Cisco Next-Generation Security Solutions

Omar Santos, CISSP No. 463598, Principal Engineer of the Cisco Product Security Incident Response Team (PSIRT), leads engineers and incident managers in investigating and resolving Cisco product vulnerabilities. He has held IT and cybersecurity positions for 20 years, and has designed, implemented, and supported secure networks for enterprises and the U.S. government. Formerly technical leader within the Cisco World Wide Security Practice and TAC, he has led industry-wide initiatives to harden critical infrastructure. He is the author of several books including Cisco ASA, CCNA Security, NetFlow, and many other cyber security topics. Panos Kampanakis, CCIE No. 28561, CISSP No. 367831, is a Technical Marketing Engineer in the Cisco Security and Trust Organization (S&TO). Kampanakis has extensive experience with cryptography, security automation, vulnerability management and cyber security. He presents on security at Cisco Live, participates in standards bodies to provide interoperability for security information sharing, cryptography and PKI; and works with the Cisco PSIRT to mitigate vulnerabilities. His interests include next-generation and post-quantum cryptography, cryptographic interoperability, and IoT security. Aaron Woland, CCIE No. 20113 , Principal Engineer in the Cisco Security Business Group, works with Cisco’s largest customers. He specializes in secure access and identity deployments with ISE, solution enhancements, standards development, and futures. An inaugural member of Cisco Live’s Hall of Fame for Distinguished Speakers, he is a Network World security columnist, and holds GHIC, GSEC, Certified Ethical Hacker, MCSE, VCP, CCSP, CCNP, and CCDP certifications. His books include Cisco ISE for BYOD and Secure Unified Access.

Introduction

Chapter 1 Fundamentals of Cisco Next-Generation Security

The New Threat Landscape and Attack Continuum

Cisco ASA 5500-X Series Next-Generation Firewalls and the Cisco ASA
with FirePOWER Services

Cisco Firepower Threat Defense (FTD)

Next-Generation Intrusion Prevention Systems (NGIPS)

Firepower Management Center

AMP for Endpoints

AMP for Networks

AMP Threat Grid

Email Security Overview

Web Security Overview

Cisco Identity Services Engine (ISE)

Cisco Meraki Cloud-Managed MDM

Cisco Meraki Cloud-Managed Security Appliances

Cisco VPN Solutions

Summary

Chapter 2 Introduction to and Design of Cisco ASA with FirePOWER Services

Introduction to Cisco ASA FirePOWER Services

Inline versus Promiscuous Mode

Cisco ASA FirePOWER Management Options

Cisco ASA FirePOWER Services Sizing

Cisco ASA FirePOWER Services Licensing

Cisco ASA FirePOWER Compatibility with Other Cisco ASA Features

Cisco ASA FirePOWER Packet Processing Order of Operations

Cisco ASA FirePOWER Services and Failover

Cisco ASA FirePOWER Services and Clustering

Deploying the Cisco ASA FirePOWER Services in the Internet Edge

Deploying the Cisco ASA FirePOWER Services in VPN Scenarios

Deploying Cisco ASA FirePOWER Services in the Data Center

Firepower Threat Defense (FTD)

Summary

Chapter 3 Configuring Cisco ASA with FirePOWER Services

Setting Up the Cisco ASA FirePOWER Module in Cisco ASA 5585-X Appliances

Setting Up the Cisco ASA FirePOWER Module in Cisco ASA 5500-X Appliances

Configuring the Cisco ASA to Redirect Traffic to the Cisco ASA FirePOWER Module

Configuring the Cisco ASA FirePOWER Module for the FMC

Configuring the Cisco ASA FirePOWER Module Using the ASDM

Firepower Threat Defense

Summary

Chapter 4 Troubleshooting Cisco ASA with FirePOWER Services and Firepower Threat Defense (FTD)

Useful show Commands

Useful ASA Debugging Commands

Summary

Chapter 5 Introduction to and Architecture of Cisco AMP

Introduction to Advanced Malware Protection (AMP)

Role of the AMP Cloud

Doing Security Differently

The Cloud

Private Cloud

Installing the Cisco AMP Private Cloud

Summary

Chapter 6 Cisco AMP for Networks

Introduction to Advanced Malware Protection (AMP) for Networks

Summary

Chapter 7 Cisco AMP for Content Security

Introduction to AMP for Content Security

Content Security Connectors

Configuring Cisco AMP for Content Security

AMP Reports

Summary

Chapter 8 Cisco AMP for Endpoints

Introduction to AMP for Endpoints

What Is AMP for Endpoints?

Connections to the AMP Cloud

Outbreak Control

The Many Faces of AMP for Endpoints

AMP for Windows

AMP for Mac

AMP for Linux

AMP for Android

Installing AMP for Endpoints

Proxy Complications

Using the Cloud Console

Summary

Chapter 9 AMP Threat Grid: Malware Analysis and Threat Intelligence

Cisco AMP Threat Grid

Cisco AMP Threat Grid Cloud Solution

Cisco AMP Threat Grid On-Premises Appliance

Summary

Chapter 10 Introduction to and Deployment of Cisco Next-Generation IPS

NGIPS Basics

NGIPS Deployment Design Considerations

NGIPS Deployment Lifecycle

Summary

Chapter 11 Configuring Cisco Next-Generation IPS

Policy

Snort Rules

Performance Settings

Stack/Cluster

Summary

Chapter 12 Reporting and Troubleshooting with Cisco Next-Generation IPS

Analysis

Troubleshooting

Summary