Contents In this chapter, we will • Evaluate the current state of enterprise security in the presence of evolving threats • Describe design considerations for a threat protection strategy to mitigate threats as part of a risk management strategy • Describe how Cisco strategizes threat control and containment
Trends in Network Security Threats The following is a list of the specific trends that can be gathered from the evolution of threats in information security: •Insidious motivation, high impact •Targeted, mutating, stealth threats •Threats consistently focusing on the application layer •Social engineering front and center •Threats exploiting the borderless network
Threat Mitigation and Containment: Design Fundamentals The result of the recent trends in information security threats is the need for an updated, carefully planned threat control and mitigation strategy, and a revision of old design paradigms.
• Policies and process definition • Mitigation technologies • End-user awareness
Threat Control Design Guidelines These new paradigms result in specific design guidelines for the threat control and containment architecture: • Stick to the basics • Risk management • Distributed security intelligence • Security intelligence analysis • Application layer visibility • Incident response
Cisco Threat Control and Containment Solutions Fundamentals Cisco Security Appliances • Cisco ASA • Hardware modules : Cisco catalyst 6500 ASA services module and
Cisco catalyst 6500 Firewall Services Module (FWSM) • Cisco IOS Firewall • Cisco Virtual Security Gateway (VSG) The different firewalls listed above implement various access control mechanisms for the new landscape of information security threats that are described in this module:
Cisco IPSs • Cisco IPS 4200 Series Sensors • Hardware Module : integrate into ASA, Catalyst 6500 and ISR • Cisco IOS IPS
These IPSs implement various intrusion management solutions for the new landscape of information security threats that are described in an upcoming chapter: • Rich set of detection mechanisms • Signatures • Anomaly detection • Normalization • Correlation
Summary The following are the main points conveyed in this chapter:
• Threat control and containment should distribute security intelligence, improve incident analysis and correlation, and respond automatically. • Cisco threat control and containment solutions provide multiple deployment options: appliance, hardware module, software based, and virtualized. • Cisco threat control and containment is a solution for small, medium, and large businesses.