Cisco Firewall Basics

Size: px

Start display at page:

Download "Cisco Firewall Basics"

Virgil Riley
6 years ago
Views:

2 Cisco Firewall Basics Mark Cairns, Consulting Systems Engineer BRKSEC-1020

Install Spark or go directly to the space 4.

3 Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space Cisco Spark spaces will be available until July 3, cs.co/clus17/#brksec Cisco and/or its affiliates. All rights reserved. Cisco Public

5 Mark Cairns Consulting Systems Engineer, GSSO, supporting US Commercial Based in Richmond, VA and cover accounts in Virginia and Washington DC 19 years experience with Cisco Security Solutions You can reach me at BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 5

6 Session Information Cisco Firewall Basics This is an introductory 1000 level session It is not meant for professionals with deep knowledge of firewalls and Cisco ASA This session is not for you if you want to deep dive into configurations for specific features / functionality References may be made to advanced functionality for context but we will stay at a fairly high level BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 6

7 Follow up Sessions Deeper dives on specific content Session ID Session Description Time BRKSEC-2058 A Deep Dive into using the Firepower Manager Wed 4:00-5:30 BRKSEC-3007 Advanced Cisco IOS Security Tuesday 1:30-3:30 BRKSEC-3300 Advanced IPS Deployment Thursday 8:30-10:00 BRKSEC-3690 Advanced Security Group Tags Monday 1:30-3:30 BRKSEC-2050 ASA Firepower NGFW typical deployment scenarios Monday 1:30-3:30, Tuesday 1:30-3:30 BRKSEC-2033 Best Security and deployment strategies SMB NGFW Tuesday 8:00-10:00 BRKSEC-2342 Branch Router Security Thursday 10:30-12:00 BRKSEC-2055 Cloud-Managed Security for Distributed Networks with Cisco Meraki MX Wednesday 4-5:30 BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 7

8 Follow up Sessions Deeper dives on specific content Session ID Session Description Time BRKSEC-2203 Deploying TrustSec Security Group Tagging Tuesday 4:00-5:30 BRKSEC-3455 Dissecting Firepower NGFW "Installation & Troubleshooting" Tuesday 1:30-3:30 BRKSEC-3035 Firepower Platform Deep Dive Wednesday 1:30-3:30 LTRSEC-1000 Firepower Threat Defense Deployment Hands-on Lab Wed 8:00-12:00, Thursday 8:00-12:00 BRKSEC-3032 NGFW Clustering Deep Dive Tuesday 8:00-10:00 BRKSEC-2020 NGFW Deployment in the Data Center and Network Edge Using Firepower Threat Defense Tuesday 8:00-10:00, Wed 1:30-3:30 BRKSEC-2064 NGFW and ASAv in Public Cloud (AWS and Azure) Thursday 1:00-2:30 BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 8

9 Agenda Introduction Firewalls in General Use Cases - Why Firewall Options - What Introduction to Firepower Advanced Use Case Examples Q&A Feel free to ask questions

10 Firewalls in General

11 Securing/Hardening for What Purpose or Need? Subversion Bots, Viruses, and Worms Spyware and Adware Disruption Denial of service attacks Advanced Persistent Threats (APTs) Penetration Attempt Zero-day Attacks Hacker Attacks Data Loss Data theft and/or interception Identity theft BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 11

12 Firewalls What are they? Primary filtering appliances/vms that work at both the network and application layers Provide a platform for the features/functionality needed for network security VPNs (remote-access and site to site) NGIPS Anti-Malware Protection Next-generation security should not abandon proven stateful inspection capabilities in favor of application and user ID awareness by itself Comprehensive network security solution needs include firewalls, next-generation firewalls (application inspection and filtering) and next generation intrusion prevention systems (context aware) The firewall often is the conduit from which other defense components combat the threats that face the network BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 12

13 Filtering on a Tuple? Packet The genesis of firewalls was initially a means to filter traffic based on the five tuple Source IP address the IP address of the initiator of the IP packet Destination IP Address the IP address of the destination of the IP packet Source Port UDP or TCP port used by initiator to establish communications with destination Destination Port UDP or TCP port used by destination to establish communications with source IP Protocol the specific IP protocol used in the communication BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 13

15 Stateful Inspection Most routers and switches can filter based on the five tuple why a firewall then? Stateful firewalls track L3/L4 traffic as it leaves and returns to the network Connections are maintained in the connection table tracking five tuple and additional information such as sequence TCP outside: /80 ( /80) inside: /35478 ( /35478), flags UIO, idle 4m39s, uptime 6m16s, timeout 1h0m, bytes 3002 *Best Practice Limit outbound connections to known services and hosts such as SMTP servers only for port 25. Src IP Dest IP Src Port TCP/80 Dest Port TCP/35478 Packet Packet Src IP Dest IP Src Port TCP/35478 Dest Port TCP/80 BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 15

16 Network Address Translation Network address translation (NAT) is the mapping of IP addresses from a private network to a public network NAT gives network administrators and security administrators: Access to non-publically routable IPv4 space Cost savings because addresses are not cheap Allows for masquerading of internal network addresses IPv4 Address space is exhausted Src IP Dest IP Src Port TCP/35478 Dest Port TCP/80 Packet Src IP Dest IP Src Port TCP/35478 Dest Port TCP/80 BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 16

17 Use Cases

18 Use Case #1 Hospitality, Retail or other similar distributed deployment Remote sites 100+ Direct Internet Access (DIA) at remote sites Company has a Cloud First mandate 4 Network / Security Engineers ( jack of all trades, master of none ) Basic security needs for URL filtering, DNS security, IPS Need VPN connectivity to HQ BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 18

Cloud Networking Group BRKSEC-1020 2017 Cisco and/or

Meraki MX Options Reference Small branch Midsized branch MX64(W) MX65(W) MX84 MX100 ~50 users ~50 users ~200 users ~500 users 802.11ac wireless 802.

Large branch or campus Teleworker MX400 MX600 Z1 ~2,000 users ~10,000 users 1-5 users Modular interface Modular interface Dual-radio wireless FW

20 Meraki MX Options Reference Small branch Midsized branch MX64(W) MX65(W) MX84 MX100 ~50 users ~50 users ~200 users ~500 users ac wireless ac wireless & PoE+ Dedicated WAN uplinks Gigabit uplinks FW throughput: 250 Mbps FW throughput: 250 Mbps FW throughput: 500 Mbps FW throughput: 750 Mbps Large branch or campus Teleworker MX400 MX600 Z1 ~2,000 users ~10,000 users 1-5 users Modular interface Modular interface Dual-radio wireless FW throughput: 1 Gbps FW throughput: 1 Gbps FW throughput: 50 Mbps All devices support 3G/4G BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 20

21 Meraki MX Security Next Generation Firewall Application aware firewalling Intrusion Prevention (IPS) Based on Cisco Snort URL Content Filtering Geo-based security With over 80 categories and over 4 billion categorized URLs Allow or block traffic by country Malware Protection Automatic updates PCI compliance Cisco AMP and Threat Grid Software and security updates delivered from the cloud PCI 3.2 certified cloud management backend BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 21

Meraki Threat and Filtering continued Cisco Umbrella BRKSEC-1020

27 Use Case #2 Regional Services Company 8 sites on MPLS with ISR routers deployed Broadband Internet being added for DMVPN backup/redundancy (IWAN) Simple filter to protect the new Internet link HQ has a proxy for Internet BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 27

29 Internet based WAN Lower cost alternative to MPLS Dictates VPN for routing and privacy Balance complexity with features and functionality Typically no need for inbound access directly from Internet BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 29

This DMZ configuration assumes a second security device to filter traffic or terminate VPN.

31 Zone Based Firewall Support for: ISR, ASR, CSR NAT WAAS VRFs Redundancy VTIs for VPNs Deep Packet Inspection Trusted G0/1.101 G0/1.103 Note: For simple inside to outside configuration, remove all reference to DMZ interface. This DMZ configuration assumes a second security device to filter traffic or terminate VPN. DMZ All Traffic Permit G0/0 Internet TCP/UDP/ICMP Response OK BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 31

32 Configuring ZBF zone security Internet zone security Trusted zone security DMZ Create Zones interface LISP0 zone-member security DMZ! interface GigabitEthernet0/0 description Public Outside zone-member security Internet! interface GigabitEthernet0/1.101 description Inside zone-member security Trusted! interface GigabitEthernet0/1.103 description Public DMZ zone-member security DMZ Assign interfaces to security zones Note: For simple inside to outside configuration, remove all reference to DMZ interface. This DMZ configuration assumes a second security device to filter traffic or terminate VPN. BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 32

33 Configuring ZBF class-map type inspect match-any All_Protocols description - Match all outgoing protocols match protocol tcp match protocol udp match protocol icmp Note: For simple inside to outside configuration, remove all reference to DMZ interface. This DMZ configuration assumes a second security device to filter traffic or terminate VPN. Create Inspection Class policy-map type inspect trusted-to-internet class type inspect All_Protocols inspect class class-default drop policy-map type inspect DMZ class class-default pass Create Inspection Policy zone-pair security Trusted->Internet source Trusted destination Internet service-policy type inspect trusted-to-internet zone-pair security Internet->DMZ source Internet destination DMZ service-policy type inspect DMZ zone-pair security DMZ->Internet source DMZ destination Internet service-policy type inspect DMZ Create Zone Pairs and Associate Policy BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 33

Use Case #2 (Variant) Regional Services Company 8 sites on MPLS with ISR routers deployed Broadband Internet being added for DMVPN backup and DIA Simple

34 Use Case #2 (Variant) Regional Services Company 8 sites on MPLS with ISR routers deployed Broadband Internet being added for DMVPN backup and DIA Simple Complete filter to protect the new Internet link Firepower Virtual VMware / KVM BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 34

35 Internet based WAN Lower cost alternative to MPLS Dictates VPN for routing and privacy Balance complexity with features and functionality Typically no need for inbound access directly from Internet Direct Internet Access (DIA) adds security risk BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 35

36 Use Case #3 Data Center upgrade Adding security to new design No L3 hop for security to reduce convergence time N+1 redundancy Multi 10 Gbps throughput BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 36

Firepower 2110, 2120, 2130*, 2140* *10 Gig Interfaces BRKSEC-1020

37 Data Center A/S or Clustering for Performance and Scale Firepower 9300 with SM-24, SM-36 or SM-44 Firepower 4110, 4120, 4140 or 4150 Firepower 2110, 2120, 2130*, 2140* *10 Gig Interfaces BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 37

38 Data Center Specifications Reference *Note 2100 models do not support clustering. Only 2130 and 2140 support 10 Gbps interfaces and optional network module. BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 38

Firepower 2100 Series FPR 2140 12x 1G 12x 10G Port Firepower 2100 High Performance, Purpose Built Hardware for Cisco NGFW FPR 2130 12x-1G 12x 10G Port Firepower 2100 Available in 4 Platforms FPR 2120

39 Firepower 2100 Series FPR x 1G 12x 10G Port Firepower 2100 High Performance, Purpose Built Hardware for Cisco NGFW FPR x-1G 12x 10G Port Firepower 2100 Available in 4 Platforms FPR x 1G Port Firepower 2100 Higher Port Density in 1 Rack Unit FPR x 1G Port Firepower Gbps Support (2130 and 2140) BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 39

Keeps DC design intact Scale to 16 firewalls BRKSEC-1020

40 Data Center Clustering for Performance and Scale Handles asymmetric traffic associated with VPC/VSS N+1 redundancy Keeps DC design intact Scale to 16 firewalls BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 40

Data Center ACI Deployments APIC Agility and Visibility Simplicity Automation Scale and

42 Use Case #4 Cloud expansion / Cloud First AWS and/or Azure Need to replicate security / inspection policy for cloud traffic Your Data Here BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 42

Cisco ASAv and Threat Defense Virtual Cisco ASA 9 Feature Set / Threat Defense 6 Cisco ASAv FTDv ASA 10 vnic interfaces and VLAN tagging Virtualization displaces

includes OSPF, EIGRP, and BGP REST API for programmed configuration and monitoring Cisco TrustSec PEP with SGT-based ACLs Failover Active/Standby HA model FTDv 4 vnic

43 Cisco ASAv and Threat Defense Virtual Cisco ASA 9 Feature Set / Threat Defense 6 Cisco ASAv FTDv ASA 10 vnic interfaces and VLAN tagging Virtualization displaces multiple-context and clustering Parity with all other Cisco ASA platform features SDN (Cisco APIC) and traditional (Cisco ASDM and CSM) management tools Dynamic routing includes OSPF, EIGRP, and BGP REST API for programmed configuration and monitoring Cisco TrustSec PEP with SGT-based ACLs Failover Active/Standby HA model FTDv 4 vnic default 8 GB RAM, 4 vcpu VMware, KVM, Hyper V (ASA only), AWS, Azure (features can differ for cloud) BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 43

44 Cisco ASAv Platforms Cisco ASAv5 100 Mbps Cisco ASAv10 1 Gbps Cisco ASAv30 2 Gbps * Lab Edition license is built in with 100-Kbps throughput and 100 total connections allowed BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 44

45 Cisco ASAv Platforms Cisco ASAv50 10 Gbps Introduced with ASA release 9.8(1) Supported on KVM or ESXi Uses IXGBE-VF vnic Does not support Transparent mode (promiscuous restriction on IXGBE-VF) Not supported in Amazon Web Services, Microsoft Azure or Hyper-V BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 45

48 Use Case #5 Typical Internet Edge designs Outbound Internet (Web, , FTP, etc) Inbound traffic to DMZ and/or ecommerce VPN for Remote Access, L2L, business partners BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 48

49 Edge With DMZ Similar to a basic edge design with the addition of inbound traffic Traffic inbound from the DMZ to the trusted network may or may not pass the firewall. BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 49

Edge With DMZ - VPN Multiple path options for VPN with trusted and untrusted packets. VPN Concentrator may be connected outside the firewall Trusted traffic path usually depends on source.

50 Edge With DMZ - VPN Multiple path options for VPN with trusted and untrusted packets. VPN Concentrator may be connected outside the firewall Trusted traffic path usually depends on source. Employee or Vendor, B2B, etc. *Best Practices Remember that controlling access from a VPN to an internal resource is not a dead end! Jump box scenario. Hide your firewall with private IP space on the outside. BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 50

51 Tiered DMZs Typically seen in multi-tiered hosting for e-commerce Forces all traffic between tiers to pass firewall rules Can help mitigate risk and contain exploits and/or breaches within a DMZ BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 51

52 Bridge across your DMZs Sometimes referred to as clean and dirty DMZs VPN, Video, etc. Avoids hair-pinning *Best Practice Use destination NAT with a block of unused private IPs for outbound L2L VPN instead of routing individual remote IPs. BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 52

53 Split Firewalls Layer 3 hop between firewalls Avoids hair-pinning within a firewall Simplifies policy May still have an optional trusted connection BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 53

54 Quick Hardware Snapshot

55 Portfolio ASA 5506-X ASA 5508-X FPR 2110 FPR 2120 FPR 2130 FPR 2140 FPR 4110 FPR 4120 FPR 4140 FPR 4150 FPR SM-24 FPR SM-36 FPR SM-44 ASA 5516-X ASA 5585-X SSP60 EOS Aug 2017 ASA 5505 EOS Aug 2017 ASA 5515-X ASA 5512-X ASA 5555-X ASA 5545-X ASA 5525-X ASA 5585-X SSP40 ASA 5585-X SSP20 ASA 5585-X SSP10 SMB/SOHO Branch Internet Edge Data Center Service Provider BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 55

56 Latest Additions to the 5500 Portfolio 5506X with Firepower Services Reference Max 250 Mbps AVC throughput Max 125 Mbps AVC and NGIPS 90 Mbps AVC or IPS with 440 byte HTTP ASDM 7.3.x or CSM and Firepower Management Center Available in hardened and wireless configurations BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 56

Latest Additions to the 5500 Portfolio 5508X with FirePOWER Services Reference Max 450 Mbps AVC throughput Max 250 Mbps AVC and NGIPS 180 Mbps AVC or IPS

57 Latest Additions to the 5500 Portfolio 5508X with FirePOWER Services Reference Max 450 Mbps AVC throughput Max 250 Mbps AVC and NGIPS 180 Mbps AVC or IPS with 440 byte HTTP ASDM 7.3.x or CSM, Firepower Management Center, On-box, CDO BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 57

Latest Additions to the 5500 Portfolio 5516X with FirePOWER Services Reference Max 850 Mbps AVC throughput Max 425 Mbps AVC and NGIPS 300 Mbps AVC or IPS

58 Latest Additions to the 5500 Portfolio 5516X with FirePOWER Services Reference Max 850 Mbps AVC throughput Max 425 Mbps AVC and NGIPS 300 Mbps AVC or IPS with 440 byte HTTP ASDM 7.3.x or CSM, Firepower Management Center, On-box, CDO BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 58

59 Over, Through or Around The Wall

Things Change BRKSEC-1020 2017 Cisco and/or its

Enable dynamic controls to automatically adapt Protect against advanced threats across the entire

63 The Threat-Centric Firewall Proven Cisco ASA firewalling Industry leading NGIPS and AMP Cisco ASA with FirePOWER Services Integrating defense layers helps organizations get the best visibility Enable dynamic controls to automatically adapt Protect against advanced threats across the entire attack continuum BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 63

Indications of Compromise (IoCs) IPS Events Malware Backdoors Exploit Kits Web App Attacks CnC Connections Admin Privilege Escalations SI Events Connections to Known CnC IPs

64 Indications of Compromise (IoCs) IPS Events Malware Backdoors Exploit Kits Web App Attacks CnC Connections Admin Privilege Escalations SI Events Connections to Known CnC IPs Malware Events Malware Detections Office/PDF/Java Compromises Malware Executions Dropper Infections BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 64

Application Visibility and Control BRKSEC-1020 2017 Cisco

IPS with Snort BRKSEC-1020 2017 Cisco and/or its

Impact Assessment Impact Flag Administrator Action Why 1 2 3 4 0 Act immediately, vulnerable Investigate, potentially vulnerable Good to know, currently not vulnerable Good to know, unknown target

68 Impact Assessment Impact Flag Administrator Action Why Act immediately, vulnerable Investigate, potentially vulnerable Good to know, currently not vulnerable Good to know, unknown target Good to know, unknown network Event corresponds to vulnerability mapped to host Relevant port open or protocol in use, but no vuln mapped Relevant port not open or protocol not in use Monitored network, but unknown host Unmonitored network BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 68

72 Firepower NGFW

73 Introducing Cisco Firepower NGFW Fully Integrated Threat Focused Unified Management FW / applications / IPS Cisco AMP network / endpoint Analysis and remediation Cisco security solutions Application-aware DDoS Networkwide visibility Industry-best threat protection Known and unknown threats Track / contain / recover Across attack continuum Manage, control, and investigate Automatically prioritize Automatically protect BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 73

74 Firepower 6.x on ASA Upgrade vs Re-Image Choose Firepower Services or Firepower Threat Defense Firepower Software on ASA Platforms Firepower Services 5.4 ASA 9.5.x Upgrade Re-Image Firepower Services 6.0 ASA 9.5.x* vs Firepower Threat Defense Firepower 9300 ASA or TD Firepower 4100 ASA or TD Firepower 2100 TD Only *Firepower Services 6.x compatible ASA Version Required BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 74

75 Firepower 6.x Virtual Upgrade vs Migrate Choose NGIPSv + ASAv or Firepower Threat Defense Firepower NGIPSv 5.4 ASAv Upgrade Migrate Upgrade Firepower NGIPSv 6.0 Firepower Threat Defense Virtual 6.0 ASAv BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 75

FXOS Chassis Operating System BRKSEC-1020 2017 Cisco

FXOS Chassis Operating System - Continued BRKSEC-1020 2017

79 Advanced Use Cases

80 SXP ASA Policy Enforcement with MDM WLC ASA 9 3 Policy on ASA by Security Group Web Server AP Security Group Query 8 Leverage security groups to authorize endpoints based on MDM compliance. 4 1 Create Security Groups on ISE 1 Compliant 2 Non-Compliant 6 ISE MDM Compliance check BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 80

81 TrustSec Demo

TrustSec (WLC, ISE, ASA, Firepower) Reference BRKSEC-1020 2017

102 Correlation

103 Custom Security Intelligence Correlate an action(s) with a remediation (in this case, create a custom security intelligence block list) In this example we are looking for blocking events based on geolocation and dropping the source IP into the custom security intelligence list. Monitor the events in Firepower Manager for a match against a rule. The remediation runs a perl script on the Firepower Manager, which leverages the remediation framework to parse event information. BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 103

Custom Security Intelligence BRKSEC-1020 2017 Cisco

115 Reference Material

Security Threats and Notifications http://www.cisco.

Complete Your Online Session Evaluation Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 gift card.

120 Complete Your Online Session Evaluation Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 gift card. Complete your session surveys through the Cisco Live mobile app or on Don t forget: Cisco Live sessions will be available for viewing on demand after the event at Cisco and/or its affiliates. All rights reserved. Cisco Public

121 Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Lunch & Learn Meet the Engineer 1:1 meetings Related sessions BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 121

122 Thank you

123

124 Cybersecurity Cisco Education Offerings Course Description Cisco Certification Understanding Cisco Cybersecurity Fundamentals (SFUND) Implementing Cisco Cybersecurity Operations (SECOPS) The SECFND course provides understanding of cybersecurity s basic principles, foundational knowledge, and core skills needed to build a foundation for understanding more advanced cybersecurity material & skills. This course prepares candidates to begin a career within a Security Operations Center (SOC), working with Cybersecurity Analysts at the associate level. CCNA Cyber Ops CCNA Cyber Ops Securing Cisco Networks with Threat Detection and Analysis (SCYBER) Cisco Security Product Training Courses Designed for security analysts who work in a Security Operations Center, the course covers essential areas of security operations competency, including SIEM, Event monitoring, security event/alarm/traffic analysis (detection), and incident response Official deep-dive, hands-on product training on Cisco s latest security products, including NGFW, ASA, NGIPS, AMP, Identity Services Engine, and Web Security Appliances, and more. For more details, please visit: or Questions? Visit the Learning@Cisco Booth Cisco Cybersecurity Specialist BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 124

125 Cybersecurity Cisco Education Offerings Course Description Cisco Certification New! CCIE Security 5.0 Implementing Cisco Edge Network Security Solutions (SENSS) Implementing Cisco Threat Control Solutions (SITCS) v1.5 Implementing Cisco Secure Access Solutions (SISAS) Implementing Cisco Secure Mobility Solutions (SIMOS) Implementing Cisco Network Security (IINS 3.0) Configure Cisco perimeter edge security solutions utilizing Cisco Switches, Cisco Routers, and Cisco Adaptive Security Appliance (ASA) Firewalls Implement Cisco s Next Generation Firewall (NGFW), FirePOWER NGIPS (Next Generation IPS), Cisco AMP (Advanced Malware Protection), as well as Web Security, Security and Cloud Web Security Deploy Cisco s Identity Services Engine and 802.1X secure network access Protect data traversing a public or shared infrastructure such as the Internet by implementing and maintaining Cisco VPN solutions Focuses on the design, implementation, and monitoring of a comprehensive security policy, using Cisco IOS security features CCIE Security CCNP Security CCNA Security For more details, please visit: or Questions? Visit the Learning@Cisco Booth BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 125

Cisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer

Cisco Next Generation Firewall and IPS Dragan Novakovic Security Consulting Systems Engineer Cisco ASA with Firepower services Cisco TALOS - Collective Security Intelligence Enabled Clustering & High Availability