block vulnerabilities • Detect/block known bad files for specific host platforms • Leverage sandboxing to identify known bad file activity Visibility and Context © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

9. Attack Continuum • Track infection spread through AFTER the network Scope • Create a forensic trail of network Contain Remediate activities • Investigate activities post mortem • Reconstruct attack timeline • Provide file interaction history • Detect and remediate known bad files • Limits the proliferation of known bad files Visibility and Context © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9

10. Feature Sourcefire FireSIGHT Lancope StealthWatch Data Source Enriched metadata generated by dedicated sensors, creates detailed network host map NetFlow/IPFIX from Cisco router, switches and firewalls, StealthWatch FlowSensor, and other flow sources Storage 500M events and 500M flow summaries, usually weeks of data or less Up to 4TB of storage per collector, usually many months or more. Many FlowCollectors attached to a single Management Console Event Rate Up to 10,000 events per second, based on appliance model 120,000+ flows per second per FlowCollector appliance. Scalability Based on Defense Center event database max Horizontal, support queries across multiple FlowCollectors Scalability of data sources Single Defense Center can support over 100 sensors, one database Up to 50,000 sources (routers / switches / firewalls) © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10

11. Sourcefire FireAMP Lancope StealthWatch Detection of threats using file analysis Detection of threats using traffic analysis File analysis is not 100 percent effective but those that Detect malware created to evade file analysis or are detected are quarantined. packet inspection. Remediation is performed leveraging other technologies (firewall, IPS, traffic scrubber, host quarantine, etc) ‘Retrospective’ detection can alert to older malware when new intelligence is added to the cloud User activity recorded and available for both real time and historic analysis of suspect hosts spanning months/years. Client support depends on platform. Network inspection requires a distributed deployment of FirePOWER devices. Monitors all host activity regardless of machine type, recording transactions for analysis. FireAMP shows machines infected chronologically, StealthWatch has extensive history of all network how the file moved and proliferated but does not show communication made by infected hosts to determine flow information, the potential exposure © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

12. Attack Continuum BEFORE DURING AFTER Control Enforce Harden Detect Block Defend Scope Contain Remediate Firewall VPN NGFW UTM NAC + Identity Services NGIPS Advanced Malware Protection Web Security Network Behavior Analysis Email Security Lancope StealthWatch System Visibility and Context © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

13. An Architectural Approach • Pervasive visibility across the attack continuum • Focus on threats in addition to policy • Provide holistic view into all host-to-host communication • Reduce complexity, increase capabilities • A platform strategy addressing a broad range of attack vectors – everywhere the threat manifests • Enabled by world-class research & open source © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13

14. Thank you.

Cisco, Sourcefire and Lancope - Better Together

Estás leyendo una previsualización.

Eche un vistazo a continuación

Cisco, Sourcefire and Lancope - Better Together

Más Contenido Relacionado

Presentaciones para usted (20)

A los espectadores también les gustó (17)

Similares a Cisco, Sourcefire and Lancope - Better Together (20)

Más de Lancope, Inc. (20)

Más reciente (20)