En la medida que más empresas mueven sus modelos de negocio hacia la movilidad, la nube e Internet de las cosas, sus soluciones de seguridad deben ser más dinámicas y escalables. Sin embargo, hasta la fecha, la mayoría de las soluciones de seguridad no han seguido el ritmo de cambio y no han podido adaptarse a las nuevas amenazas y ataques. Hoy, las soluciones de seguridad están basadas en un modelo binario de “bien vs mal”, el cual carece de la visibilidad necesaria para entender el contexto. El 16 de septiembre, Cisco dio a conocer su más reciente paso en esta dirección.

1. © 2014 Cisco and/or its affiliates. All rights reserved.
1
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
1
Industry’s First Threat-Focused NGFW
Héctor Casas
Consultor de Seguridad de Cisco para Argentina, Chile, Paraguay y Uruguay
16 de septiembre
Cisco ASA with FirePOWER Services

2. © 2014 Cisco and/or its affiliates. All rights reserved.
2
Introducing: Cisco ASA with FirePOWER Services Industry’s First Threat-Focused Next-Generation Firewall
►Cisco® ASA firewalling combined with Sourcefire® Next-Generation IPS
►Advanced Malware Protection (AMP)
►Best-in-class security intelligence, application visibility and control (AVC), and URL filtering
Features
►Superior, multilayered threat protection
►Unprecedented network visibility
►Integrated threat defense across the entire attack continuum
►Reduced cost and complexity
Benefits

3. © 2014 Cisco and/or its affiliates. All rights reserved.
3
100 0111100 011 1010011101 1000111010011101 10001110 10011 101 010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
01000 01000111 0100 11101 1000111010011101 1000111010011101 1100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 The Problem with Legacy Next-Generation Firewalls
Focus on the Apps
But totally miss the threat…
Legacy NGFW can reduce attack surface area but advanced malware often evades security controls.
0100 1110101001 1101 111 0011 0
0111100 011 1010011101 1
0100 111001 1001 11 111 0

4. © 2014 Cisco and/or its affiliates. All rights reserved.
4
Threat Landscape Demands more than Application Control
100% of companies connect to domains that host malicious files or services
54%
of breaches
remain undiscovered
for months
60%
of data is stolen in hours
avoids detection and attacks swiftly
It is a Community that hides in plain sight

5. © 2014 Cisco and/or its affiliates. All rights reserved.
5
Legacy NGFWs Lack Complete Visibility and Control
Without Proper Visibility Threat Protection Cannot Be Operationalized

6. © 2014 Cisco and/or its affiliates. All rights reserved.
6
Integrated Threat Defense Across the Attack Continuum
ATTACK CONTINUUM
Point-in-Time
Continuous
Discover
Enforce
Harden
Detect
Block
Defend
Scope
Contain Remediate
Network
Endpoint
Mobile
Virtual
Cloud

7. © 2014 Cisco and/or its affiliates. All rights reserved.
7
Industry’s First Threat-Focused Next-Generation Firewall Cisco ASA with FirePOWER Services
►Cisco® ASA firewalling combined with Sourcefire® Next-Generation IPS
►Advanced Malware Protection (AMP)
►Best-in-class security intelligence, application visibility and control (AVC), and URL filtering
Features
►Superior, multilayered threat protection
►Unprecedented network visibility
►Integrated threat defense across the entire attack continuum
►Reduced cost and complexity
Benefits
“By integrating defense layers, organizations can enhance visibility, enable dynamic controls, and provide advanced threat protection that address the entire attack continuum – before, during, and after an attack.”

8. © 2014 Cisco and/or its affiliates. All rights reserved.
8
Superior Integrated & Multilayered Protection
►World’s most widely deployed, enterprise-class ASA stateful firewall
►Granular Cisco® Application Visibility and Control (AVC)
►Industry-leading FirePOWER next-generation IPS (NGIPS)
►Reputation- and category-based URL filtering
►Advanced Malware Protection with Retrospective Security
Cisco ASA
Identity-Policy Control & VPN
URL Filtering
(Subscription)
FireSIGHT
Analytics & Automation
Advanced Malware Protection
(Subscription)
Application Visibility & Control
Network Firewall
Routing | Switching
Clustering & High Availability
Cisco Collective Security Intelligence Enabled
Built-in Network Profiling
Intrusion Prevention (Subscription)

9. © 2014 Cisco and/or its affiliates. All rights reserved.
9
Unprecedented Network Visibility
Categories
FirePOWER Services
Legacy IPS
Legacy NGFW
Threats



Users



Web Applications



Application Protocols



File Transfers



Malware



Command & Control Servers



Client Applications



Network Servers



Operating Systems



Routers & Switches



Mobile Devices



Printers



VoIP Phones



Virtual Machines




10. © 2014 Cisco and/or its affiliates. All rights reserved.
10
Impact Assessment
Correlates all intrusion events to an impact of the attack against the target
1
2
3
4
0
IMPACT FLAG
ADMINISTRATOR ACTION
WHY
Act Immediately, Vulnerable
Event corresponds to vulnerability mapped to host
Investigate, Potentially Vulnerable
Relevant port open or protocol in use, but no vuln mapped
Good to Know, Currently Not Vulnerable
Relevant port not open or protocol not in use
Good to Know, Unknown Target
Monitored network, but unknown host
Good to Know, Unknown Network
Unmonitored network

11. © 2014 Cisco and/or its affiliates. All rights reserved.
11
Automated, Integrated Threat Defense
Superior Protection for Entire Attack Continuum
Retrospective Security
Shrink Time between Detection and Cure
PDF
Mail
Admin Request
PDF
Mail
Admin Request
Multi-vector Correlation
Early Warning for Advanced Threats
Host A
Host B
Host C
3 IoCs
Adapt Policy to Risks
WWW
WWW
WWW
Dynamic Security Control
http://
http://
WWW
WEB
Context and Threat Correlation
Priority 1
Priority 2
Priority 3
Impact Assessment
5 IoCs

12. © 2014 Cisco and/or its affiliates. All rights reserved.
12
Indicators of Compromise (IoCs)
IPS Events
Malware Backdoors
CnC Connections
Exploit Kits
Admin Privilege Escalations
Web App Attacks
SI Events
Connections to Known CnC IPs
Malware Events
Malware Detections
Malware Executions
Office/PDF/Java Compromises
Dropper Infections

13. © 2014 Cisco and/or its affiliates. All rights reserved.
13
Cisco ASA with FirePOWER Services vs. Legacy NGFW
Feature
Cisco ASA with FirePOWER Services
Legacy NGFW
Reputation-Based Proactive Protection
Superior
Not Available
Visibility, Context & Intelligent Security Automation
Superior
Not Available
File Reputation, File Trajectory, Retrospective Analysis
Superior
Not Available
IoC’s
Superior
Not Available
NGIPS
Superior
Available1
Application Visibility and Control
Superior
Available
Acceptable Use/URL Filtering
Superior
Available
Remote Access VPN
Superior
Not Enterprise-Grade
Stateful Firewall, HA, Clustering
Superior
Available2
1 – Typically 1st generation IPS, 2 -HA Capabilities vary from NGFW vendor

14. © 2014 Cisco and/or its affiliates. All rights reserved.
14
Complete Security Solutions
Security Services
Security Products

15. © 2014 Cisco and/or its affiliates. All rights reserved.
15
Accelerate Migration to Cisco ASA with FirePOWER Services with Professional and Technical Services
SMARTnet Technical Support
Migration Services
Managed Services
Provide full-time, proactive, systematic threat monitoring and management
Move more quickly to new capabilities and with minimal disruption
Keep security solutions available by providing access to broad Cisco support tools and expertise

16. © 2014 Cisco and/or its affiliates. All rights reserved.
16
Cisco ASA with FirePOWER Services
Industry’s First Threat-Focused NGFW
Superior Visibility
Integrated Threat Defense
▶Best-in-class, multilayered protection in a single device
▶Full contextual awareness to eliminate gaps
Automation
▶Simplified operations and dynamic response and remediation

17. © 2014 Cisco and/or its affiliates. All rights reserved.
17
Thank You