Chapter 7: Planning a Threat Control Strategy
The following are the main points conveyed in this chapter:
• Threat control and containment should distribute security intelligence, improve incident analysis and correlation, and respond automatically.
• Cisco threat control and containment solutions provide multiple deployment options: appliance, hardware module, software based, and virtualized.
• Cisco threat control and containment is a solution for small, medium, and large businesses.
18 trang |
Chia sẻ: vutrong32 | Lượt xem: 1097 | Lượt tải: 0
Bạn đang xem nội dung tài liệu Chapter 7: Planning a Threat Control Strategy, để tải tài liệu về máy bạn click vào nút DOWNLOAD ở trên
Planning a Threat Control StrategyIn this chapter, we will• Evaluate the current state of enterprise security in the presence of evolving threats• Describe design considerations for a threat protection strategy to mitigate threats as part of a risk management strategy• Describe how Cisco strategizes threat control and containmentContentsRecent threat vectors include the following:• Cognitive threats: social networks (likejacking)• Smartphones, tablets, and consumer electronics exploits• Widespread website compromises• Disruption of critical infrastructure• Virtualization exploits• Memory scraping• Hardware hackingTrends in Network Security ThreatsThe following is a list of the specific trends that can be gathered from the evolution of threats in information security:•Insidious motivation, high impact•Targeted, mutating, stealth threats•Threats consistently focusing on the application layer•Social engineering front and center•Threats exploiting the borderless networkTrends in Network Security ThreatsThe result of the recent trends in information security threats is the need for an updated, carefully planned threat control and mitigation strategy, and a revision of old design paradigms.• Policies and process definition• Mitigation technologies• End-user awarenessThreat Mitigation and Containment: Design FundamentalsThese new paradigms result in specific design guidelines for the threat control and containment architecture:• Stick to the basics• Risk management• Distributed security intelligence• Security intelligence analysis• Application layer visibility• Incident responseThreat Control Design GuidelinesApplication Layer Visibility Distributed Security Intelligence Using TelemetryDistributed Security Intelligence Security Information and Event Management (SIEM)Security Intelligence AnalysisCisco Threat Control and Containment CategoriesApplication Awareness• Any alphanumeric character• Modular Policy Framework (MPF)• Network Based Application Recognition (NBAR)• Flexible Packet Matching (FPM)Application-Specific GatewaysSecurity ManagementIntegrated Approach to Threat ControlCisco IronPort SenderBase Web PageCisco Security Intelligence Operations SiteCisco Security AppliancesCisco ASAHardware modules : Cisco catalyst 6500 ASA services module and Cisco catalyst 6500 Firewall Services Module (FWSM)Cisco IOS FirewallCisco Virtual Security Gateway (VSG) The different firewalls listed above implement various access control mechanisms for the new landscape of information security threats that are described in this module:• Zone-based firewall• ACLs• FPM• AIC• MPF• URL filtering• User-based access control (cut-through proxy)• Stateful failoverCisco Threat Control and Containment Solutions FundamentalsCisco IPS 4200 Series SensorsHardware Module : integrate into ASA, Catalyst 6500 and ISRCisco IOS IPSThese IPSs implement various intrusion management solutions for the new landscape of information security threats that are described in an upcoming chapter:• Rich set of detection mechanisms• Signatures• Anomaly detection• Normalization• Correlation• Automatic signature updates• Multiple deployment modes• Inline• PromiscuousCisco IPSsThreat Control Scenario for a Small BusinessThe following are the main points conveyed in this chapter:• Threat control and containment should distribute security intelligence, improve incident analysis and correlation, and respond automatically.• Cisco threat control and containment solutions provide multiple deployment options: appliance, hardware module, software based, and virtualized.• Cisco threat control and containment is a solution for small, medium, and large businesses.SummaryFor additional information, refer to these Cisco.com resources:“Cisco Security Intelligence Operations,” “Cisco 5500 Series Adaptive Security Appliances,”
Các file đính kèm theo tài liệu này:
- chapter_7_planning_a_threat_control_strategy_064.pptx