Академический Документы
Профессиональный Документы
Культура Документы
How
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Mark Cairns
Consulting Systems Engineer, GSSO, supporting US Commercial
• Based in Richmond, VA and cover accounts in Virginia and Washington DC
• 19 years experience with Cisco Security Solutions
• You can reach me at marcairn@cisco.com and @12LISN2
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Session Information
Cisco Firewall Basics
• This is an introductory 1000 level session
• It is not meant for professionals with deep knowledge of firewalls and Cisco ASA
• This session is not for you if you want to deep dive into configurations for specific
features / functionality
• References may be made to advanced functionality for context but we will stay at a fairly
high level
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Follow up Sessions
Deeper dives on specific content
Session ID Session Description Time
BRKSEC-2058 A Deep Dive into using the Firepower Manager Wed 4:00-5:30
BRKSEC-2050 ASA Firepower NGFW typical deployment scenarios Monday 1:30-3:30, Tuesday 1:30-3:30
BRKSEC-2033 Best Security and deployment strategies SMB NGFW Tuesday 8:00-10:00
BRKSEC-2055 Cloud-Managed Security for Distributed Networks with Cisco Meraki MX Wednesday 4-5:30
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Follow up Sessions
Deeper dives on specific content
Session ID Session Description Time
LTRSEC-1000 Firepower Threat Defense Deployment Hands-on Lab Wed 8:00-12:00, Thursday 8:00-12:00
BRKSEC-2020 NGFW Deployment in the Data Center and Network Edge Using Tuesday 8:00-10:00, Wed 1:30-3:30
Firepower Threat Defense
BRKSEC-2064 NGFW and ASAv in Public Cloud (AWS and Azure) Thursday 1:00-2:30
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Agenda
• Introduction
• Firewalls in General
• Use Cases - Why
• Firewall Options - What
• Introduction to Firepower
• Advanced Use Case Examples
• Q&A – Feel free to ask questions
Firewalls in General
Securing/Hardening for What Purpose or Need?
Subversion Disruption
Bots, Viruses, and Worms Denial of service attacks
Spyware and Adware Advanced Persistent
Threats (APTs)
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Firewalls
What are they?
• Primary filtering appliances/VMs that work at both the network and application layers
• Provide a platform for the features/functionality needed for network security
• VPNs (remote-access and site to site)
• NGIPS
• Anti-Malware Protection
• Next-generation security should not abandon proven stateful inspection capabilities in
favor of application and user ID awareness by itself
• Comprehensive network security solution needs include firewalls, next-generation firewalls
(application inspection and filtering) and next generation intrusion prevention systems
(context aware)
• The firewall often is the conduit from which other defense components combat the threats
that face the network
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Filtering on a Tuple? Packet
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Filtering – IP Protocols Packet
• ICMP (1)
• TCP (6)
• UDP (17)
• GRE (47)
• ESP (50)
• AH (51)
• EIGRP (88)
• OSPF (89)
http://www.iana.org/assignments/protocol-
numbers/protocol-numbers.xhtml
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Stateful Inspection Src IP – 2.2.2.2
Dest IP – 1.1.1.1
Src Port – TCP/80
• Most routers and switches can filter Dest Port – TCP/35478
based on the five tuple…why a firewall Packet
then?
• Stateful firewalls track L3/L4 traffic as it
leaves and returns to the network
• Connections are maintained in the
connection table tracking five tuple and
additional information such as sequence
Packet
TCP outside:2.2.2.2/80 (2.2.2.2/80) inside:1.1.1.1/35478 (1.1.1.1/35478), Src IP – 1.1.1.1
flags UIO, idle 4m39s, uptime 6m16s, timeout 1h0m, bytes 3002 Dest IP – 2.2.2.2
Src Port – TCP/35478
*Best Practice – Limit outbound Dest Port – TCP/80
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Network Address Translation Src IP – 3.3.3.3
Dest IP – 2.2.2.2
Src Port – TCP/35478
• Network address translation (NAT) is the Dest Port – TCP/80
mapping of IP addresses from a private
network to a public network
• NAT gives network administrators and
security administrators:
• Access to non-publically routable IPv4
space
• Cost savings because addresses are not
cheap Packet
• Allows for masquerading of internal network Src IP – 10.1.1.1
addresses Dest IP – 2.2.2.2
Src Port – TCP/35478
• IPv4 Address space is exhausted Dest Port – TCP/80
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Use Cases
Use Case #1
• Hospitality, Retail or other similar distributed deployment
• Remote sites 100+
• Direct Internet Access (DIA) at remote sites
• Company has a “Cloud First” mandate
• 4 Network / Security Engineers (“jack of all trades, master of none”)
• Basic security needs for URL filtering, DNS security, IPS
• Need VPN connectivity to HQ
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Cloud Networking Group
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Meraki MX Options
Reference
Small Mid-
branch sized
branch
MX64(W) MX65(W) MX84 MX100
~50 users ~50 users ~200 users ~500 users
802.11ac wireless 802.11ac wireless & PoE+ Dedicated WAN uplinks Gigabit uplinks
FW throughput: 250 Mbps FW throughput: 250 Mbps FW throughput: 500 Mbps FW throughput: 750 Mbps
Large Teleworker
branch
or campus
MX400 MX600 Z1
~2,000 users ~10,000 users 1-5 users
Modular interface Modular interface Dual-radio wireless
FW throughput: 1 Gbps FW throughput: 1 Gbps FW throughput: 50 Mbps All devices support 3G/4G
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Meraki MX Security
Next Generation Firewall Application aware firewalling
Intrusion Prevention
Based on Cisco Snort
(IPS)
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Meraki MX Basics
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Meraki MX Basics continued
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Meraki MX Basics continued
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Meraki Threat and Filtering
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Meraki Threat and Filtering continued
Cisco Umbrella
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Use Case #2
• Regional Services Company
• 8 sites on MPLS with ISR routers deployed
• Broadband Internet being added for DMVPN backup/redundancy (IWAN)
• Simple filter to protect the new Internet link
• HQ has a proxy for Internet
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Securing the WAN
• Typical MPLS WAN
• Does not ensure privacy
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Internet based WAN
• Lower cost alternative to MPLS
• Dictates VPN for routing and privacy
• Balance complexity with features
and functionality
• Typically no need for inbound
access directly from Internet
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Zone Based Firewall
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Note: For simple inside to outside
Zone Based Firewall configuration, remove all reference to
DMZ interface. This DMZ configuration
Support for: assumes a second security device to filter
• ISR, ASR, CSR traffic or terminate VPN.
• NAT DMZ
All Traffic
• WAAS Permit
• VRFs G0/1.103
• Redundancy
• VTIs for VPNs G0/1.101 G0/0
• Deep Packet
Inspection Trusted Internet
TCP/UDP/ICMP
Response OK
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Note: For simple inside to outside
Configuring ZBF configuration, remove all reference to
DMZ interface. This DMZ configuration
zone security Internet
zone security Trusted Create Zones assumes a second security device to filter
zone security DMZ traffic or terminate VPN.
interface LISP0
zone-member security DMZ
!
interface GigabitEthernet0/0
description Public Outside
zone-member security Internet
! Assign interfaces to security
interface GigabitEthernet0/1.101 zones
description Inside
zone-member security Trusted
!
interface GigabitEthernet0/1.103
description Public DMZ
zone-member security DMZ
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Note: For simple inside to outside
Configuring ZBF configuration, remove all reference to
class-map type inspect match-any All_Protocols
DMZ interface. This DMZ configuration
description - Match all outgoing protocols assumes a second security device to filter
match protocol tcp traffic or terminate VPN.
match protocol udp Create Inspection Class
match protocol icmp
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Use Case #2 (Variant)
• Regional Services Company
• 8 sites on MPLS with ISR routers deployed
• Broadband Internet being added for DMVPN backup and DIA
• Simple Complete filter to protect the new Internet link
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Internet based WAN
• Lower cost alternative to MPLS
• Dictates VPN for routing and privacy
• Balance complexity with features
and functionality
• Typically no need for inbound
access directly from Internet
• Direct Internet Access (DIA) adds
security risk
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Use Case #3
• Data Center upgrade
• Adding security to new design
• No L3 hop for security to reduce convergence time
• N+1 redundancy
• Multi 10 Gbps throughput
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Data Center
A/S or Clustering for Performance and Scale
Firepower 9300 with SM-24, SM-36 or Firepower 4110, 4120, 4140 or 4150
SM-44
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Firepower 2100 Series
Firepower
FPR 2120 16x 1G Port 2100 Higher Port Density in 1 Rack Unit
Firepower
FPR 2110 16x 1G Port 2100 10 Gbps Support (2130 and 2140)
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Data Center
Clustering for Performance and Scale
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Data Center
ACI Deployments
APIC
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Use Case #4
• Cloud expansion / Cloud First
• AWS and/or Azure
• Need to replicate security / inspection policy for cloud traffic
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Cisco ASAv and Threat Defense Virtual
Cisco® ASA 9 Feature Set / Threat Defense 6
ASA
10 vNIC interfaces and VLAN tagging
Virtualization displaces multiple-context and clustering
Parity with all other Cisco ASA platform features
Cisco SDN (Cisco APIC) and traditional (Cisco ASDM and CSM)
ASAv management tools
Cisco®
100 Mbps
ASAv5
Cisco® 1 Gbps
ASAv10
Cisco® 2 Gbps
ASAv30
* Lab Edition license is built in with 100-Kbps throughput and 100 total
connections allowed
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Cisco ASAv Platforms
Cisco®
10 Gbps
ASAv50
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
ASAv and/or NGFW
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Meraki Virtual MX for AWS (vMX100)
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Use Case #5
• Typical Internet Edge designs
• Outbound Internet (Web, Email, FTP, etc)
• Inbound traffic to DMZ and/or eCommerce
• VPN for Remote Access, L2L, business partners
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Edge With DMZ
• Similar to a basic edge design with
the addition of inbound traffic
• Traffic inbound from the DMZ to the
trusted network may or may not
pass the firewall.
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Edge With DMZ - VPN
• Multiple path options for VPN with
trusted and untrusted packets.
• VPN Concentrator may be
connected outside the firewall
• Trusted traffic path usually depends
on source. Employee or Vendor,
B2B, etc.
*Best Practices – Remember that controlling
access from a VPN to an internal resource is
not a dead end! Jump box scenario.
Hide your firewall with private IP space on
the outside.
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Tiered DMZs
• Typically seen in multi-tiered
hosting for e-commerce
• Forces all traffic between tiers
to pass firewall rules
• Can help mitigate risk and
contain exploits and/or
breaches within a DMZ
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Bridge across your DMZs
• Sometimes referred to as clean and
dirty DMZs
• VPN, Video, etc.
• Avoids hair-pinning
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Split Firewalls
• Layer 3 hop between firewalls
• Avoids hair-pinning within a firewall
• Simplifies policy
• May still have an optional trusted
connection
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Quick Hardware Snapshot
Portfolio
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Latest Additions to the 5500 Portfolio
Reference
5506X with Firepower Services
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
Latest Additions to the 5500 Portfolio
Reference
5508X with FirePOWER Services
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Latest Additions to the 5500 Portfolio
Reference
5516X with FirePOWER Services
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Over, Through or Around The Wall
Things Change
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
If you knew you were going to be
compromised, would you do
security differently?
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
The package
Tracking history
Chicken Pox Virus
Sender Receiver
Reputation? Content
(deep packet inspection) Vaccine
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
The Threat-Centric Firewall
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Indications of Compromise (IoCs)
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Application Visibility and Control
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
IPS with Snort
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Host Profiles
• What OS?
• What Services?
• What Applications?
• What Vulnerabilities?
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Impact Assessment
Administrator
Impact Flag Why
Action
Event corresponds
Act immediately,
1 vulnerable
to vulnerability
mapped to host
Good to know,
0 unknown network
Unmonitored network
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Advanced Malware Analysis
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Network File Trajectory – Where Has It Been Seen?
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
SSL Inspection issues? - AMP for Endpoints
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Firepower NGFW
Introducing Cisco Firepower NGFW
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Firepower 6.x on ASA – Upgrade vs Re-Image
Choose Firepower Services or Firepower Threat Defense
Firepower Software on ASA Platforms
Firepower
Services 5.4
ASA 9.5.x
Upgrade Re-Image
Firepower
ASAv
NGIPSv 5.4
Firepower
Firepower
Threat Defense ASAv
NGIPSv 6.0
Virtual 6.0
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
FXOS
Chassis Operating System
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
FXOS
Chassis Operating System - Continued
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
FXOS
Chassis Operating System - Continued
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Advanced Use Cases
ASA Policy Enforcement with MDM
ASA
3
WLC
Policy on ASA by
Security Group Web
Server
9
7 2
AP Security Group
Query
SXP
5 8 Leverage security groups
to authorize endpoints
based on MDM
compliance.
Create Security
4 1 Groups on ISE
1 Compliant
6
2 Non-Compliant ISE MDM
Compliance check
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
TrustSec Demo
TrustSec (WLC, ISE, ASA, Firepower)
Reference
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
TrustSec (WLC, ISE, ASA, Firepower)
Reference
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
TrustSec (WLC, ISE, ASA, Firepower)
Reference
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
TrustSec (WLC, ISE, ASA, Firepower)
Reference
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
TrustSec (WLC, ISE, ASA, Firepower)
Reference
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
TrustSec (WLC, ISE, ASA, Firepower)
Reference
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
TrustSec (WLC, ISE, ASA, Firepower)
Reference
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
TrustSec (WLC, ISE, ASA, Firepower)
Reference
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
TrustSec (WLC, ISE, ASA, Firepower)
Reference
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
TrustSec (WLC, ISE, ASA, Firepower)
Reference
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
TrustSec (WLC, ISE, ASA, Firepower)
Reference
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
TrustSec (WLC, ISE, ASA, Firepower)
Reference
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
TrustSec (WLC, ISE, ASA, Firepower)
Reference
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
TrustSec (WLC, ISE, ASA, Firepower)
Reference
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
TrustSec (WLC, ISE, ASA, Firepower)
Reference
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
TrustSec (WLC, ISE, ASA, Firepower)
Reference
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
TrustSec (WLC, ISE, ASA, Firepower)
Reference
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 98
TrustSec (WLC, ISE, ASA, Firepower)
Reference
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 99
TrustSec (WLC, ISE, ASA, Firepower)
Reference
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
TrustSec (WLC, ISE, ASA, Firepower)
Reference
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
Correlation
Custom Security Intelligence
• Correlate an action(s) with a remediation (in this case, create a custom security
intelligence block list)
• In this example we are looking for blocking events based on geolocation and
dropping the source IP into the custom security intelligence list.
• Monitor the events in Firepower Manager for a match against a rule.
• The remediation runs a perl script on the Firepower Manager, which leverages
the remediation framework to parse event information.
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 103
Custom Security Intelligence
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 104
Custom Security Intelligence
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
Custom Security Intelligence
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
Custom Security Intelligence
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
Custom Security Intelligence
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 108
Custom Security Intelligence
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 109
Custom Security Intelligence
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 110
Custom Security Intelligence
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 111
Custom Security Intelligence
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 112
Custom Security Intelligence
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 113
Custom Security Intelligence
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 114
Reference Material
Support Tools
http://www.cisco.com/c/en/us/support/web/tools-catalog.html
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 116
Security Threats and Notifications
http://www.cisco.com/security
Current News
Proactive Notifications
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 117
www.talosintel.com
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 118
SAFE Architecture
www.cisco.com/go/safe
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 119
Complete Your Online
Session Evaluation
• Give us your feedback to be
entered into a Daily Survey
Drawing. A daily winner will
receive a $750 gift card.
• Complete your session surveys
through the Cisco Live mobile
app or on www.CiscoLive.com/us.
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Lunch & Learn
• Meet the Engineer 1:1 meetings
• Related sessions
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 121
Thank you
Cybersecurity Cisco Education Offerings
Course Description Cisco Certification
Understanding Cisco Cybersecurity The SECFND course provides understanding of CCNA® Cyber Ops
Fundamentals (SFUND) cybersecurity’s basic principles, foundational knowledge, and
core skills needed to build a foundation for understanding
more advanced cybersecurity material & skills.
Implementing Cisco Cybersecurity This course prepares candidates to begin a career within a CCNA® Cyber Ops
Operations (SECOPS) Security Operations Center (SOC), working with
Cybersecurity Analysts at the associate level.
Securing Cisco Networks with Threat Designed for security analysts who work in a Security Cisco Cybersecurity
Detection and Analysis (SCYBER) Operations Center, the course covers essential areas of Specialist
security operations competency, including SIEM, Event
monitoring, security event/alarm/traffic analysis (detection),
and incident response
Cisco Security Product Training Courses Official deep-dive, hands-on product training on Cisco’s
latest security products, including NGFW, ASA, NGIPS,
AMP, Identity Services Engine, Email and Web Security
Appliances, and more.
For more details, please visit: www.cisco.com/go/securitytraining or http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 124
Cybersecurity Cisco Education Offerings
Course Description Cisco Certification
New! CCIE Security 5.0 CCIE® Security
Implementing Cisco Edge Network Security Configure Cisco perimeter edge security solutions utilizing Cisco CCNP® Security
Solutions (SENSS) Switches, Cisco Routers, and Cisco Adaptive Security Appliance
(ASA) Firewalls
Implementing Cisco Threat Control
Solutions (SITCS) v1.5 Implement Cisco’s Next Generation Firewall (NGFW), FirePOWER
NGIPS (Next Generation IPS), Cisco AMP (Advanced Malware
Protection), as well as Web Security, Email Security and Cloud
Implementing Cisco Secure Access Web Security
Solutions (SISAS)
Deploy Cisco’s Identity Services Engine and 802.1X secure
Implementing Cisco Secure Mobility network access
Solutions (SIMOS)
Protect data traversing a public or shared infrastructure such as the
Internet by implementing and maintaining Cisco VPN solutions
Implementing Cisco Network Security Focuses on the design, implementation, and monitoring of a CCNA® Security
(IINS 3.0) comprehensive security policy, using Cisco IOS security features
BRKSEC-1020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 125