Next Generation Firewall

Next Generation Firewall History

UTM Unified Threat Management
Term invented by IDC around 2004
Security appliance integrating multiple functions in one
platform
Cisco never had a UTM
NGFW Next Generation Firewall
Term invented by Gartner around 2004
Initially it was nothing else but a UTM
Cisco joined the market in 2013 through multiple acquisition

Copyright www.ine.com
 Unified Threat Management Features
Different per vendor
First generation firewall standard features
Routing and VPN (IPsec/SSL)
Network Address Translation
Layer 3/4 stateful firewall
Basic access-control (ACL) and user authentication

Copyright www.ine.com
 Unified Threat Management Features
Different per vendor
Deep Packet Inspection (layer 7 capabilities)
IPS Intrusion Prevention System
E-mail Security (antispam/antimalware/antivirus/encryption)
Web Security for proxy services (URL Filtering/antivirus/
antimalware)
DLP Data Loss Prevention
Advanced Threat Protection (sandboxing)
Wireless Security
Centralized or on-the-box management
Copyright www.ine.com
 Ciscos UTM
Ciscos UTM advanced functions were not
supported concurrently on the ASA firewall
IPS as a software/hardware module
Content Security through CSC as a hardware module
Web and e-mail security
Content Aware Security through CX software/hardware
module
Only web security
Nothing else but IronPort web proxy

Copyright www.ine.com
 Next Generation Firewall Features
UTM with additional capabilities to boost up
security sales
A firewall built for Threat Defense
True application awareness with full stack visibility
Cloud-based sandboxing
Advanced malware protection
Additional intelligence for stronger cyber security defense
True zero-day attacks defense
Scalable network segmentation and user/device control

Copyright www.ine.com
 Cisco Enters NGFW Market
Cisco has done multiple acquisitions
Sourcefire in 2013
Core of its NGFW
Cognitive Security in 2013
Cognitive Threat Analytics uses behavioral modeling and
anomaly detection to identify malicious activity
Helps reduce time to discovery of threats operating inside the
network

Copyright www.ine.com
 Cisco Enters NGFW Market
Further acqusitions
ThreatGRID in 2014
Cloud or on-premises intelligent malware detection
Cisco names it AMP Advanced Malware Protection
Feature available on WSA/ESA/NGFW/Endpoints
AMP on Endpoints uses two engines: Spero and Ethos

Copyright www.ine.com
 Cisco Enters NGFW Market
Further acquisitions
OpenDNS in 2015
Cloud based DNS intelligence to provide security for any
device, anywhere at anytime
Lancope in 2015
Strong defense against APT Advanced Persistent Threats
It provides network behavior analytics, threat visibility and
security intelligence to help protect against top cyber security
threats

Copyright www.ine.com
 What is Cisco Talos ?
Big Data Analytics for Threat Defense
Talos Security Intelligence and Research Group
Leading threat researchers supported by sophisticated
systems to create threat intelligence for Cisco products that
detects, analyzes and protects against both known and
emerging threats
Maintains the official rule sets of Snort.org, ClamAV,
SenderBase.org and SpamCop
Gathers data from ThreatGRID, AMP and OpenDNS
Copyright www.ine.com
 Ciscos Next Generation Firewall
Known as FirePOWER initially
Sourcefire NGFW capabilities
Software/hardware module on the ASA
A standalone physical appliance (Sourcefire)
Known as FTD now
FirePOWER Threat Defense
Unified code for ASA firewall and FirePOWER
Available already, not supported by all ASA platforms
Copyright www.ine.com
 Q&A

Copyright www.ine.com All rights reserved.