8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security

1. Next Generation Security Fuat KILIÇ Consulting Systems Engineer - Security Ali Fuat TÜRKAY Product Sales Specialist - Security

3. Cisco and/or its affiliates. All rights reserved. Cisco Public All were smart. All had security. All were seriously compromised. Today’s Real World: Threats are evolving and evading traditional defense

4. Cisco and/or its affiliates. All rights reserved. Cisco Public What would you do if you knew you would be compromised?! BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Network Endpoint Mobile Virtual Email & Web ContinuousPoint-in-time Attack Continuum Cloud

5. Cisco and/or its affiliates. All rights reserved. Cisco Public The Silver Bullet Does Not Exist… “Captive Portal” “It matches the pattern” “No false positives, no false negatives.” Application Control FW/VPN IDS / IPS UTM NAC AV PKI “Block or Allow” “Fix the Firewall” “No key, no access” Sandboxing “Detect the Unknown”

6. Cisco and/or its affiliates. All rights reserved. Cisco Public Customer Value Proposition Cisco Security Solutions Unmatched Visibility Advanced Threat Protection Consistent Control Flexibility & Choice

7. Cisco’s Strategy Integrated Platform for Defense, Discovery and Remediation Firewall Content Gateways Integrated Platform Virtual Cloud Device Data Center Network Access Control Firewall Content Aware Applications Context Aware Identity, Data, Location Threat Aware Malware, APT

8. Cisco and/or its affiliates. All rights reserved. Cisco Public Gartner Defines Next-Generation IPS 8 NGIPS Definition •  Standard First-Gen IPS •  Context Awareness •  Application Awareness and full-stack visibility •  Content Awareness •  Adaptive Engine Download at Sourcefire.com *Source: “Defining Next-Generation Network Intrusion Prevention” Gartner, October 7, 2011

9. Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public FirePOWER Platform http:// http://WWW WWW WWW WWW FireSIGHT Management Center FireSIGHT Management Center •  Context Awareness •  Operating System Identification •  Fingerprint Applications (Web, Protocol & Client Versions) •  Service Enumeration (HTTP, SMPT, RDP…etc) •  Users Awareness •  24x7 Monitoring (Passive & Inline) •  Identify Assets Potential Vulnerabilities (Weakness) •  Leveraging Visibility/vulnerabilities to “Adapt” •  Access Control Rules Enforcement •  Alerting, Correlation & Packets Capture FirePOWER Platform/Services •  Inspect, Detect, Drop, Allow…etc •  IPS, Application Control, Malware Inspection & URL Rating •  Inline, Passive & Hybrid Context Awareness in Intrusion Events

11. Cisco and/or its affiliates. All rights reserved. Cisco Public Building Host Profile OS & version Identified Server applications and version Client Applications Who is at the host Client Version Application What other systems / IPs did user have, when? §  Converting Data into Information

12. Cisco and/or its affiliates. All rights reserved. Cisco Public FireSIGHT Impact Assessment Correlates all intrusion events to an impact of the attack against the target Impact Flag Administrator Action Why 1 Act immediately, vulnerable Event corresponds to vulnerability mapped to host 2 Investigate, potentially vulnerable Relevant port open or protocol in use, but no vuln mapped 3 Good to know, currently not vulnerable Relevant port not open or protocol not in use 4 Good to know, unknown target Monitored network, but unknown host 0 Good to know, unknown network Unmonitored network

13. Cisco and/or its affiliates. All rights reserved. Cisco Public Indications of Compromise (IoCs) IPS Events Malware Backdoors Exploit Kits Web App Attacks CnC Connections Admin Privilege Escalations SI Events Connections to Known CnC IPs Malware Events Malware Detections Office/PDF/Java Compromises Malware Executions Dropper Infections

14. Cisco and/or its affiliates. All rights reserved. Cisco Public Gartner Leadership Sourcefire has been a leader in the Gartner Magic Quadrant for IPS since 2006. As of December 2013 Source: Gartner (December 2013) Radware StoneSoft (McAfee) IBM Cisco HP McAfee Sourcefire (Cisco) HuaweiEnterasys Networks (Extreme Networks) NSFOCUS Information Technology challengers abilityto execute leaders visionariesniche players vision

17. Cisco and/or its affiliates. All rights reserved. Cisco Public ASA with FirePOWER Services Available Now!! Industry’s First Threat-Focused NGFW #1 Cisco Security announcement of the year! •  Integrating defense layers helps organizations get the best visibility •  Enable dynamic controls to automatically adapt •  Protect against advanced threats across the entire attack continuum Proven Cisco ASA firewalling Industry leading NGIPS and AMP Cisco ASA with FirePOWER Services

18. Cisco Confidential 18© 2013-2014 Cisco and/or its affiliates. All rights reserved. NSS Labs – Next-Generation Firewall Security Value Map Source: NSS Labs 2014 The NGFW Security Value Map shows the placement of Cisco ASA with FirePOWER Services and the FirePOWER 8350 as compared to other vendors. All three products achieved 99.2 percent in security effectiveness and now all can be confident that they will receive the best protections possible regardless of deployment.

19. Cisco and/or its affiliates. All rights reserved. Cisco Public SecurityEffectiveness TCO per Protected-Mbps The Results CiscoAMP is a Leader in Security Effectiveness and TCO and offers Best Protection Value Cisco Advanced Malware Protection Best Protection Value 99.0% Breach Detection Rating Lowest TCO per Protected-Mbps NSS Labs Security Value Map (SVM) for Breach Detection Systems

20. Fire and ISE

21. Cisco Confidential 21© 2013-2014 Cisco and/or its affiliates. All rights reserved. EPS REST API Threat Detection •  IDS Sig •  Malware •  Traffic •  Application •  And Many More.. Automagical, Dynamic, Squirrely Threat/Malware/Attack Response/Defense Quarantine Action •  VLAN Assignment •  dACLs •  SGT •  QoS TAG ISE

23. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 © 2014 Lancope, Inc. All rights reserved. Flow – The Network Phone Bill Flow CacheDestination IP Origin IP Destination Port Origin Port L3 Protocol DSCP Flow Info Packet Bytes/Packet Origin IP , Port, Proto... 11000 1528 … … … … … … Monthly Statement Bill At-A-Glance Flow Record Telephone Bill

25. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 Internet Atlant a San Jose New York NetFlo w Remote Sites NetFlo w NetFlow WAN NetFlow Firewall Datacenter NetFlow NetFlow NetFlow DMZ NetFlo w NetFlo w User Network 3G Internet NetFlo w NetFlo w NetFlo w NetFlow

27. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 •  Cisco Bulut ve mobilite gibi günlük hayatımızı oldukça değiştiren trendlern ışığında, gereken güvenlik uzmanlığı ve eğitimi alanında aşağıdaki yenilikleri, uzmanların, mühendislerin ve operasyon ekiplerinin eğitimi için yayınlamıştır: • Yenilenen CCNP Güvenlik sertifikasyon programı • Yeni Cisco Sibergüvenlik Uzmanlığı • Daha önceki Cisco Güvenlik Uzmanlığı sertifikasyonunun sonlanması • Yeni ve güncellenmiş ürün eğitimleri •  Yeniden dizayn edilen CCNP Security sertifikasyonu, bugün çok daha geniş bir bkış açısıyla, uçtan uça mimari kurmaları gereken güvenlik uzmanlarını hedeflemektedir: •  300-206 Implementing Cisco Edge Network Security Solutions (SENSS) •  300-207 Implementing Cisco Threat Control Solutions (SITCS) •  300-208 Implementing Cisco Secure Access Solutions (SISAS) •  300-209 Implementing Cisco Secure Mobility Solutions (SIMOS)

8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security

Estás leyendo una previsualización.

Eche un vistazo a continuación

8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security

Más Contenido Relacionado

Presentaciones para usted (20)

A los espectadores también les gustó (20)

Similares a 8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security (20)

Más de BGA Cyber Security (20)

Más reciente (20)