Intelligent Cyber security for the Real World Suwitcha Musijaral,CISA,CISSP CSE – Security , Global Security Sales Organization 6 March 2015 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 Key Milestones in Cisco Security Sourcefire & ThreatGRID Acquisitions AMP Everywhere OpenAppID Managed Threat Defense Cognitive Threat Analytics ASAv Firewall ASA with FirePOWER Svcs FirePOWER 8300 Series Security © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 2 “Based on our (Breach Detection Systems) reports, Advanced Malware Protection from Cisco should be on everyone’s short list.” “Cisco is disrupting the advanced threat defense industry.” “So do any network security vendors understand data center and what’s needed to accommodate network security? Cisco certainly does.” 2014 Vendor Rating for Security: Positive “… AMP will be one of the most beneficial aspects of the [Sourcefire] acquisition.” “The AMP products will provide deeper capability to Cisco's role in providing secure services for the Internet of Everything (IoE).” Market Recognition © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 Security Challenges Changing Business Models © 2014 Cisco and/or its affiliates. All rights reserved. Dynamic Threat Landscape Complexity and Fragmentation Cisco Public 4 Security Challenges Changing Business Models BYOD Dynamic Threat Landscape Complexity and Fragmentation SOCIAL MEDIA CLOUD APP STORES 90% 14% 5–10 92% of organizations not “fully aware” of all network devices of organizations had malware enter the corporate network through social media/web apps times more cloud services are being used than known by IT of top 500 Android apps carry security/privacy risks © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 5 Security Challenges Changing Business Models Dynamic Threat Landscape Complexity and Fragmentation A community that hides in plain sight avoids detection and attacks swiftly 60% START © 2014 Cisco and/or its affiliates. All rights reserved. 85% 54% 51% of data is stolen in of point-of-sale intrusions aren’t discovered for of breaches remain undiscovered for HOURS WEEKS MONTHS increase of companies reporting a $10M loss or more in the last HOURS WEEKS MONTHS YEARS YEAR Cisco Public 6 Security Challenges Changing Business Models Complexity Dynamic Threat Landscape Fragmentation Complexity and Fragmentation Talent 45 373 12x Security Vendors for Some Customers Security Vendors at RSA Demand for Security Talent © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 How Industrial Hackers Monetize the Opportunity Credit Card Data $0.25-$60 Social Security $1 Medical Record >$50 DDoS DDOS as a Service ~$7/hour $ Bank Account Info >$1000 depending on account type and balance Mobile Malware $150 Spam $50/500K emails Global Cybercrime Market: $450B-$1T Malware Development $2500 Exploits $1000-$300K Facebook Account $1 for an account with 15 friends (commercial malware) WELCOME TO THE HACKERS’ ECONOMY © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 What would you do differently if you knew you were going to be compromised? © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 The Threat-Centric Security Model Attack Continuum Detect Block Defend Discover Enforce Harden Network Endpoint Point in Time © 2014 Cisco and/or its affiliates. All rights reserved. Mobile Scope Contain Remediate Virtual Cloud Continuous Cisco Public 10 Strategic Imperatives Visibility-Driven Threat-Focused Platform-Based Network-Integrated, Broad Sensor Base, Context and Automation Continuous Advanced Threat Protection, Cloud-Based Security Intelligence Agile and Open Platforms, Built for Scale, Consistent Control, Management Network © 2014 Cisco and/or its affiliates. All rights reserved. Endpoint Mobile Virtual Cloud Cisco Public 11 Visibility-Driven © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 Cisco Sees More Than the Competition Application Protocols Users NetFlow Web Applications Files Malware Command and Control Servers Services Vulnerabilities Operating Systems Processes Network Servers © 2014 Cisco and/or its affiliates. All rights reserved. Mobile Devices Routers and Switches Client Applications VoIP Phones Printers Virtual Machines Network Behavior Cisco Public 13 Threat-Focused ? © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 Detect, Understand, and Stop Threats Collective Security Intelligence Who Event History What ? Where When How Recorded Threat Identified Context Enforcement ISE + Network, Appliances (NGFW/NGIPS) AMP, CWS, Appliances © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 Continuous Advanced Threat Protection Collective Security Intelligence Who Event History What Where When How Context Enforcement Continuous Analysis ISE + Network, Appliances (NGFW/NGIPS) AMP, CWS, Appliances AMP, NBAD © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 16 Superior Intelligence to Battle Advanced Threats 100I II0I III00II 0II00II I0I000 0II0 00 100 TB Intelligence II II0000I II0 Web I00I II0I III00II 0II00II 101000 0110 00 Endpoints Collective Security Intelligence Research Response Advanced Industry Disclosures WWW Email 101 1100001 110 I00I II0I III0011 0110011 101000 0110 00 1100001110001III0 0III000 II1010011 101000 0II0 00 0III000 III0I00II I00I III0I III00II 0II00II I0I000 0110 00 Threat 10I000 0II0 00 Intelligence110000III000III0 Devices 1.1M+ IPS File Samples per Day Networks Outreach Activities Dynamic Analysis 1.6M Sensors AEGIS™& SPARK 150 Million+ Endpoints Open Source Communities 35% Global Email 1B Reputation Queries per Day IPS Snort Rules Update 3.6PB Monthly though CWS Security Intelligence 13B Web Requests FireAMP™, 3M+ Threat Centric Detection Content Malware Analysis Vulnerability Database Update Email & Web Reputation © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 FirePOWER Delivers Best Threat Effectiveness Security Value Map for Intrusion Prevention System (IPS) © 2014 Cisco and/or its affiliates. All rights reserved. Security Value Map for Breach Detection Cisco Public 18 NSS Labs – Next-Generation Firewall Test Methodology (v5.4) The NGFW Security Value Map shows the placement of Cisco ASA with FirePOWER Services and the FirePOWER 8350 as compared to other vendors. All three products achieved 99.2 percent in security effectiveness and now all can be confident that they will receive the best protections possible regardless of deployment. © 2014 Cisco and/or its affiliates. All rights reserved. Source: NSS Labs 2014 Cisco Public 19 The Network and Security Synergies Through Integration Increases Visibility © 2014 Cisco and/or its affiliates. All rights reserved. Accelerates Detection Scales Enforcement Cisco Public 20 Silos Create Security Gaps WWW Traditional Firewall Functions © 2014 Cisco and/or its affiliates. All rights reserved. VPN Functions ContextAware Functions IPS Functions Malware Functions Cisco Public 21 Cisco ASA with FirePOWER Services Superior Integrated & Multilayered Protection World’s most widely deployed, enterpriseclass ASA stateful firewall Cisco Collective Security Intelligence Enabled Clustering & High Availability Network Firewall Routing | Switching Intrusion Prevention Application Visibility & Control Advanced Malware Protection (Subscription) FireSIGHT Analytics & Automation WWW URL Filtering Granular Cisco® Application Visibility and Control (AVC) (Subscription) Industry-leading FirePOWER next-generation IPS (NGIPS) Built-in Network Profiling Identity-Policy Control & VPN Reputation- and category-based URL filtering Cisco ASA + FirePOWER Advanced malware protection © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 Advanced Malware Protection Everywhere Virtual PC Mobile MAC AMP for Endpoints AMP for Networks AMP Private Cloud Virtual Appliance AMP Threat Grid Dynamic Malware Analysis + Threat Intelligence Engine CWS AMP on ASA Firewall with FirePOWER Services AMP on Web & Email Security Appliances © 2014 Cisco and/or its affiliates. All rights reserved. AMP for Cloud Web Security & Hosted Email Cisco Public 23 Reduce Complexity and Increase Capability Collective Security Intelligence Centralized Management Appliances, Virtual Network Control Platform Device Control Platform Cloud Services Control Platform Appliances, Virtual Host, Mobile, Virtual Hosted © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 24 The cloud increases IT efficiency Manageability Scalability Cost Savings • Turnkey installation and management • Integrated, always up to date features • Scales from small branches to large networks • Reduces operational costs © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 25 Cisco Meraki: Bringing the cloud to enterprise networks Meraki MR Wireless LAN © 2014 Cisco and/or its affiliates. All rights reserved. Meraki MS Ethernet Switches Meraki MX Security Appliances Meraki SM Mobile Device Management Cisco Public 26 Cloud-managed networking architecture Network endpoints securely connected to the cloud Cloud-hosted centralized management platform Intuitive browser-based dashboard © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 27 Simplified enterprise security Enterprise-class security features for security-conscious environments Air Marshal WIDS/WIPS Detect wireless attacks; contain rogue APs; cloud-based alerting and diagnostics User and device aware security User, device, and group-based firewall rules (layer 3-7) with Active Directory integration Complete NG firewall and content security Application firewall; content filtering matching 1B+ URLs; antivirus / antimalware filtering; Google safesearch © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 28 Case study: Milpitas Unified School District • California school district with 14 schools, 10,000 students • Deployed cloud-managed firewall, 500 wireless APs (indoor + outdoor), and 100 Ethernet switches • Enabled 1:1 Google Chromebook deployment and BYOD policy • Application visibility and control optimizes bandwidth across 10k+ clients “The Dashboard, the traffic shaping, and the MDM were real advantages. We can see the traffic and devices on the fly.” Chin Song, Director of Technology, Milpitas Unified School District © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 29 Security Services Portfolio Integration Assessments Migration Architecture and Design Optimization Program Strategy Product Support © 2014 Cisco and/or its affiliates. All rights reserved. Hosted Security Managed Security Cisco Public 30 Cisco and Sourcefire: Better Together Attack Continuum Discover Enforce Harden Detect Block Defend Scope Contain Remediate Firewall VPN NGIPS Advanced Malware Protection NGFW UTM Web Security Network Behavior Analysis NAC + Identity Services Email Security Malware Sandboxing Security Services © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 31 Ecosystem and Integration Vulnerability Management Network Access Taps © 2014 Cisco and/or its affiliates. All rights reserved. Custom Detection Full Packet Capture Incident Response NAC BEFORE DURING AFTER Policy and Control Detection and Blocking Analysis and Remediation Infrastructure & Mobility Visualization Combined API Framework SIEM Cisco Public 32 Only Cisco Delivers Unmatched Visibility Consistent Control Advanced Threat Protection Reduced Complexity Global Intelligence With the Right Context Consistent Policies Across the Network and Data Center Detects and Stops Advanced Threats Fits and Adapts to Changing Business Models © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 33 Thank You © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
© Copyright 2024 Paperzz
