Intrusion Prevention System Modules for Integrated Services Routers Cisco IPS AIM and IPS NME Overview for Business Decision Marker Tina Lam, Product Manager, Cisco Systems C97-494048-00 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1 Organizational Impacts of Security Threats Security Threats Distributed Denial of Service Disruption impacts productivity Virus out-break CIO Problem Random or direct theft Loss Impacts value Break-in, espionage CFO Problem Web-site defacement Customer information leak C97-494048-00 Who Sees the Pain © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Loss damages customer, shareholder h h ld confidence, fid company reputation CEO Problem 2 Reducing the Grey: U Uncertainty t i t Equals E l Ri Risk k and dC Costt GOOD: Allow RELEVANT: Pass and Log NAC Traffic Shaping IPS Monitoring g and Correlation SUSPICIOUS: Pass and Alarm BAD: Block Inefficient; Highly Manual C97-494048-00 © 2008 Cisco Systems, Inc. All rights reserved. IPS, Anti-X, DDoS, Firewall SelfD f di Defending Network Cisco Confidential GOOD: Allow Relevant: Pass and Log Suspicious: Pass and Alarm BAD: Block Efficient Operations; Effective Security 3 Cisco Intrusion Prevention Strategy C Comprehensive h i Th Threatt P Protection t ti ffor the th SDN Cisco ASA 5500 Adaptive Security Appliance Cisco Security Cisco Integrated Agent Services Routers Internet Endpoint Protection Branch Protection Cisco IPS 4200 Series Catalyst® Cisco Services Modules Cisco Security MARS Cisco Security Manager Intranet Perimeter Protection Data Center Protection Server Protection Monitoring and Correlation Solution Management Integrated Adaptive Collaborative Location ocat o Matters atte s Focused ocused Protection otect o Better ette Together oget e The most diverse line of IPS sensors: the right tool for the right job, anywhere in the network IPS integrated into the fabric of the network B Built ilt on Cisco Ci security it and d network intelligence C97-494048-00 © 2008 Cisco Systems, Inc. All rights reserved. Modular inspection engines: respond rapidly with minimal downtime On-box and network-wide correlation to provide greater accuracy and confidence Behavioral anomaly detection: protect against zero-day attacks Endpoint and network sensors sharing live network information D Dynamic i risk-based i kb d threat th t rating: adapt threats policy in real time R Reduced d d operational ti l costs t with a common, solutionbased management interface Cisco Confidential 4 Intrusion Prevention System (IPS) Ad Advanced d IIntegration t ti M Module d l and dN Network t kM Module d l ® ISR Incorporates Network Admission Accelerated Threat Control for Cisco NEW NME-IPS-K9 Cisco 2811, 2821, 2851, 3800 (NAC) appliance Enables inline Control and promiscuous Intrusion server Enforces security policies, Prevention (IPS) S (CIPS Scans ffor latest l 6.1) t t and anti-virus ti enables i software ft Runs same software Prevents access and same features as Cisco IPSunauthorized 4200 spread of viruses on the network Performance improvement p by y hardware S Supports t wired, i d wireless i l and d guestt NAC acceleration; dedicated CPU and DRAM into Cisco ISRs to offload host Integrated CPU AIM IPS K9 AIM-IPS-K9 Cisco 1841, 2800, 3800 Cisco IOS® Advanced Security or Above AIM—12.4(15)XY, 12.4(20)T NME—12.4(20)YA AIM-IPS NME-IPS C97-494048-00 © 2008 Cisco Systems, Inc. All rights reserved. AIM—Up to 45 Mbps Provides size and scale ideal for remote offices (<100 users) NME—Up to 75 Mbps Works with NAC appliances at Device management through Cisco IPS headquarters in a network system Device Manager g ((IDM), ), Cisco Configuration g Benefits of router integration Professional (CCP); network-wide management Systems Integration through Cisco Security Manager (CSM) pp by y IPS Lower Manager gOperating Express p Costs ((IME)) and Supported CS-MARS on event monitoring and correlation Cisco Confidential 5 Cisco IPS Product Portfolio IPS 4200 Series Dedicated appliances for high performance, data center, and focused function environments IPS 4255 IPS 4270 IPS 4240 IPS 4260 Cisco Catalyst 6500 Series Switch Integrated Service Modules for data center and switch integration IDSM2 Cisco Catalyst 6500 IDSM2 Bundle ASA 5500 Series Firewall-integrated for comprehensive security and Unified Threat Management ASA5540-AIP40 ASA5510-AIP10 ASA5520-AIP20 ISR Series Routers Remote Office/ Off / Branch services for scalable remote office protection Cisco IOS IPS IPS AIM and IPS NME Performance C97-494048-00 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6 Branch Needs for Self Self-Defending Defending Network Trends Security PCI Compliance (Retail); HIPAA (Healthcare); SarbanesOxley/GLBA (Finance) Moves protection to the edge before threats enter corporate or SP network tunnels, contaminated laptops Prone to attacks from split tunnels and rogue APs Protect Servers at Branch Threat Helps to manage unmanaged devices Servers 192.168.3.14-16/24 Protect WAN Link and Upstream Corporate Resources Employees 192.168.1.x/24 Threat Internet ISR with IPS AIM or IPS NME IPSec Tunnel Corporate Office Threat Wireless Guests 192.168.2.x/24 C97-494048-00 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7 Benefits of Integrated IPS on ISR 42xx IPS Sensor SMB Network Corporate Office MSSP CE Router AIM IPS CS-MARS Internet/ SP Network ISR Cisco Security Manager NME IPS AIM IPS Small Branch Large Branch Full feature, high performance threat protection in the Branch or SMB network Requires no additional footprint, cabling, and power requirements Systems integration with data, data security and voice features on ISR Supports any routed WAN link—transport agnostic: T1/E1, T3/E3, Ethernet, xDSL, MPLS, 3G WWAN P Provides id d defense-in-depth f i d th tto th the perimeter i t off the th network: t k ICSA-certified ICSA tifi d Cisco Ci IOS Firewall, IPSec and SSL VPN, NAC, URL Filtering C97-494048-00 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8 Securing Cisco Unified Communication Manager and Phones with Cisco IPS In-line inspection of voice and video traffic Protect infrastructure that voice runs on: Protect Call Management infrastructure from attack Real-time anomaly detection for day-zero threats Drop calls that are coming from IP addresses identified on the Cisco Security Agent “watch list” Complements firewall application inspection technology Cisco IPS’ Risk-Based Policy enables easy management of IPS by non-experts Protection against: Firewall C97-494048-00 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential IPS Legitimate Traffic Application misuse DoS/hacking Known attacks Zero-day attacks Viruses/worms, spyware infecting traffic 9 Cisco High-Performance IPS Applications: Wireless Intrusion Prevention Protect the enterprise from wireless users High-performance IPS helps protect at WLAN speeds for guest users’ and employees’ infected computers Cisco High-Performance IPS Selectively block malicious traffic Cisco IPS inspection p services help p enable accurate protection from wireless traffic Ci Cisco WLAN C Controller t ll Remove repeat offenders from the network Cisco IPS and Cisco WLAN Controllers work collaboratively to detect attackers from Layer 2 to Layer 7, 7 and remove repeat offenders from the network C97-494048-00 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cisco Access Point 10 Cisco IPS Manager Express (IME) NEW All-in-One IPS Management Application for up to Five IPS SensorsAt-A-Glance At A Glance Dashboard Startup Wizard: At-a-Glance Dashboard C97-494048-00 Get up and running in just minutes Dashboard: Put needed information at your fingertips Configuration: Save time with intuitive interface Reporting: Create and share security and compliance reports Monitoring: See what’s happening with real time and historical real-time security events © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11 Cisco Security Manager I t Integrated t d Security S it Configuration C fi ti Management M t Firewall Management Support for PIX®, ASA, FWSM, and Cisco IOS Routers Rich FW rule definition: shared objects, rule grouping, and inheritance Powerful analysis tools: conflict detection rule detection, combiner, hit counts, … C97-494048-00 VPN Management IPS Management Support for PIX, ASA, VPNSM, VPN SPA, and Cisco IOS Routers Support for IPS Sensors, modules and Cisco IOS IPS Support for wide array of VPN technologies such as DMVPN, Easy VPN, and SSL VPN VPN Wizard for Three-Step Three Step Point-and-Click VPN Creation © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Automatic policypolicy based IPS Sensor software and signature updates Signature Update Wizard allowing easy review/editing prior to deployment Reduce OpEx Unified security management for Cisco devices supporting FW, VPN, and IPS Efficiently manage up to 5000 devices per server Multiple views for task optimization D i Vi Device View Policy View Topology View 12 Cisco Services for IPS R id Si Rapid Signature t U Updates d t ffor E Emerging i Th Threats t Vulnerabilities and Threats Cisco IPS Signature R&D Team Updated Signature Package Follow-the-Sun Research: Extensive around-the-clock research capability gathers, identifies and classifies vulnerabilities and threats p Response: p Rapid Signatures are created to mitigate the vulnerabilities within hours of classification Human Intelligence: Applied Intelligence Reports provide id iinsight i ht and d guidance id on using IPS technology to protect yourself C97-494048-00 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13 Cisco Security IntelliShield Alert Manager Service Now Includes IPS Signature-to-Threat Correlation Complete vulnerability and threat information in a single database Notification of only those vulnerabilities relevant to a p pre-defined infrastructure Actionable alerts in a standardized format based on user-customized profiles Each vulnerability or threat is analyzed and validated by security analysts Vulnerability and threat information is vendor-neutral vendor neutral and objectively graded Comprehensive library of over 10,000 threats and vulnerabilities B Built-in ilt i workflow kfl allows ll easy managementt of tasks and remediation efforts C97-494048-00 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14 Cisco License Manager Automates license management for IPS AIM AIM, IPS NME and more Increased productivity Rapidly roll out new services—500 licenses deployed in two minutes Scales to 30,000 devices Enhanced Security and Virtualization Role-Based Access Control via user roles Access Control Lists limit access to PAKs and Devices Reduced complexity Automated licensing workflows License reports aid in audit compliance Investment protection Full-functionality Java and Perl Software Development Kits (SDK) to integrate with existing applications Faster failure recovery Restore device licenses from database backup Resend all licenses from Cisco.com and deploy them quickly C97-494048-00 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15 C97-494048-00 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
© Copyright 2024 Paperzz