Cisco Security @ Comstor 1
Agenda 1. Cisco Security Fundamentals Cyber Security? Cisco Security Solutions - Cisco NGFW - Cisco Umbrella Cisco Meraki, MR, MS, MV and MX Meraki Insight 2
1. Cisco Security Fundamentals Cyber Security? why is it critical 3
The consequences of insufficient security Identity Theft Equipment Theft Compromised Customer Confidence Loss of Business Compromised Employee Confidence Turnover / Weak Retention of Staff Service Interruption (e.g. e-mail and application) Loss of Competitive Advantage Loss of Reputation (e.g. embarrassing media coverage) Legal Penalties fines and other legal action 4
Basic Principles Allowing only authorized subjects to access to information Allowing only authorized subjects to modify information Ensuring that information and resources are accessible when needed 5
The threat-centric security model BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Network Endpoint Mobile Virtual Cloud Threat Intelligence Point in Time Continuous 6
Which dramatically expands what you have to worry about New demands Global collaboration Anywhere access BYOD Access is tougher to manage More things Visibility is more elusive Specialized threats 30 Phishing messages opened by the target across campaigns % Source: 2016 Verizon Data Breach Investigations Report Threats are harder to stop 7
1. Cisco Security Fundamentals Cisco NGFW Next Generation Firewalling Beyond packets, Ports and traffic 8
Other next-generation firewalls fix some problems but create new ones They re only app-focused Threat Threat They can t help you once you ve been breached Attack Continuum BEFORE DURING AFTER Threat They re another silo to manage IPS Acceptable use NGFW DDoS Sandbox 9
Cisco Firepower NGFW is a complete solution Cisco Firepower NGFW Stop more threats Gain more insight Detect earlier, act faster Reduce complexity Get more from your network Threat Focused Fully Integrated 10
Offering extensive contextual visibility The more you see, the better you can protect Client applications Operating systems Threats Typical IPS Typical NGFW Users Application protocols File transfers Web applications C & C Servers Malware Routers & switches Network Servers Mobile Devices Printers Cisco Firepower NGFW VOIP phones 11
Cisco has an NGFW solution for every business Small and Midsized Business Midrange Enterprise ASA 5525-X/ ASA 5545-X/ ASA 5555-X ASA 5585-X ASA 5506-X / 5506W-X / 5506H-X / 5508-X / 5516-X Firepower 2110/2120 Firepower 2130/2140 Firepower 4110/4120/4140/4150 Firepower 9300 NGFWs for SMBs and distributed enterprises with integrated threat defense, a low TCO, and simplified security management. Enterprise-class security for the internet edge, with superior threat defense, sustained performance, and simple management. From the internet edge to carrier grade security for data centers and other highperformance settings, with multiservice security, flexible architecture, and unified management. 12
Choose from four powerful new appliances with industry-best price-performance Models 2110 & 2120 Models 2130 & 2140 Low-cost, high performance 1 RU NGFW, Fixed 16-port 1GbE connectivity High performance 1 RU NGFW Network modularity, up to 24-port 1GbE and up to 12 10GbE connectivity Up to 8.5 Gbps FW+AVC+IPS throughput 13
Pack in more value with the Firepower 2100 series Model Form Factor Throughput FW+AVC (1024b) Throughput FW+AVC+IPS (1024b) Firepower 2110 1RU 1.9 Gbps 1.9 Gbps 2X - 4X throughput increase ASA 5525-X 1RU 1.1 Gbps 650 Mbps Firepower 2120 ASA 5545-X 1RU 1RU 3 Gbps 1.5 Gbps 3 Gbps 1 Gbps Sustained performance as threat functions are enabled Firepower 2130 ASA 5555-X 1RU 1RU 4.75 Gbps 1.75 Gbps 4.75 Gbps 1.25 Gbps Higher connectivity up to 24 1GbE and 12 10GbE ports Firepower 2140 ASA 5585-X SSP 10 1RU 2 RU 8.5 Gbps 4.5 Gbps 8.5 Gbps 2.5 Gbps Space & eco-design packaging / redundancy / network modularity 2X Performance 4X Performance 14
1. Cisco Security Fundamentals Threat Defense 15
Uncover hidden threats in the environment Advanced Malware Protection (AMP) File Reputation c File & Device Trajectory AMP for Endpoint Log AMP for Network Log? Known Signatures Fuzzy Fingerprinting Indications of compromise Threat Grid Sandboxing Advanced Analytics Dynamic analysis Threat intelligence Threat Disposition Uncertain Safe Risky Sandbox Analysis Enforcement across all endpoints Block known malware Investigate files safely Detect new threats Respond to alerts 16
Get real-time protection against global threats Talos Threat Intelligence Security Coverage Research Response 1.5 million daily malware samples WWW Endpoints Web 250+ Researchers 600 billion daily email messages Networks NGIPS Jan 24 x 7 x 365 Operations 16 billion daily web requests Devices Identify advanced threats Get specific intelligence Catch stealthy threats Stay protected with updates 17
The results speak for themselves 17.5 hours Average time to detection with Cisco security 100 days Industry average time to detection Source: Cisco Annual Security Report 2016 18
1. Cisco Security Fundamentals Management Options 19
Cisco offers management designed for the user On-box, web-based management Firepower Device Manager Centralized management for multiple devices Firepower Management Center Cloud-based policy orchestration for multiple sites Cisco Defense Orchestrator Consolidated management Enhanced control Easy set-up Unified insight Scalable management Intelligent automation Simple interface Efficient management Streamlined user experience 20
1. Cisco Security Fundamentals Cisco Umbrella Protecting from daily attacks 21
Cisco Umbrella and where does it fit? Malware C2 Callbacks Phishing Network and endpoint First line It all starts with DNS NGFW Netflow Proxy Sandbox Network and endpoint Router/UTM Endpoint Precedes file execution and IP connection Used by all devices AV AV AV AV AV Port agnostic HQ BRANCH ROAMING 22
How It Works Security Both On and Off the VPN 23
Why Umbrella: 1. Protection against malware, phishing and C&C 2. Security without adding appliances or extra latency 3. Protects on and OFF network 4. 92% of Ransomware is dependent on DNS to work How does it work: 1. Umbrella sees over 5% of the global DNS traffic 2. Security Research team analyze and models all data to predict attacks 3. Umbrella uses DNS to stop threats over all ports and protocols 24
1. Cisco Security Fundamentals Cisco Meraki Cloud Managed IT 25
What is Meraki? Scalable no bottlenecks Add devices or sites inminutes Reliable Highly available cloud with multiple datacenters Network functions even if connection to cloud is interrupted Secure No user traffic passes through cloud Fully HIPAA / PCI compliant (level 1 certified) meraki.cisco.com/trust Future-proof New features pushed through firmware, Automatic firmware and security updates (user-scheduled) MR Wireless LAN MS Ethernet Switches MX Security Appliances Systems Manager EMM MV Security Cams 2 6
Secure Access Guest access Enterprise security WIDS / WIPS Location Embedded location analytics Heatmaps Application Control Application traffic shaping MR Wireless LAN MS Ethernet Switches MX Security Appliances Systems Manager EMM MV Security Cams
Tools Remote Live Tools Network Topology L3 Scalability Stack Virtual Stacking Physical Stacking L7 Application and control Application visibility Voice and Video QoS Enterprise Security MR Wireless LAN MS Ethernet Switches MX Security Appliances Systems Manager EMM MV Security Cams 30
31
Security NG Firewall, Client VPN, Site to Site VPN, IDS/IPS, Malware Protection, Geo-Firewall Networking NAT/DHCP, 3G/4G Cellular, SD-WAN Application Control Web Caching, Traffic Shaping, Content Filtering MR Wireless LAN MS Ethernet Switches MX Security Appliances Systems Manager EMM MV Security Cams 32
MX Portfolio Teleworker Small Branch Medium Branch New Z1 ~5 users Z3 MX64 ~50 users MX65 MX84 ~200 users MX100 ~500 users 802.11ac Wireless & PoE 802.11ac wireless & PoE FW throughput: 500 Mbps FW throughput: 750 Mbps FW throughput: 50-100 Mbps FW throughput: 250 Mbps Large Branch, Campus or Concentrator Virtual New New New MX250 ~2,000 users FW throughput: 4 Gbps MX400 ~2,000 users FW throughput: 1 Gbps MX450 ~10,000 users FW throughput: 6 Gbps MX600 ~10,000 users FW throughput: 1 Gbps vmx100 for AWS &Azure FW throughput: 750 Mbps VPN & SD-WAN features All MX devices support 3G/4G 33
Security Cameras The MV family brings Meraki magic to the video security world. MR Wireless LAN MS Ethernet Switches MX Security Appliances Systems Manager EMM MV Security Cams 34
MV Security Cameras Hardware Features IR Illumination On-Device 128GB solid state storage 720p HD recording with H.264 encoding (5 Megapixel sensor) Automatic DSCP marking IP66 and IK10 rated (MV71) MV21 Indoor MV71 Outdoor Mounting kits available indoor and outdoor security 3 year hardware replacement warranty 35
Introducing MV12 *Wireless Functionality (Software Update) & Power Converter Available Fall 2018 3 SKUs 256GB and 128GB storage models High definition 1080p Microphone Wireless capable* Compact form factor Qualcomm Snapdragon processor Advanced on-board analytics and machine learning A family of indoor mini dome cameras designed with more than just security in mind 36
37
1. Cisco Security Fundamentals Meraki Insight 38
Sound familiar? This is IT. How can I help? The network s slow My Wi-Fi is broken My Internet is down 39
External Internal What are Contributors to poor end-user experience? LAN congestion Rogue actors Network design Network capacity limits WAN congestion Deploy Meraki Dashboard Tools (Traffic shaping, QoS, Air Marshal) Address with training, more infrastructure Application errors Application server processing time Authentication // DNS server response time Apply Meraki Insight 40
Meraki Insight in the dashboard 41
THANK YOU! For more information contact: Comstor PSE Dan Kumlin +358 50 535 7144 dan.kumlin@comstor.com 42