Cisco Security Overview

Intelligent Cyber security
for the Real World
Suwitcha Musijaral,CISA,CISSP
CSE – Security , Global Security Sales Organization
6 March 2015
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
1
Key Milestones in Cisco Security
Sourcefire &
ThreatGRID
Acquisitions
AMP Everywhere
OpenAppID
Managed
Threat Defense
Cognitive Threat
Analytics
ASAv Firewall
ASA with FirePOWER Svcs
FirePOWER 8300 Series
Security
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
2
“Based on our (Breach Detection Systems)
reports, Advanced Malware Protection from
Cisco should be on everyone’s short list.”
“Cisco is disrupting the advanced
threat defense industry.”
“So do any network security vendors understand
data center and what’s needed to accommodate
network security? Cisco certainly does.”
2014 Vendor Rating
for Security: Positive
“… AMP will be one of the
most beneficial aspects of the
[Sourcefire] acquisition.”
“The AMP products will provide deeper
capability to Cisco's role in providing
secure services for the Internet of
Everything (IoE).”
Market Recognition
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
3
Security Challenges
Changing
Business Models
© 2014 Cisco and/or its affiliates. All rights reserved.
Dynamic
Threat Landscape
Complexity
and Fragmentation
Cisco Public
4
Security Challenges
Changing
Business Models
BYOD
Dynamic
Threat Landscape
Complexity
and Fragmentation
SOCIAL MEDIA
CLOUD
APP STORES
90%
14%
5–10
92%
of organizations not
“fully aware” of all
network devices
of organizations had
malware enter the corporate
network through social
media/web apps
times more cloud services
are being used than
known by IT
of top 500 Android apps
carry security/privacy risks
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
5
Security Challenges
Changing
Business Models
Dynamic
Threat Landscape
Complexity
and Fragmentation
A community that hides in plain sight avoids detection and attacks swiftly
60%
START
© 2014 Cisco and/or its affiliates. All rights reserved.
85%
54%
51%
of data is
stolen in
of point-of-sale intrusions
aren’t discovered for
of breaches remain
undiscovered for
HOURS
WEEKS
MONTHS
increase of companies
reporting a $10M loss
or more in the last
HOURS
WEEKS
MONTHS
YEARS
YEAR
Cisco Public
6
Security Challenges
Changing
Business Models
Complexity
Dynamic
Threat Landscape
Fragmentation
Complexity
and Fragmentation
Talent
45
373
12x
Security Vendors for
Some Customers
Security Vendors
at RSA
Demand for
Security Talent
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
7
How Industrial Hackers Monetize the Opportunity
Credit
Card Data
$0.25-$60
Social Security
$1
Medical
Record
>$50
DDoS
DDOS
as a Service
~$7/hour
$
Bank Account Info
>$1000
depending on account
type and balance
Mobile Malware
$150
Spam
$50/500K emails
Global
Cybercrime
Market:
$450B-$1T
Malware
Development
$2500
Exploits
$1000-$300K
Facebook Account
$1 for an account
with 15 friends
(commercial malware)
WELCOME TO THE HACKERS’ ECONOMY
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
8
What would you do
differently if you knew
you were going to be
compromised?
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
9
The Threat-Centric Security Model
Attack Continuum
Detect
Block
Defend
Discover
Enforce
Harden
Network
Endpoint
Point in Time
© 2014 Cisco and/or its affiliates. All rights reserved.
Mobile
Scope
Contain
Remediate
Virtual
Cloud
Continuous
Cisco Public
10
Strategic Imperatives
Visibility-Driven
Threat-Focused
Platform-Based
Network-Integrated,
Broad Sensor Base,
Context and Automation
Continuous Advanced Threat
Protection, Cloud-Based
Security Intelligence
Agile and Open Platforms,
Built for Scale, Consistent
Control, Management
Network
© 2014 Cisco and/or its affiliates. All rights reserved.
Endpoint
Mobile
Virtual
Cloud
Cisco Public
11
Visibility-Driven
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
12
Cisco Sees More Than the Competition
Application
Protocols
Users
NetFlow
Web
Applications
Files
Malware
Command
and Control
Servers
Services
Vulnerabilities
Operating
Systems
Processes
Network
Servers
© 2014 Cisco and/or its affiliates. All rights reserved.
Mobile
Devices
Routers
and
Switches
Client
Applications
VoIP
Phones
Printers
Virtual
Machines
Network
Behavior
Cisco Public
13
Threat-Focused
?
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
14
Detect, Understand, and Stop Threats
Collective Security
Intelligence
Who
Event History
What
?
Where
When
How
Recorded
Threat
Identified
Context
Enforcement
ISE + Network, Appliances (NGFW/NGIPS)
AMP, CWS, Appliances
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
15
Continuous Advanced Threat Protection
Collective Security
Intelligence
Who
Event History
What
Where
When
How
Context
Enforcement
Continuous Analysis
ISE + Network, Appliances (NGFW/NGIPS)
AMP, CWS, Appliances
AMP, NBAD
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
16
Superior Intelligence to Battle Advanced Threats
100I II0I III00II 0II00II I0I000 0II0 00
100 TB Intelligence
II II0000I II0
Web
I00I II0I III00II 0II00II 101000 0110 00
Endpoints
Collective
Security Intelligence
Research
Response
Advanced Industry Disclosures
WWW
Email
101 1100001 110
I00I II0I III0011 0110011 101000 0110 00
1100001110001III0
0III000 II1010011
101000 0II0 00 0III000 III0I00II
I00I III0I III00II 0II00II I0I000 0110 00
Threat 10I000 0II0 00
Intelligence110000III000III0
Devices
1.1M+ IPS
File Samples
per Day
Networks
Outreach Activities
Dynamic Analysis
1.6M Sensors
AEGIS™& SPARK
150 Million+
Endpoints
Open Source
Communities
35% Global Email
1B Reputation
Queries per Day
IPS Snort Rules Update
3.6PB Monthly
though CWS
Security Intelligence
13B Web Requests
FireAMP™, 3M+
Threat Centric Detection Content
Malware Analysis
Vulnerability Database Update
Email & Web Reputation
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
17
FirePOWER Delivers Best Threat Effectiveness
Security Value Map for
Intrusion Prevention System (IPS)
© 2014 Cisco and/or its affiliates. All rights reserved.
Security Value Map for
Breach Detection
Cisco Public
18
NSS Labs – Next-Generation Firewall
Test Methodology (v5.4)
The NGFW Security Value Map shows the placement of Cisco ASA with FirePOWER Services and the FirePOWER
8350 as compared to other vendors. All three products achieved 99.2 percent in security effectiveness and now all
can be confident that they will receive the best protections possible regardless of deployment.
© 2014 Cisco and/or its affiliates. All rights reserved.
Source: NSS Labs 2014
Cisco Public
19
The Network and Security
Synergies Through Integration
Increases Visibility
© 2014 Cisco and/or its affiliates. All rights reserved.
Accelerates Detection
Scales Enforcement
Cisco Public
20
Silos Create Security Gaps
WWW
Traditional
Firewall
Functions
© 2014 Cisco and/or its affiliates. All rights reserved.
VPN
Functions
ContextAware
Functions
IPS
Functions
Malware
Functions
Cisco Public
21
Cisco ASA with FirePOWER Services
Superior Integrated & Multilayered Protection
World’s most widely deployed, enterpriseclass ASA stateful firewall
Cisco Collective Security Intelligence Enabled
Clustering &
High Availability
Network Firewall
Routing | Switching
Intrusion
Prevention
Application
Visibility & Control
Advanced
Malware
Protection
(Subscription)
FireSIGHT
Analytics &
Automation
WWW
URL Filtering
Granular Cisco® Application
Visibility and Control (AVC)
(Subscription)
Industry-leading FirePOWER
next-generation IPS (NGIPS)
Built-in Network
Profiling
Identity-Policy
Control & VPN
Reputation- and category-based
URL filtering
Cisco ASA + FirePOWER
Advanced malware protection
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
22
Advanced Malware Protection Everywhere
Virtual
PC
Mobile
MAC
AMP for Endpoints
AMP for Networks
AMP Private Cloud
Virtual Appliance
AMP Threat Grid
Dynamic Malware Analysis
+
Threat Intelligence Engine
CWS
AMP on ASA Firewall with
FirePOWER Services
AMP on Web & Email
Security Appliances
© 2014 Cisco and/or its affiliates. All rights reserved.
AMP for
Cloud Web Security
& Hosted Email
Cisco Public
23
Reduce Complexity and Increase Capability
Collective Security Intelligence
Centralized Management
Appliances, Virtual
Network Control
Platform
Device Control
Platform
Cloud Services
Control Platform
Appliances, Virtual
Host, Mobile, Virtual
Hosted
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
24
The cloud increases IT efficiency
Manageability
Scalability
Cost Savings
• Turnkey installation and management
• Integrated, always up to date features
• Scales from small branches to large networks
• Reduces operational costs
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
25
Cisco Meraki: Bringing the cloud to enterprise networks
Meraki MR
Wireless LAN
© 2014 Cisco and/or its affiliates. All rights reserved.
Meraki MS
Ethernet Switches
Meraki MX
Security
Appliances
Meraki SM
Mobile Device
Management
Cisco Public
26
Cloud-managed networking architecture
Network endpoints securely
connected to the cloud
Cloud-hosted centralized
management platform
Intuitive browser-based
dashboard
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
27
Simplified enterprise security
Enterprise-class security features
for security-conscious
environments
Air Marshal WIDS/WIPS
Detect wireless attacks; contain rogue APs; cloud-based alerting and diagnostics
User and device aware
security
User, device, and group-based firewall rules (layer 3-7) with
Active Directory integration
Complete NG firewall and
content security
Application firewall; content filtering matching 1B+ URLs; antivirus / antimalware filtering; Google safesearch
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
28
Case study: Milpitas Unified School District
• California school district with 14 schools,
10,000 students
• Deployed cloud-managed firewall, 500 wireless
APs (indoor + outdoor), and 100 Ethernet
switches
• Enabled 1:1 Google Chromebook deployment
and BYOD policy
• Application visibility and control optimizes
bandwidth across 10k+ clients
“The Dashboard, the traffic shaping, and the MDM were real advantages. We can see the traffic and
devices on the fly.”
Chin Song, Director of Technology, Milpitas Unified School District
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
29
Security Services Portfolio
Integration
Assessments
Migration
Architecture and Design
Optimization
Program Strategy
Product Support
© 2014 Cisco and/or its affiliates. All rights reserved.
Hosted Security
Managed Security
Cisco Public
30
Cisco and Sourcefire: Better Together
Attack Continuum
Discover
Enforce
Harden
Detect
Block
Defend
Scope
Contain
Remediate
Firewall
VPN
NGIPS
Advanced Malware Protection
NGFW
UTM
Web Security
Network Behavior Analysis
NAC + Identity Services
Email Security
Malware Sandboxing
Security Services
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
31
Ecosystem and Integration
Vulnerability Management
Network Access
Taps
© 2014 Cisco and/or its affiliates. All rights reserved.
Custom Detection
Full Packet Capture
Incident Response
NAC
BEFORE
DURING
AFTER
Policy and
Control
Detection
and Blocking
Analysis and
Remediation
Infrastructure & Mobility
Visualization
Combined API Framework
SIEM
Cisco Public
32
Only Cisco Delivers
Unmatched
Visibility
Consistent
Control
Advanced Threat
Protection
Reduced
Complexity
Global Intelligence
With the Right
Context
Consistent Policies
Across the
Network and
Data Center
Detects and Stops
Advanced Threats
Fits and Adapts
to Changing
Business Models
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
33
Thank You
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
34