Cisco & Big Data Security

Size: px

Start display at page:

Download "Cisco & Big Data Security"

Sarah Shelton
8 years ago
Views:

1 Cisco & Big Data Security 巨量資料的傳輸保護 Joey Kuo Borderless Networks Manager

2 The any-to-any world and the Internet of Everything is an evolution in connectivity and collaboration that is unfolding rapidly. It s the nexus of devices, clouds, and applications. Global cloud traffic will increase sixfold over the next five years, growing at a rate of 44 percent from 2011 to Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

Global cloud traffic will increase sixfold over the next five years, growing at a rate of 44

3 Every day I wake up and ask, how can I flow data better, manage data better, analyze data better? Rollin Ford (CIO, Walmart) 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

4 Every two days we create as much information as we did from the dawn of civilization up until Eric Schmidt (Chairman of Google) 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

5 Fraud detection Wire transfer alerts Traffic analysis Network optimization to support service levels Environment monitoring Security/ anti-terror Cyber Security Customer loyalty programs Subscriber data management Content monetization Store operation analysis Collaborative planning and forecasting Supply chain optimization 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

Subscriber data management Content monetization Store operation analysis Collaborative planning and

7 22% Online video 36% search engines 20% Social networks 13% Advertisements Hits to Top Web Properties Social Network Ads Online Video Search Engine 0% 10% 20% 30% 40% 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

Online Video Search Engine 0% 10% 20% 30% 40% 2013 Cisco

8 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Perscription Prescription Drugs Luxury Watches Credit Card Business Business Reviews Reviews Professional Network Professional Network Electronic Money Transfer Electronic Money Transfer Accounting Software Accounting Software Social Network Social Network Professional Associations Professional Associations Airline Airline Mail Mail Weight Loss Government Weight Loss Organization Windows Government Software Organization Cellular Windows Company Software Online Cellular Classifieds Company Taxes 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

Social Network Professional Associations Professional Associations Airline Airline Mail Mail Weight Loss Government Weight Loss Organization Windows Government

9 Downloader 1.12% Infostealing 3.49% Exploit 9.86% Worm 0.89% Virus 0.48% Mobile 0.42% Scareware 0.16% Malscript/Iframe 83.43% 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9

12 Advanced Persistent Threat CNC Users & Applications Compromised Site & Exploit Server WWW 12

14 13B WEB REQUESTS 150M GLOBALLY DEPLOYED ENDPOINTS 35% WORLDWIDE TRAFFIC 75 TB DATA RECEIVED PER DAY 1.6M GLOBALLY DEPLOYED DEVICES SensorBase Threat Operations Center Dynamic Updates 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14

6M GLOBALLY DEPLOYED DEVICES SensorBase Threat Operations Center

15 Leveraging Cisco SensorBase THREAT INDEX Very Good Bank A pborges@ .com Information Update Dear Mr. Paulo Roberto Borges, We are contacting you in order to inform about a mandatory update of your personal data, which is being conducted after Bank A and Bank B merge. To begin the update, please click on the link and download the protection program. Protection Module 3.0 (2011) Best regards, Bank A Sensor Data Web Sensor Data IPS Sensor Data Sender IP Address: Unknown Verdict Very Bad 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15

A and Bank B merge. To begin the update, please click on the link and download the protection program. Protection Module 3.

16 Outbreak Filters in Action Internet Security Inbox Targeted Attack Filter Dynamic Quarantine Rule Sets Cisco Security Intelligence Operations 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16

Sets Cisco Security Intelligence Operations 2011 Cisco

17 Web Reputation 信譽評等 Internet Explorer (IE) Zero-Day Vulnerability Blocked by Cisco Blocked by Cisco Day 0: Exploit Site Detected Day 8: Exploit Site Volume Up Malware Detected Day 14: IPS Sig Published C&C Server Blocked Day 16: A/V Vendor A Sig Published (Partial) Day 17: A/V Vendor B Sig Published Day 18: A/V Vendor A and C Full Sig Published Continuous Intelligence Security Advisory Issued IE Patched Competitive approaches: Endless race against hackers Zero-day threat & future attacks from 40+ parked domains prevented by reputation & cross-platform intelligence Cisco approach: Stop attacks at the source Disarm attackers 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17

Published Continuous Intelligence Security Advisory Issued IE Patched Competitive approaches: Endless race against hackers Zero-day threat & future attacks from 40+ parked

19 Info about domains: Domain Name: ROOTADMIN2012.COM Creation Date: 23-jan-2013 Expiration Date: 23-jan-2014 Domain Name: Creation Date: Expiration Date: MYADMIN2012.COM 23-jan jan-2014 Both domains hosted in the following IP address in Japan: ( cidr.odn.ne.jp) 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19

23 Cisco Security Intelligence Operations Botnet Traffic Filters Infected Client Cisco ASA 5500 Series Command and Control Scans all traffic, ports, and protocols for rogue phone home traffic Provides visibility to infected clients within corporate network SensorBase provides visibility into dynamic IPs 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23

25 Enabling the Potential of Network-Wide Context Sharing I have reputation info! I need threat data I have sec events! I need reputation SIO I have application info! I need location & auth-group I have NBAR info! I need identity I have NetFlow! I need entitlement That Didn t Work So Well! I have location! I need identity I have MDM info! I need location I have threat data! I need reputation I have firewall logs! I need identity I have app inventory info! I need posture I have identity & device-type! I need app inventory & vulnerability 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25

26 Enabling the Potential of Network-Wide Context Sharing I have reputation info! I need threat data I have sec events! I need reputation SIO I have application info! I need location & auth-group I have NBAR info! I need identity I have NetFlow! I need entitlement pxgrid Context Sharing Single Framework Direct, Secured Interfaces I have location! I need identity I have MDM info! I need location I have threat data! I need reputation I have firewall logs! I need identity I have app inventory info! I need posture I have identity & device-type! I need app inventory & vulnerability 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26

27 Who What Where When How Security Policy Attributes Identity Context Cisco ISE Business-Relevant Policies Wired Wireless VPN Virtual machine client, IP device, guest, employee, and remote user Replaces AAA and RADIUS, NAC, guest management, and device identity servers 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27

28 Backed by Cisco SecureX MDM Manager Cisco Prime Cisco ISE Third-Party MDM Appliance Policy Cisco Catalyst Switches Cisco WLAN Controller Cisco Web Security Wired Network Devices Cisco CSM and ASDM Cisco ASA Firewall & IPS Cisco AnyConnect Office Wired Access Office Wireless Access Remote Access 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28

29 CISCO ISE ISE Provides Context Identity, Device-Type, Posture, Authorization Level, Location SIEM/TD Takes Action Network quarantine users & devices via ISE SIEM & Threat Defense Partners SIEM/TD System Quarantines Scott Smith TAKE NETWORK ACTION ISE Matches to Quarantine Policy Cisco Switch Executes Authorization Change Scott Smith Re-Assigned to Restricted Access 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29

30 Associate User to Event Associate User to Authorization IAM Check Endpoint Posture NAC?? Where is it on the Network? What Kind of Device is it? Potential Breach Event SIEM AAA Logs?? How Do I Mitigate??? MANY SCREENS, MISSING DATA COMPLICATED MITIGATION 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30

31 Potential Breach Event Associate User to Event Associate User to Authorization Check Endpoint Posture ONE SCREEN, ALL DATA INTEGRATED MITIGATION Check Network Location Check Device Type Mitigate in Network CISCO ISE Endpoint Network Action Security Event ISE User and Device Context Related to Security Event Integrated Mitigation SIEM & Threat Defense Partners 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31

32 SIEM & Threat Defense Prioritize Events, User/Device-Aware Analytics, Expedite Resolution ISE provides user and device context to SIEM and Threat Defense partners Partners utilize context to identify users, devices, posture, location and network privilege level associated with SIEM/TD security events Partners may take network action on users/devices via ISE Ensure Device Enrollment and Security Compliance Mobile Device Management ISE serves as policy gateway for mobile device network access MDM provides ISE mobile device security compliance context ISE assigns network access privilege based on compliance context 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32

33 Thank you.

Cisco Security: Moving to Security Everywhere. #TIGcyberSec. Stefano Volpi 13-10-2015

#TIGcyberSec Cisco Security: Moving to Security Everywhere Stefano Volpi 13-10-2015 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 Cisco is All In with Security I expect security