Hello, Protector,
Today I explain how to protect ransomware effect from importan maetarails and resources within Cisco ISE with FTD/FMC.
I my verbose, I have expreience about customer attack from attacker via ransomware.
This situation not only for other customer, but also impact to us site.
So Listen Carefully.
1st, If ransomware is enter to the user PC from pishing E-mail and Domain, or unidentified Files.
2nd, They obeserve ARP scan, Netbios , SMB(445) , RDP(3389), and AD server too. ( 1min ~ 3 min)
-> In this situation, we can look multiple session in Firewall, multiple acecss try in same segment.
3rd, rogue and steal the credential.(3min~ 5min)
4th, effect in same LAN.(5min ~ 15min)
5th, System paralized.(15min~)
So, We need quckly automated protect netework from virus & attacked computer via malware , etc..
Cisco ISE, and Cisco FTD/FMC 's PxGrid should protect automatecally from Policy based ACL, SGT.
SGT(Security Group tag) oritened Policy Based protect, not IP based,
So This is we can call about ZeroTrust Network.
ISE and when antivirus inpect the attack from PC, in 10~30second, FTD/FMC provisioning the DENY Policy to that PC.
Solution :
1st , Effect virus impact in PC.
2nd, ISE SGT change and with PxGrid, FTD/FMC change the access Policy
So Simple.
This is very useful and important at Plant network, If admin can't protect from them, factory will shutdown.
Cisco Secure Network , Only Protect Turnkey Solution for Plants and other customer site.
Thank you.
