Best Security and deployment strategies SMB NGFW deployment Anant Mathur, Manager Technical Marketing
Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space Cisco Spark spaces will be available until July 3, 2017. cs.co/ciscolivebot# 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
SESSION ID SESSION DESCRIPTION SPEAKER BRKSEC-1020 Cisco Firewall Basics Mark Cairns BRKSEC-2020 Firepower NGFW Deployment in Data Center and Enterprise Steve Chimes Best Security and deployment strategies SMB NGFW Deployment Anant Mathur BRKSEC-2050 Firepower NGFW Internet Edge Deployment Scenarios Jeff Fanelli BRKSEC-2058 A Deep Dive into using Firepower Manager Will Young BRKSEC-2064 NGFWv and ASAv in Public Cloud (AWS and Azure) Anubhav Swami BRKSEC-2501 Deploying AnyConnect SSL VPN with ASA and FTD Hakan Nohre BRKSEC-3020 NGFW Clustering Deep Dive Kevin Klous BRKSEC-3035 Firepower Platforms Deep Dive Andrew Ossipov BRKSEC-3300 Advanced IPS Deployment Gary Halleen BRKSEC-3455 Dissecting Firepower NGFW Installation & Troubleshooting Veronika Klauzova 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Agenda Types of security threats and attacks in SMB Technologies used to mitigate and stop attacks Best practices to a use security technologies with Cisco NGFW for SMB And how to choose right NGFW for your requirement.
How we define SMB?
What is SMB SMB often refers to companies with less than 100 employees, while mediumsized business often refers to those with less than 500 employees. Cisco defines SMB pretty much along the lines of the EU definition Gartner definition Small Organizations have less than 100 employees and Medium Organizations have employees between 100 and 1000 Small Organizations have revenue less than $50 m and Medium Organizations have revenue less than $ 1billion 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
News SMBs have not historically been the target of cybercrime but in 2015 something drastically changed The latest Government Security Breaches Survey found that nearly 74% of small organization reported security breach in 2015. About half of all cyberattacks target small businesses Cyber Attacks on Small Businesses on the Rise. 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Why SMBs 90% Admins in SMB are not security experts Lack in Security Infrastructure Lack of Security knowledge Constraint by budget and resources Compromise on security for network performance 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Courtesy: http://www.threatgeek.com/ 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Common Attacks in SMB
Client Side Attacks Bob receives an email from what appears to be a legitimate user in your network. The email explains it is important for you to visit the new customer service link for your organization. You click on the link and are presented with a web site appearing to be legitimate (malicious web sites are pretty easy to make look legitimate). At this point your system may have already been exploited and the attacker has access to your operating system. How you ask? 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Client Side attacks Client machines running software like PDF, MS Office etc.. might be vulnerable to exploits Use bait the user techniques. Piggy back on Social Media requests Tools and techniques to execute these are getting better day by day Vulnerable software (due to lack of upgrades and patches) Buffer Overflow Session Hijacking SQL Injections Cross Site Scripting 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Fake App Attacks Attackers are using fake applications to bait the user. There can be fake AV applications, ex Fake AV Website 32. Fake Apps try to connect to CNC server, Open remote shell to the server. Mobile platforms are susceptible to such kind of attacks 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Virus A computer virus is a program or piece of code that is loaded onto your computer without your knowledge or permission Viruses are usually hidden in a commonly used program, such as a game or PDF viewer, or you may receive an infected file attached to an email or from another file you downloaded from the Internet ILoveYou, Code Red etc.. are known viruses Virus is a legacy code, not used by hackers/attackers a lot. 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Malware Malware is a malicious software that is specifically designed to gain or damage computer and information asset without knowledge of the owner Malware are highly sophisticated behavior based attacks. Files, Software downloaded from the internet usually carries malware Malwares are binary code that cannot be inspected static tools Malware examples Virus Adware Spyware Botnets 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Some News Bytes 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Security Technologies
Intrusion Prevention System (IPS) Stops attacks like DOS Exploits (buffer Overflow, session high jacking, Cross site scripting, etc...) Worms Virus Signature based engine that sniff packets to find abnormalities Signatures are regular expression that matches the pattern in the traffic. Classic IPS generates alerts based on signature match, result is enormous events. NGIPS is a game changer. 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Gateway Anti Virus Anti Virus are traditional way to fight against computer malware Anti virus are signature based, and sometimes combined with heuristic engine. Use deep packet inspection to find tools used to exploit hosts. Cannot detect sophisticated Malwares 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Protection against Malware Cannot be stopped by legacy Anti Virus, or IPS technologies There are many technologies that used to identify Malware. Sandboxing, Reputation of network connection, IOC There is no silver bullet to kill the Malware SMBs/Branches are very much prone to Malware attack. 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Sandboxing Method to run executable code in isolated environment to analyze the behavior Sandbox runs the Malware in the isolated machines, and reads the behavior of the file installed. Based on the execution patterns it verdicts. These days Malwares are also very much aware of Sandbox Environment 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Security Intelligence Assigns reputation to the IP and Domains. There are different levels of reputation. Saves lots of computational power on the box. Blocks bad domains, CnC servers. 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Access Control: Application Visibility and Control (AVC) Capabilities to control Applications and Microapplications. Reduces attack surface Improves business productivity Application visibility is like IPS, a deep packet inspection that looks for application patterns in the traffic 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
URL Filtering and Protection Method to block the web page based on reputation. Block URL and Categories to control business requirements Ex Adult Content, Gambling, Job portals etc.. Also reduce attack surface 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Key Products covering Security Technology
Unified Threat Management Unified threat management (UTM) is a converged platform of point security products Typical set of AV, Web gateway security, Anti Spam, URL filtering, IPS, Firewall. Though not very optimized to run all features. UTM is known for all feature convergence not for Security effectiveness. UTM solely compete on price 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Next Generation Firewall Provide superior security with high detection rate Extends beyond policy enforcements Provides greater contextual data for use in policy decision NGIPS, Malware, Analytics, etc. 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Courtesy: http://www.threatgeek.com/ 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Cisco Next Generation Firewall for SMB/Branch Office
Extend the value of your NGFW Start with the hardware option that fits best All with built-in Application Visibility and Control (AVC), network firewalling, and VPN capabilities Desktop 5506-X Wireless AP 5506W-X Ruggedized 5506H-X Rackmount 5508-X/5516-X 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Offering extensive contextual visibility The more you see, the better you can protect Client applications Operating systems Threats Typical IPS User s Applicatio n protocols File transfers Web applications C & C Servers Malware Router and switches Mobile Devices Printers Typical NGFW Network Servers Cisco Firepower NGFW VOIP phones 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Block or allow access to URLs and domains Web controls Filtering 01001010100 00100101101 NGFW Security feeds URL IP DNS Safe Search Cisco URL Database gambling Allow Block Allow Block DNS Sinkhole Category-based Policy Creation Admin Classify 280M+ URLs Filter sites using 80+ categories Manage allow/block lists easily Block latest malicious URLs 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Provide next-generation visibility into app usage Application Visibility & Control Cisco database 4,000+ apps 180,000+ Micro-apps 1 Network & users Unmapped 2 Prioritize traffic See and understand risks Enforce granular access control Prioritize traffic and limit rates Create detectors for custom apps 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Understand threat details and quickly respond Next-Generation Intrusion Prevention System (NGIPS) App & Device Data ISE 01011101001 010 010001101 010010 10 10 Blended threats 1 2 Prioritize response Automate policies Block Data packets Communications Network profiling Phishing attacks Innocuous payloads Infrequent callouts 3 Accept Scan network traffic Correlate data Detect stealthy threats Respond based on priority 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Uncover hidden threats in the environment Advanced Malware Protection (AMP) File Engines c File & Device Trajectory AMP for Endpoint Log AMP for Network Log? Known Signatures Fuzzy Fingerprinting Indications of compromise Threat Grid Sandboxing Advanced Analytics Dynamic analysis Threat intelligence Threat Disposition Uncertain Safe Risky Sandbox Analysis Enforcement across all endpoints Block known malware Investigate files safely Detect new threats Respond to alerts 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Get real-time protection against global threats Tales Threat Intelligence Security Coverage Research Response 1.5 million daily malware samples WWW Endpoints Web 250+ Researchers 600 billion daily email messages Networks NGIPS Jan 24 x 7 x 365 Operations 16 billion daily web requests Devices Identify advanced threats Get specific intelligence Catch stealthy threats Stay protected with updates 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Choosing the Right Manager
Firepower Device Manager & Firepower Management Center Designed for SMB customers Easy Deployment Single Device Manager Intuitive GUI Simplified User policies Contextual Visibility Extensive Eventing and Reporting Deeper configuration tunings Multi Device Manager Automation IOC, Impact Analysis 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Quick Recommendation to choose right manager Centralized- FMC Local - FDM Multiple Device Deployment Tuning Security Policies like IPS rule tuning, Custom Signatures File Policy tuning to detect and block files, white listing, leverage engines like machine learning, Dynamic analysis, and visibility into patient zero Visibility into network is required Extensive Eventing and Reporting capabilities. Network Operation managing Security Rely on pre-canned profiles for IPS and File policies Wanted to block malware, not interested in advance inspection Rely on intuitive GUI and wizard to create policies Requirement is simplicity. 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Cisco Defense Orchestrator Defense Orchestrator Helps You Manage All of Your Security Policy Change management: Get visibility into the impact of change on affected security services and devices Change Impact Modeling Object and Policy Analysis Cisco Defense Orchestrator Auditing: Gain policy awareness and identify issues Security Policy Management Reports Device Onboarding Import from offline Discover directly from device Optimization: Adjust security policy rule sets to optimize performance OOB Notifications Monitoring: Track policy implementation and activity across all affected security services and devices 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
NGFW deployments using FDM
Basic NGFW deployment Internet/ Cloud Services Internet/ Cloud Services Inline or Passive Inline 202.10.23.11 Inline Tap VPN, NAT, Routing, IPS, AMP, URL, AVC, Access Control etc.. 192.168.10.12 IPS, AMP, Routing, URL, AVC, Access Control etc.. Passive Routed Mode Transparent Mode 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Deploying NGFW- Management Access Only available through FDM 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Management Access list /var/log/firstboot.ngfw-onbox.log 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Integrated Routing and Bridging- Soft Switch 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Bob, an IT admin of a small firms just bought 5506-X
Deploy the Box
Default device Setup 1. Connect Management port and data port G1/2 to the L2 Switch, in same VLAN. 2. Connect G 1/1 to the ISP. 3. Switch is required to send management traffic to internet 4. Management port is not routable, because of security. Post 6.2 you can choose data port for management connectivity and get rid of switch 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Easy Configuration:- Step 1 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Easy Configuration: Step2 Rules to allow traffic, and default is to block all the traffic Information on DNS, DHCP etc.. 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Easy Configuration: Step 3 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Easy Configuration: Step 4 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Will my Box stop attack with default configuration By default the box drops everything IPS profile, Security Intelligence, Access Control must be configured By default the box drops everything Default Access Policies, Default IPS policies. No Rules 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Bob wants to Allow Dropbox Download :- Controlling the access
Access Control using Firepower Device Manager Rules under Access polies Mother policy to control and block traffic Default Action 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
Applications 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Actions 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Check with the deployment diagram 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Authenticating Users Fallback as guest 1. Create Realm 2. Create Policies HTTP Basic NTLM HTTP Negotiate 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Access Rule on FMC More attributes to create access rule Stitch inspection policies 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Bob wants to inspect files getting downloaded from Dropbox :- Inspecting allowed Traffic
Inspecting Dropbox traffic 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
IPS Policies on FDM Security over Connectivity Maximum Detection Pre-canned Profiles Connectivity Over Security Balanced Security and connectivity Security Over Connectivity Maximum detection Intrusion Policy part of Access Rule IPS has performance overhead Connectivity over security Balanced Security and connectivity 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Understand IPS profiles Security over Connectivity Maximum Detection Balanced Security and Connectivity has mix of rule set that address need for SMB organizations. Rules are set to drop and generate events It has ~7000 rules, that stop attacks like exploits, Virus, Worms, Trojans etc. Connectivity over security Balanced Security and connectivity 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
IPS tuning : FMC Auto Tuning of IPS rules Four Precanned profiles Rule tunings 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Controlling the default behavior Enable IPS policies Change the default policy to Allow Select Profile 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Bob wants to restrict access to online Games: Control the web access
URL Filtering on Firepower Device Manager URLs URL categories 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
URL Filtering on Firepower Device Manager: Using Reputation Reputation with games Cloud lookup for unknown URLs 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
URL Filtering on FMC Various Actions Also Assign reputation to the URL categories Around 81 categories and more than 21 million + 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Bob realized wants to save the network from Advance attacks like malwares
Controlling and Blocking Malware: FDM Pre-canned Profiles Connects to the cloud to detect malware. Cloud runs powerful engine for malware detection 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Controlling and Blocking Malware: FMC Allows to perform Dynamic Analysis, Machine learning. Allow to capture files Allow to choose file types and Categories Custom black list. Watch Threat Score Patient Zero 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
Bob is at the branch and he want to connect to the head office
Site to Site VPN Site to Site VPN 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Steps for configuration 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Connection Profile Specify VPN interfaces and networks 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Choose Protocol Privacy Configuration IKE Policy & Proposal Custom IKE Policies Pre-shared Keys 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
Summary 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
Site to Site VPN on FMC Multiple deployments Certificates Advance tuning IPsec, IKE etc. 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
Bob wants to secure his remote users
RAVPN support on FTD Secured Access AnyConnect Client SSL, IPsec AAA LDAP/AD/Radius, certificates Radius Authorization Attribute- DACL, Group Policy Address Assignment Radius Accounting Connectivity Experience Split Tunneling, DNS, Address Assignment, Access Hours, ACLs, Time outs Troubleshooting & Reporting User, User Activity, Usage etc. Availability FTD-HA, Dual ISP, multiple AAA servers Smart Licensing Apex, Plus, VPN only Management Intuitive GUI 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Remote Access VPN AnyConnect Client Configuration Device Identity and Client Addressing Connection Settings Summary & Instructions User can t use RA VPN if his FTD is in Evaluation mode of Smart Licensing. A user needs to have a Smart Licensing account and he should have a valid licensing token for the RA-VPN feature to work with FDM 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
Step1: Configuring a RA-VPN Connection Profile, a.k.a Tunnel Group Connection Profile name AD realm Upload package 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Step2: Device Identity and Addressing Certificate to device Identity Outside Interface Address Pool DNS 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Step3: Connection Settings Timeouts Dealing with Browser Proxy During VPN Session Address Pool Split Tunneling NAT exemption Inside Network AnyConnect Client Profile(Optional) 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
View Summary 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Useful CLI commands.. vpn-sessiondb anyconnect vpn-sessiondb detail anyconnect vpn-sessiondb licensesummary ssl errors ssl ciphers aaa-server asp table socket crypto ca certificates crypto ca crls crypto ca trustpoints webvpn anyconnect webvpn group-alias webvpn group-url webvpn hostscan webvpn statistics webvpn saml idp uauth ip local pool <name of ipv4 pool> 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
How to protect endpoint not on corporate network 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
Bob must backup configuration- Backup Restore
Backup and Recovery 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
Monitoring & Troubleshooting
System Information Aggregated Throughput Resource Usage Real Time Events 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
Understanding Performance
Performance 3000 2500 2000 1500 1000 500 0 1750 1500 1100 850 450 575 725 250 300 375 180 90 5506-X 5508-X 5516-X 5525-X 5545-X 5555-X Datasheet numbers are for RFPs, References Real world numbers must be considered for sizing Each service degrades performance by some percentage. Performance Degrades with smaller packet size. Real World IPS DataSheet IPS 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
Courtesy: http://www.threatgeek.com/ 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
Evaluating NGFW for SMB
Evaluating Features Evaluating Features Application Control Web Filtering IPS Malware Easy Deployment VPN Manageability You Need UTM if All Above mediocre and Email Anti Virus 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 99
Performance Evaluate Device Performance with Sizing data. Always plan for all feature enabled (Suggested) Consider the degrades by enabling the services 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
Plan for future Security requirements are changing: today, still virus can be buying criteria, but in year or two it will not be. Have a contingency for performance. Check if hardware can adopt to future requirements: upgrades etc.. How frequent is the updates. 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
What we have learned
Things you have learned Security Attacks Technologies Protect your network How to use them for your network How to evaluate NGFW 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 103
Security Beta Programs Security Beta Products Customer Benefits ASA AMP for Endpoints ISE Firepower NGFW/NGIPS ISR OpenDNS Firepower Platforms ESA Stealthwatch Learning Networks Free test hardware Early experience with and training on new features and functionality Demos and feedback sessions on product usability, design, and roadmaps Risk-free testing in the customer environment prior to FCS To participate in Beta: http://cs.co/security-beta-nomination or email ask-sbg-beta@cisco.com Beta customer S1-3 issues fixed in GA release I've been involved in many beta programs I must say that this one has been the best organized. This beta has taken a very active, hands-on approach. - Liberal Arts College Customer Presentation ID 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 104
Complete Your Online Session Evaluation Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 gift card. Complete your session surveys through the Cisco Live mobile app or on www.ciscolive.com/us. Don t forget: Cisco Live sessions will be available for viewing on demand after the event at www.ciscolive.com/online. 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Lunch & Learn Meet the Engineer 1:1 meetings 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
Thank you
Appendix
Bob must also know best practice to secure Wireless
Brief on Setup Integrated Cisco 702i AP, as hardware module AP is by default Off. Use CLI to AP console to enable Dot11radio Use IP to connect to AP to create SSIDs etc.. 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 111
Securing SSID Human Error Rogue Access Points WEP/WPA cracking Pre-Shared Key guess WPA2-AES the "gold standard" for data encryption 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 112
Other Cisco Security Products
Umbrella Protection when off the VPN no additional agents required Visibility and enforcement at the DNS-layer Block requests to malicious domains and IPs Predictive intelligence uncover current and emergent threats Subscription based Model Integrated with AnyConnect 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 114
Meraki Security NG Firewall, Client VPN, Site to Site VPN, IDS/IPS, Anti-Malware, Geo-Firewall Networking NAT/DHCP, 3G/4G Cellular, Intelligent WAN (IWAN) Application Control Web Caching, Traffic Shaping, Content Filtering 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 115
Cisco Integrated Services Router (ISR) For the ISR 4k, services are deployed on a UCS-E blade Blade contains Six hypervisor Architecture similar to ASA with Firepower Services Also called Cisco Firepower Threat Defense for ISR Snort integration is road-mapped for lower-end ISR routers Similar to Meraki Snort deployment Snort without the full Sourcefire sensor 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 116