Planning a Threat Control Strategy
© 2012 Cisco and/or its affiliates. All rights reserved.
1
Contents
In this chapter, we will
• Evaluate the current state of enterprise security in the presence of
evolving threats
• Describe design considerations for a threat protection strategy to
mitigate threats as part of a risk management strategy
• Describe how Cisco strategizes threat control and containment
© 2012 Cisco and/or its affiliates. All rights reserved.
2
Trends in Network Security Threats
Recent threat vectors include the following:
• Cognitive threats: social networks (likejacking)
• Smartphones, tablets, and consumer electronics exploits
• Widespread website compromises
• Disruption of critical infrastructure
• Virtualization exploits
• Memory scraping
• Hardware hacking
© 2012 Cisco and/or its affiliates. All rights reserved.
3
Trends in Network Security Threats
The following is a list of the specific trends that can be gathered from the
evolution of threats in information security:
•Insidious motivation, high impact
•Targeted, mutating, stealth threats
•Threats consistently focusing on the application layer
•Social engineering front and center
•Threats exploiting the borderless network
© 2012 Cisco and/or its affiliates. All rights reserved.
4
Threat Mitigation and Containment: Design
Fundamentals
The result of the recent trends in information security threats is the need
for an updated, carefully planned threat control and mitigation strategy,
and a revision of old design paradigms.
• Policies and process definition
• Mitigation technologies
• End-user awareness
© 2012 Cisco and/or its affiliates. All rights reserved.
5
Threat Control Design Guidelines
These new paradigms result in specific design guidelines for the threat
control and containment architecture:
• Stick to the basics
• Risk management
• Distributed security intelligence
• Security intelligence analysis
• Application layer visibility
• Incident response
© 2012 Cisco and/or its affiliates. All rights reserved.
6
Application Layer Visibility
© 2012 Cisco and/or its affiliates. All rights reserved.
7
Distributed Security Intelligence
Distributed Security Intelligence Using Telemetry
© 2012 Cisco and/or its affiliates. All rights reserved.
8
Security Intelligence Analysis
Security Information and Event Management (SIEM)
© 2012 Cisco and/or its affiliates. All rights reserved.
9
Cisco Threat Control and Containment
Categories
© 2012 Cisco and/or its affiliates. All rights reserved.
10
Integrated Approach to Threat Control
• Application Awareness
• Any alphanumeric character
• Modular Policy Framework (MPF)
• Network Based Application Recognition (NBAR)
• Flexible Packet Matching (FPM)
• Application-Specific Gateways
• Security Management
© 2012 Cisco and/or its affiliates. All rights reserved.
11
Cisco Security Intelligence Operations
Site
Cisco IronPort SenderBase Web Page
© 2012 Cisco and/or its affiliates. All rights reserved.
12
Cisco Threat Control and Containment Solutions
Fundamentals
Cisco Security Appliances
• Cisco ASA
• Hardware modules : Cisco catalyst 6500 ASA services module and
Cisco catalyst 6500 Firewall Services Module (FWSM)
• Cisco IOS Firewall
• Cisco Virtual Security Gateway (VSG)
The different firewalls listed above implement various access control
mechanisms for the new landscape of information security threats that are
described in this module:
• Zone-based firewall
• ACLs
• FPM
• AIC
• MPF
© 2012 Cisco and/or its affiliates. All rights reserved.
13
Cisco IPSs
• Cisco IPS 4200 Series Sensors
• Hardware Module : integrate into ASA, Catalyst 6500 and ISR
• Cisco IOS IPS
These IPSs implement various intrusion management solutions for the
new landscape of information security threats that are described in an
upcoming chapter:
• Rich set of detection mechanisms
• Signatures
• Anomaly detection
• Normalization
• Correlation
• Automatic signature updates
• Multiple deployment modes
© 2012 Cisco and/or its affiliates. All rights reserved.
• Inline
14
Threat Control Scenario for a Small
Business
© 2012 Cisco and/or its affiliates. All rights reserved.
15
Summary
The following are the main points conveyed in this chapter:
• Threat control and containment should distribute security intelligence,
improve incident analysis and correlation, and respond automatically.
• Cisco threat control and containment solutions provide multiple
deployment options: appliance, hardware module, software based, and
virtualized.
• Cisco threat control and containment is a solution for small, medium, and
large businesses.
© 2012 Cisco and/or its affiliates. All rights reserved.
16
Ref
• For additional information, refer to these Cisco.com resources:
• “Cisco Security Intelligence Operations,” http://
tools.cisco.com/security/center/home.x
• “Cisco 5500 Series Adaptive Security Appliances,” http://
www.cisco.com/en/US/products/ps6120/index.html
© 2012 Cisco and/or its affiliates. All rights reserved.
17
© 2012 Cisco and/or its affiliates. All rights reserved.
18