1 / 0

Intelligent Cybersecurity for the Real World

Intelligent Cybersecurity for the Real World. Hermes Romero. Regional Security Sales, Sourcefire. Comprehensive Security Portfolio . Cisco Sourcefire. Firewall & NGFW Cisco ASA 5500-X Series Cisco ASA 5500-X w/ NGFW license Cisco ASA 5585-X w/ NGFW blade FirePOWER NGFW. IPS & NGIPS

lynda
Download Presentation

Intelligent Cybersecurity for the Real World

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Intelligent Cybersecurityfor the Real World Hermes Romero Regional Security Sales, Sourcefire
  2. Comprehensive Security Portfolio Cisco Sourcefire Firewall & NGFW Cisco ASA 5500-X Series Cisco ASA 5500-X w/ NGFW license Cisco ASA 5585-X w/ NGFW blade FirePOWER NGFW IPS & NGIPS Cisco IPS 4300 Series Cisco ASA 5500-X Series integrated IPS FirePOWER NGIPS FirePOWER NGIPS w/ Application Control FirePOWER Virtual NGIPS Advanced Malware Protection FireAMP FireAMP Mobile FireAMP Virtual AMP for FirePOWER license Dedicated AMP FirePOWER appliance Web Security Cisco Web Security Appliance (WSA) Cisco Virtual Web Security Appliance (vWSA) Cisco Cloud Web Security VPN Cisco AnyConnect VPN UTM Meraki MX Email Security Cisco Email Security Appliance (ESA) Cisco Virtual Email Security Appliance (vESA) Cisco Cloud Email NAC +Identity Services Cisco Identity Services Engine (ISE) Cisco Access Control Server (ACS)
  3. SourcefireBackground andMarket Leadership
  4. Leveraging A Powerful Community
  5. The New Security Model Attack Continuum BEFORE DURING AFTER Detect Block Defend Scope Contain Remediate Discover Enforce Harden Network Endpoint Mobile Virtual Cloud Point in Time Continuous
  6. CUBRIENDO EL ATAQUE CONTINUO Attack Continuum ANTES DURANTE DESPUÉS Detectar Bloquear Defender Alcance ContenerRemediar Control Política Tuning Firewall VPN NGIPS Advanced Malware Protection NGFW UTM Web Security Network Behavior Analysis NAC + Identity Services Email Security Visibility and Context
  7. Leadership The Path “Up and Right” challengers leaders McAfee Sourcefire (Cisco) Sourcefire has been a leader in the Gartner Magic Quadrant for IPS since 2006. HP Cisco IBM ability to execute NSFOCUS Information Technology StoneSoft (McAfee) Radware Huawei Enterasys Networks (Extreme Networks) As of December 2013 Source: Gartner (December 2013) niche players visionaries vision
  8. FirePOWER™NGIPS Best-in-Class Best Threat Effectiveness Highest Throughput Most Sessions Best Value (lowest TCO/protected Mbps) Top Ratings (8290)* 99.4% detection & protection 136Gbps inspected throughput 60Mconcurrent connections $13.6TCO / protected Mbps "For the past five years, Sourcefire has consistently achieved excellent results in security effectiveness based on our real-world evaluations of exploit evasions, threat block rate and protection capabilities.” VikramPhatak, CTO NSS Labs, Inc. *NSS Labs 2014 Data Center IPS Product Analysis Report
  9. Sourcefire NGIPS
  10. Security is About Detecting, Understanding, & Stopping Threats Today’s Reality: 621 breaches in 2012 92% stemmed from external agents 52% utilized some form of hacking 40% incorporated malware 78% of attacks not highly difficult High speed inspection of content 123.45.67.89 Johnson-PC SQL 12.122.13.62 OS: Windows 7hostname: laptop1 User: jsmith IP: 12.134.56.78 2013 Verizon Data Breach Investigation Report Reality: today's threats require a philosophy of threat prevention as core to security.
  11. Sourcefire’s Security Solutions Management Center APPLIANCES | VIRTUAL NEXT- GENERATION INTRUSION PREVENTION ADVANCED MALWARE PROTECTION NEXT- GENERATION FIREWALL COLLECTIVESECURITYINTELLIGENCE HOSTS | VIRTUAL MOBILE CONTEXTUAL AWARENESS APPLIANCES | VIRTUAL
  12. FireSIGHT™ Full Stack Visibility Contextual Awareness Information Superiority
  13. FireSIGHT™Context Explorer Look for risky applications… View all application traffic… Who is using them? What else have these users been up to? On what operating systems? What does their traffic look like over time?
  14. FireSIGHT™ Enables Automation IT Insight Spot rogue hosts, anomalies, policy violations, and more Impact Assessment Threat correlation reduces actionable events by up to 99% User Identification Associate users with securityand compliance events Automated Tuning Adjust IPS policies automatically based on network change
  15. Robust Partner Ecosystem Full Packet Capture NAC Incident Response Vulnerability Management Custom Detection AFTER DURING BEFORE Analysis and Remediation Policy andControl Identification and Block SIEM Visualization Network Access Taps Infrastructure & Mobility Combined API Framework
  16. Sourcefire NGFWApplication Control
  17. Reduce Risk Through Granular Application Control Control access for applications, users and devices “Employees may view Facebook, but only Marketing may post to it” “No one may use peer-to-peer file sharing apps” Over 2,200 apps, devices, and more!
  18. Dashboard
  19. Application Control Example Prevent BitTorrent
  20. URL Filtering Block non-business-related sites by category Based on user and user group
  21. Don’t Forget: Apps are Often Encrypted! and default to SSL Benefits of Sourcefire off-box decryption solution: Improved Performance – acceleration and policy Centralized Key Management Interoperable with 3rd party products
  22. FirePOWER™ & FireAMP™ Advanced Malware Protection (AMP) Solution
  23. In Spite of Layers of Defense Attack Continuum DURING BEFORE AFTER Detect Block Defend Scope Contain Remediate Discover Enforce Harden Malware is getting through control based defenses MalwarePreventionis NOT100% Existing tools arelabor intensive and requireexpertise Breach Each stage represents a separate process silo attackers use to their advantage.
  24. APT / Advanced Malware Is now a tool for financial gain Uses formal Development Techniques Sandbox aware Quality Assurance to evade detection 24/7 Tech support available Has become a math problem End Point AV Signatures ~20 Million Total KNOWN Malware Samples ~100 M AV Efficacy Rate ~50%
  25. Sourcefire Advanced Malware Protection Retrospective Security ComprehensiveNetwork + Endpoint Continuous Analysis Integrated Response Big Data Analytics Control & Remediation
  26. The Real Cost of Malware Responding to an infection = Headaches = Time = $$ Where do I start? How bad is the situation? What systems were impacted? How do we recover? How do we keep it from happening again?
  27. The Real Cost of Malware Responding to an infection = Headaches = Time = $$
  28. Beyond the Event Horizon Analysis Stops Addresses limitations of point-in-time detection Point-in-time Detection Not 100% Sleep Techniques Unknown Protocols Encryption Polymorphism Antivirus Sandboxing Blind to scope of compromise Actual Disposition = Bad = Too Late!! Initial Disposition = Clean Retrospective Detection, Analysis Continues Turns back time Visibility and Control are Key Continuous Initial Disposition = Clean Actual Disposition = Bad = Blocked
  29. File Trajectory Quickly understand the scope of malware problem Network + Endpoint
  30. FirePOWER™
  31. FirePOWER™ Appliances Summary All appliances include: Integrated lights-out management Sourcefire acceleration technology LCD display
  32. Inline or passive deployment Full NGIPS Capabilities Deployed as virtual appliance Use Cases SNORT Conversion Small / Remote Sites Virtualized workloads (PCI) Manages up to 25 sensors physical and virtual single pane-of-glass Use Cases Rapid Evaluation Pre-production Testing Service Providers NOTE: Supports ESX(i) 4.x and 5.xon Sourcefire 5.x platforms. Supports RHEV 3.0 and Xen 3.3.2/3.4.2 on Soucefire 4.x platforms only. Virtual Defense Center Virtual Sensor Network Virtual Appliances DC
  33. PREGUNTAS??Gracias!
More Related