Sourcefire下一代IPS解决方案介绍.pptx_163文库

资源描述

1、1SourceFire 下一代入侵防御解决方案议程SourceFire 公司介绍SourceFire下一代入侵防御解决方案介绍SourceFire 产品线介绍SourceFire收购对Cisco的意义Sourcefire is a Trusted Security Partner 10 年以上安全经验从网络安全到恶意软件防御NGIPS,NGFW,Malware Protection|Physical,Virtual,Cloud 客户遍及180多个国家创新:52+获奖专利世界级研发队伍支持开源系统Snort,ClamAV,RazorbackIPS MQ LeaderAmericas Fa

2、stest-GrowingTech Companies 2012下一代IPS解决方案的领导者 Sourcefire has been a leader in the Gartner Magic Quadrant for IPS since 2006.SNORT-开源的入侵防御引擎http:/www.snort.org/众多SNORT的fans Sourcefire专注于威胁的安全模型攻攻击击周期周期攻击之前攻击之中攻击之后评估加固实施策略检测阻挡确定影响范围控制传播修复网络|终端|移动设备|虚拟化Point-in-TimeContinuous你无法保护你了解不到的资产Sourcefire的安全

3、方法Agile Security 针对攻击发生之前/之中/之后的持续安全过程自动调整安全策略保证安全响应实时实施，永久有效将看到的数据转换为关联信息8Sourcefire Agile Security安全职能Management Center硬件平台|虚拟化平台下一代防火墙下一代入侵防御高级恶意软件防护情景感知主机|移动平台硬件平台|V虚拟化平台议程SourceFire 公司介绍SourceFire下一代入侵防御解决方案介绍SourceFire 产品线介绍SourceFire收购对Cisco的意义10 ATTACK CONTINUUMNGFWNGIPSAMPSourcefire的主要产品网络设

4、备虚拟化平台终端软件FIreSIGHT 管理中心Gartner 定义的下一代IPS&下一代防火墙下一代IPS(NGIPS)Standard first-gen IPS Application awareness and full-stack visibility Context awareness Content awareness Agile engine下一代防火墙(NGFW)Standard first-gen firewall Application awareness and full-stack visibility Integrated network IPS Source:“

5、Defining Next-Generation Network Intrusion Prevention,”Gartner,October 7,2011.“Defining the Next-Generation Firewall,”Gartner,October 12,2009“Next-generation network IPS will be incorporated within a next-generation firewall,but most next-generation firewall products currently include first-generati

6、on IPS capabilities.“攻击攻击之前之前策略控制扫描环境Attacks,Devices,OS,Applications,Flow,Users,Vulnerabilities,Files策略部署Policy enforcement(whitelist),Access&Application Control,Auto IPS Tuning评估策略攻击之中攻击之中识别阻挡识别阻挡检测保护#1 Detection Rate(99%-NSS)100%MS Vulnerability Coverage16,000+Snort RulesBig Data Cloud AnalysisSe

7、curity Intelligence/IP ReputationOpen Rules攻击之后攻击之后分析整改分析整改确定危害范围Analyze ImpactIdentify Compromised MachinesDetermine Point of Entry and Propagation 控制传播范围整改防火墙应用控制URL 过滤漏洞防护高级恶意软件防护IPS高级恶意软件防护IDS关联分析网络行为分析抓包分析高级恶意软件防护Sourcefire使用全过程的、系统化的连续防御手段对网络和终端的了解从而实现自动防御OSUsersDevicesThreatsApplicationsFiles

8、VulnerabilitiesFlow 主动了解你的环境（FireSight）攻攻击击之前之前策略控制策略控制发现网络中的所有设备（Firesight）操作操作系統系統开放的服务开放的服务客户端应用程序客户端应用程序登录信息登录信息版本版本服务器端应用程序服务器端应用程序只有选择SourceFire才可以完整看到网络环境用户识别Packet Capture 抓包分析移动设备的自动发现详尽的IT现状分析应用流量分析应用风险分析谁在使用这些应用?使用者使用的什么操作系统?使用者还干了什么?使用者在什么时间访问的应用?策略部署策略部署:自动进行公司策略的部署应应用控制用控制:减少来自应用和客户端的威

9、胁URL过滤过滤:执行公司策略提高生产率和来自互联网的威胁自自动调优动调优:根据网络的变化自动调整策略部署策略进行控制（NGFW）攻攻击击之前之前可可见见,可控可控识别超过了1000多种应用和设备!自动调整策略、规则Agile Security攻攻击击之中之中智能分析和防智能分析和防护护检测和防御攻击（NGIPS）Sourcefire IPS 规则规则16,000+Snort 规则#1 检测效率(99%-NSS Labs)Sourcefire VRT开发开放可监控,业界标准模式基于漏洞的特征高速单次解码引擎Security I智能智能/IP 名誉名誉库库Sourcefire VRTBots a

10、nd C&CKnown AttackersBogus IPsPhishing/Spam IPsOpen proxies/relaysMalware IPs加入自定制智能加入自定制智能Third-party feedsGovernment-provided feedsUser-created feedsor阻阻挡恶挡恶意意IP*Can be updated every two hours安全策略规则的描述SEU/SRU,VDB 每周更新威胁库2CVEs每天签名库变化每日恶意软件提交new IPS 规则 100%同一天同一天保护微软漏洞发布98.9%行业最最优优每个 NSS Labs IPS

11、group的漏洞覆盖率上一年上一年统计统计精确零日的攻击阻挡NGIPS控制恶意攻击FireSIGHT全面情景感知 Security Intelligence黑名单控制全面的访问控制By network zone,VLAN,IP,port,protocol,application,user,URL 完美集成IPS policiesAccess PoliciesFile control policiesSourcefire 攻击阻挡流程Firewall PolicyIPS PolicyFile policyMalware policyControlled trafficSwitching,Rout

12、ing VPN,High AvailabilityURL awarenessSecurity IntelligenceIP Geo-location攻攻击击之后之后分析和整改分析和整改影响力分析影响力分析Match the attack:Match,Port OpenLikely VulnerableNo Match,Port OpenLess LikelyNo Match,Port ClosedNot VulnerableAttack againstAgainst the targets OS,running programs,and their vulnerabilities:Match,

13、Port OpenLikely Vulnerable11014202020Others:64101.1%High Impact Investigate98.9%Less RelevantDramatic time savings and security focus关关联联分析分析查看攻击相关信息，比如:什么时间发生?谁被攻击?攻击者还与谁通讯过?被攻击主机的情况分析?攻击从哪里发起?确定危害的范围弱點弱點(攻擊目標有已知弱點)疑似弱點疑似弱點(攻擊目標的操作系統或服務，已修補弱點)無弱點無弱點(無此服務)不存在不存在(無此主機)入侵事件入侵事件減少傳統IPS的 99%事件入侵事件入侵事件评估

14、分析评估分析流量分析网络异常检测网络行为分析智能安全IP 名誉库可以阻止和告警:Botnet C&C Traffic Known Attackers Malware,Phishing,and Spam Sources Open Proxies and Relays 生成自己的名誉库从 Sourcefire 或第三方下载整体安全的智能化整体安全的智能化广泛理解连续分析联合响应大数据分析控制和整改攻攻击击之后之后安全整改安全整改整改和危害分析攻击攻击之前之前策略控制扫描环境Attacks,Devices,OS,Applications,Flow,Users,Vulnerabilities,F

15、iles策略部署Policy enforcement(whitelist),Access&Application Control,Auto IPS Tuning评估策略攻击之中攻击之中识别阻挡识别阻挡检测保护#1 Detection Rate(99%-NSS)100%MS Vulnerability Coverage16,000+Snort RulesBig Data Cloud AnalysisSecurity Intelligence/IP ReputationOpen Rules攻击之后攻击之后分析整改分析整改确定危害范围Analyze ImpactIdentify Compromise

16、d MachinesDetermine Point of Entry and Propagation 控制传播范围整改防火墙应用控制URL 过滤漏洞防护高级恶意软件防护IPS高级恶意软件防护IDS关联分析网络行为分析抓包分析高级恶意软件防护Sourcefire使用全过程的、系统化的连续防御手段Sourcefire的安全团队VRTPrivate&PublicThreat FeedsFile Samples(180,000 per day)Advanced Microsoft&Industry DisclosuresFireAMPCommunitySnort&ClamAVOpen Source C

17、ommunitiesSourcefire AEGIS ProgramIPS RulesMalwareProtectionReputationFeedsVulnerabilityDatabaseUpdatesSandboxingMachine LearningBig Data InfrastructureSPARKProgramHoneypotsSandnets议程SourceFire 公司介绍SourceFire下一代入侵防御解决方案介绍SourceFire 产品线介绍SourceFire收购对Cisco的意义Sourcefire 智能解决方案COLLECTIVESECURITYINTELLI

18、GENCE管理中心APPLIANCES|VIRTUAL下一代防火墙下一代IPS高级恶意软件防护CONTEXTUAL AWARENESSHOSTS|VIRTUAL MOBILEAPPLIANCES|VIRTUALSourcefire FirePOWER 产品展示LCD 显示屏“Quick and easy headless configuration”设备堆叠“Scale monitoring capacitythrough stacking”网络连接“Change and add connectivityinline with network requirements”FirePOWER加速“

19、For best in class throughput,security,Rack size/Mbps,and price/Mbps”轻量级管理Minimal operational impact双电源固态硬盘“Highest reliability and availability”FirePOWER technoogy is a specialized network processor and custom designed platform that accelerates data acquisition and classification故障直通“Maximum network

20、 uptime”网络模块(“NetMods”)接口模块 4 x port 1Gbps Copper 4 x port 1Gbps Fiber(SX)2 x port 10Gbps Fiber SR 2 x port 10Gbps Fiber LR Cluster Module 与第二台设备连接所有的模块支持bypass/fail open Field replaceableSourcefire 产品线FireSIGHT Defense CenterFirePOWER Appliances集群与堆叠技集群与堆叠技术术 DC1500DC3500PERFORMANCEDC7503D701050 M

21、bps3D7020 100 Mbps3D7110 500 Mbps3D71201 Gbps3D81304 Gbps3D81202 Gbps3D8140 6 Gbps3D8250 10 Gbps3D8260-20Gbps3D8270-30Gbps3D8290-40GbpsSSL Appliances Virtual Appliances3D7030 250 Mbps部署架构InternalDMZPerimeterINTERNETTechnologyDefense Center虚拟化部署虚拟IPS 识别潜在问题惡意流量网络间的意外橋接违规策略Virtual SensorVirtual Sensor

22、Virtual Sensor3D Sensor3D SensorDefense Center3D SensorVMware ESX ServerAppOSAppOSAppOSOSVSwitchAppOSAppOSOSAppAppProductionDevelopmentVSwitchspanAppOSAppOSAppOSOSVM3VM1VM2VM4AppVSwitchVSwitch多种方式实现恶意软件防护主机恶意软件防护 Small(Size of a print driver)Watches for move/copy/execute Traps fingerprint&attributes

23、 Queries cloud for file depositionSaaS ManagerSourcefire SensorFireSIGHT Management CenterNo agent requiredAMP Malware license#Detection Services&Big Data analytics基于网络的恶意软件防护基于主机/虚拟平台/移动终端的恶意软件防护eStreamer API 实时实时获取获取Sourcefire的事件数据的事件数据Remediation API 基于事件信息，在其他设备上进行动作 Host Input API 将第三方信息导入到sour

24、cefire里，便于关联Database Access 第三方系统访问第三方系统访问sourcefire的事的事件和主机信息件和主机信息Sourcefire API 介绍Licensing 介绍1 Requires Protect License 2 Requires Control License 3 Requires FirePOWER-based appliances 4 Requires Defense Center with FireSIGHT License“*”Note:the IPS features are included in the AMP edition but ar

25、e not marketedNetwork ProductsFirePOWER Appliances 8000 and 7000 Series(with v5.x)Awareness OnlyAMPNGIPS NGFW Standard Appliance Features Configurable Fail Open InterfacesConnection/Flow LoggingNetwork,User,and Application Discovery 4Traffic filtering/ACLsProtectNSS Leading IPS EngineAdd-on License*

26、Comprehensive Threat Prevention*Security Intelligence(C&C,Botnets,SPAM etc)Blocking of Files by Type,Protocol,and DirectionBasic DLP in IPS Rules(SSN,Credit Card etc.)*Control1Access Control:Enforcement by ApplicationAdd-on LicenseAdd-on LicenseAdd-on LicenseAccess Control:Enforcement by User Switch

27、,Routing,and NAT Options 3VPNIPSec Site to Site VPN 2Add-on LicenseAdd-on LicenseAdd-on LicenseURL FilteringURL Filtering Subscription 2Annual FeeAnnual FeeAnnual FeeAnnual FeeMalwareProtectionSubscription for Malware Blocking,Continuous File Analysis,Malware Network TrajectoryAnnual FeeAnnual FeeAn

28、nual FeeAnnual FeeFinancialEducationTelco&CommercialNSS Labs 测试报告 IPS Methodology v6.2(2012)SourcefireFirePOWER8260McAfee NSPM-8000HP SecurityTP-6100NJuniper SRX 3600IBM SecurityGX7800Protection98.90%95%91.1%88.8%77.5%Real World IPS Throughput34Gbps(20 Gbps)12.3 Gbps(10 Gbps)10 Gbps(8 Gbps)3.7 Gbps(

29、10 Gbps)11.4 Gbps(20 Gbps)Concurrent Connections60 M*5 M15 M1.2 M15 MTCO(per Mbps Protected)$15$31$36$81$44Sourcefire ConfidentialInternal Use OnlyNSS Labs 测试报告-下一代防火墙 SourcefireCheck PointPANSonicwallStonesoftProtection98.9%86.3%91.2%94.8%93.9%Real World Throughput10Gbps2.6Gbps3.8Gbps16.2Gbps1.6Gbp

30、sVendor Rating10Gbps17Gbps2Gbps30Gbps1GbpsConcurrent Connections15,000,000413,0001,040,148 10,000,0001,055,000 NGFW Methodology v4.0(2012)议程SourceFire 公司介绍SourceFire下一代入侵防御解决方案介绍SourceFire 产品线介绍SourceFire收购对Cisco的意义SourceFire的收购，Cisco成为纯正意义的安全公司Network Behavior AnalysisAdvanced Malware ProtectionNAC

31、+Identity ServicesNGFWFirewallUTMVPNATTACK CONTINUUM控制执行加固检测阻挡防御定位缓解修复NGIPSWeb SecurityEmail SecurityNetwork-Integrated,Broad Sensor Base,Context and AutomationContinuous Advanced Threat Protection,Cloud-Based Security IntelligenceAgile and Open Platforms,Built for Scale,Consistent Control,Managemen

32、tCisco安全战略NetworkEndpointMobileVirtualCloudVisibility-DrivenThreat-FocusedPlatform-Based相关资源http:/ Sales BriefcaseSourcefire Traininghttps:/https:/sns- Product Demohttp:/ Product CollateraldCloud上的Sourcefire资源http:/dcloud.Cisco.Com 选择America重点回顾SourceFire基于Snort的开源架构SourceFire提供领先的下一代入侵防御解决方案，全面情景感知SourceFire 提供高至40G的NGIPSSourceFire的收购，Cisco成为真正意义的安全公司，专注于威胁与攻击。

展开阅读全文