Anticipate, block, and respond to threats

Cisco Firepower NGFW

Digital Transformation on a Massive Scale

Attack

Sophistication

Threat

Actors

Attack

Surface

Global Cybercrime Market: $450B to $1T

15B

500B

$19TOpportunity

Next 10 Years

Devices

In 2030

Devices

Today

Which dramatically expands what you have to worry about

New

demands

More

things

Threats are harder to stopVisibility is more elusiveAccess is tougher to manage

Specialized

threatsGlobal collaboration

Anywhere access

BYOD

Source: 2016 Verizon Data Breach Investigations Report

30%Phishing

messages

opened by the

target across

campaigns

They can’t help you once you’ve

been breached…

They’re only app-focused…

They’re another silo to manage…

Threat

Threat

Threat

Attack Continuum

BEFORE AFTERDURING

NGFW DDoS SandboxAcceptable useIPS

Other “next-generation” firewalls fix some problems but create new ones

Cisco Firepower NGFW is a complete solution

Detect earlier,

act faster

Gain more

insight

Reduce

complexity

Stop more

threats

Get more from

your network

Cisco Firepower™ NGFW

Fully IntegratedThreat Focused

Malware

Client applications

Operating systems

Mobile Devices

VOIP phones

Routers & switches

Printers

C & C

Servers

Network Servers

Cisco Firepower NGFW

Users

File transfers

Web applications

Application

protocols

Typical NGFW

The more you see, the better you can protect

Offering extensive contextual visibility

Threats

Typical IPS

Firewall & AVCThreat DefenseManagementIntegrations

Features:

Firewall & AVC

OpenAppID

Application Visibility & Control

Provide next-generation visibility into app usage

See and understand risks Enforce granular access control Prioritize traffic and limit rates Create detectors for custom apps

Cisco database

• 4,000+ apps

• 180,000+ Micro-appsNetwork & users

1

2

Prioritize traffic

OpenAppID

Extend AVC to proprietary and custom apps

Easily customize application detectors Detect custom and proprietary apps Share detectors with other users

Open-SourceSelf-Service

Decrypt 3.5 Gbps traffic over

five million simultaneous flows

SSL decryption engine

Uncover hidden threats at the edge

Log

SSL

decryption engine

Enforcement

decisions

Encrypted Traffic

AVC

http://www.%$&^*#$@#$.com

http://www.%$&^*#$@#$.com

Inspect deciphered packets Track and log all SSL sessions

NGIPS

gambling

elicit

http://www.%$*#$@#$.com

http://www.%$*#$@#$.com

http://www.%$*#$@#$.com

http://www.%$*#$@#$.com

http://www.%$*#$@#$.com

http://www.%$*#$@#$.com

http://www.%$*#$@#$.com

http://www.%$*#$@#$.com

http://www.%$*#$@#$.com

http://www.%$*#$@#$.com

Web controls

Block or allow access to URLs and domains

Classify 280M+ URLs Filter sites using 80+ categories Manage “allow/block” lists easily Block latest malicious URLs

Category-based

Policy Creation

Allow Block

Admin

Cisco URL Database

DNS Sinkhole

01

00

10

10

10

0

00

10

01

01

10

1

Security feeds

URL | IP | DNS

NGFWFiltering

BlockAllow

Safe Search

gambling

Additional Firewall Features

Improve traffic control with new features

Identity Integration

Target threats accurately

• ISE

• pxGrid

• VDI

Captive Portal

Enforce authentication

• Active/Passive

• NTLM

• Kerberos

Rate limiting

Control application usage

• Rule-based limits

• Reports

• QoS rules

True-IP Policy

Analyze headers in more depth

• X-Forwarded-For

• True-Client-IP

• Custom Headers

Tunnel Policy

Block unwanted traffic early

• Pre-filtering

• Priority policy

• Policy migration

Threat Defense

Next-Generation Intrusion Prevention System (NGIPS)

Understand threat details and quickly respond

Communications

App & Device Data

010111010010

10 010001101

010010 10 10

Data packets

Prioritize

response

Blended threats

• Network

profiling

• Phishing

attacks

• Innocuous

payloads

• Infrequent

callouts

3

1

2

Accept

Block

Automate

policies

ISE

Scan network traffic Correlate data Detect stealthy threats Respond based on priority

c

File Reputation

Advanced Malware Protection (AMP)

Uncover hidden threats in the environment

• Known Signatures

• Fuzzy Fingerprinting

• Indications of compromise

Block known malware Investigate files safely Detect new threats Respond to alerts

File & Device TrajectoryAMP for

Network Log

Threat Grid Sandboxing

• Advanced Analytics

• Dynamic analysis

• Threat intelligence

?

AMP for

Endpoint Log

Threat Disposition

Enforcement across

all endpoints

RiskySafeUncertain

Sandbox Analysis

Understand risks using reputation scoring See more through industry-leading research

Stop known threats from getting inSecurity Intelligence

URL Based

Block risky sites using a

classified database of

270 million+known URLs

DNS Based

Get real-time threat

intelligence based on

80 billion+daily DNS requests

IP Based

Filter out bad IPs

using a blacklist of

70,000+known IPs

Talos

Get real-time protection against global threats

Identify advanced threats Get specific intelligence Catch stealthy threats Stay protected with updates

Endpoints

Devices

Networks

NGIPS

WWW Web250+Researchers

Jan

24 x 7 x 365 Operations

Security Coverage Research Response

1.5 million daily malware samples

600 billion daily email messages

16 billion daily web requests

Threat Intelligence

Management

Firepower Management Center

Easily manage NGFWs across multiple sites

Manage across many sites Control access and set policies Investigate incidents Prioritize response

Firepower Management CenterCentralized management for multi-site deployments

Multi-domain management

Role-based access control

High availability

APIs and pxGrid integration

NGIPS

Firewall & AVC

AMP

Security Intelligence

…Available in physical and virtual options

Firepower Device Manager

Easily manage individual NGFWs

Set up easily Control access and set policies Investigate incidents Prioritize response

Firepower Device ManagerIntegrated on-box option for single instance deployment

Physical and virtual options

Easy set-up NAT and Routing

Role-based access controlIntrusion and Malware

prevention

High availability Device monitoring

VPN support

Smart Licensing

Know what and when you need to update

View software, services, and

devices in one easy to use portalActivate software automatically Extend licenses automatically

Track software usage with

regular reports to Cisco

Software

Services

Devices

Report

Migration assistance tool

Get help making the transition to Firepower

Prior ASA appliance Firepower NGFW

Policies Settings Groups Policies Settings Groups

Integrations

TrustSec

Identity Services Engine (ISE)

Ensure compliance before granting access

Set access control policies Propagate rules and contextRemediate breaches

automatically

pxGrid

Propagate

• User Context

• Device context

• Access policies

Employee Tag

Supplier Tag

Server Tag

Guest Tag

Quarantine Tag

Suspicious Tag

ISE

Policy automation

ISE

Establish a secure network

Firepower

Management Center

BYOD

Guest Access

Segmentation

Firepower Management Center

REST APIs and Third-party integration

Build on your solution with an open platform

Augment functionality with third party solutions Integrate custom-built features

Custom functionality

Third-party solutions

• Authentication tokens

• Access control

• Virtual switch

• Radware DDoS

• VDI identity

• VPN capabilities

APIs

API Explorer

SYN Flood attacks

DDoS attacks

Nonstandard packet attacks

Flood

Traffic

Radware DDoS vDP

Prevent network and application downtime

Stop attacks within seconds of detection Block or allow traffic automatically

Maintain up to 30 Gbpsthroughput for legitimate traffic

Handle 140,000connections per second

Block 1,200,000 packets of

flood traffic per second

110101010101000101011011101010010010101010101001010101011101010

010101101010101010001010110111010100100101010101010010101010111

010101001010100101010111010101010100010101101110101001001010101

Legitimate

Traffic Network and

Applications

Cloud scrub

Available in multiple deployment options

Cisco FirePOWER™

Services on ASA 5585-X

Cisco Firepower Threat

Defense on ASA 5500-X

Cisco Firepower™ 4100

Series and 9300

New

Appliances

And on high-end performance appliances…

Also available as standalone solutions

Dedicated

AMPNGIPS

only

Physical, virtual, and cloud options

• AWS

• Azure

Use cases

Security feeds

• URL

• IP

• DNS

0110110010101001010100

0010010110100101101101

Secure your company’s internet edge

I want to…

Stop threats at the edge ,

find and fix breaches, and

increase throughput.Firewall

AVCSSL

Decryption

Engine

NGIPS

#$%*

• Dynamic and Static NAT

• High Availability

• High Bandwidth

Private Network

DMZ

@

www

DNS

Internet

Block

Allow

AMP file inspectionAMP Threat Grid

DNS Sinkhole

Security feeds

URL | IP | DNS

0110110010101001010100

0010010110100101101101

Protect your data center at the edge

I want to…

Reduce the company’s

attack surface and detect

data center threats.Data Center Network

Financial

data

HR

data

In-house

app

• Clustering

• Support for North-South

and East-West traffic

SecurePrepare Define policies Uncover threats Respond Remediate

Data Center Edge

TrustSecHR

Finance

DevOps

Firewall

NGIPS

• High Availability

• High Bandwidth

SSL

Decryption

Engine

#$%*

AVC

Block

Allow

AMP file inspectionAMP Threat Grid

Access Layer

Apps www Database

Apps www Database

Security feeds

URL | IP | DNS

0110110010101001010100

0010010110100101101101

Keep threats out of campus security domains

I want to…

Protect against threats

while meeting campus

bandwidth demands.

Data Center

Edge

TrustSec

Campus

Distribution

Core

NGIPSAVC

Block

Allow

SSL

Decryption

Engine

#$%*

Firewall

AMP file inspectionAMP Threat Grid

Enforce acceptable use within the organization

Stop risky web traffic,

control application use,

and allocate bandwidth.

I want to…

NetworkFirewall

Filter

unwanted

URLs

www

Block

Allow

Partial Block

Define

access

control

1

2

Prioritize

Traffic

User identity

www

Gambling Application

4000+ web and in-

house applications

…and additional

custom applications

Reputation scoringSSL Decryption Engine

#$%*

Decrypt

hidden

trafficwww

Defend the network with Rapid Threat Containment

Firepower

Management Center

ISE

Alerts

pxGrid

Automatic Isolation

I want to…

www

Isolate compromised

resources quickly before

the problem grows.

TrustSec

Employee Tag

Supplier Tag

Guest Tag

Quarantine Tag

Quarantine Tag

Alerts

pxGrid Receive alert of

intrusion event

Issue quarantine

command

Only Cisco delivers…

… superior protection and visibility to address new demands, more things, and specialized threats

Detect earlier,

act faster

Gain more

insight

Reduce

complexity

Stop more

threats

Get more from

your network

Fully IntegratedThreat Focused

17.5 hoursAverage time to detection

with Cisco security

100 daysIndustry average time

to detection

The results speak for themselves

Source: Cisco Annual Security Report 2016

• With this offer, you will:

• Gain valuable information on your network including critical attacks

• Reduce risk and make security a growth engine for your business

• This offer is valid through December 29th, 2016 in Austria, Belgium, Denmark, Finland, France, Germany, Ireland, Italy, Luxemburg, Netherlands, Norway, Spain, Sweden, Switzerland and United Kingdom.

• For more information and to request a Threat Scan POV, go to www.cisco.com/go/threatscanpov

How to benefit from our Free Risk Assessment?

Cisco Threat Scan Proof of Value Programme