the next generation security

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

Jason Maynard Security Consulting Systems Engineer CCIE# 29033, [CCN|I|D|P], SFCE, CEH

SECURITY

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

Agenda:

•  Time for a Better Approach

SECURITY


The Industrialization of Hacking

1990 2020 2015 2010 2005 2000 1995

Phishing, Low Sophistication

Hacking Becomes an Industry

Sophisticated Attacks, Complex

Landscape

Viruses 1990–2000

Worms 2000–2005

Spyware and Rootkits 2005–Today

APTs Cyberware Today +


How Bad – 2013 and Beyond

145 Million 152 Million

70 Million

60 Million

50 Million

50 Million and a lot more!!!!!!


Needs to be a Better Approach

Current approach has never worked!

Imagine – Security as an Architecture


The New Security Model

BEFORE Discover Enforce Harden

AFTER Scope

Contain Remediate

Attack Continuum

Network Endpoint Mobile Virtual Cloud

Detect Block

Defend

DURING

Point in Time Continuous


Cyber Attack Chain

Recon Weaponization Deliver Exploit Install CnC Actions

BEFORE Discover Enforce Harden

AFTER Scope

Contain Remediate

During Detect Block

Prevent

Visibility and Context

Firewall

NGFW

NAC + Identity Services

VPN

UTM

NGIPS

Web Security

Email Security

Advanced Malware Protection

Network Behavior Analysis


Actual Disposi-on = Bad = Blocked

An-virus Sandboxing

Ini-al Disposi-on = Clean

Point-‐in-‐-me Detec-on

Retrospec-ve Detec-on, Analysis Con-nues

Ini-al Disposi-on = Clean

Con-nuous

Blind to scope of compromise

Sleep Techniques Unknown Protocols

Encryption

Polymorphism

Actual Disposi-on = Bad = Too Late!!

Turns back 5me Visibility and Control are Key

Not 100%

Analysis Stops Beyond the Event Horizon Addresses limitations of point-in-time detection


Leverage Openness and the Broader Community

OpenAppID


Visibility Control

0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101 101000 0110 00 0111000 111010011 101 1100001 0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101 101000 0110 00 0111000 111010011 101 1100001 11000

CiscoSecurity Intelligence Operation (SIO)

Cisco® SIO

WWW Email Web Devices

IPS Endpoints Networks

More Than 150 Million DEPLOYED ENDPOINTS

100 TB DATA RECEIVED PER DAY

1.6 Million GLOBAL SENSORS

40% WORLDWIDE EMAIL TRAFFIC

13 Billion WEB REQUESTS

Cloud AnyConnect® IPS

ESA WSA ASA WWW

3 to 5 MINUTE UPDATES

More Than 200 PARAMETERS TRACKED

More Than 5500 IPS SIGNATURES PRODUCED

More Than 8 Million RULES PER DAY

More Than 70 PUBLICATIONS PRODUCED

Information Actions

More Than 40 LANGUAGES

More Than 80 PH.D, CCIE, CISSP, MSCE

More Than $100 Million

SPENT IN DYNAMIC RESEARCH AND DEVELOPMENT

24 Hours Daily OPERATIONS

More Than 800 ENGINEERS, TECHNICIANS,

AND RESEARCHERS


Collective Security Intelligence

IPS Rules

Malware Protection

Reputation Feeds

Vulnerability Database Updates

Sourcefire AEGIS™ Program

Private and Public

Threat Feeds Sandnets FireAMP™

Community Honeypots

Advanced Microsoft

and Industry Disclosures

SPARK Program Snort and ClamAV

Open Source Communities

File Samples (>380,000 per Day)

Sourcefire VRT®

(Vulnerability Research Team)

Sandboxing Machine Learning

Big Data Infrastructure


The better you can protect……….

The More You See


Questions

the next generation security

Technology

cisco confidential

cisco publicty

ceh securicisco andor

time continuous

time detectionpoint

better approachsecurity

ips signatures producedmore

publications producedmore