© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1

Defending Against Targeted Attacks Nilesh Bhandari

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

Request for review

Paul,

I forward my thesis to you for review.

Please open it and provide comments.

www.Personal Site.com/Thesis_Draft.pdf

Hope alls well since Verizon.

Best regards,

Sean

Sean Porter

paulr@email.com

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

Evolution of Threat Landscape

Evolution of Outbound Protection

HIGH

Volume

HIGH

$ IMPACT

LOW

Volume

LOW

$ IMPACT

HIGH

Volume

LOW

$ VALUE

LOW

Volume

HIGH

$ VALUE

CEO

CFO

SPAM MASS EMAIL ADOPTION

Custom URL

Targeted Attacks

Image Spam

Botnets

Conficker Aurora

Covert, Sponsored Targeted Attacks

CUSTOMER ASSETS COMPLIANCE Identity Aware

Data Classification

TLS

Encrypt Everything

HIPAA

State Regulations

Brand

Quarantine Filter

DLP

Intellectual Property

Social Security Numbers PCI

PHISHING

VIRUS OUTBREAKS

T O D A Y P A S T

Attachment-based

Slammer

Worms

Network Evasions Polymorphic Code

Code Red Stuxnet

IPv6-based Attacks

Integrated DLP

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

Attributes:

Very low volume

Focus on individual or group with highly-personalized data

Typically rely on malware to harvest information

Typically transparent to end-user

Examples:

Spearphishing

Personalized Scams

Targeted Malware Emails

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

Industry in Transition

$0

$200

$400

$600

$800

$1,000

$1,200

$1,400

2008 2009 2010 2011

Spearphishing Attacks

Personalized Scams and Malicious Attacks

Spam

Personalized Attacks

Targeted Malware

Cyb

erc

rim

ina

l B

en

efi

t ($

M)

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6

EXAMPLE OF A

TYPICAL CAMPAIGN

MASS PHISHING ATTACK

(Single Campaign)

SPEARPHISHING ATTACK

(Single Campaign)

Total Messages Sent in Campaign 1,000,000 1,000

Victims 8 2

Value per Victim $2,000 $80,000

Total Value from Campaign $16,000 $160,000

Total Cost for Campaign $2,000 $10,000

Total Profit from Campaign $14,000 $150,000

Cybercriminal Perspective

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

Targeted Attacks have quadrupled in the last year.

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9

Request for review

Paul,

I forward my thesis to you for review.

Please open it and provide comments.

www.Personal Site.com/Thesis_Draft.pdf

Hope alls well since Verizon.

Best regards,

Sean

Sean Spoofed

paulr@email.com

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10

Fast, Accurate Protection

Cisco AnyConnect

Any Device, Anywhere

Email

Corporate Headquarters

Web

ISP Datacenter

Firewall/IPS

Branch Office

Threat Telemetry Threat Telemetry Cisco SIO

30% Email Visibility 7 Million NEW URLs 1 Million Devices Millions Globally

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

Outbreak Filters IPAS Reputation Filters

? ? ?

Block 90%

of Spam

>99% Catch Rate

< 1/1M False Positives

?

?

? ?

?

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

Request for review

Paul,

I forward my thesis to you for review.

Please open it and provide comments.

www.Personal Site.com/Thesis_Draft.pdf

Hope alls well since Verizon.

Best regards,

Sean

Sean Spoofed

paulr@email.com

After

http://www.threatlink.com/

Before

http://secure-web.cisco.com/

auth=X&URL=www.threatlink.com

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13

Identified: Targeted Attack

Content: Malware Payload

Vector: Email

Action: Blocked

7 MUpdates per Day

1TbThreat Telemetry

Request for review

Paul,

I forward my thesis to you for review.

Please open it and provide comments.

www.Personal Site.com/Thesis_Draft.pdf

Hope alls well since Verizon.

Best regards,

Sean

Sean Spoofed

paulr@email.com

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14

Malware Payload Blocked

http://secure-web.cisco.com…

The requested web page has been blocked

http://www.threatlink.com

Cisco Email and Web Security protects your

organization’s network from malicious software.

Malware is designed to look like a legitimate email

or website which accesses your computer, hides

itself in your system, and damages files.

Cisco Security

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15

INBOUND SECURITY

Spam and Malware

Targeted Attacks

OUTBOUND SECURITY

Data Loss Prevention

Encryption

Centralized Management and Reporting

Mobility Enabled

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16

Comprehensive

• 100+ Pre-defined policies

• Integrated tracking/reporting

Accurate

• Multiple parameters

• Key words, proximity, etc.

Easy

• One-click activation

• Identity based policies

Extensible

• Email Policies can apply to Network, Endpoints and DC

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17

Free 30 Day Trial

Security Reports:

www.cisco.com/go/targetedattacks

www.cisco.com/go/security

Contact Your Cisco Rep

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18

Thank you.