cisco cyber security - cisco connect tr '14
TRANSCRIPT
Ali Fuat Türkay: Security Sales Fuat Kılıç: Consulting System Engineer Hakan Tağmaç: Emerging Markets SE Manager Özgür Danışman: Security Services & Partner Enablement Mahmoud Rabi: Consulting System Engineer – Sourcefire & AMP Özgür Civek: Security Channel Manager Hakan Nohre: Consulting System Engineer – ISE / Secure Access Marcus Josefsson: Lancope Regional Director
5
Mobility Threat Cloud
Customer centric market dynamics require an end to end security
architecture
Spyware & Rootkits
2010
Viruses
2000
Worms
2005
APTs Cyberware
Today +
Anti-virus (Host)
IDS/IPS (Network)
Anti-malware (Host+Network)
Intelligence and Analytics
(Host+Network+Cloud)
Enterprise Response
The Industrialization of Hacking
7
Workloads
Apps / Services
Infrastructure
public
tenants hybrid
private
IT Megatrends are creating the “Any to Any” problem
Endpoint Proliferation Blending of Personal & Business Use
Access Assets through Multiple Medians
Services Reside In Many Clouds
8
Today’s Security Multiple products, policies, unmanaged devices and cloud access
Comm. / SMB / Branch
WWW
Enterprise DC
UCS Global
Orchestration
Connect
Branch
Campus
Cellular
Internet
Edge
WWW
Edge
WWW
SaaS
CSR
SP Cloud
SP-1
SP-2
SP Core/ Edge
ASR
CSR Web
Security Gateway
WWW
WWW
WWW UCS
Global Orchestr
ation
ANY ANY Multiple Management Paradigms
Multiple Identity Stores
Isolated Threat Intelligence
Inconsistent Enforcement
9
The Silver Bullet Does Not Exist…
“Captive Portal”
“It matches the pattern”
“No false positives, no false negatives.”
Application Control
FW/VPN
IDS / IPS UTM
NAC
AV PKI
“Block or Allow”
“Fix the Firewall”
“No key, no access”
Sandboxing “Detect the Unknown”
Mapping Technologies to the Model
10
V I S I B I L I T Y & C O N T E X T
Anti-Malware
AV
IPS
Forensics
FPC
IDS
SIEM
Log Mgmt
AMD
VPN
App Control
Firewall
IAM
Vuln Mgmt
Patch Mgmt
A T T A C K C O N T I N U U M
Control Enforce Harden
Detect Block
Defend
Scope Contain
Remediate
Customer Value Proposition
Cisco Security Solutions
Unmatched Visibility
Advanced Threat Protection
Consistent Control
Flexibility & Choice
Cisco’s Strategy Integrated Platform for Defense, Discovery and Remediation
Firewall Content Gateways Integrated Platform Virtual Cloud
Device
Data Center
Network Access Control
Firewall
Content Aware Applications
Context Aware Identity, Data,
Location
Threat Aware Malware, APT
A T T A C K C O N T I N U U M
Point-in-Time Continuous
Control Enforce Harden
Detect Block
Defend
Scope Contain
Remediate
The New Security Model
Network Endpoint Mobile Virtual Cloud
Cisco Security Products Mapped to New Security Model
Network Behavior Analysis
Advanced Malware Protection
NAC + Identity Services
NGFW
Firewall
UTM
VPN
A T T A C K C O N T I N U U M
Control Enforce Harden
Detect Block
Defend
Scope Contain
Remediate
NGIPS
Web Security
Email Security
Comprehensive Security Portfolio IPS & NGIPS
• Cisco IPS 4300 Series • Cisco ASA 5500-X Series
integrated IPS • FirePOWER NGIPS • FirePOWER NGIPS w/
Application Control • FirePOWER Virtual
NGIPS
Web Security • Cisco Web Security
Appliance (WSA) • Cisco Virtual Web Security
Appliance (vWSA) • Cisco Cloud Web Security
Firewall & NGFW • Cisco ASA 5500-X Series • Cisco ASA 5500-X w/
NGFW license • Cisco ASA 5585-X w/
NGFW blade • FirePOWER NGFW
Advanced Malware Protection + Sandboxing
• FireAMP • FireAMP Mobile • FireAMP Virtual • Threatgrid • Dedicated AMP
FirePOWER appliance
NAC + Anomaly Detection
• Cisco Identity Services Engine (ISE)
• Cisco Access Control Server (ACS)
• Lancope
Email Security • Cisco Email Security
Appliance (ESA) • Cisco Virtual Email
Security Appliance (vESA) • Cisco Cloud Email
Security
• Cisco • Sourcefire
UTM • Meraki MX
VPN • Cisco AnyConnect VPN
Yeni Güvenlik Sertifikasyonu - CCNP • Cisco Bulut ve mobilite gibi günlük hayatımızı oldukça değiştiren trendlern ışığında, gereken güvenlik
uzmanlığı ve eğitimi alanında aşağıdaki yenilikleri, uzmanların, mühendislerin ve operasyon ekiplerinin eğitimi için yayınlamıştır:
• Yenilenen CCNP Güvenlik sertifikasyon programı • Yeni Cisco Sibergüvenlik Uzmanlığı • Daha önceki Cisco Güvenlik Uzmanlığı sertifikasyonunun sonlanması • Yeni ve güncellenmiş ürün eğitimleri
• Yeniden dizayn edilen CCNP Security sertifikasyonu, bugün çok daha geniş bir bkış açısıyla, uçtan uça mimari kurmaları gereken güvenlik uzmanlarını hedeflemektedir:
• 300-206 Implementing Cisco Edge Network Security Solutions (SENSS) • 300-207 Implementing Cisco Threat Control Solutions (SITCS) • 300-208 Implementing Cisco Secure Access Solutions (SISAS) • 300-209 Implementing Cisco Secure Mobility Solutions (SIMOS)
Yeni Güvenlik Eğitimi – Siber Güvenlik Uzmanlığı • 20 Saatlik Online Eğitim
• Ücretsiz
• Tek Yapmanız gereken:
“Siber Güvenlik Uzmanlığı Eğitimi” başlığıyla
adresine kontaklarınızla beraber ulaşmanız!!
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Strategic Imperatives
Visibility Driven
Network Integrated, Broad Sensor Base,
Context & Automation
Threat Focused
Continuous Advanced Threat Protection, Cloud-Based
Security Intelligence
Network Endpoint Mobile Virtual Cloud
Platform Based
Agile & Open Platforms, Built for Scale, Consistent
Control, Management
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Ecosystem and Integration
Combined API Framework
BEFORE Policy and
Control
AFTER Analysis and Remediation
Detection and Blocking
DURING
Infrastructure & Mobility
NAC Vulnerability Management Custom Detection Full Packet Capture Incident Response
SIEM Visualization Network Access Taps
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Security Services Advisory Integration Managed
Assessments Deployment Managed Security
Architecture and Design
Program Strategy
Migration
Optimization
Hosted Security
Product Support
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 22
“So do any network security vendors understand data center and what’s needed to accommodate network security? Cisco certainly does.”
“Cisco is disrupting the advanced threat defense industry.”
“… AMP will be one of the most beneficial aspects of the [Sourcefire] acquisition.”
“Based on our (Breach Detection Systems) reports, Advanced Malware Protection from Cisco should be on everyone’s short list.”
2014 Vendor Rating for Security: Positive
Recognition Market
“The AMP products will provide deeper capability to Cisco's role in providing secure services for the Internet of Everything (IoE).”
Ali Fuat TÜRKAY [email protected]