global vision. local knowledge. - cisco - global home page€¦ · milan mesići josip strmečki...

Cisco Connect DubrovnikCroatia • 28.03.2019.

Global vision.

Local knowledge.

Milan Mesić i Josip Strmečki

automatizirajte sigurnost i zaustavite prijetnje

pxGrid

Problem s API-ima

I have NBAR info!I need identity…

I have firewall logs!I need identity…

I have sec events!I need reputation…

I have NetFlow!I need entitlement…

I have reputation info!I need threat data…

I have MDM info!I need location…

I have app inventory info!I need posture…

I have identity and device-type!I need app inventory and vulnerability…

I have application info!I need location and auth-group…

I have threat data!I need reputation…

I have location!I need identity…

SIO

We need to share data

Rješenje

50+ integracija

• Application Protection: Arxan, DB Networks

• SIEM and Analytics: HanSight, Hawk*, Huntsman*, LogRhythm*, Micro Focus NetIQ*, Splunk*, TripWire*, IBM-Qradar, Secureonix

• CASB: Elastica*, NetSkope, Skyhigh• Deception: Attivo, illusive*, TrapX*

• Endpoint and Custom Detection: Invincea*, Redshift*, ThreatTrack, CloudPost Networks***, McAfee DXL, TriagingX

• Firewall and Policy Management: Bayshore*, Check Point, InfoBlox*, Intelliment, Cisco FMC*

• Forensics and IR: Cisco Cognitive Threat Analytics*, Lumeta, Endace, Cisco Stealthwatch*, Lemonfish*, TripWire*, WireX Systems

• IAM/SSO: Ping Identity, Secureauth*, Situational• Other: Cisco WSA, Ark NSS****, Cisco ISE PIC• Threat Intelligence: Infocyte*• UEBA: E8*, Exabeam*, Fortscale*, Niara, Greenlight****• Vulnerability Management: Rapid 7*, SAINT*, Tenable*,

Tripwire*

s&t Firewall Management

Tools

VulnerabilityManagement

Forensics and IR

SIEM &Analytics

IAM & SSO

Net/App Performance

UEBA

Cisco ISE

Application

Protection

CASB

Endpoint & Custom

Detection

Rapid Threat Containment (RTC)

EMM/MDM

?

pxGrid

Solutions* Rapid Threat Containment, ** Regulatory and Compliance Solution***IoT, ****Regulatory and Compliance

s&t Firewall Management Tools

Deception

firewall ACL policy analiza i optimizacija

fleksibilno i skalabilnost za sve tipove konfiguracijskih logika pojedinih vendora

rezultat usklađen točno onome što korisnik želi

fw opti KONVERZIJA OPTIMIZACIJA TESTIRANJE

firewall ACL policy analiza i optimizacija

fleksibilno i skalabilnost za sve tipove konfiguracijskih logika pojedinih vendora

rezultat usklađen točno onome što korisnik želi

fw opti KONVERZIJA OPTIMIZACIJA TESTIRANJE

Rule Source Destination Service Action

12 NET_A HOST_1 SNMP ACCEPT

13 HOST_12 HOST_2 SNMP ACCEPT

…

4345 NET_A HOST_2 SNMP ACCEPT

4346 HOST_11 HOST_1 SNMP ACCEPT

4347 NET_A HOST_3 SNMP ACCEPT

…

7642 HOST_11 HOST_2 SNMP ACCEPT

7643 HOST_12 HOST_1 SNMP ACCEPT

…

11523 HOST_12 HOST_3 SNMP ACCEPT

Source Destination Service Action

NET_A, HOST_12

HOST_1, HOST_2, HOST_3

SNMP ACCEPT

HOST_11 HOST_1, HOST_2

SNMP ACCEPT

• produkcijski bazirani promet

• detaljno testiranje mission-critical firewallkonfiguracija

• koristi se i unaprjeđuje u kontinuitetu od 2012 u ISP, Banking, Retail, …

fw tester

tools + pxGrid

Device connects to

the network

Authentication Request

Limited Access + ‘VA Scan’ flag

Syslog: Event LogScan request for endpoint IP address

Vulnerability scanning

Endpoint’s CVSS

(Vulnerability Score)

COA

Change of Authorization

(Full or Quarantine access)

Vulnerability attributes

ENDPOINT NETWORK DEVICE MNT PSN VULN SCANNER

TC-NAC

Queue requests

pxGridispod haube

Publish – Subscribemodel

Provider + Consumer

Control plane: HTTP REST (RepresentationalState Transfer)

Data plane:STOMP overWebsocket+ REST

CheckpointpxGridintegracija

Komponentesustava

• Checkpoint gateway R80.20

• Checkpoint identity collector

• CISCO ISE 2.4

• Microsoft windows server 2012R2 (domain-controller)

CP + pxGrid

• Integracija:ISE <-> ADmapiranje IP <-> korisnik

CP + pxGrid

• Integracija:ISE <-> CP ICdijeljenje mapiranja

CP + pxGrid

• Integracija:ISE <-> CP ICdijeljenje mapiranja

CP + pxGrid

Cisco INDuse case

Cisco IndustrialNetwork Director

Integracija pxGrid

Kako napravitipxGrid publisherai subscribera

Kreiranje klijenta

Aktivacija klijenta

Odobravanje klijenta na Cisco ISE

Registracija custom servisa

Pregled aktivnosti u Cisco ISE - Publisher

Pregled aktivnosti u Cisco ISE – Publisher + Subscriber

Subscribe to service - Consumer

Dobivanje poruke - Consumer

GetHealths REST primjer

GetUserGroups REST primjer

pxGrid – automatizirajte sigurnost i zaustavite prijetnje