Cisco FirePOWER / Sourcefire Overview - Todd Lammle Training Series

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in this video we're going to take a look at the Cisco fire power show coming up on i.t Pro TV now if you haven't heard of fire power it's a pretty exciting product one that we're jazzed about and I know I'm especially excited because we got a special guest in the studio to help us with this show we've got a consultant author all-around knowledgeable Cisco guy mr. todd lammle are you celebrating the release of his new book on cisco source fire slash fire power with advanced fire site management it's quite the mouthful but it is quite a good read we've got Todd Langley here in the studio I know I'm excited Todd thank you for being with us fantastic very great to be here and we have the most exciting product that Cisco's released in years right so cisco bought source fire a couple years ago and you know lots of money right they've invested a lot of money and we're going to see this product in pretty much their whole their whole range from I saw routers we certainly they have on the ASA's now and that's where I work mostly with them but they also have the appliances but we're going to see this on they're going to pretty much push this out on all products because this is such a phenomenal security product I want to say right now that I get excited about it I want to make sure you understand I don't work for Cisco I don't speak for Cisco and they are not paying me boy I wish they were but they are not so I get excited about I do a lot of consulting I do a lot of training with it you know I've got I've got other consulting jobs but on the security front this is the most exciting product I've seen in years and it works phenomenal really what it is it's snort right so we've got the power of snort with a intuitive GUI on top when we go ahead and take a look at that and I'll show you some of the power what we're going to go through in our series here so nonetheless here we are looking at something called a fire site management center or also referred to as the defense center and I refer to it as a lot as an old-school guy but the fact is is we're looking at here and this doesn't really create skin you don't really want to see this screen at work because this is a lot of attacks that occuring so this is a demo and basically it's saying hey we're attacking this constantly right those red lines are my tax blues my data and you know it more look like let me show you a real network that I'm working on here it more like something like this right our tax we don't have very many and our ideas is you know something like this in this case here because we're doing a demo we want to see a lot of attack so we can play with it and see what's going on in this case here I'm going to come down here and I say look I've seen malware in yes do you think no where's important that don't I I don't think so Todd I mean oh yeah I'm on a Mac right so I'm malware problems doing I don't think so but I did see put in your credit card earlier so you can get your files back absolutely yeah it said I was encrypted I didn't want that right yeah and well you know what would but don't you think he you should have called the FBI well you you know our taxpayer dollars do go to them to help us out of situations like that or are you you hinting at the fact that they don't do that well I don't I don't know I I saw something in on the news the other day and I was like well I find this fascinating so let's go ahead and take a look at what the FBI thinks about malware or I'm sorry in nowhere and what comes in malware something called ransomware this is just a piece of it isn't it and in this ransom or what does the FBI say in here the FBI says well if you read through the article they say well if everyone just pays the ransom the prices are coming down because so many people are paying it and it's easier than trying to pay it's less expensive then send it out to a repair shop to try to get your files back so you know he just paid his 89.95 and he got his files unlocked we were sitting here so is malware important sure it is because if this happened to you in your corporation what do you I mean they could be charging hundreds of thousands of dollars and you know you just think about it was what just a few months ago that Sony Pictures yeah got involved in this where all of their machines got locked down you had a whole company that the motion picture side of it was basically out of business for weeks before they managed to recover from that imagine that happening to your company the amount of money you would lose by having that offline yeah wouldn't it be nice if we could stop that before it even happen and that's just a feature of this and it's it's the best product for malware in the world so viruses and Trojans certainly might be a problem they're nothing compared to what malware can give us and malware comes in very small packages and so I mean they can be on apps they're very very small I've seen some really small ones I was looking at the other day but nonetheless so we can come here and we can see malware and let me go right to a screen that shows some some malware here I think I put it where did I put it right here and this is showing on this dental screen again if your work looks like this you guys got a problem but nonetheless I can come in here and say here's my malware and and and again we're determining the file disposition through this product by sending something called an amp cloud advanced malware protection cloud at Cisco and they basically give us a file disposition and they came back and said hey this is bad right and they're telling us this file came back with a high threat score so go ahead and click on this and now when we see this file and what this product will give us is what's called a trajectory in other words when it got into your network where did it go so I mean this is just one of the features I'm just scratching the surface on what we're going to cover in this in our episodes right and this is going to show me you know where it's gone you know who would talk to you and you know the thing that gives me is I'm not going to go through that right now but I do this and they I'll do this in the episodes and the fact is is we'll look at the threat score and the report on it that came from what's called Talos right the sandbox nonetheless I can also download the file right so we can use in our own sandbox and so on and stuff like that but let's go back here and keep more of a big picture but the idea was is malware is a serious issue this is a very serious product and at can other companies do a lot of this the other companies can and and and again I'm not going to pick another companies like you got Palo Alto and McAfee and a lot of people use these in their fine products that's not what makes that this one sing above them what makes them this product seeing above your other products and I'll pick on Palo Alto in this case for Palo Alto because I go out to a lot of companies they're like why should I buy this over Palo Alto because that's what about we were about to buy and I'll show them why because you've got like at least nine administrative interfaces with polyps to do the same thing that we're doing here and it can't do it quite as well not only that you don't to have any correlation between events so now we have this single interface this phenomenal intuitive GUI that can help us use our snort rules to our advantage stop malware do URL filtering you know and create lots more security all on one screen with correlation between events you got some reporting that's a pretty big deal right so we've got all this stuff that can occur with this one piece of management and so again if you're looking at other products say hey I want to see one administrative interface for all of these I don't want this siloed approach where I have you know appliance appliance appliance appliance VPN concentrators routers switches and all this in this case here we've got our a sa you can have an appliance as well but the a sa is a phenomenal product to run this on and what it does is it gives us our routing switching VPN and and all that other stuff that we all know that an a sa does but now we have the power or what we call fire power right so fire power the term is very important to understand here dawn because it's used a couple different ways this was created by source fire before Cisco bottom and fire power came out and it really defines the power of the next generation IPS next generation firewall and then it just sounds cool as a marketing term because and so I don't show it here but with the fire power yeah the where the power is all capitalized I think you're going to see that going away so now that Cisco's got it when you run in an a sa with this product on it the actual term they call it as fire power module right and is that the case I don't know you know I guess you know so it's really hard for me to define all these terms they seem to change a lot as I was writing the book I kind of just gave up and says I'm going to call the fire site management center to the fence center and just kind of stick with it but there's also another term called fire site this is a very powerful technology so we see things like fire power fire site and they had a technological definition and now they're kind of a lot of marketing so you actually probably saw it said fire power with fire side administration right what does that mean with the fire power again is our our power of the next generation IPS and the fire site is a it's actually a passive technology that you know scans our networks and gathers information not users hosts and data and it's in applications it's a very powerful tool I love fire site and so we will go in that in-depth into these series right in a fire site and how fire power works and all that take a little bit more we won't spend a lot more time and taking your time but I want you guys to understand how great to this product actually is and what it can do for your corporation and now there's yet another term so we've got wealth source fire right and that term is pretty much going away we see it still a lot but it's going to be just Cisco right and then we've got fire power and that's the power again as I mentioned of the next-generation IPS next-generation firewall it runs on our managed devices and our defense remember our managed devices RNAs a with fire power they are a and appliance that's running this and then we all get all our vents and correlation back at the defense in a fire site management center the duty I've showed you there's another term called fire site and what this is is a passive technology that runs in the background gathering information and host users and applications and it connects to our LDAP and so now we can so basically we can put a name and a user to an IP address of an of that very cool powerful technology and we'll spend a lot of time on that when we go through the episodes that me saying there's a yet another term right fire in and who knows where these terms are going to end up but the fact is fire amp sends advanced malware protection there's two types there's a network base and a host base and we'll talk about that during the episodes as well malware is a big piece of this right and it is a separate license write everything separate just go figure it out this hey we're not going to buy this project and give me this license forever we want you to pay for us every year right or every three years so no let's let's go back and take a look at the power of the you know correlating events and putting everything together in one nice intuitive GUI right I'm going to come down here these are our top 15 attacked hosts so we get right there and you know I can go here and let's say that I see this host I know it's a problem I can blacklist it from here I can just right-click blacklist boom done right stuff like that adds things to what's called in Security Intelligence I have my whitelist I have my blacklist and I basically can add and take things out of there and and and make my network safer so help me stop a zero to attack now speaking of zero day attacks this is called an indication compromise this was the first known product a couple years ago where an attack occurred a zero-day attack occurred and these indications of compromised tell me something changed on hose so we kind of benchmark these hosts and understand what's going on and firesides paying attention and that will send something changes and we're seeing this pop-pop-pop-pop of these indications of compromise it kind of looks something like this which is pretty scary and the fact is is then we were able to just go over there and blacklist the source and stop that zero-day attack it was the first recorded stop of a zero-day attack right away I'm sure it's happening more now but it was very kind of cool anyways so nonetheless we can look at malware and I can drill down and here notice I can drill down to analysis on here I can I can go look at it and find out the hosts and information alright that's how that's all some pretty impressive stuff and I know we talked before the show a little bit when something's impressive and complex it's not normally designed for small environments and so who's really the target audience for the product and who's the target audience for the show right like what kind of person what kind of company would be deploying this yeah and that's a great question and this is what Cisco was able to take that source fire was not able to do and put this on even down to their Soho products you know like the smallest asao 5506 axe that's the the lowest model you can get which is it really relatively inexpensive but again that would be real Soho small office home office maybe a dozen users write something with this on here you got remember this is going to add overhead to your network but we can go all the way up through the 5585 s and get some serious power and if you need more throughput in more power now we can go from Soho all the way to the most advanced data centers in the world excellent so if you find yourself in that environment you're working for a company you know a small medium large business small business you can pull it off at the 5500 Six's that's really branch office kind of sited where you see that so yeah maybe a 5512 or you know 55 15 or 25 or something like that again I was just making an analogy I hey you can go all the way down and it is going to be running on routers right or RSI routers we mentioned and it goes all the way up to like they've got the dedicated appliance I can't remember the model number for it but it's going to go through their 3d models there yeah so just add an extra couple zeroes to your P oh yeah you can have that too so it can you know very powerful networks and give you a level security you couldn't necessarily achieve before now if that sounds exciting to you it should it's really model stuff and you're in the right place so stay tuned we've got firepower episodes coming up and we'll get a chance to see all of this in action and how you can use it in your environment if it doesn't sound right for you no big deal there we've got plenty of other content in the course library be sure to check that out but if you're looking for firepower stay tuned it's coming up next

Info

Channel: Todd Lammle

Views: 46,397

Rating: undefined out of 5

Keywords: sourcefire, firepower, cisco, itpro.tv

Id: rki3Zayql4s

Channel Id: undefined

Length: 13min 41sec (821 seconds)

Published: Sun Jan 03 2016