Last week I had the pleasure to attend a Fire Jumper Achievement classes, and it was a great eye opener for me. Security products have changed and evolved tremendously over the past few years, this evolution is due to the constant changing Attack vectors users and companies experience out there in the wild.
The Attack Continuum
Cisco has a good strategy to address Security threats into different phases that could be possible in an attack. Understanding that there is not one “Perfect Solution” is part of the play.
They do a great job to explain the different aspects of a security attack by breaking it down into 3 phases: Before, During and After.
I also think that Cisco understands that there are very advanced and sophisticated attacks, which can bypass IPS systems, Firewall Rules and other security measures you may have at the edge, along with the security that you can deploy at the core of your infrastructure, on services such as DNS, Web and Email traffic among others.
Show me the Products?
The products come from many integrations and acquisitions that Cisco has completed over the years, but here is a list:
Before an attack happens
Cisco ASA
Firepower FTD
AnyConnect
Meraki MX Appliances
Identity Service Engine
The main takeaway on this is one is to be able to identify the following:
– What will attack my network
– Enforce Policies
– Harden Policies
Reality is, the question is not longer thinking what to do if you get hacked or bridged… is when is going to happen, because it will
During an attack
Fire Power
Cisco Umbrella
Cisco Security Internet Gateway
Email Security Premise | Cloud | Hybrid
Advanced Security threats show up all the time, so what if all the security at the edge just failed? you need to be able to protect core services such as DNS, email and Web traffic, here is what needs to be done:
– Detect, what passed your initial line of defense?
– Block the threat from spreading or even accessing company vital resources
– Defend your infrastructure from different attack vectors that may present
After the attack
Advanced Malware Protection for Endpoints and Network
StealthWatch
AMP Threat Grid
As I said it before, and I think there is some try on this one; us as the users are maybe the weakest link in the security chain, with that said, malicious attacks or compromises could present as legitimate in our Inbox, or as the things we normally do to perform our jobs. So we have been bridged, now what?
we have been bridged, now what?
– Scope the parts of the system that are/were affected
– Contain the thread as soon as possible
– Remediate and get back to normal
The Reality
The security offering and its products sounds very interesting and very nice, and we all know or at least have heard of these products in action. Also we all know that Security threats are constantly changing, so it may not be a fit-all solution or the best solution of them all, but what is true is that is so far a good start. With few things that raise questions and brows along the way.
Recommendations and what to look forward to?
My recommendation is to keep learning and understanding not only what the products are able to prevent or stop in its tracks, but also to understand how Security attacks work and be able to mitigate attacks based on tested solutions.
About the Author:
Andres Sarmiento, CCIE # 53520 (Collaboration)
With more than 13 years of experience, Andres is specialized in the Unified Communications and Collaboration technologies. Consulted for several companies in South Florida, also Financial Institutions on behalf of Cisco Systems. Andres has been involved in high-profile implementations including Cisco technologies; such as Data Center, UC & Collaboration, Contact Center Express, Routing & Switching, Security and Hosted IPT Service provider infrastructures.