Cisco and Sourcefire. AGILE SECURITY : Security for the Real World. Stefano Volpi

Cisco and Sourcefire AGILE SECURITY : Security for the Real World Stefano Volpi

SOURCEfire Worldwide John Chambers statement Security is the TOP issue for Cisco and many of the CIO s in the industry. We are putting the power of the entire company behind it John Chambers

SOURCEfire some inside. FAQ: Why is Cisco developing a new Security go-to-market model and what is happening as part of this announcement? As Cisco is working toward becoming the #1 IT Company in the world, leadership recognizes an opportunity to define and lead the future of Security solutions in the marketplace. In creating a unified Security sales organization, we position Cisco to capture opportunities like never before. Newspapers The deal was picked as the best large business acquisition in 2013 as part of Washington Technology s annual Mission&Alignement special report

SOURCEfire Worldwide Hystory chart More than 600 Emplyee worldwide Based in Columbia: Maryland Founded in 2001 Revenue 2012: $223.1 Million, an Increase of 35% Year- Over-Year Nasdaq: Fire CTO: Martin Roesh (Creator of Snort) Acquired by Cisco July 2013 for 2,7 Billion Dollars

Today s real world: threats are evolving and avoid traditional defenses All had 1 st generation security FW, IPS, AV. It wasn t enough. 5

The Industrialization of Hacking VIRUSES 1985 1995 2000 2005 2010 Attackers and defenders drive each other to innovate Icons: attack vectors 6

The Industrialization of Hacking VIRUSES MACRO VIRUSES WORMS HACKERS SPYWARE / ROOTKITS APTs MALWARE 1985 1995 2000 2005 2010 Attackers and defenders drive each other to innovate resulting in distinct threat cycles Icons: attack vectors 7

Security is About Detecting, Understanding, & Stopping Threats 8

Security is About Detecting, Understanding, & Stopping Threats Today s dynamic computing environment creates new attack vectors for the bad guys. 9

Security is About Detecting, Understanding, & Stopping Threats The response has been focusing effort and dollars on more controls. 10

Security is About Detecting, Understanding, & Stopping Threats High speed inspection of content 123.45.67.89 SQL Johnson-PC 12.122.13.62 OS: Windows 7 hostname: laptop1 User: jsmith IP: 12.134.56.78 Controls reduce the surface area of attack, but threats still get through. 11

Security is About Detecting, Understanding, & Stopping Threats Today s Reality: High speed inspection of content 855 breaches in 2012 98% stemmed from external agents SQL 123.45.67.89 12.122.13.62 Johnson-PC OS: Windows 7 hostname: laptop1 User: jsmith IP: 12.134.56.78 81% utilized some form of hacking 69% incorporated malware 96% of attacks not highly difficult 2012 Verizon Data Breach Investigation Report Reality: today's threats require a philosophy of threat prevention as core to security. 12

Sourcefire s Approach: Agile Security a continuous process before, during & after an attack You can t protect what you can t see Adjust security with automation Turn data into information in real-time, all the time 13

You Can t Protect What You Can t See Sourcefire sees MORE Breadth: who, what, where, when Depth: as much detail as you need All in real-time, in one place Threats Devices Applications Network Vulnerabilities OS Users Files Agile Security Sourcefire provides information superiority 14

2013 Cisco and/or its affiliates. All rights reserved.

Turn Data into Information Gain insight into the reality of your IT and security posture Correlate & prioritize to decide Get smarter by applying intelligence Context & intelligence elevates overall defense Agile Security 16

Adjust Security with Automation Optimize defenses automatically Use policy to reduce attack vectors Leverage open architecture Configure custom fit security Agile Security Sourcefire invented self-tuning & customized security 17

Act in Real Time, All the Time Block Alert Log Modify Quarantine Remediate Security before, during, & after an attack Agile Security 18

Mapping Technologies to the Model Attack Continuum BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Firewall Patch Mgmt IPS IDS AMD App Control Vuln Mgmt Antivirus FPC Log Mgmt VPN IAM/NAC Email/Web Forensics SIEM Visibility and Context 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19

Sourcefire Agile Security Solutions Management Center APPLIANCES VIRTUAL NEXT- GENERATION FIREWALL NEXT- GENERATION INTRUSION PREVENTION ADVANCED MALWARE PROTECTION COLLECTIVE SECURITY INTELLIGENCE CONTEXTUAL AWARENESS HOSTS VIRTUAL MOBILE APPLIANCES VIRTUAL 20

Cisco and Sourcefire: Comprehensive Security Portfolio Attack Continuum BEFORE Control Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate VPN Cisco AnyConnect VPN Meraki MX UTM NAC + Identity Services Cisco Identity Services Engine (ISE) Cisco NGFW Access Control Server (ACS) Cisco ASA 5500-X Series Cisco ASA 5500-X w/ NGFW license Cisco ASA 5585-X w/ NGFW blade 2013-2014 Cisco and/or its affiliates. All rights reserved. FirePOWER NGFW NGIPS Cisco ASA 5500-X integrated IPS FirePOWER NGIPS FirePOWER NGIPS w/ Appl. Control FirePOWER Virtual NGIPS Email Security Cisco Email Security Appliance (ESA) Cisco Virtual Email Security Appliance Web Security Cisco Cloud Email Security Cisco Web Security Appliance (WSA) Cisco Virtual Web Security Appliance Cisco Cloud Web Security Advanced Malware Protection FireAMP FireAMP Mobile FireAMP Virtual Network Behavior Analysis Cyber Threat Defense Cisco SIO FireSight SIEM Integration Cisco Confidential 21

IPS Performance and Scalability Platforms and Places in the Network FirePOWER 8200 Series 10 Gbps 40 Gbps FirePOWER 8100/8200 2 Gbps - 10 Gbps FirePOWER 7120/7125/8120 1 Gbps - 2 Gbps FirePOWER 7000 Series 50 Mbps 250 Mbps FirePOWER 7100 Series 500 Mbps 1 Gbps SOHO Branch Office Internet Edge Campus Data Center 2013 Cisco and/or its affiliates. All rights reserved.

Collective Security Intelligence Private & Public Threat Feeds IPS Rules Malware Protection Sourcefire Vulnerability Research Team Sandboxing Machine Learning Big Data Infrastructure Reputation Feeds Vulnerability Database Updates Sourcefire AEGIS Program Sandnets File Samples (>180,000 per day) FireAMP Community Honeypots Advanced Microsoft & Industry Disclosures SPARK Program Snort & ClamAV Open Source Communities

ability to execute Leadership The Path Up and Right challengers leaders Cisco IBM McAfee HP Sourcefire (Cisco) Sourcefire has been a leader in the Gartner Magic Quadrant for IPS since 2006. NSFOCUS Information Technology Enterasys Networks (Extreme Networks) niche players StoneSoft (McAfee) Radware Huawei visionaries vision As of December 2013 Source: Gartner (December 2013) 24

Is it value for money? Again, NSS think so Sourcefire Confidential Internal Use Only

Sourcefire Leadership and Recognition Leadership* #1 in detection #1 in performance #1 in vulnerability coverage 100% evasion free Ratings* 99% detection & protection 34Gbps inspected throughput 60M concurrent connections $15 TCO / protected Mbps "For the past five years, Sourcefire has consistently achieved excellent results in security effectiveness based on our realworld evaluations of exploit evasions, threat block rate and protection capabilities. Vikram Phatak, CEO NSS Labs, Inc. Networks looking to update their defenses with a Next-Generation Firewall would do well to consider Sourcefire's entry into the NGFW market as a solid contender. Ratings* 99% protection 10Gbps inspected throughput 15M concurrent connections $33 TCO / protected Mbps Leadership* #1 in detection Class leader in performance Class leader for TCO 100% evasion free Bob Walder NSS Labs, Inc. * NSS Labs, Network IPS 2010 Comparative Test Results, December 2010 NSS Labs, Network IPS Product Analysis Sourcefire 3D8260 v4.10, April 2012 NSS Labs, Next-Generation Firewall Product Analysis Sourcefire October 2012 26

Sourcefire Leadership and Recognition 27

Sourcefire is a Trusted Security Partner Trusted for over 10 years Security from network to advanced malware protection NGIPS, NGFW, Malware Protection Physical, Virtual, Cloud Protecting organizations in over 180 countries Innovative: 52+ patents awarded or pending World-class research Open source projects Snort, ClamAV, Razorback IPS MQ Leader America s Fastest-Growing Tech Companies 2012 28

SOURCEfire Worldwide Relevant European customer A2A Eni Group Finmeccanica Barkley Bank Italia Prysmian Universita' di Pavia Beretta Enel/Endesa Vodafone Italia Alitalia Wolter Kluvert Tefefonica Orange Vodafone Group British Telecom Ministry of Defence Royal bank of Scotland Renault Seciete' Generale Credit Agricole Airbus EADS Nato

Thank You.