Защита от современных и целенаправленных атак

  • View
    108

  • Download
    2

Embed Size (px)

Text of Защита от современных и целенаправленных атак

  • Cisco () , 2014 . . 1

    Cisco () , 2014 . . 1

    - 2 April 2015

  • Cisco () , 2014 . . 2

    Cisco

    ,

    ASA

    ISR

    IPS

    ASA

    ISE

    Active Directory

    ISR-G2

    CSM

    ASA

    ASAv ASAv ASAv ASAv

    Talos

    ASA, ( SDN)

    CTD

    IDS RA

  • Cisco () , 2014 . . 3

    5

    -

  • Cisco () , 2014 . . 4

    ?

    IPS

    /

    NAC (/ )

    /IPS

    SIEM

    (BDS)

  • Cisco () , 2014 . . 5

    NGFW

    ,

    , ,

  • Cisco () , 2014 . . 6

    : 2012 Verizon Data Breach Investigations Report

    10%

    8%

    0%

    0%

    75%

    38%

    0%

    1%

    12%

    14%

    2%

    9%

    2%

    25%

    13%

    32%

    0%

    8%

    29%

    38%

    1%

    8%

    54%

    17%

    1%

    0%

    2%

    4%

    %

  • Cisco () , 2014 . . 7

    -

    -

    -

  • Cisco () , 2014 . . 8

    AMP + FirePOWER AMP >

    Cisco: !

    Cognitive Security

    2013 2015... 2014

    Sourcefire Security Advanced Malware Protection

    (VRT)

    ( OpenAppID)

    Malware Analysis & Threat Intelligence

    ThreatGRID

    Cisco Talos Sourcefire VRT Cisco TRAC

    Cisco SecApps

    Cognitive + AMP

    >

  • Cisco () , 2014 . . 9

    100 0111100 011 1010011101 1000111010011101 10001110 10011 101 010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00

    01000 01000111 0100 11101 1000111010011101 1000111010011101 1100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00

    ?

    ...

    , .

    01000 01000111 0100 1110101001 1101 111 0011 0

    100 0111100 011 1010011101 1

    01000 01000111 0100 111001 1001 11 111 0

  • Cisco () , 2014 . . 10

    ,

    54%

    60%

    ,

    100% ,

  • Cisco () , 2014 . . 11

  • Cisco () , 2014 . . 12

    , Cisco ASA FirePOWER

    Cisco ASA Sourcefire

    Advanced Malware Protection (AMP)

    (SI), (AVC) URL-

    ,

    ,

  • Cisco () , 2014 . . 13

    ASA

    (Cisco AVC)

    (NGIPS) FirePOWER

    URL-

    Advanced Malware Protection

    SIEM

    Cisco ASA

    VPN

    URL-

    ( ) FireSIGHT

    Advanced Malware Protection

    ( )

    Cisco CSI

    ( )

  • Cisco () , 2014 . . 14

    ASA

    (IPSec / SSL VPN)

    IPv4/v6

    , , 3-

    Cisco ASA 5500-X

  • Cisco () , 2014 . . 15

    FirePOWER Services?

    , VLAN, IP, , , , , URL-

    , , VPN,

    URL-

    IP-

  • Cisco () , 2014 . . 16

    FirePOWER IPS -

    VoIP-

  • Cisco () , 2014 . . 17

    NGFW

  • Cisco () , 2014 . . 18

    ,

    FirePOWER for ASA

  • Cisco () , 2014 . . 19

    3D SENSOR

    3D SENSOR

    3D SENSOR

    DEFENSE CENTER

    3D SENSOR

    P2P

    ,

    . Skype. , IT HR .

    IT & HR

  • Cisco () , 2014 . . 20

    Skype

  • Cisco () , 2014 . . 21

    ASCII HEX PCAP-

  • Cisco () , 2014 . . 22

  • Cisco () , 2014 . . 23

    NMAP /

    Cisco (RTBH)

    Cisco ASA

    Email/SNMP/Syslog

    , C/BASH/TCSH/PERL

  • Cisco () , 2014 . . 24

    URL

    URL

    URLs

  • Cisco () , 2014 . . 25

  • Cisco () , 2014 . . 26

    ,

    Bad Guys

  • Cisco () , 2014 . . 27

    IP

    Full : , , TZ, ASN, ISP, , .. (Google, Bing )

    &

  • Cisco () , 2014 . . 28

    :

  • Cisco () , 2014 . . 29

    /

    Web-

    /

    ..

  • Cisco () , 2014 . . 30

    3D SENSOR

    3D SENSOR

    3D SENSOR

    DEFENSE CENTER

    3D SENSOR

    ,

    IT

    LAN. ASA with FirePOWER IT.

    / /

  • Cisco () , 2014 . . 31

    IP-, NetBIOS-, MAC- ..

  • Cisco () , 2014 . . 32

    29+

    IP-, NetBIOS-, MAC- ..

  • Cisco () , 2014 . . 33

    DCE/RPC

    DNS

    FTP Telnet

    HTTP

    Sun RPC

    SIP

    GTP

    IMAP

    POP

    SMTP

    SSH

    SSL

    Modbus / DNP3

  • Cisco () , 2014 . . 34

    / IP- ? ?

  • Cisco () , 2014 . . 35

    3D SENSOR

    3D SENSOR

    3D SENSOR

    DEFENSE CENTER

    3D SENSOR

    LINUX SERVER

    WINDOWS SERVER Linux

    Windows

    server

    Windows- Windows Linux . . .

  • Cisco () , 2014 . . 36

    ,

    PDF .

    PDF

    .

    A

    B

    C

    3

    WWW WWW WWW

    http:// http:// WWW

    1

    2

    3

    5

  • Cisco () , 2014 . . 37

    ..

  • Cisco () , 2014 . . 38

    / (, )

  • Cisco () , 2014 . . 39

  • Cisco () , 2014 . . 40

    , , , , , , .

    IPS

  • Cisco () , 2014 . . 41

    1

    2

    3

    4

    0

    ,

    ,

    ,

    ,

    ,

    ,

    ,

    ,

    ,

  • Cisco () , 2014 . . 42

  • Cisco () , 2014 . . 43

    ()

    -

    IP

    ,

    Office/PDF/Java

  • Cisco () , 2014 . . 44

    , , , , ,

    Endpoint

  • Cisco () , 2014 . . 45

    AMP

  • Cisco () , 2014 . . 46

    Collective Security Intelligence Cloud

    1

    . 2

    3

    , ;

    4

    Cisco Collective Security Intelligence

  • Cisco () , 2014 . . 47

    Collective Security Intelligence Cloud

    1

    2

    3

    4

    5

    Cisco Collective Security Intelligence

  • Cisco () , 2014 . . 48

    Collective Security Intelligence Cloud

    1

    2

    3

    4 ,

    5

    6

    Cisco Collective Security Intelligence

  • Cisco () , 2014 . . 49

    Collective Security Intelligence Cloud

    ,

    1

    2

    3

    4

    5

    Cisco Collective Security Intelligence

  • Cisco () , 2014 . . 50

    ,

    1

    , 2

    3

    Collective Security Intelligence Cloud

    -

    Cisco Collective Security Intelligence

  • Cisco () , 2014 . . 51

    1

    3

    4

    2 -

    Collective Security Intelligence Cloud

    Cisco Collective Security Intelligence

  • Cisco () , 2014 . . 52

    Collective Security Intelligence Cloud

    , IP-

    2

    , IP-

    3

    Collective Security Intelligence Cloud IP-

    4

    - 5

    IP-: 64.233.160.0

    /

    1

    Cisco Collective Security Intelligence

  • Cisco () , 2014 . . 53

    Cisco AMP

    Cisco AMP

  • Cisco () , 2014 . . 54

    Cisco AMP

    Cisco Collective Security Intelligence

  • Cisco () , 2014 . . 55

    Cisco Collective Security Intelligence

    1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00

    0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110

    WWW

    .

    IPS

    /

  • Cisco () , 2014 . . 56

    Cisco Collective Security Intelligence

    Collective Security Intelligence

  • Cisco () , 2014 . . 57

    Cisco AMP

    Cisco Collective Security Intelligence

  • Cisco () , 2014 . . 58

    1 ,

    2 , ,

    3

    Cisco Collective Security Intelligence

  • Cisco () , 2014 . . 59

    ?

    ?

    ?

    ?

    ?

    ?

    ?

  • Cisco () , 2014 . . 60

    :

    1

    2

    3

    /

    ,

    , ,

    Cisco Collective Security Intelligence

  • Cisco () , 2014 . . 61

    1

    2 3 IP-

    4

    Cisco AMP , ,

    Cisco Collec