cisco content security

Cisco Content Security

Consulting Systems Engineer

Sept 30, 2014

Web and Email Solutions with Advanced Malware Protection

Daniel Thorne

Cisco Confidential 3 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Web and Email use is changing Making it more difficult to protect your network

Mobile Coffee shop Corporate Home Airport


Our Web Security Problems Aren’t Getting Any Easier An Evolving Threat Landscape

Email and Web are the #1 Threat Vector

IPv6 Spam

Blended Threats Targeted Attacks

APTs

Advanced Malware

Rootkits Worms

Trojan Horse


Content Security Challenges

Data Loss

Malware Infections

Acceptable Use Violations

• Blocking hidden malware

• Disarming malicious links

• Managing advanced threats

• Application visibility

• Granular usage control

• Consistent policy enforcement

• Safeguard vital data

• Detecting data breach

• Preventing data leakage

Visibility

• Across users and sites

• Proactive reporting (retrospective)

• Centralized data collection


Cisco Content Security with AMP

BEFORE Discover Enforce Harden

DURING Detect Block Defend

AFTER Scope

Contain Remediate

Malware Signature

File Reputation

File Sandboxing

File Retrospection

Threat Analytics

Actionable Reporting

Defense across the attack continuum

Reputation

Usage/App Controls

Filtering


1.6 million global sensors

100 TB of data received per day

150 million+ deployed endpoints

600+ engineers, technicians,

and researchers

35% worldwide email traffic

13 billion web requests

24x7x365 operations

40+ languages

Cisco Content Security with AMP Built on unmatched collective security intelligence

10I000 0II0 00 0III000 II1010011 101 1100001 110

110000III000III0 I00I II0I III0011 0110011 101000 0110 00

I00I III0I III00II 0II00II I0I000 0110 00

180,000+ File Samples per Day

FireAMP™ Community

Advanced Microsoft

and Industry Disclosures

Snort and ClamAV Open Source

Communities

Honeypots

Sourcefire AEGIS™ Program

Private and Public Threat Feeds

Dynamic Analysis

101000 0II0 00 0III000 III0I00II II II0000I II0

1100001110001III0 I00I II0I III00II 0II00II 101000 0110 00

100I II0I III00II 0II00II I0I000 0II0 00 Cisco®

SIO

Sourcefire

VRT®

(Vulnerability

Research Team)

Cisco Collective

Security

Intelligence

Content Security

Email Endpoints Web Networks IPS Devices

WWW


Cisco AMP delivers integrated…

Retrospective Security Additional Point-in-time Protection

Continuous Analysis File Reputation & Sandboxing


AMP strengthens the first line of detection

Reputation Filtering and File Sandboxing

Dynamic

Analysis

Machine

Learning

Fuzzy

Finger-printing

Advanced

Analytics

One-to-One

Signature


0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110

1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00

0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00

AMP’s continuous retrospective security

Breadth and Control points:

File Fingerprint and Metadata

File and Network I/O

Process Information

Telemetry

Stream

Continuous feed

Web

WWW

Endpoints Network Email

Continuous analysis

Devices

IPS


Cisco Web Security At-a-glance

Centralized Management & Reporting

Cisco Security Intelligence Operations (SIO)

WWW

URL Filtering

Application Visibility and Control (AVC)

Data Loss Prevention

(DLP)

Threat Monitoring & Analytics

Advanced Malware Protection

• Spots symptoms of infection

based on behavioral anomalies

(CWS only) and CNC traffic

• Blocks unknown files via

reputation and sandboxing

• Continues to monitor threat

levels after an attack

• Contains 50M known sites

• Categorizes unknown URLs in

real time

• Controls mobile, collaborative

and web 2.0 applications

• Enforces behaviors within web

2.0 applications

• Blocks sensitive information

• Integrates easily by ICAP with

3rd party vendors

Offers actionable insight across threats, data and applications

Allow

WWW Limited Access

WWW Block

WWW

Monitors threats worldwide, filters on reputation and automatically updates every 3-5 min

PROTECTION CONTROL


Acceptable Use Controls Beyond URL Filtering

URL Filtering

• Constantly updated URL database covering over 50 million sites worldwide

• Real-time dynamic categorization for unknown URLs

HTTP://

Application Visibility and Control (AVC)

Hundreds of

Apps

Application

Behavior

150,000+

Micro-apps

• Control over mobile, collaborative and web 2.0 applications

• Assured policy control over which apps can be used by which users and devices

• Granular enforcement of behaviors within applications

• Visibility of activity across the network

+


Cisco Email Security At-a-glance

Centralized Management & Reporting

Cisco Security Intelligence Operations (SIO)

Defense in Depth Policy Control DLP and Encryption Targeted Threat Mitigation Advanced Malware

Protection

• Prevent phishing and blended

threats

• URL Filtering for advance

policies

• Blocks unknown files via

reputation and sandboxing

• Continues to monitor threat

levels after an attack

• SenderBase Reputation

• Anti-Spam and Spoofing

• Anti-Virus with Outbreak Filters

• Dynamic update engines

• Enhanced control over inbound

and outbound traffic

• Enforces behaviors within web

2.0 applications

• Integration with RSA DLP policy

engine and lexicons

• Encrypt sensitive information

Offers actionable insight across threats, data and applications

Deliver

Quarantine

Drop

Monitors threats worldwide, filters on reputation and automatically updates every 3-5 min

PROTECTION CONTROL

Re-write URLs


Phishing Attack and URL Defense Controls Integrated email and web security

Rewrite

Email Contains

URL

URL Categorization

Cisco SIO

BLOCKEDwww.playboy.comBLOCKED

BLOCKEDwww.proxy.orgBLOCKED Defang

Replace

Send to Cloud

Cisco Security

The requested web page

has been blocked

http://www.threatlink.com

Cisco Email and Web Security protects your

organization’s network from malicious software.

Malware is designed to look like a legitimate email

or website which accesses your computer, hides

itself in your system, and damages files.

x-msg://1676/BLOCKEDwww.playboy.comBLOCKED

x-msg://1676/BLOCKEDwww.playboy.comBLOCKED

x-msg://1676/BLOCKEDwww.proxy.orgBLOCKED


DLP and Compliance Built-in Comprehensive DLP Solution with RSA: Accurate, Easy, and Extensible

Data Loss

Prevention

Incidents Policies

Accurate, Easy, and Extensible • Fast setup

• Low administrative overhead

• Comprehensive policy creation and

modification

• Exceptional accuracy

• Direct integration for enterprisewide

DLP deployments

• Secure delivery with on-box

encryption.

Data Security Threat Protection


Centralized Management and Reporting Analyze, Troubleshoot and Refine Security Policies

Centralized Reporting Centralized Management

In-depth Threat Visibility

Extensive Forensic Capabilities Centralized Policy

Management Delegated

Administration

Insight

Across Threats, Data and Applications

Control

Consistent Policy Across Offices and for Remote Users

Visibility

Continuous Visibility Across Different Devices, Services and Network Layers


Flexible Licensing and Deployment Options On-Premise or In the Cloud

Deployment

Options

Connection

Methods

On-premises Cloud

Cloud

Firewall Router Roaming

Virtual NGFW

Roaming

Appliance

Appliance

Redirectors

WCCP PAC File Explicit WCCP PAC File Explicit

Advanced

Malware

Protection

Integrated on box – Licensed Plug-in Integrated - License

Thank you.

cisco content security

Technology

cisco andor

cisco amp

web security problems

file samples

data breach

tb of data

email use

hidden malware