bersecurity fore - During - After Integrated Security Strategy r Romness ness Development Manager ic Sector Cybersecurity o Systems Inc.
Mobility IOT Cloud Threat Consumer centric market dynamics requ an end to end security architecture
reat Evolution Enterprise Response Anti-virus (Host based) IDS/IPS (Network Perimeter) Reputation (global) & Sandboxing Intelligence & Analytics (Cloud) INCREASED ATTACK SURFACE (MOBILITY +Cloud + IoT) SPYWARE / ROOTKITS APTs CYBERWARE Threats WORMS 2000 2005 2010 Today
amples of Cyber Threats in the News Stuxnet / Flame Night Dragon Threat Characteristics: Zeus (Zitmo) Crypto Locker Bypass the perimeter (Initial Infection Vector) Shamoon Spread laterally on internal network where detection abilities were limited Kaptoxa (Propagation Mechanism) (Target) Red October Evade traditional detection techniques DUNIHI (Persistence Mechanism) Sykipot Citadel SpyEye (Spitmo) Shady Rat
er Threats Initial Infection Vector tiveness of Phishing an 95% of all attacks tate-affiliated ge employed as a means of hing a foothold in nded victims. - Verizon Data Breach Report - ThreatSim
T Megatrends are creating the Any to Any problem Infr S hybrid W pr Endpoint Proliferation Blending of Personal & Business Use Access Assets through Multiple Methods Services Reside In Many Clouds
at Landscape er Activities 104% increase in reported incidents by US Government Agencies from 2009 2013 5 52% increase in attacks against US Critical Infrastructure 2011 2012 5 144% increase in incidents involving PII from 2009-2013 5 More sophisticated every day Minute Zero er Crime Money Embarrassment Espionage ets Targeted 75% Point of Sale systems 20% E-Commerce Systems 5% Other (espionage etc ) Data Breach Report; 2 US House Intelligence; 3 NSA; 4 Bloomberg; 5 GAO; 6 2012 Norton Cybercrime Report
ber Threats, Detection, and Response licious Traffic & Vulnerabilities 100% - Corporate Networks found to have visible malicious traffic 5 95% - Corporate organizations that admit to having been breached 3 14% - year of year growth of reported vulnerabilities and threats 5 ach Discovery Methods 82% External Party Fraud Detection Org., LE, Customer 1 13% Internal Detection Users, Audits, Equipment 1 5% Unkown 1 ponse *416 Average number of days an Advanced Persistent Threat sits on your network before detection! 7 - Now down to approximately 300 days / 10 months ata Breach Report 2013; 2 US House Intelligence; 3 SANS; 4 Bloomberg; 5 Cisco Annual Security Report 2013; 6 ESG 7 Mandiant
s of Revenue st of Cyber Breach $1T/year private sector revenue loss from cyber espionage 1 $100B/year Cost of Cybercrime in US 2 26% of Americans have been victims of an identity breach 5 $194 per record US average 3 $233 per record US Healthcare average 6 tial PII Breach Costs State / Local Government $11 - $13 per record based on known breaches $5 - $6 for notification and credit checks $6 - $7 for remediation Constituent / customer confidence lost = added costs se Intelligence; 2 McAfee/CSIS, 3 Ponemon/Symantec 4 Bloomberg; 5 NCSA; 6 SANS/NORSE
Cybersecurity Concerns ate Regulations kers Insider Threat DOD 8570 Education Partners DISA STIG Revenue Loss Intellectual Property Theft Protecting National Security Government Regulations Reputation Internal Policies Embarrassment NIST Policy Money Theft PII Theft Malware NERC CIP MS-ISAC Damage Anonym Advanc Persist Threa Espionage
ext Generation Cybersecurity Model
ersecurity Scope Attack Continuum Regulations Standards Education Policy Application Presentation Session Transport Network Data Link Physical Vendor Partner Supply Chain Anti-Counterfeit Disti-Channels Content Security Network Security Advanced Services Trusted Systems Attack
e New Security Model Attack Continuum BEFORE Control Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Network Endpoint Mobile Virtual Cloud Point in time Continuous
apping Integrated Solutions Attack Continuum BEFORE Control Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Secure Identity & Mobility Solution Malware Detection and Defense Solution Cyber Continuous Monitoring Solution Cloud - Virtual and Physical Consistency
ecure Identity & Mobility
ure Identity and Mobility tity and Context Centric Policy Platform WHERE WHAT WHEN Security Policy Attributes Business-Re Policies HO HOW Identity Centralized Policy Engine (Identity Services Engine) Dynamic Policy User and Devices Monitoring & Reporting Security Policy Enforcement in the Network Application Controls
ure Identity/Mobility in Everyday Life s to the right resources based on Who, What, When, Where and How User Devices Access set by policy Confidential Resources top at Home Office General Resources Phone rbucks sonal ipad Internet
alware fense and Detection Solution
o s Malware Detection & Defense Solution -layered approach to network protection with threat intelligence information provided by Cisco SIO Cisco/SourceFire Security Intelligence Operations Web and Email Security Appliances AMP Untrusted Networks ASA Firewall with AMP + Botnet Filters IPS/NGIPS Trusted Enterprise Network Enterprise Resources Connections to untrusted networks must be checked in depth by multiple layers of defense before reaching enterprise resources
co Threat Intelligence rity Intelligence Operation / Vulnerability Research Team SIO VRT Telemetry from 1.6M devices worldwide 30B+ queries daily, 30% of all Web traffic 500+ security specialists / 24/7/365 / 40 languages URL reputation scores for Web, Email >7,500 IPS signatures and >8 million rules daily 2.1M Telemetry Points Open Source Input 6,000 Threat Reports / day NSS Labs 100% Detection rate tance of Reputation into both email & Web traffic dramatically oves detection of spam contains URLs il is a key distribution vector for Web-based are are is a key distribution or for spam zombie infections SIO/VRT Enables Email & Web Traffic Analysis, feeds Reputation Information to IPS e EMAIL Security Appliances SenderBase WEB Security Appliance
ecure Internal Monitoring
rnal Monitoring: The Need ed Threat Bypasses rity Gateways Customized Threa from Inside Firewall IPS Threat Spreads Inside Perimeter N-AV Web Sec Threat Sp Devi Email Sec Perimeter security stops many threats but Sophisticated Cyber Threats Evade Existing Security Constructs Fingerprints of Threat are Found Only in Network Fabric
er Threat Defense itor, collect and analyze network traffic to detect anomalies Cybersecurity Anomaly Detectio (Stealthwatch) Flow rity Enabled etwork NetFlow: Switches, Routers, and Firewalls Context: NBAR/AVC Identity Services Engine er Threat Detection - enhances efficiency and effectiveness of analysis and provides key insight in internal activity across the network
ond the Event Horizon Analysis Stops esses limitations of point-in-time detection Point- in- -me Detec-on An-virus Sandboxing Not 100% Sleep Techniques Unknown Protocols Encryption Polymorphism Blind to comp Ini-al Disposi-on = Clean Actual Disposi-on = Bad = Too Late!! Retrospec-ve Detec-on, Analysis Con-nues Con-nuous Turns ba Visibility Control a Ini-al Disposi-on = Clean Actual Disposi-on = Bad = Blocked
ecure Virtualization he Data Center
uring Virtualized Computing Resources Nexus 1000v/CSR 1000v Ensures policy-based network and secu services to all VM s Network visibility at the hypervisor level VM Routing and Netflow source twork ibility N N Virtual Security Gateway Provides trusted access to secure virtua data center. Trust zones access is controlled and monitored through established security policies ASA v Built on ASA Firewall code base prove firewall Tenant-edge to VM specific policies Automated policy based provisioning Netflow Generation Appliance Provides NetFlow from non-netflow devices High capacity for large flow areas Cisco extends the secure network fabric into the Hypervisor
prehensive Security Portfolio Cisco Sourc irewall & NGFW SA 5500-X Series SA 5500-X w/ NGFW license SA 5585-X w/ NGFW blade WER NGFW IPS & NGIPS Cisco IPS 4300 Series Cisco ASA 5500-X Series integrated IPS FirePOWER NGIPS FirePOWER NGIPS w/ Application Control FirePOWER Virtual NGIPS Advanced Malware Protection Lancope Stealthwatch FireAMP FireAMP Mobile FireAMP Virtual AMP for FirePOWER license Dedicated AMP FirePOWER appliance Web Securit Cisco Web Security Applia Cisco Virtual Web Security (vwsa) Cisco Cloud Web Security Email Security Email Security Appliance (ESA) NAC + Identity Services VPN Cisco AnyConnect VPN Meraki MX UTM Virtual Email Security Appliance ) Cloud Email Security Cisco Identity Services Engine (ISE) Cisco Access Control Server (ACS) ced Malware Protection Integrated with Cisco Content Security Now Available on E-mail and Web Security Devices and Cisco Cloud Web Security on Licensing
o Managed Threat Defense Service N Managed Threat Defense is a fully managed, security analyst delivered service that defends agains ay attacks, and advanced persistent threats with monitoring, inspection and correlation from our sec ions center, 24 hours a day, 7 days a week. ss Value Out of Band deployment ensures minimal impact / disruption to infrastructure availability Reduce security costs by migrating processes to a third party Improve security posture through accurate detection of advanced threats ty Value Provides high-fidelity detection to reduce unnecessary investigation Lets you make true network behavior anomaly detection an operational reality Uses full-packet capture to reduce and eliminate false positives Uses global threat intelligence to defend against known threats and anomalies Service availability in US, Canada and APJC from Cisco and our Partners
r Security Services from Cisco and our Partners Design / Implement Technology Solutions Security policy Security plan, build SOC plan, build Security architecture roadmap TrustSec ISE 802.1x NAC ASA inc. migratio Email and web se VPN / Assessments Optimization Online security readiness assessment SDA and SDA for ICS Security posture assessment Network device security assessment DDoS mitigation readiness assessment Security optimization Firewall conversion Identity management te Customer Enablement Remote management services Change management and configuration Security IntelliShield alert manager IR&R planning and implementation SOC build, operate, transfer Online security consulting Online security education Online security training range
yber Threat Defense Futu Application Centric Infrastructure AI-based Threat Detection www Reputation Increase Telemetry for Analysis Self-Learning and Evasion Resistance Identity FW NextGen Firewall IPS NexGen IPS AMP Global Threat Intelligence
an Firewall Management & Workforce Education Promote Formal Education and Training SANS Institute / MS-ISAC / University System Certifications Certified Cybersecurity Analyst CCNA CCNP- CCIE Security Tracks CISSP er Training Cyber Threats Compromise Instructions Monthly Updates ber Testing Security Assessment Network Penetration Testing Etc Cyber Exercises
ersecurity t to do next erage Cisco Core Network Maximize investment in Cisco Core Netflow, TrustSec, NBAR, AVC Strategically add Cisco Security products and services SIO/VRT Real time intelligence ISE, ASA, WSA, ESA, NGIPS, AMP Partner with industry leaders Lancope, Arbor, Splunk, Services
ppromness@cisco.com
er Policy 27001:2005 (replaced covers all types of tions s the requirements for ing, implementing, g, monitoring, reviewing, ing and improving a nted Information Security ment System within the of the organization's overall s risks
er Policy mission is to promote U.S. ion and industrial itiveness by advancing ement science, standards, hnology in ways that e economic security and our quality of life. t world-class research. ollaboration with industry, ances the nation's ogy infrastructure
er Policy tates represented l members are generally yber Security Officers (or nts) from their state. omeland Security Offices forcement and others in sical security field.