cybersecurity: game planning for success lunch and learn event, april 10th
TRANSCRIPT
![Page 1: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/1.jpg)
www.utgsolutions.com@utgsolutions 205.413.4274
B u s i n e s s • D r i v e n • Te c h n o l o g y
![Page 2: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/2.jpg)
Agenda•Intro
•Game Planning for SuccessUTG -Derrick Helms, CISSP
•Cisco AMPCisco – Chris Robb
•Q&A
•Drawing for ASA 5506-X and 2 $100 Visa Cards!
![Page 3: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/3.jpg)
CyberSecurity -Game Planning for Success
Derrick Helms, CISSP
![Page 4: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/4.jpg)
Headlines
![Page 5: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/5.jpg)
There is a multi-billion dollar global industry targeting your prized assets
$450 Billionto
$1 TrillionSocial
Security$1
MobileMalware
$150
$Bank
Account Info>$1000 depending
on account type and balance
FacebookAccounts$1 for an
account with 15 friends
Credit CardData
$0.25-$60
MalwareDevelopment
$2500(commercial
malware)
DDoS
DDoS asA Service~$7/hour
Spam$50/500K
emails MedicalRecords
>$50
Exploits$1000-$300K
Industrialization of Hacking
![Page 6: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/6.jpg)
Cisco Advanced Malware Protection
Chris Robb - Cisco
![Page 7: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/7.jpg)
![Page 8: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/8.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Spyware & Rootkits
2010
Viruses
2000
Worms
2005
APTsCyberware
Today +
Anti-virus(Host)
IDS/IPS (Network)
Anti-malware(Host+Network)
Intelligence and Analytics
(Host+Network+Cloud)
Enterprise Response
The World Has Changed:The Industrialization of Hacking
![Page 9: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/9.jpg)
![Page 10: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/10.jpg)
![Page 11: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/11.jpg)
![Page 12: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/12.jpg)
![Page 13: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/13.jpg)
In the news…what do these all have in common?Home Depot
Over 50 UPS Franchises hit by data breach4.5M Records stolen from US Health Giant
Goodwill
Russian Hackers steal 4.5B recordsMeet Me Social Network User’s Passwords Stolen
Insider breach at Las Vegas Brain and Spine Surgery Center
Florida bank notifies roughly 72,000 customers of breech
Los Angeles based health system breached
Payment cards used on Wireless Emporium website compromisedAlbertson’s stores CC data hacked
$100,000 bitcoin loss due to hack
Microsoft’s Twitter Account Hacked Sony’s Twitter Account Hacked
Russian PM’s Twitter hacked – “I resign”
NRC Computers hacked 3 times
Ferguson police offices computers hacked Norwegian oil industry under attack
Saudi TV website hacked by Libyan
Sony suffer DOS attack
Dairy Queen hacked
JP Morgan
![Page 14: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/14.jpg)
What Can We Learn From Sony 12/04/2014: What has happened at Sony Pictures Entertainment over the past week reads like a blockbuster screenplay—or a chief executive’s nightmare: Hackers target a major company, disabling its internal systems and leaking documents revealing long-held secrets, from coming products to executive pay.
12/05/2014: The Sony data breach continues to get worse. First, it was exposed budgets, layoffs and 3,800 SSNs, then it was passwords. Now, it's way more social security numbers—including Sly Stallone's.
The Wall Street Journal reports that analysis of the documents leaked so far included the Social Security numbers of 47,000 current and former Sony Pictures workers. That included Sylvester Stallone, Rebel Wilson, and Anchorman director, Judd Apatow. The Journal reports that the SSNs are found alongside salary information, home addresses, and contract details.
![Page 15: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/15.jpg)
What Can We Learn From Traditional Point in Time Solutions
![Page 16: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/16.jpg)
We Tested all of These Solutions
“Captive portal”
“It matches the pattern”
“No false positives,no false negatives”
ApplicationControl
FW/VPN
IDS/IPSUTM
NAC
AV
PKI
“Block or Allow”
“Fix the Firewall”
“No key, no access”
Sandboxing
“Detect the Unknown”
Threat Analytics
“Outside looking in”
The Best Point in Time Protection Protects you 90 + % of the time
![Page 17: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/17.jpg)
Even Sandboxing Has Holes
Antivirus
Sandboxing
Initial Disposition = Clean
Actual Disposition = Bad Too Late!!
Not 100%
Analysis Stops
Even
t Hor
izon
Sleep TechniquesUnknown ProtocolsEncryptionPolymorphism
Blind to scope of compromise
![Page 18: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/18.jpg)
Recap of Issues that need to be fixed by security providers • Targeted attacks / advanced persistent threats are hard to detect
• Malware’s has an ecosystem of components and it’s important to understand what that ecosystem is and which part of any solution addresses those ecosystem components.
• Malware’s intensions are nefarious in nature, but the components are built just like standard software so it can easily hide in your environment
• Don’t get caught up in the catch rate game because no security solution protects you 100%. what about the files they missed? The industry average to find a file that got by your defenses is 200 days .
• Do traditional point in time solutions like Email ,Content ,Next Gen Firewall, IPS, AV and Sandbox solution give you the visibility you need? Be honest with yourself do they allow you to proactively reduce your attack surface
• Regardless of your security solutions always back up your data because no one is 100% !!!!!!!
![Page 19: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/19.jpg)
AMP goes beyond point-in-time detection
BEFOREDiscoverEnforce Harden
DURINGDetect Block Defend
AFTERScope
ContainRemediate
Network Endpoint Mobile Virtual Email & Web
ContinuousPoint-in-time
Attack Continuum
Cloud
![Page 20: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/20.jpg)
Continuous Protection when advanced malware evades point-in-time detection
Antivirus
SandboxingInitial Disposition = Clean
Point-in-time Detection
Initial Disposition = Clean
AMP
Actual Disposition = Bad = Too Late!!
Not 100%
Analysis Stops
Sleep Techniques
Unknown Protocols
Encryption
Polymorphism
Retrospective Detection,Analysis Continues
![Page 21: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/21.jpg)
AMP Everywhere Strategy
AMP
CONTINUOUSLY RECORD ACTIVITY REGARDLESS OF DISPOSITION
![Page 22: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/22.jpg)
Data we are sending to AMP Cloud
AMP CLOUD
RECORDING
PRIVATE CLOUD
![Page 23: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/23.jpg)
AMP for Endpoint: Device Trajectory / Incident Analysis
![Page 24: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/24.jpg)
AMP for Endpoint: Vulnerability Detection
![Page 25: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/25.jpg)
![Page 26: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/26.jpg)
![Page 27: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/27.jpg)
Low Prevalence
![Page 28: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/28.jpg)
Speed Matters: Time to Detection (TTD)The current industry TTD rate of 100 to 200 days is not acceptable.
17.5200 VSHOURSDAYS
Industry Cisco
Cisco 2015Midyear Security Report• Speed of Innovation > ~40% Efficacy• Point products >> weak defenses• Integrated Threat Defense is needed
Cisco Minimizes the Time to Detect Breaches
![Page 29: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/29.jpg)
Cisco Advanced Malware Protection Built on Unmatched Collective Security Intelligence
1.6 millionglobal sensors100 TBof data received per day150 million+ deployed endpoints600engineers, technicians, and researchers35% worldwide email traffic
13 billionweb requests
24x7x365 operations
4.3 billion web blocks per day
40+ languages
1.1 million incoming malware samples per day
AMP Community
Private/Public Threat Feeds
Talos Security Intelligence
AMP Threat Grid Intelligence
AMP Threat Grid Dynamic Analysis10 million files/month
Advanced Microsoft and Industry Disclosures
Snort and ClamAV Open Source Communities
AEGIS Program
Email Endpoints Web Networks IPS Devices
WWW
Automatic updates
in real time
101000 0110 00 0111000 111010011 101 1100001 1101100001110001110 1001 1101 1110011 0110011 101000 0110 00
1001 1101 1110011 0110011 101000 0110 00 101000 0110 00 0111000 111010011 101 1100001 1100001110001110 1001 1101 1110011 0110011 10100
1001 1101 1110011 0110011 101000 0110 00 Cisco®
Collective Security
IntelligenceCisco Collective
Security Intelligence Cloud
AMPAdvanced Malware Protection
3.5 BILLION SEARCHES
TODAY
19.6 BILLION THREATS BLOCKED
TODAY
![Page 30: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/30.jpg)
AMP Offers Point-in-Time and Retrospective Protection
Point-in-Time Protection
File Reputation & Sandboxing
Dynamic Analysis
Machine Learning
Fuzzy Finger-printing
Advanced Analytics
One-to-OneSignature
![Page 31: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/31.jpg)
How Cisco Made a Better Sandbox Allow you to Interact with Malware with Glove Box Outside Looking In approach no Hooks
Prioritize threats Context-driven Malware Analytics
![Page 32: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/32.jpg)
SAMPLE Glove Box ThreatGrid Video
![Page 33: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/33.jpg)
Sample ThreatGrid Report
![Page 34: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/34.jpg)
THREAT INTELLIGENCE
Visibility, Analytics, People.
Private WAN
FW
FW
Secure Web
IPS
ISE
AMP
AMP
AMP
AMPVPN
ISE
Endpoints
Data Centers
Offices/Plants
Secure Email
IPS
Internet
AMP
Cisco’s Threat Defense Strategy
77%email phishing
malicious web-download
19%
0.3%Network attack
4%Direct Install
99.2% Block Rate (#1)17 Hour Detection Time (#1)
FW
![Page 35: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/35.jpg)
Sample AMP for Endpoints Reports
![Page 36: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/36.jpg)
Introducing Threat Grid Everywhere
Suspicious file
Analysis report
Edge
Endpoints
Firewalls & UTM
EmailSecurity
SecurityAnalytics
Web Security
EndpointSecurity
NetworkSecurity
3rd PartyIntegration
S E C U R I T Y
Securitymonitoring platforms
Deep Packet Inspection
Gov, Risk, Compliance
SIEM
Dynamic Analysis
Static Analysis
Threat Intelligence
AMP Threat Grid
Cisco Security Solutions Network Security Solutions
Suspicious file
Premium content feeds
Security Teams
![Page 37: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/37.jpg)
Automatically submit suspicious files
Automated analysis, from edge to endpoint
Submission
Analyst or system (API)submits suspicious sample toThreat Grid.
Suspicious file
Edge
Endpoints
ASA w/FPS ESA
Next Gen IPSWSA
AMP forEndpoints
AMP for Networks
![Page 38: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/38.jpg)
Easily integrate with partner solutions
Security Analytics NessusXPSEnCaseEnterprise 360
API
Our robust REST API streamlines partner integration
![Page 39: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/39.jpg)
![Page 40: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/40.jpg)
AMP Threat Grid: Key Differentiators
Data Fidelity & Performance
Scalability & Flexibility
Usability
Context & Data Enrichment
Integration &Architecture
• Proprietary analysis delivers unparalleled insight into malicious activity• High-speed, automated analysis and adjustable runtimes• Does not expose any tags or indicators that malware can use to detect that it is being observed
• 100,000s of samples analyzed daily (6-10 million per month)• SaaS delivery (no hardware) or Appliance (as needed)
• Search and correlate all data elements of a single sample against billons of sample artifacts collected and analyzed over years (global and historic context)
• Enable the analyst to better understand the relevancy of sample in question to one’s environment
• Clearly presented information for all levels of the IT Security team:- Tier 1-3 SOC Analysts, Incident Responders & Forensic Investigators, and Threat Intel Analysts
• Web portal, Glovebox (User Interaction), Video Replay, Threat Score, Behavioral Indicators and more
• Architected from the ground up with an API to integrate with existing IT security solutions (Automatically receive submissions from other solutions and pull the results into your environment)
• Create custom threat intelligence feeds with context or leverage automated batch feeds
![Page 41: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/41.jpg)
AMP for Networks AMP Appliance
NextGen Firewall ,IPS , URL & AMP
The AMP appliance was designed to run all fire power features Nextgen Firewall IPS , URL and Advanced Malware Protection (AMP).
The AMP Appliance was built on the FP platform and has had its CPU and memory optimized to run all the security features and maintain performance throughput numbers per the AMP for Networks datasheet.
The AMP Appliance also includes a Hardware Storage pack / SSD drive to store files for later analysis must have this for AMP capabilities .
Fire Power Appliance NextGEN firewall IPS &URL
The Fire Power appliance was designed to run the fire power features NextgenFirewall IPS & URL filtering
If you want to turn on Advanced Malware Protection (AMP) capabilities at a later date you can but you will need to buy and install the hardware Storage pack / SSD drive and the AMP software.
Keep in mind when you turn on the AMP features you will see a performance hit so you will need to make sure the FP appliance is sized correctly for the customers environment
If a customer wants AMP always try go with the AMP appliance with new purchases
ASA X-series with SSD / SW blade
Firewall with VPN ,NextgenFirewall IPS, URL & AMP
The ASA X-series with SSD / SW bladewas designed to run all fire power features Nextgen Firewall IPS URL and Advanced Malware Protection ( AMP ) you can also run traditional firewall and VPN capabilities
Keep in mind when you turn on the more advanced fire power features you will see a performance hit so you will need to size this appliance correctly for the customers environment
![Page 42: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/42.jpg)
Retrospection in Action
Correlation with AMP for endpoints would show file was cleaned / Quarantined
![Page 43: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/43.jpg)
How Cisco AMP Works: Network File Trajectory Use Case
![Page 44: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/44.jpg)
![Page 45: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/45.jpg)
An unknown file is present onIP: 10.4.10.183, having been downloaded from Firefox
![Page 46: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/46.jpg)
At 10:57, the unknown file is from IP 10.4.10.183 to IP: 10.5.11.8
![Page 47: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/47.jpg)
Seven hours later the file is then transferred to a third device (10.3.4.51) using anSMB application
![Page 48: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/48.jpg)
The file is copied yet again onto a fourth device (10.5.60.66) through the same SMB application a half hour later
![Page 49: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/49.jpg)
The Cisco® Collective Security Intelligence Cloud has learned this file is malicious and a retrospective event is raised for all fourdevices immediately.
![Page 50: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/50.jpg)
At the same time, a device with the AMP for Endpoints connector reacts to the retrospective event and immediately stops and quarantines the newlydetected malware
![Page 51: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/51.jpg)
Eight hours after the first attack, the Malware tries to re-enter the system through the original point of entry but is recognized and blocked.
![Page 52: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/52.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. 53
AMPThreat Intelligence
Cloud
Windows OS Android Mobile Virtual MAC OSCentOS, Red Hat
Linux for datacenters
AMP on Web & Email Security AppliancesAMP on Cisco® ASA Firewall
with Firepower Services
AMP Private Cloud Virtual Appliance
AMP on Firepower NGIPS Appliance
(AMP for Networks)
AMP on Cloud Web Security & Hosted Email
CWS/CTA
Threat GridMalware Analysis + Threat
Intelligence Engine
AMP on ISR with Firepower Services
The AMP Everywhere ArchitectureAMP Protection across the Extended Network for an Integrated Threat Defense
AMP for Endpoints
AMP for Endpoints
remote endpoints
AMP for Endpoints can be launched from AnyConnect
![Page 53: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/53.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. 54
Identify Solution Options
Customer Need Feature WSA, ESA, CWS Network Endpoint
I want to be able to define policies for malware… File Reputation ✔ ✔ ✔
I want to be able to isolate suspected malware for threat analysis… Sandboxing ✔ ✔ ✔
I want to be able to backtrack if malware makes it into my system… Retrospective Security ✔ ✔ ✔
I need to identify compromised devices on my network… Indications of Compromise ✔ ✔
I want to track how a file has been behaving… File Analysis ✔ ✔
I want to track how threats traverse the network… File Trajectory ✔ ✔
I want to see system activities, relationships and events … Device Trajectory ✔
I want to search large sets of data for compromises… Elastic Search ✔
I want to be able to stop the spread of malware with custom tools… Outbreak Control ✔
![Page 54: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/54.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. 55
Understanding The Different Platforms
• Detect and block malware attempting to enter through email or web gateways
• Receive extensive reporting, URL/Message tracking and remediation prioritization
• Add-on to an existing appliance or in the cloud
AMP for Content
• Detect and block malware attempting to enter the network
• Detect breaches using multi-source indications of compromise
• Contain malware and its communications
AMP for Networks
• Detect breaches by analyzing indications of compromise
• Uncover an infection, trace its path, analyze its behavior
• Remediate the threat quickly and eliminate the risk of reinfection
AMP for Endpoints
![Page 55: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/55.jpg)
Cisco Confidential 56C97-732872-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco AMP is the Leader in Security EffectivenessCisco AMP offers superior security effectiveness, excellent performance, and provides security across more attack vectors than any other vendor
• 99.2% Security Effectiveness rating in BDS testing, the highest of all vendors tested.
• Only vendor to block 100% of evasiontechniques during testing.
• Excellent performance with minimal impact on network, endpoint, or application latency.
![Page 56: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/56.jpg)
Cisco Confidential 57C97-732872-00 © 2014 Cisco and/or its affiliates. All rights reserved.
“So do any network security vendors understand data center and what’s needed to accommodate network security? Cisco certainly does.”
“Cisco is disrupting the advanced threat defense industry.”
“… AMP will be one of the most beneficial aspects of the [Sourcefire] acquisition.”
“Based on our (Breach Detection Systems) reports, Advanced Malware Protection from Cisco should be on everyone’s short list.”
2014 Vendor Rating for Security: Positive
RecognitionMarket
“The AMP products will provide deeper capability to Cisco's role in providing secure services for the Internet of Everything (IoE).”
![Page 57: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/57.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58
Cisco AMP for Network OptionsHelping you choose the correct appliance for your environment
For more info Click the following Link
![Page 58: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/58.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59
Cisco AMP for Networks Dedicated AppliancesThe AMP appliance was purpose built to run to run the following software on one appliance . Nextgen Firewall, Sourcefire IPS and AMP ( advanced malware protection)
AMP Appliance + AMP Subscription Bundles
http://www.cisco.com/c/en/us/products/collateral/security/amp-appliances/datasheet-c78-733182.html
For more info Click the following Link
![Page 59: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/59.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 60
Cisco FP/ FirePower Dedicated AppliancesThe FP Appliance was purpose built to run to run the following software on one appliance . Nextgen Firewall, and Sourcefire IPS ***If you want to run AMP (Advanced Malware Protection) on a New purchase you should always position the AMP Appliance ***
AMP Appliance + AMP Subscription Bundles
http://www.cisco.com/c/en/us/products/collateral/security/firepower-8000-series-appliances/datasheet-c78-732955.pdf
For more info Click the following Link
![Page 60: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/60.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 61
Cisco ASA AppliancesASA Cisco has added the capability to run Nextgen Firewall, Sourcefire IPS and AMP ( advanced malware protection) make sure you have the bandwidth conversation with your customers and what they can expect with full functionality turned on
ASA + AMP Subscription Bundles
http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-733916.html
![Page 61: CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th](https://reader031.vdocuments.mx/reader031/viewer/2022022414/587843521a28ab707b8b6dc3/html5/thumbnails/61.jpg)