FireSight Manager

Cisco TalosTalos is backed by sophisticated infrastructure and systems that provide exceptional visibility from the aggregation and analysis of unrivaled telemetry data. The result is a security intelligence cloud producing "big intelligence" and reputation analysis that track threats across networks, endpoints, mobile devices, virtual systems, web, and email. This provides a holistic understanding of threats, their root causes, and scopes of outbreaks, translating into leading security effectiveness for Cisco security solutions. The team's expertise spans software development, reverse engineering, vulnerability triage, malware investigation, and intelligence gathering.

1

FirePower Services

FirePower Services - Conceptual ViewAdvanced Next-Generation Threat Protection

Advanced Threat

SecurityIntelligence

Advanced Malware

Cisco Collective Security Intelligence- Billions of web requests and emails- Millions of malware samples- Open Source data sets- Millions of network intrusions

1

Snort.org, ClamAV,

Razorback & SpamCop

2

PolicyL3/4, App

Ctrl, Geo & URL

Next-GenIPS

Security Intelligence AMP

IoCsMulti-VectorCorrelation

AMPEndpoint

3

8

9

5 6 7

FireSight Technologies

BEFORE DURING AFTER

Visibility4

Open Source CommunitiesThese "non-proprietary" communities provide an invaluable source of development significantly enhancing advance detection and protection capabilities. Talos maintains the official rule sets and communities of Snort.org, ClamAV, SenderBase.org and SpamCop.

2

ThreatGridThreatGRID securely crowd-sources malware from a closed community providing a global view of malware attacks, campaigns and their distribution. You can quickly correlate a single samples characteristics against millions of other samples to fully understand its behaviors in a historical and global context to effectively defend against the broadest variety of threats and minimize attacks.

3

Cisco AMP for NetworksAMP for Networks continuously monitors, analyzes, and records all file activity, regardless of disposition, even after initial inspection at the network control point. If AMP observes suspicious or malicious activity, or if a previously deemed good file turns bad, security teams are sent a retrospective alert and an indication of compromise. AMP also provides visibility into exactly what happened. Security teams can see the complete recorded history of the threat, essentially rolling back time on malware, and quickly get answers to crucial security questions, such as: Where did the malware come from? What systems were affected? What is the threat doing? How do we stop it?

IoCs Multi-Vector CorrelationSophisticated attackers exploit multiple vectors often with blended threats that combine various evasive methods such as phishing emails, innocuous payloads, stealthy network profiling, infrequent call outs, etc. - having the ability to correlate and tabulate suspect behaviors across the varied attack planes, integrating network and file level activity, allows enhanced accuracy and earlier identification of infected hosts.

8

AMP Endpoint and CorrelationPoint-in-time detection alone will never be 100 percent effective. It takes only one threat that evades detection to compromise your environment. Using targeted context-aware malware, sophisticated attackers have the resources, expertise, and persistence to outsmart point-in-time defenses and compromise any organization at any time. Furthermore, point-in-time detection is completely blind to the scope and depth of a breach after it happens, rendering organizations incapable of stopping an outbreak from spreading or preventing a similar attack from happening again.

Cisco AMP for Endpoints goes beyond point-in-time detection, delivering a lattice of detection capabilities combined with big data analytics, to continuously analyze files and traffic on endpoints to determine if advanced malware is present (Figure 2). Sophisticated machine-learning techniques evaluate more than 400 characteristics associated with each file to analyze and block advanced malware. The combination provides protection that goes beyond traditional point-in-time detection. Retrospective security, the ability to roll back time on attacks, can detect and alert you to files that become malicious after the initial point of entry.

9

FireSight TechnologyContext may be the single most important factor in evaluating threats and reducing noise. FireSight is the industry's only Security solution to passively learn volumes of data about each unique environment we protect. This includes host information, vulnerabilities, web applications, files, client applications, to name a few. This rich information is leveraged for dynamic tuning, impact assessment and correlation. The data is visualized in FireSight Manager [Context Explorer].

4

Next-Generation IPSThe FirePOWER Next-Generation IPS (NGIPS) solution sets a new standard for advanced threat protection by integrating: Real-time contextual awareness, Intelligent security automation, Superior performance, Flexible deployment options and 30k plus rules. No other solution on the market today offers the visibility, automation, flexibility, and scalability required to protect todays dynamic network environments against increasingly sophisticated threats.

5 Security IntelligenceThreat intelligence (IP Reputation) is essential at examining outbound communications to identify malicious activity. Powered by Talos, Security Intelligence provides blacklisting and alerting / blocking botnets, attackers, spam sources and other malicious destinations.

6

Intrusion Prevention- FireSight Contextual Awareness- Intelligent Automation- Impact Assessment

IP Reputation- Detect Compromised Hosts (CnC, Botnet, IRC, etc.)

File Reputation- Heuristics- Forensic Analysis- Threat Feeds - Retrospection

Centralized Management- Context Visualization- Provisioning- Reporting- Analyst Dashboards

Deployment Options:- Appliance- ASA-X- ISR (UCS-E)- Virtual

7