Cisco Firepower NGFW Anticipate, block, and respond to threats
Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years Attack Sophistication Global Cybercrime Market: $450B to $1T
Which dramatically expands what you have to worry about New demands More things Specialized threats Global collaboration Anywhere access BYOD 30% Phishing messages opened by the target across campaigns Source: 2016 Verizon Data Breach Investigations Report Access is tougher to manage Visibility is more elusive Threats are harder to stop
Other next-generation firewalls fix some problems but create new ones They re only app-focused Threat They can t help you once you ve been breached Attack Continuum Threat BEFORE DURING AFTER Threat They re another silo to manage IPS Acceptable use NGFW DDoS Sandbox
Cisco Firepower NGFW is a complete solution Cisco Firepower NGFW Stop more threats Gain more insight Detect earlier, act faster Reduce complexity Get more from your network Threat Focused Fully Integrated
Offering extensive contextual visibility The more you see, the better you can protect Client applications Operating systems Threats Typical IPS Users File transfers Application protocols Web applications C & C Servers Malware Routers & switches Mobile Devices Printers Typical NGFW Network Servers Cisco Firepower NGFW VOIP phones
Features: Firewall & AVC Threat Defense Management Integrations
Firewall & AVC
Provide next-generation visibility into app usage Application Visibility & Control Cisco database 4,000+ apps 180,000+ Micro-apps Prioritize traffic 1 2 Network & users OpenAppID See and understand risks Enforce granular access control Prioritize traffic and limit rates Create detectors for custom apps
Extend AVC to proprietary and custom apps OpenAppID Self-Service Open-Source Easily customize application detectors Detect custom and proprietary apps Share detectors with other users
Uncover hidden threats at the edge SSL decryption engine SSL decryption engine NGIPS AVC Enforcement decisions http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$&^*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com gambling http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$&^*#$@#$.com elicit http://www.%$*#$@#$.com http://www.%$*#$@#$.com Encrypted Traffic Log Decrypt 3.5 Gbps traffic over five million simultaneous flows Inspect deciphered packets Track and log all SSL sessions
Block or allow access to URLs and domains Web controls Filtering 01001010100 00100101101 NGFW Security feeds URL IP DNS Safe Search Cisco URL Database gambling Allow Block Allow Block DNS Sinkhole Category-based Policy Creation Admin Classify 280M+ URLs Filter sites using 80+ categories Manage allow/block lists easily Block latest malicious URLs
Improve traffic control with new features Additional Firewall Features Identity Integration ISE pxgrid VDI Captive Portal Active/Passive NTLM Kerberos True-IP Policy X-Forwarded-For True-Client-IP Custom Headers Target threats accurately Enforce authentication Analyze headers in more depth Rate limiting Rule-based limits Reports QoS rules Tunnel Policy Pre-filtering Priority policy Policy migration Control application usage Block unwanted traffic early
Threat Defense
Understand threat details and quickly respond Next-Generation Intrusion Prevention System (NGIPS) App & Device Data ISE 010111010010 10 010001101 010010 10 10 Blended threats 1 2 Prioritize response Automate policies Block Data packets Communications Network profiling Phishing attacks Innocuous payloads Infrequent callouts 3 Accept Scan network traffic Correlate data Detect stealthy threats Respond based on priority
Uncover hidden threats in the environment Advanced Malware Protection (AMP) File Reputation c File & Device Trajectory AMP for Endpoint Log AMP for Network Log? Known Signatures Fuzzy Fingerprinting Indications of compromise Threat Grid Sandboxing Advanced Analytics Dynamic analysis Threat intelligence Threat Disposition Uncertain Safe Risky Sandbox Analysis Enforcement across all endpoints Block known malware Investigate files safely Detect new threats Respond to alerts
Stop known threats from getting in Security Intelligence URL Based Block risky sites using a classified database of 270 million+ known URLs IP Based Filter out bad IPs using a blacklist of 70,000+ known IPs DNS Based Get real-time threat intelligence based on 80 billion+ daily DNS requests Understand risks using reputation scoring See more through industry-leading research
Get real-time protection against global threats Talos Threat Intelligence Security Coverage Research Response 1.5 million daily malware samples WWW Endpoints Web 250+ Researchers 600 billion daily email messages Networks NGIPS Jan 24 x 7 x 365 Operations 16 billion daily web requests Devices Identify advanced threats Get specific intelligence Catch stealthy threats Stay protected with updates
Management
Easily manage NGFWs across multiple sites Firepower Management Center Centralized management for multi-site deployments Firepower Management Center Multi-domain management Firewall & AVC Role-based access control NGIPS High availability AMP APIs and pxgrid integration Security Intelligence Available in physical and virtual options Manage across many sites Control access and set policies Investigate incidents Prioritize response
Easily manage individual NGFWs Firepower Device Manager Firepower Device Manager Integrated on-box option for single instance deployment Easy set-up Role-based access control High availability Physical and virtual options NAT and Routing Intrusion and Malware prevention Device monitoring VPN support Set up easily Control access and set policies Investigate incidents Prioritize response
Know what and when you need to update Smart Licensing Report Software Services Devices View software, services, and devices in one easy to use portal Activate software automatically Extend licenses automatically Track software usage with regular reports to Cisco
Get help making the transition to Firepower Migration assistance tool Prior ASA appliance Firepower NGFW Policies Settings Groups Policies Settings Groups
Integrations
Ensure compliance before granting access Identity Services Engine (ISE) ISE pxgrid TrustSec BYOD Employee Tag Guest Tag Guest Access Supplier Tag Server Tag Quarantine Tag Suspicious Tag ISE Segmentation Firepower Management Center Propagate User Context Device context Access policies Policy automation Set access control policies Propagate rules and context Establish a secure network Remediate breaches automatically
Build on your solution with an open platform REST APIs and Third-party integration Custom functionality Firepower Management Center Authentication tokens Access control Virtual switch API Explorer Third-party solutions Radware DDoS VDI identity VPN capabilities APIs Augment functionality with third party solutions Integrate custom-built features
Prevent network and application downtime Radware DDoS vdp Cloud scrub Flood Traffic Legitimate Traffic SYN Flood attacks DDoS attacks Nonstandard packet attacks 110101010101000101011011101010010010101010101001010101011101010 010101101010101010001010110111010100100101010101010010101010111 010101001010100101010111010101010100010101101110101001001010101 Network and Applications Maintain up to 30 Gbps throughput for legitimate traffic Handle 140,000 connections per second Block 1,200,000 packets of flood traffic per second Stop attacks within seconds of detection Block or allow traffic automatically
Available in multiple deployment options Physical, virtual, and cloud options AWS Azure Also available as standalone solutions NGIPS only Dedicated AMP And on high-end performance appliances New Appliances Cisco Firepower 4100 Series and 9300 Cisco Firepower Threat Defense on ASA 5500-X Cisco FirePOWER Services on ASA 5585-X
Use cases
Secure your company s internet edge I want to DNS Sinkhole Security feeds URL IP DNS 0110110010101001010100 0010010110100101101101 Dynamic and Static NAT High Availability High Bandwidth SSL Decryption Engine AVC NGIPS AMP file inspection AMP Threat Grid DNS www @ $ % * # Allow Block DMZ Stop threats at the edge, find and fix breaches, and increase throughput. Internet Firewall Private Network
Protect your data center at the edge I want to Prepare Secure Define policies Uncover threats Respond Remediate HR Security feeds URL IP DNS 0110110010101001010100 0010010110100101101101 TrustSec High Availability High Bandwidth SSL Decryption Engine AVC NGIPS AMP file inspection AMP Threat Grid Clustering Support for North-South and East-West traffic Financial data Finance $ % * # Allow Block HR data DevOps In-house app Reduce the company s attack surface and detect data center threats. Data Center Edge Firewall Data Center Network
Keep threats out of campus security domains I want to Firewall Security feeds URL IP DNS 0110110010101001010100 0010010110100101101101 SSL Decryption Engine $ % * # AVC Allow Block NGIPS AMP file inspection AMP Threat Grid Apps www Database TrustSec Apps www Database Protect against threats while meeting campus bandwidth demands. Data Center Edge Core Campus Distribution Access Layer
Enforce acceptable use within the organization I want to Reputation scoring www 4000+ web and inhouse applications www Filter unwanted URLs SSL Decryption Engine $ % * # www Decrypt hidden traffic User identity Partial Block Allow 1 2 Stop risky web traffic, control application use, and allocate bandwidth. and additional custom applications Gambling Application Block Define access control Firewall Prioritize Traffic Network
Defend the network with Rapid Threat Containment I want to www Firepower Management Center ISE pxgrid Alerts Receive alert of intrusion event Issue quarantine command pxgrid Alerts TrustSec Isolate compromised resources quickly before the problem grows. Automatic Isolation Quarantine Tag Employee Tag Supplier Tag Guest Tag Quarantine Tag
Only Cisco delivers Threat Focused Fully Integrated Stop more threats Gain more insight Detect earlier, act faster Reduce complexity Get more from your network superior protection and visibility to address new demands, more things, and specialized threats
The results speak for themselves 17.5 hours Average time to detection with Cisco security 100 days Industry average time to detection Source: Cisco Annual Security Report 2016
How to benefit from our Free Risk Assessment? Cisco Threat Scan Proof of Value Programme With this offer, you will: Gain valuable information on your network including critical attacks Reduce risk and make security a growth engine for your business This offer is valid through December 29 th, 2016 in Austria, Belgium, Denmark, Finland, France, Germany, Ireland, Italy, Luxemburg, Netherlands, Norway, Spain, Sweden, Switzerland and United Kingdom. For more information and to request a Threat Scan POV, go to www.cisco.com/go/threatscanpov