Peter Mesjar

CCIE 17428, Systémový Inžinier, Cisco

Sieťová ochrana pre malé a stredné podniky pred modernými hrozbami

Cisco ASA 5500-X NGFW

2 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public

What are we going to talk about

Problem is THREATS

•  How today’s malware works?

•  What is the impact?

Cisco Solution

•  Layered approach

•  Multiple services

Demo time!

•  See the solution

Problem is THREATS

4 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public

You heard about these in the news

!  “95% of large companies are targeted by malicious traffic, and 100% of organizations have interacted with websites that host malware.” -2014 Cisco Annual Security Report

!  Sony Pictures, December 2014

!  Personal employee information, email exchanges and movies before premiere leaked

!  Target Breach, December 2013

!  40 million credit cards stolen

!  70 million personal records stolen

…and many more

s

http://www.businessweek.com/articles/2014-03-13/target-

missed-alarms-in-epic-hack-of-credit-card-data

5 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public CisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisco co co co co co co co co co co co co co co co ASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASA fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo for Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr SMB MB MB MB MB MB MB MB MB MB MB MB MB MB MB MB MB MB MB MB MB MB MB MB MB MB MB MB andandandandandandandandandandandandandandandandandandandandandandandandandandandandandandandandand Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Di Distrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstrstribuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibuibutedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedtedted En En En En En En En En En En En En En En En En En En En En En En En En En En En En En En En Enterterterterterterterterterterterterterterterterterterterterterterterterterterterterterterterterterpripripripripripripripripripripripripripripripripripripripripripripripripripripripripripripriprise se se se se se se se se se se se se se se se se se se se se se se PrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePrePresensensensensensensensensensensensensensensensentattattattattattattattattattattattattattattationionionionionionionionionionionionionionionion | | | | | | | | | | | | | | | | | | | | © 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2© 2015015015015015015015015015015015015015015015015015015015015015015015015015 Ci Ci Ci Ci Ci Ci Ci Ci Ci Ci Ci Ci Ci Ci Ci Ci Ci Ci Ci Ci Ci Ciscoscoscoscoscoscoscoscoscoscoscoscoscosco an an an an an an an an an an an an an an an an an an an and/od/od/od/od/od/od/od/od/od/od/od/od/od/od/od/od/od/od/or ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir its ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts ts aff

http://blogs.cisco.com/talos/teslacrypt

http://blogs.cisco.com/

security/talos/ctb-locker-win10

6 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public

Anatomy of Data Breach

enterprise network

Attacker

Perimeter

(Inbound)

Perimeter

(Outbound)

Infiltration and Backdoor establishment

1

C2 Server

ion and kdoor establishmenkdoor establishmenment ment

Perimemeteter te

(I(Inbnboundound) ) ound(I(Inbououououououndndnd) ouououououndou

eeeneennteeeennn rpppprriseeeerrrp e nnnneeeeetwse twwooorrrrrkkkkk w

Admin Node

(Outbound)d)d)

PePeririmeteter r ter r teter r

Reconnaissance and Network Traversal

2

Exploitation and Privilege Elevation

3

Staging and Persistence (Repeat 2,3,4)

4

Data Exfiltration

5

7 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public

Anatomy of Data Breach

8 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public

http://talosintel.com/angler-exposed/

http://blogs.cisco.com/security/talos/

project-aspis

How much money are attackers making?

9 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public

Malvertising – Compromise via legitimate websites

10 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public

How does malvertising work?

CisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisCisco co co co co co co co co co co co co co co co co co co co co co co co co co co ASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASAASA fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo fo for Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr Sr SMB MB MB MB MB MB MB MB MB MB MB and Distributed Enterprise Presentation | © 2015 Ciscoscoscoscoscoscoscoscoscosco an an an an an an an an an an an an an an an an an an and/od/od/od/od/od/od/od/od/od/od/od/od/od/od/od/or ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir ir its ts ts ts ts ts ts ts affiliates. All rights r

11 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco: Covering the entire continuum

Attack Continuum

FireSIGHT & PXGrid

ASA

NGFW

Secure Access + Identity Services

VPN

Meraki

NGIPS

ESA/WSA

CWS

Advanced Malware Protection

Cognitive

BEFORE Detect Block

Defend

DURING AFTER BEFOREBEFOREDIscover Enforce

Harden

AFTERAFTERScope

Contain

Remediate

ThreatGRID

Services

Cisco Solution

13 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public

Start with the right appliance

Max stateful inspection throughput 750 Mbps 1 Gbps 1.8 Gbps

VPN throughput 100 Mbps 175 Mbps 250 Mbps

Max AVC throughput 250 Mbps 450 Mbps 850 Mbps

Max AVC and NGIPS throughput 125 Mbps 250 Mbps 450 Mbps

AVC or IPS sizing throughput [440B] 90 Mbps 180 Mbps 300 Mbps

Max concurrent sessions 50,000 100,000 250,000

Max connections per second (CPS) 5,000 10,000 20,000

Features ASA 5506-X

5506W-X | 5506H-X ASA 5508-X ASA 5516-X ~1.5x

to 2x

~1.5x

to 2x

Cisco Trust Anchor validates the source of the image file and protects against hardware tampering and counterfeiting

14 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public

Foundational Functionality Built-in firewall services to provide base protection and connect with other security solutions

Stateful Firewalling VPN Capabilities Policy Enforcement Point for ISE

FirePOWER Services Subscription services that run on the ASA and provide enhanced levels of threat protection and network visibility

Advanced Malware Protection

Next-Generation Intrusion Prevention

System

URL Filtering Application Visibility and Control

Services

AMP

Stateful

Firewalling

AVC

URL

Filtering

NGIPS

VPN

Capabilities

Add security services to help defend your network

Included by default

Foundational Functionality Built-in firewall services to provide base protection and connect with other security solutions

Stateful Firewalling VPN Capabilities Policy Enforcement Point for ISE

FirePOWER Services Subscription services that run on the ASA and provide enhanced levels of threat protection and network visibility

Advanced Malware Protection

Next-Generation Intrusion Prevention

System

URL Filtering Application Visibility and Control

15 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public

Back it up with world’s largest threat intelligence

16 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public

Back it up with world’s largest threat intelligence

17 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public

No other firewall offers extensive contextual visibility

Malware

Client applications

Operating systems

Mobile Devices

VOIP phones

Routers & switches

Printers

C & C Servers

Network Servers

Users

File transfers

Web applications

Application protocols

Threats

Typical IPS

Typical NGFW

Cisco ASA with FirePOWER Services

The more infrastructure you see, the better protection you get

18 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public

How to manage Cisco’s solution

Adaptive Security Device Manager (ASDM)

on-box manager

FireSIGHT

Management Center

19 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public

Off-box Firesight Management Center

IT Insight Spot rogue hosts, anomalies, policy

violations, and more

Impact Assessment Reduce actionable events by

up to 99% with correlation

Automated Tuning Adjust IPS policies automatically

based on network change

User Identification Associate users with security

and compliance events

Indications of

Compromise Identify the machines

most likely to be owned

20 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public

Next-Generation Firewall Security Value Map

NSS Labs:

Source: NSS Labs 2014

The NGFW Security Value Map shows the

placement of Cisco® ASA with FirePOWER

Services and the FirePOWER™ 8350 as

compared to other vendors. All products

achieved 99.2 percent in security effectiveness.

Now customers can be confident they’ll get the

best protections possible, regardless of

deployment.

21 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public

NSS Labs: Intrusion Prevention Systems Security Value Map

Source: NSS Labs 2014

Based on individual and comparative testing of

vendors in the IPS market Cisco FirePOWER™

NGIPS* leads the Security Value Map and

provides the best protection possible while

also leading

the class in total cost of ownership.

* Formerly Sourcefire FirePOWER

Sourcefire Virtual IPS Sourcefire 3D8120 Sourcefire 3D8250 Sourcefire 3D8260

22 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public

NSS Labs: Breach Detection Systems Security Value Map

Source: http://blogs.cisco.com/tag/nss-labs

For the second year in a row, we have third-

party validation from NSS Labs that we provide

the most effective security available in the

market today. Cisco Advanced Malware

Protection (AMP) was tested along with seven

other vendors and achieved a 99.2% security

effectiveness score – the highest of all vendors

tested in the 2015 NSS Labs Security Value Map

(SVM) for Breach Detection Systems.

23 Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public

Check out these additional resources

Cisco Security Blogs:

http://blogs.cisco.com/security

Cisco ASA NGFW Data Sheet:

http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/

datasheet-c78-733916.html

Cisco Talos Security Intelligence & Research:

http://www.cisco.com/c/en/us/products/security/talos.html

http://www.talosintel.com/

Cisco Security Advisories & Alerts:

http://tools.cisco.com/security/center/home.x

BRKSEC-2010 – Emerging Threats – The State of Cyber Security (Cisco Live 2015 San Diego):

https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=84150&backBtn=true