BEFORE. DURING. AFTER. CISCO'S INTEGRATED SECURITY STRATEGY NIALL MOYNIHAN CISCO EMEAR

Transcription

1

2 BEFORE. DURING. AFTER. CISCO'S INTEGRATED SECURITY STRATEGY NIALL MOYNIHAN CISCO EMEAR

3

4 The IndustrializaBon of Hacking SophisEcated AFacks, Complex Landscape Hacking Becomes an Industry Phishing, Low SophisEcaEon Viruses Worms Spyware and Rootkits 2005 Today APTs Cyberware Today +

5 Today s Reality All are smart, all had security, All were seriously compromised.

6 2014 Cisco and/or its affiliates. All rights reserved. 6

7 Modern networks are like candy; a hard crunchy shell around a so9 chewy centre. Bill Cheswick, 1986

8 The IndustrializaBon of Hacking SophisEcated AFacks, Complex Landscape Hacking Becomes an Industry Phishing, Low SophisEcaEon Viruses Worms Spyware and Rootkits 2005 Today APTs Cyberware Today +

9 MoBvated and Targeted AXackers Hack/vists Organised crime Na/on States 25% of a:acks targeted at a specific individual or company Verizon Data Breach report 2013

10 Spear Phishing is Prime AXack Vector Bypassing defences by IdenBfying Individuals to target Switchboard/RecepBonist Social Media Using Social Engineering Phishing.. Phishing gets the hacker behind the firewall In the majority of these incidents, the axacks targeted corporate workstabons NOT devices Gives him access of a user Popular with low level scammers This is where the hack starts

11

12 Well Planned, Stealthy AXacks 100% of corporate networks surveyed, showed signs of malicious traffic 66% of the breaches in our 2013 report took months or even years to discover Verizon Data Breach Inves/ga/ons Report, 2013 Cisco Annual Security Report, 2014 Mandiant APT1 Report, Feb 2013

13 Cisco is Serious about Security. GSSO is Transforming to Harness the Opportunity. The TransformaEon of Hacking u OrganizaBons face tens of thousands of new malware samples per hour u Smarter, well funded hackers u Resources to compromise your organizabon u Cyber crime costs: $445B Cisco is Transforming u Investment & Momentum u AcquisiBons creabng broad solubon porfolio u Complete service and product plaform u Regain market credibility u Improve compebbve posibon GTM TransformaEon u Empowered, dedicated security architecture u Trusted security advisors u Strategic customer engagement u We sell full technology and services solubons

14 Comprehensive Security Porfolio Firewall & NGFW Cisco ASA X Series Cisco ASA X w/ NGFW license Cisco ASA X w/ NGFW blade FirePOWER NGFW IPS & NGIPS Cisco IPS 4300 Series Cisco ASA X Series integrated IPS FirePOWER NGIPS FirePOWER NGIPS w/ ApplicaBon Control FirePOWER Virtual NGIPS Advanced Malware Protection FireAMP FireAMP Mobile FireAMP Virtual AMP for FirePOWER license Dedicated AMP FirePOWER appliance Cyber Threat Defense Cisco Sourcefire Web Security Cisco Web Security Appliance (WSA) Cisco Virtual Web Security Appliance (vwsa) Cisco Cloud Web Security Security Cisco Security Appliance (ESA) Cisco Virtual Security Appliance (vesa) Cisco Cloud Security NAC + Identity Services Cisco IdenBty Services Engine (ISE) Cisco Access Control Server (ACS) VPN Cisco AnyConnect VPN UTM Meraki MX

15 The Problem is Threats

16 The Silver Bullet Does Not Exist Sandboxing ApplicaBon Control Detect the unknown IDS / IPS UTM NAC CapBve portal Fix the firewall FW/ VPN Block or allow AV PKI It matches the paxern No key, no access No false posibves, no false negabves. Cisco focuses on the totality of defending against threats

17 Today s advanced malware is not just a single enbty 100 percent of companies surveyed by Cisco have Missed by Point-in-time conneceons to domains that are Detection known to host malicious files or services. (2014 CASR) It is a Community that hides in plain sight

18 Impact of a Breach Breach occurs 60% data in breaches is stolen in hours 54% of breaches remain undiscovered for months InformaBon of up to 750 million individuals on the black market over last three years START HOURS MONTHS YEARS Source: Verizon Data Breach Report 2014

19 Why?

20 ConfiguraBon and OrganizaBonal Problems IT professionals don t know what they re protecbng They can t see or recognize what s in their environment They can t deal with unknown axacks Even if technologies are purchased, in many cases, IT profesionals cannot use them properly Complexity and fragmentabon OperaBonal challenges

21 If you knew you were going to be compromised, would you do security differently?

22 The Threat- Centric Security Model ATTACK CONTINUUM Discover Enforce Harden Detect Block Defend Scope Contain Remediate Firewall Patch Mgmt IPS IDS AMD App Control Vuln Mgmt AnBvirus FPC Log Mgmt VPN IAM/NAC /Web Forensics SIEM Services Visibility and Context

23 The New Security Model ATTACK CONTINUUM Discover Enforce Harden Detect Block Defend Scope Contain Remediate Network Endpoint Mobile Virtual Cloud Point- in- Time ConBnuous

24 Covering the EnBre AXack ConBnuum Discover Enforce Harden Detect Block Defend Scope Contain Remediate ASA VPN NGIPS Advanced Malware ProtecBon NGFW Meraki ESA/WSA CogniBve Secure Access + IdenBty Services CWS ThreatGRID Advisory, IntegraBon and Managed Services FireSIGHT & PXGrid

25 Today s Security Appliances TradiBonal Firewall FuncBons VPN FuncBons Context- Aware FuncBons IPS FuncBons WWW Malware FuncBons

26 Strategic ImperaBves to Improve Security Visibility- Driven Threat- Focused Pla`orm- Based Network- Integrated, Broad Sensor Base, Context and AutomaBon ConBnuous Advanced Threat ProtecBon, Cloud- Based Security Intelligence Agile and Open Plaforms, Built for Scale, Consistent Control, Management Network Endpoint Mobile Virtual Cloud

27 Comprehensive Security Porfolio Cisco Sourcefire Firewall & NGFW Cisco ASA X Series Cisco ASA X w/ NGFW license Cisco ASA X w/ NGFW blade FirePOWER NGFW IPS & NGIPS Cisco IPS 4300 Series Cisco ASA X Series integrated IPS FirePOWER NGIPS FirePOWER NGIPS w/ ApplicaBon Control FirePOWER Virtual NGIPS Advanced Malware Protection FireAMP FireAMP Mobile FireAMP Virtual AMP for FirePOWER license Dedicated AMP FirePOWER appliance Cyber Threat Defense Web Security Cisco Web Security Appliance (WSA) Cisco Virtual Web Security Appliance (vwsa) Cisco Cloud Web Security Security Cisco Security Appliance (ESA) Cisco Virtual Security Appliance (vesa) Cisco Cloud Security NAC + Identity Services Cisco IdenBty Services Engine (ISE) Cisco Access Control Server (ACS) VPN Cisco AnyConnect VPN UTM Meraki MX

28 Mobility Is Changing The Future Of Work How we work Who we work with When we work Where we work What tools we use ACCESS POLICY IS MORE CRITICAL THAN EVER

29 IdenBty Services Engine (ISE) WHO Security Policy AXributes IdenEty Context WHAT WHERE ISE Business-Relevant Policies WHEN Wired HOW Wireless VPN VM client, IP device, guest, employee, remote user Replaces AAA & RADIUS, NAC, guest management & device iden/ty servers

30 Key ISE Use Cases BYOD Users get safely on the internet fast and easy GUEST ACCESS It s easy to provide guests limited time and resource access SECURE ACCESS ON WIRED, WIRELESS & VPN Control with one policy across wired, wireless & remote infrastructure TRUSTSEC NETWORK POLICY Rules written in business terms controls access

31 BYOD & ISE Automated self- service portal Get Users On- Net in Minutes, Not Hours Simple self- service portal for any user to get quickly on- net without help or hassle Reduce Burden on IT & Help Desk Staff Reliable automabon reduces user problems to near zero so Immediate Secure Access Rigorous IdenBty and Access Policy Enforcement

32 Cyber Threat Defense SoluBon NetFlow Enables Security Telemetry + NetFlow-enabled Cisco switches and routers become security telemetry sources Cisco is the undisputed market leader in Hardware-enabled NetFlow devices Cisco Network NetFlow Network Components Provide Rich Context Unites NetFlow data with identity and application ID to provide security context Cisco ISE Cisco ASR 1000 or ISR G2 + NBAR Cisco ASA Cisco NGA User? Device? Posture? Vulnerability AV Patch Events? Application? Lancope Partnership Provides Behavior-Based Threat Detection + + FlowSensor FlowCollector StealthWatch Management Console Single pane of glass that unifies threat detection, visibility, forensics analysis, and reporting

33 Cyber Threat Defense SoluBon Components StealthWatch Management Console Other tools/ collectors hxps hxps Cisco ISE StealthWatch FlowReplicat or StealthWatch FlowCollector NetFlow NetFlow StealthWatch FlowSensor NBAR Cisco Network NSEL StealthWatch FlowSensor VE Users/Devices

34 NetFlow Security Use Cases DetecEng SophisEcated and Persistent Threats. Malware that makes it past perimeter security can remain in the enterprise waibng to strike as lurking threats. These may be zero day threats that do not yet have an anbvirus signature or be hard to detect for other reasons. IdenEfying BotNet Command & Control AcEvity. BotNets are implanted in the enterprise to execute commands from their Bot herders to send SPAM, Denial of Service axacks, or other malicious acts. Uncovering Network Reconnaissance. Some axacks will probe the network looking for axack vectors to be ublized by custom- crased cyber threats. Finding Internally Spread Malware. Network interior malware proliferabon can occur across hosts for the purpose gathering security reconnaissance data, data exfiltrabon or network backdoors. Revealing Data Loss. Code can be hidden in the enterprise to export of sensibve informabon back to the axacker. This Data Leakage may occur rapidly or over Bme.

35 Cisco Dominates the Security Gartner Magic Quadrants Intrusion PrevenBon Web Security Security Network Access Control

36 NSS Labs Next- GeneraBon Firewall Security Value Map The NGFW Security Value Map shows the placement of Cisco ASA with FirePOWER Services and the FirePOWER 8350 as compared to other vendors. All three products achieved 99.2 percent in security effectiveness and now all can be confident that they will receive the best protections possible regardless of deployment. Source: NSS Labs 2014

37 Market RecogniBon Cisco is disrupting the advanced threat defense industry. Based on our (Breach Detection Systems) reports, Advanced Malware Protection from Cisco should be on everyone s short list. The AMP products will provide deeper capability to Cisco's role in providing secure services for the Internet of Everything (IoE). So do any network security vendors understand data center and what s needed to accommodate network security? Cisco certainly does Vendor Rating for Security: Positive AMP will be one of the most beneficial aspects of the [Sourcefire] acquisition.

38 THANK YOU