cisco virtual update on cloud security · cisco virtual update on cloud security 25/10 –2017...
TRANSCRIPT
![Page 1: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/1.jpg)
Cisco Virtual Update onCloud Security
25/10 – 2017
Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified
Consulting Systems Engineer, Cyber Security, Denmark
![Page 2: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/2.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco
Enable your business to see, secure, and protect with Cisco cloud security
DNS Security
Protect users anywhere they go
Umbrella Cloudlock
Cloud access security brokers (CASB)
Secure users, data, and applications in the cloud
Public Cloud Visibility
Extend visibility to public and hybrid cloud environments
Stealthwatch Cloud
![Page 3: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/3.jpg)
Authoritative DNS logsUsed to find:§ Newly staged infrastructures§ Malicious domains, IPs, ASNs§ DNS hijacking§ Fast flux domains§ Related domains
User request patternsUsed to detect:§ Compromised systems§ Command and control callbacks§ Malware and phishing attempts§ Algorithm-generated domains§ Domain co-occurrences§ Newly registered domains
Gather intelligence and enforce security at the DNS layer
Any device
Recursive DNS
rootcom.domain.com.
Authoritative DNS
![Page 4: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/4.jpg)
Built into foundation of the internet
Umbrella provides:
Connection for safe requests
Prevention for user and malware-initiated connections
Proxy for:• URL Inspection
• SSL Decryption
• AV Scan
• Advanced Malware Protection
• Threat Grid sandboxing
Safe request
Blocked request
![Page 5: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/5.jpg)
Our view of the internet
100Brequests per day
12Kenterprise customers
85Mdaily active
users
160+countriesworldwide
![Page 6: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/6.jpg)
Intelligence Statistical models
Co-occurrence modelIdentifies other domains looked up in rapid succession of a given domain
Natural language processing modelDetect domain names that spoof terms and brands
Spike rank modelDetect domains with sudden spikes in traffic
Predictive IP space monitoringAnalyzes how servers are hosted to detect future malicious domains
Dozens more models
2M+ live events per second
11B+ historical events
![Page 7: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/7.jpg)
On-network: simple to point external DNS without clients
No internalDNS server
DHCP serverSimple for locations
without internal domains
Any device @ 10.1.2.2
Enforce policy for public network ID @ 8.2.0.1
Gateway @ 8.2.0.1
DHCP’s DNS = 208.67.222.222
Umbrella @ 208.67.222.222
DNS serverSimple for locations that manage internal domains
Any device @ 10.1.2.2
DNS server @ 10.1.0.1
External DNS = 208.67.222.222
Gateway @ 8.2.0.1
DHCP’s DNS = 10.1.0.1
Enforce policy for public network ID @ 8.2.0.1
Umbrella @ 208.67.222.222
Virtual applianceBest for locations that want granular control & visibility
Any device @ 10.1.2.2
DNS server @ 10.1.0.1
Gateway @ 8.2.0.1
DHCP’s DNS = 10.1.0.2
Umbrella VA @ 10.1.0.2
Internal DNS =10.1.0.1
no NAT or
proxy
Encrypt EDNS w/embedded ID enforce policy for internal IP
UmbrellaInternal domains
& updates
DEPLOYMENT
![Page 8: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/8.jpg)
Cisco AnyConnect moduleRoaming protection without another agent
ENDPOINT DEPLOYMENT
208.67.222.2221
2
3
Enable roaming security module
Set roaming policy in Umbrella
Gain visibility into internet activity and detailed logs for incident response
![Page 9: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/9.jpg)
Releases
![Page 10: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/10.jpg)
May 2017 New Policy Wizard
June 2017 Revamped Reporting
July 2017 ISR4K Umbrella Integration: LAN / Private IP Address Reporting
August 2017 SafeSearch
September 2017 File Inspection Services
September 2017 Custom Block URLs
September 2017 Insights Onboarding Setup Wizard
Oct 4th Active Directory Integration and IP reporting for Roaming
![Page 11: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/11.jpg)
Customers can gain visibility into threats by proxying web (80/443) connections for risky domains.
• Enabled by default on all new Policies
• Traffic is proxied if it is currently on the Umbrella ”Grey List”. The Grey List is a set of domains that are considered ”suspicious” but not blocked. This is maintained by the Umbrella team.
• Traffic is automatically proxied through our infrastructure if this is enabled and the identity is part of the policy
Intelligent Proxy (Released)
![Page 12: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/12.jpg)
File Inspection w/ AMP and AV (Released)
Automatically inspect files for malicious content through the intelligent proxy
Will automatically inspect files that match ~200 known file extensions
Leverages both AMP and AV to inspect files based on known signatures
Will block when a positive match is found
![Page 13: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/13.jpg)
Enables organizations to block individual URLs by leveraging our Intelligent Proxy• Customers can block specific URLs that they do not want their
customers to go to, either for threat and/or policy reasons• URL’s are blocked within Destination Lists and can be reused• Adding in a URL also blocks all child URL’s if they exist
Custom URL Blocking (Released)
![Page 14: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/14.jpg)
Enables organizations who want to block access to offensive content as a toggle within their Policy Profile.• Enabled on a per Policy basis
Enabling SafeSearch turns on support for the following SafeSearchentities:• Google• Bing• YouTube
SafeSearch (via DNS)
![Page 15: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/15.jpg)
Reporting – Event History feature
![Page 16: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/16.jpg)
Reporting – Destinations / Identities
![Page 17: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/17.jpg)
Reporting – Granular Identities
• Limited Availability• Allows you to pivot on
identities in all reports
![Page 18: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/18.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco
Flows attributed by iOS identity and app
Clarity (AMP)Dashboard
Cisco Security Connector (In Beta)One App, two layers of Security
Works anywhereOn- and off-network
Requests attributed by iOS identity
UmbrellaDashboard Umbrella
AMP
Encryption and enforcementInternet requests
Auditing and correlationApp traffic flows
ClarityApp extension
UmbrellaApp extension
One app, two extensionsAutomatically provisioned via Meraki
![Page 19: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/19.jpg)
New Identity typeSOLUTION
![Page 20: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/20.jpg)
Connectors
• Integrations with AnyConnect for Windows and Mac (Released)• Enables AnyConnect users to be protected with Umbrella when on an
untrusted network
AnyConnect
• Customer ability to proxy and enforce at the IP Layer with the Windows and Mac Roaming Client (Released)
• Active Directory Support in the Roaming Client, enabling the ability for customers to gain visibility and leverage identity within Umbrella (In Progress)
Roaming Client
![Page 21: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/21.jpg)
Enables administrators to understand whether or not a particular identity is blocked or allowed to go to a particular domain.
Administrators can now test the end state across all the policies they have configured to ensure their policies are working
Policy Tester (Released)
![Page 22: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/22.jpg)
S3 Log Export (Released and Upcoming)
Released• Customers can export Umbrella
logs to their company own S3 bucket
• Then can consume those logs at their leisure into other tools, such as a SIEM, for cross correlation and investigations with other tools
• Customers control how long their logs are retained in S3
Upcoming• Umbrella will allow users to
automatically create S3 buckets managed by Cisco, but used by the end customer for log extraction
• For customers who don't currently have a relationship with Amazon
![Page 23: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/23.jpg)
Capability for Umbrella to block “applications” within Policy through DNS
• Enables organizations to block applications such as “Facebook” or “Box” through Umbrella Enforcement Policy
• Customers can block applications on a per Policy basis
Application Blocking via DNS (In Progress)
![Page 24: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/24.jpg)
CloudLock
![Page 25: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/25.jpg)
CASB - API Access (Cloud to Cloud)
Public APIs
Cisco NGFW / WSA / Umbrella
ManagedUsers
ManagedDevices
ManagedNetwork
UnManagedUsers
UnManagedDevices
UnManagedNetwork
ADMINOAUTHACCES
S
ADMINOAUTH
ACCESS
Authorized
![Page 26: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/26.jpg)
§ Support for ServiceNow Istanbul version§ In progress: awaiting certification for ServiceNow Jakarta.
Cloudlock for ServiceNow UpdateRecent Improvements
![Page 27: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/27.jpg)
Cloudlock App Discovery (Shadow IT)Currently In BETA
![Page 28: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/28.jpg)
Cloudlock for Cisco Spark
• Identify sensitive information that exists in Spark spaces and uploaded files• Notify end-users of policy violations within Spark• Delete sensitive messages and files
Currently In BETA
![Page 29: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/29.jpg)
Stealthwatch Cloud
![Page 30: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/30.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco
Stealthwatch Cloud makes it simple to see everything
Get complete visibility into your network and
public cloud
Detect threats automatically
Deploy and manage easily
![Page 31: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/31.jpg)
![Page 32: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/32.jpg)
Følg med§ Talos blog§ Cisco security blog§ Security nyhedsbrev§ Tech Updates§ Afholdte seminarer§ Security Chalk Talks
§ Umbrella / OpenDNS§ CloudLock§ Stealthwatch§ Umbrella§ CloudLock§ Stealthwatch cloud
Tag fat i jeres Account Manager, Jesper Rathsach, Tue Frei Noergaard, Jan Minche eller Mikael Grotrian for en dybere gennemgang, Proof of Value elleren Dcloud demo adgang.
![Page 33: Cisco Virtual Update on Cloud Security · Cisco Virtual Update on Cloud Security 25/10 –2017 Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting](https://reader030.vdocuments.mx/reader030/viewer/2022040409/5ec489a3d525127af9606cb4/html5/thumbnails/33.jpg)