Защита от современных и целенаправленных атак

  • Published on
    15-Jul-2015

  • View
    107

  • Download
    2

Embed Size (px)

Transcript

<ul><li><p> Cisco () , 2014 . . 1 </p><p> Cisco () , 2014 . . 1 </p><p> - 2 April 2015 </p></li><li><p> Cisco () , 2014 . . 2 </p><p> Cisco </p><p> , </p><p>ASA </p><p>ISR </p><p>IPS </p><p>ASA </p><p> ISE </p><p>Active Directory </p><p> ISR-G2 </p><p>CSM </p><p>ASA </p><p>ASAv ASAv ASAv ASAv </p><p> Talos </p><p> ASA, ( SDN) </p><p>CTD </p><p>IDS RA </p></li><li><p> Cisco () , 2014 . . 3 </p><p>5 </p><p> - </p></li><li><p> Cisco () , 2014 . . 4 </p><p> ? </p><p> IPS </p><p> / </p><p> NAC (/ ) </p><p> /IPS </p><p> SIEM </p><p> (BDS) </p></li><li><p> Cisco () , 2014 . . 5 </p><p> NGFW </p><p> , </p><p> , , </p></li><li><p> Cisco () , 2014 . . 6 </p><p>: 2012 Verizon Data Breach Investigations Report </p><p>10% </p><p>8% </p><p>0% </p><p>0% </p><p>75% </p><p>38% </p><p>0% </p><p>1% </p><p>12% </p><p>14% </p><p>2% </p><p>9% </p><p>2% </p><p>25% </p><p>13% </p><p>32% </p><p>0% </p><p>8% </p><p>29% </p><p>38% </p><p>1% </p><p>8% </p><p>54% </p><p>17% </p><p>1% </p><p>0% </p><p>2% </p><p>4% </p><p> % </p></li><li><p> Cisco () , 2014 . . 7 </p><p>- </p><p> -</p><p>- </p></li><li><p> Cisco () , 2014 . . 8 </p><p>AMP + FirePOWER AMP &gt; </p><p>Cisco: ! </p><p> Cognitive Security </p><p>2013 2015... 2014 </p><p> Sourcefire Security Advanced Malware Protection </p><p>(VRT) </p><p>( OpenAppID) </p><p>Malware Analysis &amp; Threat Intelligence</p><p> ThreatGRID </p><p> Cisco Talos Sourcefire VRT Cisco TRAC </p><p> Cisco SecApps </p><p>Cognitive + AMP </p><p> &gt; </p></li><li><p> Cisco () , 2014 . . 9 </p><p>100 0111100 011 1010011101 1000111010011101 10001110 10011 101 010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 </p><p>01000 01000111 0100 11101 1000111010011101 1000111010011101 1100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 </p><p> ? </p><p> ... </p><p> , . </p><p>01000 01000111 0100 1110101001 1101 111 0011 0 </p><p>100 0111100 011 1010011101 1 </p><p>01000 01000111 0100 111001 1001 11 111 0 </p></li><li><p> Cisco () , 2014 . . 10 </p><p> , </p><p>54% </p><p>60% </p><p> , </p><p>100% , </p></li><li><p> Cisco () , 2014 . . 11 </p></li><li><p> Cisco () , 2014 . . 12 </p><p> , Cisco ASA FirePOWER </p><p> Cisco ASA Sourcefire </p><p> Advanced Malware Protection (AMP) </p><p> (SI), (AVC) URL- </p><p> , </p><p> , </p></li><li><p> Cisco () , 2014 . . 13 </p><p> ASA </p><p> (Cisco AVC) </p><p> (NGIPS) FirePOWER </p><p> URL- </p><p> Advanced Malware Protection </p><p> SIEM </p><p>Cisco ASA </p><p>VPN </p><p> URL- </p><p>( ) FireSIGHT </p><p>Advanced Malware Protection </p><p>( ) </p><p> Cisco CSI </p><p> ( ) </p></li><li><p> Cisco () , 2014 . . 14 </p><p> ASA </p><p>(IPSec / SSL VPN) </p><p>IPv4/v6 </p><p> , , 3- </p><p> Cisco ASA 5500-X </p></li><li><p> Cisco () , 2014 . . 15 </p><p> FirePOWER Services? </p><p> , VLAN, IP, , , , , URL- </p><p>, , VPN, </p><p> URL- </p><p> IP- </p></li><li><p> Cisco () , 2014 . . 16 </p><p> FirePOWER IPS - </p><p> VoIP- </p></li><li><p> Cisco () , 2014 . . 17 </p><p> NGFW </p></li><li><p> Cisco () , 2014 . . 18 </p><p> , </p><p> FirePOWER for ASA </p></li><li><p> Cisco () , 2014 . . 19 </p><p>3D SENSOR </p><p>3D SENSOR </p><p>3D SENSOR </p><p>DEFENSE CENTER </p><p>3D SENSOR </p><p>P2P </p><p> , </p><p> . Skype. , IT HR . </p><p>IT &amp; HR </p></li><li><p> Cisco () , 2014 . . 20 </p><p> Skype </p></li><li><p> Cisco () , 2014 . . 21 </p><p>ASCII HEX PCAP- </p></li><li><p> Cisco () , 2014 . . 22 </p></li><li><p> Cisco () , 2014 . . 23 </p><p> NMAP / </p><p> Cisco (RTBH) </p><p> Cisco ASA </p><p> Email/SNMP/Syslog </p><p> , C/BASH/TCSH/PERL </p></li><li><p> Cisco () , 2014 . . 24 </p><p> URL </p><p> URL </p><p>URLs </p></li><li><p> Cisco () , 2014 . . 25 </p></li><li><p> Cisco () , 2014 . . 26 </p><p> , </p><p>Bad Guys </p></li><li><p> Cisco () , 2014 . . 27 </p><p> IP </p><p> Full : , , TZ, ASN, ISP, , .. (Google, Bing ) </p><p> &amp; </p></li><li><p> Cisco () , 2014 . . 28 </p><p> : </p></li><li><p> Cisco () , 2014 . . 29 </p><p> / </p><p> Web- </p><p> / </p><p> .. </p></li><li><p> Cisco () , 2014 . . 30 </p><p>3D SENSOR </p><p>3D SENSOR </p><p>3D SENSOR </p><p>DEFENSE CENTER </p><p>3D SENSOR </p><p> , </p><p>IT </p><p> LAN. ASA with FirePOWER IT. </p><p> / / </p></li><li><p> Cisco () , 2014 . . 31 </p><p>IP-, NetBIOS-, MAC- .. </p></li><li><p> Cisco () , 2014 . . 32 </p><p> 29+ </p><p>IP-, NetBIOS-, MAC- .. </p></li><li><p> Cisco () , 2014 . . 33 </p><p> DCE/RPC </p><p> DNS </p><p> FTP Telnet </p><p> HTTP </p><p> Sun RPC </p><p> SIP </p><p> GTP </p><p> IMAP </p><p> POP </p><p> SMTP </p><p> SSH </p><p> SSL </p><p> Modbus / DNP3 </p></li><li><p> Cisco () , 2014 . . 34 </p><p> / IP- ? ? </p></li><li><p> Cisco () , 2014 . . 35 </p><p>3D SENSOR </p><p>3D SENSOR </p><p>3D SENSOR </p><p>DEFENSE CENTER </p><p>3D SENSOR </p><p>LINUX SERVER </p><p>WINDOWS SERVER Linux </p><p> Windows </p><p>server </p><p> Windows- Windows Linux . . . </p></li><li><p> Cisco () , 2014 . . 36 </p><p>, </p><p>PDF . </p><p>PDF </p><p>. </p><p> A </p><p> B </p><p> C </p><p>3 </p><p>WWW WWW WWW </p><p>http:// http:// WWW </p><p> 1 </p><p> 2 </p><p> 3 </p><p>5 </p></li><li><p> Cisco () , 2014 . . 37 </p><p> .. </p></li><li><p> Cisco () , 2014 . . 38 </p><p> / (, ) </p></li><li><p> Cisco () , 2014 . . 39 </p></li><li><p> Cisco () , 2014 . . 40 </p><p> , , , , , , . </p><p> IPS </p></li><li><p> Cisco () , 2014 . . 41 </p><p>1 </p><p>2 </p><p>3 </p><p>4 </p><p> 0 </p><p> , </p><p> , </p><p> , </p><p> , </p><p> , </p><p> , </p><p> , </p><p> , </p><p>, </p></li><li><p> Cisco () , 2014 . . 42 </p></li><li><p> Cisco () , 2014 . . 43 </p><p> () </p><p> - </p><p> IP </p><p>, </p><p> Office/PDF/Java </p></li><li><p> Cisco () , 2014 . . 44 </p><p> , , , , , </p><p>Endpoint </p></li><li><p> Cisco () , 2014 . . 45 </p><p> AMP </p></li><li><p> Cisco () , 2014 . . 46 </p><p>Collective Security Intelligence Cloud </p><p>1 </p><p> . 2 </p><p>3 </p><p>, ; </p><p>4 </p><p>Cisco Collective Security Intelligence </p></li><li><p> Cisco () , 2014 . . 47 </p><p>Collective Security Intelligence Cloud </p><p> 1 </p><p> 2 </p><p>3 </p><p> 4 </p><p>5 </p><p>Cisco Collective Security Intelligence </p></li><li><p> Cisco () , 2014 . . 48 </p><p>Collective Security Intelligence Cloud </p><p> 1 </p><p> 2 </p><p>3 </p><p>4 , </p><p>5 </p><p>6 </p><p>Cisco Collective Security Intelligence </p></li><li><p> Cisco () , 2014 . . 49 </p><p>Collective Security Intelligence Cloud </p><p> , </p><p>1 </p><p> 2 </p><p> 3 </p><p> 4 </p><p>5 </p><p>Cisco Collective Security Intelligence </p></li><li><p> Cisco () , 2014 . . 50 </p><p> , </p><p>1 </p><p> , 2 </p><p>3 </p><p>Collective Security Intelligence Cloud </p><p>- </p><p>Cisco Collective Security Intelligence </p></li><li><p> Cisco () , 2014 . . 51 </p><p>1 </p><p> 3 </p><p>4 </p><p>2 - </p><p>Collective Security Intelligence Cloud </p><p>Cisco Collective Security Intelligence </p></li><li><p> Cisco () , 2014 . . 52 </p><p>Collective Security Intelligence Cloud </p><p> , IP- </p><p>2 </p><p> , IP- </p><p>3 </p><p>Collective Security Intelligence Cloud IP- </p><p>4 </p><p>- 5 </p><p>IP-: 64.233.160.0 </p><p> / </p><p>1 </p><p>Cisco Collective Security Intelligence </p></li><li><p> Cisco () , 2014 . . 53 </p><p>Cisco AMP </p><p> Cisco AMP </p></li><li><p> Cisco () , 2014 . . 54 </p><p>Cisco AMP </p><p>Cisco Collective Security Intelligence </p></li><li><p> Cisco () , 2014 . . 55 </p><p> Cisco Collective Security Intelligence </p><p>1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 </p><p>0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110 </p><p>WWW </p><p> . </p><p> IPS </p><p> / </p></li><li><p> Cisco () , 2014 . . 56 </p><p> Cisco Collective Security Intelligence </p><p>Collective Security Intelligence </p></li><li><p> Cisco () , 2014 . . 57 </p><p>Cisco AMP </p><p>Cisco Collective Security Intelligence </p></li><li><p> Cisco () , 2014 . . 58 </p><p>1 , </p><p>2 , , </p><p>3 </p><p>Cisco Collective Security Intelligence </p></li><li><p> Cisco () , 2014 . . 59 </p><p> ? </p><p> ? </p><p> ? </p><p> ? </p><p> ? </p><p> ? </p><p> ? </p></li><li><p> Cisco () , 2014 . . 60 </p><p> : </p><p> 1 </p><p> 2 </p><p> 3 </p><p> / </p><p> , </p><p> , , </p><p>Cisco Collective Security Intelligence </p></li><li><p> Cisco () , 2014 . . 61 </p><p> 1</p><p>2 3 IP- </p><p>4</p><p> Cisco AMP , , </p><p>Cisco Collective Security Intelligence </p></li><li><p> Cisco () , 2014 . . 62 </p><p> , </p><p>Bad Guys </p></li><li><p> Cisco () , 2014 . . 63 </p><p> , , , </p><p> 1 </p><p> 2 </p><p>3 </p><p> , , </p><p>4 </p><p>5 </p><p>Cisco Collective Security Intelligence </p><p>Collective Security Intelligence Cloud </p></li><li><p> Cisco () , 2014 . . 64 </p><p> 1 </p><p> , 2 , </p><p>3 </p><p> 4 </p><p> 1 2 3 </p><p>Cisco Collective Security Intelligence </p></li><li><p> Cisco () , 2014 . . 65 </p><p> , , </p><p>1 </p><p> - </p><p>2 </p><p> , , , , </p><p>3 </p><p>Cisco Collective Security Intelligence </p></li><li><p> Cisco () , 2014 . . 66 </p><p> Bad Guys </p></li><li><p> Cisco () , 2014 . . 67 </p><p> Bad Guys </p></li><li><p> Cisco () , 2014 . . 68 </p><p> Cisco AMP: </p></li><li><p> Cisco () , 2014 . . 69 </p></li><li><p> Cisco () , 2014 . . 70 </p><p> IP-: 10.4.10.183. Firefox </p></li><li><p> Cisco () , 2014 . . 71 </p><p> 10:57 IP- 10.4.10.183 IP- 10.5.11.8 </p></li><li><p> Cisco () , 2014 . . 72 </p><p> - (10.3.4.51) </p></li><li><p> Cisco () , 2014 . . 73 </p><p> (10.5.60.66) </p></li><li><p> Cisco () , 2014 . . 74 </p><p> Cisco Collective Security Intelligence Cloud , . </p></li><li><p> Cisco () , 2014 . . 75 </p><p> FireAMP </p></li><li><p> Cisco () , 2014 . . 76 </p><p> 8 , </p></li><li><p> Cisco () , 2014 . . 77 </p><p> Bad Guys </p></li><li><p> Cisco () , 2014 . . 78 </p><p> , </p><p> URL </p></li><li><p> Cisco () , 2014 . . 79 </p></li><li><p> Cisco () , 2014 . . 80 </p></li><li><p> Cisco () , 2014 . . 81 </p></li><li><p> Cisco () , 2014 . . 82 </p><p> .. </p></li><li><p> Cisco () , 2014 . . 83 </p></li><li><p> Cisco () , 2014 . . 84 </p><p> / </p></li><li><p> Cisco () , 2014 . . 85 </p></li><li><p> Cisco () , 2014 . . 86 </p><p>ASA with FirePOWER </p><p>/VPN NGIPS </p><p> Web </p><p>Advanced Malware Protection </p><p>IoCs/ </p></li><li><p> Cisco () , 2014 . . 87 </p><p> ? </p><p> ? </p><p> ? </p><p> ? </p><p> ? </p><p> ? </p><p> ( ) </p><p> , , , </p></li><li><p> Cisco () , 2014 . . 88 </p><p> , ASA with FirePOWER </p><p>1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 </p><p>0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110 </p><p>WWW </p><p> . </p><p> IPS </p><p> / </p></li><li><p> Cisco () , 2014 . . 89 </p><p>1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 </p><p>0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110 </p><p>WWW </p><p> . </p><p> IPS </p><p> / </p><p>11000 0111 0001110 1001 1101 1110011 0110011 101000 0110 00 </p><p> 0010 010 10010111001 10 100111 </p><p> , </p><p> - </p></li><li><p> Cisco () , 2014 . . 90 </p><p> , </p></li><li><p> Cisco () , 2014 . . 91 </p><p>Collective Security Intelligence (Talos) </p><p> (, , ) </p><p>Classic Stateful Firewall Gen1 IPS </p><p>Application Visibility WebURL Controls </p><p>AV and Basic Protections </p><p>NGIPS </p><p>*Anti-Malware (AMP) </p><p>(SIEM) </p><p> Anti-Malware (AMP) </p><p>User Identity </p><p> NGFW </p><p>Open APP-ID SNORT Open IPS Host Trajectory </p><p>NG Sandbox for Evasive Malware / </p><p>* </p><p>Sandboxing </p><p> Stateful Firewall </p><p> - Malware File Trajectory </p><p>Threat Hunting </p><p>Dynamic Outbreak Controls URL IP </p><p>1 </p><p>2 </p><p>ASA with FirePOWER - NGFW Cisco Cisco </p><p> n </p></li><li><p> Cisco () , 2014 . . 92 </p><p> Cisco ASA FirePOWER </p><p> Cisco ASA FirePOWER </p><p> , </p><p> , , </p><p> 1 </p><p> / URL- </p><p> VPN </p><p> , , </p><p>2 </p><p>1- 1- . 2 - </p></li><li><p> Cisco () , 2014 . . 93 </p><p> Cisco ASA with FirePOWER </p><p>FirePOWER Services for 5585-X () FirePOWER Services for 5500-X () </p><p>ASA 5512-X, 5515-X, 5525-X, 5545-X, 5555-X ASA 5585-X </p></li><li><p> Cisco () , 2014 . . 94 </p><p>- </p><p>FirePOWER 7100 500 / 1 / </p><p>FirePOWER 7120/7125/8120 </p><p>1 - 2 / </p><p>FirePOWER 8100/8200 </p><p>2 - 10 / </p><p>FirePOWER 8200 8300 </p><p>10 120 / </p><p>FirePOWER 7000 Series 50 250 / </p><p>+ </p><p> Cisco FirePOWER </p></li><li><p> Cisco () , 2014 . . 95 </p><p> AMP for Network </p></li><li><p> Cisco () , 2014 . . 96 </p><p> SNORT / (PCI) </p><p> 25 </p><p>. ESX(i) 4.x and 5.x Sourcefire 5.x. RHEV 3.0 and Xen 3.3.2/3.4.2 Sourcefire 4.x. </p><p>DC </p></li><li><p> Cisco () , 2014 . . 97 </p><p> Cisco ASA 5506-X </p><p> - 500 / NGIPS AVC 85 / NGIPS + AVC + AMP 40 / </p><p> 8 GE ports ASA with </p><p>FirePOWER Services </p><p> 5506W-X 5506H-X ( ..) </p><p> ASDM 7.3 </p></li><li><p> Cisco () , 2014 . . 98 </p><p> 5505 FirePOWER Services </p><p>Desktop Form Factor </p><p>5506-X </p><p>Q3FY15 </p><p>5506W-X Wireless </p><p>Q3FY15 </p><p> Wi-Fi </p><p>Integrated Wireless AP </p><p>5508-X </p><p>Q3FY15 </p><p> 5506 </p><p>1 RU Rack-Mount </p><p>5516-X </p><p>Q3FY15 </p><p>1 RU Rack-Mount </p><p>SSD </p><p> ? </p></li><li><p> Cisco () , 2014 . . 99 </p><p> 5 1 3 ( ) </p><p> ( ) </p><p> AVC (NGFW) FirePOWER Services </p><p> AVC SMARTnet IPS </p><p>URL </p><p>URL </p><p>IPS </p><p>TAMC TAC TA </p><p>URL </p><p>URL </p><p>AMP </p><p>IPS </p><p>TAM </p><p>AMP </p><p>IPS </p></li><li><p> Cisco () , 2014 . . 100 </p><p> ASA FirePOWER Services NetOPS Workflows - CSM 4.6/7 ASDM-ASA-On-Box 1 </p><p>SecOPS Workflows - FireSIGHT Management Center 2 </p><p> NGFW/NGIPS </p><p>Forensics / </p><p>Network AMP / Trajectory </p><p> (SIEM) </p><p> Web- Command &amp; Control Servers &amp; VoIP- </p><p>FireAMP Connector (Managed by FMC) </p></li><li><p> Cisco () , 2014 . . 101 </p><p> : ASDM 7.3.x </p><p> ! . , </p></li><li><p> Cisco () , 2014 . . 102 </p><p>Cisco ASA FirePOWER , </p><p> , </p></li><li><p> Cisco () , 2014 . . 103 </p></li></ul>

Recommended

View more >