Security Presentation Terms Flashcards

1
Q

Firewalls

A
  • ASA (5500 seieres)
  • Firepower Series (2100, 4100, and so on)
  • Meraki MX series
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

IPS

A

Intrusion Prevention System -> Feature on Firewall

An IPS will look for things on the firewall that look suspicious like a bad actor that is scanning for open ports on the firewall looking for a way into the organization and block that from happening

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

URL/Content Filtering

A

Feature on Firewall

Based on URL address a website is categorized into a specific category and policies can be created to permit or deny access to those categories. You can also do it with an individual website to block some specific website. If we want to block things like gambling or pornography or any of the common categories, URL filter can do that very effectively

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

AMP

A

Advance Malware Protection -> Feature on Firewall

AMP will look at the files that are actually coming in and determine whether they are known to be good or bad. Know good files are, of course, let in and bad files are, of course dropped.

But the unknown are also allowed in as to not to interfere with daily business. But copies of those are sent up to a Sandbox area called the ThreadGrid cloud. There are a bunch of virtual machines in the sandbox area, those files are open and executed and determined, by running them, whether they are malicious or not. That file disposition of good or bad is then returned to the device that is running AMP. And that file, if it’s bad is blocked from that point forward and an alert is generated to let the administrator know where that file was delivered and where that might be in their enviroment so it can immediately be cleaned up or remediated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

WSA

A

Web Security Appliance

The WSA protects against malicious threats before they reach an endpoint. Similar to a FW, it can do content filtering which can help take some of the load off of the firewall and a second line of defense if something passes the FW.

Example: Let’s say an endpoint makes a web request, to a malicious site. With WSA, that request goes to WSA, the session terminates, and the WSA generates a new session makes the request on behalf of the endpoint, gets the response back, and then forwards that response back to the endpoint. Being that middle person that proxy server allows for an added layer of protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

ESA

A

Email Security Appliance

ESA filters all inbound and outbound email traffic. Known malicious emails are blocked before it enters the network. ESA has the ability to track users that have clicked on a malicious URL

Example: ESA can be run on-prem or in the cloud. It will take email that is incoming for the company and instead of sending it directly to the email server, it gets sent to the email appliance. Any spam or malicous email is removed… the remaining good content then gets delivered to the email server for processing. this can significantly lightens the burden on the email server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Anyconnect VPN

A

Now lets talk about security for our remote users. Remote users can connect back to the corporate network through AnyConnect VPN. Anyconnect is a virtual private network that creates a secured encrypted tunnel from the endpoint through the internet back to the corporate firewall or router.

That provides the same protection that you would have within the network. The web traffic will go through the firewall and back through the VPN tunnel.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Umbrella

A

Offers protection on the DNS level.

For our remote users, lets say they are busy and forget to VPN in, They are now off the corporate network and all the robust security tools, how are they protect, or are they? That’s where Umbrella comes in. Umbrella can provide web filtering, as it’s a service in the cloud. So when ta user sends their request to send for information that goes through the umbrella cloud and then they are either permitted or denied
So when they send their request to send for information that goes through the umbrella cloud and then they are either permitted or denied. If they do happened to get something on their machine, we can also run AMP for EP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

ISE

A

Identity Services Engine

This is going to look at WHO is connecting, WHAT device they are using, WHERE they are connecting from, WHEN.

  • Example: If it is a corporate user, then The Who might be checked, if it is a corporate device, What would be checked, if they are on an allowed source and time then they are going to be allowed into the network and to the resources they need. But lets say it is a guest user, we don’t know who they are, we don’t know what their device is, if that is the case then we will put them into an isolated virtual network that goes to the internet and not give them access to anything internal servers or resources. ISE can also integrate with things like AMP. Say you have a user that, or a device that gets malicious file on it and it is a risk, ISE can quarantine them from the network and block them off whatever switch they are connected to until that file gets striped off. So those products will work together very nicely.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

DUO

A

Two Factor Authentication & Zero Trust Security

n addition to ISE, we have DUO that will provide multi-factor authentication so a user knows their username, they know their password, DUO gives them that added layer where they have physical token. So their is something they know and something they posses. Aside from a physical token, your phone can be your token. Very simple and easy to use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Stealthwatch

A

Another step we take to secure the interior of our network is by using Stealthwatch. Stealthwatch provides a layer of visibility by collecting data about what is happening on the network.

  • Example: So users send information back and forth, they connect to servers, they go to the internet, they do it at certain times of the day, and there are patterns. Stealthwatch will collect that. It doesn’t collect user info, just looking at where the data is going and how much of it is going and who the people are that are sending it. So once it’s taken that baseline of normal information when something happens that is outside the norm, like a user connects at 3am and sends a terabyte of data to Russia… we cn flag that and say that looks abnormal. Either that user is acting badly and problem needs to be address or we’ve been hacked or something like that. That gives the ADMIN the information they need to go and stop those problems.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

CloudLock

A

Cloudlock secures your cloud users, data, and 3rd party applications from compromises and data breaches.

  • Example: Now there are many clouds added into the world, their isn’t just he internet or stealth watch cloud, there are many SaaS applications corporations use very commonly. What happens in those situations where users are storing data in public clouds Dropbox or Box or Offie 365 or SFDC… their connecting directly to these applications a lot, even from a remote locations, not going through a firewall.. they are sending data from wherever they are to these applications. We have controls that we need to put in place on what kind of data gets sent there, whats done with the data while sits there. To protect it while its in these public clouds we can use Cloud lock to monitor and enforce the correct policies on customer data that is stored on public clouds.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

TALOS

A

Now to keep all this information up-to-date and to make sure the latest information always on all of our devices with AMP and the categorizations of our URLs and our customers that are using Umbrella.. that are all kept up to date… we have TALOS overseeing all of that.

So this is and added benefit to any security product our customer buy. This is something that comes as part of those products, so it’s not additional service or subscription that customers need to subscribe to.. it’s just and added bonus. We see the most data more than any other security vendor in the world. We have the biggest baseline of information to use to evaluate what needs to be updated and where the malware and ran somewhere exist.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

WannaCry- Protection from Ransomeware

A

WannaCry #s

  • Ransomeware attack targeting windows OS
  • block usage by encrypting files at a ransome
  • 200,000+ victums
  • 300,000+ machines inpacted
  • demanding 300-600$ per machine (90mil)

Email -> AMP ESA protect from phising and malicious links
AMP4EP -> malicious files on the machine/ep
Umbrella -> malicoius sites

How well did you know this?
1
Not at all
2
3
4
5
Perfectly