Introduction to the Cisco Sourcefire NGIPS

Similar documents
Agile Security Solutions

Next Generation IPS and Advance Malware Protection. Mahmoud Rabi Consulting Systems Engineer - Security

Sourcefire and ThreatGrid. A new perspective on network security

Design and Deployment of SourceFire NGIPS and NGFWL

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Sourcefire Network Security Analytics: Finding the Needle in the Haystack

Snort: The World s Most Widely Deployed IPS Technology

Firewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Cisco ASA 5500-X NGFW

Security for the real World NG IPS Jean-Paul Kerouanton Sourcefire, Inc.

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Protection - Before, During And After Attack

The Internet of Everything is changing Everything

Cisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339

Cisco Advanced Malware Protection for Networks

Cisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer

Cisco Advanced Malware Protection for Networks

Cisco ASA with FirePOWER Services

NGFW Requirements for SMBs and Distributed Enterprises

Network Visibility and Advanced Malware Protection. James Weathersby, Director Technical Marketing Gyorgy Acs, Consulting Security Engineer

Protecting Your Digital Business: The Case for Next-Generation Intrusion Prevention

Intelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales

The Importance of Threat-Centric Security

The Importance of Threat-Centric Security

An Investment Checklist

Advanced Malware Protection. Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe

Deploying Intrusion Prevention Systems

How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Cisco Advanced Malware Protection against WannaCry

Cisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017

Simple and Powerful Security for PCI DSS

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

Cisco Firepower NGIPS Tuning and Best Practices

Threat Centric Network Security

Aby se z toho bezpečnostní správci nezbláznili Cisco security integrace. Milan Habrcetl Cisco CyberSecurity Specialist Mikulov, 5. 9.

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Why we need Intelligent Security? Juha Launonen Sourcefire, Inc.

A New Security Model for the IoE World. Henry Ong SE Manager - ASEAN Cisco Global Security Sales Organization

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Chapter 6: IPS. CCNA Security Workbook

Dynamic Datacenter Security Solidex, November 2009

Intelligent Cyber Security for Real World

Security by Default: Enabling Transformation Through Cyber Resilience

Access Control Using Intrusion and File Policies

BUILDING A NEXT-GENERATION FIREWALL

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

Cisco Advanced Malware Protection. May 2016

FP NGIPS Deployment and Operationalisation Mark Pretty, Consulting Systems Engineer

The Future of Threat Prevention

Expert Reference Series of White Papers. Cisco Completes the Security Picture with Sourcefire

Rethinking Security: The Need For A Security Delivery Platform

AKAMAI CLOUD SECURITY SOLUTIONS

Cisco FirePOWER 8000 Series Appliances

SDN Security BRKSEC Alok Mittal Security Business Group, Cisco

Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats.

Compare Security Analytics Solutions

FireSIGHT Virtual Installation Guide

Cisco ASA with FirePOWER Services

The Internet of Everything is changing Everything

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Key Security Measures to Enable Next-Generation Data Center Transformation

Connection Logging. About Connection Logging

The Top 6 WAF Essentials to Achieve Application Security Efficacy

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment

Advanced Malware Protection: A Buyer s Guide

AT&T Endpoint Security

Build a Software-Defined Network to Defend your Business

Cisco ASA 5500 Series IPS Solution

Cisco Comstor

Connection Logging. Introduction to Connection Logging

Seceon s Open Threat Management software

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

Cisco Cyber Threat Defense Solution 1.0

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

SYMANTEC DATA CENTER SECURITY

ForeScout ControlFabric TM Architecture

Unlocking the Power of the Cloud

Passit4Sure (50Q) Cisco Advanced Security Architecture for System Engineers

WHITEPAPER The Firewall Market

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

Cisco Security Exposed Through the Cyber Kill Chain

McAfee Advanced Threat Defense

A Unified Threat Defense: The Need for Security Convergence

Easy Setup Guide. Cisco ASA with Firepower Services. You can easily set up your ASA in this step-by-step guide.

Cloud-Enable Your District s Network For Digital Learning

The following topics describe how to manage various policies on the Firepower Management Center:

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Popular SIEM vs aisiem

CYBER SECURITY. formerly Wick Hill DOCUMENT* PRESENTED BY I nuvias.com/cybersecurity I

Pass4sure q. Cisco Securing Cisco Networks with Sourcefire IPS

ForeScout Extended Module for Carbon Black

Qualys Cloud Platform

Fully Integrated, Threat-Focused Next-Generation Firewall

FIREWALL BEST PRACTICES TO BLOCK

WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS

How to Secure Your Cloud with...a Cloud?

Transcription:

Introduction to the Cisco Sourcefire NGIPS Gary Spiteri Consulting Security Engineer #clmel

Are you a laugher or a liar?

Problems with Traditional IPS Technology Overwhelms you with irrelevant events Doesn t give you much information to go on Requires you to spend months tuning Black box difficult to determine whether it works False sense of Security that an IPS is your Silver Bullet Result: IPS is minimally effective or isn t used Massive amounts of time and resources spent making IPS work Organisations exploited 4

Getting Effectiveness out of an IPS Identifying the needle in the haystack the attacks and hosts that really matter Giving you contextual information about the who, what, where, why, and when of a critical attack Giving you confidence that attacks are fully covered Session Result: Gain an understanding of how Cisco s Sourcefire products apply to these problems Get an overview about how the Sourcefire NGIPS works 5

Agenda The Problems with Traditional IPS What s a New Generation IPS? The Sourcefire and Snort Legacy The FirePOWER Next Generation IPS Going beyond Next Generation with Cisco 6

IPS Overview and Background

What is an IPS? Intrusion Prevention System Monitors networks for malicious or suspicious behaviour Blocks attacks and/or sends alerts in real time Evolved from: Intrusion Detection System (IDS) Can monitor but not block attacks Today, we use IPS generically Inline blocking mode = IPS Passive detecting mode = IDS 8

Traditional IPS and Firewall Models Firewall Positive Model Controls what traffic types/paths are permitted. IPS Negative Model Detects/blocks malicious traffic within allowed paths. 9

Deployment Locations for an IPS DMZ Perimeter Core Extranets Critical Network Segments 10

Typical IPS Deployment Locations Perimeter Blocks/monitors attacks incoming from external machines Behind or integrated with a firewall DMZ Demilitarised zone partly trusted area where web servers live Risk of compromising web and/or database servers Core Detects attacks from inside the organisation Good for worms and insider attacks Extranets Extranets provide connectivity to partners, suppliers, customers Often have carry risks of access to sensitive info Critical Network Segments Highly sensitive network segments Example: ecommerce systems affected by PCI regulation 11

Ways to Deploy an IPS Inline blocking and/or monitoring Between two devices Switch and firewall Router and a switch Uses 2 ports on the IPS an inline pair Appliances may provide fail-open and fail-over capabilities for situations when: Sensor loses power Sensor suffers software failure Sensor intentionally shut down Passive monitoring only Off a switch s SPAN port Special switch port that can mirror traffic from one or more ports Off a network tap Device that allows you to monitor a single segment without interrupting traffic flow Uses 1 port on the IPS 12

Vulnerabilities vs. Exploits Vulnerability: Weakness in a system that allows an attacker to exploit it Example: Microsoft Tuesday On the second Tuesday of every month, Microsoft announces vulnerabilities and releases patches for them. We are a member of MAPP Microsoft Active Protections Program Exploit: Specific attack against a vulnerability There are many potential exploits for each vulnerability Traditional IPS signatures often look for exploits rather than the full triggering conditions of vulnerabilities 13

Problems with Traditional IPS Technology Overwhelms you with irrelevant events Doesn t give you much information to go on Requires you to spend months tuning Black box difficult to determine whether it works Result: IPS is minimally effective or isn t used Massive amounts of time and resources spent making IPS work Organisations exploited 14

About Sourcefire and Snort

About Sourcefire Founded in 2001, acquired by Cisco in 2013 Security from Cloud to Core Market leader in (NG)IPS New entrant to NGFW space with strong offering Groundbreaking Advanced Malware Protection solution Pioneer in IPS, context-driven security, advanced malware World-class research capability Owner of major Open Source security projects Snort, ClamAV, Razorback 16

Sourcefire Culture of Innovation Major innovations indicated in red Snort -based Gigabit IDS Appliance Intrusion Detection Inline Intrusion Prevention Multi- Gigabit IPS Network Behaviour Analysis Real-time User Awareness Mgmt of Physical & Virtual IPS Sensors 20 Gbps IPS, SSL FirePOWER 7/8000 Series 40Gbps IPS FireAMP Virtual/Mobile IP Intelligence 01 02 03 04 05 06 07 08 09 10 11 12 2013 Centralised Intrusion Management Real-time Network Awareness Automated Impact Assessment IT Policy Compliance Rules Automated IPS Tuning, 10 Gbps IPS Portal-like, Customisable Dashboard NGFW NGIPS w/ App Ctrl, FireAMP, AMP for FirePOWER AMP Appliance, Geolocation, Device & NW File Trajectory 52 Patents Awarded or Pending World-Class Vulnerability Research Team (VRT) 17

Sourcefire is the best in the business. Having Sourcefire NGIPS on the network is like having the mind of Martin Roesch in the building and that's a good thing. Chief Security Officer Fortune 100

Open Source Snort First created by Martin Roesch in 1998 Global standard for Intrusion Detection and Prevention World s largest threat response community Interoperable with other security products Owned and controlled by Sourcefire/Cisco www.snort.org

Open Source Philosophy and Benefits About Building Great Software In a Collaborative Manner With the User Community About Building Trust Legacy of Success (Linux, Apache, Snort) Robustness of Community No Black Box Functionality Weaknesses Exposed and Corrected Community Engage with users and developers to strengthen their solutions Collaboration Build with the community to solve complex security problems Trust Demonstrate technical excellence, trustworthiness and thought leadership 20

The Attack Continuum BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Network Endpoint Mobile Virtual Cloud Point in Time Continuous 21

Mapping Technologies to the Attack Continuum BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Firewall VPN NGIPS Advanced Malware Protection NGFW/AVC UTM Web Security Network Behaviour Analysis NAC + Identity Services Email Security Visibility and Context 22

The Cisco/Sourcefire Offering

Cisco/Sourcefire Security Solutions FireSIGHT Management Centre APPLIANCES VIRTUAL NEXT- GENERATION INTRUSION PREVENTION APPLICATION CONTROL CONTEXTUAL AWARENESS ADVANCED MALWARE PROTECTION FireAMP HOSTS VIRTUAL MOBILE COLLECTIVE SECURITY INTELLIGENCE FirePOWER Appliances APPLIANCES VIRTUAL 24

FirePOWER Appliances Industry-best Intrusion Prevention Real-time Contextual Awareness Full Stack Visibility Intelligent Security Automation with FireSIGHT Unparalleled Performance and Scalability Easily add Application Control, URL Filtering and Advanced Malware Protection with optional subscription licenses 25

FirePOWER Appliances Configurable Bypass or Fail Closed Interfaces For IDS, IPS or Firewall deployments LCD Display Quick and easy headless configuration Connectivity Choice Change and add connectivity inline with network requirements Device Stacking Scale monitoring capacity through stacking Lights Out Management For minimal operational impact Solid State Drive For increased reliability Hardware Acceleration For best in class throughput, security, Rack size/mbps, and price/mbps 26

IPS Performance and Scalability FirePOWER Places in the Network FirePOWER 8300 Series 15 Gbps 60 Gbps FirePOWER 8100/8200 2 Gbps - 10 Gbps FirePOWER 7120/7125/8120 1 Gbps - 2 Gbps FirePOWER 7000 Series 50 Mbps 500 Mbps FirePOWER 7100 Series 500 Mbps 1 Gbps Small Office Branch Office Internet Edge Campus Data Centre 27

FireSIGHT Management Centre Single console for event, policy, and configuration management Centralised analysis and management Customisable dashboard Comprehensive reports & alerts Centralised policy administration High availability Integrates with existing security 28

FireSIGHT Management Centre: Dashboard 29

FireSIGHT Management Centre: Policies 30

FireSIGHT Management Centre: Devices 31

FireSIGHT Management Centre: Administrators 32

FireSIGHT Management Centre Appliances 750 1500 3500 Max. Devices Managed* 10 35 150 Max. IPS Events 20M 30M 150M Event Storage 100 GB 125 GB 400 GB Max. Network Map (hosts / users) 2K/2K 50K/50K 300K/300K Max. Flow Rate 2000 fps 6000 fps 10000 fps * Max number of devices is dependent upon sensor type and event rate 33

Network Virtual Appliances NGIPSv Inline or passive deployment Full NGIPS Capabilities Deployed as virtual appliance Use Cases SNORT Conversion Small / Remote Sites Virtualised workloads (PCI) NOTE: Supports ESX(i) 4.x and 5.x on Sourcefire 5.x platforms. 34 Virtual FireSIGHT Management Centre Manages up to 25 sensors physical and virtual single pane-of-glass Use Cases Rapid Evaluation Pre-production Testing Service Providers

Robust Partner Ecosystem Vulnerability Management Custom Detection Full Packet Capture NAC Incident Response BEFORE Policy and Control DURING Identification and Block AFTER Analysis and Remediation Network Access Taps Infrastructure & Mobility Visualisation SIEM Combined API Framework 35

FirePOWER Next Generation IPS

Correlating Indicators of Compromise Correlate Weak Signals into Indicators of Compromise DNS to malware site detected by Security Intelligence Your Network Malware File Download detected by Malware Cloud Lookup Malware Propagation detected by IPS User Privilege Gain detected by IPS CNC Traffic detected by IPS 37

Three Key Sourcefire NGIPS Differentiators Trusted Security Engine and Security Intelligence Network Awareness and Visibility Security Automation 38

Sourcefire NGIPS Engine Engine is Snort, created and developed by Sourcefire/Cisco Rules developed by Sourcefire/Cisco Vulnerability Research Team Built on collective security intelligence from a variety of sources Extremely broad platform and threat coverage Rules are open and inspectable All packets are logged Import and use third-party rules in the industry standard format 39

Protecting Your Network Annual Output 2 SEU/SRUs, 1 VDB updates per week 2 >10 CVEs covered per day 4,310 new IPS rules >180,000 malware submissions per day 40

Protecting Your Network Annual Output 2 SEU/SRUs, 1 VDB updates per week 98.9% Vulnerability 2 coverage per NSS Labs IPS group test >10 CVEs covered per day 4,310 new IPS rules 100% Same-day protection for Microsoft vulnerabilities >180,000 malware submissions per day 41

Collective Security Intelligence Malware Protection Reputation Feeds IPS Rules Talos Vulnerability Database Updates Sandboxing Machine Learning Big Data Infrastructure Private and Public Threat Feeds Sandnets File Samples (>180,000 per Day) FireAMP Community Honeypots AEGIS Program Advanced Microsoft and Industry Disclosures SPARK Program Snort and ClamAV Open Source Communities 42

Detection Capabilities Talos Cloud Security Intelligence IP Reputation, URL Category Updates Malware Cloud Lookups (AMP), Sandbox, Trajectories L2/L3 Files Connection Logs, Flows File Types, File Transfers Application Definitions, App Detectors AppID Server, Client and Web Apps Vulnerability Updates, OS Definitions FireSIGHT Discovery Events Hosts, Users, OS, Services, Vulnerabilities Snort Rule Updates Snort IDS/IPS Events Snort Rule IDs 43

Policy Constructs NGIPS content inspection FireSIGHT context awareness Security Intelligence - blacklist control Comprehensive access control By network zone, VLAN, IP, port, protocol, application, user, URL, Geo Seamlessly integrated With IPS policies File control policies Malware policies Controlled traffic Access Policy Discovery Policy Security Intelligence URL awareness IP Geo-location IPS Policy File policy Malware policy 44

Event Types Connection Events Source, Destination, Port, User, URL, App, Proto, User Discovery Events OS, Client App, Service, Server, Usernames Intrusion Events Snort Rule ID, Impact, Source, Destination, Packet Level File Events Filename, File Type, Direction, Client App, Protocol Correlation Events White List / Black List compliance Security Intelligence Events IP Reputation Malware Events Malware Cloud Lookups, AMP Endpoint events Network File Trajectories Tracking of Files as they traverse the network 45

Network Awareness and Full Stack Visibility CATEGORIES EXAMPLES Cisco/Sourcefire NGIPS TYPICAL IPS Threats Attacks, Anomalies Users AD, LDAP, POP3 Web Applications Facebook Chat, Ebay Application Protocols HTTP, SMTP, SSH File Transfers PDF, Office, EXE, JAR Malware Conficker, Flame Command & Control Servers C&C Security Intelligence Client Applications Firefox, IE6, BitTorrent Network Servers Apache 2.3.1, IIS4 Operating Systems Windows, Linux Routers & Switches Cisco, Nortel, Wireless Mobile Devices iphone, Android, Jail Printers HP, Xerox, Canon VoIP Phones Avaya, Polycom Virtual Machines VMware, Xen, RHEV TYPICAL NGFW Information Superiority 46 Network Awareness

Context Through FireSIGHT FireSIGHT discovers Host, Application and User information in realtime, continuously, passively Derives a worst-case Vulnerability Map of the monitored Network Correlates all Intrusion Events to an Impact of the attack against the target Drastically reduces False Positives, eliminates False Negatives 47

FireSIGHT Context Explorer View all application traffic 48

FireSIGHT Context Explorer View all application traffic Look for risky applications 49

FireSIGHT Context Explorer View all application traffic Look for risky applications Who is using them? 50

FireSIGHT Context Explorer View all application traffic Look for risky applications Who is using them? On what operating systems? 51

FireSIGHT Context Explorer View all application traffic Look for risky applications Who is using them? What else have these users been up to? On what operating systems? 52

FireSIGHT Context Explorer View all application traffic Look for risky applications Who is using them? What else have these users been up to? On what operating systems? What does their traffic look like over time? 53

Network Awareness 54

Network Awareness 55

Network Awareness Who is at the host 56

Network Awareness Who is at the host OS & version Identified 57

Network Awareness Who is at the host OS & version Identified Server applications and versions 58

Network Awareness Who is at the host OS & version Identified Server applications and versions Client Applications 59

Network Awareness Who is at the host OS & version Identified Server applications and versions Client Applications Client Version 60

Network Awareness Who is at the host OS & version Identified Server applications and versions Client Applications Client Version Web Application 61

Network Awareness What other systems / IPs did user have, when? Who is at the host OS & version Identified Server applications and versions Client Applications Client Version Web Application 62

Security Automation IT Insight Spot rogue hosts, anomalies, policy violations, and more Indications of Compromise Identify the machines most likely to be owned Impact Assessment Reduce actionable events by up to 99% with correlation Automated Tuning Adjust IPS policies automatically based on network change User Identification Associate users with security and compliance events 63

Security Automation: Streamlining Operations Impact Assessment Discovers Host, Application and User information in real-time, continuously, passively Derives a Vulnerability Map of the monitored Network Correlates all Intrusion Events to an Impact of the attack against the target Focuses the analyst on events that really matter 64

Security Automation: Streamlining Operations Impact Assessment 65

Security Automation: Streamlining Operations Recommended Rules 66

Security Automation: Reducing Response Time Associating Users with Security and Compliance Events 67

Security Automation: Identifying Compromises Indications of Compromise 68

Security Automation: Identifying Compromises Indications of Compromise Malware File Downloaded Indications of Compromise:1 69

Security Automation: Identifying Compromises Indications of Compromise Malware Executed Malware File Downloaded Indications of Compromise:1 2 70

Security Automation: Identifying Compromises Indications of Compromise Malware Executed Malware File Downloaded Indications of Compromise:1 2 3 71

Security Automation: Identifying Compromises Indications of Compromise Hacker Uses Exploit Kit Malware Executed Malware File Downloaded Indications of Compromise:1 2 3 4 72

Security Automation: Identifying Compromises Indications of Compromise May have connected an Exploit Kit + Has connected to a host that SI tells us could be a CnC server + Has triggered an IPS event for traffic that looks like CnC 73

Security Automation: Costs of IPS Maintenance One of the world s 3 largest credit reporting agencies: 20,000 nodes 7,500 employees Generic Work Rate: $75/hour $144,000 Typical IPS $72,000 Sourcefire NGIPS $59,400 Sourcefire NGIPS collectively saves this customer $230,100 per year. $24,300 Impact Assessment of IPS Events $18,000 Automated IPS Tuning $3,000 Linking IPS Events to Users Source: SANS "Calculating TCO on Intrusion Prevention Technology whitepaper, December 2013 74

Gartner Report (2013) Next-Generation IPS Technology Disrupts the IPS Market Sourcefire truly has NGIPS capabilities Leading example in the market Gartner attributes growth to innovation Disruption extends to NGFW Sourcefire has forced other IPS vendors to develop contingency plans Gartner writes, unlike Sourcefire: Most NGFWs have limited threat detection capabilities...security buyers seek more application visibility, more situational or context awareness of network interactions, and greater control over the content coming into and out of their organisations. Gartner Advanced threats are part of the story NGIPS should also address advanced threats, for example, with integrated advanced malware protection 75

FirePOWER Application Control

Reduce Risk Through Granular Application Control Control access for applications, users and devices Employees may view Facebook, but only Marketing may post to it No one may use peer-to-peer file sharing apps Over 2,200 apps, devices, and more! 77

Benefits of Application Control Mobile: Enforce BYOD Policy Social: Security and DLP Security: Reduce Attack Surface Bandwidth: Recover Lost Bandwidth 78

Application Visibility 79

Application Control Example Prevent BitTorrent 80

URL Filtering Block non-business-related sites by category Based on user and user group 81

URL Filtering Dozens of Content Categories URLs Categorised by Risk 82

Applications are Often Encrypted Facebook and Google default to SSL Benefits of Sourcefire off-box decryption solution: Improved Performance acceleration and policy Centralised Key Management Interoperable with 3rd party products SSL1500 SSL2000 SSL8200 1.5 Gbps 2.5 Gbps 3.5 Gbps 4 Gbps total 10 Gbps total 20 Gbps total 83

OpenAppID Overview What is OpenAppID? An open source application-focused detection language that enables users to create, share and implement custom application detection. Key Advantages New simple language to detect apps Reduces dependency on vendor release cycles Build custom detections for new or specific (ex. Geo-based) app-based threats Easily engage and strengthen detector solutions Application-specific detail with security events 84

OpenAppID Deliverables OpenAppID Language Documentation A special Snort release engine with the OpenAppID preprocessor Detect apps on network Report usage stats Block apps by policy Snort rule language extensions to enable app specification Include App Context to IPS events Library of OpenAppID Detectors > 1000 detectors contributed by Cisco Extendable sample detectors Available to community at Snort.org 85

Better Together: Sourcefire and Cisco

Better Together Benefits Address the Entire Attack Continuum BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Network Endpoint Mobile Virtual Cloud Point in Time Continuous 87

Better Together Benefits See and Protect More Completely Broad range of attack vectors Application visibility and control for more than 2,000 applications Contextual awareness that extends beyond traditional NGIPS, NGFW Network Endpoint Mobile Virtual Cloud 88

Better Together Benefits Provide Lowest Cost of Ownership Automation streamlines operations and reduces response time Industry-leading TCO NSS Labs IT Insight Impact Assessment Automated Tuning User Identification 89

Better Together Avail Collective Power and Openness Open Industry Standards Collective Security Intelligence Solution Provider Community 90

Better Together Delivering : Best-in-Class Cybersecurity Solutions that: Address entire attack continuum See and protect more completely Provide lowest cost of ownership Avail collective power and openness 91

Continue Your Education Demos in the Cisco Campus Walk-in Self-Paced Labs Meet the Expert 1:1 meetings 92

Q & A

Complete Your Online Session Evaluation Give us your feedback and receive a Cisco Live 2015 T-Shirt! Complete your Overall Event Survey and 5 Session Evaluations. Directly from your mobile device on the Cisco Live Mobile App By visiting the Cisco Live Mobile Site http://showcase.genie-connect.com/clmelbourne2015 Visit any Cisco Live Internet Station located throughout the venue T-Shirts can be collected in the World of Solutions on Friday 20 March 12:00pm - 2:00pm Learn online with Cisco Live! Visit us online after the conference for full access to session videos and presentations. www.ciscoliveapac.com

Thank you.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback