This document discusses Cisco's next generation security strategy and solutions. It outlines Cisco's approach of integrating products to provide unified visibility, advanced threat protection, and consistent control across networks, endpoints, cloud, and mobile environments. It highlights key Cisco security technologies like FirePOWER, Advanced Malware Protection (AMP), and Identity Services Engine (ISE) and how they work together to provide defense, detection, and remediation against evolving threats.

1. Next Generation Security
Fuat KILIÇ
Consulting Systems Engineer -
Security
Ali Fuat TÜRKAY
Product Sales Specialist -
Security

2. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

3. Cisco and/or its affiliates. All rights reserved. Cisco Public
All were smart. All had security.
All were seriously compromised.
Today’s Real World: Threats are evolving and evading traditional
defense

4. Cisco and/or its affiliates. All rights reserved. Cisco Public
What would you do if you knew you would be compromised?!
BEFORE
Discover
Enforce
Harden
DURING
Detect
Block
Defend
AFTER
Scope
Contain
Remediate
Network Endpoint Mobile Virtual Email & Web
ContinuousPoint-in-time
Attack Continuum
Cloud

5. Cisco and/or its affiliates. All rights reserved. Cisco Public
The Silver Bullet Does Not Exist…
“Captive Portal”
“It matches the pattern”
“No false positives,
no false negatives.”
Application
Control
FW/VPN
IDS / IPS
UTM
NAC
AV
PKI
“Block or Allow”
“Fix the Firewall”
“No key, no access”
Sandboxing
“Detect the
Unknown”

6. Cisco and/or its affiliates. All rights reserved. Cisco Public
Customer Value Proposition
Cisco
Security
Solutions
Unmatched
Visibility
Advanced
Threat Protection
Consistent
Control
Flexibility
& Choice

7. Cisco’s Strategy
Integrated Platform for Defense, Discovery and Remediation
Firewall Content Gateways Integrated Platform Virtual Cloud
Device
Data
Center
Network
Access Control
Firewall
Content Aware
Applications
Context Aware
Identity, Data,
Location
Threat Aware
Malware, APT

8. Cisco and/or its affiliates. All rights reserved. Cisco Public
Gartner Defines Next-Generation IPS
8
NGIPS Definition
• Standard First-Gen IPS
• Context Awareness
• Application Awareness
and full-stack visibility
• Content Awareness
• Adaptive Engine
Download at Sourcefire.com
*Source: “Defining Next-Generation Network Intrusion Prevention” Gartner, October 7, 2011

9. Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public
FirePOWER Platform
http://
http://WWW WWW
WWW
WWW
FireSIGHT Management
Center
FireSIGHT Management Center
• Context Awareness
• Operating System Identification
• Fingerprint Applications (Web, Protocol & Client Versions)
• Service Enumeration (HTTP, SMPT, RDP…etc)
• Users Awareness
• 24x7 Monitoring (Passive & Inline)
• Identify Assets Potential Vulnerabilities (Weakness)
• Leveraging Visibility/vulnerabilities to “Adapt”
• Access Control Rules Enforcement
• Alerting, Correlation & Packets Capture
FirePOWER Platform/Services
• Inspect, Detect, Drop, Allow…etc
• IPS, Application Control, Malware Inspection & URL
Rating
• Inline, Passive & Hybrid
Context Awareness in Intrusion Events

10. Cisco and/or its affiliates. All rights reserved. Cisco Public
FireSIGHT – Unique Visibility
Typical
NGFW
Cisco
FireSIGHT
System
Typical
IPS

11. Cisco and/or its affiliates. All rights reserved. Cisco Public
Building Host Profile
OS & version
Identified
Server applications
and version
Client Applications
Who is at the host
Client Version
Application
What other systems /
IPs did user have,
when?
§ Converting Data into Information

12. Cisco and/or its affiliates. All rights reserved. Cisco Public
FireSIGHT Impact Assessment
Correlates all intrusion events
to an impact of the attack against the target
Impact Flag
Administrator
Action
Why
1 Act immediately,
vulnerable
Event corresponds
to vulnerability
mapped to host
2 Investigate,
potentially vulnerable
Relevant port open
or protocol in use,
but no vuln mapped
3
Good to know,
currently not
vulnerable
Relevant port not
open or protocol
not in use
4 Good to know,
unknown target
Monitored network,
but unknown host
0 Good to know,
unknown network
Unmonitored network

13. Cisco and/or its affiliates. All rights reserved. Cisco Public
Indications of Compromise (IoCs)
IPS Events
Malware Backdoors
Exploit Kits
Web App Attacks
CnC Connections
Admin Privilege Escalations
SI Events
Connections
to Known CnC IPs
Malware Events
Malware Detections
Office/PDF/Java Compromises
Malware Executions
Dropper Infections

14. Cisco and/or its affiliates. All rights reserved. Cisco Public
Gartner Leadership
Sourcefire has
been a leader in
the Gartner Magic
Quadrant for IPS
since 2006.
As of December 2013
Source: Gartner (December 2013)
Radware
StoneSoft (McAfee)
IBM
Cisco HP
McAfee
Sourcefire
(Cisco)
HuaweiEnterasys Networks
(Extreme Networks)
NSFOCUS
Information Technology
challengers
abilityto
execute
leaders
visionariesniche players
vision

15. Cisco and/or its affiliates. All rights reserved. Cisco Public
2012 NSS Labs SVM for IPS

16. Cisco and/or its affiliates. All rights reserved. Cisco Public
2013 NSS Labs SVM for IPS

17. Cisco and/or its affiliates. All rights reserved. Cisco Public
ASA with FirePOWER Services Available Now!!
Industry’s First Threat-Focused NGFW
#1 Cisco Security announcement of the year!
• Integrating defense layers helps organizations
get the best visibility
• Enable dynamic controls
to automatically adapt
• Protect against advanced threats
across the entire attack continuum
Proven Cisco ASA firewalling
Industry leading NGIPS and AMP
Cisco ASA with FirePOWER Services

18. Cisco Confidential 18© 2013-2014 Cisco and/or its affiliates. All rights reserved.
NSS Labs – Next-Generation Firewall Security Value Map
Source: NSS Labs 2014
The NGFW Security Value
Map shows the placement of
Cisco ASA with FirePOWER
Services and the
FirePOWER 8350 as
compared to other vendors.
All three products achieved
99.2 percent in security
effectiveness and now all
can be confident that they
will receive the best
protections possible
regardless of deployment.

19. Cisco and/or its affiliates. All rights reserved. Cisco Public
SecurityEffectiveness
TCO per Protected-Mbps
The Results
CiscoAMP is a Leader in Security Effectiveness and TCO and offers Best Protection Value
Cisco Advanced
Malware Protection
Best Protection Value
99.0% Breach
Detection Rating
Lowest TCO per
Protected-Mbps
NSS Labs Security Value Map (SVM) for Breach Detection Systems

20. Fire and ISE

21. Cisco Confidential 21© 2013-2014 Cisco and/or its affiliates. All rights reserved.
EPS REST API
Threat Detection
• IDS Sig
• Malware
• Traffic
• Application
• And Many More..
Automagical, Dynamic, Squirrely Threat/Malware/Attack Response/Defense
Quarantine Action
• VLAN Assignment
• dACLs
• SGT
• QoS TAG
ISE

22. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Network as a Sensor
© 2014 Lancope, Inc. All rights reserved.

23. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
© 2014 Lancope, Inc. All rights reserved.
Flow – The Network Phone Bill
Flow CacheDestination IP
Origin IP
Destination Port
Origin Port
L3 Protocol
DSCP
Flow Info Packet Bytes/Packet
Origin IP , Port,
Proto...
11000 1528
… … …
… … …
Monthly Statement
Bill At-A-Glance
Flow Record
Telephone Bill

24. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Internet
Atlant
a
San
Jose
New
York
Remote
Sites
WAN
Firewall
&
IPS
Datacenter
DMZ
User
Network
3G
Internet

25. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Internet
Atlant
a
San
Jose
New
York
NetFlo
w
Remote
Sites
NetFlo
w
NetFlow
WAN
NetFlow
Firewall
Datacenter
NetFlow
NetFlow
NetFlow
DMZ
NetFlo
w
NetFlo
w
User
Network
3G
Internet
NetFlo
w
NetFlo
w
NetFlo
w
NetFlow

26. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
© 2014 Lancope, Inc. All rights reserved.
How CTD Analyzes Devices
31

27. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
• Cisco Bulut ve mobilite gibi günlük hayatımızı oldukça değiştiren trendlern ışığında, gereken güvenlik
uzmanlığı ve eğitimi alanında aşağıdaki yenilikleri, uzmanların, mühendislerin ve operasyon ekiplerinin
eğitimi için yayınlamıştır:
• Yenilenen CCNP Güvenlik sertifikasyon programı
• Yeni Cisco Sibergüvenlik Uzmanlığı
• Daha önceki Cisco Güvenlik Uzmanlığı sertifikasyonunun sonlanması
• Yeni ve güncellenmiş ürün eğitimleri
• Yeniden dizayn edilen CCNP Security sertifikasyonu, bugün çok daha geniş bir bkış açısıyla, uçtan uça
mimari kurmaları gereken güvenlik uzmanlarını hedeflemektedir:
• 300-206 Implementing Cisco Edge Network Security Solutions (SENSS)
• 300-207 Implementing Cisco Threat Control Solutions (SITCS)
• 300-208 Implementing Cisco Secure Access Solutions (SISAS)
• 300-209 Implementing Cisco Secure Mobility Solutions (SIMOS)