I pulled some workshop hosting duty trying to fill Jimmy Ray’s big orange shoes this morning. The subject is a great one -- Intrusion Prevention in the Data Center with an incredibly sharp engineer, Stijn Vanveerdeghem.  Stijn is one of those crazy smart security guys down in Austin, TX as he works with a bunch of old friends from the team of IDS experts we have there.

So much emphasis on the data center these days for obvious reasons and it makes sense that anytime we consolidate something valuable -- there is going to be an increase in creativity for how to get to it when your not supposed to.

We do these workshops as part of our TechWiseTV shows for their interactivity and the difference in the depth we can achieve.  A number of references were made as to other resources, shows we have done as well as published papers and studies.  I have included all the links we brought up below.

If you missed Stijn’s presentation or would like to go back and take better notes -- you can get to it at the same link you used to originally register OR I also highly recommend you bookmark ciscoworkshops.com

TechWiseTV Episodes referenced:

TWTV120 -- Defending the Data Center

Couple of notable segments within this show worth looking at here:

Clustering Technology with the 5585X

IPS 4500 Series

Episode 15, Firewall Reinvention with the ASA CX, is a good show throughout -- only one segment I will call out as a favorite however, a Master Class Jimmy Ray did on ‘Forensic Analysis.’ The differences between network device versus traditional computer forensics and network forensics best practices, why routers and firewalls aren’t the smoking gun, and how the Cisco Router Analysis Tool can help with your networking.

Fundamentals of IPS

Fundamentals of High End Firewalls

Couple of good pointers Scott Simkin lays out in his support of our workshop today -- thank you Scott.

The 2012 Verizon Data Breach Report (pdf)

Performance of the Cisco IPS 4300 and 4500 (Whitepaper, .PDF)

Global Correlation on Cisco IPS Sensors (Whitepaper, PDF)

IPS Tech Tips – Protecting Industrial Environments:

Cisco IPS Go page: http://cisco.com/go/ips

Thanks for watching!

Robb

@robbboyd

Tags: data center, IPS, security, TechWiseTV

Data sheet performance numbers are often used to make purchasing and deployment decisions for network devices. This is true for Intrusion Prevention Systems (IPS) as well. However, the nature of IPS is such that performance can vary greatly based on multiple factors, including the traffic mix seen at the IPS, signature tuning, and the software version in use. As a result, basing an IPS deployment purely on data sheet numbers is difficult. Cisco has demystified data sheet performance metrics for its IPS 4500 and IPS 4300 products via a detailed technical paper that walks the reader through each performance number.

Read More »

Tags: IPS, IPS performance, security

The past few weeks have had many on heightened alert from the initial threats to the ongoing attacks surrounding U.S.-based financial institutions; to say folks have been busy would be quite the understatement.

These events spawned a collaborative effort throughout the Cisco Security Intelligence Operations (Cisco SIO) organization, as depicted in the diagram below.

* Note: As Cisco products have not been found to be vulnerable to these attacks the Cisco PSIRT (Product Security Incident Response Team) provides feedback and peer-review, hence the reason that no Cisco Security Advisory (SA) is present for this activity.

Read More »

Tags: Attack, Cisco Security, DDoS, dns, DNS Server, intellishield, IPS, security, Security Intelligence Operations (SIO), targeted attacks

In this last part of this series I will discuss the top customer priority of visibility.  Cisco offers customers the ability to gain insight into what’s happening in their network and, at the same time, maintain compliance and business operations.

But before we dive into that let’s do a recap of part two of our series on Cisco’s Secure Data Center Strategy on threat defense. In summary, Cisco understands that to prevent threats both internally and externally it’s not a permit or deny of data, but rather that data needs deeper inspection. Cisco offers two leading platforms that work with the ASA 5585-X Series Adaptive Security Appliance to protect the data center and they are the new IPS 4500 Series Sensor platform for high data rate environments and the ASA CX Context Aware Security for application control.  To learn more go to part 2 here.

As customers move from the physical to virtual to cloud data centers, a challenge heard over is over is that they desire to maintain their compliance, security, and policies across these varying instantiations of their data center. In other words, they want to same controls in the physical world present in the virtual – one policy, one set of security capabilities.  This will maintain compliance, overall security and ease business operations.

By offering better visibility into users, their devices, applications and access controls this not only helps with maintaining compliance but also deal with the threat defense requirements in our overall data center.  Cisco’s visibility tools gives our customers the insight they need to make decisions about who gets access to what kinds of information, where segmentation is needed, what are the boundaries in your data center, whether these boundaries are physical or virtual and the ability to do the right level of policy orchestration to maintain compliance and the overall security posture.  These tools have been grouped into three key areas: management and reporting, insights, and policy orchestration.

Read More »

Tags: ASA-CX, Cisco ASA, cisco firewall, Cisco Security, cisco sio, Cisco UCS, cloud, data center, data center security, DC, firewall, Identity Services Engine, intrusion prevention, IPS, ISE, it security, netflow, network security, pci-dss, policy, security, server, threat defense, TrustSec, virtual, virtualization, VMDC

We had to dig further, past our initial meetings internally and determine what would make this particular story unique from previous ones we have told this year.  As it turns out, we had plenty of material to share but three really good shows done earlier, now provide great context for appreciating the innovation we talk about in this one.

Check out: Fundamentals of High End Firewalls, Fundamentals of Intrusion Prevention and (TechWiseTV 115) Firewall Reinvention with the ASA-CX

Tags: ASA, ASA 1000V, cloud, firewall, IPS, security, SGT, TrustSec, virtual