Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sizing …today. T: Here’s how. <Click>.

Published byCamron Matthews Modified over 6 years ago

Similar presentations

Presentation on theme: "Sizing …today. T: Here’s how. <Click>."— Presentation transcript:

1 Sizing …today. T: Here’s how. <Click>

2 NGIPS High Level Design
Industry-best intrusion prevention Real-time contextual awareness Full stack visibility Intelligent security automation with Cisco FireSIGHT™ Superior performance and scalability From branch office to data center 18 models; 50 Mbps – 60 Gbps Easily add (with optional subscription licenses) Advanced Malware Protection Application Visibility and Control (AVC)* URL Filtering Cisco FirePOWER NGIPS sets a new standard for advanced threat protection. It delivers industry-leading intrusion prevention capabilities to prevent malicious activity at all layers of the application stack and throughout the entire attack lifecycle – before, during, and after attack. Cisco’s patented FireSIGHT technology provides real-time contextual awareness to passively discover your dynamic network environment. It then correlates that information to automatically assess the impact of security events on your environment and to recommend the protections you should put in place to address your network’s vulnerabilities. Not only that, FirePOWER Appliances deliver best-in-class throughput and connection performance and scale that will address all of your network requirements. The FirePOWER NGIPS solution also delivers agile performance through a purpose-built, single-pass design – making it easy to extend your next-generation security protections for an ever-changing threat landscape thru add-on subscription licenses for Application Control, URL Filtering, and Advanced Malware Protection. * AVC comes by default with ASA with FirePOWER Services

3 NGIPS High Level Design
Appliances usually sit behind a firewall in transparent inline mode with link state propagation enabled Alternatively, FirePOWER appliances can subsume basic firewall capabilities and run in a bridged or routed mode Perimeter Appliances will often sit in a listen only mode off of a trunk port, profiling all data center traffic They may also, and often in conjunction with the passive mode, sit inline between each layer of the data center – all of these functions can be provided by a single appliance, stack, or cluster for simplified management and overhead Data Center While Threat discovery is often desirable everywhere it can be placed, it is often too expensive to deploy everywhere. However, it is a common option to simply enable FirePOWER appliances to only run the FireSIGHT discovery technologies to provide profiling as close to protected assets as possible (and detect changes to network topology that may indicate compromise) Branch or wiring closet

4 NGIPS High Level Design
Performance: How to measure and Why it matters? Sizing: Which device do I need to buy? Upgrade of existing or new device? Features: What features am I going to need or want to run? Firewall, IPS, Application Control, URL, Malware, Security Intelligence, Custom rules, etc.? Location: Where is the device in the network? In front of a DNS only datacenter with millions of very small very fast transactions or in front of HTTP web servers serving normal web pages? Datacenter looking at only internal traffic or Internet Edge looking at the wild Internet? As with all performance discussions, YOUR MILEAGE MAY VARY!!

5 How to measure? Datasheets generally have some indication of performance. In most cases this includes the infamous “throughput” measurement. Different product spaces have different typical “throughput” tests. The firewall industry almost always publishes a max throughput number, usually based on a traffic type that is never helpful in determining sizing of the product. UDP 1518 byte packet size is fairly common. The IPS industry has generally been more conservative about throughput estimates on their datasheets, partly because their performance range is much more variable than firewalls, and partly because of industry choice. TCP 440 byte HTTP is fairly common.

6 NGIPS throughput in mbps
ASA with FirePOWER Services models:

7 NGIPS throughput in mbps
Standalone FirePOWER models:

8 NGIPS throughput mbps Standalone AMP FirePOWER models:

Download ppt "Sizing …today. T: Here’s how. <Click>."

Similar presentations

FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Preview of Cisco New Low-End ASA 5500-X Appliances - Cisco ASA 5506-X & 5508-X Your name Your team Date.

Preview of Cisco New Low-End ASA 5500-X Appliances - Cisco ASA 5506-X & 5508-X Your name Your team Date.
FirePOWER Services for ASA Sizing Guidance and Performance Discussion

FirePOWER Services for ASA Sizing Guidance and Performance Discussion
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Computer Networks IGCSE ICT Section 4.

Computer Networks IGCSE ICT Section 4.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.

Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Barracuda Load Balancer Server Availability and Scalability.

Barracuda Load Balancer Server Availability and Scalability.
Using Windows Firewall and Windows Defender

Using Windows Firewall and Windows Defender
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
CS3502: Data and Computer Networks Local Area Networks - 4 Bridges / LAN internetworks.

CS3502: Data and Computer Networks Local Area Networks - 4 Bridges / LAN internetworks.
Web Application Firewall (WAF) RSA ® Conference 2013.

Web Application Firewall (WAF) RSA ® Conference 2013.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
NETWORK COMPONENTS Assignment #3. Hub A hub is used in a wired network to connect Ethernet cables from a number of devices together. The hub allows each.

NETWORK COMPONENTS Assignment #3. Hub A hub is used in a wired network to connect Ethernet cables from a number of devices together. The hub allows each.

Similar presentations

Ads by Google