Cisco NGFW and UTM update Security Expert Call series
|
|
- Ellen Haynes
- 5 years ago
- Views:
Transcription
1 Cisco NGFW and UTM update Security Expert Call series 6 th of October Istvan Segyik (CCIE security #47531) Escalations Engineer, Cisco GVE isegyik@cisco.com
2 Today s topics Cisco Firepower NGFW overview Cisco NGFW platforms and software editions Firepower 6.1 What is new? Cisco Meraki Cloud Managed networking overview Cisco Meraki MX security gateways Demo: quick impression on both systems Q&A
3 Cisco Firepower NGFW
4 Cisco NGFW overview
5 Secure the perimeter and the DC while... New demands More things Sophisticated threats Global collaboration Private and Public Cloud datacenters Anywhere access, BYOD Sophisticated penetration Complex malware Access is tougher to manage Visibility is more elusive Threats are harder to stop
6 What Cisco offers is... Cisco Firepower NGFW Stop more threats Gain more insight Detect earlier, act faster Reduce complexity Get more from your network Threat Focused Fully Integrated
7 Major NGFW system components DNS Sinkhole Security feeds URL IP DNS Dynamic and Static NAT High Availability High Bandwidth SSL Decryption Engine AVC NGIPS AMP file inspection AMP Threat Grid DNS $ % * # Allow Block DMZ Internet Firewall Private Network
8 Wait! Where is anti-spam?! *+%#& Cisco NGFW can: Inspect SMTP, POP3, IMAP, etc. traffic as an application and transport method for data; Inspect the content, look for malware; Do these things fast. But security is more than a potentially added single anti-spam engine: Multiple anti-spam engines, flexible SPAM quarantine; authentication, integration: SPF, DKIM, DMARC handling; Sophisticated filtering: application parameters, content, volumetric, etc.; Conditional routing; Graymail detection, classification, proper control; Handling payload encryption (S/MIME, CRES, PGP, other proprietary...); Granular reporting; Etc.. We recommend our market leading Security Appliance:
9 NGFW components: Firewall All NGFW editions have Stateful inspection firewall functionality. The ASA+Firepower (Hybrid) and Firepower Threat Defense (Unified) editions use the ASA (LINA) Firewall engine: Which is the World s most proven stateful inspection engine being continuously developed; Has sophisticated Application Level GW (ALG) functions to let modern applications safely passing the FW and address translation. Legacy Sourcefire appliances have a good firewall too.
10 NGFW components: SSL decryption $ % * # By now all hardware platforms support SSL decryption.... but all of them do it software or minimal HW assistance on the data plane CPUs. The next generation platforms have high performance cryptographic accelerator ASICs: At the moment they are used for IPsec acceleration only; Forthcoming software release is going to enable HW acceleration of SSL/TLS decryption. On the other hand be aware of big industry players intention to prevent Enterprise firewalls and proxies sniffing into TLS/SSL channels!
11 NGFW components: Application Visibility & Control (AVC) Cisco database (based on OppenAppID): 4,000+ apps Prioritize traffic 1 2 Network & users OpenAppID See and understand risks Enforce granular access control Prioritize traffic and limit rates Create detectors for custom apps
12 NGFW components: web controls Filtering NGFW Security feeds URL IP DNS Safe Search Cisco URL Database gambling Allow Block Allow Block DNS Sinkhole Category-based Policy Creation Admin Classify 280M+ URLs Filter sites using 80+ categories Manage allow/block lists easily Block latest malicious URLs
13 NGFW components: web controls - explained We have: dynamic URL category filtering and URL IP DNS reputation filtering capabilities. They are different technologies, mainly different purposes with very little overlap. Dynamic URL filtering: Huge, cached DB of URLs with on-demand query in case of unknown URLs seen; 80 categories plus each URL has a reputation score; Now provides Safe search capabilities too; Primary intention is enforcing acceptable web usage; Requires URL license. Security feeds URL IP DNS URL and IP reputation filtering: Cisco Talos provided or custom static list of categorized URLs and IP addresses pre-downloaded and cached; URLs on this list can be handled together with Dynamic URL categories in an Access Control Policy rule but this is a separate feed; They focus on known bad hosts; They are included in the Threat license along with IPS functionality.
14 NGFW components: web controls explained cont. DNS reputation filtering: Talos provided list of domain names pre-positioned and cached; This feeds the DNS sniffing and redirection engine; Included in the Threat license along with IPS and IP URL reputation feeds. Wait...! Open DNS? Not yet. Talos might use some information from ODNS for this feed but there is no direct API connection to ODNS cloud in this case. Still ODNS can be used in parallel with a Cisco NGFW.... and that makes sense, ODNS is the best tool to prevent connection to suspicious hosts behind dynamically generated fast flux domains. Security feeds URL IP DNS
15 NGFW components: Intrusion Prevention System There are multiple Snort engines running in parallel. Cisco Talos provides signature updates and/or 3rd party feeds can be used as well. The IPS system is tightly integrated with the AVC engine which is based on OpenAppID Highly tunable: Custom policies and rules can be added over the GUI or imported in Snort rule format; Cloning policies, policy sections and rules can be done on the GUI; Access Control Policy can assign separate IPS policy to a rule; Intelligent Application Bypass can SECURELY optimize inspection for certain applications. Advanced pre-processors for: Protocol normalization; Fighting certain attacks like volumetric DoS; Increasing application protocol security, e.g. SIP or SCADA protocols.
16 NGFW components: improved traffic control Identity Integration ISE pxgrid VDI Captive Portal Active/Passive NTLM Kerberos True-IP Policy X-Forwarded-For True-Client-IP Custom Headers Target threats accurately Enforce authentication Analyze headers in more depth Rate limiting Rule-based limits Reports QoS rules Tunnel Policy Pre-filtering Priority policy Policy migration Control application usage Block unwanted traffic early
17 NGFW components: anti-malware nice diagram File Reputation c File & Device Trajectory AMP for Endpoint Log AMP for Network Log? Known Signatures Fuzzy Fingerprinting Indications of compromise Threat Grid Sandboxing Advanced Analytics Dynamic analysis Threat intelligence Threat Disposition Uncertain Safe Risky Sandbox Analysis Enforcement across all endpoints Block known malware Investigate files safely Detect new threats Respond to alerts
18 NGFW components: anti-malware explanation FireAMP for Networks runs on Cisco NGFW products. It is a composite engine: Creates a hash and runs a reputation check against AMP Cloud or on-premises Private AMP appliance; Creates a behavior pattern analysis for executables and compares that against the AMP Cloud (Spero engine); May run local Clam AV check (traditional, off-line AV engine); Can submit a file to Cisco Threat Grid Cloud or on-premises dynamic analysis (sandbox) system; Can store files, whatever files for additional analysis; It can retrospectively convict files that have been passed, alert, remediate and draw network trajectory for forensics; It requires a Malware license which includes certain (platform dependent) number of daily TG submissions. AMP has an endpoint version as well: called AMP for Endpoints (AMP4E). AMP4E can report compromise events and contextual data to Firepower Management center.
19 NGFW components: Correlation Engine nice picture App & Device Data ISE Blended threats 1 2 Prioritize response Automate policies Block Data packets Communications Network profiling Phishing attacks Innocuous payloads Infrequent callouts 3 Accept Scan network traffic Correlate data Detect stealthy threats Respond based on priority
20 NGFW components: Correlation Engine - explained Available only with centralized management at the moment (FMC). The system can do active and passive profiling of: Network segment traffic; Hosts (OS, applications, versions, AMP4E information, etc.). FMC has a Nessus vulnerability database as well. FMC can correlate: Host profiles and profile changes; The vulnerability DB; Traffic profile changes or certain patterns; Local Malware and/or IPS events; External AMP4E events; Connection events (local and NetFlow reported); Etc. Correlation is driven by correlation policies and can trigger Remediation actions. Plus there are some built-in correlations that improves alerting (calculation of impact score).
21 NGFW components: Firepower Management Center Centralized management for multi-site deployments Firepower Management Center Multi-domain management Firewall & AVC Role-based access control NGIPS High availability AMP APIs and pxgrid integration Security Intelligence Available in physical and virtual options Manage across many sites Control access and set policies Investigate incidents Prioritize response
22 NGFW components: FMC explained FMC is the centralized management server for: Legacy Sourcefire Firepower appliances; Firepower Threat Defense (FTD) unified code based appliances; Firepower modules of hybrid editions (ASA code is still independently managed). There are plans to manage ASA module of hybrid editions in FMC as well. FMC is not only management but: Important integration point: provides APIs, calls APIs (e.g. ISE pxgrid); Event management, aggregation,, correlation, alerting, historical data storage point; Provides forensics tools as well like: different dashboards, data mining capabilities, network file trajectories, etc..
23 NGFW components: Firepower Device Manager Firepower Device Manager Integrated on-box option for single instance deployment Easy set-up Role-based access control High availability Physical and virtual options NAT and Routing Intrusion and Malware prevention Device monitoring VPN support Set up easily Control access and set policies Investigate incidents Prioritize response
24 NGFW components: Firepower Device Manager - explained Embedded device manager for Firepower Threat Defense based appliances. Legacy Sourcefire appliances has only a status monitoring HTML GUI, ASA+FP editions uses ASDM. FDM and FMC are exclusive, both cannot be used together. Main usage scenarios: Simplified systems management and monitoring for simple deployments; Initial deployment of the appliance by a technician at a remote site.
25 NGFW components: Cisco Defense Orchestrator Security Policy Management Simple Search- Based Management Device Onboarding Import From Offline Object & Policy Analysis Application, URL, Malware & Threat Policy Management Change Impact Modeling Security Templates Discover Direct From Device Notifications Reports Simplify security policy management in the cloud with Cisco Defense Orchestrator Security Plan and model security policy changes before deploying them across the cloud Deploy changes across virtual environments in real time or offline Receive notifications about any unplanned changes to security policies and objects
26 NGFW components: Cisco Defense Orchestrator - explained CDO is an optional simplified Cloud Management platform for on-premises NGFW deployments. Simplified because it is a product in an early stage. Sales is limited to qualified opportunities only.
27 NGFW components: Security Intelligence Threat Intelligence Security Coverage Research Response 1.5 million daily malware samples WWW Endpoints Web 250+ Researchers 600 billion daily messages Networks NGIPS Jan 24 x 7 x 365 Operations 16 billion daily web requests Devices Identify advanced threats Get specific intelligence Catch stealthy threats Stay protected with updates 10x times more data than what nearest competitor sees and analyzes
28 And this works... NSS proven The latest NSS breach detection test justified the effectiveness of Firepower. Two highlights: 100% Detection Rate with 100% anti-evasion rating; Far most threat found in 1 min: 67% and in 3 min: 91.8%. Find more:
29 NGFW integrations
30 APIs and programmability quick overview Sensors and FMC has had the estreamer API for a long time: Open specification; A bit more complex. FMC now has a REST based API which is: Simple; Being developed fast; Already makes possible things like Cisco ACI DC fabric integration. FMC can run built in custom external remediation modules (Perl script format) triggered by correlation policies. The system uses open protocols: Open AppID, Snort signatures, (STIX, TAXII on roadmap). There are closed APIs used for advanced integrations like: ISE pxgrid for user- and endpoint identity and context information retrieval; ISE EPS API calls for ISE enforced endpoint quarantine in the access layer.
31 Integration with Cisco Identity Services Engine ISE pxgrid TrustSec BYOD Employee Tag Guest Tag Guest Access Supplier Tag Server Tag Quarantine Tag Suspicious Tag ISE Segmentation Firepower Management Center Propagate User Context Device context Access policies Policy automation Set access control policies Propagate rules and context Establish a secure network Remediate breaches automatically
32 Integration with MS Terminal server based VDI solutions www Terminal Services Agent Firepower Management Center User IPs VDI APIs User 1 User 2 User 3 User 1 User 2 User 3 Route user information to Terminal Services Capture information using APIs Identify risky behavior
33 NGFW Platforms and software Editions
34 Fast moving target
35 It is transition time, and they are not always easy... Cisco is working on multiple NGFW transitions: Moving away from legacy Sourcefire appliances to new generation platforms running Firepower Threat Defense image. Moving from legacy ASA 5500-X hardware based ASA+FP solutions to FTD on same- or new hardware. Industry is moving as well: Firewall and IPS functions are getting virtualized at some points. They become Virtual Network Functions (NFV). Virtualized security devices are many times sold as on-demand, subscription based services.
36 Cisco Firepower Editions FTD ASA-OS ASA SSP Firep. NGIPS FP SSP FXOS ASA5585 chassis Firepower 4100 / 9300 Firepower NGIPS (in container) Firepower NGIPS FTD ASA-OS Hardware Legacy Sourcefire appliance ASA55xx * ASA55xx Virtual Firepower NGIPSv FTDv VMware ESXi ESXi, KVM or AWS x86 server x86 server NGIPS (Legacy Sourcefire appliances) Firepower Threat Defense (Unified Image) ASA with Firepower services (Hybrid) * Except: 5585, 5505, 5512 and 5515
37 NGFW / NGIPS HW / SW bundles overview Platform Image(s) ASA engine Firepower engines FX-OS Redundancy Embedded GUI Firepower 7K/8K NGIPS No * Full No Stateful Active / Standby ** Health status only AMP 7K/8K NGIPS No * Full No Stateful Active / Standby ** Health status only Firepower 4K-ASA ASA Full No Yes Stateful A/S or A/A or clustering Centralized management AMP extra storage FMC No No FMC Yes No Radware DefensePro ASDM CSM No 4150 only Firepower 4K-FTD FTD Limited Full Yes Stateful A/S FDM FMC Optional No Firepower 9300-ASA ASA Full No Yes Stateful A/S or A/A and clustering Firepower 9300-FTD FTD Limited Full Yes Stateful A/S or Intra-chassis clustering only ASA55xx-ASA ASA Full No Yes Stateful A/S or A/A or clustering ASA55xx w/ FP (Hybrid) ASA + NGIPS Full Full No Stateful A/S or A/A or clustering ASDM CSM No Yes FDM FMC No No ASDM CSM No No ASDM FMC + CSM No No ASA55xx-FTD *** FTD Limited Full No Stateful A/S FDM FMC No No * NGIPS only image has limited stateful FW functions embedded. ** Routed mode is stateful, switch mode is stateless. *** ASA 5505, 5512 and 5515 are not supported
38 Firepower Threat Defense This is Cisco s unified NGFW code. Main things to know: It replaces the stateful FW and VPN modules of the former Sourcefire code with ASA engines. FTD keeps IPS only deployment options like physical in-line, in-line tap mode and promiscuous modes. It has a unified CLI and can be fully managed by FMC (former ASA functions as well). There are three missing important features that the ASA+SF hybrid edition has: Multiple context mode; RA VPN; Clustering. These missing features are being built and going to be launched in foreseeable time.
39 FTD deployment modes IPS/IDS only ports Fail-to-wire NetMods Full Firewall Ports Inline Routed NetMod Passive Transparent Inline Tap Virtual or Physical
40 Firepower 4100 series Latest high performance 1 RU platform. Flexible platform with hardware acceleration where needed and with no bottleneck. Runs FX-OS as chassis manager layer. 8 built in 10G SFP+ ports and 2 network module slots. Multi-port 10G and 40G network modules with Failto-wire (HW bypass) models. Modules are compatible with the FP9300 series. Redundant- hot swappable power supplies and fans. It can run ASA or FTD logical devices. FP 4150 can run Radware Defense Pro as well with ASA.
41 Firepower 9300 series Latest high performance 3 RU, modular platform. Flexible platform with hardware acceleration where needed and with no bottleneck. Runs FX-OS as chassis manager layer. 8 built in 10G SFP+ ports and 2 network module slots. Multi-port 10G, 40G and 100G network modules with Fail-to-wire (HW bypass) models. 10G and 40G modules are compatible with the FP9300 series. Redundant- hot swappable power supplies and fans. It can run ASA (optionally with DefensePro) or FTD logical devices.
42 Hey, what is FX-OS?! This is how we say: Welcome to NFV everywhere! It is a secure boot enabled software layer that: Manages the chassis hardware; Runs on separate CPU on the FP4100 and 9300 series; Allocates resources to logical devices; Manages logical devices; Boots and updates logical devices (securely, signed packages only); Has an IOS like CLI and an HTML GUI; Was built to be highly programmable over its REST API. FX-OS No, it is not a bootloader causing extra complications
43 Virtual NGFW platforms Platform ASA engine Firepower engines Hypervisor support Application level Redundancy Embedded GUI Centralized management NGIPSv No Yes VMware ESXi only. No No FMC ASAv Yes No ESXi, KVM, Hyper-V, Azure, AWS, Stateful Active / Standby ASDM CSM FTDv Yes Yes KVM, ESXi, AWS Stateful Active / Standby No FMC
44 Firepower 6.1 What is new?
45 New features in Firepower 6.1 FMCv and FTDv support on KVM; VDI identity FW in Windows Terminal Server based VDI environments; Safe Search and YouTube EDU Policies (for US. customers mainly); Official- built-in ISE Remediation; Inline Source SGT Tags not only on FTDv but legacy Sourcefire Appliances as well; On-premise AMP Private Cloud appliance support; On-Box device manager (limited, no Java) for FTD on former ASA Saleen (5500X) platforms; Official FMC HA (FMC 1500, 2000, 3500 and 4000 appliances only); REST API through FMC only at the moment. FTD is not officially supported (though certain features work for FTD appliances); Rate limiting QoS phase 1 (FTD(v) only); Pre-filter policies (FTD(v) only); Site-to-Site VPN for FTD (officially supported between FTD devices only at the moment, simple crypto map like, no overlay routing, IKEv1 and IKEv2 are both supported); Multicast routing for FTD(v); Shared NAT policies for FTD(v) so identical NAT policies must not have to be configured on each and every FTD device in FTD; Support for Fail-to-Wire Netmods in FP4000 and FP9300 chassis IPS inline-pair and inline-pair tap mode interfaces only; Unified CLI for FTD(v) you don t have to change to diagnostic CLI to see former ASA LINA CLI commands; True-IP Policy Enforcement (XFF).
46 VDI identity FW in Windows Terminal Server environments Supports Microsoft Windows TS environments only. Provides user identity information for VDI users. The agent sends information to FMC over the REST API and does PAT as well. FMC configures the sensor over estreamer.
47 FMC REST API First REST based API opened into the Firepower system. FTD is officially not supported, but some parts (policy, identity work). Built in REST API explorer with script examples, available functions, etc. Main functions: Interface, virtual switch and virtual bridge configurations (legacy NGIPS only) already used in the NGIPS ACI device pack; Identity functions already used by the VDI identity TS agent ; Policy functions: Access Rule granularity. Disabled by default. More information:
48 On-box device manager Officially called: Firepower Device Manager (FDM). Java-less embedded GUI for FTD on ASA 55xx devices only at the moment. It is not supported to work in parallel with FMC (centralized management). Primary usage scenarios: Small Business with no IT security personnel; Initial provisioning by an onsite technician. Limited functionality which is going to be improved step by step in forthcoming releases. It has an Easy Setup Wizard which can useful during provisioning, even if FMC takes over later on. You may read more here:
49 On-box device manager
50 Rate Limiting QoS Phase 1. Supported on FTD devices managed by FMC only. Uses bi-directional rate limiters no shaping, no BW. reservation at the moment. Separate QoS policy object which can be mapped to one or more devices. One device can have one QoS policy only. The QoS policy rules can use the same object DB and conditions as other policies. Rate limiters are applied per interface when configured for Zones: E.g. DMZ Zone has two interfaces: dmz1 and dmz2 ; QoS policy rule applies 20 Mbps upload limitation for an application towards the DMZ zone; FTD will limit traffic to 20 Mbps upload on each interface separately which means aggregate 40 for the whole zone. Note: this is phase one only. QoS is actively developed in forthcoming releases.
51 Pre-filter policy on FTD Firepower has inspected clear-text tunneled packets before 6.1 automatically. Pre-filter policies can match: GRE, IP-in-IP, 6in4 and Teredo tunnels based on port numbers or custom tunnel policies; Source/Destination interfaces, subnets and ports. Pre-filter policy is applied before the Access Control Policy. One Pre-filter policy can be enforced on a certain FTD device. Actions: Block drops the packet; Fastpath forwards the packets without additional inspection, if possible forwards in SmartNIC (no dataplane CPU usage); Analyze Analyze the packet as per the matching Access Control Policy rule.
52 Pre-filter policy on FTD
53 Cisco Meraki Cloud Managed networks
54 Cisco Meraki Cloud Managed Networking Overview
55 Cisco Cloud Managed Networking (Meraki) Wireless Access Points (MR series) Layer 2 and Layer 3 switches (MS series) Security Gateways (MX series) IP Telephony (MC47) Mobile Device Management (Meraki Systems Manager) More on Meraki:
56 Cisco Cloud Managed Networking (Meraki) Unified cloud-based management: the Dashboard. A complete enterprise network can be modeled with Meraki. Dashboard hierarchy: one Organization includes one or more Networks. Role Based Access Control. Advanced Networking Functions. Simple and fast deployment. Advanced Troubleshooting functions. Partners can easily sell it as Managed Networking Service. Since it is fully cloud managed, it is cloud supported as well, it is Cisco who checks the log files in CLI shells, etc. for you.
57 Meraki Wireless Quality n and ac, Indoor and Outdoor Access Points Dedicated security radios to detect RF interference and L1 / L2 attacks The Dashboard has integrated CMX Location Analytics function Wireless Mesh capabilities Seamless roaming (802.11r) Advanced QoS Advanced RF optimization and monitoring Extensive Client monitoring and profiling Paid (guest) Access (PayPal)
58 Meraki Wireless Security Multiple Authentication Types WPA(2)-PSK WPA(2)-Enterprise: Meraki (back-end) or RADIUS (can be ISE) Open- with optional web authentication: RADIUS, LDAP, Facebook, Google, AUP only... Web authentication can be combined with WPA (and NAC) Air Marshal WIPS with automated or manual containment NAT mode with optional peer-to-peer traffic restrictions within an SSID L3 and L7 (AVC) Firewall and URL filtering Meraki MDM (Systems Manager) integration Simplified NAC (host compliance) that works with Web Authentication VPN tunneling from AP to a central MX Security Gateway (remote- small office solution)
59 Meraki wired LAN Switches Many L2 and L3 models, some of them can be stacked 10G and Nbase-T Multi-gigabit technology support PoE and PoE+ plus support Advanced QoS Security functions Useful troubleshooting tools: Packet Capture, Cable Test, etc.
60 Meraki wired LAN security Port Security DHCP Guard Port isolation (PVLAN) Multiple authentication technologies: Web authentication; 802.1X with Meraki backend or external RADIUS server. L3 and L7 (AVC) packet filtering
61 Meraki MX Security Gateways Cisco UTM
62 Cisco Meraki MX Security Gateway overview This is a UTM. It has advanced- and integrated security features implemented in a simplified way. Multiple hardware options, some with built in Access Point. Cloud managed over Dashboard with cross device (MR, MX, MS) group policies. Advanced site-to-site VPN (iwan) Flexible balancing between two ISP uplinks AVC and URL filtering Advanced QoS (shaping, policing, dynamic routing between uplinks based on latency, etc.) 3G / 4G support with external USB attached modems. Active / Standby stateless failover support.
63 Meraki MX Security L3-L7 Firewall Meraki with Cloud Application Detection Snort IPS engine with built in rules and minimal customization. Anti-malware: Currently Kaspersky; Soon: Cisco AMP with ThreatGrid. Dynamic URL filtering. Geolocation based filtering. Web authentication. ID Firewall with Active Directory integration.
64 Meraki MX models Where Notable Features Throughput Price (USD List) MX64/64W Small branch (~50 clients) 11ac wireless (MX64W) 250 Mbps (FW) 200 Mbps (UTM) $595/$945 MX65/65W MX84 MX100 Small branch (~50 clients) Mid-size branch (~200 clients) Mid-size branch/ Small campus (~500 clients) PoE+, dual WAN, ac SFP Ports SFP Ports 250 Mbps (FW) 200 Mbps (UTM) 500 Mbps (FW) 300 Mbps (UTM) 750 Mbps (FW) 650 Mbps (UTM) $945/$1,245 $1,995 $4,995 Z1 For teleworkers (1-5 users) Dual-radio wireless FW throughput: 50 Mbps MX400 Large branch/campus (~2,000 clients) Power redundancy Modular interface SFP or SFP+ (with modules) 1 Gbps (FW) 1 Gbps (UTM) $15,995 MX600 Campus/ VPN Concentration (~10,000 clients) Power redundancy Modular interface SFP or SFP+ (with modules) 1 Gbps (FW) 1 Gbps (UTM) $31,995 All devices support 3G/4G
65 Example: MX65W hardware elements included
66 MX ordering and BoM example Ordering a Cisco Meraki unit requires two items: Hardware 1, 3, 5, 7 or 10 years license Example: MX 84 with 3 years Advanced Security licence: Name Catalog Num Vendor Description Qty Unit Price Duration Prorated Unit List Price Extended Price Discount % Total Price LIC-MX84-SEC-3YR LIC-MX84-SEC-3YR Cisco Meraki MX84 Advanced Security , ,00 0, ,00 LIC-MX84-SEC-3YR 4000,00 MX84-HW MX84-HW Cisco Meraki MX84 Cloud Managed Security Appliance , ,00 0, ,00 MX84-HW Meraki MX(USD) 1995, ,00
67 Meraki MX VPN Simple RA VPN using the native VPN capabilities of common Operating Systems. AnyConnect based RA VPN is on roadmap. Hub & Spoke or Mesh site-to-site VPN among Meraki devices: Automated configuration; The IPsec and IKE policies cannot be tuned; Split or Full tunneling (it is possible to concentrate Internet breakout to a dedicated HUB locations); iwan capabilities: in case of dual WAN uplink, it is possible to have dual VPN connection with quality based routing. IPsec/IKEv1 site-to-site VPN tunnels to other Cisco and 3rd party devices. IKEv1; Pre-shared key; Possible to tune IKEv1 and IPsec settings in this case.
68 Meraki MX vs. Cisco ISR Intelligent Path Selection Security & Compliance Transport Independence Application Optimization Unified Communications Routed Protocols Feature Description On-Premise - Cisco ISR Cloud Managed - Meraki MX Load Balancing Policy-Based Path Selection Number of Paths Supported Rapid Failure Detection and Mitigation Virtual Private Network Firewall Intrusion Prevention & Detection Content/URL Filtering Anti-Virus / Malware Detection WAN Connectivity Cellular IPv6 WAN Optimization Content Caching Application Visibility Congestion Control Voice Gateway Session Border Controller Call Control Agent OSPF EIGRP BGP Yes Yes (L7 / app level) Multiple (Any Transport) Yes (Blackout & Brownout) Yes Yes Yes (Snort) Yes (Cloud Web Security) AMP T1/E1, T3/E3, Serial, xdsl, Ethernet Yes (Integrated/Module) Yes Yes (WAAS) Yes (Akamai) Yes Yes (HQoS) Yes Yes Yes Yes Yes Yes Yes Yes (L3-L4 - based on loss, jitter, latency) 2 (Broadband,4G,MPLS) Yes Yes Yes Yes (Snort) Yes (Built-in) AMP Ethernet Yes (Dongle) Planned (2H2016) No Yes (Squid-Cache) Yes Yes (L7 Traffic prioritization) No No No Supported at the headend No Planned (FY17) Integrated Storage & Compute Integrated Compute Yes (UCS E-Series) No
69 Meraki MX vs. ASA/Firepower major differences Less granular and less flexible policies. Less customizable and less granular logging. Less granular reporting and monitoring. No AMP4E integration (network AMP is on roadmap only). No granular file filtering. Less granular AVC functionality, no integration with the IPS engine. Far less customizable IPS (Snort) engines, no customization of preprocessors at all. No multiple context mode. Less granular Forensics capabilities. Host profiling is less granular and not security focused. No built in vulnerability analysis engine. No IoC support. No IPv6 support yet. Etc.
70 Real quick demo and Q&A
71 With this offer, you will: Gain valuable information on your network including critical attacks Reduce risk and make security a growth engine for your business This offer is valid through December 29 th, 2016 in Austria, Belgium, Denmark, Finland, France, Germany, Ireland, Italy, Luxemburg, Netherlands, Norway, Spain, Sweden, Switzerland and United Kingdom. For more information and to request a Threat Scan POV, go to
72
Cisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years
More informationCisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer
Cisco Next Generation Firewall and IPS Dragan Novakovic Security Consulting Systems Engineer Cisco ASA with Firepower services Cisco TALOS - Collective Security Intelligence Enabled Clustering & High Availability
More informationCiprian Stroe Senior Presales Consultant, CCIE# Cisco and/or its affiliates. All rights reserved.
Ciprian Stroe Senior Presales Consultant, CCIE#45766 2015 Cisco and/or its affiliates. All rights reserved. Complete cloud-managed networking solution Wireless, switching, security, MDM Integrated hardware,
More informationCisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017
Cisco Security Advanced Malware Protection Guillermo González Security Systems Engineer Octubre 2017 The New Security Model Attack Continuum Before During After Before Discover During Detect After Scope
More informationCloud-Managed Security for Distributed Networks with Cisco Meraki MX
Cloud-Managed Security for Distributed Networks with Cisco Meraki MX Joe Aronow, Product Architect Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More informationCisco Firepower Thread Defence. Claudiu Boar
Cisco Firepower Thread Defence Claudiu Boar Security everywhere Stop threats at the edge Control who gets onto your network Find and contain problems fast Protect users wherever they work Simplify network
More informationResilient WAN and Security for Distributed Networks with Cisco Meraki MX
Resilient WAN and Security for Distributed Networks with Cisco Meraki MX Daghan Altas, Director of Product Management BRKSEC-2900 Agenda Problem Cisco CNG Live network creation demo (45m) Product Brief
More informationFully Integrated, Threat-Focused Next-Generation Firewall
Cisco Firepower NGFW Fully Integrated, Threat-Focused Next-Generation Firewall Fuat KILIÇ, fkilic@cisco.com, +905339284608 Security Consulting Systems Engineer, CCIE #21150 September 2016 Get ahead of
More informationGlobal vision. Local knowledge. Cisco Forum Kyiv Country Day Month Year
Global vision. Local knowledge. Cisco Forum Kyiv Country Day Month Year Firepower Next Generation Firewall Subtitle goes here William Young Security Solutions Architect, Global Security Architecture Team
More informationCisco Comstor
Cisco Security @ Comstor 1 Agenda 1. Cisco Security Fundamentals Cyber Security? Cisco Security Solutions - Cisco NGFW - Cisco Umbrella Cisco Meraki, MR, MS, MV and MX Meraki Insight 2 1. Cisco Security
More informationBusiness Resiliency Through Superior Threat Defense
Business Resiliency Through Superior Threat Defense Firepower 2100 Series/ Cisco Identity Services Engine Andre Lambertsen, Consulting Systems Engineer ala@cisco.com Cisco Firepower NGFW Fully Integrated
More informationJURUMANI MERAKI CLOUD MANAGED SECURITY & SD-WAN
JURUMANI CLOUD MANAGED SECURITY & SD-WAN SECURITY BY DESIGN OVERVIEW Cisco Meraki MX Security Appliances are ideal for organizations considering a Unified Threat Managment (UTM) solution, for distributed
More informationImplementing Cisco Edge Network Security Solutions ( )
Implementing Cisco Edge Network Security Solutions (300-206) Exam Description: The Implementing Cisco Edge Network Security (SENSS) (300-206) exam tests the knowledge of a network security engineer to
More informationWe re ready. Are you?
We re ready. Are you? Deploying Scalable, Resilient WAN Architectures with Meraki MX and IWAN Joe Aronow - Product Specialist, Meraki MX Agenda Introduction: Cloud networking Meraki MX Security Appliances
More informationCisco Cloud Security. How to Protect Business to Support Digital Transformation
Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,
More informationAgile Security Solutions
Agile Security Solutions Piotr Linke Security Engineer CISSP CISA CRISC CISM Open Source SNORT 2 Consider these guys All were smart. All had security. All were seriously compromised. 3 The Industrialization
More informationCisco Meraki Cloud-Managed Networking. George Carlan
Cisco Meraki Cloud-Managed Networking George Carlan Cisco Networking Portfolio Cisco Enterprise Portfolio Cisco Cloud Managed Prime ISE Cloud Management & Policy Systems Manager Systems Manager WLAN Controllers
More informationCisco AMP Solution. Rene Straube CSE, Cisco Germany January 2017
Cisco AMP Solution Rene Straube CSE, Cisco Germany January 2017 The AMP Everywhere Architecture AMP Protection Across the Extended Network for an Integrated Threat Defense AMP Threat Intelligence Cloud
More informationCisco Security Exposed Through the Cyber Kill Chain
Cisco Forschung & Lehre Forum für Mecklenburg Vorpommern Cisco Security Exposed Through the Cyber Kill Chain Rene Straube CSE, Cisco Advanced Threat Solutions January, 2017 The Cisco Security Model BEFORE
More informationCato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief
Cato Cloud Software-defined and cloud-based secure enterprise network Solution Brief Legacy WAN and Security Appliances are Incompatible with the Modern Enterprise Cato Networks: Software-defined and Cloud-based
More informationPassit4Sure (50Q) Cisco Advanced Security Architecture for System Engineers
Passit4Sure.500-265 (50Q) Number: 500-265 Passing Score: 800 Time Limit: 120 min File Version: 5.8 Cisco 500-265 Advanced Security Architecture for System Engineers Today is big day for me as I passed
More informationAby se z toho bezpečnostní správci nezbláznili Cisco security integrace. Milan Habrcetl Cisco CyberSecurity Specialist Mikulov, 5. 9.
Aby se z toho bezpečnostní správci nezbláznili aneb Cisco security integrace Aby se z toho bezpečnostní správci nezbláznili Cisco security integrace Milan Habrcetl Cisco CyberSecurity Specialist Mikulov,
More informationFirepower Techupdate April Jesper Rathsach, Consulting Systems Engineer Cisco Security North April 2017
Firepower 6.2.1 Techupdate April 2017 Jesper Rathsach, Consulting Systems Engineer Cisco Security North April 2017 Firepower 6.2.1 Nr. 1 most important!! Firepower 6.2.1 BUGFIXES!!!!! Alle kendte severity
More informationChapter 1: Content Security
Chapter 1: Content Security Cisco Cloud Web Security (CWS) Cisco offers Cisco Cloud Web Security (CWS) to protect End Stations and Users devices from infection. Cisco Cloud Web Security (CWS) depends upon
More informationFirewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků
Firewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků Jiří Tesař, CSE Security, jitesar@cisco.com CCIE #14558, SFCE #124266 Mapping Technologies to the
More informationDeploying Intrusion Prevention Systems
Deploying Intrusion Prevention Systems Gary Halleen Consulting Systems Engineer II Agenda Introductions Introduction to IPS Comparing Cisco IPS Solutions IPS Deployment Considerations Migration from IPS
More informationCisco Advanced Malware Protection against WannaCry
Cisco Advanced Malware Protection against WannaCry "A false sense of security is worse than a true sense of insecurity" Senad Aruc Consulting Systems Engineer Advanced Threats Group Nils Roald Advanced
More informationSecure solutions for advanced threats
Secure solutions for advanced email threats Threat-centric email security Cosmina Calin Virtual System Engineer November 2016 Get ahead of attackers with threat-centric security solutions In our live Security
More informationDesign and Deployment of SourceFire NGIPS and NGFWL
Design and Deployment of SourceFire NGIPS and NGFWL BRKSEC - 2024 Marcel Skjald Consulting Systems Engineer Enterprise / Security Architect Abstract Overview of Session This technical session covers the
More informationCisco ASA with FirePOWER Services
Cisco ASA with FirePOWER Services TDM Thomas Jankowsky Consulting Systems Engineer May 2015 Introduction Industry s First Threat-Focused Next-Generation Firewall (NGFW) Proven Cisco ASA firewalling Industry-leading
More informationBorderless Networks. Tom Schepers, Director Systems Engineering
Borderless Networks Tom Schepers, Director Systems Engineering Agenda Introducing Enterprise Network Architecture Unified Access Cloud Intelligent Network & Unified Services Enterprise Networks in Action
More informationCisco ASA Next-Generation Firewall Services
Q&A Cisco ASA Next-Generation Firewall Services Q. What are Cisco ASA Next-Generation Firewall Services? A. Cisco ASA Next-Generation Firewall Services are a modular security service that extends the Cisco
More informationThe Internet of Everything is changing Everything
The Internet of Everything is changing Everything Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763 Global Security Sales Organization Changing Business Models Any Device
More informationCisco - ASA Lab Camp v9.0
Cisco - ASA Lab Camp v9.0 Code: 0007 Lengt h: 5 days URL: View Online Based on our enhanced SASAC v1.0 and SASAA v1.2 courses, this exclusive, lab-based course, provides you with your own set of equipment
More informationThe Internet of Everything is changing Everything
The Internet of Everything is changing Everything Next Generation Security John Tzortzakakis Security Solutions Architect, Security Business Group November 2014 Threat Landscape evolution 60% of data is
More informationMR Cloud Managed Wireless Access Points
Datasheet MR Series MR Cloud Managed Wireless Access Points Overview The Meraki MR series is the world s first enterprise-grade line of cloud-managed WLAN access points. Designed for challenging enterprise
More informationImplementing Cisco Network Security (IINS) 3.0
Implementing Cisco Network Security (IINS) 3.0 COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationFIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?
WHAT IS FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT? While firewalls started life simply protecting networks from outside hacks and attacks, the role of the firewall has greatly evolved to take
More informationEasy Setup Guide. Cisco ASA with Firepower Services. You can easily set up your ASA in this step-by-step guide.
Cisco ASA with Firepower Services Easy Setup Guide You can easily set up your ASA in this step-by-step guide. Connecting PC to ASA Installing ASDM 3 Configuring ASA 4 Using Umbrella DNS Connecting PC to
More informationMeraki MX Family Cloud Managed Security Appliances
DATASHEET Meraki MX Family Cloud Managed Security Appliances Overview The Meraki MX is a complete next generation firewall and branch gateway solution, designed to make distributed networks fast, secure,
More informationCisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339
Cisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339 Agenda Introduction to Lab Exercises Platforms and Solutions ASA with
More informationCisco Cloud Services Router 1000V with Cisco IOS XE Software Release 3.13
Q&A Cisco Cloud Services Router 1000V with Cisco IOS XE Software Release 3.13 Q. What is the Cisco Cloud Services Router 1000V? A. The Cisco Cloud Services Router 1000V (CSR 1000V) is a router in virtual
More informationA New Security Model for the IoE World. Henry Ong SE Manager - ASEAN Cisco Global Security Sales Organization
A New Security Model for the IoE World Henry Ong SE Manager - ASEAN Cisco Global Security Sales Organization Internet of Everything The Internet of Everything brings together people, process, data and
More informationSD-WAN Deployment Guide (CVD)
SD-WAN Deployment Guide (CVD) All Cisco Meraki security appliances are equipped with SD-WAN capabilities that enable administrators to maximize network resiliency and bandwidth efficiency. This guide introduces
More informationNew Features and Functionality
This section describes the new and updated features and functionality included in Version 6.2.1. Note that only the Firepower 2100 series devices support Version 6.2.1, so new features deployed to devices
More informationVeloCloud Cloud-Delivered WAN Fast. Simple. Secure. KUHN CONSULTING GmbH
VeloCloud Cloud-Delivered WAN Fast. Simple. Secure. 1 Agenda 1. Overview and company presentation 2. Solution presentation 3. Main benefits to show to customers 4. Deployment models 2 VeloCloud Company
More informationMeraki MX Family Cloud Managed Security Appliances
DATASHEET Meraki MX Family Cloud Managed Security Appliances Overview The Meraki MX is a complete next generation firewall and branch gateway solution, designed to make distributed networks fast, secure,
More informationImproving Security with Cisco ASA Firepower Services Claudiu Onisoru, Senior Solutions Engineer Cisco Connect - 18 March 2015
Improving Security with Cisco ASA Firepower Services Claudiu Onisoru, Senior Solutions Engineer Cisco Connect - 18 March 2015 1 Agenda Frontal Communication: Who we are? - Key points - Competencies Areas
More informationCisco Meraki MX products come in 6 models. The chart below outlines MX hardware properties for each model:
MX Sizing Guide AUGUST 2016 This technical document provides guidelines for choosing the right Cisco Meraki security appliance based on real-world deployments, industry standard benchmarks and in-depth
More informationFeatures and Functionality
Features and functionality introduced in previous versions may be superseded by new features and functionality in later versions. New or Changed Functionality in Version 6.2.2.x, page 1 Features Introduced
More informationCato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN
Cato Cloud Software-defined and Cloud-based Secure Enterprise Network Solution Brief NETWORK + SECURITY IS SIMPLE AGAIN Legacy WAN and Security Appliances are Incompatible with the Modern Enterprise The
More informationMR Cloud Managed Wireless Access Points
Datasheet MR Series MR Cloud Managed Wireless Access Points Overview The Meraki MR series is the world s first enterprise-grade line of cloud-managed WLAN access points. Designed for challenging enterprise
More informationDeploying Intrusion Prevention Systems
Deploying Intrusion Prevention Systems Mike Mercier Consulting Systems Engineer BRKSEC-2030 Agenda Introduction to IPS Cisco NGIPS Solutions Deploying Cisco NGIPS Migrating to Firepower NGIPS Conclusion
More informationThe IINS acronym to this exam will remain but the title will change slightly, removing IOS from the title, making the new title.
I n t r o d u c t i o n The CCNA Security IINS exam topics have been refreshed from version 2.0 to version 3.0. This document will highlight exam topic changes between the current 640-554 IINS exam and
More informationDisclaimer CONFIDENTIAL 2
Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitment from VMware to deliver these features in any generally
More informationMR Cloud Managed Wireless Access Points
MR Cloud Managed Wireless Access Points Overview The Meraki MR series is the world s first enterprise-grade line of cloud-managed WLAN access points. Designed for challenging enterprise environments, the
More informationMX Cloud Managed Security Appliance Series
Datasheet MX MX Cloud Managed Security Appliance Series Overview Cisco Meraki MX Security Appliances are ideal for organizations with large numbers of distributed sites. Since the MX is 100% cloud managed,
More informationMX Sizing Guide. 4Gon Tel: +44 (0) Fax: +44 (0)
MX Sizing Guide FEBRUARY 2015 This technical document provides guidelines for choosing the right Cisco Meraki security appliance based on real-world deployments, industry standard benchmarks and in-depth
More informationMX Cloud Managed Security Appliance Series
Datasheet MX MX Cloud Managed Security Appliance Series Overview Cisco Meraki MX Security Appliances is ideal for organizations with large numbers of distributed sites. Since the MX is 100% cloud managed,
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationPrepare Your Network for BYOD. Meraki Webinar Series
Prepare Your Network for BYOD Meraki Webinar Series 1 Agenda Introduction to Meraki and Cloud Networking BYOD objectives Taming BYOD: capacity, security & management Design considerations Live demos Product
More informationMAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER
MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric
More informationUser Identity Sources
The following topics describe Firepower System user identity sources, which are sources for user awareness. These users can be controlled with identity and access control policies: About, on page 1 The
More informationSteelConnect. The Future of Networking is here. It s Application- Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN
Data Sheet SteelConnect The Future of Networking is here. It s Application- Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN The Business Challenge Delivery of applications is becoming
More informationCorrigendum 3. Tender Number: 10/ dated
(A premier Public Sector Bank) Information Technology Division Head Office, Mangalore Corrigendum 3 Tender Number: 10/2016-17 dated 07.09.2016 for Supply, Installation and Maintenance of Distributed Denial
More informationExamTorrent. Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you
ExamTorrent http://www.examtorrent.com Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you Exam : 400-251 Title : CCIE Security Written Exam (v5.0) Vendor : Cisco Version
More informationMeraki Z-Series Cloud Managed Teleworker Gateway
Datasheet Z Series Meraki Z-Series Cloud Managed Teleworker Gateway Fast, Reliable Connectivity for the Modern Teleworker The Cisco Meraki Z-Series teleworker gateway is an enterprise class firewall, VPN
More informationHow to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption
How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist April 2018 New
More informationLicensing the Firepower System
The following topics explain how to license the Firepower System. About Firepower Feature Licenses, page 1 Service Subscriptions for Firepower Features, page 1 Classic Licensing for the Firepower System,
More informationAlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment
BRKPAR-2488 AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment Edy Almer How to Secure and Automate Your Heterogeneous Cisco Environment Yogesh Kaushik, Senior Director Cisco Doug
More informationTest Accredited Configuration Engineer (ACE) Exam PAN OS 6.0 Version
Test Accredited Configuration Engineer (ACE) Exam PAN OS 6.0 Version ACE Exam Question 1 of 50. Which of the following statements is NOT True regarding a Decryption Mirror interface? Supports SSL outbound
More informationProtection - Before, During And After Attack
Advanced Malware Protection for FirePOWER TM BENEFITS Continuous detection of malware - immediately and retrospectively Inline detection of sophisticated malware that evades traditional network protections
More informationCisco Advanced Malware Protection for Networks
Data Sheet Cisco Advanced Malware Protection for Networks Product Overview Fighting malware effectively today requires new approaches, strategies, and technologies. Cisco Advanced Malware Protection (AMP)
More informationPeter Henry Andersen Cisco SE Ib Hansen Cisco SE Tech Update 04 Maj Cisco and/or its affiliates. All rights reserved.
Peter Henry Andersen Cisco SE Ib Hansen Cisco SE Tech Update 04 Maj 2016 2013 Cisco and/or its affiliates. All rights reserved. Cisco Meraki Cloud - UPDATE Cisco Meraki MR Wireless LAN Cisco Meraki MX
More informationLicensing the Firepower System
The following topics explain how to license the Firepower System. About Firepower Feature Licenses, page 1 Service Subscriptions for Firepower Features, page 2 Smart Licensing for the Firepower System,
More informationCisco ASA 5500 Series IPS Solution
Cisco ASA 5500 Series IPS Product Overview As mobile devices and Web 2.0 applications proliferate, it becomes harder to secure corporate perimeters. Traditional firewall and intrusion prevention system
More informationCato Cloud. Global SD-WAN with Built-in Network Security. Solution Brief. Cato Cloud Solution Brief. The Future of SD-WAN. Today.
Cato Cloud Global SD-WAN with Built-in Network Security Solution Brief 1 Legacy WAN and Security Appliances are Incompatible with the Modern Enterprise The rise of cloud applications and mobile workforces
More informationExam Code: Exam Code: Exam Name: Advanced Borderless Network Architecture Systems Engineer test.
Exam Code: 700-303 Number: 700-303 Passing Score: 800 Time Limit: 120 min File Version: 41.2 http://www.gratisexam.com/ Exam Code: 700-303 Exam Name: Advanced Borderless Network Architecture Systems Engineer
More informationSymantec Endpoint Protection Family Feature Comparison
Symantec Endpoint Protection Family Feature Comparison SEP SBE SEP Cloud SEP Cloud SEP 14.2 Device Protection Laptop, Laptop Laptop, Tablet Laptop Tablet & & Smartphone Smartphone Meter Per Device Per
More informationLicensing the Firepower System
The following topics explain how to license the Firepower System. About Firepower Feature Licenses, on page 1 Service Subscriptions for Firepower Features, on page 2 Smart Licensing for the Firepower System,
More informationCisco Exam Questions & Answers
Cisco 648-375 Exam Questions & Answers Number: 648-375 Passing Score: 800 Time Limit: 120 min File Version: 22.1 http://www.gratisexam.com/ Cisco 648-375 Exam Questions & Answers Exam Name: Cisco Express
More informationWHITE PAPER ARUBA SD-BRANCH OVERVIEW
WHITE PAPER ARUBA SD-BRANCH OVERVIEW June 2018 Table of Contents Overview of the Traditional Branch...1 Adoption of Cloud Services...1 Shift to the Internet as a Business Transport Medium...1 Increasing
More informationFireSIGHT Virtual Installation Guide
Version 5.3.1 July 17, 2014 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL
More information2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 Cisco AnyConnect as a Service György Ács Regional Security Consultant Mobile User Challenges Mobile and Security Services Web Security
More informationFirefly Perimeter ( vsrx ) Technical information 12.1 X47 D10.2. Tuncay Seyran
Firefly Perimeter ( vsrx ) Technical information 12.1 X47 D10.2 Tuncay Seyran Security in a virtualized environment: same security risks + more TRADITIONAL SECURITY RISKS IMPACTING VIRTUAL ENVIRONMENTS
More informationCisco Meraki Cloud Managed IT Solution Derrick Phua. May 12, 2017
Cisco Meraki Cloud Managed IT Solution Derrick Phua May 12, 2017 Why cloud managed IT? On-Demand scalability The cloud increases IT efficiency Manageability Scalability Cost Savings Turnkey installation
More informationCisco SD-WAN. Intent-based networking for the branch and WAN. Carlos Infante PSS EN Spain March 2018
Cisco SD-WAN Intent-based networking for the branch and WAN Carlos Infante PSS EN Spain March 2018 Aug-12 Oct-12 Dec-12 Feb-13 Apr-13 Jun-13 Aug-13 Oct-13 Dec-13 Feb-14 Apr-14 Jun-14 Aug-14 Oct-14 Dec-14
More informationThreat Centric Network Security
BRKSEC-2056 Threat Centric Network Security Ted Bedwell, Principal Engineer Network Threat Defence Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More informationNGFWv & ASAv in Public Cloud (AWS & Azure)
& in Public Cloud (AWS & Azure) Anubhav Swami, CCIE# 21208 Technical Marketing Engineer Your Speaker Anubhav Swami answami@cisco.com Technical Marketing Engineer 5 years in Cisco TAC 2 years in ASA BU
More informationSecurity, Internet Access, and Communication Ports
Security, Internet Access, and Communication Ports The following topics provide information on system security, internet access, and communication ports: Security Requirements Security Requirements, on
More informationData Center Security. Fuat KILIÇ Consulting Systems
Data Center Security Fuat KILIÇ Consulting Systems Engineer @Security Data Center Evolution WHERE ARE YOU NOW? WHERE DO YOU WANT TO BE? Traditional Data Center Virtualized Data Center (VDC) Virtualized
More informationNETWORKING &SECURITY SOLUTIONSPORTFOLIO
NETWORKING &SECURITY SOLUTIONSPORTFOLIO NETWORKING &SECURITY SOLUTIONSPORTFOLIO Acomprehensivesolutionsportfoliotohelpyougetyourbusiness securelyconnected.clickononeofoursolutionstoknowmore NETWORKING
More informationEvolution of Data Center Security Automated Security for Today s Dynamic Data Centers
Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers Speaker: Mun Hossain Director of Product Management - Security Business Group Cisco Twitter: @CiscoDCSecurity 2 Any
More informationNetwork Automation and Branch Agility The Network Helps Enable Digital Business. Rajinder Singh Product Sales Specialist June 2016
Network Automation and Branch Agility The Network Helps Enable Digital Business Rajinder Singh Product Sales Specialist June 2016 Agenda WAN Market Drivers Cisco Intelligent WAN (IWAN) Cisco Intelligent
More informationCisco Security Enterprise License Agreement
Cisco Security Enterprise License Agreement Deploy Software and Technology more easily The Cisco Security Enterprise Licensing Agreement (ELA) gives you a simpler way to manage your licenses. And it saves
More informationSteelConnect. The Future of Networking is here. It s Application-Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN
Data Sheet SteelConnect The Future of Networking is here. It s Application-Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN The Business Challenge Delivery of applications is becoming more
More informationQ-Balancer Range FAQ The Q-Balance LB Series General Sales FAQ
Q-Balancer Range FAQ The Q-Balance LB Series The Q-Balance Balance Series is designed for Small and medium enterprises (SMEs) to provide cost-effective solutions for link resilience and load balancing
More informationNew methods to protect the network. Deeper visibility with Cisco NGFW Next Generation Firewall
New methods to protect the network. Deeper visibility with Cisco NGFW Next Generation Firewall Claudiu Onisoru, Senior Network Specialist Cisco Connect - 15 May 2014 1 Agenda Frontal Communication: Who
More information