In our Technologies Category I would like to talk about Cisco Next Generation Firewalls.
Last year , Cisco gained strength in next-generation firewalls via Sourcefire code.The official acquisition of Sourcefire by Cisco on October 2013, has allowed him to build a firewall unique its kind.
With this acquisition, Cisco has been able to expand its range and skills in security area. This approach is a vision of security that is to intervene before the attack, during the attack and After attack.
Cisco – SourceFire …
Cisco is historically known for his expertise on before the attack, this is the security access where Cisco excelled for many years, while SourceFire is rather an expert after the attack, Forensic, the detection of intrusion, the management of security events. So the fusions of two companies in terms of skills and technology solutions provide completeness that can provide new solutions related to the attacks.
There’s 10 years it was used firewalls that were intended to open and control ports because of attacks of the protocols types. But hackers have moved quickly their interest to take part of application vulnerabilities to launch attacks, so we started talking about Application Firewall , Next-Generation Firewall.Today almost all the attacks are carried through illegal and authorized applications. So we must be interested in the threat, to attack itself to be able to make good decisions; just the application control is not enough.
If we imagine an attack whose goal is to exfiltration of data, then the first phase of the attack is to send a phishing email to a user to control his machine.Typically this will pass through an authorized port and an authorized application:email application.
So far there was no Exploit on the mall itself, it’s just the content that contains the threat ; we will have much interest to know the threat in order to make a decision.
As this attack aims to exfiltration information, so hackers will make sure to pass through authorized flows, in order to get out of the network and outputs the data (it will be https, ssh).
Once again as are authorized flows, we will have fewer means to make the right decision based on the application only : It will take several correlate security events that match informations managing the threat. Hence the Firewall Next-Gen with IPS next-Gen.
What is this Firewall ? …
It encompasses several areas, the basic of connection and routing is Cisco ASA technology, which is known for its robustness and performance, and is now the most deployed firewall in the world. The part of application control and IPS Next-Gen intelligence are the legacy of SourceFire.
All customers who have an ASA X in their network have the ability to implement the full functionality of next generation firewall by upgrading, the aim is to bring more functionality on what already works.
I would like to introduce you to the Cisco Certification called SCYBER.
The Securing Cisco Networks with Threat Detection and Analysis (SCYBER) (600-199) is a 1.5-hour exam with 50−60 questions.
This exam is associated with the Cisco Cybersecurity Specialist certification. Candidates can prepare for this exam by taking the Interconnecting “Securing Cisco Networks with Threat Detection and Analysis”course.This exam tests a candidate’s knowledge and skills required to proactively detect and mitigate network security threats by leveraging features that exist in Cisco and other industry network security products today.
Designed for professional security analysts, the exam covers essential areas of competency including event monitoring, security event/alarm/traffic analysis, and incident response. The exam is closed book and no outside reference materials are allowed.
My experience with this certification is the following:
Some months ago ( February) after I passed my CompTia Security + Certification , I was looking for the next certification to prepare.
My search leads me to CEH of EC-Council , GSEC of SANS Institute and Cybersecurity Essentials of Prometric. In the same time I received some Cisco ads about their new SCYBER Certification and that caught my attention.
To make my choice , I discarded CEH and GSEC because the sources materials for these certifications were scarse and not fully available on Pi****bay ;)!(shuuuuuut !!! I took almost all y sources materials on it ).
I started compare SCYBER and Cyber Security Essentials of Prometric , and for me this last looked like Security + Certification that I passed . Then I focused on SCYBER , but it was a new certification , that means no sources materrials available, only in the training center !
I decided to come back to CEH. some months have passed and I started to see the new version V8 of the certification available, but my mind was always in the SCYBER may be due to of lack of materials to correctly setup my CEH Lab.., it was difficult for me to perform CEH Labs ( I had 2 computers one Mac Book Air “11”, and an old Windows PC 32bits 😦 , not enough memory for different VMs Machine to setup …and so on ) .
This is how the true CEH Lab looks like according to EC-Council.
But I don’t give up , I keep trying my best by download and learn about Computer Forensic , Hacking , Cybersecurity … ( I have a 700 GB data hard disk so I can always do news things :)) .
Few week ago , after an interview I saw one Cisco Live conference gived by James Risler , the Topic was about Cisco Cyber Security Analyst Specialist Certification, that convince me to prepare SCYBER.
For me , it was not too difficult , besides I think that the SCYBER exam was easy more than the preparation I made (may be I did too much preparation ?!?!). I so much appreciated all subjects I learned and experienced more than the exam itself. I just failed one question on 58 🙂 .
The official sources material it not yet available excepted some cisco presses . The official preparation is given by a cisco instructor led courses.
I used some Cisco presses , mainly my own searchs among my 700 GB data of my hard disk ( Computer Forensic , Ethical Hacking , TCP/IP fundamental , TCPdumps , Wireshark , Incidence Response procedure , …) and some forum .
Some subjects seems basic, but for example if you can not read the information contained in the TCP header , payload ..how can you investigate?
Even if it’s Cisco certification , the subjects are not based on cisco technologies or products, but mainly on Cybersecurity in general like a neutral vendor certification can proceed .
And the winner is … 😉
That’s what I can say about this certification I recommend you to watch this video if you want more details.