global vision. local knowledge. - cisco - global home page€¦ · milan mesići josip strmečki...
TRANSCRIPT
Cisco Connect DubrovnikCroatia • 28.03.2019.
Global vision.
Local knowledge.
Milan Mesić i Josip Strmečki
automatizirajte sigurnost i zaustavite prijetnje
pxGrid
Problem s API-ima
I have NBAR info!I need identity…
I have firewall logs!I need identity…
I have sec events!I need reputation…
I have NetFlow!I need entitlement…
I have reputation info!I need threat data…
I have MDM info!I need location…
I have app inventory info!I need posture…
I have identity and device-type!I need app inventory and vulnerability…
I have application info!I need location and auth-group…
I have threat data!I need reputation…
I have location!I need identity…
SIO
We need to share data
Rješenje
50+ integracija
• Application Protection: Arxan, DB Networks
• SIEM and Analytics: HanSight, Hawk*, Huntsman*, LogRhythm*, Micro Focus NetIQ*, Splunk*, TripWire*, IBM-Qradar, Secureonix
• CASB: Elastica*, NetSkope, Skyhigh• Deception: Attivo, illusive*, TrapX*
• Endpoint and Custom Detection: Invincea*, Redshift*, ThreatTrack, CloudPost Networks***, McAfee DXL, TriagingX
• Firewall and Policy Management: Bayshore*, Check Point, InfoBlox*, Intelliment, Cisco FMC*
• Forensics and IR: Cisco Cognitive Threat Analytics*, Lumeta, Endace, Cisco Stealthwatch*, Lemonfish*, TripWire*, WireX Systems
• IAM/SSO: Ping Identity, Secureauth*, Situational• Other: Cisco WSA, Ark NSS****, Cisco ISE PIC• Threat Intelligence: Infocyte*• UEBA: E8*, Exabeam*, Fortscale*, Niara, Greenlight****• Vulnerability Management: Rapid 7*, SAINT*, Tenable*,
Tripwire*
s&t Firewall Management
Tools
VulnerabilityManagement
Forensics and IR
SIEM &Analytics
IAM & SSO
Net/App Performance
UEBA
Cisco ISE
Application
Protection
CASB
Endpoint & Custom
Detection
Rapid Threat Containment (RTC)
EMM/MDM
?
pxGrid
Solutions* Rapid Threat Containment, ** Regulatory and Compliance Solution***IoT, ****Regulatory and Compliance
s&t Firewall Management Tools
Deception
firewall ACL policy analiza i optimizacija
fleksibilno i skalabilnost za sve tipove konfiguracijskih logika pojedinih vendora
rezultat usklađen točno onome što korisnik želi
fw opti KONVERZIJA OPTIMIZACIJA TESTIRANJE
firewall ACL policy analiza i optimizacija
fleksibilno i skalabilnost za sve tipove konfiguracijskih logika pojedinih vendora
rezultat usklađen točno onome što korisnik želi
fw opti KONVERZIJA OPTIMIZACIJA TESTIRANJE
Rule Source Destination Service Action
12 NET_A HOST_1 SNMP ACCEPT
13 HOST_12 HOST_2 SNMP ACCEPT
…
4345 NET_A HOST_2 SNMP ACCEPT
4346 HOST_11 HOST_1 SNMP ACCEPT
4347 NET_A HOST_3 SNMP ACCEPT
…
7642 HOST_11 HOST_2 SNMP ACCEPT
7643 HOST_12 HOST_1 SNMP ACCEPT
…
11523 HOST_12 HOST_3 SNMP ACCEPT
Source Destination Service Action
NET_A, HOST_12
HOST_1, HOST_2, HOST_3
SNMP ACCEPT
HOST_11 HOST_1, HOST_2
SNMP ACCEPT
• produkcijski bazirani promet
• detaljno testiranje mission-critical firewallkonfiguracija
• koristi se i unaprjeđuje u kontinuitetu od 2012 u ISP, Banking, Retail, …
fw tester
tools + pxGrid
Device connects to
the network
Authentication Request
Limited Access + ‘VA Scan’ flag
Syslog: Event LogScan request for endpoint IP address
Vulnerability scanning
Endpoint’s CVSS
(Vulnerability Score)
COA
Change of Authorization
(Full or Quarantine access)
Vulnerability attributes
ENDPOINT NETWORK DEVICE MNT PSN VULN SCANNER
TC-NAC
Queue requests
pxGridispod haube
Publish – Subscribemodel
Provider + Consumer
Control plane: HTTP REST (RepresentationalState Transfer)
Data plane:STOMP overWebsocket+ REST
CheckpointpxGridintegracija
Komponentesustava
• Checkpoint gateway R80.20
• Checkpoint identity collector
• CISCO ISE 2.4
• Microsoft windows server 2012R2 (domain-controller)
CP + pxGrid
• Integracija:ISE <-> ADmapiranje IP <-> korisnik
CP + pxGrid
• Integracija:ISE <-> CP ICdijeljenje mapiranja
CP + pxGrid
• Integracija:ISE <-> CP ICdijeljenje mapiranja
CP + pxGrid
Cisco INDuse case
Cisco IndustrialNetwork Director
Integracija pxGrid
Kako napravitipxGrid publisherai subscribera
Kreiranje klijenta
Aktivacija klijenta
Odobravanje klijenta na Cisco ISE
Registracija custom servisa
Pregled aktivnosti u Cisco ISE - Publisher
Pregled aktivnosti u Cisco ISE – Publisher + Subscriber
Subscribe to service - Consumer
Dobivanje poruke - Consumer
GetHealths REST primjer
GetUserGroups REST primjer
pxGrid – automatizirajte sigurnost i zaustavite prijetnje