Cisco RSA Announcement Update May 7, 2009 Presented by: WWT and Cisco
Agenda Cisco RSA Conference Announcements Collaborate with Confidence Overview Cisco s Security Technology Differentiation Review of New Product Announcements ASA 8.2 with Botnet Traffic Filters IPS 7.0 and Global Correlation SAFE Architecture Best Practices Q&A
Current Situation The network perimeter and enterprise boundary are disintegrating Mobility and Web 2.0 are challenging security norms New security strategies are needed 3
A Seismic Shift 2000-2008: IT security products look deeper 2009: Cisco Security products look around and respond faster
Today s Threats Sophisticated, Constantly Mutating Each Attack Instance can be slightly different Domains are rotated in days, even hours Content mutates and mimics legitimate traffic and content
Command and Control Networked, Persistent 50% of attacks are by serial offenders 80% of spam is from infected clients 70% of bots use dynamic IP addresses
Collaborate with Confidence Securely Connect, Communicate, and Conduct Business Balance protection and enablement for secure collaboration Deploy pervasive security that uses the network as the platform Enable the safe delivery of services and content over a secure network to protected devices
Cisco Collaborate with Confidence Three Distinct Advantages Comprehensive Threat Intelligence End-to-End Security Business-Enabling Services Provide a Rich, Highly Secure Collaborative Experience Using the Network as the Platform
Cisco Collaborate with Confidence Unique Advantages and What s New? Comprehensive Threat Intelligence New! Global correlation for sophisticated analysis with Cisco IPS and the Cisco ASA with Botnet Traffic Filtering End-to-End Security Business-Enabling Services
Cisco Collaborate with Confidence Unique Advantages and What s New? Comprehensive Threat Intelligence End-to-End Security New! ASA 5505 with IPS for SMB and Branch offices New! AnyConnect Essentials VPN for secure mobile access Business-Enabling Services 10
Cisco Collaborate with Confidence Unique Advantages and What s New? Comprehensive Threat Intelligence End-to-End Security Business-Enabling Services New! SAFE reference security architecture with validated implementation designs
Cisco Security Intelligence Operations Cisco SensorBase Threat Operations Center Analytics and Algorithms Security Infrastructure That Dynamically Protect Against the Latest Threats Through: Cisco SensorBase The Most Comprehensive Vulnerability and Sender Reputation Database Threat Operations Center A Global Team of Security Researchers and Analysts Analytics and Algorithms Automatic Updates and Best Practices Powered by Global Correlation
Cisco Global Correlation SensorBase: World s Largest Traffic Monitoring Network LARGEST FOOTPRINT GREATEST BREADTH FULL CONTEXT ANALYSIS Cisco SensorBase
Cisco Global Correlation Unmatched Breadth LARGEST FOOTPRINT GREATEST BREADTH FULL CONTEXT ANALYSIS Email Security IPS Web Security Firewall Identifying a global botnet requires complete visibility across all threat vectors
Global Correlation Full Context Analysis: Seeing the Whole Picture LARGEST FOOTPRINT GREATEST BREADTH FULL CONTEXT ANALYSIS What? Content Who? Reputation of Counterparty How? Propagation & Mutation Methods Where? Geographic & Vertical Trends
Cisco IPS 7.0 Network IPS to Global IPS Coverage Twice the effectiveness of signature-only IPS Accuracy Reputation analysis decreases false positives Timeliness 100x faster than traditional signature-only methods IPS Reputation Filtering powered by Global Correlation
Defeating SQL Injection The Challenge of Traditional Signature-Based IPS What SIGNATURES Find Verdict: UNKNOWN What? SQL Command Fragments in Web Traffic
IPS Reputation Enables Protection Powered By Global Correlation What CISCO IPS Finds Verdict: BLOCK What? How? SQL Command Fragments in Web Traffic First HTTP connection Who? Where? Dynamic IP Address Dynamic DNS History of Web Attacks Within Heavily Compromised.Asia Network History of Botnet Activity Clean Sources Only
Global Correlation for Cisco IPS Dramatic Changes in Protection and Accuracy Deployed in networks around the world Hosting environments Large businesses Research labs Average Results Over Two Week Period Global Correlation is a huge step forward for IPS. Director of security, Top three Public Insurance Co.
Cisco IPS with Global Correlation Benefits Leveraging Comprehensive Threat Intelligence Decrease organizational risk of data theft stop attacks with increasing accuracy Lower operational cost increase security team productivity by automating threat response Optimize your existing IPS and/or ASA investments
Detecting Client Infections Botnet Traffic Filter on ASA 5500 Series Monitors malware traffic Scans all traffic, ports & protocols Detects infected clients by tracking rogue phone home traffic Highly accurate Identifies100,000s of malware connections per week Automatic DNS lookups of addresses Dynamic database integrated into Cisco Security Intelligence Operations Command and Control Cisco ASA Infected Clients
Botnet Stages of Attack Botnet Command and Control Execution Step 1: Infection Clients are infected by spyware, malware, and targeted attacks Step 2: Control Infected clients communicate with botnet command and control Step 3: Execution Attacks are launched: data harvesting, ID theft, DDoS, spam, and click fraud
Cisco Anti-Botnet Solution Defense in Depth BotNet Command and Control Execution Step 1: Protection Cisco Firewall, Intrusion Prevention Systems, Web Security Appliances, Email Security Appliances Step 2: Detection ASA BotNet Traffic Filter WSA Layer 4 Traffic Monitor Step 3: Remediation Cisco NAC
Cisco Botnet Traffic Filter Reports Top Botnet Sites, Ports and Infected Endpoints Live Dashboard Monitoring Integrated Reporting
Botnet Traffic Filter for Cisco ASA Customer Case Study Customer Network Healthcare provider in Illinois and Indiana Hospitals, long-term care and senior residential facilities, clinics, home health agencies Observed Destinations (1.6M connections in a month) vove.3322.org Ad Network Sites Pornography Sites (xxxvogue.net ) Ieplugin.com Found command and control and sites distributing adware, known malware Vove.3322.org Host associated with command and control for trojan Port 6010 Trojan masquerades as a Microsoft.NET Framework service Financial information sent back to command and control
Flexible VPN Licensing Shared VPN License VPN Flex License Affordable, flexible solution for short-term bursts of VPN users Emergency and pandemic usage Planned surges of concurrent users Two month tiered licenses Shared licenses among ASAs No wasted capacity Available for Active and load balanced configurations
Cisco SAFE Validated Security Designs and Technical Implementation Guides Fully tested architectures based on security best practices speed transition from concept to design and implementation Aligns security blueprints to key business initiatives (i.e. compliance and securing mobile users) Modules include: Data Center, Campus, Branch Office, Unified Communications, Secured Mobility and E-Commerce http://www.cisco.com/go/safe Empowered Branch 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27
SPECIAL OFFER Free 30-Day ASA Botnet Traffic Filter license to all event attendees BONUS First 5 customers to respond immediately following this webinar will get complimentary consultation from WWT to upgrade to ASA 8.2* Please submit your email request to: ashish.upadhyay@wwt.com or call 800-432-7008 x 2623 * Limited to 5 devices on a single network environment
Q&A
Helpful Links Cisco ASA: http://www.cisco.com/go/asa Cisco Botnet Filer http://www.cisco.com/en/us/prod/vpndevc/ps6032/ps6094/ ps6120/botnet_index.html Cisco IPS Solution: http://www.cisco.com/go/ips Senderbase: http://www.senderbase.org Collaborate with Confidence: http://www.cisco.com/en/us/solutions/ns170/cwc.html
Thank you for attending this Webinar!!