security everywhere bremtane moudjeb - Cisco · UTM Security Analytics NGIPS / Anti-Malware Sandbox...

Head Of Cyber Security, Cisco Switzerland

Bremtane Moudjeb

CyberSecurity Day

Crypto-Jacking 1.3Tbps DDoS Network Malware

145M Users Atlanta - SamSam Croatia Attacks

Another Crazy Year!

DDoS

Data Destruction

Monetary TheftPhishing

Rogue Software

Man in the MiddleTrojans

Drive by Downloads

Data Manipulation

Wiper Attacks

Botnets

RansomwareAdvanced Persistent Threats

Unpatched Software

Spyware/Malware

Data/IP Theft

Malvertising

DEFENDERSTireless

ATTACKERS

Relentlessvs

CyberSecurity Challenges

Rapid Containment

Intelligence drivenIncident Response

Threat Visibility

Workplace

desktops

Business

apps

Critical

infrastructure

Back Then… Internet

…it was all about Perimeter Security…

…and a Big Fat Firewall!

Business appsSalesforce, Office 365,

G Suite, etc.

Branch office

Critical infrastructureAmazon, Rackspace,

Windows Azure, etc.

Roaming laptops &IoT Devices

Workplace

desktops

Business

apps

Critical

infrastructure

Internet

But Now: The way we work has changed

Collapse of The Old Security ModelSymptoms of Failure

of organizations use 6 to>50 security vendors 65%

of organizations use 6to >50 security productsTB of Logs

But yet, little

visibility

500K+

Firewall Rules

80+

Security

Tools

200

Days

Average

breach

detectio

n time

100%

of

Organizations

compromised

55%

Blind To Threats

44%of alerts are NOT

investigated

49%of legitimate

alerts are NOTremediated

Malicious Binaries and Encryption

Increase

November 2016

Attackers embrace encryption to conceal their command-and-control activity

19%

12% Increase

268%70%

50%

38%

Global Encrypted Web Traffic Malicious Sandbox Binaries with Encryption

October 2017

3.6Pb 46.8K+ 4.8M+

624M+ 126 $429K+

45min to change the game

$516M

ArchitectureIntegrated

PortfolioBest of breed

IntelligenceCloud-Delivered

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

00I00 I00I0I II0I0I 0II0I I0I00I0I0 0II0I0II 0I00I0I I0 00

III00II 0II00II I0I0II0II0 I0 I0 I00 00I0 I000 0II0 00

III00II I000I0I I000I0I I000I0I II 0I00 I0I000 0II0 00

00I I0I0I0 I0I0III000 I0I00I0I 0II0I0 I00I0I0I0I 000

II0II0I0I0I I0I0I0I 0I0I0I0I 0I0I00I0 I0I0I0I 0II0I0I0I

0II00 I00I0I0 0I00I0I I00I0I0 I0I0I0I 0I0I0I 0I0I0I0

00I0I0 0I0I0I0 I0I0I00I 0I0I 0I0I 0I0I I0I0I 0I00I0I

III00II 0II00II I0I000 0II0 00I0I00 I0 I000I0I 0II 0I0I0I

II0III0I 0II0II0I II00I0I0 0I00I0I00 I0I0 I0I0 I00I0I001.5 millionDaily malware samples

600 billionDaily email messages

16 billionDaily web requests

20 billionThreats blocked daily

250+threat intel researchers; 24 – 7 – 365

Millionsof telemetry agents

4Global data centers

Over 100 Threat intelligence partners

Email Malware/Endpoint Network IntrusionsWeb/URL Network Analysis DNS/IP

Portfolio Backed by Superior Threat Intelligence

III00II I000I0I I000I0I I000I0I II 0I00 I0I000 0II0 00

00I I0I0I0 I0I0III000 I0I00I0I 0II0I0 I00I0I0I0I 000

0II00 I00I0I0 0I00I0I I00I0I0 I0I0I0I 0I0I0I 0I0I0I0

20B 250M S

4MP

1M

C

700K

FZ

800K972M

T

P

1MThreats blocked daily

Cisco’s Security Investments $6B Invested to Radically Change How the Industry

NAC addition

Messaging and Web Security Appliance

Cloud Security

UTM

Security Analytics

NGIPS / Anti-Malware

Sandbox

2004 20072009

2012

20132014

2016

Consulting

Advanced

Threat

Protection

Portcullis

Consulting

Network

As A

Sensor

Cloud Security

2017Observable

Networks

Multi-Factor

Authentication

Automated Policy

Context Awareness

Event Visibility

Threat Intel/Enforcement

Integrated Architecture

Enterprise Mobility Management

Network Traffic Security Analytics

Cloud Workload Protection

Web Security

Email Security

Advanced Threat

Secure SD-WAN / Routers

Identity and Network Access Control

Secure Internet Gateway

Switches and Access Points

Next-Gen FW/IPS

Cloud Access Security

Cisco Threat Intelligence

Cisco Platform Exchange

Cisco Threat Response

An integrated portfolio creates value for customers

Open APIs · Developer Environment · Services

Best of Breed Portfolio

EndpointNetwork Cloud

Leading Threat Intelligence

Cisco Threat ResponseDeploy Policy

InvestigateDetect Remediate

3rd Parties150

security tech

partners

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Automation: Breach Response

If malware gets in

Detection under 3.5 HOURS

Removed automatically from

endpoints

Blocked across Network, endpoints

and cloud

It Is Confirmed By The Market

Secure Mail Gateway NGIPS Network Access Ctrl

Symantec

Niche Players Visionairies

Challengers Leaders

Abili

ty to E

xecute

Completeness of VisionAs of June 2015

Microsoft

Intel SecurityTrend Micro

Mimecast

Websense

BAE Systems

Barracuda Networks

Sophos

Clearswift

Fortinet

DellTrustwave

WatchGuard Technologies

Proofpoint

Niche Players Visionairies

Challengers Leaders

Abili

ty to E

xecute

Completeness of VisionAs of December 2017

McAfeeTrend Micro

Vectra Networks

FireEyeAlert Logic

NSFOCUS

Venustech

Hillstone Networks

Niche Players Visionairies

Challengers Leaders

Abili

ty to E

xecute

Completeness of VisionAs of December 2014

Auconet

ForeScoutTechnologies

ArubaNetworks

Bradford Networks

Portnox

Impulse Point

Pulse Secure

Extreme Networks

InfoExpress

Good news…

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

of Cisco customers buy

Cisco Security

12%

Did I Really Say “Good news”?

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

GREAT Year for CyberSecurity

#1 CyberSecurity Company

Umbrella

49%Policy & Access

29%Adv. Threat Sec

40%

*Including services and products

merci

grazie

mahalo

obrigado

terima kasih

dank u

graciasobrigadatakk

ačiū

a dank

спасибоarigatôתודה

Ďakujem Дякую

chnorakaloutioun

xвала

tack

děkuji

dziękuję

Баярлалааευχαριστώ

grazzi

감사합니다

ngiyabonga

choukrane

paldieskop khun

diolch

hvala

danke

shukran

faleminderit

dankie

mulţumes

blagodariagràcies

Xièxièshukriya

tak

kiitosteşekkür ederim

nandri

köszönöm

tänan

dhanyavād

благодаря

Благодарамthank you

Secured Digital HealthCareFelix Platter© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Security Architecture

DNA + ACI + Collaboration

Digital HealthCare320 beds – 700 employees

Demo:The Architectural Advantage in Action

New 3.5h TTD!

2 Flow Analysis with Stealthwatch

3 Threat Analytics CTAFlow Collector 1

Global Threat Intelligence

ISE

Healthcare EndpointDynamic quarantine5

4 Information Sharing to ISE

The New IT RealityIt’s more difficult to establish user and device trust

1Apps are availableon-premises plusvia IaaS and SaaS

2Employees, contractors, others access these apps with BYOD and mobile devices

3

Attackers most often cause data breaches by directly accessing these apps via compromised passwords and devices

Any User, Any Device, Any Application, Any Location

New expectations for being able to deliver trust

Verify device via compliance check

and agentless inspection

Verify user via multi-factor authentication

Establish Trust

Intent-based networking

Wherever there is an access decision on your

network (on-prem or VPN) or off your network

Trust-based policy

Single sign-on to multiple apps via Cisco or 3rd-party

Adaptive AccessUsers

Devices

Apps

What’s Next?

2H FY19

Enriched capabilities

• Enhanced cloud-delivered firewall as Service

• Enhanced web proxy

• New Managed offerings

1H FY19

Deep inspection

• SD-WAN & Meraki integration

• Cloud-delivered firewall

• Full web proxy

My Commitment

TEAM SOLUTIONS SECURITY+ +

Your Commitment

PARTNERSHIP OPEN TRUST+ +

Building The Future

Lead Together