The Art of Modern Threat Defense. Paul Davis Director, Advanced Threats Security Solution Architects

Similar documents
Cisco Security Strategy Update Integrated Threat Defense. Oct 28, 2015

Cisco Master Security Specialization Practice Areas Summary. February 2016

Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats

Cisco Security: Moving to Security Everywhere. #TIGcyberSec. Stefano Volpi

Cyb T er h Threat D f e ense S l o uti tion Moritz Wenz, Lancope 1

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

BEFORE. DURING. AFTER. CISCO'S INTEGRATED SECURITY STRATEGY NIALL MOYNIHAN CISCO EMEAR

Cisco Advanced Malware Protection. Ross Shehov Security Virtual Systems Engineer March 2016

Security Analytics for Smart Grid

National Railroad Passenger Corp. (AMTRAK) Session 1 Threats and Constraints. Continuous. - Continuous Monitoring. - Continuous Assessment

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Accenture Cyber Security Transformation. October 2015

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Rashmi Knowles Chief Security Architect EMEA

Cisco Master Security Specialization Practice Areas Summary. June 2015

Evolution Of Cyber Threats & Defense Approaches

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

APPLICATION PROGRAMMING INTERFACE

Information & Asset Protection with SIEM and DLP

The session is about to commence. Please switch your phone to silent!

SANS Top 20 Critical Controls for Effective Cyber Defense

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

The Protection Mission a constant endeavor

Active Response: Automated Risk Reduction or Manual Action?

Driving Success in 2013: Enabling a Smart Protection Strategy in the age of Consumerization, Cloud and new Cyber Threats. Eva Chen CEO and Co-Founder

Intelligence Driven Security

Cisco & Big Data Security

The STAGEnet Security Model

Requirements When Considering a Next- Generation Firewall

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Cyber Security Operations Center (CSOC) for Critical Infrastructure Protection

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Unified Security, ATP and more

CYBER SECURITY SERVICES PWNED

AppGuard. Defeats Malware

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

Advanced Threats: The New World Order

The Next Generation Security Operations Center

Intelligent Cybersecurity for the Real World

RSA Security Analytics

you us MSSP are a Managed Security Service Provider looking to offer Advanced Malware Protection Services

Working with the FBI

Network Security Monitoring: Looking Beyond the Network

Response to Questions CML Managed Information Security

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

Implementing Cisco IOS Network Security

Cisco Advanced Malware Protection

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

IT Security Strategy and Priorities. Stefan Lager CTO Services

Advanced Threat Protection with Dell SecureWorks Security Services

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

ORGANIZADOR: APOIANTE PRINCIPAL:

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

Performanta Pty Ltd. Company Profile. May Trust. Practical. Performanta.

Delivering Control with Context Across the Extended Network

Analyzing Logs For Security Information Event Management Whitepaper

Der Weg, wie die Verantwortung getragen werden kann!

Analyzing Logs For Security Information Event Management Whitepaper

Analyzing HTTP/HTTPS Traffic Logs

Cisco Advanced Malware Protection for Endpoints

Cisco Cloud Web Security

Intrusion Detection and Intrusion Prevention. Ed Sale VP of Security Pivot Group, LLC

Evaluating, choosing and implementing a SIEM solution. Dan Han, Virginia Commonwealth University

Building a Security Operations Center. Randy Marchany VA Tech IT Security Office and Lab marchany@vt.edu

Braindumps QA

Fight fire with fire when protecting sensitive data

Cisco Remote Management Services for Security

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Changing the Enterprise Security Landscape

Symantec Enterprise Security: Strategy and Roadmap Galin Grozev

The Benefits of an Integrated Approach to Security in the Cloud

SOC & HIPAA Compliance

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Cisco Cyber Threat Defense Solution: Delivering Visibility into Stealthy, Advanced Network Threats

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Modular Network Security. Tyler Carter, McAfee Network Security

Security Coordination with IF-MAP

Cisco Systems and the Migration from Network Access Control (NAC) to Endpoint Visualization, Access, and Security (EVAS)

Practical Threat Intelligence. with Bromium LAVA

Integrated Network Security Architecture: Threat-focused Nextgeneration

Remote Management Services Portfolio Overview

Cisco Cloud Web Security Datasheet

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

ADVANCED KILL CHAIN DISRUPTION. Enabling deception networks

Reneaué Railton Sr. Informa2on Security Analyst, Duke Medicine Cyber Defense & Response

Cisco Cybersecurity Pocket Guide 2015

Concierge SIEM Reporting Overview

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Transcription:

The Art of Modern Threat Defense Paul Davis Director, Advanced Threats Security Solution Architects January 2016

Goal of Presentation Who Am I A New World of Pain How we are treating the symptoms Silver Bullets Doing the same thing every time, and expecting a different outcome The solution is within our grasp But change start with you The future architecture Call to action Cisco 3

Goal of Presentation Show The New Art of Advanced Threat Defense A New Way to Approach Building Security Infrastructure Give us a chance to defeat new attacks Where ever they hit us Create a dialog on how to improve Cisco 4

Who Am I IT - 25 years IT Security - 15 years Incident Coordination - 10 years Roles VP of Delivery ThreatGRID EDS General Motors CISO EDS Dow Chemical CSO VP, Unisys global MSSP business Incident Leader Business roles Systems Engineer Technical Architect DBA Recovering Developer Systems Integration Threat Intelligence SOCs Incident Response MSSPs Dir of Sec Ops Cisco 5

A New World of Pain More Publicity Wider scope of impact Incident Response teams getting bigger Forensics Attribution Transactional APT Regulatory BIA Business people are taking notice Governments are taking notice Security budgets are growing (slowly) Ratio of CAPEX to OPEX is shifting to the right (still) Cisco 6

A Future Approach 1. Great for known attacks 2. Not great for agile response 3. No cross data sharing DNS SIM Not good for 0days Web Email Consoles IPS Network NetFlow Endpoint Firewall Cisco 7

Analysis CWS Cloud Access Control AMP Threat Grid Identity Management SIEM Threat Intelligence AMP Cloud Log Management Tools: - Isolated Threat Visualizatoin Intel - Defenseless Console - Limited integration trustsec There is the SIEM but tends to be Overloaded, and reactive to IT events Router Switch Firewall IPS/IDS Web Proxy Email Proxy Network Forensics NetFlow VPN Endpoint pxgrid Time is money, my friend (and increased risk) Cisco 8

Today s Reaction to Advanced Threats The Problem Isolated solutions Constrained to signatures, no proactive defense Not possible to have multiple layers of defense responding Assumes all traffic goes through as many layers as possible Event driven No Silver Bullets Cisco 9

A New Model is Required Retain the layers of defense idea Tools integrated Solution collaboration So we can build our Silver Gun Cross vendor integration More vectors of security awareness in our tools And it needs a. Cisco 10

Think about The Expanding Vectors of Security Knowledge Identity External Intelligence IT Events Device 7 Dimensions Of Security Transaction The Threat Intelligence Lifecycle Management Engine 1. Collective Trust Location 2. Enrich 3. Evaluate 4.Communicate 5. Monitor Cisco 11

A New Architecture Model Systems will be able to broadcast threat intelligence Systems will be able to act on threat intelligence Next generation of security control solution needed Automatic triage Automated intelligence driven response Aided business risk evaluation Multiple response methods Predictions Better enterprise security consoles SIEM as we know it will fade away Threat Intelligence will become more actionable Cisco 12

A Future Approach Big Data HumInt DNS Automated Analysis Machine Learning SIM Web Email A Broker of Intelligence Consoles IPS Network NetFlow Endpoint Firewall Cisco 13

A Future Approach HumInt Automated Analysis Machine Learning DNS Web Email Big Data A Broker of Intelligence SIM Consoles IPS Network NetFlow Endpoint Firewall Cisco 14

The Cisco Security Portfolio Talos / AS Threat Grid CTA/CWS OpenDNS WSA WSA ISE AMP Clou d SIM Consoles SourceFire AMP for Networks Lancope AMP for Endpoint ASA with FirePower Cisco 15

So What Are We Talking About Leveraging the power of each security tool As part of a cohesive automated response system Distributing intelligence As opposed to point solution security response Re-enabling our layers of defense Enabling a new level of response to kill chains Supporting the new world of: Porous networks More mobility More cyber crime More advanced attacks Cisco 16

The Give me feedback Start talking to your management about the need for greater intelligence and automation Look at pxgrid and TrustSec https://developer.cisco.com/site/pxgrid/ http://tools.ietf.org/html/draft-smith-kandula-sxp-00 Push for solutions that give you the ability to build a silver gun Cisco 17

Cisco 18

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information