Deploying Intrusion Prevention Systems
|
|
- Imogen Hudson
- 6 years ago
- Views:
Transcription
1
2 Deploying Intrusion Prevention Systems Gary Halleen Consulting Systems Engineer II
3 Agenda Introductions Introduction to IPS Comparing Cisco IPS Solutions IPS Deployment Considerations Migration from IPS 7.x to Sourcefire NGIPS Conclusion 3
4 Goal of this Session 1. Understand Cisco s IDS/IPS Portfolio, including new additions from Sourcefire. 2. Understand options around deploying an IPS solution. 3. Understand options for high availability. 4. Understand strategy around migrating an IPS solution. 4
5 Introduction to IPS
6 What is IPS? 6
7 Intrusion Detection System (IDS) Sensor Alert! Internet No IP Address Host Sensing Interface received copies of network traffic from a SPAN port, hub, tap, or VACL Capture. It does not sit in the flow of traffic. 7
8 Intrusion Prevention System (IPS) Sensor Alert! Internet Block No IP Address Host Sensor sits in the traffic path, and has the capability to drop traffic when desired. Inline Interfaces Do Not Have IP Addresses. IPS Operates at Layer 2, and Can Be Thought of as a Smart Wire 8
9 Integrated IPS or IDS Traffic is passed, via ASA Backplane, to sensor as IDS, IPS, or both. Internet ASA in Routed or Transparent Mode Host 9
10 Cisco IPS Solutions Cisco acquired Sourcefire in October, 2013 Cisco is committed to maintaining and contributing to Sourcefire Open Source Projects. 10
11 Cisco IPS Solutions Cisco IPS 7.x Traditional IPS Solution Supported on IPS 4200, 4300, 4500-series appliances, as well as ASA IPS Modules Cisco anticipates many Cisco IPS 7 customers will want to migrate to Sourcefire in order to take advantage of its Next-Generation features. Cisco Sourcefire IPS Next-Generation IPS, Firewall, and Anti-Malware Solution Supported on Sourcefire 7000 and 8000-series Appliances Supported in VMware ESX 11
12 Next-Generation Security What does Next-Gen mean? Traditional security appliances rely on 5 Tuples of information to determine traffic, source, and destination: (Source Address, Destination Address, Source Port, Destination Port, Protocol) Next-Generation Security Appliances, like Sourcefire FirePower, enhance traditional security by combining it with much more information, such as: User Identity Application Protocol Application Client Application Operating System Geographic Location of Source or Destination URL Category 12
13 Agenda Introductions Introduction to IPS Comparing Cisco IPS Solutions IPS Deployment Considerations Migration from IPS 7.x to Sourcefire NGIPS Conclusion 13
14 Comparing Cisco s IPS Solutions
15 Hardware
16 Performance, Scalability, Adaptivity Cisco IPS 7.x: Dedicated IPS Family IPS 4520-XL IPS 4500-series 10 Gbps IPS to 5 Gbps IPS Gbps 750 Mbps Branch Office Internet Edge Campus Data Center 16
17 Performance, Scalability, Adaptivity Cisco IPS 7.x: Integrated IPS Family ASA5585-X SSP-40 / SSP-60 ASA5585-X SSP-10 / SSP-20 5 to 10 Gbps ASA5545-X IPS ASA5555-X IPS 2 to 3 Gbps ASA5515-X IPS ASA5525-X IPS 900 Mbps to 1.3 Gbps ASA5512-X IPS 250 Mbps 400 to 600 Mbps 17 SOHO Branch Office Internet Edge Campus Data Center
18 Next-Generation Security! Sourcefire: Appliance Family 8100-series 8200 and 8300-series 10 to 60 Gbps 7100-series 2 to 12 Gbps 7000-series 500 Mbps to 2 Gbps 50 to 250 Mbps Branch Office Internet Edge Campus Data Center 18
19 FirePower 8200/8300 Single-pass, high-performance, low-latency Flexible in Software NGIPS, NGFW, AMP All of the above (just size appropriately) Flexible in Hardware Modular for options in Interfaces, including 10GE and 40GE High-Performance: 10Gbps with Gbps with 8350 Cost Effective Best in class for IPS by NSS Labs Best in class for NGFW by NSS Labs Best in class for Breach Detection by NSS Labs 19
20 FirePower 8200/8300 Single-pass, high-performance, low-latency 8200-series Gbps 2x 8250 = Gbps 3x 8250 = Gbps 4x 8250 = Gbps 8300-series Gbps 2x 8350 = Gbps 3x 8350 = Gbps 4x 8350 = Gbps 20
21 Sourcefire: Virtual Appliance (VMware ESX) Virtual Appliance performance is entirely dependent on the CPU resources and RAM that is allocated it in VMware. Performance range is typically between 250 Mbps and 2 Gbps. 21
22 Cisco IPS Platform Features IPS-4200* IPS-4300 IPS GE Interfaces YES YES YES 10GE Interfaces NO NO YES 40GE Interfaces NO NO NO SFP Ports NO NO YES Hardware Bypass NO YES NO Software Bypass YES YES YES Hardware Fast Pass NO NO NO L3 Mode NO NO NO * IPS-4200 series is End of Sale 22
23 Sourcefire IPS Platform Features Virtual GE Interfaces YES YES YES YES 10GE Interfaces NO NO YES YES 40GE Interfaces NO NO NO YES SFP Ports NO YES * YES ** YES ** Hardware Bypass YES YES YES YES Software Bypass YES YES YES YES YES Hardware Fast Pass NO NO YES YES L3 Mode NO YES YES YES YES * 7115, 7125, and 7150 models only ** Fiber-to-SFP Tranceiver 23
24 Management
25 IPS Management Comparison Cisco IPS 7.x Cisco Security Manager (CSM) for Enterprise Management Features and Limitations: Client/Server Windows Application Java Application Supports Out-of-Band Change Detection Manages, Monitors, and Reports for hundreds of Sensors 25
26 IPS Management Comparison Cisco IPS 7.x IPS Manager Express (IME) for Individual or Small Network Management Features and Limitations: Windows Desktop Application Written in Java Functional for Small Deployments, only 26
27 IPS Management Comparison Sourcefire 5.3 Defense Center for All Deployment Sizes Features and Limitations: HTML5 Application FireSIGHT provides network visibility and contextual information estreamer Support for 3 rd Party Integration Available as Hardware Appliance or VM (ESX) Manage up to 150 Sourcefire Sensors Also Manages Next-Gen Firewall Features! 27
28 Sourcefire Defense Center GUI Walkthrough
29 29
30 30
31 31
32 32
33 33
34 34
35 35
36 36
37 37
38 38
39 39
40 40
41 41
42 Software
43 Software Feature Comparison IPS 7.x SF 5.3 Open IPS Signatures or Rules YES YES Passive OS Fingerprinting YES YES User Identity Reporting within Events NO YES Integrated Firewalling Capability NO YES Application Control Limited YES Visibility and Control of Client Applications NO YES Geo-Location Reporting and Policies NO YES 3 rd Party API NO YES URL Filtering Capability NO YES 43
44 Cisco IPS 7.x Risk Rating Risk Rating Alert Severity Target Value Signature Fidelity Attack Relevancy Promiscuous Delta Global Correlation Informational = 25, Low = 50, Medium = 75, High = 100 Low value = 75, Medium = 100 High value = 150, Mission Critical = 200 Given by Cisco per signature If relevant added by 10 If irrelevant reduced by 10 only in promiscuous Between 0 and 30 Depending on the reputation RR (ASR TVR SFR) 10,000 ARR PD GC 44
45 Risk Rating and IPS Policy Risk Rating IPS Policy Action Event Severity Urgency of threat? RR > 90 Deny Packet Inline + Signature Fidelity How Prone to false positive? 35 <RR< 90 Verbose Alert RR < 34 Default Action Attack Relevancy Asset Value of Target Global Correlation Important to attack target? How critical is this destination host? What is the Attacker s Reputation? 45
46 Sourcefire Priority Levels Priority Level: How Dangerous is the Attack? 46
47 Sourcefire Impact Levels Impact Level: Are my hosts VULNERABLE to the attack? 47
48 Sourcefire Impact Levels Impact Level Vulnerable? 0 Unknown 1 Vulnerable 2 3 Potentially Vulnerable Not Vulnerable Definition Neither the Source or Destination Hosts exists on a network monitored by network discovery. Either the Source or Destination is vulnerable to the attack, or a Host is compromised by Malware. Either the Source or Destination is running the Port or Protocol used in the Attack. The Port or Protocol used in the Attack is not running on the Host. 4 Unknown The Host is on a monitored network, but doesn t appear to exist. 48
49 Sourcefire search Levels and Impacts 49
50 Indicators of Compromise
51 Sourcefire IOC Indicators of Compromise: New to SF 5.3 Wouldn t it be nice if your IPS console could tell you if you appeared to have a compromised host? For example: o Has the host connected to an exploit kit? o Has the host been involved in an Impact 1 event? o Has the host downloaded malware? o Did the malware execute? o Has the host connected to a CNC server? 51
52 Sourcefire IOC Configurable Settings 52
53 IOC Dashboard Widget Because IOCs enable a quick way of classifying a host s potentially compromised state, having this data on a dashboard is desirable Host Number of IOCs set against the host Click to expand 53
54 IOC Host Profile View 54
55 Agenda Introductions Introduction to IPS Comparing Cisco IPS Solutions IPS Deployment Considerations Migration from IPS 7.x to Sourcefire NGIPS Conclusion 55
56 IPS Deployment Considerations
57 Connectivity
58 Connectivity How should the Sensor be Connected? Promiscuous Mode IDS Promiscuous interface Inline Mode IPS Inline Interface Pairs Inline VLAN Pairs Integrated IPS/IDS Inline Promiscuous 58
59 Connectivity Promiscuous Interface Only copies of the packets are sent to the sensor Mostly detection, limited protection Optional prevention through external blocking Separate device must send copies of the packets Span (or monitor) from a switch VACL capture from a switch Network Taps Ethernet Switch Promiscuous Interface SPAN Destination Port or VACL Capture 59
60 Connectivity Inline Interface Pairs o o o o o o o Two physical interfaces paired together Multiple Pairs can be configured on same sensor IPS between two access-ports on the same switch or between two different switches Traffic passes through the sensor Pass Good Traffic, and Block Bad Redundancy can be provided with STP or additional sensor. Fail-open can be provided with hardware-bypass interfaces Sensor sits between two physical ports on a switch or two different switches Transparent Interfaces Sensor is Layer 2 Bridge 60
61 Connectivity Inline Routed Interfaces (Sourcefire) o o o o o o Two or more physical or VLAN interfaces defined as routable interfaces Traffic passes through the sensor Pass Good Traffic, and Drop Bad Redundancy can be provided through SFRP to a standby sensor Fail-open can is NOT supported with hardware-bypass interfaces Routed Interfaces are most commonly used in a NGFW deployment Routed Interfaces Sensor is Layer 3 Router 61
62 Connectivity Inline VLAN Pairs (Cisco IPS 7.x) HostB o IPS sits on a trunk between two VLANs on switch, if using Cisco IPS. VLAN20 o Traffic passes through IPS and gets inspected and retagged or dropped. o Supported with ECLB high-availability deployments. o o Redundancy can be provided with STP deployments. Fail open can be provided with a redundant wire. VLAN10 Trunk Sensor rewrites 802.1Q header HostA 62
63 Connectivity Switched Deployment Mode (Sourcefire) HostB o o o o o Virtual Switch is defined within Sensor Two or more Physical Interfaces or VLANs are assigned to the Virtual Switch Traffic passes through IPS and gets inspected Redundancy can be provided with STP deployments. Fail open can be provided with a redundant wire. VLAN20 VLAN10 HostA 63
64 Connectivity Relationship to the Firewall o Dedicated IPS behind the firewall o Dedicated IPS in front of the firewall o Integrated IPS inside the firewall 64
65 Connectivity Dedicated IPS Behind the Firewall + Most organizations place the IPS behind the Firewall. + Firewall blocks all inbound traffic unless addressed to server or response to an earlier request. - IPS s visibility is limited to what the Firewall allows in. + Best of breed functionality. Internet Intranet 65 65
66 Connectivity Dedicated IPS In Front of the Firewall + Provides better visibility into attacks from the internet - Increases Noise - IPS handles more state and may become a bottleneck during DDoS attack Internet Intranet 66
67 Connectivity Integrated IPS inside the Firewall + Placing IPS inside the firewall provides all the benefits of ASA + full IPS functionality + Flexible IPS/IDS Policy selection based on 5-tuple, User-ID, SXP + ASA Provides traffic symmetry, normalization resiliency (failover) and scaling (clustering) to IPS + IPS inspection of traffic from VPN-tunnels terminated on ASA Internet Intranet 67
68 Performance
69 Performance Interface Types and Speeds: o 1GE, 10GE, 40GE? o Fiber or Copper? Connections: o Interface speed is important, but traffic type is more important. o How many CONNECTIONS do you need to support? 69
70 Fixed Interface Models Not All Models are Listed Model Firewall (w/o Inspection) * AMP Appliances are sized with ALL features enabled IPS Connections CPS Size (Rack Units) 3D Mbps 250 Mbps 500,000 5,000 1 IPS Mbps 750,000 30, D Gbps 750 Mbps 1,500,000 27,500 1 IPS Gbps 1,700,000 45, D Gbps 1.25 Gbps 2,500,000 42,500 1 AMP-7150 * 500 Mbps * 500 Mbps * 2,500,000 42,500 1 IPS Gbps 3,800,000 72,000 2 IPS Gbps 8,400, ,000 2 IPS-4520-XL 10 Gbps 16,800, ,
71 Modular Models Not All Models are Listed Model Firewall (w/o Inspection) * AMP Appliances are sized with ALL features enabled IPS Connections CPS Size (Rack Units) 3D Gbps 2 Gbps 3,000,000 45, D8150 * 2 Gbps * 2 Gbps * 3,000,000 45, D Gbps 4 Gbps 4,500,000 70, D Gbps 6 Gbps 7,000, , D Gbps 10 Gbps 12,000, , D Gbps 15 Gbps 12,000, , D Gbps 30 Gbps 24,000, , D Gbps 45 Gbps 36,000, , D Gbps 60 Gbps 48,000, ,
72 Availability
73 Availability What should happen if the IPS fails? Integrated ASA+IPS IDS Appliance IPS Appliance Network Availability ASA/IPS Fail-Open N/A Software Bypass Hardware Bypass STP and redundant cable Security Availability ASA Failover Multiple IDS connected to multiple Monitor Ports STP and redundant sensor Port-channel with 2 or more sensors IPS Clustering (Sourcefire) 73
74 Availability What is Sourcefire s Clustering? Description Interface Pairing Inline Deployment Redundancy Traffic passes through either Sensor. Mid-Session Pickup allows established flows to pass. Spanning-Tree typically places one in Blocking state. VLAN Pairing Switched Deployment Redundancy Spanning-Tree Protocol is used to determine redundancy. Layer 3 Mode Routed Deployment Redundancy SFRP (similar to VRRP) creates an Active/Passive deployment. IDS Mode Passive Deployment Redundancy Same as having multiple standalone IDS appliances, except duplicate events are suppressed. 74
75 Ethernet Switch Availability Sensors with Spanning-Tree Protocol o Sensors between 2 switches or 2 VLANs on the same switch o STP determines FW/Blocking path o SW-bypass configured to off for always inspect requirement o Sensor failure cause STP to place other sensor in forwarding state o UDLD supported for failure-detection Data Flow Ethernet Switch 75
76 Availability ASA Failover Active/Active, Active/Standby, and Clustering ASA synchronizes connection table ASA configuration automatically synched. IPS Configuration Synchronization using CSM Policy-bundle, or through Sourcefire Defense Center. 76
77 Agenda Introductions Introduction to IPS Comparing Cisco IPS Solutions IPS Deployment Considerations Migration from IPS 7.x to Sourcefire NGIPS Conclusion 82
78 Migrating from Cisco IPS 7 to Sourcefire Before the Migration Think about the existing deployment: o Speed and latency needs? o Interface needs? o Have HA needs been considered? o Have you backed up any custom IPS signatures? o Which migration strategy makes sense to your organization? 83
79 Migrating from Cisco IPS 7 to Sourcefire Migration Strategies, based on Risk Assessment 1. Cut over to Inline IPS Mode Replace Cisco IPS 7 with Sourcefire in IPS mode. Monitor closely, and adjust the policy. Most risky option for Legitimate Traffic. 2. Cut over to Inline Audit Mode Replace Cisco IPS 7 with Sourcefire in Audit mode. Monitor traffic and alerts, and then put sensor in IPS mode. Most risky option vs malicious traffic and for compliance. 3. Run Both Temporarily Install Sourcefire in IDS Mode, connected to a SPAN port or other method of capturing network traffic. Sourcefire should be placed on the UNTRUSTED side of the Cisco IPS sensor, while leaving Cisco IPS in place. Monitor the sensor and adjust policy accordingly. When sensor is tuned, complete migration with either Step 1 or 2, above. This is the best option for most organizations. 84
80 Migrating from Cisco IPS 7 to Sourcefire For most organizations 1. Before Migration: Running Cisco IPS 7 2. During Migration: Running both Cisco IPS 7 and Sourcefire 3. After Migration: Running only Sourcefire 85
81 Agenda Introductions Introduction to IPS Comparing Cisco IPS Solutions IPS Deployment Considerations Migration from IPS 7.x to Sourcefire NGIPS Conclusion 86
82 Participate in the My Favorite Speaker Contest Promote Your Favorite Speaker and You Could be a Winner Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress) Send a tweet and include Your favorite speaker s Twitter handle <@GaryHalleen> Two hashtags: #CLUS #MyFavoriteSpeaker You can submit an entry for more than one of your favorite speakers Don t forget to View the official rules at 87
83 Complete Your Online Session Evaluation Give us your feedback and you could win fabulous prizes. Winners announced daily. Complete your session evaluation through the Cisco Live mobile app or visit one of the interactive kiosks located throughout the convention center. Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online 88
84 Continue Your Education Demos in the Cisco Campus Walk-in Self-Paced Labs Table Topics Meet the Engineer 1:1 meetings 89
85
86
Cisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer
Cisco Next Generation Firewall and IPS Dragan Novakovic Security Consulting Systems Engineer Cisco ASA with Firepower services Cisco TALOS - Collective Security Intelligence Enabled Clustering & High Availability
More informationResilient WAN and Security for Distributed Networks with Cisco Meraki MX
Resilient WAN and Security for Distributed Networks with Cisco Meraki MX Daghan Altas, Director of Product Management BRKSEC-2900 Agenda Problem Cisco CNG Live network creation demo (45m) Product Brief
More informationKey Security Measures to Enable Next-Generation Data Center Transformation
Key Security Measures to Enable Next-Generation Data Center Transformation Bill McGee Senior Manager, Security Solutions Cisco Systems, Inc. Agenda Data Center Security Challenges Secure DC Strategies
More informationDesign and Deployment of SourceFire NGIPS and NGFWL
Design and Deployment of SourceFire NGIPS and NGFWL BRKSEC - 2024 Marcel Skjald Consulting Systems Engineer Enterprise / Security Architect Abstract Overview of Session This technical session covers the
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationCisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339
Cisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339 Agenda Introduction to Lab Exercises Platforms and Solutions ASA with
More informationChapter 6: IPS. CCNA Security Workbook
Chapter 6: IPS Technology Brief As the awareness of cyber and network security is increasing day by day, it is very important to understand the core concepts of Intrusion Detection/Defense System (IDS)
More informationAgile Security Solutions
Agile Security Solutions Piotr Linke Security Engineer CISSP CISA CRISC CISM Open Source SNORT 2 Consider these guys All were smart. All had security. All were seriously compromised. 3 The Industrialization
More informationCisco Firepower NGIPS Tuning and Best Practices
Cisco Firepower NGIPS Tuning and Best Practices John Wise, Security Instructor High Touch Delivery, Cisco Learning Services CTHCRT-2000 Cisco Spark How Questions? Use Cisco Spark to communicate with the
More informationDeploying Intrusion Prevention Systems
Deploying Intrusion Prevention Systems Mike Mercier Consulting Systems Engineer BRKSEC-2030 Agenda Introduction to IPS Cisco NGIPS Solutions Deploying Cisco NGIPS Migrating to Firepower NGIPS Conclusion
More informationCisco Firepower Thread Defence. Claudiu Boar
Cisco Firepower Thread Defence Claudiu Boar Security everywhere Stop threats at the edge Control who gets onto your network Find and contain problems fast Protect users wherever they work Simplify network
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationSourcefire Network Security Analytics: Finding the Needle in the Haystack
Sourcefire Network Security Analytics: Finding the Needle in the Haystack Mark Pretty Consulting Systems Engineer #clmel Agenda Introduction The Sourcefire Solution Real-time Analytics On-Demand Analytics
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years
More informationFirewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků
Firewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků Jiří Tesař, CSE Security, jitesar@cisco.com CCIE #14558, SFCE #124266 Mapping Technologies to the
More informationDesigning Solution with Cisco Intrusion Prevention Systems
Designing Solution with Cisco Intrusion Prevention Systems Petr Růžička, CSE CCIE #20166 1 Session Abstract IPS technology could be placed in many different places in the network and as such it has to
More informationCisco ASA with FirePOWER Services
Cisco ASA with FirePOWER Services TDM Thomas Jankowsky Consulting Systems Engineer May 2015 Introduction Industry s First Threat-Focused Next-Generation Firewall (NGFW) Proven Cisco ASA firewalling Industry-leading
More informationThe Internet of Everything is changing Everything
The Internet of Everything is changing Everything Next Generation Security John Tzortzakakis Security Solutions Architect, Security Business Group November 2014 Threat Landscape evolution 60% of data is
More informationFirePower 2100 NGFW. Elodie Heurtevent Security BDM Commercial. 21 March 2017
FirePower 2100 NGFW Elodie Heurtevent Security BDM Commercial 21 March 2017 Capture the NGFW Opportunity "Less than 40% of enterprise Internet connections today are secured using nextgeneration firewalls
More informationConfiguring Event Action Rules
CHAPTER 8 This chapter explains how to add event action rules policies and how to configure event action rules. It contains the following sections: Understanding Policies, page 8-1 Understanding Event
More informationThe Future of Threat Prevention
The Future of Threat Prevention Bricata is the leading developer of Next Generation Intrusion Prevention Systems (NGIPS) technology, providing innovative, disruptive, high-speed, high-performance network
More informationCisco FirePOWER 8000 Series Appliances
Data Sheet Cisco FirePOWER 8000 Series Appliances Product Overview Finding a network security appliance with exactly the right throughput, interface options, and threat protection for all the different
More informationCCIE Collaboration Lab
CCIE Collaboration Lab Rami Kandah, Technical Leader Scott Hunt, UC Content Engineer James Lehto, UC Content Engineer David Mallory, CTO Learning@Cisco Overview: CCIE Certification Highest regarded IT
More informationFP NGIPS Deployment and Operationalisation Mark Pretty, Consulting Systems Engineer
FP NGIPS Deployment and Operationalisation Mark Pretty, Consulting Systems Engineer Agenda Introduction The Issue of Threats Introduction to IPS Deploying IPS Operationalise IPS Q & A Objectives What will
More informationCisco ASA with FirePOWER Services
Data Sheet Cisco ASA with FirePOWER Meet the industry s first adaptive, threat-focused next-generation firewall (NGFW) designed for a new era of threat and advanced malware protection. Cisco ASA with FirePOWER
More informationConfiguring Event Action Rules
CHAPTER 7 This chapter explains how to add event action rules policies and how to configure event action rules. It contains the following sections: Understanding Security Policies, page 7-1 Event Action
More informationThe IINS acronym to this exam will remain but the title will change slightly, removing IOS from the title, making the new title.
I n t r o d u c t i o n The CCNA Security IINS exam topics have been refreshed from version 2.0 to version 3.0. This document will highlight exam topic changes between the current 640-554 IINS exam and
More informationCisco Cyber Threat Defense Solution 1.0
Cisco Cyber Threat Defense Solution 1.0 Contents 1. Introduction to the Cisco Cyber Threat Defense Solution 1.0 2. Technical overview of the Cisco Cyber Threat Defense Solution 1.0 3. Using the Cisco Cyber
More informationCisco ASA 5500-X NGFW
Cisco ASA 5500-X NGFW Sieťová ochrana pre malé a stredné podniky pred modernými hrozbami Peter Mesjar CCIE 17428, Systémový Inžinier, Cisco What are we going to talk about Problem is THREATS How today
More informationCisco ASA 5500 Series IPS Solution
Cisco ASA 5500 Series IPS Product Overview As mobile devices and Web 2.0 applications proliferate, it becomes harder to secure corporate perimeters. Traditional firewall and intrusion prevention system
More informationNext Generation IPS and Advance Malware Protection. Mahmoud Rabi Consulting Systems Engineer - Security
Next Generation IPS and Advance Malware Protection Mahmoud Rabi Consulting Systems Engineer - Security Threat Landscape and Attack Continuum Today s Real World: Threats are evolving and evading traditional
More informationNetworking Drivers & Trends
NSA Series Overview Agenda Networking Drivers & Trends New Risks & Challenges Current Solutions Introducing SonicWALL S NSA Series Product Specs Competition Launch Notes Networking Drivers & Trends Business
More informationIntelligent WAN Sumanth Kakaraparthi Principal Product Manager PSOCRS-2010
Intelligent WAN Sumanth Kakaraparthi Principal Product Manager PSOCRS-2010 Agenda Challenges Architectures Cisco IWAN Proof Points Challenges Application landscape is changing Applications Are Moving to
More informationCisco ASA with FirePOWER Services
Data Sheet with FirePOWER Meet the industry s first adaptive, threat-focused next-generation firewall (NGFW) designed for a new era of threat and advanced malware protection. Cisco ASA with FirePOWER delivers
More informationUCS Management Deep Dive
UCS Management Deep Dive Jason Shaw Cisco UCS Technical Marketing Engineer Agenda Introductions UCS Architecture, Topology Physical Building Blocks Logical Building Blocks Policy Driven Management UCS
More informationCisco Advanced Malware Protection for Networks
Data Sheet Cisco Advanced Malware Protection for Networks Product Overview Fighting malware effectively today requires new approaches, strategies, and technologies. Cisco Advanced Malware Protection (AMP)
More informationAccess Control Using Intrusion and File Policies
The following topics describe how to configure access control policies to use intrusion and file policies: Intrusions and Malware Inspection Overview, page 1 Access Control Traffic Handling, page 2 File
More informationVirtualized Video Processing: Video Infrastructure Transformation Yoav Schreiber, Product Marketing Manager, Service Provider Video BRKSPV-1112
Toonces LOOK OUT! Virtualized Video Processing: Video Infrastructure Transformation Yoav Schreiber, Product Marketing Manager, Service Provider Video BRKSPV-1112 Agenda Video Industry Evolution and Challenges
More informationImplementing Cisco Network Security (IINS) 3.0
Implementing Cisco Network Security (IINS) 3.0 COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationNexus 7000 F3 or Mx/F2e VDC Migration Use Cases
Nexus 7000 F3 or Mx/F2e VDC Migration Use Cases Anees Mohamed Network Consulting Engineer Session Goal M1 VDC M1/M2 VDC M2/F3 VDC M1/F1 VDC M1/M2/F2e VDC F2/F2e/F3 VDC F2 VDC F3 VDC You are here This Session
More informationDesigning Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015
Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015 What Could It Cost You? Average of $0.58 a record According to the Verizon
More informationSnort: The World s Most Widely Deployed IPS Technology
Technology Brief Snort: The World s Most Widely Deployed IPS Technology Overview Martin Roesch, the founder of Sourcefire and chief security architect at Cisco, created Snort in 1998. Snort is an open-source,
More informationCIH
mitigating at host level, 23 25 at network level, 25 26 Morris worm, characteristics of, 18 Nimda worm, characteristics of, 20 22 replacement login, example of, 17 signatures. See signatures SQL Slammer
More informationSIEM (Security Information Event Management)
SIEM (Security Information Event Management) Topic: SECURITY and RISK Presenter: Ron Hruby Topics Threat landscape Breaches and hacks Leadership and accountability Evolution of security technology What
More informationAccess Control Using Intrusion and File Policies
The following topics describe how to configure access control policies to use intrusion and file policies: About Deep Inspection, page 1 Access Control Traffic Handling, page 2 File and Intrusion Inspection
More informationNGFW Requirements for SMBs and Distributed Enterprises
White Paper NGFW Requirements for SMBs and Distributed Enterprises The Case for NGFWs for SMBs The need for threat-focused next-generation firewalls (NGFWs) that can effectively mitigate risks that traditional
More informationCorrigendum 3. Tender Number: 10/ dated
(A premier Public Sector Bank) Information Technology Division Head Office, Mangalore Corrigendum 3 Tender Number: 10/2016-17 dated 07.09.2016 for Supply, Installation and Maintenance of Distributed Denial
More informationRequest for Proposal (RFP) for Supply and Implementation of Firewall for Internet Access (RFP Ref )
Appendix 1 1st Tier Firewall The Solution shall be rack-mountable into standard 19-inch (482.6-mm) EIA rack. The firewall shall minimally support the following technologies and features: (a) Stateful inspection;
More informationBorderless Networks. Tom Schepers, Director Systems Engineering
Borderless Networks Tom Schepers, Director Systems Engineering Agenda Introducing Enterprise Network Architecture Unified Access Cloud Intelligent Network & Unified Services Enterprise Networks in Action
More informationCloud-Managed Security for Distributed Networks with Cisco Meraki MX
Cloud-Managed Security for Distributed Networks with Cisco Meraki MX Joe Aronow, Product Architect Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More informationAlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment
BRKPAR-2488 AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment Edy Almer How to Secure and Automate Your Heterogeneous Cisco Environment Yogesh Kaushik, Senior Director Cisco Doug
More informationBefore You Update: Important Notes
Before you update, familiarize yourself with the update process, the system's behavior during the update, compatibility issues, and required pre or post-update configuration changes. Caution Note Do not
More informationThe Internet of Everything is changing Everything
The Internet of Everything is changing Everything Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763 Global Security Sales Organization Changing Business Models Any Device
More informationProtection - Before, During And After Attack
Advanced Malware Protection for FirePOWER TM BENEFITS Continuous detection of malware - immediately and retrospectively Inline detection of sophisticated malware that evades traditional network protections
More informationPass4sure q. Cisco Securing Cisco Networks with Sourcefire IPS
Pass4sure.500-285.42q Number: 500-285 Passing Score: 800 Time Limit: 120 min File Version: 6.1 Cisco 500-285 Securing Cisco Networks with Sourcefire IPS I'm quite happy to announce that I passed 500-285
More informationMonitoring the Device
The system includes dashboards and an Event Viewer that you can use to monitor the device and traffic that is passing through the device. Enable Logging to Obtain Traffic Statistics, page 1 Monitoring
More informationCisco Cloud Security. How to Protect Business to Support Digital Transformation
Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,
More informationData Center Security. Fuat KILIÇ Consulting Systems
Data Center Security Fuat KILIÇ Consulting Systems Engineer @Security Data Center Evolution WHERE ARE YOU NOW? WHERE DO YOU WANT TO BE? Traditional Data Center Virtualized Data Center (VDC) Virtualized
More informationLicensing the Firepower System
The following topics explain how to license the Firepower System. About Firepower Feature Licenses, on page 1 Service Subscriptions for Firepower Features, on page 2 Smart Licensing for the Firepower System,
More informationCisco Cloud Security for Public & Private Cloud Villayat Muhammad : Technical Leader BRKSEC-2016
Cisco Cloud Security for Public & Private Cloud Villayat Muhammad : Technical Leader BRKSEC-2016 Agenda Security Challenges Design and Integration Compliance Guidance Cloud Data Center Security Challenges
More informationFuture-ready security for small and mid-size enterprises
First line of defense for your network Quick Heal Terminator (UTM) (Unified Threat Management Solution) Data Sheet Future-ready security for small and mid-size enterprises Quick Heal Terminator is a high-performance,
More informationLicensing the Firepower System
The following topics explain how to license the Firepower System. About Firepower Feature Licenses, page 1 Service Subscriptions for Firepower Features, page 2 Smart Licensing for the Firepower System,
More informationFeatures. HDX WAN optimization. QoS
May 2013 Citrix CloudBridge Accelerates, controls and optimizes applications to all locations: datacenter, branch offices, public and private clouds and mobile users Citrix CloudBridge provides a unified
More informationImproving Security with Cisco ASA Firepower Services Claudiu Onisoru, Senior Solutions Engineer Cisco Connect - 18 March 2015
Improving Security with Cisco ASA Firepower Services Claudiu Onisoru, Senior Solutions Engineer Cisco Connect - 18 March 2015 1 Agenda Frontal Communication: Who we are? - Key points - Competencies Areas
More informationABSOLUTE REAL-TIME PROTECTION SERIES
TM DATA SHEET ABSOLUTE REAL-TIME PROTECTION SERIES ADVANCED MALWARE BLOCKER WITH CYLANCE WITH ARTIFICIAL INTELLIGENCE OVERVIEW Enterprises globally are threatened by conventional as well as advanced zero-days,
More informationF5 DDoS Hybrid Defender : Setup. Version
F5 DDoS Hybrid Defender : Setup Version 13.1.0.3 Table of Contents Table of Contents Introducing DDoS Hybrid Defender... 5 Introduction to DDoS Hybrid Defender...5 DDoS deployments... 5 Example DDoS Hybrid
More informationNetwork Security Platform Overview
Quick Tour Revision B McAfee Network Security Platform 8.1 Network Security Platform Overview McAfee Network Security Platform [formerly McAfee IntruShield ] is a combination of network appliances and
More informationCisco - ASA Lab Camp v9.0
Cisco - ASA Lab Camp v9.0 Code: 0007 Lengt h: 5 days URL: View Online Based on our enhanced SASAC v1.0 and SASAA v1.2 courses, this exclusive, lab-based course, provides you with your own set of equipment
More informationCisco Intrusion Prevention Solutions
Cisco Intrusion Prevention Solutions Proactive Integrated, Collaborative, and Adaptive Network Protection Cisco Intrusion Prevention System (IPS) solutions accurately identify, classify, and stop malicious
More informationFireSIGHT Virtual Installation Guide
Version 5.3.1 July 17, 2014 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL
More informationATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK INTRODUCTION Attivo Networks has partnered with Cisco Systems to provide advanced real-time inside-the-network
More informationCisco Advanced Malware Protection for Networks
Data Sheet Cisco Advanced Malware Protection for Networks Product Overview Fighting malware effectively today requires new approaches, strategies, and technologies. Cisco Advanced Malware Protection (AMP)
More informationMcAfee Network Security Platform 8.3
8.3.7.68-8.3.7.55-8.3.7.14 Manager-Virtual IPS Release Notes McAfee Network Security Platform 8.3 Revision A Contents About this release New features Enhancements Resolved issues Installation instructions
More informationMcAfee Network Security Platform
McAfee Network Security Platform 9.2 (Quick Tour) McAfee Network Security Platform [formerly McAfee IntruShield ] is a combination of network appliances and software that accurately detects and prevents
More informationTraffic Flow, Inspection, and Device Behavior During Upgrade
Traffic Flow, Inspection, and Device Behavior During Upgrade You must identify potential interruptions in traffic flow and inspection during the upgrade. This can occur: When you upgrade the operating
More informationCisco IOS Inline Intrusion Prevention System (IPS)
Cisco IOS Inline Intrusion Prevention System (IPS) This data sheet provides an overview of the Cisco IOS Intrusion Prevention System (IPS) solution. Product Overview In today s business environment, network
More informationCisco Security Exposed Through the Cyber Kill Chain
Cisco Forschung & Lehre Forum für Mecklenburg Vorpommern Cisco Security Exposed Through the Cyber Kill Chain Rene Straube CSE, Cisco Advanced Threat Solutions January, 2017 The Cisco Security Model BEFORE
More informationNetwork Security Platform 8.1
8.1.7.12-8.1.5.39 NS-series Release Notes Network Security Platform 8.1 Revision B Contents About this release New features Resolved issues Installation instructions Known issues Product documentation
More informationCisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017
Cisco Security Advanced Malware Protection Guillermo González Security Systems Engineer Octubre 2017 The New Security Model Attack Continuum Before During After Before Discover During Detect After Scope
More informationSTONESOFT. New Appliances2012
STONESOFT New Appliances2012 FW-315 WLAN Visibility and control to remote locations WLAN networks! Availability: April 2012 FW-315L WLAN Interfaces 4 x 10/100/1000 Mbps Throughput 100Mbps, 25Mbps VPN Management
More informationFirepower Techupdate April Jesper Rathsach, Consulting Systems Engineer Cisco Security North April 2017
Firepower 6.2.1 Techupdate April 2017 Jesper Rathsach, Consulting Systems Engineer Cisco Security North April 2017 Firepower 6.2.1 Nr. 1 most important!! Firepower 6.2.1 BUGFIXES!!!!! Alle kendte severity
More informationDeployments and Network Topologies
TECHNICAL GUIDE Deployments and Network Topologies A technical guide to deploying Family Zone School in different network topologies. Contents Introduction...........................................3 Transparent
More informationIntrusion prevention systems are an important part of protecting any organisation from constantly developing threats.
Network IPS Overview Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats. By using protocol recognition, identification, and traffic analysis
More informationDMVPN for R&S CCIE Candidates Johnny Bass CCIE #6458
DMVPN for R&S CCIE Candidates Johnny Bass CCIE #6458 BRKCCIE-3003 @CCIE6458 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public About the Presenter Johnny Bass Networking industry since
More informationCisco Next Generation Firewall Services
Toronto,. CA May 30 th, 2013 Cisco Next Generation Firewall Services Eric Kostlan Cisco Technical Marketing 2011 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1 Objectives At the
More informationCisco Comstor
Cisco Security @ Comstor 1 Agenda 1. Cisco Security Fundamentals Cyber Security? Cisco Security Solutions - Cisco NGFW - Cisco Umbrella Cisco Meraki, MR, MS, MV and MX Meraki Insight 2 1. Cisco Security
More informationIPS-1 Robust and accurate intrusion prevention
Security Check Point security solutions are the marketleading choice for securing the infrastructure. IPS-1 Robust and accurate intrusion prevention Today s s operate in an environment that is ever changing,
More informationSOURCEFIRE 3D SYSTEM RELEASE NOTES
SOURCEFIRE 3D SYSTEM RELEASE NOTES Version 5.3.0.2 Original Publication: April 21, 2014 Last Updated: April 25, 2016 These release notes are valid for Version 5.3.0.2 of the Sourcefire 3D System. Even
More informationMcAfee Network Security Platform 9.1
9.1.7.12-9.1.5.15 NS7x50-series Release Notes McAfee Network Security Platform 9.1 Revision A Contents About this release New features Resolved issues Installation instructions Known issues Product documentation
More informationEvent-Based Software-Defined Networking: Build a Secure Science DMZ
White Paper Event-Based Software-Defined Networking: Build a Secure Science DMZ What You Will Learn As the need to efficiently move large data sets around the world increases, the Science DMZ - built at
More informationMcAfee Network Security Platform 8.1
8.1.7.73-8.1.5.163-3.5.82 Manager-XC-Cluster Release Notes McAfee Network Security Platform 8.1 Revision B Contents About this release New features Resolved issues Installation instructions Known issues
More informationJURUMANI MERAKI CLOUD MANAGED SECURITY & SD-WAN
JURUMANI CLOUD MANAGED SECURITY & SD-WAN SECURITY BY DESIGN OVERVIEW Cisco Meraki MX Security Appliances are ideal for organizations considering a Unified Threat Managment (UTM) solution, for distributed
More informationThreat Centric Network Security
BRKSEC-2056 Threat Centric Network Security Ted Bedwell, Principal Engineer Network Threat Defence Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More informationASACAMP - ASA Lab Camp (5316)
ASACAMP - ASA Lab Camp (5316) Price: $4,595 Cisco Course v1.0 Cisco Security Appliance Software v8.0 Based on our enhanced FIREWALL and VPN courses, this exclusive, lab-based course is designed to provide
More informationPrepKing. PrepKing
PrepKing Number: 642-961 Passing Score: 800 Time Limit: 120 min File Version: 6.8 http://www.gratisexam.com/ PrepKing 642-961 Exam A QUESTION 1 Which statement best describes the data center core layer?
More informationNetwork Security Platform 8.1
8.1.7.13-8.1.5.57 NS-series Release Notes Network Security Platform 8.1 Revision B Contents About this release New features Enhancements Resolved issues Installation instructions Known issues Product documentation
More informationKlaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access
Klaudia Bakšová System Engineer Cisco Systems Cisco Clean Access Agenda 1. Securing Complexity 2. NAC Appliance Product Overview and In-Depth 3. NAC Appliance Technical Benefits The Challenge of Securing
More informationImplementing Cisco Edge Network Security Solutions ( )
Implementing Cisco Edge Network Security Solutions (300-206) Exam Description: The Implementing Cisco Edge Network Security (SENSS) (300-206) exam tests the knowledge of a network security engineer to
More informationSourcefire and ThreatGrid. A new perspective on network security
Sourcefire and ThreatGrid A new perspective on network security Agenda An overview of traditional IPS solutions Next-Generation IPS Requirements Sourcefire Next-Generation IPS Advanced Malware Protection
More informationASA Access Control. Section 3
[ 39 ] CCNP Security Firewall 642-617 Quick Reference Section 3 ASA Access Control Now that you have connectivity to the ASA and have configured basic networking settings on the ASA, you can start to look
More information