Peter Mesjar
CCIE 17428, Systémový Inžinier, Cisco
Sieťová ochrana pre malé a stredné podniky pred modernými hrozbami
Cisco ASA 5500-X NGFW
2 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
What are we going to talk about
Problem is THREATS
• How today’s malware works?
• What is the impact?
Cisco Solution
• Layered approach
• Multiple services
Demo time!
• See the solution
Problem is THREATS
4 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
You heard about these in the news
! “95% of large companies are targeted by malicious traffic, and 100% of organizations have interacted with websites that host malware.” -2014 Cisco Annual Security Report
! Sony Pictures, December 2014
! Personal employee information, email exchanges and movies before premiere leaked
! Target Breach, December 2013
! 40 million credit cards stolen
! 70 million personal records stolen
…and many more
s
http://www.businessweek.com/articles/2014-03-13/target-
missed-alarms-in-epic-hack-of-credit-card-data
5 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public CisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisco co co co co co co co co co co co co co co co ASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASA fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo for Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr SMB MB MB MB MB MB MB MB MB MB MB MB MB MB MB MB MB MB MB MB MB MB MB MB MB MB MB MB andandandandandandandandandandandandandandandandandandandandandandandandandandandandandandandandand Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Distrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstribuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibutedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedted En En En En En En En En En En En En En En En En En En En En En En En En En En En En En En En Enterterterterterterterterterterterterterterterterterterterterterterterterterterterterterterterterterpripripripripripripripripripripripripripripripripripripripripripripripripripripripripripripriprise se se se se se se se se se se se se se se se se se se se se se se PrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePresensensensensensensensensensensensensensensensentattattattattattattattattattattattattattattationionionionionionionionionionionionionionionion | | | | | | | | | | | | | | | | | | | | © 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2015015015015015015015015015015015015015015015015015015015015015015015015015 Ci Ci Ci Ci Ci Ci Ci Ci Ci Ci Ci Ci Ci Ci Ci Ci Ci Ci Ci Ci Ci Ciscoscoscoscoscoscoscoscoscoscoscoscoscosco an an an an an an an an an an an an an an an an an an an and/od/od/od/od/od/od/od/od/od/od/od/od/od/od/od/od/od/od/or ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir its ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts aff
http://blogs.cisco.com/talos/teslacrypt
http://blogs.cisco.com/
security/talos/ctb-locker-win10
6 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Anatomy of Data Breach
enterprise network
Attacker
Perimeter
(Inbound)
Perimeter
(Outbound)
Infiltration and Backdoor establishment
1
C2 Server
ion and kdoor establishmenkdoor establishmenment ment
Perimemeteter te
(I(Inbnboundound) ) ound(I(Inbououououououndndnd) ouououououndou
eeeneennteeeennn rpppprriseeeerrrp e nnnneeeeetwse twwooorrrrrkkkkk w
Admin Node
(Outbound)d)d)
PePeririmeteter r ter r teter r
Reconnaissance and Network Traversal
2
Exploitation and Privilege Elevation
3
Staging and Persistence (Repeat 2,3,4)
4
Data Exfiltration
5
7 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Anatomy of Data Breach
8 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
http://talosintel.com/angler-exposed/
http://blogs.cisco.com/security/talos/
project-aspis
How much money are attackers making?
9 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Malvertising – Compromise via legitimate websites
10 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
How does malvertising work?
CisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisco co co co co co co co co co co co co co co co co co co co co co co co co co co ASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASA fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo for Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr SMB MB MB MB MB MB MB MB MB MB MB and Distributed Enterprise Presentation | © 2015 Ciscoscoscoscoscoscoscoscoscosco an an an an an an an an an an an an an an an an an an and/od/od/od/od/od/od/od/od/od/od/od/od/od/od/od/or ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir its ts ts ts ts ts ts ts affiliates. All rights r
11 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco: Covering the entire continuum
Attack Continuum
FireSIGHT & PXGrid
ASA
NGFW
Secure Access + Identity Services
VPN
Meraki
NGIPS
ESA/WSA
CWS
Advanced Malware Protection
Cognitive
BEFORE Detect Block
Defend
DURING AFTER BEFOREBEFOREDIscover Enforce
Harden
AFTERAFTERScope
Contain
Remediate
ThreatGRID
Services
Cisco Solution
13 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Start with the right appliance
Max stateful inspection throughput 750 Mbps 1 Gbps 1.8 Gbps
VPN throughput 100 Mbps 175 Mbps 250 Mbps
Max AVC throughput 250 Mbps 450 Mbps 850 Mbps
Max AVC and NGIPS throughput 125 Mbps 250 Mbps 450 Mbps
AVC or IPS sizing throughput [440B] 90 Mbps 180 Mbps 300 Mbps
Max concurrent sessions 50,000 100,000 250,000
Max connections per second (CPS) 5,000 10,000 20,000
Features ASA 5506-X
5506W-X | 5506H-X ASA 5508-X ASA 5516-X ~1.5x
to 2x
~1.5x
to 2x
Cisco Trust Anchor validates the source of the image file and protects against hardware tampering and counterfeiting
14 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Foundational Functionality Built-in firewall services to provide base protection and connect with other security solutions
Stateful Firewalling VPN Capabilities Policy Enforcement Point for ISE
FirePOWER Services Subscription services that run on the ASA and provide enhanced levels of threat protection and network visibility
Advanced Malware Protection
Next-Generation Intrusion Prevention
System
URL Filtering Application Visibility and Control
Services
AMP
Stateful
Firewalling
AVC
URL
Filtering
NGIPS
VPN
Capabilities
Add security services to help defend your network
Included by default
Foundational Functionality Built-in firewall services to provide base protection and connect with other security solutions
Stateful Firewalling VPN Capabilities Policy Enforcement Point for ISE
FirePOWER Services Subscription services that run on the ASA and provide enhanced levels of threat protection and network visibility
Advanced Malware Protection
Next-Generation Intrusion Prevention
System
URL Filtering Application Visibility and Control
15 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Back it up with world’s largest threat intelligence
16 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Back it up with world’s largest threat intelligence
17 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
No other firewall offers extensive contextual visibility
Malware
Client applications
Operating systems
Mobile Devices
VOIP phones
Routers & switches
Printers
C & C Servers
Network Servers
Users
File transfers
Web applications
Application protocols
Threats
Typical IPS
Typical NGFW
Cisco ASA with FirePOWER Services
The more infrastructure you see, the better protection you get
18 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
How to manage Cisco’s solution
Adaptive Security Device Manager (ASDM)
on-box manager
FireSIGHT
Management Center
19 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Off-box Firesight Management Center
IT Insight Spot rogue hosts, anomalies, policy
violations, and more
Impact Assessment Reduce actionable events by
up to 99% with correlation
Automated Tuning Adjust IPS policies automatically
based on network change
User Identification Associate users with security
and compliance events
Indications of
Compromise Identify the machines
most likely to be owned
20 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Next-Generation Firewall Security Value Map
NSS Labs:
Source: NSS Labs 2014
The NGFW Security Value Map shows the
placement of Cisco® ASA with FirePOWER
Services and the FirePOWER™ 8350 as
compared to other vendors. All products
achieved 99.2 percent in security effectiveness.
Now customers can be confident they’ll get the
best protections possible, regardless of
deployment.
21 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
NSS Labs: Intrusion Prevention Systems Security Value Map
Source: NSS Labs 2014
Based on individual and comparative testing of
vendors in the IPS market Cisco FirePOWER™
NGIPS* leads the Security Value Map and
provides the best protection possible while
also leading
the class in total cost of ownership.
* Formerly Sourcefire FirePOWER
Sourcefire Virtual IPS Sourcefire 3D8120 Sourcefire 3D8250 Sourcefire 3D8260
22 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
NSS Labs: Breach Detection Systems Security Value Map
Source: http://blogs.cisco.com/tag/nss-labs
For the second year in a row, we have third-
party validation from NSS Labs that we provide
the most effective security available in the
market today. Cisco Advanced Malware
Protection (AMP) was tested along with seven
other vendors and achieved a 99.2% security
effectiveness score – the highest of all vendors
tested in the 2015 NSS Labs Security Value Map
(SVM) for Breach Detection Systems.
23 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Check out these additional resources
Cisco Security Blogs:
http://blogs.cisco.com/security
Cisco ASA NGFW Data Sheet:
http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/
datasheet-c78-733916.html
Cisco Talos Security Intelligence & Research:
http://www.cisco.com/c/en/us/products/security/talos.html
http://www.talosintel.com/
Cisco Security Advisories & Alerts:
http://tools.cisco.com/security/center/home.x
BRKSEC-2010 – Emerging Threats – The State of Cyber Security (Cisco Live 2015 San Diego):
https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=84150&backBtn=true
Top Related