the art of it defense event presentation
TRANSCRIPT
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Intelligent Cybersecurityfor the Real World
Mike Younkers
March 2015
Director – Federal Sales EngineersUS Public Sector
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Highly motivated
cybercriminals
Changing
business models
Dynamic threat
landscape
Think Like an Attacker
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Industrialization of Hacking There is a multi-billion dollar global industry targeting your prized assets
$450 Billion
to
$1 TrillionSocial
Security #$1
MobileMalware
$150
$Bank
Account Info>$1000 depending
on account type and balance
FacebookAccounts$1 for an
account with 15 friends
Credit CardData
$0.25-$60
MalwareDevelopment
$2500(commercial
malware)
DDoS
DDoS asA Service~$7/hour
Spam$50/500K
emails MedicalRecords
>$50
Exploits$1000-$300K
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Cost of Cyber Breach
• Intellectual Property Loss at Most Research Universities7
• $100B/year Cost of Cybercrime in US2
• 26% of Americans have been victims of an identity breach5
• $145 per record – US average3
• $212 per record – US Medical average3
1US House Intelligence; 2McAfee/CSIS, 3Ponemon/IBM 4Bloomberg; 5NCSA; 6SANS/NORSE, 7New York Times
Cost of Breach
Initial Personal Identifiable Information Breach Costs – A State/Local Example
• 3.8M tax records stolen
• $20M borrowed to pay for notification and credit checks + $25M for Remediation
• $11.84 per record so far…
• $11 - $13 per record – based on known breaches
• $5 - $6 for notification and credit checks
• $6 - $7 for remediation
• Constituent / customer confidence lost = added costs
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
$
3.3
55%
MobileDevices Per Knowledge Worker*
IP Traffic Mobile by 2017**
545
44%
CloudCloud AppsPer Organization*
Annual Cloud Workload Growth***
Growth in M2M IP Traffic 2013–18**
50B Connected“Smart Objects” by 2020*
36X
IoE
The Changing IT Environment
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
The Industrialization of Hacking
20001990 1995 2005 2010 2015 2020
Viruses1990–2000
Worms2000–2005
Spyware and Rootkits2005–Today
APTs CyberwareToday +
Hacking Becomesan Industry
Sophisticated Attacks, Complex Landscape
Phishing, Low Sophistication
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
The Silver Bullet Does Not Exist…
“Captive Portal”
“It matches the pattern”
“No false positives,
no false negatives.”
Application
Control
FW/VPN
IDS / IPS
UTM
NAC
AV
PKI
“Block or Allow”
“Fix the Firewall”
“No key, no access”
Sandboxing
“Detect the
Unknown”
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Point in
Time
Solution
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Fragmented
Complex
Requires additional
management
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Scope
Contain
Remediate
Continuous
Solution
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Discover
Enforce
Harden
Detect
Block
Defend
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Pervasive
Continuous
Always On
Complete
Solution
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Services Portfolio
Program Strategy
Architecture and Design
Assessments Deployment
Migration
Optimization
Managed Security
Hosted Security
Product Support
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Security Services
Advisory Integration Managed
Technical Security
Assessments
Integration ServicesManaged Threat
Defense
Remote Managed
Services Migration Services
Custom Threat
Intelligence
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Putting It All Together
?
How
What
Who
Where
When
Firewall
Secure Access + Identity Services
VPN
NGFW UTM
Discover, Enforce, Harden
BEFORE
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Secure Identity and Access
Security Policy Attributes
WHAT
WHERE
HOWWHO
Identity
WHEN
User and Devices
Centralized
Policy Engine
Identity Services EngineDynamic Policy
Application
Controls
Monitoring
& ReportingSecurity Policy
Enforcement in the
Network
Business-Relevant
Policies
Identity and Context Centric Policy Platform
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Secure Identity/Access in ActionAccess to the right resources based on Who, What, When, Where and How
Confidential
Resources
General Resources
Internet
Laptop at
Home
Office
iPhone
at Starbucks
Personal
iPad
User Devices Access set
by policy
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Putting It All Together
?
Collective Security Intelligence
Event History
How
What
Who
Where
When
Firewall
Secure Access + Identity Services
VPN
NGFW UTM
Discover, Enforce, Harden
BEFORE
NGIPS
Web Secuirty
Email Security
Detect, Block, Defend
DURING
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Putting It All Together
How
What
Who
Where
When
Collective Security Intelligence
Event History
Firewall
Secure Access + Identity Services
VPN
NGFW UTM
Discover, Enforce, Harden
BEFORE
NGIPS
Web Secuirty
Email Security
Detect, Block, Defend
DURING
Advanced Malware Protection
Network Behavior Analysis
Scope, Contain, Remediate
AFTER Cyber Threat Defense
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Before – During - After
Collective Security Intelligence
Event History
How
What
Who
Where
When
Firewall
Secure Access + Identity Services
VPN
NGFW UTM
Discover, Enforce, Harden
BEFORE
NGIPS
Web Secuirty
Email Security
Detect, Block, Defend
DURING
Advanced Malware Protection
Network Behavior Analysis
Scope, Contain, Remediate
AFTER Cyber Threat Defense
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Cyber Threat DefenseMonitor, collect and analyze network traffic to detect anomalies
Security
Enabled
NetworkIdentity
Services Engine
NetFlow: Switches, Routers,and Firewalls
Context: NBAR/AVC
Cyber Threat Detection - enhances efficiency and effectiveness of analysis and provides key
insight into internal activity across the network
Cybersecurity Anomaly DetectionLancope Stealthwatch
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Ecosystem and Integration
Combined API Framework
BEFOREPolicy and
Control
AFTERAnalysis and Remediation
Detectionand Blocking
DURING
Infrastructure & Mobility
NACVulnerability Management Custom Detection Full Packet Capture Incident Response
SIEMVisualizationNetwork Access Taps
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Moving Forward
Reduce Complexity and Increase Capability
Collective Security Intelligence
Centralized Management
Appliances, Virtual
Network Control Platform
Device Control Platform
Cloud ServicesControl Platform
Appliances, Virtual Host, Mobile, Virtual Hosted
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Cisco in the Security Marketplace
Acquisitions
“Sourcefire, architecture, and services place Cisco in the catbird seat for emerging enterprise
cybersecurity requirements”
– John Oltsik, NetworkWorld May 22, 2014
10/10/2013
2/25/2013
1/12/2015
11/26/2014
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
“So do any network security vendors understand data center and what’s needed to accommodate network security? Cisco certainly does.”
“Cisco is disrupting the advanced threat defense industry.”
“… AMP will be one of the most beneficial aspects of the [Sourcefire] acquisition.”
“Based on our (Breach Detection Systems) reports, Advanced Malware Protection from Cisco should be on everyone’s short list.”
2014 Vendor Rating for Security: Positive
RecognitionMarket
“The AMP products will provide deeper capability to Cisco's role in providing
secure services for the Internet of Everything (IoE).”
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Why Cisco Security?
TECHNOLOGY COMPANY TALENT
Broad Portfolio Reliable Partner
Proven Innovator
Global Operations
Expertise and ScaleTop Products
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Thank You