Post on 29-Jan-2017
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 1
Cisco ASA 5500F W a n d I P S in D e t a il
Ramón V i ñal sC C I E , C I S S P , C C S Pr v i n al s @ c i s c o . c o m
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 2
� Integrates and extends the #1 d e p l o y e d g a t e w a y c o n t e n t s e c u r i t y t e c h n o l o g y to p ro tec t f ro m v i ru ses, sp y w are, sp am , p hi shi ng, and em p l o y ee p ro du c ti v i ty i m p ac ti ng w eb si tes
Market-L ead i n g C o n ten t S ec u ri ty� Integrates and extends the #1 d e p l o y e d I P S a n d I D S t e c h n o l o g yf ro m the C i s c o I P S 4 2 0 0 S e r i e s
� P ro v i des c o m p rehensi v e sec u ri ty f ro m di rec ted attac k s and m any o ther threats
Market-L ead i n g I P S S erv i c es
� Integrates and extends the #1 d e p l o y e d r e m o t e a c c e s s V P N t e c h n o l o g y f ro m C i s c o V P N 3 0 0 0 C o n c e n t r a t o r s a n d C i s c o P I X S e c u r i t y A p p l i a n c e s , o f f eri ng b o thS S L and IP sec V P N serv i c es
Market-L ead i n g V P N S erv i c es� Integrates and extends the #1 d e p l o y e d f i r e w a l l t e c h n o l o g y f ro m C i s c o P I X S e c u r i t y A p p l i a n c e s
� B u i l t u p o n the exp eri enc e o f o v ero ne m i l l i o n P IX dep l o y ed w o rl dw i deand 1 0 + y ears o f i nno v ati o n
Market-L ead i n g F i rew al l S erv i c es
Cisco ASA 5500 Adaptive Security AppliancesD e l i v e r i n g L e ad i n g T h r e at D e f e n s e an d V P N S e r v i c e s
P r o v i d e s C o n v e r g e d T h r e a t D e f e n s e , F l e x i b l e S e c u r e C o n n e c t i v i t y ,M i n i m i z e d O p e r a t i o n C o s t s , a n d U n i q u e A d a p t i v e D e s i g n t o C o m b a t F u t u r e T h r e a t s
Market-L ead i n g S ec u re U n i f i ed C o m m u n i c ati o n s� Comprehensive access control, threat protection, network policies, service protection and
voice/ vid eo conf id entiality f or real-time U nif ied Commu nications traf f ic
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 3
T eleworker B ranch O f f ice
I nternetE d g e
ASA 5550
Cisco ASA 5500 Series Adaptive Security AppliancesS o l u t i o n s Ran g i n g f r o m D e s k t o p t o D at a C e n t e r
ASA 5580-2 0
ASA 5580-4 0
ASA 5505
•• I nteg rates, marketI nteg rates, market--proven f irewall, S S L / I P sec, I P S ,proven f irewall, S S L / I P sec, I P S ,and content secu rity technolog iesand content secu rity technolog ies
•• E x tensib le mu ltiE x tensib le mu lti--processor architectu re d elivers processor architectu re d elivers hig h concu rrent services perf ormance and hig h concu rrent services perf ormance and sig nif icant investment protectionsig nif icant investment protection
•• F lex ib le manag ement lowers cost of ownershipF lex ib le manag ement lowers cost of ownership•• E asyE asy --toto--u se W ebu se W eb --b ased u ser interf aceb ased u ser interf ace•• N u merou s certif ications and award sN u merou s certif ications and award s•• A nd mu ch moreA nd mu ch more……
D ata Center
ASA 554 0
ASA 552 0
ASA 551 0
Cisc
o AS
A 55
00 Platfo
rms
N e w
N e w
Campu s
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 4
CiscoA S A 5 5 2 0
Cisco ASA 5500 Series P roduct L ineupS o l u t i o n s Ran g i n g f r o m S M B t o I n t e r n e t E d g e
CiscoA S A 5 5 1 0
CiscoA S A 5 5 0 5
N e t w o r k L o c a t i o n SM B a n d SM E E n t e r p r i s eT e l e w o r k e r /
B r a n c h O f f i c e /SM B
P e r f o r m a n c eM a x F i r e w a l lM a x F i r e w a l l + I P SM a x I P Se c V P NM a x I P Se c / SSL V P N P e e r s
3 00 M b p s3 00 M b p s1 7 0 M b p s2 50/ 2 50
4 50 M b p s3 7 5 M b p s2 2 5 M b p s7 50/ 7 50
1 50 M b p sF u t u r e1 00 M b p s2 5/ 2 5
P l a t f o r m C a p a b i l i t i e sM a x F i r e w a l l C o n n sM a x C o n n s / Se c o n dP a c k e t s / Se c o n d ( 6 4 b y t e )B a s e I / OV L AN s Su p p o r t e dH A Su p p o r t e d
50, 000/ 1 3 0, 0006 , 0001 9 0, 0005 F E50/ 1 00
A/ A a n d A/ S ( Se c P l u s )
2 80, 0009 , 0003 2 0, 000
4 G E + 1 F E1 50
A/ A a n d A/ S
1 0, 000/ 2 5, 0003 , 00085, 000
8-p o r t F E s w i t c h3 / 2 0 ( t r u n k )St a t e l e s s A/ S ( Se c P l u s )
CiscoA S A 5 5 40
I n t e r n e tE d g e
500 M b p s6 50 M b p s ( 1 4 00)
3 2 5 M b p s5000 / 2 500
4 00, 0002 5, 000500, 000
4 G E + 1 F E8 G E + 1 F E
2 00A/ A a n d A/ S
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 5
Cisco ASA 5500 Series H ig h -E nd L ineup S o l u t i o n s Ran g i n g f r o m I n t e r n e t E d g e t o D at a C e n t e r
N e t w o r k L o c a t i o n
P e r f o r m a n c eM a x F i r e w a l l ( R e a l -w o r l d H T T P )M a x F i r e w a l l ( U D P 1 4 00/ J u m b o )M a x I P Se c V P NM a x I P Se c / SSL V P N P e e r s
P l a t f o r m C a p a b i l i t i e sM a x F i r e w a l l C o n n sM a x C o n n s / Se c o n dP a c k e t s / Se c o n d ( 6 4 b y t e )B a s e I / OM a x I / OV L AN s Su p p o r t e dH A Su p p o r t e d
CiscoA S A 5 5 5 0
I n t e r n e tE d g e
1 G b p s1 . 2 G b p s ( 1 4 00)4 2 5 M b p s5000 / 5000
6 50, 0003 6 , 0006 00, 000
8 G E + 1 F E8 G E + 1 F E
2 50A/ A a n d A/ S
CiscoA S A 5 5 8 0 -2 0
C a m p u s /D a t a C e n t e r
5 G b p s1 0 G b p s ( J u m . )
1 G b p s1 0, 000 / 1 0, 000
1 , 000, 0009 0, 0002 , 500, 0002 M g m t
2 4 G E / 1 2 1 0G E1 00 ( 2 50* )A/ A a n d A/ S
CiscoA S A 5 5 8 0 -40
D a t a C e n t e r
1 0 G b p s2 0 G b p s ( J u m . )
1 G b p s1 0, 000 / 1 0, 000
2 , 000, 0001 50, 0004 , 000, 0002 M g m t
2 4 G E / 1 2 1 0G E1 00 ( 2 50* )A/ A a n d A/ S
N e w N e wCisco
A S A 5 5 40
I n t e r n e tE d g e
500 M b p s6 50 M b p s ( 1 4 00)
3 2 5 M b p s5000 / 2 500
4 00, 0002 5, 000500, 000
4 G E + 1 F E8 G E + 1 F E
2 00A/ A a n d A/ S
* S u p p o r t e d i n a f u t u r e s o f t w a r e r e l e a s e
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 6
W ide-R ang e of Cisco ASA 5500 SeriesSecurity Service M odules ( SSM s)
• P ro v i des f u l l -f e a t u r e d I P S a n d I D S s e r v i c e s f o r p ro tec ti o n o f c ri ti c al netw o rk assets• A v ai l ab l e i n tw o m o del s: S S M -1 0 and S S M -2 0• D el i v ers u p to 4 5 0 M b p s o f IP S thro u ghp u t• H as thu m b sc rew s f o r easy i nserti o n/ rem o v al• 1 0 / 1 0 0 / 1 0 0 0 o u t-o f -b and m anagem ent p o rt• S u p p o rted o n A S A 5 5 1 0 , 5 5 2 0 , and 5 5 4 0
I P S S ecu rity S ervices M od u le ( A I P S S M )
C o n t e n t Se c u r i t y Se r v i c e s M o d u l e ( C SC SSM ) • P ro v i des f u l l -f e a t u r e d A n t i -X s e r v i c e s( anti -v i ru s, anti -sp y w are, anti -sp am ,anti -p hi shi ng, U R L f i l teri ng, and m o re)
• A v ai l ab l e i n tw o m o del s S S M -1 0 and S S M -2 0• A nti -v i ru s and anti -sp y w are serv i c es l i c ensed b y nu m b er o f u sers, o thers o p ti o nal add-o n• S u p p o rted o n A S A 5 5 1 0 , 5 5 2 0 , and 5 5 4 0
4-P ort G E S ervices M od u le ( 4G E S S M )• I/ O m o du l e o f f ers f o u r c o p p e r 10 / 10 0 / 10 0 0 p o r t s i n addi ti o n to f o u r S F P p o r t s f o ri m p ro v ed f l exi b i l i ty and netw o rk segm entati o n• C u sto m ers c an u se u p -to f o u r p o rts to tal o u t o f these ei ght p o rts, w i th the ab i l i ty to m i x and m atc h c o p p er and o p ti c al G E p o rts• S u p p o rted o n A S A 5 5 1 0 , 5 5 2 0 , and 5 5 4 0
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 7
Cisco ASA 5500 Series: Breadth and DepthIndustry First Scalable, Multi-Functio n, Feature R ich A p p liance
� M u l t i -l a y e r p a c k e t a n d t r a f f i c a n a l y s i s� A d v a n c e d a p p l i c a t i o n a n d p r o t o c o l i n s p e c t i o n s e r v i c e s� N e t w o r k a p p l i c a t i o n c o n t r o l s� A d v a n c e d V o I P / m u l t i m e d i a s e c u r i t y
� F l e x i b l e u s e r a n d n e t w o r k b a s e d a c c e s s c o n t r o l s e r v i c e s� S t a t e f u l p a c k e t i n s p e c t i o n� I n t e g r a t i o n w i t h p o p u l a r a u t h e n t i c a t i o n s o u r c e s i n c l u d i n gM i c r o s o f t A c t i v e D i r e c t o r y , L D A P , K e r b e r o s , a n d R S A S e c u r I D
� R e a l -t i m e p r o t e c t i o n f r o m a p p l i c a t i o n a n d O S l e v e l a t t a c k s� N e t w o r k -b a s e d w o r m a n d v i r u s m i t i g a t i o n� S p y w a r e , a d w a r e , m a l w a r e d e t e c t i o n a n d c o n t r o l� O n -b o x e v e n t c o r r e l a t i o n a n d p r o a c t i v e r e s p o n s e
� L o w l a t e n c y� D i v e r s e t o p o l o g i e s� M u l t i c a s t s u p p o r t
� S e r v i c e s v i r t u a l i z a t i o n� N e t w o r k s e g m e n t a t i o n & p a r t i t i o n i n g� R o u t i n g , r e s i l i e n c y , l o a d -b a l a n c i n g
� T h r e a t p r o t e c t e d S S L a n d I P S e c V P N s e r v i c e s� Z e r o -t o u c h , a u t o m a t i c a l l y u p d a t e a b l e I P S e c r e m o t e a c c e s s� F l e x i b l e c l i e n t l e s s a n d f u l l t u n n e l i n g c l i e n t S S L V P N s e r v i c e s� Q o S / r o u t i n g -e n a b l e d s i t e -t o -s i t e V P N
F i r e w a l l w i t h A p p l i c a t i o n L a y e r S e c u r i t y
A c c e s s C o n t r o la n dA u t h e n t i c a t i o n
I P S a n d A n t i -X D e f e n s e s
C i s c o I n t e l l i g e n t N e t w o r k i n gS e r v i c e s
S S L a n d I P S e cC o n n e c t i v i t y
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 8
F ir e w a l l Sp e cia l F e a t u r e s
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 9
O v e r 3 0 E n g i n e sO v e r 3 0 O v e r 3 0 E n g i n e sE n g i n e s
Application I nspection & Control E ng ines P r o v i d e C o n t r o l o v e r A p p l i c at i o n U s ag e & N e t w o r k A c c e s s
� Application and protocol-aw are ins pe ction s e rv ice s prov ide s trong application-lay e r s e cu rity and de taile d policy controls
� P e rf orm conf orm ance ch e ck ing , s tate track ing , s e cu rity ch e ck s , N AT / P AT , dy nam ic port allocation, and of f e r a w ide rang e of controlsf or b u s ine s s e s to s e t application-lay e r policie s
U n i f i e d C o m m u n i c a t i o n sSIP
SC C P ( Sk i n n y )H . 3 2 3 v 1 –4
G T P ( 3 G M o b i l e W i r e l e s sM G C P
T R P/ R T C P/ R T SPT A PI/ J T A PI
S p e c i f i c A p p l i c a t i o n sM i c r o s o f t W i n d o w s M e s s e n g e r
M i c r o s o f t N e t M e e t i n gR e a l Pl a y e r
C i s c o IP Ph o n e sC i s c o So f t p h o n e s
C o r e I n t e r n e t P r o t o c o l sH T T PF T PT F T P
SM T P/ E SM T PD N S/ E D N S
IC M PT C PU D P
D a t a b a s e / O S S e r v i c e sIL S/ L D A P
O r a c l e / SQ L * N e t ( V 1 / V 2 )M i c r o s o f t R PC / D C E R PCM i c r o s o f t N e t w o r k i n g
N F SR SH
Su n R PC / N IS+X W i n d o w s ( X D M C P)
S e c u r i t y S e r v i c e sIK EIPSe cPPT P
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 10101010
Advanced W eb T raf f ic SecurityP r o t e c t s N e t w o r k s f r o m W e b -b as e d T h r e at s
� Advanced HTTP inspection services help protect from w eb -b as ed attac ksand other ty pes of “p o rt 8 0 m i s u s e”
Inc l u des c u sto m i z ab l e p o l i c i es f o r d e t e c t i n g a n d b l o c k i n g t u n n e l e d a p p l i c a t i o n s a n d a t t a c k s , i nc l u di ng:
Instant m essagi ng ap p l i c ati o ns ( A I M , M S N M e s s e n g e r , Y a h o o )P eer-to -p eer ap p l i c ati o ns ( K a Z a A )
O f f ers c o m p l e t e c o n t r o l o v e r u sage o f t e x t -b a s e d i n s t a n t m e s s a g i n g , f i l e t r a n s f e r s , v i d e o c h a t , w h i t e b o a r d i n g , and m o re!P ro v i des p o w e r f u l r e g u l a r e x p r e s s i o n ( r e g e x ) m a t c h i n g c ap ab i l i ti es to detec t adm i ni strato r c u sto m i z ab l e stri ngs and o p ti o nal l y b l o c k , rate l i m i t, and/ o r l o g traf f i c
� D eep inspection services p ro v i d e b u s i n es s es c o n tro l over w hat actions u sers can perform w hen accessing w eb sites
P erf o rm s R F C c o m p l i anc e c hec k i ng f o r p r o t o c o l a n o m a l y d e t e c t i o nS u p p o rts H T T P c o m m a n d f i l t e r i n g f o r p rec i se c o ntro l o v er ho w w eb serv ers are ac c essed, p ro v i di ng a stro ng l i ne o f def ense f ro m a range o f k no w n and u nk no w n attac k sP ro v i des M I M E t y p e f i l t e r i n g and c o n t e n t v a l i d a t i o n c ap ab i l i ti es
P r o t e c t i o n A g a i n s t P e e r -t o -P e e r , I M , a n d M a i l A t t a c h m e n t T h r e a t s ;E n s u r i n g N e t w o r k P e r f o r m a n c e b y C o n t r o l l i n g A p p l i c a t i o n A b u s e
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 11
I nnovative Security f or U nif ied Com m unications P r o t e c t C i s c o C o mmu n i c at i o n M an ag e r an d I P P h o n e s
� E nsu re S I P, S C C P, H. 3 2 3 , M G C P req u ests conform to standards
� Prevent inappropriate S I P M ethods from b eing sent to C ommu nication M anag er
� N etw ork R ate L imit S I P R eq u ests
� Policy enforcement of calls (w hitelist, b lack list, caller/ called party , S I P U R I )
� D y namic port opening for C isco applications
� E nab le only “reg istered phones” to mak e calls
� E nab le inspection of encry pted phone calls
I n tern et
W A N
C i s c o A S A w i t h S S L V P N
Cisco S ecu rity A g ent ( CS A )
Cisco A S A with V P N
Cisco A S A with I P S and
V P N
P r o t e c t i o n A g a i n s t A t t a c k s O n U n i f i e d C o m m u n i c a t i o n s C a l l C o n t r o l , E n d p o i n t s A n d A p p l i c a t i o n s
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 12
I P S D e e p D ow n
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 13
• M od u lar inspection eng ines: R espond rapid ly with minimal d owntime
• B ehavioral anomaly d etection: P rotect ag ainst z ero-d ay attacks
• D y namic risk-b ased threat rating : A d apt threats policy in real time
• T he most d iverse line of I P S sensors: T he rig ht tool f or the rig ht j ob , any where in the network
• I P S integ rated into the f ab ric of the network
• B u ilt on Cisco secu rity and network intellig ence
I n t r a n e t
Cisco I ntrusion P revention Strateg y Com preh ensive T h reat P rotection f or th e SD N
• O n-b ox and networkwid e correlation to provid e g reater accu racy and conf id ence
• E nd point and network sensors sharing live network inf ormation
• R ed u ced operational costs with a common, solu tion-b ased manag ement interf ace
Adaptive C o l l ab o r ativeI n teg r atedL o c ati o n Matters F o c u s ed P ro tec ti o n B etter T o g eth er
E n d p o i n t P r o t e c t i o n
B r a n c h P r o t e c t i o n
P e r i m e t e r P r o t e c t i o n
D a t a C e n t e r P r o t e c t i o n
Se r v e r P r o t e c t i o n
M o n i t o r i n g a n d C o r r e l a t i o n
So l u t i o n M a n a g e m e n t
I n t e r n e t
C i s c o ®Se c u r i t y Ag e n t
C i s c o Se c u r i t y M a n a g e r
C i s c o C a t a l y s t ®Se r v i c e s M o d u l e s
C i s c o I n t e g r a t e d Se r v i c e s R o u t e r s
C i s c o ASA 5500 Ad a p t i v e Se c u r i t y
Ap p l i a n c eC i s c o Se c u r i t yM AR S
C i s c o I P S 4 2 00 Se r i e s
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 14
Cisco Intrusion Prevention SolutionCisco IPS Sensors
IPS M a na g em ent
Cisco Secu rit y Int el l ig ence Serv ices
� D edicated Appliances� AS A I PS� I S R w ith I PS� C ataly st I D S M 2� C isco S ecu rity Ag ent
� C S -M anag er� C S -M AR S� C S A-M C� “I E V + ”� D evice M anag ement
� C isco I PS S ig natu re S ervices
� C isco I ntellishield� C isco Applied I ntellig ence
� C isco S ecu rity C enter
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 15
� P rev ents i nstal l ati o n o f m al w are and b l o c k s “p ho ne ho m e” c o m m u ni c ati o ns
� F rees netw o rk b andw i dth and c o ntro l s the transm i ssi o n o f c o nf i denti al data
� R em o v es traf f i c am b i gu i ti es su c h as o v erw ri tten f ragm ents, T C P segm ent o v erw ri tes, T T L di sc rep anc i es
� S i m u l ates end ho st b ehav i o r to i nc rease i nsp ec ti o n ac c u rac y
� C o ntro l s c o rp o rate esp i o nage� S to p s w eb def ac i ng b y p rev enti ng w eb attac k s
� P rev ents z o m b i e, b ac k do o r, and b o t p l ac em ent thu s sto p p i ng au to m ated attac k s ( e. g. , deni al o f serv i c e ( D o S )
Cisco I P S O f f ers M ulti-V ector T h reat I dentif icationD e l i v e r s B r o ad A t t ac k an d M al w ar e P r o t e c t i o n
� S to p s the i nf ec ti o n and p ro p agati o n o f m al w are
� L ev erages i nternal dev el o p m ent and p artnershi p w i th T rend M i c ro
T r af f i c C l e an s i n g
N e t w o r k W o r ms & V i r u s e sS p y w ar e / A d w ar e
D i r e c t e d A t t ac k s
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 16
R ed ucing th e G ra y : U ncertainty E q uals R isk and Cost
I nef f icient;H ig h ly M anual
E f f icient O perationsE f f ective Security
G O O D : Al l o w
R E L E V AN T : P as s an d L o g
S U S P I C I O U S : P as s an d Al ar m
B AD : B l o c k
GOOD: Allow
R e l e v a n t : P a s s a n d L o gS u s p i c i o u s : P a s s a n d A l a r m
B AD: B loc k
N A CT raf f i c S h ap i n g
I P S
I P S ,A n ti -X , D D o S ,
F i rew al l
Mo n i to ri n g & C o rrel ati o n
Self -D ef ending N etw ork
I nef f icient;H ig h ly M anual
E f f icient O perationsE f f ective Security
G o o d: Al l o w
R el evan t: P as s an d L o g
S u s pic io u s : P as s an d Al ar m
B ad: B l o c k
Good : Allow
R e l e v a n t : P a s s a n d L o gS u s p i c i o u s : P a s s a n d A l a r m
B a d : B loc k
N A CT raf f i c S h ap i n g
I P S
I P S ,A n ti -X , D D o S ,
F i rew al l
Mo n i to ri n g & C o rrel ati o n
Self -D ef ending N etw ork
Slide 16
BH1 Monitoring and CorrelationContent Security (instead of Anti-X)Bonnie Hupton, 2/26/2008
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 17
Cisco IPS Intellig ent D etection
������������ ��� ��� �
� ������������������ ���������� ���� ���� ����� ���� �� � ����� � �� ����� � � ����� � ���� �
� � ��� � �� ������ �� �� �� �� � ���� �� �� � ������� ������ ������ �� ��� ��� ��������
� � � � ���� �������� ���� ���� �� ��� ������ � �� ������ �
� � � ��� ��� � �� ��� �
� �� �� � ����� �� �! ���� "� �� � ������ ��� �������� ������� ��������
� # � ������ ���� �� � �� ����� ���� ���� � ��� � ���� �� �� ������ ������ � ���������
� $ % � ������ � ���� �� � ��� � ��������� ��� �� ����& ����� ��� ' ���� �� � �( ����) � ��� # � ������ �������
������������ ��� � � � ���� ��� �� � ��
� $ ���� ���! ���� � �! ���� � � ���� �� ������ �� �� ����� ��� ���� ��� ������� ���% � ����
� * ���� ������ ����� ���� �� ��������� � �� ������������+ �� , - . �� � ������� �� ����
� / �� ��� �� �������� �� ������ ��� ���� � ����� �� ���! ���� � ��������� ���� �����
Slide 17
BH2 pls add bullet in first boxmiddle box needs to be larger to include all textBonnie Hupton, 2/26/2008
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 18
V ulnera b ility -F ocused Sig na turesf or U nparalleled Coverag e
Cisco® com m it m ent t o v u l nera b il it y -f ocu sed sig na t u res p rov id es ex cep t iona l d et ect ion of b ot h k now n a nd t est ed ex p l oit s a s w el l a s ex p l oit s y et t o b e w rit t en ( d a y -z ero ex p l oit s. )
Cisco® com m it m ent t o v u l nera b il it y -f ocu sed sig na t u res p rov id es ex cep t iona l d et ect ion of b ot h k now n a nd t est ed ex p l oit s a s w el l a s ex p l oit s y et t o b e w rit t en ( d a y -z ero ex p l oit s. )
3 0 0 0 V u lnerab ility -F ocu sed S ig natu res
3 0 , 0 0 0K now n E x ploitsand V ariants
C ou ntless E x ploitV ariants
Y et to B e W ritten
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 19
N orm a liz er M od ule
Cisco® a nt i-ev a sion t ech nol og y d et ect s d ecep t iv e a t t a ck t ech niq u es t h a t m a y g o u nd et ect ed b y ot h er IPS d ev ices. T h is a d a p t iv e t ech nol og y p rov id es p rot ect ion a g a inst som e of t h e m ost d a ng erou s t ool s cu rrent l y u sed b y a t t a ck ers t od a y .
➼➼➼➼➼➼➼➼
➼➼➼➼
➼➼➼➼
➼➼➼➼➼➼➼➼ ➼➼➼➼“C orrect” S tream
S tream w ith E vasion Attempt
➼➼➼➼➼➼➼➼➼➼➼➼ ➼➼➼➼“N ormaliz ed”S tream
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 20
E v e n t 3
L oca l E vent Correla tionP rotection f rom M ultivector Attack s
➼➼➼➼
Sing l e ev ent s m a y a p p ea r norm a l w h en t a k en a l one, b u t m a y ind ica t e a m u l t iv ect or a t t a ck w h en t a k en t og et h er. U nl ik e secu rit y ev ent m a na g er-b a sed correl a t ion, l oca l ev ent correl a t ion ena b l es t h e IPS t o t a k e p rev ent iv e a ct ion before t h e end sy st em is com p rom ised .
Sing l e ev ent s m a y a p p ea r norm a l w h en t a k en a l one, b u t m a y ind ica t e a m u l t iv ect or a t t a ck w h en t a k en t og et h er. U nl ik e secu rit y ev ent m a na g er-b a sed correl a t ion, l oca l ev ent correl a t ion ena b l es t h e IPS t o t a k e p rev ent iv e a ct ion before t h e end sy st em is com p rom ised .
➼➼➼➼➼➼➼➼
I PS Passes M u ltivector Attack
I PS W ith Local Event C or r elati on B lock s M u ltivector Attack
E v e n t 1
E v e n t 3
E v e n t 2
E v e n t 1
E v e n t 2
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 21
� Anomaly-d e t e c t i on alg or i t h ms t o d e t e c t and s t op z e r o-d ay t h r e at s � R e al-t i me le ar ni ng of nor mal ne t w or k b e h av i or� Au t omat i c d e t e c t i on and p oli c y-b as e d p r ot e c t i on f r om anomalou s t h r e at s t o t h e ne t w or k
� Result: P r ot e c t i on ag ai ns t at t ac k s f or w h i c h t h e r e i s no s i g nat u r e
Internet
R ea l-T im e A nom a ly D etection f or Z ero-D a y T h rea ts
T r a f f i c C o n f o r m s t o B a s e l i n e
T r a f f i c C o n f o r m s t o B a s e l i n e
A n o m a l o u s A c t i v i t y D e t e c t e d , I n d i c a t i n g P o t e n t i a l Z e r o -D a y A t t a c k
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 22
Protocol-A nom a ly D etection
Internet
Potential Buffer O v erflow Attac kPotential Buffer O v erflow Attac k
AA
BB
CC
T rans ac tion A
T rans ac tion B
T rans ac tion C
W eb S erver C lu ster
➼➼➼➼➼➼➼➼
P r ot oc ol-anomaly d e t e c t i on p r ot e c t s ag ai ns t z e r o-d ay at t ac k s on u nk now n v u lne r ab i li t i e s .P r ot oc ol-anomaly d e t e c t i on p r ot e c t s ag ai ns t z e r o-d ay at t ac k s on u nk now n v u lne r ab i li t i e s .
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 23
Ri skRa ti n g
E v ent S ev erity
S ig nature F id elity
Attac kR elev anc y
As s et V alueof T arg et
I s Attac k R elev ant to H os t Being Attac k ed ?
H ow Prone to F als e Pos itiv e?
H ow Critic al I s th is D es tination H os t?
H ow U rg ent I s th e T h reat?
D e c i s i on S u p p or t B alanc e s At t ac k U r g e nc y w i t h B u s i ne s s R i s k
++++
Accurate P revention T ech nolog iesRi sk Ra ti n g P r o v i d es T h r ea t C o n tex t
D r i v es M i ti g a ti o n P o li c y
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 24
� C i s c o S e c u r i t y Ag e nt ( C S A) p r ov i d e s not i on of s u s p i c i ou s h os t s t h r ou g h C S A W at c h L i s t
� I P S S e ns or r i s k s e ns i t i v i t y i nc r e as e d d ynami c ally f or s u s p i c i ou sh os t s ( r i s k r at i ng i nc r e as e )
� Result: B e t t e r manag e r i s k f r om s u s p i c i ou s s ou r c e s
1. Attacker tries to brute force attack an in tern al serv er
2 . C S A bl ocks th e attack an d ad d s attacker to its w atch l ist
3 . C S A col l aboratin g w ith C isco I P S is abl e to d y n am ical l y el ev ate th e R isk R atin g th resh ol d for attacks com in g from th e attacker
4 . F uture attacks from h acker are bl ocked at th e I P S d ev ice
N ew in I P S 6 . 0:V i si b i li ty to E n d p o i n t T r ustw o r th i n ess – C S A C o lla b o r a ti o n
N ew !
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 25
N etw ork S can n erA
W in d ow s S erv er L in ux S erv erN ot Vul n erabl eF il ter E v en t
Vul n erabl eI n crease R isk R atin g
E v en t / Action F il terin gM on itorin g C on sol e:
N on -rel ev an t ev en ts fil teredAttacker in itiates I I S attack d estin ed for serv ers
� C ont e x t u al i nf or mat i on on at t ac k t ar g e t u s e d t o r e f i ne s e c u r i t y r e s p ons e
� C ont e x t u al i nf or mat i on g at h e r e d t h r ou g h : � P as s i v e O S f i ng e r p r i nt i ng � S t at i c O S map p i ng f or e x c e p t i on h and li ng
� D ynami c R i s k R at i ng ad j u s t me nt b as e d on at t ac k r e le v anc e� Result: M or e ap p r op r i at e and e f f e c t i v e s e c u r i t y r e s p ons e ac t i ons
N ew in I P S 6 . 0:E n d p o i n t A tta c k Relev a n c e V i si b i li ty N ew !
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 26
Internal Zone 2
Internal Zone 3
� Anomaly d e t e c t i on alg or i t h ms t o d e t e c t and s t op D ay-Z e r o t h r e at s � R e al-t i me le ar ni ng of ne t w or k b as e li ne s� Au t omat i c d e t e c t i on and p oli c y-b as e d p r ot e c t i on f r om anomalou s t h r e at s t o t h e ne t w or k
� Result: P r ot e c t i on f or ag ai ns t at t ac k s f or w h i c h t h e r e i s no s i g nat u r e
Internet
Internal Zone 1
G rap h ic rep res entation of traffic ty p e and
am ounts
N ew in I P S 6 . 0:Rea l-ti m e A n o m a ly D etec ti o n f o r D a y Z er o T h r ea ts N ew !
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 27
IPS and Security Serv ices
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 28
Cisco Security Intellig ence
I ntelliS h ieldI ntelliS h ield
Cis c o PS I R TCis c o PS I R T
I PS S ig nature T eam
I PS S ig nature T eam
Ap p lied I ntellig enc eAp p lied
I ntellig enc e
C ri ti c a l Inf ra s tru c tu re A s s u ra nc e G ro u p
C ri ti c a l Inf ra s tru c tu re A s s u ra nc e G ro u p
Cis c o S T ATCis c o S T AT
G l ob a l Secu rit y A na l y st s• I P S s i g nat u r e d e v e lop me nt• V u lne r ab i li t y r e s e ar c h• P r od u c t s e c u r i t y t e s t i ng• I nc i d e nt manag e me nt• C i s c o® s e c u r i t y mi t i g at i on e x p e r t i s e
• G lob al c r i t i c al i nf r as t r u c t u r e s e c u r i t y r e s e ar c h
Cis c o G lob al I PS S ig nature T eamCis c o G lob al I PS S ig nature T eam
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 29
Cisco I P S Sig nature D elivery P rocess
Create N ewS ig natureCreate N ewS ig natureAnaly z e
V ulnerab ilityAnaly z e
V ulnerab ility
T es t S ig natureI nteg rationT es t
S ig natureI nteg ration
T es t S ig natureF ieldT es t
S ig natureF ield
Pub lis hS ig naturePub lis hS ig nature
D is c ov ery , Analy s is , and S ig nature G enerationD is c ov ery , Analy s is , and S ig nature G eneration
T es ting and Pub lis h ingT es ting and Pub lis h ing
D is c ov erV ulnerab ilityD is c ov er
V ulnerab ility
C ritical : 8 h oursU rg en t: 2 4 h oursS tan d ard : 1 w eek
O v erallProc es s T im e
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 30
Cisco Services f or Intrusion Prevention Sy stem s ( IPS)
Customer Profile� C u s t o m e r s w h o h a v e C i s c o I P S p r o d u c t s� E x p e r i e n c i n g a n a t t a c k o f p l a n n i n g f o r t h e f u t u r e� N e e d t o r e d u c e t h e c o m p l e x i t y o f k e e p i n g p a c e w i t h a r a p i d l y
e v o l v i n g s e c u r i t y e n v i r o n m e n t S erv ic e S a les a n d D eliv ery� S o l d b y C i s c o a n d c e r t i f i e d p a r t n e r s , d e l i v e r e d b y C i s c oS erv ic e Ca p a b ilities a n d F ea tures� I P S S i g n a t u r e f i l e u p d a t e s� O p e r a t i n g s y s t e m u p d a t e s a n d u p g r a d e s� A d v a n c e h a r d w a r e r e p l a c e m e n t —(N B D , 2 -h o u r , 4 -h o u r , o n s i t e )� 2 4 x 7 d i r e c t c u s t o m e r a c c e s s t o C i s c o E n g i n e e r s a t t h e T A C � C i s c o .c o m k n o w l e d g e b a s e a n d t o o l s L B
Cisco Serv ices f or IPS
S P
S ecu rity intellig ence information, sig natu re file u pdates, and comprehensive su pport help to maintain integ rity and privacy of sensitive information, reliab ility , and stab ility of netw ork protect y ou r b u siness from crippling attack s and
S M B1 0 1 0 0 0 1 0 0 0 1 0 0 1 0 0 1 1 1 1 1 0
Match P atte r n
A n d O r N o t
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 31
Cisco Security CenterI n f o r m , P r o t e c t , an d R e s p o n d
w w w . c i s c o . c o m / s e c u r i t y� Event-b a s ed , ea r l y -w a r ni ng s ec u r i ty i ntel l i g enc e
� C o m p r eh ens i ve a l er t a na l y s i s a nd m i ti g a ti o n s o l u ti o ns
� R ea l -ti m e e-m a i l th r ea t, vi r u s , a nd s p a m tr a c k i ng a nd tr end i ng
� Ea s y a c c es s to c o m p r eh ens i ve s ec u r i ty b es t-p r a c ti c e g u i d a nc e
Featured Content� C i s c o ® 2 0 0 7 S ec u r i ty A nnu a l R ep o r t
� 2 0 0 8 m a j o r ri s k c a teg o ri es � 2 0 0 8 C i s c o ex p ert o u tl o o k
� C i s c o S ec u r i ty I ntel l i S h i el d C y b er R i s k R ep o r t p o d c a s t
� C i s c o S ec u r i ty I ntel l i S h i el d Event R es p o ns e r ep o r ts
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 32
Cisco Security Center: M ission Control
� S ix -mon th free tria l
� A p p lied mitig a tion b ulletin s
� CV S S sc ores
� PS I R T sec urity a lerts
� I n teg ra tion w ith I ron Port®
� I PS sig n a tures
Slide 32
BH3 IronPort is a registered TM, so needs a noun after. I don't know what it is. IronPort device?IronPort technologypls add a noun that is correct after IronPortBonnie Hupton, 2/27/2008
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 33
O th er A SA F eatures
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 34
Content Security and ControlSecurity Services Modules
Content Security in th e Cisco ASA 5500 Series
� C o m p r eh en si v e c o n ten t sec ur i tys e r v i c e s on a s i ng le mod u le
� I nc or p or at e s s e c u r i t y t e c h nolog y f r om T r en d M i c r o ’s aw ar d -w i nni ng I nt e r S c anV i r u s W all s u i t e
� S e amle s s manag e me nt and moni t or i ng t h r ou g h C i sc o A S D M , mu lt i -d e v i c e manag e me nt w i t h T r en d T M C M
� E nab le s a si n g le-b o x so luti o n f or all t h e ne e d s of t h e S M B
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 35
Threat TypesU n a u t h o r i z e d A c c e s s
I n t r u s i o n s a n d A t t a c k sI n s e c u r e C o m m s .
V i r u s e sS p y w a r eM a l w a r eP h i s h i n gS p a mI n a p p r o p r i a t e U R L sI d e n t i t y T h e f tO f f e n s i v e C o n t e n tNE
W Anti-X
Service
Exten
sion
s
P ro tec ti o n� R e s o u r c e a n d I n f o r m a t i o n A c c e s s P r o t e c t i o n
� H a c k e r P r o t e c t i o n� C l i e n t P r o t e c t i o n� D D o S P r o t e c t i o n� P r o t e c t e d E m a i l C o m m u n i c a t i o n� P r o t e c t e d W e b B r o w s i n g � P r o t e c t e d F i l e E x c h a n g e� U n w a n t e d V i s i t o r C o n t r o l� A u d i t a n d R e g u l a t o r y A s s i s t a n c e� N o n -w o r k R e l a t e d W e b S i t e s� I d e n t i t y P r o t e c t i o n
G ra nu l a r P o l i c y C o ntro l s
C o m p reh ens i v e M a l w a re P ro tec ti o n
A d v a nc ed C o ntent F i l teri ng
Integ ra ted M es s a g e S ec u ri ty
E a s y to U s e
C isco AS A 5 5 0 0 w ith C S C -S S M
Cisco ASA 5500 Content SecurityD eli v er i n g C o m p r eh en si v e P r o tec ti o n a n d C o n tr o l
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 36
Com preh ensive Secure ConnectivityV P N S er v i c es f o r A n y A c c ess S c en a r i o
Pub lic I nternet
AS A 5 5 0 0
Clientles s S S L V PN
Clientles s S S L V PN
Client-b as ed S S L or I PS ec V PN
P a rtner A c c es sR e q u i r e s “l o c k e d -d o w n ” a c c e s s t o s p e c i f i c e x t r a n e t r e s o u r c e s a n d a p p l i c a t i o n s
C o m p a ny M a na g ed D es k to pR e m o t e a c c e s s u s e r s r e q u i r e s e a m l e s s , e a s y t o u s e , a c c e s s t o c o r p o r a t e n e t w o r k r e s o u r c e s
P u b l i c K i o s kR e m o t e u s e r s m a y r e q u i r e l i g h t w e i g h t a c c e s s t o e -m a i l a n d w e b -b a s e d a p p l i c a t i o n s f r o m a p u b l i c m a c h i n e
C o m p a ny M a na g ed D es k to p s a t H o m eD a y e x t e n d e r s a n d m o b i l e e m p l o y e e s r e q u i r e c o n s i s t e n t L A N -l i k e , f u l l -n e t w o r k a c c e s s , t o c o r p o r a t e r e s o u r c e s a n d a p p l i c a t i o n s
Client-b as ed S S L or I PS ec V PN
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 37
T r a n s p a r e n t F i r e w a l l a n d I P S
E x i s ti n g N e tw o r k
V irtualiz ed Services and T ransparent O perationS i m p li f i es D ep lo y m en t a n d Red uc es O p er a ti o n a l C o sts
� S c alab le s e c u r i t y s e r v i c e s� Ad d s s u p p or t f or s e c u r i t y c ont e x t s ( v i r t u al f i r e w alls ) t o low e r op e r at i onal c os t s
E n a b les d ev ic e c on solid a tion a n d seg men ta tionS up p orts sep a ra ted p olic ies a n d a d min istra tion
� E as y t o d e p loy f i r e w all and I P S s e r v i c e s� I nt r od u c e s t r ans p ar e nt f i r e w all c ap ab i li t i e s f or r ap i d d e p loyme nt of s e c u r i t y
D rop s in to ex istin g n etw ork s w ith out n eed for rea d d ressin g th e n etw orkS imp lifies d ep loy men ts of in tern a l firew a llin ga n d sec urity z on in g —n ew a p p lic a tion s
D e p t/ C u s t 2
D e p t/ C u s t 1
D e p t/ C u s t 3
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 38
E nterprise-Class R esilient SecurityM ax im iz es U ptim e � C omprehensive mu lti-level resiliency protecting b u siness continu ity ag ainst component, link , or sy stem failu re� N ow inclu des redu ndant interface su pport for g reater availab ility� F u ll state sy nchroniz ation inclu ding mu ltimedia and voice protocols max iz es u ptime for mission-critical applications� I mproved b u siness continu ity w ith z ero-dow ntime u pg rades� Hig her sy stem reliab ility than softw are-on-server solu tions C isco AS A has 2 x the M TB F * than a server-b ased solu tion:
T y p ic a l serv er h a s M T B F of 5 0 k – 6 5 K h rsCisc o A S A h a s M T B F of 1 0 0 k – 1 5 0 K h rs
* M T B F c a l c u l a t i o n b a s e d o n T e l c o r d i a (B e l l c o r e ) S R -3 3 2 .
� Tig htly integ rated hig h availab ility services for firew all eases deploy ment and administration as opposed to third party approaches� R apid deploy ment throu g h the u ser-friendly Hig h Availab ility W iz ard
N ewi n 8 . 0 !
Active
Active
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 39
I ntellig ent N etw ork I nteg rationP r o v i d es S ea m less I n teg r a ti o n i n to N ex t-G en N etw o r k s
A d v an c ed N etw o rk S erv i c es� I nt r od u c e s mu lt i -p r ot oc ol ob j e c t g r ou p s f or s i g ni f i c ant ly s i mp li f i e d ob j e c t manag e me nt ( T C P , U D P , and I C M P ) – ne w i n 8 . 0 !
� S u p p or t s E I G RP ( ne w i n 8 . 0 ) , O S P F , and RI P v 2 d ynami c r ou t i ng
� P r ov i d e s Q o S tr a f f i c p r i o r i ti z a ti o n f or i mp r ov e d h and li ng of la ten c y sen si ti v e tr a f f i c
� Ad d s I P v 6 sup p o r t f or h yb r i d I P v 4 / I P v 6 ne t w or k e nv i r onme nt s
� D e li v e r s P I M sp a r se m o d e m ulti c a sts u p p or t f or i mp r ov e d s u p p or t f or s t r e ami ng d at a d e li v e r y s e r v i c e s , v i d e o c onf e r e nc i ng , and ot h e r mi s s i on-c r i t i c al r e al-t i me e nt e r p r i s e ap p li c at i ons
V V VV V VD D D D
Q ual ity of S erv ice
N ewi n 8 . 0 !
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 40
A SA M anag em ent
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 41
� C o n f i g u r a t i o n : A u t o U p d a t e , S S H , T e l n e t , X M L / H T T P S , a n d A S D M� R e a l -t i m e m o n i t o r i n g : S y s l o g , S N M P , H T T P S , a n d A S D M� S o f t w a r e u p d a t e s : A u t o U p d a t e , S C P , H T T P , H T T P S , a n d T F T P
W ide R ang e of M anag em ent SolutionsP r o v i d e S c a la b le, C o st O p ti m i z ed O p ti o n s f o r B usi n esses
� F a m i l y o f h i g h p e r f o r m a n c e a p p l i a n c e s d e s i g n e d t o p r o v i d e a u t o m a t e d a n a l y s i s o f s e c u r i t y e v e n t i n f o r m a t i o n t o h e l p i d e n t i f y , m a n a g e , a n d c o u n t e r a t t a c k s
� S u p p o r t s g e t t i n g e v e n t s f r o m w i d e r a n g e o f C i s c o a n d 3 rd p a r t y s o l u t i o n s —a n d a l s o a n a l y z e s N e t F l o w f o r a d d i t i o n a l i n t e l l i g e n c e
� O f f e r s e v e n t c o r r e l a t i o n , v i s u a l i z a t i o n , r u l e s e n g i n e , a n d r e p o r t i n g
� S c a l a b l e m a n a g e m e n t s o l u t i o n f o r w i d e r a n g e o f C i s c o s e c u r i t y s o l u t i o n s i n c l u d i n g r o u t e r s , s w i t c h e s , b l a d e s , a n d a p p l i a n c e s
� D e l i v e r s c e n t r a l i z e d m a n a g e m e n t o f f i r e w a l l , V P N , I P S / I D S , n e t w o r k i n g , a n d o t h e r s e r v i c e s v i a f l e x i b l e u s e r i n t e r f a c e
� S u p p o r t s d e v i c e g r o u p i n g f o r s i m p l i f i e d p o l i c y m a i n t e n a n c e� P r o v i d e s r o l e -b a s e d a d m i n a c c e s s a n d w o r k f l o w c a p a b i l i t i e s� A v a i l a b l e o n W i n d o w s (L i n u x v e r s i o n c o m i n g )
C i s c o S e c u r i t y M an ag e r ( C S -M an ag e r )
C i s c o M o n i t o r i n g an d R e s p o n s e S o l u t i o n ( C S -M AR S )
I n t e g r at e d R e m o t e M an ag e m e n t C ap ab i l i t i e s W i t h i n AS A
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 42
Cisco Adaptive Security D evice M anag er v6 . 0I n tr o d uc es a W ea lth o f N ew F ea tur es a n d U sa b i li ty E n h a n c em en ts
� F res h new interfac ep rov id es eas y ac c es s to all s erv ic es offered b y AS A
� S up p orts d rag -and -d ropand in-p lac e ed iting for s im p lified p olic y ed iting
� O ffers us er interfac e c us tom iz ation w ith d oc k ab le w ind ow s and toolb ars
� I ntrod uc es new F irew all D as h b oard th at p rov id es at-a-g lanc e s tatus of firew all s erv ic es
� Prov id es liv e ACL h itc ount in firew all rule tab le for eas y p olic y aud iting
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 43
Cisco A SD M v6 . 0 F ea ture H ig h lig h ts� Redesigned interface � S ecu rity D ash b o ards� P ack et T racer� P ack et C ap tu re W iz ard� S o ftw are U p gradeW iz ard
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 44
Cisco ASD M F eature H ig h lig h ts: P ack et T racerL i v e To o l to D eterm i n e D ay I n the L i f e o f a P ac k et
B e ne f i t s� E nab les policy tu ning and refining
� E nab les rapid trou b leshooting� S implifies fau lt isolation in complex policy environments
� F irst Pro-active D eb u g g ing Tool
P A C K E T T RA C I N GE nab les the inj ection of
arb itrary pack ets throu g h the sy stem to au dit policy
config u ration and enforcement
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 45
Cisco ASD M F eature H ig h lig h tsR eal-T im e Syslog V iew er
� S t r u c t u r e d s ys log si n r e al t i me v i e w e r� P r ov i d e s op t i onal c olor i ng of e v e nt sb as e d on s e v e r i t y� O f f e r s r e al-t i me i nt e r p r e t at i on of log me s s ag e s , w i t h p lai n E ng li s h e x p lanat i ons and r e c omme nd e d ac t i ons f or e ac h log me s s ag e
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 46
Cisco ASD M F eature H ig h lig h tsS ysl o g to A C L C o rrel ati o n F eatu res
S ys log M e s s ag e s now i nc lu d eu ni q u e h as h and li ne nu mb e rof AC L e nt r y t h at c r e at e d i t
B u t t ons i n AS D M L i v e L og v i e w e r allow ad mi ns t o v i e w / e d i t an e x i s t i ng AC L , or c r e at e a ne w AC L e nt r y
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 47
I P S 6 . 1 and R edesig ned M onitoring Application ( “I E V ”) – E x pected April 2 008
� C o m p l e t e I P S M an ag e m e n t an d M o n i t o r i n g s o l u t i o n f o r s m al l n e t w o r k s� I n t u i t i v e S t ar t u p W i z ar d� I n t e l l i g e n t R i s k R at i n g
b as e d P o l i c y C o n f i g u r at i o n� At -a-g l an c e D e v i c e D as h b o ar d� R e al -t i m e T r af f i c D as h b o ar d� R e al -t i m e an d h i s t o r i c al I P S E v e n t
V i e w e r� Au t o S i g n at u r e U p d at e� F l e x i b l e Al ar m R e p o r t i n g t o o l s� L i v e R S S F e e d s� S u p p o r t s u p t o 5 I P S s e n s o r s
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 48
Cisco Security M a na g erO v erv i ew
C entra l i z ed P o l i c y A d m i ni s tra ti o n
C en tral l y p rov isionp ol icies for firew al l s, VP N s, an d I P SVery scal abl eP ol icy in h eritan cefeature en abl es con sisten t p ol icies across en terp riseP ow erful d ev ice g roup in g op tion s
C on fig ure p ol icies for AS A, C isco® P I X ® F W , F W S M an d C isco I O S ® S oftw areS in g l e rul e tabl e for al l p l atform s I n tel l ig en t an al y sis of p ol iciesS op h isticated rul e tabl e ed itin g C om p resses th e n um ber of access rul es req uired
V P N A d m i ni s tra ti o nVP N W iz ard setup site-to-site, h ub-sp oke, an d ful l -m esh VP N s w ith a few m ouse cl icksC on fig ure rem ote-access VP N , DM VP N , an d E asy VP N d ev ices
S u p eri o r U s a b i l i ty
J um p start h el p : an ex ten siv e an im ated l earn in g toolF l ex ibl e m an ag em en t v iew s:• P ol icy -based • Dev ice-based • M ap -based• VP N M an ag er• I P S M an ag er• Dep l oy m en t M an ag er
IP S A d m i ni s tra ti o n
Autom atic up d ates to th e I P S sen sorsS up p ort for outbreak p rev en tion serv ices
F i rew a l l A d m i ni s tra ti o n
Ad m in ister p ol iciesv isual l y on tabl es ortop ol og y m ap
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 49
CS-M A R S “K now th e B a ttlef ield ”� G ain N etw ork I ntellig ence
T op olog y , traffic flow , d ev ic e c onfig uration, and enforc em ent d ev ic es
� C ontex tC orrelation™Correlates , red uc es and c ateg oriz es ev entsV alid ates inc id ents
Valid Incidents
Sessions
R u l esV er if y
I sol a t ed E v ent s����� ����� �� ��
� �� � �
� ��
Router Cfg.
F i rew a l l L og
S w i tc h Cfg.S w i tc h L og
S erv er L ogA V A l ertA p p L og
V A S c a n n er
F i rew a l l Cfg.
N etfl owN A T Cfg.
I D S E v en t
.
.
.
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 50
Cisco Security M A R S: “Connect th e D ots”
H Q -N I D S -2
C l o u d 40
H Q -F W -2
H Q -W E B -1
H Q -F W -1
C S AH Q -F W -3
C l o u d 39
H Q -S W -3
H Q -W A NE d g e R o u t e r
H Q -S W -1
C l o u d 4
I nt r u v e r t H Q -S W -2
M A R SD e m o 3 H Q -N I D S 1
C l o u d 42
H Q -S W -4
H Q H u b R o u t e r
B R H e a d -E nd R o u t e r
n-22. 22. 22. 0 / 24
C l o u d 5 n-10 . 1. 7 . 0 / 24
C l o u d 2
B R 2-I Q -R o u t e r
C l o u d 16
I nt r u v e r tS e ns o r
B R 2-N I D S -2
B R 2-N I D S -10
C l o u d 14
B R 2-I S S -H o s t 1
E nt e r c e p t
M g m t
n-192. 16 8. 2. 0 / 24
B R 2-N I D S -3
B R 2-N I D S -4
n-10 . 4. 14. 0 / 24
ns S x t p i x 5 0 6
C l o u d 27
n-10 . 4. 2. 0 / 24C P M o d u l e n-10 . 4. 13. 0 / 24
n-10 . 4. 15 . 0 / 24
B R 2-N I D S -9
n-192. 16 8. 0 / 24
ns 25
B R 3-R W -1
B R 2-N I D S -8
B R 3-I S S H o s t 1
B R 2-W A N -E d g e -R o u t e r
B R 2-N I D S -1 B R 2-N I D S -
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 51
D a ta R ed uction a nd a g g reg a tion3 , 1 3 0 , 8 3 1 e v e nt s
1 , 7 0 6 , 0 4 9 s e s s i ons 4 2 % d at a r e d u c t i on
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 52
CS-M A R S―E x tensive R ep orts
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 53
Cisco Security M A R S Prod uct Portf olio
� Rapid install within minutes� RA I D 1 + 0� O r ac le emb edded―N o D B A needed� N o J RE c o nf lic ts
1 R U1 2 0 G B1 , 5 0 0
5 0
2 0 R
4 R U4 R U3 R U3 R U1 R U1 R UR a c k S i z e1 T B1 T B7 5 0 G B7 5 0 G B1 2 0 G B1 2 0 G BR A I D S t o r a g eN / A3 0 0 , 0 0 01 5 0 , 0 0 07 5 , 0 0 02 5 , 0 0 01 5 , 0 0 0N e t F l o w F l o w s / S e cN / A1 0 , 0 0 05 , 0 0 03 , 0 0 01 , 0 0 05 0 0E v e n t s / S e c
G l o b a l C o n t r o l l e r2 0 01 0 01 0 0 e5 02 0C S -M A R S M o d e l
� A g entless ev ent c o llec tio n� L ay er 2 / 3 netwo r k to po lo g y and mitig atio n
N etF lo wD r illdo wn to M A C addr esses
© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 54