Firepower Techupdate April Jesper Rathsach, Consulting Systems Engineer Cisco Security North April 2017

Transcription

1 Firepower Techupdate April 2017 Jesper Rathsach, Consulting Systems Engineer Cisco Security North April 2017

2 Firepower Nr. 1 most important!!

3 Firepower BUGFIXES!!!!! Alle kendte severity 1 og 2 bugs pr. 30th of March løst til release

4 Firepower Remote Access VPN Jesper Rathsach, Consulting Systems Engineer Cisco Security North April 2017

5 Secure Remote Access for Mobile User Secure access using FP2100 Secure SSL/IPSec AnyConnect access to corporate network AMP / File inspection Policy to monitor roaming user data. Easy RA VPN Wizard to configure AnyConnect Remote Access VPN Advanced Application level inspection can be enabled to enforce security on inbound Remote Access User data. Monitoring and Troubleshooting to monitor remote access activity and simplified tool for troubleshooting. FP2100 in HA ISP Internet Edge Campus/Priv ate Network Private Network

6 Threat Intelligence Director Making Threat Intelligence Actionable Jesper Rathsach, Consulting Systems Engineer Cisco Security North April 2017

7 CTI Is Everywhere Do you have a dedicated person or team focusing on CTI? 7% Unknown 4% Where do customers get their intelligence? Not using and no plans Not using CTI currently but plans to Using CTI 3% 7% 8% 25% 64% 82% 1. Community or industry groups such as ISACs and CERT 2. Internal sources 3. Intelligence feeds from security vendors 4. Open-source or public CTI feeds 5. Intelligence feeds from CTI vendors 6. Other formal and informal groups 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Source: SANS Survey 2015 & 2017 Cyber Threat Intelligence Uses Open-source blacklists 96% domain and 82% of IP observables unique to one lists Source: CERT-PL

8 Main Issues With CTI Over 20 vendors and organizations distribute Industry Organizat ions Intelligence Sources Threat Intelligence Platforms

9 Cisco Threat Intelligence Director (CTID) Cisco Threat Intelligence Director FMC NGFW / NGIPS Block Monitor ESA / WSA / AMP Step 1 Ingest third-party Cyber Threat Intelligence (CTI) Step 2 Publish observables to sensors Step 3 Detect and alert on incidents

10 Cisco Threat Intelligence Director (CTID) Cisco Threat Intelligence Director FMC NGFW / NGIPS Block Monitor ESA / WSA / AMP

11 Requirements and Availability Requires: FMC, if used on virtualized image a minimum 16 GB of memory SHA256 detection requires a Malware License The FMC and all sensors need to be upgraded to Firepower Availability: H1 CY 2017 with the release of Firepower Performance Impact: No impact on sensors Some impact on the FMC

12 Introducing the New Firepower 2100 series

13 Business resiliency through superior threat defense introducing the Firepower 2100 NGFW Superior threat defense Industry best protection and rapid breach detection Sustained performance Threat inspection with minimal throughput impact Simpler management Easier management, lower operating costs

14 Choose from four powerful new appliances with industry-best price-performance Models 2110 & 2120 Low-cost, high performance 1 RU NGFW, Fixed 16-port 1GbE connectivity Models 2130 & 2140 High performance 1 RU NGFW Network modularity, up to 24-port 1GbE and up to 12 10GbE connectivity Up to 8.5 Gbps FW+AVC+IPS throughput

15 Get leading security effectiveness Superior threat defense Firepower 2100 series NGFWs deliver: Advanced threat detection Exclusive integration of Firepower NGIPS and AMP Ranked #1 in breach detection by NSS Labs in 2016 Superior time to detection of advanced threats Optimized architecture Unique dual multi-core CPUs sustains threat inspection performance as services are added Future-proofs your investment Superior priceperformance Less than 50% of the cost per-protected Mbps vs. competitors 200% greater throughput vs. competitors when IPS is enabled

16 Enable threat defense without compromising throughput Dual Multi-Core CPU architecture enables: Sustained throughput performance when threat functions are enabled vs. competing designs Sustained performance Layer 7 & advanced threat engine Multi-core CPU x86 Flexibility and future-proofing vs. ASICbased designs that degrade as new defenses and functions are added Prefix filtering with fast path verifies flows that do not require threat inspection, further enhancing performance Layer 2-3 & SSL acceleration Internal switch I/O Multi-core CPU NPU Fast path for designated flows.

17 Improve IT efficiency with streamlined management Simpler management Firepower 2100 series NGFWs deliver: Scalable design Easy setup Faster time-to-value 50% increased management capacity (FMC) Expanded file storage Network modularity Quick setup wizard (FDM) Low-touch provisioning Templates for multi-site provisioning Cloud-based policy delivery (CDO) Automated executive summary Demonstrate value more easily

18 Significantly enhance performance with a Firepower 2100 NGFW Model Form Factor I/O Power Throughput FW+AVC (1024b) Throughput FW+AVC+IPS (1024b) Firepower RU 12 RJ-45; 4 x SFP 1x Fixed AC 1.9 Gbps 1.9 Gbps ASA 5525-X 1RU 8 RJ-45; 6 x SFP 1x AC or DC 1.1 Gbps 650 Mbps Firepower RU 12 RJ-45; 4 x SFP 1x Fixed AC 3 Gbps 3 Gbps ASA 5545-X 1RU 8 RJ-45; 6 x SFP 1x or 2xAC/1x or 2x DC 1.5 Gbps 1 Gbps Firepower RU 12 RJ-45; 4 x SFP+; 1x NM - 8x10G SFP+ 1x or 2xAC/1x or 2x DC 4.75 Gbps 4.75 Gbps ASA 5555-X 1RU 8 RJ-45; 6 x SFP 1x or 2xAC/1x or 2x DC 1.75 Gbps 1.25 Gbps Firepower RU RJ-45; 4 x SFP+; 1 x NM - 8x10G SFP+ 2x AC/2x DC 8.5 Gbps 8.5 Gbps ASA 5585-X SSP 10 2 RU 16 RJ-45, 4 x 10 SFP+ (2 modules) 2x AC/2x DC 4.5 Gbps 2.5 Gbps ~2X to 4X Firewall Performance Boost; up to 10G Connectivity 2X Performance 4X Performance

19 Firepower 2100 Series Models Description FPR 2110 FPR 2120 FPR 2130 FPR 2140 Chassis & I/O 1RU 12 Fixed RJ-45 (1G) 4 x SFP (1G) 1RU 12 Fixed RJ-45 (1G) 4 x SFP (1G) 1RU 12 Fixed RJ-45 (1G) 4 x SFP+ (10G) 1 x NM Slot 1RU, 12 Fixed RJ-45 (1G) 4 x SFP+ (10G) 1 x NM Slot CPU x86 4-Core 6-Core 8-Core 16-Core CPU DDR4 DRAM 16GB 16GB 32GB 64GB NPU Octeon 6-Core 8-Core 12-Core 16-Core NPU DDR4 DRAM 8 GB 8 GB 16 GB 16 GB SSD PSU Default/Options 1 x 100GB Default 2 nd Optional SSD for MSP 800GB 1x 250W Fixed AC PSU 1x 250W Fixed AC PSU 1 x 200GB Default 2 nd Optional SSD for MSP 800GB 1x 400W AC default 2x AC, 1x or 2x DC options 2x 400W AC default 2x 350W DC options

20 Firepower 2100 Series Performance FPR 2110 FPR 2120 FPR 2130 FPR 2140 Throughput FW + AVC 1.9 Gbps 3 Gbps 4.75 Gbps 8.5 Gbps Throughput FW + AVC + NGIPS 1.9 Gbps 3 Gbps 4.75 Gbps 8.5 Gbps Maximum concurrent sessions, with AVC 1 M 1.2 M 2 M 3.5 M Maximum new connections per second, with AVC Note: Early Performance Numbers

21 Firepower 2100, 4100, 9300 Snapshot Features FPR 2100 FPR 4100 FPR 9300 Throughput range Firewall + AVC Throughput range Firewall + AVC+IPS 2 to 8 Gbps 12 to 30 Gbps 30 to 54 Gbps 2 to 8 Gbps 10 to 24 Gbps 24 to 53 Gbps Interface Speed 1/10 Gbps 1/10/40 Gbps 1/10/ 40/100 Gbps Rack Unit size 1 RU 1 RU 3 RU Clustering Roadmap Yes (6.2) Yes (6.2)

22 Migration

23 Migration Capabilities Today & Roadmap Firepower 6.1/6.2 ACLs Ability to migrate Access Control Rules NAT Ability to migrate NAT rules Objects Support for migrating objects corresponding to ACL, NAT rules Except Users, Time Range, FQDN, SGT ASA Versions Support for ASA 9.1+ versions Firepower 6.x- Roadmap Additional Object Support Ability to migrate additional types of objects for access rules- Users, Time Range, FQDN, SGT User Experience Improved usability Tool, report improvements Device Configurations Routing, VPN, Platform Settings etc. ASA Versions Support for ASA 8.4+ versions

24 Migration at a Glance Run as root: enablemigrationtool.pl FMCv (deployed as Migration Tool) FMC.sfo file Import as ACL or Pre-filter policies Import Tool FMC (managing FTD Devices) ASA version 9.1.x or higher Single Context Mode Transparent or Routed ASA.cfg Active Unit (in HA pair) or.txt file Migration Report Register Apply Migrated Configs ASA Manual Reimage FTD

25 Migration of Installed Base (ASA customers) New OS (ASA -> FTD) Old configuration needs to be converted There is a migration tool! New dcloud lab on migration!

26 Tak for opmærksomheden Q&A