Beruflich Dokumente
Kultur Dokumente
Summary
AMP
Roadmap
CORPORATE
OWNED
90%
90%
ofof organizations
fully
aware
organizations notnotfully
aware
of
the devices
accessing
their
theof devices
accessing
their network
network
REAL-TIME
SOCIAL MEDIA
EMAIL
14%
CLOUD
APP
STORES
DATA
CENTER
ENTERPRISE
APPS
5-10
times more cloud services
being used than are known by
IT
92%
of top 500 Android apps carry
security/privacy risks
Impact of a Breach
Breach
occurs
START
of breaches
data in breaches is
remain undiscovered
stolen in
for
HOURS
Information of up to
individuals on the
black market over last
three
MONTHS
YEARS
Announcing September 16
Industrys First Threat-Focused NGFW
Proven Cisco ASA firewalling
Industry leading NGIPS and AMP
Cisco ASA with FirePOWER Services
111100 011 1010011101 1000111010011101 10001110 10011 101 010011101 1100001110001110 1001 1101
1110011 0110011 101000 0110 00
11 0100 11101 1000111010011101 1000111010011101 1100001 1100 0111010011101 1100001110001110
1001 1101 1110011 0110011 101000 0110 00
0111100 011 1010011101 1
Legacy NGFWs can reduce attack surface area but advanced malware often evades security controls
Benefits
Clustering &
High Availability
Network
Firewall
Routing |
Switching
Intrusion
Prevention
(Subscription)
Advanced
Malware
Protection
FireSIGHT
Analytics &
Automation
Application
Visibility &
Control
(Subscription)
URL Filtering
(Subscription)
Built-in
Network
Profiling
Cisco ASA
WWW
Identity-Policy
Control & VPN
URL filtering
Advanced malware protection
FirePOWER Services
Threats
Users
Web Applications
Application Protocols
File Transfers
Malware
Command & Control Servers
Client Applications
Network Servers
Operating Systems
Routers & Switches
Mobile Devices
Printers
VoIP Phones
Virtual Machines
Typical IPS
Typical NGFW
Multilayered
protection in a single
device
$144.000
Highly scalable
Automates security
$72.000
tasks
- Impact assessment
- Policy tuning
- User identification
Integrates with third-
party securitysolutions
$59.400
$24.300
$18.000
$3.000
Impact Assessment of
IPS Events
IPS Tuning
Typical IPS
Next-Generation IPS
Breadth of
Control Points
WWW
Endpoints
Web
Network
IPS
Devices
Telemetry
Stream
Continuous Feed
File Fingerprint and Metadata
File and Network I/O
Process Information
Continuous Analysis
Key Techniques:
Result:
Multiple Indications of Compromise (IoCs) identified
the malware infection
Typical NGFW
Superior
Partial or Not
Available
Superior
Not Available
Superior
Not Available
Superior
Not Available
Superior
Available
Superior
Available
Superior
Not Enterprise-Grade
Superior
*Available
*HA Capabilities vary from NGFW vendorOnly Check Point and McAfee Support Clustering
Up to 60 Gbps FP8390,
stackable to 120Gbps
Threat-inspected
Position for:
- On Box SSL
- On Box Manager
Position for:
- Edge and Enterprise Networks
- Clustered DC
Position for:
- Data Center (DC-CVD)
- Very High Throughput
- IPS-only Refresh
FirePOWER Appliances
Why Upgrade?
High Performance
ASA 5555-X
4 Gbps FW Throughput
ASA 5545-X
3 Gbps FW Throughput
ASA 5525-X
2 Gbps FW Throughput
ASA 5515-X
1.2 Gbps FW Throughput
Next-Generation IPS
ASA 5512-X
1 Gbps FW Throughput
5512-X
5515-X
5525-X
5545-X
5555-X
5585-10
5585-20
5585-40
5585-60
Classic IPS
Module
150
250
400
600
850
1150
1500
3000
5000
FirePOWER
AVC or IPS
100
150
375
575
725
1200
2000
3500
6000
FirePOWER
IPS + AVC
75
100
255
360
450
800
1200
2100
3500
FirePOWER
IPS + AVC +
AMP
60
85
205
310
340
550
850
1500
2300
Order Structure
or
1. New Appliance
ASA 5585-X with ASA 5500-X with
FirePOWER
FirePOWER
Services
Services
FirePOWER
Services
Blade
Upgrade
SSD +
FirePOWER
Services Upgrade
License
One of the Five IPS, URL Filtering, Advanced Malware Subscription packages
Cisco FireSIGHT Manager Virtual or FireSIGHT Appliance (required) Must run ASA
9.2.2.4+,
Cisco Security Manager (CSM) (optional)
FirePOWER
SMARTnet / SASU
3. Management Systems Services 5.3.1+
2. Security Subscriptions
URL
AMP
AMP
URL
IPS
IPS
IPS
IPS
URL
TA
TAC
TAM
TAMC
Superior Visibility
Full contextual
awareness to
eliminate gaps
Integrated
Threat Defense
Best-in-class, multilayered
protection in a
single device
Automation
Simplified operations
and dynamic response
and remediation
Why AMP?
Attackers are determined and resourceful
Where do I start?
What is the scope and how bad is the situation?
What was the point and method of entry?
Can I control and remediate across gateways,
networks, and endpoints?
Comprehensive Security
Solutions
BEFORE
Control
Enforce
Harden
DURING
Detect
Block
Defend
AFTER
Scope
Contain
Remediate
File Retrospection
File Trajectory
Network
Contextual Awareness
Control Automation
Endpoint
File Execution Blocking
Indications of
Compromise
Outbreak Control
File Reputation
File Sandboxing
File Retrospection
BEFORE
DURING
AFTER
Control
Enforce
Harden
Detect
Block
Defend
Scope
Contain
Remediate
Filtering
Malware Signature
File Retrospection
Usage Controls
File Reputation
Threat Analytics
Reputation
File Behavior
Network Appliance
Endpoint
File Analysis
File Trajectory
BEFORE
Block
DURING
Detect
File Reputation
File Sandboxing
Monitor
File Retrospection
IoCs
Investigate
AFTER
Device Trajectory
Threat Hunting
Control
Outbreak Control
Structural information
Referred DLLs
PE header
Send this feature print to the AMP Cloud
AMP Cloud
and Quarantine
Application Control
Private Cloud
AMP Cloud
Windows
Mac
Android
Hash Lookups
SHA256
SHA256
SHA1
Ethos
Spero
Retrospective Alerting
File Quarantine
Application Control
Supported Clouds
Public, Private
Public
Public
Managed by
FireSIGHT Management Center
File Detection
One-to-One SHA256
Spero
FirePOWER Appliance
File Trajectory
Retrospective Alerting
Dynamic Analysis
Policy based automatic file submission
AMP Cloud
FirePOWER Appliance
Endpoint
Connectors
AMP Cloud
Retrospective Analysis
Device Trajectory
File Trajectory
Root Cause
Tracking and Outbreak Control
Connectors
File Query, Enterprise
(Connector ID, SHA, Spero, Ethos)
Response Disposition
PING2 Query
SHA Conviction
Retrospective
Queue
Changed Disposition
On-premise
Appliance
Spero, Ethos
(Locally evaluated)
Response Disposition
AMP
Cloud
Retrospective
Queue
PING2 Query
Changed Disposition
Changed Disposition
SHA Conviction
PING2 Query
Retrospective
Queue
Spero, Ethos
(Locally evaluated)
Response Disposition
AMP Everywhere
Events /
Correlation
FireSIGHT
CWS
Cloud Connected
On-Premises
ASA
WSA
FireAMP
FirePOWER
ESA
Dynamic Analysis
Endpoint
Network
Gateway
Sandbox
Dynamic Analysis
Cisco
Security
Manager
Endpoint
Connectors
AMP Cloud
On-Premise
Delivery Model
(above plus these)
Q114
Q214
FireAMP 4.5
FireAMP 4.5.2
/Connector 3.1.9
Cloud IOC Support
Remote File Extraction
Elastic Search
Low Prevalence Report Mac OSX Connector 1.x
Mac OSX Connector 1.0 Parity Completion
Mac OSX Support
Q314
Endpoint OpenIOC
License Enforcements
Bitters v5.3
0-day malware detection (cloud based
sandbox)
Legend:
Endpoint Component
Network Component
Content Component
Common Use
FireAMP Private
Cloud 1.0
FireAMP
Linux Connector 1.0
Linux Support
Dynamic Analysis
Q215
FireAMP 5.2
Enhanced RBAC
MD5
POS Connector 1.0
Support for POS
Drambuie v6
File preclassification
engine
EU Cloud support
Chivas v5.4
Integrated SSL Decryption,
Elektra
AMP (Sourcefire) on
ASA
AMP on Web/Mail/Cloud
(ESA/WSA/CWS)
Virtual Appliance
Proxied Cloud w/ Local Mgmt and Reporting
Q115
Q414
2.0
Private Cloud
Air-gapped
License Enforcements
Dynamic Analysis
CONTACT
For more info regarding our Security Solution please use the contact
details below:
Adresa
Splaiul Independentei nr.179,
Corp B, Sector 5,
Bucuresti, 050099
Phone: +40 21 3178787
Fax: +40 21 3179797
Email: office@datanets.ro
Member of Soitron group of
companies.
Q&A
Thank you for your attention.