This chapter suggests design principles to plan a threat control and containment strategy using firewalls and intrusion prevention systems in Cisco IOS environments. This chapter provides a general evaluation of the current state of enterprise security in the presence of evolving threats. It presents the design considerations for a threat protection strategy as part of a risk management strategy with Cisco threat control and containment solutions.
Planning a Threat Control Strategy © 2012 Cisco and/or its affiliates All rights reserved Contents In this chapter, we will • Evaluate the current state of enterprise security in the presence of evolving threats • Describe design considerations for a threat protection strategy to mitigate threats as part of a risk management strategy • Describe how Cisco strategizes threat control and containment © 2012 Cisco and/or its affiliates All rights reserved Trends in Network Security Threats Recent threat vectors include the following: • Cognitive threats: social networks (likejacking) • Smartphones, tablets, and consumer electronics exploits • Widespread website compromises • Disruption of critical infrastructure • Virtualization exploits • Memory scraping ã Hardware hacking â 2012 Cisco and/or its affiliates All rights reserved Trends in Network Security Threats The following is a list of the specific trends that can be gathered from the evolution of threats in information security: •Insidious motivation, high impact •Targeted, mutating, stealth threats •Threats consistently focusing on the application layer •Social engineering front and center ãThreats exploiting the borderless network â 2012 Cisco and/or its affiliates All rights reserved Threat Mitigation and Containment: Design Fundamentals The result of the recent trends in information security threats is the need for an updated, carefully planned threat control and mitigation strategy, and a revision of old design paradigms • Policies and process definition • Mitigation technologies • End-user awareness © 2012 Cisco and/or its affiliates All rights reserved Threat Control Design Guidelines These new paradigms result in specific design guidelines for the threat control and containment architecture: • Stick to the basics • Risk management • Distributed security intelligence • Security intelligence analysis • Application layer visibility ã Incident response â 2012 Cisco and/or its affiliates All rights reserved Application Layer Visibility © 2012 Cisco and/or its affiliates All rights reserved Distributed Security Intelligence Distributed Security Intelligence Using Telemetry © 2012 Cisco and/or its affiliates All rights reserved Security Intelligence Analysis Security Information and Event Management (SIEM) © 2012 Cisco and/or its affiliates All rights reserved Cisco Threat Control and Containment Categories © 2012 Cisco and/or its affiliates All rights reserved 10 Integrated Approach to Threat Control • Application Awareness • Any alphanumeric character • Modular Policy Framework (MPF) • Network Based Application Recognition (NBAR) • Flexible Packet Matching (FPM) • Application-Specific Gateways ã Security Management â 2012 Cisco and/or its affiliates All rights reserved 11 Cisco Security Intelligence Operations Site Cisco IronPort SenderBase Web Page © 2012 Cisco and/or its affiliates All rights reserved 12 Cisco Threat Control and Containment Solutions Fundamentals Cisco Security Appliances • Cisco ASA • Hardware modules : Cisco catalyst 6500 ASA services module and Cisco catalyst 6500 Firewall Services Module (FWSM) • Cisco IOS Firewall • Cisco Virtual Security Gateway (VSG) The different firewalls listed above implement various access control mechanisms for the new landscape of information security threats that are described in this module: • Zone-based firewall • ACLs • FPM • AIC • MPF © 2012 Cisco and/or its affiliates All rights reserved 13 Cisco IPSs • Cisco IPS 4200 Series Sensors • Hardware Module : integrate into ASA, Catalyst 6500 and ISR • Cisco IOS IPS These IPSs implement various intrusion management solutions for the new landscape of information security threats that are described in an upcoming chapter: • Rich set of detection mechanisms • Signatures • Anomaly detection • Normalization • Correlation ã Automatic signature updates ã Multiple deployment modes â 2012 Cisco and/or its affiliates All rights reserved • Inline 14 Threat Control Scenario for a Small Business © 2012 Cisco and/or its affiliates All rights reserved 15 Summary The following are the main points conveyed in this chapter: • Threat control and containment should distribute security intelligence, improve incident analysis and correlation, and respond automatically • Cisco threat control and containment solutions provide multiple deployment options: appliance, hardware module, software based, and virtualized • Cisco threat control and containment is a solution for small, medium, and large businesses © 2012 Cisco and/or its affiliates All rights reserved 16 Ref • For additional information, refer to these Cisco.com resources: • “Cisco Security Intelligence Operations,” http:// tools.cisco.com/security/center/home.x • “Cisco 5500 Series Adaptive Security Appliances,” http:// www.cisco.com/en/US/products/ps6120/index.html © 2012 Cisco and/or its affiliates All rights reserved 17 © 2012 Cisco and/or its affiliates All rights reserved 18 ... Control and Containment Categories © 2012 Cisco and/or its affiliates All rights reserved 10 Integrated Approach to Threat Control • Application Awareness • Any alphanumeric character • Modular Policy... options: appliance, hardware module, software based, and virtualized • Cisco threat control and containment is a solution for small, medium, and large businesses © 2012 Cisco and/or its affiliates All... threats as part of a risk management strategy • Describe how Cisco strategizes threat control and containment © 2012 Cisco and/or its affiliates All rights reserved Trends in Network Security Threats