techwisetv workshop: firepower next generation firewall
TRANSCRIPT
![Page 1: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/1.jpg)
Title Goes Here
Firepower NGFW Bill Mabon and Jason Wright
March 23, 2016
![Page 2: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/2.jpg)
Bill Mabon, Sr. Manager, Network Security Product Marketing
March 23, 2016
Announcing the First Fully Integrated, Threat-Focused, Next-Generation Firewall with Unified Management
Firepower NGFW
Jason Wright, Sr. Manager, Vertical and Solutions Marketing
![Page 3: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/3.jpg)
What we’ve just announced
Firepower NGFW
Firepower 4100 Series
Firepower Management
Center 6.0
Firepower NGFW is the
industry’s first fully
integrated threat-focused
next-generation firewall with
unified management.
Firepower 4100 Series
appliances provide a threat-
focused NGFW security
platform; the industry’s first
1RU platform with 40Gb
interfaces.
Firepower Management
Center provides complete,
unified management of
Firepower NGFW,
Firepower NGIPS and Cisco
AMP deployments.
![Page 4: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/4.jpg)
Branding Terms
Firepower NGFW New NGFW brand
Firepower Threat Defense New unified appliance software
Firepower Management Center New unified manager
Firepower Appliances New Firepower 4100 Series and Firepower
9300 appliances.
ASA with FirePOWER Services
• ASA Appliances with ASA and
Firepower software, application
firewalling and threat defense.
• The ASA and FirePOWER functions
have separate managers.
What You Know Just Announced
![Page 5: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/5.jpg)
Integrated Architectural Approach
Best of Breed Portfolio
Cisco’s Unique Approach
![Page 6: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/6.jpg)
Cisco Security Momentum
![Page 7: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/7.jpg)
Customers Prefer Cisco 2016 CIO Survey Findings
Piper Jaffray
![Page 8: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/8.jpg)
Customers Prefer Cisco 2016 CIO Survey Findings
UBS
![Page 9: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/9.jpg)
Customers Prefer Cisco 2016 CIO Survey Findings
Barclays
![Page 10: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/10.jpg)
Advanced Malware Protection: Exponential Growth
0
2000
4000
6000
8000
10000
12000
Q3 FY14 Q4 FY14 Q1 FY15 Q2 FY15 Q3 FY15 Q4 FY15 Q1 FY16 Q2 FY16 Proj
To
tal #
of
Ad
v.
Th
reat
Cu
sto
mers
Cisco AMP Vendor A Vendor B
10,800+ Total Customers
![Page 11: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/11.jpg)
The NGFW Problem, and How Cisco Has Responded
![Page 12: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/12.jpg)
Legacy NGFWs are app, not threat, focused. And they compound the management burden.
NGFW
DDoS Sandbox URL IPS
Focused on apps; ineffective threat defense. And become yet another silo to manage …
Threat
Threat
Threat
![Page 13: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/13.jpg)
Attack Continuum
GAP
The industry focus has been protecting before, but not during and after, attacks
Enable applications
Typical NGFW
BEFORE AFTER DURING
Silos
DDoS Sandbox URL IPS Incident
Response
![Page 14: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/14.jpg)
What does a fully integrated NGFW with unified management do?
Detect earlier,
act faster
Gain more
insight Reduce
complexity
Get more from
your network
Stop more
threats
T h r e a t - f o c u s e d F u l l y I n t e g r a t e d
Cisco Firepower NGFW
- Superior
effectiveness
before, during,
and after
attacks
- Detect and
contain rapidly
— as quickly as
hours — not
months
- Industry
leading
visibility, with
automated
and prioritized
response
- Unified
management
and fewer
vendors
- Enhance security,
leverage existing
investments, with
Cisco and 3rd
party integrations
![Page 15: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/15.jpg)
“You can’t protect what you can’t see”
Gain more insight with increased visibility
Malware
Client applications
Operating systems
Mobile Devices
VOIP phones
Routers & switches
Printers
C & C
Servers
Network Servers
Users
File transfers
Web
applications
Application
protocols
Threats
Typical IPS
Typical NGFW
Cisco Firepower NGFW
![Page 16: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/16.jpg)
Speed Impact Assessment and Response
Correlates all intrusion events
to an impact of the attack against the target
Impact Flag Administrator
Action Why
1 Act immediately;
vulnerable
Event corresponds
to vulnerability
mapped to host
2 Investigate;
potentially vulnerable
Relevant port open
or protocol in use,
but no vulnerability
mapped
3 Good to know;
currently not
vulnerable
Relevant port not
open or protocol
not in use
4 Good to know;
unknown target
Monitored network,
but unknown host
0 Good to know;
unknown network Unmonitored network
1
6
![Page 17: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/17.jpg)
Streamline Operations Recommend Rules to Improve Defenses
1
7
![Page 18: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/18.jpg)
Indications of Compromise (IoCs)
IPS Events
Malware backdoors
Exploit kits
Web app attacks
CnC connections
Admin privilege escalations
Security Intelligence
Connections
to suspect
IP, DNS, URL
Malware Events
Malware detections
Office/PDF/Java
compromises
Malware executions
Dropper infections
1
8
![Page 19: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/19.jpg)
IOC Data In Context Explorer
1
9
![Page 20: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/20.jpg)
Cisco: 17.5 hours Industry TTD rate*: 100 days
Earlier detection, faster action, less damage
• Automated attack
correlation
• Indications of
compromise
• Local or cloud
sandboxing
• Malware infection
tracking
• Two-click
containment
• Malware analysis
Source: Cisco 2016 Annual Security Report
*Median Time to Detection (TTD)
JAN
MONDAY
1
JAN
FEB
MAR
APR
![Page 21: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/21.jpg)
Value of Retrospective Security
0
100000
200000
300000
400000
500000
600000
700000
800000
Detection RestrospectiveDetection
Detection RestrospectiveDetection
Detection RestrospectiveDetection
Detection RestrospectiveDetection
Sep Oct Nov Dec
TOTAL
Relying on
initial detection
technologies alone is
insufficient.
![Page 22: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/22.jpg)
Firepower Management Center
Reduce complexity with simplified, consistent management
• Network to endpoint visibility
• Manages firewall, applications, threats, & files
• Track, contain, recover remediation tools
Unified
• Central, role-based management
• Multi tenancy
• Policy inheritance
Scalable
• Impact assessment
• Rule recommendations
• Remediation APIs
Automated
![Page 23: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/23.jpg)
Shared intelligence
Shared contextual
awareness
Consistent policy
enforcement Firepower Management Center
Get more with advanced intelligence and integrated defense
Talos
Firepower 4100 Series Firepower 9300 Platform
Visibility Radware
DDoS Network analysis Email Threats
Identity & NAC DNS Firewall URL
![Page 24: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/24.jpg)
New Platforms: Take a Look …
![Page 25: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/25.jpg)
Firepower 4100 Series Introducing four new high-performance models
Performance and
Density Optimization Unified Management
Multi-service
Security
• Firepower Threat Defense
integrated inspection for FW,
NGIPS, AVC, URL, AMP
• Containerization for third-party
security services
• 10G and 40G interfaces
• Up to 60 Gbps throughput
• 1 RU form factor
• Low Latency
• Single management interface
with Firepower Threat Defense
• Unified policy with inheritance
• Choice of management
deployment options
![Page 26: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/26.jpg)
Firepower 9300 Platform
Benefits • Integration of best-of-breed
security • Dynamic service stitching
Features* • ASA container • Firepower Threat Defense
container • NGIPS, AMP, URL, AVC
• 3rd Party containers • Radware DDoS
Benefits • Standards and interoperability • Flexible Architecture
Features • Template driven security • Secure containerization for
customer apps • Restful/JSON API • 3rd party orchestration /
management
Benefits • Industry Leading Performance / RU
• 600% Higher Performance • 30% higher port density
Features • Compact, 3RU form factor • 10G/40G I/O; 100G ready • Terabit backplane • Low latency, Intelligent fastpath • NEBS ready
* Contact Cisco for services availability
Modular Carrier Class Multi-service
Security
High-speed, scalable security
![Page 27: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/27.jpg)
Firepower with Leading DDoS Mitigation
DDoS FW NGIPS
Radware
DefensePro
for Firepower
DDoS Attack
Protection
Behavioral analysis
technology
Real-time attacks
protection
Widest attacks
coverage Most accurate
detection and mitigation
Detect and mitigate
attacks in seconds
Cisco Firepower 9300
![Page 28: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/28.jpg)
Third-Party Validation
![Page 29: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/29.jpg)
Cisco is the ONLY NGFW with a Market Leading NGIPS
Gartner’s Magic Quadrant for Intrusion Prevention Systems
Craig Lawson, Adam Hils, Claudio Neiva 16 November 2015
This graphic was published by Gartner,
Inc. as part of a larger research
document and should be evaluated in
the context of the entire document. The
Gartner document is available upon
request from Cisco.
Gartner does not endorse any vendor, product or service
depicted in its research publications, and does not advise
technology users to select only those vendors with the highest
ratings. Gartner research publications consist of the opinions
of Gartner's research organization and should not be
construed as statements of fact. Gartner disclaims all
warranties, expressed or implied, with respect to this research,
including any warranties of merchantability or fitness for a
particular purpose.
![Page 30: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/30.jpg)
AMP: Ranked Superior 2 Years Running
99.2% Security Effectiveness rating in BDS testing, the
highest of all vendors tested.
Only vendor to block 100% of evasion techniques
during testing.
Excellent performance with minimal impact on network,
endpoint, or application latency.
Download the flysheet and full report here.
Cisco AMP offers superior security effectiveness,
excellent performance, and provides security across
more attack vectors than any other vendor
![Page 31: TechWiseTV Workshop: Firepower Next Generation Firewall](https://reader034.vdocuments.net/reader034/viewer/2022042611/587d34541a28ab2a448b5a5f/html5/thumbnails/31.jpg)
Title Goes Here
Thank you for watching.