Deploying Next Generation Firewall with ASA and Firepower services
|
|
- Kristian Wilfrid Barton
- 8 years ago
- Views:
Transcription
1 Deploying Next Generation Firewall with ASA and Firepower services Dragan Novaković Security Consulting Systems Engineer March 2015.
2 Threat Landscape Demands more than Application Control 60% of data is stolen in hours 54% of breaches remain undiscovered for months 100% of companies connect to domains that host malicious files or services It is a Community that hides in plain sight avoids detection and attacks swiftly Cisco Confidential 2
3 Defense-in-Depth Security Alone Is Not Enough Siloed Approach Poor Visibility Manual and Static Increased complexity and reduced effectiveness Undetected multivector and advanced threats Slow, manual inefficient response Cisco Confidential 3
4 Why?
5 Cisco Confidential 5 5
6 The Configuration Problem Poor awareness of true operational environment Change to environment requiring configuration/posture changes unrecognized Detection content unavailable 0-day No anomaly detection mechanisms in place Cisco Confidential 6 6
7 The Organizational Problem False positive rates too high Operator overload due to mass of equally meaningless events that must be contextualized Frequently technologies are deployed but not properly operationalized Check-box security In 2014, the average cost of an organizational data breach was US$3.5 million Source: The Ponemon Institute Cisco Confidential 7 7
8 Integrated Threat Defense Across the Attack Continuum Attack Continuum BEFORE Control Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Firewall/VPN NGIPS Advanced Malware Protection Granular App Control Security Intelligence Retrospective Security Modern Threat Control Web Security IoCs/Incident Response Visibility and Automation Cisco Confidential 8
9 What is Sourcefire? From a historical perspective Snort Created Created by Martin Roesch in 1998 Open source network intrusion system Engine Rules Language Sourcefire Founded Founded in 2001 by Martin Roesch Created a commercial version of Snort Sourcefire acquires Immunet Acquisition completed 2011 Advanced Malware Protection ClamAV Cisco acquires Sourcefire Acquisition completed 2013 Cisco Confidential 9
10 What is Sourcefire? From a product perspective Sourcefire IPS/NGFW IPS powered by Snort Includes NGFW features such as URL filtering and Application Visibility and Control Sensors are controlled and monitored by FireSIGHT Defense Center (on premises) AMP for Endpoints Agent installed on each endpoint Endpoints connected to off-premises cloud for has lookups, sandboxing Managed by FIreAMP Console (cloud based) Cisco products Content: ESA, WSA, CWS Network: ASA Cisco Confidential 10
11 Addressing The Configuration Problem Visibility Architecture Collect context about the operational environment Continuously in real-time Visibility data is used to recommend configuration of security infrastructure Real-time notifications of change to drive real-time change in security posture Content Rapid development and dissemination of updated detection is a fundamental Vendor Security operations teams Cisco Confidential 11
12 Addressing The Organizational Problem Contextualization Event loads are high due to misconfiguration Even when well tuned, raw events must be contextualized automatically when possible Operationalization That s your job Engagement from corporate boards is crucial in setting security priorities and expectations Boards need to know what the cybersecurity risks to the business are and their potential impact CIOs must ask tough questions about security controls that are meaningful to the board and outline the business implications Cisco Confidential 12 12
13 Introducing Industry s First Threat-Focused NGFW Proven Cisco ASA firewalling Industry leading NGIPS and AMP Cisco ASA with FirePOWER Services Integrating defense layers helps organizations get the best visibility Enable dynamic controls to automatically adapt #1 Cisco Security announcement of the year! Protect against advanced threats across the entire attack continuum Cisco Confidential 13
14 Introducing ASA with FirePOWER services ASA 5585-X SSP-60 (40 Gbps) ASA 5585 X SSP-40 ASA 5585-X SSP-20 ASA 5585-X SSP-10 ASA 5545-X ASA 5555-X ASA 5515-X ASA 5525-X ASA 5512-X FirePOWER Software module *requires SSD disk FirePOWER Hardware module Cisco Confidential 14
15 Superior Integrated & Multilayered Protection Cisco Collective Security Intelligence Enabled World s most widely deployed, enterpriseclass ASA stateful firewall Clustering & High Availability Network Firewall Routing Switching Intrusion Prevention (Subscription) Application Visibility & Control FireSIGHT Analytics & Automation Cisco ASA Advanced Malware Protection (Subscription) Built-in Network Profiling WWW URL Filtering (Subscription) Identity-Policy Control & VPN Granular Cisco Application Visibility and Control (AVC) Industry-leading FirePOWER next-generation IPS (NGIPS) Reputation- and category-based URL filtering Advanced malware protection Cisco Confidential 15
16 Visibility Is the Key T h r e a t s h i d d e n i n p l a i n s i g h t Cisco Confidential 16
17 Central Management, Intelligence and Context FireSIGHT Management Centre Processes events FireSIGHT Central Management Policy Definition Event Analysis Correlation Network Map (Users, devices, apps, etc) Generates events - IPS - Intelligence - File - Malware - Access Control - Flow - Discovery FirePOWER Realtime traffic analysis Access Control Passive acquisition Cisco Confidential 17
18 FireSiGHT Management Centre SecOPS Workflows -FireSIGHT Management Center FireSIGHT NGFW/NGIPS Management Forensics / Log Management Network AMP / Trajectory Vulnerability Management Incident Control System Adaptive Security Policy Retrospective Analysis Correlated SIEM Eventing Network-Wide / Client Visibility Visibility Categories Threats Users Web Applications Application Protocols File Transfers Malware Command & Control Servers Client Applications Network Servers Operating Systems Routers & Switches Mobile Devices Printers VoIP Phones Virtual Machines Cisco Confidential 18
19 FireSIGHT Fuels Automation IT Insight Spot rogue hosts, anomalies, policy violations, and more Impact Assessment Threat correlation reduces actionable events by up to 99% Automated Tuning Adjust IPS policies automatically based on network change User Identification Associate users with security and compliance events Cisco Confidential 19 19
20 Impact Assessment Correlates all intrusion events to an impact of the attack against the target Impact Flag Administrator Action Why 1 Act immediately, vulnerable Event corresponds to vulnerability mapped to host 2 Investigate, potentially vulnerable Relevant port open or protocol in use, but no vuln mapped 3 Good to know, currently not vulnerable Relevant port not open or protocol not in use 4 Good to know, unknown target Monitored network, but unknown host 0 Good to know, unknown network Unmonitored network Cisco Confidential 20
21 Cisco FireSIGHT Fuels Automation Impact Assessment and Recommended Rules Automate Routine Tasks Cisco Confidential 21
22 FireSIGHT : Detecting Anomalies Detects if new application appears or traffic profile changes Identify Hacked Hosts Useful in static environments: Scada, DMZ, MEDTEC... Reduced Risk and Cost ssh ALERT Host has suddenly started to use SSH client and outgoing traffic volume has increased by 3 Cisco Confidential 22
23 FireSIGHT : Automated Responses Use pre-defined or custom script to initiate automatic actions E.g, Quarantine device with ISE API Reduced Risk and Cost change VLAN or SGT I S E Indications Of Compromise - IPS event impact 1 - Malware - Communication with BOTNET QUARANTINE Cisco Confidential 23
24 Automated, Integrated Threat Defense Superior Protection for Entire Attack Continuum Context and Threat Correlation Context and Threat Correlation Dynamic Security Control Priority 1 Priority 2 Multi-vector Correlation Priority 3 Retrospective Security Impact Assessment Cisco Confidential 24
25 Automated, Integrated Threat Defense Superior Protection for Entire Attack Continuum Context and Threat Correlation Dynamic Security Control Dynamic Security Control Multi-vector Correlation WWW WEB WWW WWW Retrospective Security Adapt Policy to Risks Cisco Confidential 25
26 Automated, Integrated Threat Defense Superior Protection for Entire Attack Continuum Context and Threat Correlation Multi-vector Correlation Dynamic Security Control Admin Request 5 IoCs Host A Multi-vector Correlation Mail PDF Admin Request Mail PDF 3 IoCs Host B Retrospective Security Early Warning for Advanced Threats Host C Cisco Confidential 26
27 Automated, Integrated Threat Defense Superior Protection for Entire Attack Continuum Context and Threat Correlation Retrospective Security Dynamic Security Control Multi-vector Correlation Retrospective Security Shrink Time between Detection and Cure Cisco Confidential 27
28 OpenAppID First OSS Application and Control OpenAppID Language Documentation o Accelerate the identification and protection for new clouddelivered applications Special Snort engine with OpenAppID preprocessor o Detect apps on network o Report usage stats o Block apps by policy o Snort rule language extensions to enable app specification o Append App Name to IPS events Available now at Snort.org Library of Open App ID Detectors o Over 1000 new detectors to use with Snort preprocessor o Extendable sample detectors Cisco Confidential 28
29 Reduced Cost and Complexity $144,000 Annual Costs of IPS Maintenance Cisco s FirePOWER Next-Generation IPS collectively saves this customer $230,100 per year Multilayered protection in a single device Highly scalable Automates security tasks Impact assessment $72,000 $59,400 $24,300 $18,000 $3,000 Impact Assessment of IPS Events IPS Tuning Linking IPS Events to Users Typical IPS Next-Generation IPS Policy tuning User identification Integrates with third-party security solutions Cisco Confidential 29
30 Indications of Compromise (IoCs) IPS Events Malware Backdoors Exploit Kits Web App Attacks CnC Connections Admin Privilege Escalations SI Events Connections to Known CnC IPs Malware Events Malware Detections Office/PDF/Java Compromises Malware Executions Dropper Infections Cisco Confidential 30
31 AMP Provides Continuous Retrospective Security Breadth of Control Points Endpoints WWW Web Network IPS Devices Telemetry Stream Continuous Analysis File Fingerprint and Metadata File and Network I/O Process Information Continuous Feed Cisco Confidential 31
32 The Cisco Collective Security 8 hours after thelearned first attack, At thecloud same time, a device with has An unknown fileintelligence is present the Malware endpoint triesato re-enter the FireAMP connector this file is malicious and on IP: , having At 10:57, the unknown file is thethe system Seven hours later file istothrough reacts to retrospective event retrospective event is fororiginal been The filefrom is copied yetthe a raisedthe from downloaded IP to IP: then fourth transferred to( ) aimmediately third point of entry butstops is recognized and and Firefox device all four devices immediately device ( ) using an the newly detected and blocked. through thequarantines same SMB SMB applicationmalware application a half hour later Cisco Confidential 32
33 Sample Solution Architecture with Management Configuration (policy) File Trajectory AMP Events Correlation FireSIGHT Management Center Link to AMP Public Cloud for Endpoint Connector Events Cisco Security Manager or ASDM VRT Dynamic Analysis Cloud File Submitted for Dynamic Analysis ASA Cluster with FirePOWER Services Manual Dynamic Analysis for Endpoint Connectors File Disposition queried against AMP Cloud (SHA256, Spero) AMP Cloud Endpoint Connectors Cisco Confidential 33
34 ASA FirePOWER Services Packet Flow SFR YES Receive PKT Ingress Interface Existing Conn ACL Match NO Permit YES Xlate YES Inspections sec checks NO NO NO DROP DROP DROP NAT IP Header Egress Interface L3 Route YES L2 Addr YES XMIT PKT NO NO DROP DROP 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
35 ASA FirePOWER Functional Distribution URL Category/Reputation NGIPS Application Visibility and Control Advanced Malware Protection File Type Filtering File Capture FirePOWER Services Module TCP Normalization TCP Intercept IP Option Inspection IP Fragmentation Botnet Traffic Filter NAT Routing ACL VPN Termination ASA Module 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
36 FireSIGHT Management Center Appliances New Virtual New Max. Devices Managed* Event Storage Virtual FireSIGHT Management Center Up to 25 Managed Devices 100 GB 125 GB 1.8 TB 400 GB 4.8/6.3 TB Max. Network Map (hosts / users) Events per Sec (EPS) 2K/2K 50K/50K 150K/150K 300K/300K 600K/600K New Virtual FireSIGHT Management Center Up to 2 or 10 Managed Devices - Promotional PID FS-VMW-2-SW-K9 FS-VMW-10-SW-K Cisco and/or its affiliates. All rights reserved. * Max number of devices is dependent upon sensor type and event rate Cisco Public 36
37 Collective Security Intelligence Malware Protection Reputation Feeds IPS Rules Cisco Talos (Talos Security Intelligence and Research Group) Vulnerability Database Updates Sandboxing Machine Learning Big Data Infrastructure Private and Public Threat Feeds Sandnets File Samples (>1.1 Million per Day) FireAMP Community Honeypots Sourcefire AEGIS Program Advanced Microsoft and Industry Disclosures SPARK Program Snort and ClamAV Open Source Communities Cisco Confidential 37
38 Robust Partner Ecosystem Vulnerability Management Custom Detection Full Packet Capture NAC Incident Response BEFORE Policy and Control DURING Identification and Block AFTER Analysis and Remediation Network Access Taps Infrastructure & Mobility Visualization SIEM Combined API Framework 38 Cisco Confidential 38
39 Only Cisco Delivers Unmatched Visibility Consistent Control Advanced Threat Protection Complexity Reduction Global Intelligence With the Right Context Consistent Policies Across the Network and Data Center Detects and Stops Advanced Threats Fits and Adapts to Changing Business Models Cisco Confidential 39
40 Cisco ASA with FirePOWER Services A New, Adaptive, Threat-Focused NGFW Integrated Threat Defense Best-in-class, multilayered protection in a single device Superior Visibility Full contextual awareness to eliminate gaps Automation Simplified operations and dynamic response and remediation Cisco Confidential 40
41 Thank you.
Requirements When Considering a Next- Generation Firewall
White Paper Requirements When Considering a Next- Generation Firewall What You Will Learn The checklist provided in this document details six must-have capabilities to look for when evaluating a nextgeneration
More informationSourceFireNext-Generation IPS
D Ů V Ě Ř U J T E S I L N Ý M SourceFireNext-Generation IPS Petr Salač CCNP Security, CCNP, CICSP, CCSI #33835 petr.salac@alefnula.com Our Customers Biggest Security Challenges Maintaining security posture
More informationCisco ASA with FirePOWER Services. October 2014
Cisco ASA with FirePOWER Services October 2014 What We Are Announcing September 16, 2014 Industry s First Threat-Focused NGFW Proven Cisco ASA firewalling + Industry leading NGIPS and AMP Cisco ASA with
More informationThreat-Centric Security Solutions. György Ács Security Consulting Systems Engineer 3 rd November 2015
Threat-Centric Security Solutions György Ács Security Consulting Systems Engineer 3 rd November 2015 The Problem is Threats About Angler Exploit Kit http://www.networkworld.com/article/2989827/security/cisco-disrupts-60m-ransomware-biz.html
More informationCisco ASA und FirePOWER Services
Cisco ASA und FirePOWER Services 1 Die Abwehr von Bedrohungen ist ein Prozess Attack Continuum BEFORE Control Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Firewall/VPN Applikations-Kontrolle
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationCisco Security: Moving to Security Everywhere. #TIGcyberSec. Stefano Volpi 13-10-2015
#TIGcyberSec Cisco Security: Moving to Security Everywhere Stefano Volpi 13-10-2015 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 Cisco is All In with Security I expect security
More informationNetwork as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats
Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats Dragan Novaković Consulting Systems Engineer Security November 2015. New Networks Mean New Security Challenges
More informationCisco Advanced Malware Protection
Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line
More informationEffective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention
Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Your Security Challenges Defending the Dynamic Network! Dynamic threats 䕬 䕬 䕬 䕬 Many threats
More informationCisco Advanced Malware Protection. Ross Shehov Security Virtual Systems Engineer March 2016
Cisco Advanced Malware Protection Ross Shehov Security Virtual Systems Engineer March 2016 The Reality Organizations Are Under Attack and Malware Is Getting in 95% of large companies targeted by malicious
More informationEXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY
EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY Dean Frye Sourcefire Session ID: SEC-W05 Session Classification: Intermediate Industrialisation of Threat Factories Goal: Glory,
More informationCisco Cybersecurity Pocket Guide 2015
Cisco Cybersecurity Pocket Guide 2015 Why Security Security investment: A top priority Security: A critical boardroom topic Why Security? Security Investment: A Top Priority Figure 1 How Enterprises View
More informationCisco and Sourcefire. AGILE SECURITY : Security for the Real World. Stefano Volpi
Cisco and Sourcefire AGILE SECURITY : Security for the Real World Stefano Volpi SOURCEfire Worldwide John Chambers statement Security is the TOP issue for Cisco and many of the CIO s in the industry. We
More informationProtection Against Advanced Persistent Threats
Protection Against Advanced Persistent Threats Peter Mesjar Systems Engineer, CCIE 17428 October 2014 Agenda Modern Threats Advanced Malware Protection Solution Why Cisco? Cisco Public 2 The Problem are
More informationBraindumps.700-295.50.QA
Braindumps.700-295.50.QA Number: 700-295 Passing Score: 800 Time Limit: 120 min File Version: 6.0 http://www.gratisexam.com/ Comprehensive, easy and to the point study material made it possible for me
More informationSourcefire Next-Generation IPS
Sourcefire Next-Generation IPS Key NGIPS Capabilities Snort IPS detection engine Network intelligence Impact assessment User identification Automated policy tuning Network behavior analysis Packet-level
More informationFive Steps For Securing The Data Center: Why Traditional Security May Not Work
White Paper Five Steps For Securing The Data Center: Why Traditional Security May Not Work What You Will Learn Data center administrators face a significant challenge: They need to secure the data center
More informationCisco Cloud Web Security
Data Sheet Today s highly connected and fast-moving world is filled with complex and sophisticated web security threats. Cisco delivers the strong protection, complete control, and investment value that
More informationThreat-Centric Security for Service Providers
Threat-Centric Security for Service Providers Enabling Open & Programmable Networks Sam Rastogi, Service Provider Security Product Marketing, Security Business Group Bill Mabon, Network Security Product
More informationHow To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)
McAfee Security: Intrusion Prevention System REV: 0.1.1 (July 2011) 1 Contents 1. McAfee Network Security Platform...3 2. McAfee Host Intrusion Prevention for Server...4 2.1 Network IPS...4 2.2 Workload
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationCisco Security Strategy Update Integrated Threat Defense. Oct 28, 2015
Cisco Security Strategy Update Integrated Threat Defense Oct 28, 2015 Breaches are the New Normal FDA Wards of Security Flaw in Infusion Pump Cisco Confidential Cisco s Covers the Threat-Centric Entire
More informationCisco Web Security: Protection, Control, and Value
Cisco Web Security: Protection, Control, and Value Benefits Strong protection: Protects every device through a sophisticated global threat-intelligence infrastructure, which includes Cisco Talos Security
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationHow To Manage Sourcefire From A Command Console
Sourcefire TM Sourcefire Capabilities Store up to 100,000,000 security & host events, including packet data Centralized policy & sensor management Centralized audit logging of configuration & security
More informationMcAfee Network Security Platform
McAfee Network Security Platform Next Generation Network Security Youssef AGHARMINE, Network Security, McAfee Network is THE Security Battleground Who is behind the data breaches? 81% some form of hacking
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationSourcefire Next-Generation IPS
Sourcefire Next-Generation IPS Sourcefire Next-Generation IPS sets a new standard for advanced threat protection, integrating real-time contextual awareness, intelligent security automation, and unprecedented
More informationCisco & Big Data Security
Cisco & Big Data Security 巨 量 資 料 的 傳 輸 保 護 Joey Kuo Borderless Networks Manager hskuo@cisco.com The any-to-any world and the Internet of Everything is an evolution in connectivity and collaboration that
More informationSpeed Up Incident Response with Actionable Forensic Analytics
WHITEPAPER DATA SHEET Speed Up Incident Response with Actionable Forensic Analytics Close the Gap between Threat Detection and Effective Response with Continuous Monitoring January 15, 2015 Table of Contents
More informationIntegrated Network Security Architecture: Threat-focused Nextgeneration
White Paper Integrated Network Security Architecture: Threat-focused Nextgeneration Firewall By Jon Oltsik, Senior Principal Analyst September 2014 This ESG White Paper was commissioned by Cisco Systems
More informationWhy Use Big Data for a Security Service?
Using Big Data for Good Advanced Malware Protection as a Cloud Service Gary Spiteri Security Engineer 17 July 2012 Why Use Big Data for a Security Service? Because the traditional way is broken Industry
More informationIntelligent Cybersecurity for the Real World. Cisco Cybersecurity Pocket Guide
Intelligent Cybersecurity for the Real World Cisco Cybersecurity Pocket Guide EMEA 2015 Content What an Opportunity! Security Investment is a Top Priority Why Cisco? Cisco is the Leading Security Company
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationContent Security: Protect Your Network with Five Must-Haves
White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationREVOLUTIONIZING ADVANCED THREAT PROTECTION
REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my
More informationCYBERSECURITY for ENTERPRISE INFRASTRUCTURE: Protecting your DataCenter. Marco Mazzoleni Consulting Systems Engineer, Cisco GSSO
CYBERSECURITY for ENTERPRISE INFRASTRUCTURE: Protecting your DataCenter Marco Mazzoleni Consulting Systems Engineer, Cisco GSSO 2014 Cisco and/or and/or its affiliates. its affiliates. All rights All reserved.
More informationIBM Security. 2013 IBM Corporation. 2013 IBM Corporation
IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationBEFORE. DURING. AFTER. CISCO'S INTEGRATED SECURITY STRATEGY NIALL MOYNIHAN CISCO EMEAR
BEFORE. DURING. AFTER. CISCO'S INTEGRATED SECURITY STRATEGY NIALL MOYNIHAN CISCO EMEAR The IndustrializaBon of Hacking SophisEcated AFacks, Complex Landscape Hacking Becomes an Industry Phishing, Low
More informationCisco Cloud Web Security Datasheet
Cisco Cloud Web Security Datasheet October 2014 Table of Contents Table of Contents... 1 Overview... 2 Features and Benefits by License... 3 CWS Essentials License... 3 CWS Premium... 4 Advanced Threat
More informationSECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION
SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION How ThreatBLADES add real-time threat scanning and alerting to the Analytics Platform INTRODUCTION: analytics solutions have become an essential weapon
More informationModular Network Security. Tyler Carter, McAfee Network Security
Modular Network Security Tyler Carter, McAfee Network Security Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks No Single Solution
More informationComstor Security Initiative. Comstor Security Initiative
Comstor Comstor Work in partnership with Comstor and Cisco to unlock the potential of Cyber security Cyber security is projected to be a $170 billion market by 2020. There are 10 billion connected sensors
More informationThreat Center. Real-time multi-level threat detection, analysis, and automated remediation
Threat Center Real-time multi-level threat detection, analysis, and automated remediation Description Advanced targeted and persistent threats can easily evade standard security, software vulnerabilities
More informationCisco RSA Announcement Update
Cisco RSA Announcement Update May 7, 2009 Presented by: WWT and Cisco Agenda Cisco RSA Conference Announcements Collaborate with Confidence Overview Cisco s Security Technology Differentiation Review of
More informationIBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems
IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems Proactively address regulatory compliance requirements and protect sensitive data in real time Highlights Monitor and audit data activity
More informationyou us MSSP are a Managed Security Service Provider looking to offer Advanced Malware Protection Services
MSSP you us are a Managed Security Service Provider looking to offer Advanced Malware Protection Services Lastline is the only company with 10+ years of academic research focused on detecting advanced
More informationCisco Email Security: Layered Protection from Blended Threats
Cisco Email Security: Layered Protection from Blended Threats Benefits Faster, more comprehensive email protection, often hours or days ahead of the competition The largest network of threat intelligence
More informationCALNET 3 Category 7 Network Based Management Security. Table of Contents
State of California IFB STPD 12-001-B CALNET 3 Category 7 Network Based Security Table of Contents 7.2.1.4.a DDoS Detection and Mitigation Features... 1 7.2.2.3 Email Monitoring Service Features... 2 7.2.3.2
More informationNiara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined
Niara Security Intelligence Threat Discovery and Incident Investigation Reimagined Niara enables Compromised user discovery Malicious insider discovery Threat hunting Incident investigation Overview In
More informationNiara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning
Niara Security Analytics Automatically detect attacks on the inside using machine learning Automatically detect attacks on the inside Supercharge analysts capabilities Enhance existing security investments
More informationSecurity Services. 30 years of experience in IT business
Security Services 30 years of experience in IT business Table of Contents 1 Security Audit services!...!3 1.1 Audit of processes!...!3 1.1.1 Information security audit...3 1.1.2 Internal audit support...3
More informationSecure Cloud-Ready Data Centers Juniper Networks
Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationIntelligent Cybersecurity for the Real World
Intelligent Cybersecurity for the Real World Ali Fuat TÜRKAY aturkay@cisco.com 0 532 677 4080 Ali Fuat Türkay: Security Sales Fuat Kılıç: Consulting System Engineer Hakan Tağmaç: Emerging Markets SE Manager
More informationNetwork that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE
Network that Know Rasmus Andersen Lead Security Sales Specialist North & RESE Email Gateway vendor CERT AV vendor Law enforcement Web Security Vendor Network security appliance vendor IT Department App
More informationAddressing Advanced Web Threats. Addressing Advanced Web Threats: Protect Your Data and Brand
Addressing Advanced Web Threats: Protect Your Data and Brand What You Will Learn From collaboration to communication to data access, the web is a mission-critical business tool. Enterprises rely on the
More informationBelgacom Security Convention. Tuesday 15 October 2013, Aula Magna, Louvain-la-Neuve
Belgacom Security Convention Tuesday 15 October 2013, Aula Magna, Louvain-la-Neuve Belgacom Security Convention The new, continuous security model Hans De Raeve Product Manager Belgacom Sean Newman Product
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationIBM QRadar Security Intelligence Platform appliances
IBM QRadar Security Intelligence Platform Comprehensive, state-of-the-art solutions providing next-generation security intelligence Highlights Get integrated log management, security information and event
More informationDelivering Control with Context Across the Extended Network
Delivering Control with Context Across the Extended Network Agenda Current Challenges Cisco ISE Overview Introducing Cisco pxgrid Customer Success Stories Only Cisco ISE Delivers 2013-2014 Cisco and/or
More informationIBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer
IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.
More informationUnified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
More informationNETWORK SECURITY (W/LAB) Course Syllabus
6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information
More informationCyb T er h Threat D f e ense S l o uti tion Moritz Wenz, Lancope 1
C b Th Cyber Threatt Defense D f S Solution l ti Moritz Wenz, Lancope 1 The Threat Landscape is evolving Enterprise Response Antivirus (Host-Based) IDS/IPS (Network Perimeter) Reputation (Global) and Sandboxing
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationENABLING FAST RESPONSES THREAT MONITORING
ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,
More informationBreaking the Cyber Attack Lifecycle
Breaking the Cyber Attack Lifecycle Palo Alto Networks: Reinventing Enterprise Operations and Defense March 2015 Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com
More informationPalo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats
Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats Executive Summary Palo Alto Networks strategic partnership with Splunk brings the power of our next generation
More informationIntro to NSX. Network Virtualization. 2014 VMware Inc. All rights reserved.
Intro to NSX Network Virtualization 2014 VMware Inc. All rights reserved. Agenda Introduction NSX Overview Details: Microsegmentation NSX Operations More Information SDDC/Network Virtualization Security
More informationThe Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud
The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery
More informationWHITE PAPER SPLUNK SOFTWARE AS A SIEM
SPLUNK SOFTWARE AS A SIEM Improve your security posture by using Splunk as your SIEM HIGHLIGHTS Splunk software can be used to operate security operations centers (SOC) of any size (large, med, small)
More informationSecurity Intelligence Services. www.kaspersky.com
Kaspersky Security Intelligence Services. Threat Intelligence Services www.kaspersky.com THREAT INTELLIGENCE SERVICES Tracking, analyzing, interpreting and mitigating constantly evolving IT security threats
More informationRAVEN, Network Security and Health for the Enterprise
RAVEN, Network Security and Health for the Enterprise The Promia RAVEN is a hardened Security Information and Event Management (SIEM) solution further providing network health, and interactive visualizations
More informationCisco Cyber Threat Defense - Visibility and Network Prevention
White Paper Advanced Threat Detection: Gain Network Visibility and Stop Malware What You Will Learn The Cisco Cyber Threat Defense (CTD) solution brings visibility to all the points of your extended network,
More informationLumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks
IPsonar provides visibility into every IP asset, host, node, and connection on the network, performing an active probe and mapping everything that's on the network, resulting in a comprehensive view of
More informationAnalyzing HTTP/HTTPS Traffic Logs
Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that
More informationEnterprise Security Solutions
Enterprise Security Solutions World-class technical solutions, professional services and training from experts you can trust ISOCORP is a Value-Added Reseller (VAR) and services provider for best in class
More informationSecurity strategies to stay off the Børsen front page
Security strategies to stay off the Børsen front page Steve Durkin, Channel Director for Europe, Q1 Labs, an IBM Company 1 2012 IBM Corporation Given the dynamic nature of the challenge, measuring the
More informationMitigating Web Threats with Comprehensive, Cloud-Delivered Web Security
White Paper Mitigating Web Threats with Comprehensive, Cloud-Delivered Web Security Overview For collaboration, communication, and data access, the web has become a mission-critical business tool. But
More informationAdaptive IPS Security in a changing world. Dave Venman Security Engineer, UK & Ireland
Adaptive IPS Security in a changing world Dave Venman Security Engineer, UK & Ireland 2 Who Is Sourcefire? Mission: To help customers manage increasing risks and regulations by providing the most effective,
More informationComprehensive Advanced Threat Defense
1 Comprehensive Advanced Threat Defense June 2014 PAGE 1 PAGE 1 1 INTRODUCTION The hot topic in the information security industry these days is Advanced Threat Defense (ATD). There are many definitions,
More informationHow To Sell Security Products To A Network Security Company
Market Segment Definitions Author Joshua Mittler Overview In addition to product testing, NSS Labs quantitatively evaluates market size for each of the product categories tested. NSS provides metrics that
More informationSOURCEFIRE 3D SYSTEM RELEASE NOTES
SOURCEFIRE 3D SYSTEM RELEASE NOTES Version 5.3 Original Publication: April 21, 2014 Last Updated: May 30, 2014 These release notes are valid for Version 5.3 of the Sourcefire 3D System. Even if you are
More informationExtreme Networks: A SOLUTION WHITE PAPER
Extreme Networks: The Purview Solution Integration with SIEM Integrating Application Management and Business Analytics into other IT management systems A SOLUTION WHITE PAPER WHITE PAPER Introduction Purview
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationCisco Remote Management Services for Security
Cisco Remote Management Services for Security Innovation: Many Take Advantage of It, Some Strive for It, Cisco Delivers It. Cisco Remote Management Services (RMS) for Security provide around the clock
More informationBeyondInsight Version 5.6 New and Updated Features
BeyondInsight Version 5.6 New and Updated Features BeyondInsight 5.6 Expands Risk Visibility Across New Endpoint, Cloud and Firewall Environments; Adds Proactive Threat Alerts The BeyondInsight IT Risk
More informationIINS Implementing Cisco Network Security 3.0 (IINS)
IINS Implementing Cisco Network Security 3.0 (IINS) COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More information642 523 Securing Networks with PIX and ASA
642 523 Securing Networks with PIX and ASA Course Number: 642 523 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional and the Cisco Firewall
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationImplementing Cisco IOS Network Security
Implementing Cisco IOS Network Security IINS v3.0; 5 Days, Instructor-led Course Description Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationAPPLICATION PROGRAMMING INTERFACE
DATA SHEET Advanced Threat Protection INTRODUCTION Customers can use Seculert s Application Programming Interface (API) to integrate their existing security devices and applications with Seculert. With
More informationQRadar SIEM and FireEye MPS Integration
QRadar SIEM and FireEye MPS Integration March 2014 1 IBM QRadar Security Intelligence Platform Providing actionable intelligence INTELLIGENT Correlation, analysis and massive data reduction AUTOMATED Driving
More information