Cisco ASA 5500 FW and IPS in Detail

© 2 0 0 6 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lP r e s e n t a t i o n _ I D 1

Cisco ASA 5500F W a n d I P S in D e t a il

Ramón V i ñal sC C I E , C I S S P , C C S Pr v i n al s @ c i s c o . c o m


� Integrates and extends the #1 d e p l o y e d g a t e w a y c o n t e n t s e c u r i t y t e c h n o l o g y to p ro tec t f ro m v i ru ses, sp y w are, sp am , p hi shi ng, and em p l o y ee p ro du c ti v i ty i m p ac ti ng w eb si tes

Market-L ead i n g C o n ten t S ec u ri ty� Integrates and extends the #1 d e p l o y e d I P S a n d I D S t e c h n o l o g yf ro m the C i s c o I P S 4 2 0 0 S e r i e s

� P ro v i des c o m p rehensi v e sec u ri ty f ro m di rec ted attac k s and m any o ther threats

Market-L ead i n g I P S S erv i c es

� Integrates and extends the #1 d e p l o y e d r e m o t e a c c e s s V P N t e c h n o l o g y f ro m C i s c o V P N 3 0 0 0 C o n c e n t r a t o r s a n d C i s c o P I X S e c u r i t y A p p l i a n c e s , o f f eri ng b o thS S L and IP sec V P N serv i c es

Market-L ead i n g V P N S erv i c es� Integrates and extends the #1 d e p l o y e d f i r e w a l l t e c h n o l o g y f ro m C i s c o P I X S e c u r i t y A p p l i a n c e s

� B u i l t u p o n the exp eri enc e o f o v ero ne m i l l i o n P IX dep l o y ed w o rl dw i deand 1 0 + y ears o f i nno v ati o n

Market-L ead i n g F i rew al l S erv i c es

Cisco ASA 5500 Adaptive Security AppliancesD e l i v e r i n g L e ad i n g T h r e at D e f e n s e an d V P N S e r v i c e s

P r o v i d e s C o n v e r g e d T h r e a t D e f e n s e , F l e x i b l e S e c u r e C o n n e c t i v i t y ,M i n i m i z e d O p e r a t i o n C o s t s , a n d U n i q u e A d a p t i v e D e s i g n t o C o m b a t F u t u r e T h r e a t s

Market-L ead i n g S ec u re U n i f i ed C o m m u n i c ati o n s� Comprehensive access control, threat protection, network policies, service protection and

voice/ vid eo conf id entiality f or real-time U nif ied Commu nications traf f ic


T eleworker B ranch O f f ice

I nternetE d g e

ASA 5550

Cisco ASA 5500 Series Adaptive Security AppliancesS o l u t i o n s Ran g i n g f r o m D e s k t o p t o D at a C e n t e r

ASA 5580-2 0

ASA 5580-4 0

ASA 5505

•• I nteg rates, marketI nteg rates, market--proven f irewall, S S L / I P sec, I P S ,proven f irewall, S S L / I P sec, I P S ,and content secu rity technolog iesand content secu rity technolog ies

•• E x tensib le mu ltiE x tensib le mu lti--processor architectu re d elivers processor architectu re d elivers hig h concu rrent services perf ormance and hig h concu rrent services perf ormance and sig nif icant investment protectionsig nif icant investment protection

•• F lex ib le manag ement lowers cost of ownershipF lex ib le manag ement lowers cost of ownership•• E asyE asy --toto--u se W ebu se W eb --b ased u ser interf aceb ased u ser interf ace•• N u merou s certif ications and award sN u merou s certif ications and award s•• A nd mu ch moreA nd mu ch more……

D ata Center

ASA 554 0

ASA 552 0

ASA 551 0

Cisc

o AS

A 55

00 Platfo

rms

N e w

N e w

Campu s


CiscoA S A 5 5 2 0

Cisco ASA 5500 Series P roduct L ineupS o l u t i o n s Ran g i n g f r o m S M B t o I n t e r n e t E d g e

CiscoA S A 5 5 1 0

CiscoA S A 5 5 0 5

N e t w o r k L o c a t i o n SM B a n d SM E E n t e r p r i s eT e l e w o r k e r /

B r a n c h O f f i c e /SM B

P e r f o r m a n c eM a x F i r e w a l lM a x F i r e w a l l + I P SM a x I P Se c V P NM a x I P Se c / SSL V P N P e e r s

3 00 M b p s3 00 M b p s1 7 0 M b p s2 50/ 2 50

4 50 M b p s3 7 5 M b p s2 2 5 M b p s7 50/ 7 50

1 50 M b p sF u t u r e1 00 M b p s2 5/ 2 5

P l a t f o r m C a p a b i l i t i e sM a x F i r e w a l l C o n n sM a x C o n n s / Se c o n dP a c k e t s / Se c o n d ( 6 4 b y t e )B a s e I / OV L AN s Su p p o r t e dH A Su p p o r t e d

50, 000/ 1 3 0, 0006 , 0001 9 0, 0005 F E50/ 1 00

A/ A a n d A/ S ( Se c P l u s )

2 80, 0009 , 0003 2 0, 000

4 G E + 1 F E1 50

A/ A a n d A/ S

1 0, 000/ 2 5, 0003 , 00085, 000

8-p o r t F E s w i t c h3 / 2 0 ( t r u n k )St a t e l e s s A/ S ( Se c P l u s )

CiscoA S A 5 5 40

I n t e r n e tE d g e

500 M b p s6 50 M b p s ( 1 4 00)

3 2 5 M b p s5000 / 2 500

4 00, 0002 5, 000500, 000

4 G E + 1 F E8 G E + 1 F E

2 00A/ A a n d A/ S


Cisco ASA 5500 Series H ig h -E nd L ineup S o l u t i o n s Ran g i n g f r o m I n t e r n e t E d g e t o D at a C e n t e r

N e t w o r k L o c a t i o n

P e r f o r m a n c eM a x F i r e w a l l ( R e a l -w o r l d H T T P )M a x F i r e w a l l ( U D P 1 4 00/ J u m b o )M a x I P Se c V P NM a x I P Se c / SSL V P N P e e r s

P l a t f o r m C a p a b i l i t i e sM a x F i r e w a l l C o n n sM a x C o n n s / Se c o n dP a c k e t s / Se c o n d ( 6 4 b y t e )B a s e I / OM a x I / OV L AN s Su p p o r t e dH A Su p p o r t e d

CiscoA S A 5 5 5 0


1 G b p s1 . 2 G b p s ( 1 4 00)4 2 5 M b p s5000 / 5000

6 50, 0003 6 , 0006 00, 000

8 G E + 1 F E8 G E + 1 F E

2 50A/ A a n d A/ S

CiscoA S A 5 5 8 0 -2 0

C a m p u s /D a t a C e n t e r

5 G b p s1 0 G b p s ( J u m . )

1 G b p s1 0, 000 / 1 0, 000

1 , 000, 0009 0, 0002 , 500, 0002 M g m t

2 4 G E / 1 2 1 0G E1 00 ( 2 50* )A/ A a n d A/ S

CiscoA S A 5 5 8 0 -40

D a t a C e n t e r

1 0 G b p s2 0 G b p s ( J u m . )

1 G b p s1 0, 000 / 1 0, 000

2 , 000, 0001 50, 0004 , 000, 0002 M g m t

2 4 G E / 1 2 1 0G E1 00 ( 2 50* )A/ A a n d A/ S

N e w N e wCisco

A S A 5 5 40


500 M b p s6 50 M b p s ( 1 4 00)

3 2 5 M b p s5000 / 2 500

4 00, 0002 5, 000500, 000

4 G E + 1 F E8 G E + 1 F E

2 00A/ A a n d A/ S

* S u p p o r t e d i n a f u t u r e s o f t w a r e r e l e a s e


W ide-R ang e of Cisco ASA 5500 SeriesSecurity Service M odules ( SSM s)

• P ro v i des f u l l -f e a t u r e d I P S a n d I D S s e r v i c e s f o r p ro tec ti o n o f c ri ti c al netw o rk assets• A v ai l ab l e i n tw o m o del s: S S M -1 0 and S S M -2 0• D el i v ers u p to 4 5 0 M b p s o f IP S thro u ghp u t• H as thu m b sc rew s f o r easy i nserti o n/ rem o v al• 1 0 / 1 0 0 / 1 0 0 0 o u t-o f -b and m anagem ent p o rt• S u p p o rted o n A S A 5 5 1 0 , 5 5 2 0 , and 5 5 4 0

I P S S ecu rity S ervices M od u le ( A I P S S M )

C o n t e n t Se c u r i t y Se r v i c e s M o d u l e ( C SC SSM ) • P ro v i des f u l l -f e a t u r e d A n t i -X s e r v i c e s( anti -v i ru s, anti -sp y w are, anti -sp am ,anti -p hi shi ng, U R L f i l teri ng, and m o re)

• A v ai l ab l e i n tw o m o del s S S M -1 0 and S S M -2 0• A nti -v i ru s and anti -sp y w are serv i c es l i c ensed b y nu m b er o f u sers, o thers o p ti o nal add-o n• S u p p o rted o n A S A 5 5 1 0 , 5 5 2 0 , and 5 5 4 0

4-P ort G E S ervices M od u le ( 4G E S S M )• I/ O m o du l e o f f ers f o u r c o p p e r 10 / 10 0 / 10 0 0 p o r t s i n addi ti o n to f o u r S F P p o r t s f o ri m p ro v ed f l exi b i l i ty and netw o rk segm entati o n• C u sto m ers c an u se u p -to f o u r p o rts to tal o u t o f these ei ght p o rts, w i th the ab i l i ty to m i x and m atc h c o p p er and o p ti c al G E p o rts• S u p p o rted o n A S A 5 5 1 0 , 5 5 2 0 , and 5 5 4 0


Cisco ASA 5500 Series: Breadth and DepthIndustry First Scalable, Multi-Functio n, Feature R ich A p p liance

� M u l t i -l a y e r p a c k e t a n d t r a f f i c a n a l y s i s� A d v a n c e d a p p l i c a t i o n a n d p r o t o c o l i n s p e c t i o n s e r v i c e s� N e t w o r k a p p l i c a t i o n c o n t r o l s� A d v a n c e d V o I P / m u l t i m e d i a s e c u r i t y

� F l e x i b l e u s e r a n d n e t w o r k b a s e d a c c e s s c o n t r o l s e r v i c e s� S t a t e f u l p a c k e t i n s p e c t i o n� I n t e g r a t i o n w i t h p o p u l a r a u t h e n t i c a t i o n s o u r c e s i n c l u d i n gM i c r o s o f t A c t i v e D i r e c t o r y , L D A P , K e r b e r o s , a n d R S A S e c u r I D

� R e a l -t i m e p r o t e c t i o n f r o m a p p l i c a t i o n a n d O S l e v e l a t t a c k s� N e t w o r k -b a s e d w o r m a n d v i r u s m i t i g a t i o n� S p y w a r e , a d w a r e , m a l w a r e d e t e c t i o n a n d c o n t r o l� O n -b o x e v e n t c o r r e l a t i o n a n d p r o a c t i v e r e s p o n s e

� L o w l a t e n c y� D i v e r s e t o p o l o g i e s� M u l t i c a s t s u p p o r t

� S e r v i c e s v i r t u a l i z a t i o n� N e t w o r k s e g m e n t a t i o n & p a r t i t i o n i n g� R o u t i n g , r e s i l i e n c y , l o a d -b a l a n c i n g

� T h r e a t p r o t e c t e d S S L a n d I P S e c V P N s e r v i c e s� Z e r o -t o u c h , a u t o m a t i c a l l y u p d a t e a b l e I P S e c r e m o t e a c c e s s� F l e x i b l e c l i e n t l e s s a n d f u l l t u n n e l i n g c l i e n t S S L V P N s e r v i c e s� Q o S / r o u t i n g -e n a b l e d s i t e -t o -s i t e V P N

F i r e w a l l w i t h A p p l i c a t i o n L a y e r S e c u r i t y

A c c e s s C o n t r o la n dA u t h e n t i c a t i o n

I P S a n d A n t i -X D e f e n s e s

C i s c o I n t e l l i g e n t N e t w o r k i n gS e r v i c e s

S S L a n d I P S e cC o n n e c t i v i t y


F ir e w a l l Sp e cia l F e a t u r e s


O v e r 3 0 E n g i n e sO v e r 3 0 O v e r 3 0 E n g i n e sE n g i n e s

Application I nspection & Control E ng ines P r o v i d e C o n t r o l o v e r A p p l i c at i o n U s ag e & N e t w o r k A c c e s s

� Application and protocol-aw are ins pe ction s e rv ice s prov ide s trong application-lay e r s e cu rity and de taile d policy controls

� P e rf orm conf orm ance ch e ck ing , s tate track ing , s e cu rity ch e ck s , N AT / P AT , dy nam ic port allocation, and of f e r a w ide rang e of controlsf or b u s ine s s e s to s e t application-lay e r policie s

U n i f i e d C o m m u n i c a t i o n sSIP

SC C P ( Sk i n n y )H . 3 2 3 v 1 –4

G T P ( 3 G M o b i l e W i r e l e s sM G C P

T R P/ R T C P/ R T SPT A PI/ J T A PI

S p e c i f i c A p p l i c a t i o n sM i c r o s o f t W i n d o w s M e s s e n g e r

M i c r o s o f t N e t M e e t i n gR e a l Pl a y e r

C i s c o IP Ph o n e sC i s c o So f t p h o n e s

C o r e I n t e r n e t P r o t o c o l sH T T PF T PT F T P

SM T P/ E SM T PD N S/ E D N S

IC M PT C PU D P

D a t a b a s e / O S S e r v i c e sIL S/ L D A P

O r a c l e / SQ L * N e t ( V 1 / V 2 )M i c r o s o f t R PC / D C E R PCM i c r o s o f t N e t w o r k i n g

N F SR SH

Su n R PC / N IS+X W i n d o w s ( X D M C P)

S e c u r i t y S e r v i c e sIK EIPSe cPPT P


Advanced W eb T raf f ic SecurityP r o t e c t s N e t w o r k s f r o m W e b -b as e d T h r e at s

� Advanced HTTP inspection services help protect from w eb -b as ed attac ksand other ty pes of “p o rt 8 0 m i s u s e”

Inc l u des c u sto m i z ab l e p o l i c i es f o r d e t e c t i n g a n d b l o c k i n g t u n n e l e d a p p l i c a t i o n s a n d a t t a c k s , i nc l u di ng:

Instant m essagi ng ap p l i c ati o ns ( A I M , M S N M e s s e n g e r , Y a h o o )P eer-to -p eer ap p l i c ati o ns ( K a Z a A )

O f f ers c o m p l e t e c o n t r o l o v e r u sage o f t e x t -b a s e d i n s t a n t m e s s a g i n g , f i l e t r a n s f e r s , v i d e o c h a t , w h i t e b o a r d i n g , and m o re!P ro v i des p o w e r f u l r e g u l a r e x p r e s s i o n ( r e g e x ) m a t c h i n g c ap ab i l i ti es to detec t adm i ni strato r c u sto m i z ab l e stri ngs and o p ti o nal l y b l o c k , rate l i m i t, and/ o r l o g traf f i c

� D eep inspection services p ro v i d e b u s i n es s es c o n tro l over w hat actions u sers can perform w hen accessing w eb sites

P erf o rm s R F C c o m p l i anc e c hec k i ng f o r p r o t o c o l a n o m a l y d e t e c t i o nS u p p o rts H T T P c o m m a n d f i l t e r i n g f o r p rec i se c o ntro l o v er ho w w eb serv ers are ac c essed, p ro v i di ng a stro ng l i ne o f def ense f ro m a range o f k no w n and u nk no w n attac k sP ro v i des M I M E t y p e f i l t e r i n g and c o n t e n t v a l i d a t i o n c ap ab i l i ti es

P r o t e c t i o n A g a i n s t P e e r -t o -P e e r , I M , a n d M a i l A t t a c h m e n t T h r e a t s ;E n s u r i n g N e t w o r k P e r f o r m a n c e b y C o n t r o l l i n g A p p l i c a t i o n A b u s e


I nnovative Security f or U nif ied Com m unications P r o t e c t C i s c o C o mmu n i c at i o n M an ag e r an d I P P h o n e s

� E nsu re S I P, S C C P, H. 3 2 3 , M G C P req u ests conform to standards

� Prevent inappropriate S I P M ethods from b eing sent to C ommu nication M anag er

� N etw ork R ate L imit S I P R eq u ests

� Policy enforcement of calls (w hitelist, b lack list, caller/ called party , S I P U R I )

� D y namic port opening for C isco applications

� E nab le only “reg istered phones” to mak e calls

� E nab le inspection of encry pted phone calls

I n tern et

W A N

C i s c o A S A w i t h S S L V P N

Cisco S ecu rity A g ent ( CS A )

Cisco A S A with V P N

Cisco A S A with I P S and

V P N

P r o t e c t i o n A g a i n s t A t t a c k s O n U n i f i e d C o m m u n i c a t i o n s C a l l C o n t r o l , E n d p o i n t s A n d A p p l i c a t i o n s


I P S D e e p D ow n


• M od u lar inspection eng ines: R espond rapid ly with minimal d owntime

• B ehavioral anomaly d etection: P rotect ag ainst z ero-d ay attacks

• D y namic risk-b ased threat rating : A d apt threats policy in real time

• T he most d iverse line of I P S sensors: T he rig ht tool f or the rig ht j ob , any where in the network

• I P S integ rated into the f ab ric of the network

• B u ilt on Cisco secu rity and network intellig ence

I n t r a n e t

Cisco I ntrusion P revention Strateg y Com preh ensive T h reat P rotection f or th e SD N

• O n-b ox and networkwid e correlation to provid e g reater accu racy and conf id ence

• E nd point and network sensors sharing live network inf ormation

• R ed u ced operational costs with a common, solu tion-b ased manag ement interf ace

Adaptive C o l l ab o r ativeI n teg r atedL o c ati o n Matters F o c u s ed P ro tec ti o n B etter T o g eth er

E n d p o i n t P r o t e c t i o n

B r a n c h P r o t e c t i o n

P e r i m e t e r P r o t e c t i o n

D a t a C e n t e r P r o t e c t i o n

Se r v e r P r o t e c t i o n

M o n i t o r i n g a n d C o r r e l a t i o n

So l u t i o n M a n a g e m e n t

I n t e r n e t

C i s c o ®Se c u r i t y Ag e n t

C i s c o Se c u r i t y M a n a g e r

C i s c o C a t a l y s t ®Se r v i c e s M o d u l e s

C i s c o I n t e g r a t e d Se r v i c e s R o u t e r s

C i s c o ASA 5500 Ad a p t i v e Se c u r i t y

Ap p l i a n c eC i s c o Se c u r i t yM AR S

C i s c o I P S 4 2 00 Se r i e s


Cisco Intrusion Prevention SolutionCisco IPS Sensors

IPS M a na g em ent

Cisco Secu rit y Int el l ig ence Serv ices

� D edicated Appliances� AS A I PS� I S R w ith I PS� C ataly st I D S M 2� C isco S ecu rity Ag ent

� C S -M anag er� C S -M AR S� C S A-M C� “I E V + ”� D evice M anag ement

� C isco I PS S ig natu re S ervices

� C isco I ntellishield� C isco Applied I ntellig ence

� C isco S ecu rity C enter


� P rev ents i nstal l ati o n o f m al w are and b l o c k s “p ho ne ho m e” c o m m u ni c ati o ns

� F rees netw o rk b andw i dth and c o ntro l s the transm i ssi o n o f c o nf i denti al data

� R em o v es traf f i c am b i gu i ti es su c h as o v erw ri tten f ragm ents, T C P segm ent o v erw ri tes, T T L di sc rep anc i es

� S i m u l ates end ho st b ehav i o r to i nc rease i nsp ec ti o n ac c u rac y

� C o ntro l s c o rp o rate esp i o nage� S to p s w eb def ac i ng b y p rev enti ng w eb attac k s

� P rev ents z o m b i e, b ac k do o r, and b o t p l ac em ent thu s sto p p i ng au to m ated attac k s ( e. g. , deni al o f serv i c e ( D o S )

Cisco I P S O f f ers M ulti-V ector T h reat I dentif icationD e l i v e r s B r o ad A t t ac k an d M al w ar e P r o t e c t i o n

� S to p s the i nf ec ti o n and p ro p agati o n o f m al w are

� L ev erages i nternal dev el o p m ent and p artnershi p w i th T rend M i c ro

T r af f i c C l e an s i n g

N e t w o r k W o r ms & V i r u s e sS p y w ar e / A d w ar e

D i r e c t e d A t t ac k s


R ed ucing th e G ra y : U ncertainty E q uals R isk and Cost

I nef f icient;H ig h ly M anual

E f f icient O perationsE f f ective Security

G O O D : Al l o w

R E L E V AN T : P as s an d L o g

S U S P I C I O U S : P as s an d Al ar m

B AD : B l o c k

GOOD: Allow

R e l e v a n t : P a s s a n d L o gS u s p i c i o u s : P a s s a n d A l a r m

B AD: B loc k

N A CT raf f i c S h ap i n g

I P S

I P S ,A n ti -X , D D o S ,

F i rew al l

Mo n i to ri n g & C o rrel ati o n

Self -D ef ending N etw ork

I nef f icient;H ig h ly M anual

E f f icient O perationsE f f ective Security

G o o d: Al l o w

R el evan t: P as s an d L o g

S u s pic io u s : P as s an d Al ar m

B ad: B l o c k

Good : Allow

R e l e v a n t : P a s s a n d L o gS u s p i c i o u s : P a s s a n d A l a r m

B a d : B loc k

N A CT raf f i c S h ap i n g

I P S

I P S ,A n ti -X , D D o S ,

F i rew al l

Mo n i to ri n g & C o rrel ati o n

Self -D ef ending N etw ork

Slide 16

BH1 Monitoring and CorrelationContent Security (instead of Anti-X)Bonnie Hupton, 2/26/2008


Cisco IPS Intellig ent D etection

��

� ��

� � ��

� � � � ��

� � � ��

� �� ! �� "� ��

� # � ��

� $ % � �� & �� ' �� ( ��) � �� # � ��

��

� $ �� ! �� ! �� % � ��

� * �� + �� , - . ��

� / �� ! ��

Slide 17

BH2 pls add bullet in first boxmiddle box needs to be larger to include all textBonnie Hupton, 2/26/2008


V ulnera b ility -F ocused Sig na turesf or U nparalleled Coverag e

Cisco® com m it m ent t o v u l nera b il it y -f ocu sed sig na t u res p rov id es ex cep t iona l d et ect ion of b ot h k now n a nd t est ed ex p l oit s a s w el l a s ex p l oit s y et t o b e w rit t en ( d a y -z ero ex p l oit s. )

Cisco® com m it m ent t o v u l nera b il it y -f ocu sed sig na t u res p rov id es ex cep t iona l d et ect ion of b ot h k now n a nd t est ed ex p l oit s a s w el l a s ex p l oit s y et t o b e w rit t en ( d a y -z ero ex p l oit s. )

3 0 0 0 V u lnerab ility -F ocu sed S ig natu res

3 0 , 0 0 0K now n E x ploitsand V ariants

C ou ntless E x ploitV ariants

Y et to B e W ritten


N orm a liz er M od ule

Cisco® a nt i-ev a sion t ech nol og y d et ect s d ecep t iv e a t t a ck t ech niq u es t h a t m a y g o u nd et ect ed b y ot h er IPS d ev ices. T h is a d a p t iv e t ech nol og y p rov id es p rot ect ion a g a inst som e of t h e m ost d a ng erou s t ool s cu rrent l y u sed b y a t t a ck ers t od a y .

➼➼➼➼➼➼➼➼

➼➼➼➼

➼➼➼➼

➼➼➼➼➼➼➼➼ ➼➼➼➼“C orrect” S tream

S tream w ith E vasion Attempt

➼➼➼➼➼➼➼➼➼➼➼➼ ➼➼➼➼“N ormaliz ed”S tream


E v e n t 3

L oca l E vent Correla tionP rotection f rom M ultivector Attack s

➼➼➼➼

Sing l e ev ent s m a y a p p ea r norm a l w h en t a k en a l one, b u t m a y ind ica t e a m u l t iv ect or a t t a ck w h en t a k en t og et h er. U nl ik e secu rit y ev ent m a na g er-b a sed correl a t ion, l oca l ev ent correl a t ion ena b l es t h e IPS t o t a k e p rev ent iv e a ct ion before t h e end sy st em is com p rom ised .

Sing l e ev ent s m a y a p p ea r norm a l w h en t a k en a l one, b u t m a y ind ica t e a m u l t iv ect or a t t a ck w h en t a k en t og et h er. U nl ik e secu rit y ev ent m a na g er-b a sed correl a t ion, l oca l ev ent correl a t ion ena b l es t h e IPS t o t a k e p rev ent iv e a ct ion before t h e end sy st em is com p rom ised .

➼➼➼➼➼➼➼➼

I PS Passes M u ltivector Attack

I PS W ith Local Event C or r elati on B lock s M u ltivector Attack

E v e n t 1

E v e n t 3

E v e n t 2

E v e n t 1

E v e n t 2


� Anomaly-d e t e c t i on alg or i t h ms t o d e t e c t and s t op z e r o-d ay t h r e at s � R e al-t i me le ar ni ng of nor mal ne t w or k b e h av i or� Au t omat i c d e t e c t i on and p oli c y-b as e d p r ot e c t i on f r om anomalou s t h r e at s t o t h e ne t w or k

� Result: P r ot e c t i on ag ai ns t at t ac k s f or w h i c h t h e r e i s no s i g nat u r e

Internet

R ea l-T im e A nom a ly D etection f or Z ero-D a y T h rea ts

T r a f f i c C o n f o r m s t o B a s e l i n e

T r a f f i c C o n f o r m s t o B a s e l i n e

A n o m a l o u s A c t i v i t y D e t e c t e d , I n d i c a t i n g P o t e n t i a l Z e r o -D a y A t t a c k


Protocol-A nom a ly D etection

Internet

Potential Buffer O v erflow Attac kPotential Buffer O v erflow Attac k

AA

BB

CC

T rans ac tion A

T rans ac tion B

T rans ac tion C

W eb S erver C lu ster

➼➼➼➼➼➼➼➼

P r ot oc ol-anomaly d e t e c t i on p r ot e c t s ag ai ns t z e r o-d ay at t ac k s on u nk now n v u lne r ab i li t i e s .P r ot oc ol-anomaly d e t e c t i on p r ot e c t s ag ai ns t z e r o-d ay at t ac k s on u nk now n v u lne r ab i li t i e s .


Ri skRa ti n g

E v ent S ev erity

S ig nature F id elity

Attac kR elev anc y

As s et V alueof T arg et

I s Attac k R elev ant to H os t Being Attac k ed ?

H ow Prone to F als e Pos itiv e?

H ow Critic al I s th is D es tination H os t?

H ow U rg ent I s th e T h reat?

D e c i s i on S u p p or t B alanc e s At t ac k U r g e nc y w i t h B u s i ne s s R i s k

++++

Accurate P revention T ech nolog iesRi sk Ra ti n g P r o v i d es T h r ea t C o n tex t

D r i v es M i ti g a ti o n P o li c y


� C i s c o S e c u r i t y Ag e nt ( C S A) p r ov i d e s not i on of s u s p i c i ou s h os t s t h r ou g h C S A W at c h L i s t

� I P S S e ns or r i s k s e ns i t i v i t y i nc r e as e d d ynami c ally f or s u s p i c i ou sh os t s ( r i s k r at i ng i nc r e as e )

� Result: B e t t e r manag e r i s k f r om s u s p i c i ou s s ou r c e s

1. Attacker tries to brute force attack an in tern al serv er

2 . C S A bl ocks th e attack an d ad d s attacker to its w atch l ist

3 . C S A col l aboratin g w ith C isco I P S is abl e to d y n am ical l y el ev ate th e R isk R atin g th resh ol d for attacks com in g from th e attacker

4 . F uture attacks from h acker are bl ocked at th e I P S d ev ice

N ew in I P S 6 . 0:V i si b i li ty to E n d p o i n t T r ustw o r th i n ess – C S A C o lla b o r a ti o n

N ew !


N etw ork S can n erA

W in d ow s S erv er L in ux S erv erN ot Vul n erabl eF il ter E v en t

Vul n erabl eI n crease R isk R atin g

E v en t / Action F il terin gM on itorin g C on sol e:

N on -rel ev an t ev en ts fil teredAttacker in itiates I I S attack d estin ed for serv ers

� C ont e x t u al i nf or mat i on on at t ac k t ar g e t u s e d t o r e f i ne s e c u r i t y r e s p ons e

� C ont e x t u al i nf or mat i on g at h e r e d t h r ou g h : � P as s i v e O S f i ng e r p r i nt i ng � S t at i c O S map p i ng f or e x c e p t i on h and li ng

� D ynami c R i s k R at i ng ad j u s t me nt b as e d on at t ac k r e le v anc e� Result: M or e ap p r op r i at e and e f f e c t i v e s e c u r i t y r e s p ons e ac t i ons

N ew in I P S 6 . 0:E n d p o i n t A tta c k Relev a n c e V i si b i li ty N ew !


Internal Zone 2

Internal Zone 3

� Anomaly d e t e c t i on alg or i t h ms t o d e t e c t and s t op D ay-Z e r o t h r e at s � R e al-t i me le ar ni ng of ne t w or k b as e li ne s� Au t omat i c d e t e c t i on and p oli c y-b as e d p r ot e c t i on f r om anomalou s t h r e at s t o t h e ne t w or k

� Result: P r ot e c t i on f or ag ai ns t at t ac k s f or w h i c h t h e r e i s no s i g nat u r e

Internet

Internal Zone 1

G rap h ic rep res entation of traffic ty p e and

am ounts

N ew in I P S 6 . 0:Rea l-ti m e A n o m a ly D etec ti o n f o r D a y Z er o T h r ea ts N ew !


IPS and Security Serv ices


Cisco Security Intellig ence

I ntelliS h ieldI ntelliS h ield

Cis c o PS I R TCis c o PS I R T

I PS S ig nature T eam

I PS S ig nature T eam

Ap p lied I ntellig enc eAp p lied

I ntellig enc e

C ri ti c a l Inf ra s tru c tu re A s s u ra nc e G ro u p

C ri ti c a l Inf ra s tru c tu re A s s u ra nc e G ro u p

Cis c o S T ATCis c o S T AT

G l ob a l Secu rit y A na l y st s• I P S s i g nat u r e d e v e lop me nt• V u lne r ab i li t y r e s e ar c h• P r od u c t s e c u r i t y t e s t i ng• I nc i d e nt manag e me nt• C i s c o® s e c u r i t y mi t i g at i on e x p e r t i s e

• G lob al c r i t i c al i nf r as t r u c t u r e s e c u r i t y r e s e ar c h

Cis c o G lob al I PS S ig nature T eamCis c o G lob al I PS S ig nature T eam


Cisco I P S Sig nature D elivery P rocess

Create N ewS ig natureCreate N ewS ig natureAnaly z e

V ulnerab ilityAnaly z e

V ulnerab ility

T es t S ig natureI nteg rationT es t

S ig natureI nteg ration

T es t S ig natureF ieldT es t

S ig natureF ield

Pub lis hS ig naturePub lis hS ig nature

D is c ov ery , Analy s is , and S ig nature G enerationD is c ov ery , Analy s is , and S ig nature G eneration

T es ting and Pub lis h ingT es ting and Pub lis h ing

D is c ov erV ulnerab ilityD is c ov er

V ulnerab ility

C ritical : 8 h oursU rg en t: 2 4 h oursS tan d ard : 1 w eek

O v erallProc es s T im e


Cisco Services f or Intrusion Prevention Sy stem s ( IPS)

Customer Profile� C u s t o m e r s w h o h a v e C i s c o I P S p r o d u c t s� E x p e r i e n c i n g a n a t t a c k o f p l a n n i n g f o r t h e f u t u r e� N e e d t o r e d u c e t h e c o m p l e x i t y o f k e e p i n g p a c e w i t h a r a p i d l y

e v o l v i n g s e c u r i t y e n v i r o n m e n t S erv ic e S a les a n d D eliv ery� S o l d b y C i s c o a n d c e r t i f i e d p a r t n e r s , d e l i v e r e d b y C i s c oS erv ic e Ca p a b ilities a n d F ea tures� I P S S i g n a t u r e f i l e u p d a t e s� O p e r a t i n g s y s t e m u p d a t e s a n d u p g r a d e s� A d v a n c e h a r d w a r e r e p l a c e m e n t —(N B D , 2 -h o u r , 4 -h o u r , o n s i t e )� 2 4 x 7 d i r e c t c u s t o m e r a c c e s s t o C i s c o E n g i n e e r s a t t h e T A C � C i s c o .c o m k n o w l e d g e b a s e a n d t o o l s L B

Cisco Serv ices f or IPS

S P

S ecu rity intellig ence information, sig natu re file u pdates, and comprehensive su pport help to maintain integ rity and privacy of sensitive information, reliab ility , and stab ility of netw ork protect y ou r b u siness from crippling attack s and

S M B1 0 1 0 0 0 1 0 0 0 1 0 0 1 0 0 1 1 1 1 1 0

Match P atte r n

A n d O r N o t


Cisco Security CenterI n f o r m , P r o t e c t , an d R e s p o n d

w w w . c i s c o . c o m / s e c u r i t y� Event-b a s ed , ea r l y -w a r ni ng s ec u r i ty i ntel l i g enc e

� C o m p r eh ens i ve a l er t a na l y s i s a nd m i ti g a ti o n s o l u ti o ns

� R ea l -ti m e e-m a i l th r ea t, vi r u s , a nd s p a m tr a c k i ng a nd tr end i ng

� Ea s y a c c es s to c o m p r eh ens i ve s ec u r i ty b es t-p r a c ti c e g u i d a nc e

Featured Content� C i s c o ® 2 0 0 7 S ec u r i ty A nnu a l R ep o r t

� 2 0 0 8 m a j o r ri s k c a teg o ri es � 2 0 0 8 C i s c o ex p ert o u tl o o k

� C i s c o S ec u r i ty I ntel l i S h i el d C y b er R i s k R ep o r t p o d c a s t

� C i s c o S ec u r i ty I ntel l i S h i el d Event R es p o ns e r ep o r ts


Cisco Security Center: M ission Control

� S ix -mon th free tria l

� A p p lied mitig a tion b ulletin s

� CV S S sc ores

� PS I R T sec urity a lerts

� I n teg ra tion w ith I ron Port®

� I PS sig n a tures

Slide 32

BH3 IronPort is a registered TM, so needs a noun after. I don't know what it is. IronPort device?IronPort technologypls add a noun that is correct after IronPortBonnie Hupton, 2/27/2008


O th er A SA F eatures


Content Security and ControlSecurity Services Modules

Content Security in th e Cisco ASA 5500 Series

� C o m p r eh en si v e c o n ten t sec ur i tys e r v i c e s on a s i ng le mod u le

� I nc or p or at e s s e c u r i t y t e c h nolog y f r om T r en d M i c r o ’s aw ar d -w i nni ng I nt e r S c anV i r u s W all s u i t e

� S e amle s s manag e me nt and moni t or i ng t h r ou g h C i sc o A S D M , mu lt i -d e v i c e manag e me nt w i t h T r en d T M C M

� E nab le s a si n g le-b o x so luti o n f or all t h e ne e d s of t h e S M B


Threat TypesU n a u t h o r i z e d A c c e s s

I n t r u s i o n s a n d A t t a c k sI n s e c u r e C o m m s .

V i r u s e sS p y w a r eM a l w a r eP h i s h i n gS p a mI n a p p r o p r i a t e U R L sI d e n t i t y T h e f tO f f e n s i v e C o n t e n tNE

W Anti-X

Service

Exten

sion

s

P ro tec ti o n� R e s o u r c e a n d I n f o r m a t i o n A c c e s s P r o t e c t i o n

� H a c k e r P r o t e c t i o n� C l i e n t P r o t e c t i o n� D D o S P r o t e c t i o n� P r o t e c t e d E m a i l C o m m u n i c a t i o n� P r o t e c t e d W e b B r o w s i n g � P r o t e c t e d F i l e E x c h a n g e� U n w a n t e d V i s i t o r C o n t r o l� A u d i t a n d R e g u l a t o r y A s s i s t a n c e� N o n -w o r k R e l a t e d W e b S i t e s� I d e n t i t y P r o t e c t i o n

G ra nu l a r P o l i c y C o ntro l s

C o m p reh ens i v e M a l w a re P ro tec ti o n

A d v a nc ed C o ntent F i l teri ng

Integ ra ted M es s a g e S ec u ri ty

E a s y to U s e

C isco AS A 5 5 0 0 w ith C S C -S S M

Cisco ASA 5500 Content SecurityD eli v er i n g C o m p r eh en si v e P r o tec ti o n a n d C o n tr o l


Com preh ensive Secure ConnectivityV P N S er v i c es f o r A n y A c c ess S c en a r i o

Pub lic I nternet

AS A 5 5 0 0

Clientles s S S L V PN

Clientles s S S L V PN

Client-b as ed S S L or I PS ec V PN

P a rtner A c c es sR e q u i r e s “l o c k e d -d o w n ” a c c e s s t o s p e c i f i c e x t r a n e t r e s o u r c e s a n d a p p l i c a t i o n s

C o m p a ny M a na g ed D es k to pR e m o t e a c c e s s u s e r s r e q u i r e s e a m l e s s , e a s y t o u s e , a c c e s s t o c o r p o r a t e n e t w o r k r e s o u r c e s

P u b l i c K i o s kR e m o t e u s e r s m a y r e q u i r e l i g h t w e i g h t a c c e s s t o e -m a i l a n d w e b -b a s e d a p p l i c a t i o n s f r o m a p u b l i c m a c h i n e

C o m p a ny M a na g ed D es k to p s a t H o m eD a y e x t e n d e r s a n d m o b i l e e m p l o y e e s r e q u i r e c o n s i s t e n t L A N -l i k e , f u l l -n e t w o r k a c c e s s , t o c o r p o r a t e r e s o u r c e s a n d a p p l i c a t i o n s

Client-b as ed S S L or I PS ec V PN


T r a n s p a r e n t F i r e w a l l a n d I P S

E x i s ti n g N e tw o r k

V irtualiz ed Services and T ransparent O perationS i m p li f i es D ep lo y m en t a n d Red uc es O p er a ti o n a l C o sts

� S c alab le s e c u r i t y s e r v i c e s� Ad d s s u p p or t f or s e c u r i t y c ont e x t s ( v i r t u al f i r e w alls ) t o low e r op e r at i onal c os t s

E n a b les d ev ic e c on solid a tion a n d seg men ta tionS up p orts sep a ra ted p olic ies a n d a d min istra tion

� E as y t o d e p loy f i r e w all and I P S s e r v i c e s� I nt r od u c e s t r ans p ar e nt f i r e w all c ap ab i li t i e s f or r ap i d d e p loyme nt of s e c u r i t y

D rop s in to ex istin g n etw ork s w ith out n eed for rea d d ressin g th e n etw orkS imp lifies d ep loy men ts of in tern a l firew a llin ga n d sec urity z on in g —n ew a p p lic a tion s

D e p t/ C u s t 2

D e p t/ C u s t 1

D e p t/ C u s t 3


E nterprise-Class R esilient SecurityM ax im iz es U ptim e � C omprehensive mu lti-level resiliency protecting b u siness continu ity ag ainst component, link , or sy stem failu re� N ow inclu des redu ndant interface su pport for g reater availab ility� F u ll state sy nchroniz ation inclu ding mu ltimedia and voice protocols max iz es u ptime for mission-critical applications� I mproved b u siness continu ity w ith z ero-dow ntime u pg rades� Hig her sy stem reliab ility than softw are-on-server solu tions C isco AS A has 2 x the M TB F * than a server-b ased solu tion:

T y p ic a l serv er h a s M T B F of 5 0 k – 6 5 K h rsCisc o A S A h a s M T B F of 1 0 0 k – 1 5 0 K h rs

* M T B F c a l c u l a t i o n b a s e d o n T e l c o r d i a (B e l l c o r e ) S R -3 3 2 .

� Tig htly integ rated hig h availab ility services for firew all eases deploy ment and administration as opposed to third party approaches� R apid deploy ment throu g h the u ser-friendly Hig h Availab ility W iz ard

N ewi n 8 . 0 !

Active

Active


I ntellig ent N etw ork I nteg rationP r o v i d es S ea m less I n teg r a ti o n i n to N ex t-G en N etw o r k s

A d v an c ed N etw o rk S erv i c es� I nt r od u c e s mu lt i -p r ot oc ol ob j e c t g r ou p s f or s i g ni f i c ant ly s i mp li f i e d ob j e c t manag e me nt ( T C P , U D P , and I C M P ) – ne w i n 8 . 0 !

� S u p p or t s E I G RP ( ne w i n 8 . 0 ) , O S P F , and RI P v 2 d ynami c r ou t i ng

� P r ov i d e s Q o S tr a f f i c p r i o r i ti z a ti o n f or i mp r ov e d h and li ng of la ten c y sen si ti v e tr a f f i c

� Ad d s I P v 6 sup p o r t f or h yb r i d I P v 4 / I P v 6 ne t w or k e nv i r onme nt s

� D e li v e r s P I M sp a r se m o d e m ulti c a sts u p p or t f or i mp r ov e d s u p p or t f or s t r e ami ng d at a d e li v e r y s e r v i c e s , v i d e o c onf e r e nc i ng , and ot h e r mi s s i on-c r i t i c al r e al-t i me e nt e r p r i s e ap p li c at i ons

V V VV V VD D D D

Q ual ity of S erv ice

N ewi n 8 . 0 !


A SA M anag em ent


� C o n f i g u r a t i o n : A u t o U p d a t e , S S H , T e l n e t , X M L / H T T P S , a n d A S D M� R e a l -t i m e m o n i t o r i n g : S y s l o g , S N M P , H T T P S , a n d A S D M� S o f t w a r e u p d a t e s : A u t o U p d a t e , S C P , H T T P , H T T P S , a n d T F T P

W ide R ang e of M anag em ent SolutionsP r o v i d e S c a la b le, C o st O p ti m i z ed O p ti o n s f o r B usi n esses

� F a m i l y o f h i g h p e r f o r m a n c e a p p l i a n c e s d e s i g n e d t o p r o v i d e a u t o m a t e d a n a l y s i s o f s e c u r i t y e v e n t i n f o r m a t i o n t o h e l p i d e n t i f y , m a n a g e , a n d c o u n t e r a t t a c k s

� S u p p o r t s g e t t i n g e v e n t s f r o m w i d e r a n g e o f C i s c o a n d 3 rd p a r t y s o l u t i o n s —a n d a l s o a n a l y z e s N e t F l o w f o r a d d i t i o n a l i n t e l l i g e n c e

� O f f e r s e v e n t c o r r e l a t i o n , v i s u a l i z a t i o n , r u l e s e n g i n e , a n d r e p o r t i n g

� S c a l a b l e m a n a g e m e n t s o l u t i o n f o r w i d e r a n g e o f C i s c o s e c u r i t y s o l u t i o n s i n c l u d i n g r o u t e r s , s w i t c h e s , b l a d e s , a n d a p p l i a n c e s

� D e l i v e r s c e n t r a l i z e d m a n a g e m e n t o f f i r e w a l l , V P N , I P S / I D S , n e t w o r k i n g , a n d o t h e r s e r v i c e s v i a f l e x i b l e u s e r i n t e r f a c e

� S u p p o r t s d e v i c e g r o u p i n g f o r s i m p l i f i e d p o l i c y m a i n t e n a n c e� P r o v i d e s r o l e -b a s e d a d m i n a c c e s s a n d w o r k f l o w c a p a b i l i t i e s� A v a i l a b l e o n W i n d o w s (L i n u x v e r s i o n c o m i n g )

C i s c o S e c u r i t y M an ag e r ( C S -M an ag e r )

C i s c o M o n i t o r i n g an d R e s p o n s e S o l u t i o n ( C S -M AR S )

I n t e g r at e d R e m o t e M an ag e m e n t C ap ab i l i t i e s W i t h i n AS A


Cisco Adaptive Security D evice M anag er v6 . 0I n tr o d uc es a W ea lth o f N ew F ea tur es a n d U sa b i li ty E n h a n c em en ts

� F res h new interfac ep rov id es eas y ac c es s to all s erv ic es offered b y AS A

� S up p orts d rag -and -d ropand in-p lac e ed iting for s im p lified p olic y ed iting

� O ffers us er interfac e c us tom iz ation w ith d oc k ab le w ind ow s and toolb ars

� I ntrod uc es new F irew all D as h b oard th at p rov id es at-a-g lanc e s tatus of firew all s erv ic es

� Prov id es liv e ACL h itc ount in firew all rule tab le for eas y p olic y aud iting


Cisco A SD M v6 . 0 F ea ture H ig h lig h ts� Redesigned interface � S ecu rity D ash b o ards� P ack et T racer� P ack et C ap tu re W iz ard� S o ftw are U p gradeW iz ard


Cisco ASD M F eature H ig h lig h ts: P ack et T racerL i v e To o l to D eterm i n e D ay I n the L i f e o f a P ac k et

B e ne f i t s� E nab les policy tu ning and refining

� E nab les rapid trou b leshooting� S implifies fau lt isolation in complex policy environments

� F irst Pro-active D eb u g g ing Tool

P A C K E T T RA C I N GE nab les the inj ection of

arb itrary pack ets throu g h the sy stem to au dit policy

config u ration and enforcement


Cisco ASD M F eature H ig h lig h tsR eal-T im e Syslog V iew er

� S t r u c t u r e d s ys log si n r e al t i me v i e w e r� P r ov i d e s op t i onal c olor i ng of e v e nt sb as e d on s e v e r i t y� O f f e r s r e al-t i me i nt e r p r e t at i on of log me s s ag e s , w i t h p lai n E ng li s h e x p lanat i ons and r e c omme nd e d ac t i ons f or e ac h log me s s ag e


Cisco ASD M F eature H ig h lig h tsS ysl o g to A C L C o rrel ati o n F eatu res

S ys log M e s s ag e s now i nc lu d eu ni q u e h as h and li ne nu mb e rof AC L e nt r y t h at c r e at e d i t

B u t t ons i n AS D M L i v e L og v i e w e r allow ad mi ns t o v i e w / e d i t an e x i s t i ng AC L , or c r e at e a ne w AC L e nt r y


I P S 6 . 1 and R edesig ned M onitoring Application ( “I E V ”) – E x pected April 2 008

� C o m p l e t e I P S M an ag e m e n t an d M o n i t o r i n g s o l u t i o n f o r s m al l n e t w o r k s� I n t u i t i v e S t ar t u p W i z ar d� I n t e l l i g e n t R i s k R at i n g

b as e d P o l i c y C o n f i g u r at i o n� At -a-g l an c e D e v i c e D as h b o ar d� R e al -t i m e T r af f i c D as h b o ar d� R e al -t i m e an d h i s t o r i c al I P S E v e n t

V i e w e r� Au t o S i g n at u r e U p d at e� F l e x i b l e Al ar m R e p o r t i n g t o o l s� L i v e R S S F e e d s� S u p p o r t s u p t o 5 I P S s e n s o r s


Cisco Security M a na g erO v erv i ew

C entra l i z ed P o l i c y A d m i ni s tra ti o n

C en tral l y p rov isionp ol icies for firew al l s, VP N s, an d I P SVery scal abl eP ol icy in h eritan cefeature en abl es con sisten t p ol icies across en terp riseP ow erful d ev ice g roup in g op tion s

C on fig ure p ol icies for AS A, C isco® P I X ® F W , F W S M an d C isco I O S ® S oftw areS in g l e rul e tabl e for al l p l atform s I n tel l ig en t an al y sis of p ol iciesS op h isticated rul e tabl e ed itin g C om p resses th e n um ber of access rul es req uired

V P N A d m i ni s tra ti o nVP N W iz ard setup site-to-site, h ub-sp oke, an d ful l -m esh VP N s w ith a few m ouse cl icksC on fig ure rem ote-access VP N , DM VP N , an d E asy VP N d ev ices

S u p eri o r U s a b i l i ty

J um p start h el p : an ex ten siv e an im ated l earn in g toolF l ex ibl e m an ag em en t v iew s:• P ol icy -based • Dev ice-based • M ap -based• VP N M an ag er• I P S M an ag er• Dep l oy m en t M an ag er

IP S A d m i ni s tra ti o n

Autom atic up d ates to th e I P S sen sorsS up p ort for outbreak p rev en tion serv ices

F i rew a l l A d m i ni s tra ti o n

Ad m in ister p ol iciesv isual l y on tabl es ortop ol og y m ap


CS-M A R S “K now th e B a ttlef ield ”� G ain N etw ork I ntellig ence

T op olog y , traffic flow , d ev ic e c onfig uration, and enforc em ent d ev ic es

� C ontex tC orrelation™Correlates , red uc es and c ateg oriz es ev entsV alid ates inc id ents

Valid Incidents

Sessions

R u l esV er if y

I sol a t ed E v ent s��

� ��

� ��

Router Cfg.

F i rew a l l L og

S w i tc h Cfg.S w i tc h L og

S erv er L ogA V A l ertA p p L og

V A S c a n n er

F i rew a l l Cfg.

N etfl owN A T Cfg.

I D S E v en t

.

.

.


Cisco Security M A R S: “Connect th e D ots”

H Q -N I D S -2

C l o u d 40

H Q -F W -2

H Q -W E B -1

H Q -F W -1

C S AH Q -F W -3

C l o u d 39

H Q -S W -3

H Q -W A NE d g e R o u t e r

H Q -S W -1

C l o u d 4

I nt r u v e r t H Q -S W -2

M A R SD e m o 3 H Q -N I D S 1

C l o u d 42

H Q -S W -4

H Q H u b R o u t e r

B R H e a d -E nd R o u t e r

n-22. 22. 22. 0 / 24

C l o u d 5 n-10 . 1. 7 . 0 / 24

C l o u d 2

B R 2-I Q -R o u t e r

C l o u d 16

I nt r u v e r tS e ns o r

B R 2-N I D S -2

B R 2-N I D S -10

C l o u d 14

B R 2-I S S -H o s t 1

E nt e r c e p t

M g m t

n-192. 16 8. 2. 0 / 24

B R 2-N I D S -3

B R 2-N I D S -4

n-10 . 4. 14. 0 / 24

ns S x t p i x 5 0 6

C l o u d 27

n-10 . 4. 2. 0 / 24C P M o d u l e n-10 . 4. 13. 0 / 24

n-10 . 4. 15 . 0 / 24

B R 2-N I D S -9

n-192. 16 8. 0 / 24

ns 25

B R 3-R W -1

B R 2-N I D S -8

B R 3-I S S H o s t 1

B R 2-W A N -E d g e -R o u t e r

B R 2-N I D S -1 B R 2-N I D S -


D a ta R ed uction a nd a g g reg a tion3 , 1 3 0 , 8 3 1 e v e nt s

1 , 7 0 6 , 0 4 9 s e s s i ons 4 2 % d at a r e d u c t i on


CS-M A R S―E x tensive R ep orts


Cisco Security M A R S Prod uct Portf olio

� Rapid install within minutes� RA I D 1 + 0� O r ac le emb edded―N o D B A needed� N o J RE c o nf lic ts

1 R U1 2 0 G B1 , 5 0 0

5 0

2 0 R

4 R U4 R U3 R U3 R U1 R U1 R UR a c k S i z e1 T B1 T B7 5 0 G B7 5 0 G B1 2 0 G B1 2 0 G BR A I D S t o r a g eN / A3 0 0 , 0 0 01 5 0 , 0 0 07 5 , 0 0 02 5 , 0 0 01 5 , 0 0 0N e t F l o w F l o w s / S e cN / A1 0 , 0 0 05 , 0 0 03 , 0 0 01 , 0 0 05 0 0E v e n t s / S e c

G l o b a l C o n t r o l l e r2 0 01 0 01 0 0 e5 02 0C S -M A R S M o d e l

� A g entless ev ent c o llec tio n� L ay er 2 / 3 netwo r k to po lo g y and mitig atio n

N etF lo wD r illdo wn to M A C addr esses


Date post:	29-Jan-2017
Category:	Documents
Upload:	vuongkhanh
View:	245 times
Download:	1 times

Cisco ASA 5500 FW and IPS in Detail

Documents