Cisco ASA und FirePOWER Services 1
Die Abwehr von Bedrohungen ist ein Prozess Attack Continuum BEFORE Control Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Firewall/VPN Applikations-Kontrolle Bedrohungsanalyse NG-IPS Security-Intelligenz Web/DNS Sicherheit Visibilität und Automation Advanced Malware Protection Retrospective Security IoCs/Incident Response 2
Die Cisco ASA-Firepower Lösung Cisco Collective Security Intelligence Cisco ASA als erprobte und bewährte Stateful Firewall Clustering & High Availability Network Firewall Routing Switching Intrusion Prevention Application Visibility & Control FireSIGHT Analytics & Automation Advanced Malware Protection Built-in Network Profiling WWW URL Filtering DNS-Control Identity-Policy Control & VPN Granulare Cisco Application Visibility und Control (AVC) Die führende Lösung im Bereich Next-Generation IPS (NGIPS) Reputations- und Kategorien- basierender URL-Schutz Cisco ASA DNS-Überwachung* & Kontrolle Advanced Malware Schutz 3
Eine umfangreiche Netzwerk-Sichtbarkeit ist elementar Categories FirePOWER Services Typical IPS Typical NGFW Threats Users Web Applications Application Protocols File Transfers Malware Command & Control Servers Client Applications Network Servers Operating Systems Routers & Switches Mobile Devices Printers VoIP Phones Virtual Machines 4
Cisco FireSIGHT: Umfassende Transparenz für eine präzise Gefahrenerkennung und eine adaptive Abwehr Threats Users Web Applications Application Protocols File Transfers Malware Command & Control Client Applications Network Servers Operating Systems Mobile Devices 5
Das FireSIGHT Management Center steuert das Event-, Policy- und Konfigurationsmanagement 6
Impact Assessment IMPACT FLAG ADMINISTRATOR ACTION WHY 1 Act Immediately, Vulnerable Event corresponds to vulnerability mapped to host 2 Investigate, Potentially Vulnerable Relevant port open or protocol in use, but no vuln mapped 3 Good to Know, Currently Not Vulnerable Relevant port not open or protocol not in use 4 Good to Know, Unknown Target Monitored network, but unknown host Korelliert alle Intrusion Events zu einem Risikofaktor eines Angriffes gegen ein Ziel 0 Good to Know, Unknown Network Unmonitored network 7
Indications of Compromise (IoCs) IPS Events SI Events Malware Events Malware Backdoors CnC Connections Connections to Known CnC IPs Malware Detections Malware Executions Exploit Kits Admin Privilege Escalations Office/PDF/Java Compromises Dropper Infections Web App Attacks 8
Advanced Malware Protection Alle Methoden bleiben unter 100% Erkennung One-to-One Signature Fuzzy Finger-Printing Machine Learning Advanced Analytics Dynamic Analysis Reputations-Filtering und File-Sandboxing 9
Advanced Malware Schutz als Prozess 10
Advanced Malware Schutz für alle Bereiche ASA Firepower Services FirePOWER Appliance Web & Email Security Appliance Cloud Based Web Security & Hosted Email Private Cloud PC / MAC Mobile Virtual NGIPS /NGFW mit FirePOWER Kontinuierliche & Zero-Day Kontrolle Moderne Analyse und Korrelation Enterprise Betrieb & Design 11
Zusammenfassung 12
Ihre Security-Policy bleibt ein Prozess Attack Continuum BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Network Endpoint Mobile Virtual Cloud Point in Time Continuous. 13
Danke