securing digital business with security everywhere · of each file as it crosses the data center....
Post on 03-Jun-2020
1 Views
Preview:
TRANSCRIPT
Henry Ong
Security SE Manager - ASEAN
Securing Digital Business with Security Everywhere
Global Security Sales Organization
Digital Disruption Drives the Hacker Economy There is a multi-billion dollar global industry targeting your prized assets
Social Security
$1
Mobile Malware
$150
$ Bank
Account Info >$1000 depending on account type
and balance
Facebook Accounts $1 for an
account with 15 friends
Credit Card Data
$0.25-$60
Malware Development
$2500 (commercial
malware)
DDoS
DDoS as A Service ~$7/hour
Spam $50/500K
emails Medical
Records >$50
Exploits $1000- $300K
© 2015 Cisco and/or its affiliates. All rights reserved. 2
$450 Billion to
$1 Trillion
???
“Cat and Mouse” Game
The Security Effectiveness Gap
Goal for Effective Security
A Threat-Centric Security Model
ATTACK CONTINUUM
Point-in-Time Continuous
Network Endpoint Mobile Virtual Cloud
BEFORE Discover
Enforce
Harden
AFTER Scope
Contain
Remediate
Detect
Block
Defend
DURING
Premiere Portfolio in the Industry
Best of Breed | Architectural Approach
Threat Intelligence
Visibility
Cloud Network Integrated
Web
W W W
NGFW/NGIPS Advanced Threat
Policy and Access UTM
Integrated for Best Threat Protection
Cisco Advanced Malware Detection Lattice
Continuous Protection Reputation Filtering Behavioral Detection
9
1-to-1
Signatures
Generic
Signatures
Machine
Learning IOCs
Dynamic
Analysis
Advanced
Analytics
Device Flow
Correlation
Point-in-Time Detection Alone Will Never Be 100% Effective
Point-in-Time Protection
File Reputation and Sandboxing
Retrospective Security
Continuous Analysis
When Malware Strikes, Have Answers
Where did it come
from?
Who else is
infected?
What is it doing? How do I stop it?
Device Trajectory File Trajectory
Auto Remediation File Analysis
The AMP Everywhere Architecture AMP Protection Across the Extended Network for an Integrated Threat Defense
AMP
Threat Intelligence
Cloud
Windows OS Android Mobile Virtual MAC OS CentOS, Red Hat
Linux for servers
and datacenters
AMP on Web and Email Security Appliances AMP on Cisco® ASA Firewall
with Firepower Services
AMP Private Cloud Virtual Appliance
AMP on Firepower NGIPS
Appliance
(AMP for Networks)
AMP on Cloud Web Security and Hosted Email
CWS/CTA
Threat Grid
Malware Analysis + Threat
Intelligence Engine
AMP on ISR with Firepower
Services
AMP for Endpoints
AMP for Endpoints
Remote Endpoints
AMP for Endpoints can be
launched from AnyConnect
Shared intelligence
Shared contextual
awareness
Consistent policy
enforcement
Cisco Firepower™ Management Center
Talos
Firepower 4100 Series Firepower 9300 Platform
Visibility Radware
DDoS Network analysis Email Threats
Identity and NAC DNS Firewall URL
Industry’s First Fully Integrated threat-focused NGFW
spotlight on systems at high risk for an active breach
Correlating Weak Signals Into Indicators Of Compromise
Supplement security with specialized protection along common attack vectors
AMP for Web and Email
File Reputation captures a fingerprint
of each file as it crosses the data
center. Automatically block malicious
files and apply policies.
File Sandboxing analyzes unknown
files that are traversing the data
center. The secure environment
combines human and machine
analysis to generate a disposition.
File Retrospection provides continuous
analysis of files over time, updating
with the AMP cloud-based intelligence.
If a file disposition changes to
malicious, admins are notified.
Email Security
Solutions: ESA
Web Security
Solutions: WSA, CWS
Adding Security at the DNS Layer.
91.3% of malware uses DNS
68% of organizations
don’t monitor it
A blind spot for attackers to gain command and control, exfiltrate data, and redirect traffic
DNS is the fastest way to establish Security Everywhere
INTERNET
MALWARE
C2/BOTNETS
PHISHING
AV
AV
AV AV
ROUTER/UTM
AV AV
ROUTER/UTM
SANDBOX
PROXY
NGFW
NETFLOW
AV AV
AV AV
MID LAYER
LAST LAYER
MID LAYER
LAST
LAYER
MID LAYER
Endpoint
Endpoint
BENEFITS
Alerts Reduced 2-10x; Improves your SIEM
Block malware before it hits the enterprise
Contains malware if already inside
Internet access Is faster; Not slower
Provision globally in under 30 minutes
FIRST
LAYER
Threat Prevention Not just threat detection
Protects On & Off Network Not limited to devices forwarding traffic through on-prem appliances
Turnkey & Custom API-Based Integrations Does not require professional services to setup
Block by Domains, IPs & URLs for All Ports Not just IP addresses or domains only over ports 80/443
Always Up to Date No need for device to VPN back to an on-prem server for updates
UMBRELLA
A New Layer of Breach Protection
A T T A C K C O N T I N U U M
BEFORE Discover
Enforce
Harden
AFTER Scope
Contain
Remediate
Detect
Block
Defend
DURING
Consistent Protection for ANY Workload, 24 x 7
Network as a Sensor
Network as an Enforcer
Synergies Through Integration The Network and Security
RECONNAISSANCE
BOTNET
DATA
HOARDING
SPREADING
MALWARE
POLICY
VIOLATION
Network as a Sensor to Identify Indicators of Compromise
Host
Reputation
Change
Inside Host Potentially
Compromised
Denial of
Service
SYN Half Open; ICMP/UDP/Port
Flood
Discoverable IOCs by Lancope StealthWatch
Botnet
Detection
When Inside Host Talks to Outside
C&C Server
Fragmentation
Attack
Host Sending Abnormal # Malformed Fragments
Worm
Propagation
Worm Infected Host Scans, etc.
Large Outbound File Transfer VS.
Baseline
Data
Exfiltration
Network
Scanning
TCP, UDP, Port Scanning Across
Multiple Hosts
• Not Intuitive
• Complex
• Long Time to Identity
User Device, Location
ISE & Lancope Integration More Intelligence and Richer Context
Identity Malicious Traffic Faster with More Context
Enhanced Visibility – User, Location, Device
Before Now
Host 1.2.3.4 Scanning Ports of Host 3.3.3.3 Host 1.2.3.4 Scanning Ports of Host 3.3.3.3
VPN
Laptop
Seattle
Finance
POS
Ethernet
New York
B. Thomas
ADMIN ZONE
ENTERPRISE ZONE
POS ZONE
VENDOR ZONE
Network as an Enforcer And make visibility actionable through segmentation and automation
• Cisco ISE
• Cisco Networking Portfolio
• Cisco NetFlow
• Lancope StealthWatch
• Cisco TrustSec Software-Defined
Segmentation
EMPLOYEE ZONE
DEV ZONE
Network Resources Access Policy
Traditional Cisco
TrustSec®
BYOD Access
Threat Containment
Guest Access
Role-Based
Access
Identity Profiling
and Posture
Who
Compliant
What
When
Where
How
Cisco Identity Services Engine (ISE)
A centralized security solution that automates context-aware access to network resources and shares
contextual data
Network
Door
Context
ISE pxGrid
Controller
Software Defined Network Segmentation with SGTs
Access Layer
Enterprise
Backbone
Voice
VLAN
Voice
Data
VLAN
Employee
Aggregation Layer
Supplier
Guest
VLAN
BYOD
BYOD
VLAN
Non-
Compliant
Quarantine
VLAN
VLAN
Address
DHCP Scope
Redundancy
Routing
Static ACL
VACL
Security Policy based on Topology
High cost and complex maintenance
Voice
VLAN
Voice
Data
VLAN
Employee Supplier BYOD Non-
Compliant
Use existing topology and automate
security policy to reduce OpEx
ISE
No VLAN Change
No Topology Change
Central Policy Provisioning
Micro/Macro Segmentation
Employee Tag
Supplier Tag
Non-Compliant Tag
Access Layer
Enterprise
Backbone
DC Firewall
DC Servers
Policy
TrustSec Traditional
Segmentation
Cisco Rapid Threat Containment Solution Faster Time-to-Containment
• Cisco ASA with Firepower
Services
• FirePOWER NGIPS Appliances
• Cisco AMP for Networks
• Firepower on Cisco ISR
• Cisco FireSIGHT
Management Center
• Automated Contextual Analysis
and Threat Qualification
• Continuous Threat Intelligence
Updates to Threat Sensors
• Cisco FireSIGHT and Cisco ISE
Automate Containment
• Policy Enforcement from Cisco
TrustSec, Downloadable ACL,
or VLAN
Threat Visibility Automated
Enforcement
Advanced
Threat Sensors
Cisco: 17.5 hours Industry TTD rate:* 100 days
Detect infections earlier and act faster
• Automated attack
correlation
• Indications of
compromise
• Local or cloud
sandboxing
• Malware infection
tracking
• Two-click containment
• Malware analysis
Source: Cisco® 2016 Annual Security Report
*Median time to detection (TTD)
JAN
MONDAY
1
JAN
FEB
MAR
APR
Packet Brokering Network Infrastructure &
Policy Management
Performance
Management &
Visualization Mobility
Packet
Capture &
Forensics SIEM & Analytics
Remediation
& Incident
Response
Vulnerability
Management
Custom
Detection
Firewall/Access Control IAM/SSO
Cisco Security Technical Alliances (CSTA)
Security Across the Extended Network
Minimize Complexity
Streamline Deployment
Reduce Costs
Security
Everywhere
Enables Security as a Growth
Engine
top related