Intelligent Cyber security for the Real World · Intelligent Cyber security for the Real World ... The NGFW Security Value Map shows the placement of Cisco ASA with FirePOWER Services

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 1

Intelligent Cyber security for the Real World Suwitcha Musijaral,CISA,CISSP

CSE – Security , Global Security Sales Organization

6 March 2015

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 2

Key Milestones in Cisco Security

Security

Sourcefire &

ThreatGRID

Acquisitions

Managed

Threat Defense

AMP Everywhere

OpenAppID

Cognitive Threat

Analytics

ASAv Firewall

ASA with FirePOWER Svcs

FirePOWER 8300 Series

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

“So do any network security vendors understand data center and what’s needed to accommodate network security? Cisco certainly does.”

“Cisco is disrupting the advanced threat defense industry.”

“… AMP will be one of the most beneficial aspects of the [Sourcefire] acquisition.”

“Based on our (Breach Detection Systems) reports, Advanced Malware Protection from Cisco should be on everyone’s short list.”

2014 Vendor Rating for Security: Positive

Recognition Market

“The AMP products will provide deeper

capability to Cisco's role in providing

secure services for the Internet of

Everything (IoE).”


Security Challenges

Changing

Business Models

Dynamic

Threat Landscape

Complexity

and Fragmentation


Security Challenges No change

Changing

Business Models

Dynamic

Threat Landscape

Complexity

and Fragmentation

of organizations not

“fully aware” of all

network devices

BYOD

90%

SOCIAL MEDIA

times more cloud services

are being used than

known by IT

CLOUD

5–10 of top 500 Android apps

carry security/privacy risks

APP STORES

92% of organizations had

malware enter the corporate

network through social

media/web apps

14%

complete


Security Challenges

Changing

Business Models

Dynamic

Threat Landscape

Complexity

and Fragmentation

A community that hides in plain sight avoids detection and attacks swiftly

60% of data is

stolen in

HOURS

54% of breaches remain

undiscovered for

MONTHS

YEARS MONTHS WEEKS HOURS START

85% of point-of-sale intrusions

aren’t discovered for

WEEKS

51% increase of companies

reporting a $10M loss

or more in the last

YEAR


Security Challenges

Changing

Business Models

Complexity

and Fragmentation

Dynamic

Threat Landscape

Security Vendors

at RSA

Demand for

Security Talent

373 12x

Security Vendors for

Some Customers

45

Complexity Talent Fragmentation


How Industrial Hackers Monetize the Opportunity

Social Security

$1

Medical

Record

>$50

DDOS

as a Service

~$7/hour

WELCOME TO THE HACKERS’ ECONOMY

DDoS

Credit

Card Data

$0.25-$60

Bank Account Info

>$1000 depending on account

type and balance

$

Exploits

$1000-$300K

Facebook Account

$1 for an account

with 15 friends

Spam

$50/500K emails

Malware

Development

$2500 (commercial malware)

Global

Cybercrime

Market:

$450B-$1T

Mobile Malware

$150


What would you do differently if you knew you were going to be compromised?


The Threat-Centric Security Model

Attack Continuum

Network Endpoint Mobile Virtual Cloud

Point in Time Continuous

Discover Enforce Harden

Detect Block

Defend

Scope Contain

Remediate


Strategic Imperatives

Network-Integrated, Broad Sensor Base,

Context and Automation

Continuous Advanced Threat Protection, Cloud-Based

Security Intelligence

Agile and Open Platforms, Built for Scale, Consistent

Control, Management

Endpoint Network Mobile Virtual Cloud

Visibility-Driven Threat-Focused Platform-Based


Visibility-Driven


Network Servers

Operating Systems

Routers and

Switches

Mobile Devices

Printers

VoIP Phones

Virtual Machines

Client Applications

Files

Users

Web Applications

Application Protocols

Services

Malware

Command and Control

Servers

Vulnerabilities

NetFlow

Network Behavior

Processes

Cisco Sees More Than the Competition


?

Threat-Focused


Detect, Understand, and Stop Threats

?

Collective Security Intelligence

Threat Identified

Event History

How

What

Who

Where

When

ISE + Network, Appliances (NGFW/NGIPS)

Context AMP, CWS, Appliances

Recorded

Enforcement


Continuous Advanced Threat Protection

ISE + Network, Appliances (NGFW/NGIPS)

How

What

Who

Where

When


AMP, CWS, Appliances

Enforcement

Event History

AMP, NBAD

Continuous Analysis Context


Advanced Industry Disclosures

Outreach Activities

Dynamic Analysis

Threat Centric Detection Content

Malware Analysis

IPS Snort Rules Update

Vulnerability Database Update


Email & Web Reputation

100 TB Intelligence

1.6M Sensors

150 Million+

Endpoints

35% Global Email

13B Web Requests

FireAMP™, 3M+

1.1M+ File Samples

per Day

AEGIS™& SPARK

Open Source

Communities

1B Reputation

Queries per Day

3.6PB Monthly

though CWS

Email Endpoints Web Networks IPS Devices

WWW

Superior Intelligence to Battle Advanced Threats

10I000 0II0 00 0III000 II1010011 101 1100001 110

110000III000III0 I00I II0I III0011 0110011 101000 0110 00

I00I III0I III00II 0II00II I0I000 0110 00

101000 0II0 00 0III000 III0I00II II II0000I II0

1100001110001III0 I00I II0I III00II 0II00II 101000 0110 00

100I II0I III00II 0II00II I0I000 0II0 00

Threat

Intelligence

Research

Response

Collective



FirePOWER Delivers Best Threat Effectiveness

Security Value Map for

Intrusion Prevention System (IPS)

Security Value Map for

Breach Detection


NSS Labs – Next-Generation Firewall Test Methodology (v5.4)

Source: NSS Labs 2014

The NGFW Security Value Map shows the placement of Cisco ASA with FirePOWER Services and the FirePOWER 8350 as compared to other vendors. All three products achieved 99.2 percent in security effectiveness and now all can be confident that they will receive the best protections possible regardless of deployment.


Increases Visibility Accelerates Detection Scales Enforcement

Synergies Through Integration

The Network and Security


Silos Create Security Gaps

W W W

Context- Aware

Functions

IPS Functions

Malware Functions

VPN Functions

Traditional Firewall

Functions


Cisco ASA with FirePOWER Services Superior Integrated & Multilayered Protection

Cisco ASA + FirePOWER

Identity-Policy

Control & VPN

URL Filtering (Subscription)

FireSIGHT

Analytics &

Automation

Advanced

Malware

Protection (Subscription)

Application

Visibility & Control

Network Firewall

Routing | Switching

Clustering &

High Availability

WWW

Cisco Collective Security Intelligence Enabled

Built-in Network

Profiling

Intrusion

Prevention

World’s most widely deployed, enterprise-

class ASA stateful firewall

Granular Cisco® Application

Visibility and Control (AVC)

Industry-leading FirePOWER

next-generation IPS (NGIPS)

Reputation- and category-based

URL filtering

Advanced malware protection


MAC

AMP for Networks

PC

AMP for

Cloud Web Security

& Hosted Email

CWS

Virtual

AMP on Web & Email

Security Appliances

Mobile

AMP on ASA Firewall with

FirePOWER Services

AMP for Endpoints

AMP Private Cloud

Virtual Appliance AMP Threat Grid

Dynamic Malware Analysis

+

Threat Intelligence Engine

Advanced Malware Protection Everywhere


Reduce Complexity and Increase Capability

Cloud Services Control Platform

Hosted


Centralized Management

Appliances, Virtual

Network Control Platform

Device Control Platform

Cloud Services Control Platform

Appliances, Virtual Host, Mobile, Virtual Hosted


The cloud increases IT efficiency

• Turnkey installation and management

• Integrated, always up to date features

• Scales from small branches to large networks

• Reduces operational costs

Manageability Scalability Cost Savings


Cisco Meraki: Bringing the cloud to enterprise networks

Meraki MS

Ethernet Switches

Meraki SM

Mobile Device

Management

Meraki MR

Wireless LAN

Meraki MX

Security

Appliances


Cloud-managed networking architecture

Network endpoints securely

connected to the cloud

Cloud-hosted centralized

management platform

Intuitive browser-based

dashboard


Simplified enterprise security

Enterprise-class security features

for security-conscious

environments

Air Marshal WIDS/WIPS Detect wireless attacks; contain rogue APs; cloud-based alerting and diagnostics

User and device aware

security

User, device, and group-based firewall rules (layer 3-7) with

Active Directory integration

Complete NG firewall and

content security

Application firewall; content filtering matching 1B+ URLs; antivirus / antimalware filtering; Google safe-

search


Case study: Milpitas Unified School District

• California school district with 14 schools, 10,000 students

• Deployed cloud-managed firewall, 500 wireless APs (indoor + outdoor), and 100 Ethernet switches

• Enabled 1:1 Google Chromebook deployment and BYOD policy

• Application visibility and control optimizes bandwidth across 10k+ clients

“The Dashboard, the traffic shaping, and the MDM were real advantages. We can see the traffic and

devices on the fly.”

Chin Song, Director of Technology, Milpitas Unified School District


Optimization

Migration

Integration

Program Strategy

Architecture and Design

Assessments

Product Support Hosted Security Managed Security

Security Services Portfolio


Cisco and Sourcefire: Better Together

Security Services

Attack Continuum

Discover Enforce Harden

Detect Block

Defend

Scope Contain

Remediate

Firewall

NGFW

NAC + Identity Services

VPN

UTM

NGIPS

Web Security

Email Security

Advanced Malware Protection

Network Behavior Analysis

Malware Sandboxing


Ecosystem and Integration

Combined API Framework

BEFORE

Policy and Control

AFTER

Analysis and Remediation

Detection and Blocking

DURING

Infrastructure & Mobility

NAC Vulnerability Management Custom Detection Full Packet Capture Incident Response

SIEM Visualization Network Access

Taps


Only Cisco Delivers

Consistent Control

Reduced Complexity

Consistent Policies

Across the

Network and

Data Center

Fits and Adapts

to Changing

Business Models

Global Intelligence

With the Right

Context

Detects and Stops

Advanced Threats

Advanced Threat Protection

Unmatched Visibility


Thank You

Documents

Intelligent Cyber security for the Real World · Intelligent Cyber security for the Real World ... The NGFW Security Value Map shows the placement of Cisco ASA with FirePOWER Services