spora sikkerhed for skyen og i skyen - cisco.com · spora_sikkerhed for skyen og i skyen author:...

Cisco Confidential© 2015 Cisco and/or its affiliates. All rights reserved. 1

Sikkerhedi cloud og for cloudMikael Grotrian & Peter Henry AndersenCloud Security Evangelists

29/03-2017

Cisco Confidential 2© 2015 Cisco and/or its affiliates. All rights reserved.

Session Topic’sProduct update

- Cisco Meraki MX (Cloud Managed Security Appliance)

- Advanced Malware Protection (Prevention, Detection and Response Security Architecture)

- AMP for Endpoints (Cloud Managed Endpoint Detection and Response)

- Threat Grid (Dynamic Malware Analysis and Threat Intelligence)

- UMBRELLA (Secure Internet Gateway formerly known as OpenDNS and Cloud Web Security)

- Cloudlock (Cloud Access Security Broker - A Cloud Cybersecurity Platform)

Live Demo- Sample Malware into MX – prevention via AMP through ThreatGrid.


Meraki MX


• SecureNo user traffic passes through cloudFully HIPAA / PCI compliant (level 1 certified)3rd party security audits, daily vulnerability testingAutomatic firmware and security updates (user-scheduled)

• ScalableUnlimited throughput, no bottlenecksAdd devices or sites in minutes

• ReliableHighly available cloud with multiple datacentersNetwork functions even if connection to cloud is interrupted99.99% uptime SLA

Reliability and security information at meraki.cisco.com/trust

Management data (1 kb/s)

WAN

The benefit of Cloud to Enterprise


Deploy, Manage & T-shoot in 1 Gui


BETA Ready – You can try it now

MX series – Layer 7 NGFW


1. 24/7 – 365 support included.2. Next Business Day HW Replacement.3. All WAN/SEC features available*4. Firmware updates ready on appliance.5. Security updates auto updated.6. New features auto updated in Dashboard7. LIC time for 1, 3, 5, 7 or 10yr & Extend8. LIC is not locked to HW9. ENT to ADV and ADV to ENT

up/downgrade possible

MX License – Enterprise or Advanced


AMP is everywhere!!!

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9

Continuous Analysis and Retrospective SecurityAMP for Endpoints Continuously Monitors, Records, and Analyzes All File Activity, Regardless of Disposition, to catch threats

Recording

Identify a threat’s

point of origin

Track it’s rate of progression and

how it spread

See what it is doing

See where it's been

Surgically targetand remediate

Monitor +

Detect


AMP for Endpoints

• Prevention, Monitoring + Detection, Response

• Deep Visibility, Context, and Control if something gets in

• Continuous Analysis of File Behavior

and Retrospective Security

• Turn on our AV detection engine in AMP for Endpoints to

consolidate agents

• Containment and quarantine on endpoint

• Built-in sandbox powered by Threat Grid

• Open APIs for seamless integration

• Agentless protection via CTA

• More than just endpoint, it’s the integrated security

architecture of AMP Everywhere

PC

MobileLinux

Mac


Threat Grid Everywhere

Suspicious File

Analysis Report

Edge

Endpoints

ASA w/ FIREPOWER

Services

Meraki

CTA

ESA/ WSA

AMP for Endpoints

AMP for Network

Partner Integration

S E C U R I T Y

SecurityMonitoring Platforms

Deep Packet Inspection

Gov, Risk, Compliance

SIEM

Dynamic Analysis

Static Analysis

Threat Intelligence

AMP Threat Grid

Cisco Security Solutions Non-Cisco Security Solutions

Suspicious File

Premium Content Feeds

Security Teams


Cisco Cloudlock use cases

Discover and Control

User and EntityBehavior Analytics

Cloud Data Loss Prevention (DLP) Apps Firewall

Cloud Malware

Shadow IT/OAuth Discovery and Control

Data Exposures and Leakages

Privacy and Compliance Violations

Compromised Accounts

Insider Threats


Authoritative DNS logsUsed to find:§ Newly staged infrastructures§ Malicious domains, IPs, ASNs§ DNS hijacking§ Fast flux domains§ Related domains

User request patternsUsed to detect:§ Compromised systems§ Command and control callbacks§ Malware and phishing attempts§ Algorithm-generated domains§ Domain co-occurrences§ Newly registered domains

Gather intelligence and enforce security at the DNS layer

Any device

Recursive DNS

rootcom.domain.com.

Authoritative DNS


Built into foundation of the internet

Umbrella provides:

Connection for safe requests

Prevention for user and malware-initiated connections

Proxy for:• URL Inspection• AV Scan• Advanced Malware Protection• Threat Grid sandboxing

Safe request

Blockedrequest


Demo JumpIntro:Ultra kort - Dashboard demo af hvordan AMP og TG er integreret

AMP & TG Demo:STEP 1 – Non flag of Malware sampleGenerer et sample af malwareTest sample via VirusTotalDL file (Malware) fra Box.com -> (GinnyPig Client i DEMO Lab) - Malware bliver ikke flagged af MX, da AMP ikke kender ”sample”

STEP 2 – Block/Flagged of Malware sampleSubmitt sample til TG – Ser adfærd = verdict, at den skal blokke denne trusel (Nu kender den signaturen).DL file (Malware) fra Box.com -> (GinnyPig Client i DEMO Lab) - Malware bliver blocked/flagged af MX, da AMP kender ”sample” via TG.

UMBRELLA Demo:Addressing & VLANS på MX på native VLAN – vælg OpenDNS. Provisioned PUBLIC IP gives til UMBRELLA account.Test af URL - UMBRELLA restrictor brugen af URL: Internetbadguys.com


Recap!Product update

- Cisco Meraki MX - Where are we today, where are we going!

- Advanced Malware Protection (AMP) – The Judge! You can “move” on or, the journey stops here!

- AMP for Endpoints – AMP on every device ads team effort against threats!

- Threat Grid – Advanced Sandboxing for AMP.

- UMBRELLA - Industry’s first Secure Internet Gateway!

- Cloudlock – Secures your users, data and apps across SaaS, PaaS and IaaS.

Live Demo- Sample Malware into MX – Cisco Meraki MX is more today and more tomorrow…

Thank you.

spora sikkerhed for skyen og i skyen - cisco.com · spora_sikkerhed for skyen og i skyen author:...

Documents