© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1

Intelligent Cybersecurityfor the Real World

Mike Younkers

March 2015

Director – Federal Sales EngineersUS Public Sector

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

Highly motivated

cybercriminals

Changing

business models

Dynamic threat

landscape

Think Like an Attacker

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

Industrialization of Hacking There is a multi-billion dollar global industry targeting your prized assets

$450 Billion

to

$1 TrillionSocial

Security #$1

MobileMalware

$150

$Bank

Account Info>$1000 depending

on account type and balance

FacebookAccounts$1 for an

account with 15 friends

Credit CardData

$0.25-$60

MalwareDevelopment

$2500(commercial

malware)

DDoS

DDoS asA Service~$7/hour

Spam$50/500K

emails MedicalRecords

>$50

Exploits$1000-$300K

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

Cost of Cyber Breach

• Intellectual Property Loss at Most Research Universities7

• $100B/year Cost of Cybercrime in US2

• 26% of Americans have been victims of an identity breach5

• $145 per record – US average3

• $212 per record – US Medical average3

1US House Intelligence; 2McAfee/CSIS, 3Ponemon/IBM 4Bloomberg; 5NCSA; 6SANS/NORSE, 7New York Times

Cost of Breach

Initial Personal Identifiable Information Breach Costs – A State/Local Example

• 3.8M tax records stolen

• $20M borrowed to pay for notification and credit checks + $25M for Remediation

• $11.84 per record so far…

• $11 - $13 per record – based on known breaches

• $5 - $6 for notification and credit checks

• $6 - $7 for remediation

• Constituent / customer confidence lost = added costs

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

$

3.3

55%

MobileDevices Per Knowledge Worker*

IP Traffic Mobile by 2017**

545

44%

CloudCloud AppsPer Organization*

Annual Cloud Workload Growth***

Growth in M2M IP Traffic 2013–18**

50B Connected“Smart Objects” by 2020*

36X

IoE

The Changing IT Environment

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6

The Industrialization of Hacking

20001990 1995 2005 2010 2015 2020

Viruses1990–2000

Worms2000–2005

Spyware and Rootkits2005–Today

APTs CyberwareToday +

Hacking Becomesan Industry

Sophisticated Attacks, Complex Landscape

Phishing, Low Sophistication

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

The Silver Bullet Does Not Exist…

“Captive Portal”

“It matches the pattern”

“No false positives,

no false negatives.”

Application

Control

FW/VPN

IDS / IPS

UTM

NAC

AV

PKI

“Block or Allow”

“Fix the Firewall”

“No key, no access”

Sandboxing

“Detect the

Unknown”

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

Point in

Time

Solution

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

Fragmented

Complex

Requires additional

management

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9

Scope

Contain

Remediate

Continuous

Solution

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9

Discover

Enforce

Harden

Detect

Block

Defend

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10

Pervasive

Continuous

Always On

Complete

Solution

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

Services Portfolio

Program Strategy

Architecture and Design

Assessments Deployment

Migration

Optimization

Managed Security

Hosted Security

Product Support

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

Security Services

Advisory Integration Managed

Technical Security

Assessments

Integration ServicesManaged Threat

Defense

Remote Managed

Services Migration Services

Custom Threat

Intelligence

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13

Putting It All Together

?

How

What

Who

Where

When

Firewall

Secure Access + Identity Services

VPN

NGFW UTM

Discover, Enforce, Harden

BEFORE

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14

Secure Identity and Access

Security Policy Attributes

WHAT

WHERE

HOWWHO

Identity

WHEN

User and Devices

Centralized

Policy Engine

Identity Services EngineDynamic Policy

Application

Controls

Monitoring

& ReportingSecurity Policy

Enforcement in the

Network

Business-Relevant

Policies

Identity and Context Centric Policy Platform

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15

Secure Identity/Access in ActionAccess to the right resources based on Who, What, When, Where and How

Confidential

Resources

General Resources

Internet

Laptop at

Home

Office

iPhone

at Starbucks

Personal

iPad

User Devices Access set

by policy

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16

Putting It All Together

?

Collective Security Intelligence

Event History

How

What

Who

Where

When

Firewall

Secure Access + Identity Services

VPN

NGFW UTM

Discover, Enforce, Harden

BEFORE

NGIPS

Web Secuirty

Email Security

Detect, Block, Defend

DURING

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17

Putting It All Together

How

What

Who

Where

When

Collective Security Intelligence

Event History

Firewall

Secure Access + Identity Services

VPN

NGFW UTM

Discover, Enforce, Harden

BEFORE

NGIPS

Web Secuirty

Email Security

Detect, Block, Defend

DURING

Advanced Malware Protection

Network Behavior Analysis

Scope, Contain, Remediate

AFTER Cyber Threat Defense

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18

Before – During - After

Collective Security Intelligence

Event History

How

What

Who

Where

When

Firewall

Secure Access + Identity Services

VPN

NGFW UTM

Discover, Enforce, Harden

BEFORE

NGIPS

Web Secuirty

Email Security

Detect, Block, Defend

DURING

Advanced Malware Protection

Network Behavior Analysis

Scope, Contain, Remediate

AFTER Cyber Threat Defense

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19

Cyber Threat DefenseMonitor, collect and analyze network traffic to detect anomalies

Security

Enabled

NetworkIdentity

Services Engine

NetFlow: Switches, Routers,and Firewalls

Context: NBAR/AVC

Cyber Threat Detection - enhances efficiency and effectiveness of analysis and provides key

insight into internal activity across the network

Cybersecurity Anomaly DetectionLancope Stealthwatch

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20

Ecosystem and Integration

Combined API Framework

BEFOREPolicy and

Control

AFTERAnalysis and Remediation

Detectionand Blocking

DURING

Infrastructure & Mobility

NACVulnerability Management Custom Detection Full Packet Capture Incident Response

SIEMVisualizationNetwork Access Taps

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21

Moving Forward

Reduce Complexity and Increase Capability

Collective Security Intelligence

Centralized Management

Appliances, Virtual

Network Control Platform

Device Control Platform

Cloud ServicesControl Platform

Appliances, Virtual Host, Mobile, Virtual Hosted

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22

Cisco in the Security Marketplace

Acquisitions

“Sourcefire, architecture, and services place Cisco in the catbird seat for emerging enterprise

cybersecurity requirements”

– John Oltsik, NetworkWorld May 22, 2014

10/10/2013

2/25/2013

1/12/2015

11/26/2014

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23

“So do any network security vendors understand data center and what’s needed to accommodate network security? Cisco certainly does.”

“Cisco is disrupting the advanced threat defense industry.”

“… AMP will be one of the most beneficial aspects of the [Sourcefire] acquisition.”

“Based on our (Breach Detection Systems) reports, Advanced Malware Protection from Cisco should be on everyone’s short list.”

2014 Vendor Rating for Security: Positive

RecognitionMarket

“The AMP products will provide deeper capability to Cisco's role in providing

secure services for the Internet of Everything (IoE).”

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24

Why Cisco Security?

TECHNOLOGY COMPANY TALENT

Broad Portfolio Reliable Partner

Proven Innovator

Global Operations

Expertise and ScaleTop Products

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25

Thank You