Upload
lamnhi
View
225
Download
1
Embed Size (px)
Citation preview
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
Intelligent Cyber security for the Real World Suwitcha Musijaral,CISA,CISSP
CSE – Security , Global Security Sales Organization
6 March 2015
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Key Milestones in Cisco Security
Security
Sourcefire &
ThreatGRID
Acquisitions
Managed
Threat Defense
AMP Everywhere
OpenAppID
Cognitive Threat
Analytics
ASAv Firewall
ASA with FirePOWER Svcs
FirePOWER 8300 Series
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
“So do any network security vendors understand data center and what’s needed to accommodate network security? Cisco certainly does.”
“Cisco is disrupting the advanced threat defense industry.”
“… AMP will be one of the most beneficial aspects of the [Sourcefire] acquisition.”
“Based on our (Breach Detection Systems) reports, Advanced Malware Protection from Cisco should be on everyone’s short list.”
2014 Vendor Rating for Security: Positive
Recognition Market
“The AMP products will provide deeper
capability to Cisco's role in providing
secure services for the Internet of
Everything (IoE).”
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Security Challenges
Changing
Business Models
Dynamic
Threat Landscape
Complexity
and Fragmentation
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Security Challenges No change
Changing
Business Models
Dynamic
Threat Landscape
Complexity
and Fragmentation
of organizations not
“fully aware” of all
network devices
BYOD
90%
SOCIAL MEDIA
times more cloud services
are being used than
known by IT
CLOUD
5–10 of top 500 Android apps
carry security/privacy risks
APP STORES
92% of organizations had
malware enter the corporate
network through social
media/web apps
14%
complete
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Security Challenges
Changing
Business Models
Dynamic
Threat Landscape
Complexity
and Fragmentation
A community that hides in plain sight avoids detection and attacks swiftly
60% of data is
stolen in
HOURS
54% of breaches remain
undiscovered for
MONTHS
YEARS MONTHS WEEKS HOURS START
85% of point-of-sale intrusions
aren’t discovered for
WEEKS
51% increase of companies
reporting a $10M loss
or more in the last
YEAR
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Security Challenges
Changing
Business Models
Complexity
and Fragmentation
Dynamic
Threat Landscape
Security Vendors
at RSA
Demand for
Security Talent
373 12x
Security Vendors for
Some Customers
45
Complexity Talent Fragmentation
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
How Industrial Hackers Monetize the Opportunity
Social Security
$1
Medical
Record
>$50
DDOS
as a Service
~$7/hour
WELCOME TO THE HACKERS’ ECONOMY
DDoS
Credit
Card Data
$0.25-$60
Bank Account Info
>$1000 depending on account
type and balance
$
Exploits
$1000-$300K
Facebook Account
$1 for an account
with 15 friends
Spam
$50/500K emails
Malware
Development
$2500 (commercial malware)
Global
Cybercrime
Market:
$450B-$1T
Mobile Malware
$150
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
What would you do differently if you knew you were going to be compromised?
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
The Threat-Centric Security Model
Attack Continuum
Network Endpoint Mobile Virtual Cloud
Point in Time Continuous
Discover Enforce Harden
Detect Block
Defend
Scope Contain
Remediate
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Strategic Imperatives
Network-Integrated, Broad Sensor Base,
Context and Automation
Continuous Advanced Threat Protection, Cloud-Based
Security Intelligence
Agile and Open Platforms, Built for Scale, Consistent
Control, Management
Endpoint Network Mobile Virtual Cloud
Visibility-Driven Threat-Focused Platform-Based
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Visibility-Driven
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Network Servers
Operating Systems
Routers and
Switches
Mobile Devices
Printers
VoIP Phones
Virtual Machines
Client Applications
Files
Users
Web Applications
Application Protocols
Services
Malware
Command and Control
Servers
Vulnerabilities
NetFlow
Network Behavior
Processes
Cisco Sees More Than the Competition
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
?
Threat-Focused
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Detect, Understand, and Stop Threats
?
Collective Security Intelligence
Threat Identified
Event History
How
What
Who
Where
When
ISE + Network, Appliances (NGFW/NGIPS)
Context AMP, CWS, Appliances
Recorded
Enforcement
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Continuous Advanced Threat Protection
ISE + Network, Appliances (NGFW/NGIPS)
How
What
Who
Where
When
Collective Security Intelligence
AMP, CWS, Appliances
Enforcement
Event History
AMP, NBAD
Continuous Analysis Context
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Advanced Industry Disclosures
Outreach Activities
Dynamic Analysis
Threat Centric Detection Content
Malware Analysis
IPS Snort Rules Update
Vulnerability Database Update
Security Intelligence
Email & Web Reputation
100 TB Intelligence
1.6M Sensors
150 Million+
Endpoints
35% Global Email
13B Web Requests
FireAMP™, 3M+
1.1M+ File Samples
per Day
AEGIS™& SPARK
Open Source
Communities
1B Reputation
Queries per Day
3.6PB Monthly
though CWS
Email Endpoints Web Networks IPS Devices
WWW
Superior Intelligence to Battle Advanced Threats
10I000 0II0 00 0III000 II1010011 101 1100001 110
110000III000III0 I00I II0I III0011 0110011 101000 0110 00
I00I III0I III00II 0II00II I0I000 0110 00
101000 0II0 00 0III000 III0I00II II II0000I II0
1100001110001III0 I00I II0I III00II 0II00II 101000 0110 00
100I II0I III00II 0II00II I0I000 0II0 00
Threat
Intelligence
Research
Response
Collective
Security Intelligence
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
FirePOWER Delivers Best Threat Effectiveness
Security Value Map for
Intrusion Prevention System (IPS)
Security Value Map for
Breach Detection
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
NSS Labs – Next-Generation Firewall Test Methodology (v5.4)
Source: NSS Labs 2014
The NGFW Security Value Map shows the placement of Cisco ASA with FirePOWER Services and the FirePOWER 8350 as compared to other vendors. All three products achieved 99.2 percent in security effectiveness and now all can be confident that they will receive the best protections possible regardless of deployment.
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Increases Visibility Accelerates Detection Scales Enforcement
Synergies Through Integration
The Network and Security
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Silos Create Security Gaps
W W W
Context- Aware
Functions
IPS Functions
Malware Functions
VPN Functions
Traditional Firewall
Functions
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Cisco ASA with FirePOWER Services Superior Integrated & Multilayered Protection
Cisco ASA + FirePOWER
Identity-Policy
Control & VPN
URL Filtering (Subscription)
FireSIGHT
Analytics &
Automation
Advanced
Malware
Protection (Subscription)
Application
Visibility & Control
Network Firewall
Routing | Switching
Clustering &
High Availability
WWW
Cisco Collective Security Intelligence Enabled
Built-in Network
Profiling
Intrusion
Prevention
World’s most widely deployed, enterprise-
class ASA stateful firewall
Granular Cisco® Application
Visibility and Control (AVC)
Industry-leading FirePOWER
next-generation IPS (NGIPS)
Reputation- and category-based
URL filtering
Advanced malware protection
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
MAC
AMP for Networks
PC
AMP for
Cloud Web Security
& Hosted Email
CWS
Virtual
AMP on Web & Email
Security Appliances
Mobile
AMP on ASA Firewall with
FirePOWER Services
AMP for Endpoints
AMP Private Cloud
Virtual Appliance AMP Threat Grid
Dynamic Malware Analysis
+
Threat Intelligence Engine
Advanced Malware Protection Everywhere
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Reduce Complexity and Increase Capability
Cloud Services Control Platform
Hosted
Collective Security Intelligence
Centralized Management
Appliances, Virtual
Network Control Platform
Device Control Platform
Cloud Services Control Platform
Appliances, Virtual Host, Mobile, Virtual Hosted
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
The cloud increases IT efficiency
• Turnkey installation and management
• Integrated, always up to date features
• Scales from small branches to large networks
• Reduces operational costs
Manageability Scalability Cost Savings
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Cisco Meraki: Bringing the cloud to enterprise networks
Meraki MS
Ethernet Switches
Meraki SM
Mobile Device
Management
Meraki MR
Wireless LAN
Meraki MX
Security
Appliances
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Cloud-managed networking architecture
Network endpoints securely
connected to the cloud
Cloud-hosted centralized
management platform
Intuitive browser-based
dashboard
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Simplified enterprise security
Enterprise-class security features
for security-conscious
environments
Air Marshal WIDS/WIPS Detect wireless attacks; contain rogue APs; cloud-based alerting and diagnostics
User and device aware
security
User, device, and group-based firewall rules (layer 3-7) with
Active Directory integration
Complete NG firewall and
content security
Application firewall; content filtering matching 1B+ URLs; antivirus / antimalware filtering; Google safe-
search
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Case study: Milpitas Unified School District
• California school district with 14 schools, 10,000 students
• Deployed cloud-managed firewall, 500 wireless APs (indoor + outdoor), and 100 Ethernet switches
• Enabled 1:1 Google Chromebook deployment and BYOD policy
• Application visibility and control optimizes bandwidth across 10k+ clients
“The Dashboard, the traffic shaping, and the MDM were real advantages. We can see the traffic and
devices on the fly.”
Chin Song, Director of Technology, Milpitas Unified School District
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Optimization
Migration
Integration
Program Strategy
Architecture and Design
Assessments
Product Support Hosted Security Managed Security
Security Services Portfolio
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Cisco and Sourcefire: Better Together
Security Services
Attack Continuum
Discover Enforce Harden
Detect Block
Defend
Scope Contain
Remediate
Firewall
NGFW
NAC + Identity Services
VPN
UTM
NGIPS
Web Security
Email Security
Advanced Malware Protection
Network Behavior Analysis
Malware Sandboxing
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Ecosystem and Integration
Combined API Framework
BEFORE
Policy and Control
AFTER
Analysis and Remediation
Detection and Blocking
DURING
Infrastructure & Mobility
NAC Vulnerability Management Custom Detection Full Packet Capture Incident Response
SIEM Visualization Network Access
Taps
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Only Cisco Delivers
Consistent Control
Reduced Complexity
Consistent Policies
Across the
Network and
Data Center
Fits and Adapts
to Changing
Business Models
Global Intelligence
With the Right
Context
Detects and Stops
Advanced Threats
Advanced Threat Protection
Unmatched Visibility
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Thank You