The Importance of Threat-Centric Security

Size: px

Start display at page:

Download "The Importance of Threat-Centric Security"

Crystal Maxwell
7 years ago
Views:

1 The Importance of Threat-Centric Security

2 The Importance of Threat-Centric Security Ayman Abureyaleh Security Sales Manager, Cisco GSSO

3 What can we learn from others? Cisco Connect 2015

WW SECURITY NEWS www.dailynews.com Since 1879 Largest US Bank Hacked! 76M Retail Bank Accounts Compromised 7M Small Business Accounts Hacked Hackers burrowed into the databanks of JPMorgan Chase & Co.

4 WW SECURITY NEWS Since 1879 Largest US Bank Hacked! 76M Retail Bank Accounts Compromised 7M Small Business Accounts Hacked Hackers burrowed into the databanks of JPMorgan Chase & Co. and deftly dodged one of the world s largest arrays of sophisticated detection systems for months. The attack, an outline of which was provided by two people familiar with the firm s investigation, started in June at the digital equivalent of JPMorgan s front door, exploiting an overlooked flaw in one of the bank s websites. From there, it quickly developed into any security team s worst nightmare. The hackers unleashed malicious programs that had been designed to penetrate the corporate network of JPMorgan -- the largest U.S. bank, which had vowed two months before the attack began to spend a quarterbillion dollars a year on cybersecurity. With sophisticated tools, the intruders reached deep into the bank s infrastructure, silently siphoning off gigabytes of information, including customer-account data, until mid-august Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

5 Cisco Connect 2015

6 The Reality: Organizations Are Under Attack 95% of large companies targeted by malicious traffic 100% of organizations interacted with websites hosting malware Source: 2014 Cisco Annual Security Report Cybercrime is lucrative, barrier to entry is low Hackers are smarter and have the resources to compromise your organization Malware is more sophisticated Organizations face tens of thousands of new malware samples per hour Phishing, Low Sophistication Hacking Becomes an Industry Sophisticated Attacks, Complex Landscape Viruses Cisco Connect 2015 Worms Spyware and Rootkits 2005 Today APTs Cyberware Today +

7 How Industrial Hackers Monetize the Opportunity Social Security $1 DDoS DDOS as a Service ~$7/hour Medical Record >$50 Credit Card Data $0.25-$60 $ Bank Account Info >$1000 depending on account type and balance Global Cybercrime Market: $450B-$1T Mobile Malware Exploits $150 Spam $1000-$300K $50/500K s Malware Development $2500 (commercial malware) Facebook Account $1 for an account with 15 friends Source: RSA/CNBC 2014 Cisco and/or its affiliates. All rights reserved. WELCOME TO THE HACKERS ECONOMY Cisco Confidential Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

8 The Security Problem Changing Business Models Dynamic Threat Landscape Complexity and Fragmentation Cisco Connect 2015

9 Cisco Connect 2015 The Problem is Threats

10 Threat Landscape Demands more than Application Control 60% of data is stolen in hours 54% of breaches remain undiscovered for months 100% of companies connect to domains that host malicious files or services It is a Community that hides in plain sight avoids detection and attacks swiftly 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10

11 Defense-in-Depth Security Alone Is Not Enough Siloed Approach Poor Visibility Manual and Static Increased complexity and reduced effectiveness Undetected multivector and advanced threats Slow, manual inefficient response 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

12 Impact of a Breach Breach occurs 60% data in breaches is stolen in hours 54% of breaches remain undiscovered for months Information of up to 750 million individuals on the black market over last three years START HOURS MONTHS YEARS Source: Verizon Data Breach Report 2014 Cisco Connect 2015

13 Breach/Detection Time Delta is Not Improving Percent of beaches where time to compromise (Blue)/time to discovery (Black) was days or less 100% Time to compromise 75% 50% 25% Time to discovery Cisco Connect 2015 Source: Verizon 2014 Data Breach Investigations Report

14 If you knew you were going to be compromised, would you do security differently? Cisco Connect 2015

Threat-Centric Strategy 2014 Cisco and/or its

16 A Threat-Centric Approach Cisco Connect 2015

17 Cisco: Covering the Entire Attack Continuum ASA VPN NGIPS Advanced Malware Protection NGFW Meraki ESA/WSA Cognitive Secure Access + Identity Services CWS ThreatGRID FireSIGHT and pxgrid Cisco Connect 2015

18 Today s Security Appliances Traditional Firewall Functions VPN Functions Context- Aware Functions IPS Functions WWW Malware Functions Cisco Connect 2015

APIs Workflow (automation) Engine Visibility and Context are the Foundation Breach Understand scope, contain & remediate Threat Focus on the threat security is

19 APIs Workflow (automation) Engine Visibility and Context are the Foundation Breach Understand scope, contain & remediate Threat Focus on the threat security is about detecting, understanding, and stopping threats Control Set policy to reduce surface area of attack Visibility Broad visibility for context Cisco Connect 2015

A Threat-Centric Approach Reduces Complexity and Increase Capability Collective Security Intelligence Centralized Management Appliances, Virtual

20 A Threat-Centric Approach Reduces Complexity and Increase Capability Collective Security Intelligence Centralized Management Appliances, Virtual Network Control Platform Device Control Platform Cloud Services Control Platform Appliances, Virtual Host, Mobile, Virtual Hosted Cisco Connect 2015

The Time is Now for Cisco s Threat-Centric Approach Unmatched Visibility Consistent Control Advanced Threat Protection Complexity Reduction Global Intelligence With

21 The Time is Now for Cisco s Threat-Centric Approach Unmatched Visibility Consistent Control Advanced Threat Protection Complexity Reduction Global Intelligence With the Right Context Consistent Policies Across the Network and Data Center Detects and Stops Advanced Threats Fits and Adapts to Changing Business Models Cisco Connect 2015

22 Five Things Boards Should do about Cybersecurity NOW Many Organizations have Cybersecurity tucked away in IT departments. It s time to bring it up and dust it off. 1 Understand the problem 2 Know the scope of risk to the organization 3 Decide what your crown jewels are 4 Know the regulations 2014 Cisco and/or its affiliates. All rights reserved. 5 Know where to spend Cisco Confidential Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22

23 Cisco Connect 2015

Market Recognition Cisco is disrupting the advanced threat defense industry. Based on our (Breach Detection Systems) reports, Advanced Malware Protection from Cisco should be on everyone s short list.

24 Market Recognition Cisco is disrupting the advanced threat defense industry. Based on our (Breach Detection Systems) reports, Advanced Malware Protection from Cisco should be on everyone s short list. The AMP products will provide deeper capability to Cisco's role in providing secure services for the Internet of Everything (IoE). So do any network security vendors understand data center and what s needed to accommodate network security? Cisco certainly does Vendor Rating for Security: Positive AMP will be one of the most beneficial aspects of the [Sourcefire] acquisition. Cisco Connect 2015

25 Cisco Connect 2015

Cisco Advanced Malware Protection. Ross Shehov Security Virtual Systems Engineer March 2016

Cisco Advanced Malware Protection Ross Shehov Security Virtual Systems Engineer March 2016 The Reality Organizations Are Under Attack and Malware Is Getting in 95% of large companies targeted by malicious