Cisco Firepower NGFW Anticipate, block, and respond to threats
You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid cloud Cloud applications IT is now an enabler
Which dramatically expands what you have to worry about New demands More things Specialized threats Global collaboration Anywhere access BYOD 30% Phishing messages opened by the target across campaigns Source: 2016 Verizon Data Breach Investigations Report Access is tougher to manage Visibility is more elusive Threats are harder to stop
Other next-generation firewalls fix some problems but create new ones They re only app-focused Threat They can t help you once you ve been breached Attack Continuum Threat BEFORE DURING AFTER Threat They re another silo to manage IPS Acceptable use NGFW DDoS Sandbox
Cisco Firepower NGFW is a complete solution Cisco Firepower NGFW Stop more threats Gain more insight Detect earlier, act faster Reduce complexity Get more from your network Threat Focused Fully Integrated
Offering extensive contextual visibility The more you see, the better you can protect Client applications Operating systems Threats Typical IPS Users File transfers Application protocols Web applications C & C Servers Malware Routers & switches Mobile Devices Printers Typical NGFW Network Servers Cisco Firepower NGFW VOIP phones
Features: Firewall & AVC Threat Defense Management Integrations
Firewall & AVC
Uncover hidden threats at the edge SSL decryption engine SSL decryption engine NGIPS AVC Enforcement decisions http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$&^*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com gambling http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$*#$@#$.com http://www.%$&^*#$@#$.com elicit http://www.%$*#$@#$.com http://www.%$*#$@#$.com Encrypted Traffic Log Decrypt 3.5 Gbps traffic over five million simultaneous flows Inspect deciphered packets Track and log all SSL sessions
Block or allow access to URLs and domains Web controls Filtering 01001010100 00100101101 NGFW Security feeds URL IP DNS Safe Search Cisco URL Database gambling Allow Block Allow Block DNS Sinkhole Category-based Policy Creation Admin Classify 280M+ URLs Filter sites using 80+ categories Manage allow/block lists easily Block latest malicious URLs
Provide next-generation visibility into app usage Application Visibility & Control Cisco database 4,000+ apps 180,000+ Micro-apps Prioritize traffic 1 2 Network & users OpenAppID See and understand risks Enforce granular access control Prioritize traffic and limit rates Create detectors for custom apps
Extend AVC to proprietary and custom apps OpenAppID Self-Service Open-Source Easily customize application detectors Detect custom and proprietary apps Share detectors with other users
Pick from many deployment modes Firewall deployment modes Inline or Passive Fail-to-wire NetMods Additional options Inline Routed NetMod 101110 Inline Tap Transparent 101110 Passive Virtual or Physical
Threat Defense
Understand threat details and quickly respond Next-Generation Intrusion Prevention System (NGIPS) App & Device Data ISE 010111010010 10 010001101 010010 10 10 Blended threats 1 2 Prioritize response Automate policies Block Data packets Communications Network profiling Phishing attacks Innocuous payloads Infrequent callouts 3 Accept Scan network traffic Correlate data Detect stealthy threats Respond based on priority
Uncover hidden threats in the environment Advanced Malware Protection (AMP) File Reputation c File & Device Trajectory AMP for Endpoint Log AMP for Network Log? Known Signatures Fuzzy Fingerprinting Indications of compromise Threat Grid Sandboxing Advanced Analytics Dynamic analysis Threat intelligence Threat Disposition Uncertain Safe Risky Sandbox Analysis Enforcement across all endpoints Block known malware Investigate files safely Detect new threats Respond to alerts
Stop known threats from getting in Security Intelligence URL Based Block risky sites using a classified database of 270 million+ known URLs IP Based Filter out bad IPs using a blacklist of 70,000+ known IPs DNS Based Get real-time threat intelligence based on 80 billion+ daily DNS requests Understand risks using reputation scoring See more through industry-leading research
Get real-time protection against global threats Talos Threat Intelligence Security Coverage Research Response 1.5 million daily malware samples WWW Endpoints Web 250+ Researchers 600 billion daily email messages Networks NGIPS Jan 24 x 7 x 365 Operations 16 billion daily web requests Devices Identify advanced threats Get specific intelligence Catch stealthy threats Stay protected with updates
Management
Easily manage NGFWs across multiple sites Firepower Management Center Centralized management for multi-site deployments Firepower Management Center Multi-domain management Firewall & AVC Role-based access control NGIPS High availability AMP APIs and pxgrid integration Security Intelligence Available in physical and virtual options Manage across many sites Control access and set policies Investigate incidents Prioritize response
Easily manage individual NGFWs Firepower Device Manager Firepower Device Manager Integrated on-box option for single instance deployment Easy set-up Role-based access control High availability Physical and virtual options NAT and Routing Intrusion and Malware prevention Device monitoring VPN support Set up easily Control access and set policies Investigate incidents Prioritize response
Get help making the transition to Firepower Migration assistance tool Prior ASA appliance Firepower NGFW Policies Settings Groups Policies Settings Groups
Integrations
Ensure compliance before granting access Identity Services Engine (ISE) ISE pxgrid TrustSec BYOD Employee Tag Guest Tag Guest Access Supplier Tag Server Tag Quarantine Tag Suspicious Tag ISE Segmentation Firepower Management Center Propagate User Context Device context Access policies Policy automation Set access control policies Propagate rules and context Establish a secure network Remediate breaches automatically
Defend the network with Rapid Threat Containment I want to www Firepower Management Center ISE pxgrid Alerts Receive alert of intrusion event Issue quarantine command pxgrid Alerts TrustSec Isolate compromised resources quickly before the problem grows. Automatic Isolation Quarantine Tag Employee Tag Supplier Tag Guest Tag Quarantine Tag
Build on your solution with an open platform REST APIs and Third-party integration Custom functionality Firepower Management Center Authentication tokens Access control Virtual switch API Explorer Third-party solutions Radware DDoS VDI identity VPN capabilities APIs Augment functionality with third party solutions Integrate custom-built features
Prevent network and application downtime Radware DDoS vdp Cloud scrub Flood Traffic Legitimate Traffic SYN Flood attacks DDoS attacks Nonstandard packet attacks 110101010101000101011011101010010010101010101001010101011101010 010101101010101010001010110111010100100101010101010010101010111 010101001010100101010111010101010100010101101110101001001010101 Network and Applications Maintain up to 30 Gbps throughput for legitimate traffic Handle 140,000 connections per second Block 1,200,000 packets of flood traffic per second Stop attacks within seconds of detection Block or allow traffic automatically
10110110 10101111 Identify threats hidden by desktop virtualization Virtual Desktop Infrastructure (VDI) Identity www Terminal Services Agent Firepower Management Center User IPs VDI 192.068.0.23 123.018.6.53 135.036.5.49 APIs User 1 User 2 User 3 User 1 User 2 User 3 Route user information to Terminal Services Capture information using APIs Identify risky behavior
Improve scalability and control with ACI I want to Application Policy Infrastructure Controller (APIC) White list policies Segmentation Multi-tenancy Integrated Management APIC APIs Firepower Management Center AVC Allow Block NGIPS Detect threats with NGIPS using ACI fabric visibility Set policies with integrated management tool Spine Protect the data center with consistent and targeted security policies. Host 1 Host 2 Host 3 Application 1 (Physical) Application 2 (Physical) Leaf VM VM VM Nodes Refine policies over time through activity analysis
Available in multiple deployment options Physical, virtual, and cloud options AWS Azure Also available as standalone solutions NGIPS only Dedicated AMP And on high-end performance appliances New Appliances Cisco Firepower 4100 Series and 9300 Cisco Firepower Threat Defense on ASA 5500-X Cisco FirePOWER Services on ASA 5585-X
Only Cisco delivers Threat Focused Fully Integrated Stop more threats Gain more insight Detect earlier, act faster Reduce complexity Get more from your network superior protection and visibility to address new demands, more things, and specialized threats
Next steps 1 Learn more about what Firepower NGFW can do for you 2 Schedule a demo today for a hands-on experience 3 Set up a POV to see how it can improve your network
How to benefit from our Free Risk Assessment? Cisco Threat Scan Proof of Value Programme With this offer, you will: Gain valuable information on your network including critical attacks Reduce risk and make security a growth engine for your business This offer is valid through December 29 th, 2016 in Austria, Belgium, Denmark, Finland, France, Germany, Ireland, Italy, Luxemburg, Netherlands, Norway, Spain, Sweden, Switzerland and United Kingdom. For more information and to request a Threat Scan POV, go to www.cisco.com/go/threatscanpov