working with a peace of mind - cisco · working with a peace of mind securely connect, communicate,...

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1

Working with a Peace of Mind

Ricky EliasSecurity Architect

Advanced Technology (Security)

[email protected]

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2

Agenda

� Information Security Landscape

� Strategies for Securing SMB Networks

� Demo

� Q&A


Botnet Epidemic

� Botnets (network of compromised computers) control approximately 25% of all personal computers

� Attacks include spam, identity theft, information harvesting and denial-of-service attacks to attacks on websites for profit

� More than 5 Million hosts infected in US alone

� Normal security mechanisms are only 75% effective against malware that are used to recruit bots

BBC Purchases BotnetOffered For Rent

CBS News Covers ConfickerWorm, Malware Epidemic

Next-gen Botnet Armies Fill Spam Void


The Growing Need for Security Solutions

Regulatory Compliance

Malware

An Integrated Approach to Streamline IT Risk Management for Security and Compliance

Data Loss


Integrated Securityn e t w o r k


Th

reat C

on

trol

Secu

re C

om

mu

nic

ati

on

s

Security Services Extensibility

Cisco Intelligent Networking, High Availability, and ScalabilityCisco Intelligent Networking, High Availability, and Scalability ServicesServices

ApplicationApplicationInspectionInspection& Control& Control

IPS & AntiIPS & Anti--X X DefensesDefenses

Access ControlAccess Control& Authentication& Authentication

Remote Access Remote Access VPN VPN

ConnectivityConnectivity

SiteSite--toto--Site Site VPNVPN

ConnectivityConnectivity

Cisco Technology and Service Extensions Partner Technology and Service Extensions

The Cisco ASA 5500 Series Allows Business to Adapt and Extend the Security Services Profile Via Cisco-Developed and Partner-Provide Innovations

Delivering High Current Services Performance and Services Extensibility

Cisco Adaptive Security Appliance (ASA) Scalable, Multi-Function, Feature Rich Appliance

SoHoSoHo

Data CenterData Center


A Seismic Shift

� 2000-2008: IT securityproducts look deeper

� 2009: Cisco Securityproducts look around and

respond faster


Cisco Global CorrelationSensorBase: World’s Largest Traffic Monitoring Network

LARGEST FOOTPRINT | GREATEST BREADTH | FULL CONTEXT ANALYSIS

Cisco SensorBase


Network IPS to Global IPSMonitoring Network Activity in Real-Time

� Accurate protection for broad range of threats

� Advanced detection techniques, including anomaly detection, behavior analysis, vulnerability, exploit detection…

� 100X faster response

� Mandated for PCI compliance

Cisco IPS Solution

Industry’s most widely-deployed IPS technology

� Global Correlation

� IPS Reputation Filters

� Endpoint trustworthiness

� Attack relevance

OnlyIPS Solution

to offer


Cisco IPS with Global Correlation

© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10Empowered Branch

SensorBaseTechnicians

Updates

CiscoCallManager ServersDesktop

Cisco IPS

Internet

� “Reputation” alone stops 10–15% of total attacks

� Benefits

� Stop attacks earlier

� Automation increases security team productivity and effectiveness

Download Global

Threat Data

IPS Checks Global

Threat Data

Attacker


Cisco ASA Botnet Traffic FilterLeveraging Comprehensive Threat Intelligence

Infected Clients

Cisco ASA

Command and Control

Anti-Malware

� Monitors malware traffic

Scans all traffic, ports & protocols

Detects infected clients by tracking rogue “phone home” traffic

Dynamic database integrated into Cisco Security Intelligence Operations

� Immediate Benefits

Optimize network availability and performance with early bot detection and reporting

Protect employee privacy and productivity with bot detection and reporting


Botnet Traffic Filter for Cisco ASACustomer Case Study

� Customer Network

Healthcare provider in Illinois and Indiana

Hospitals, long-term care and senior residential facilities, clinics, home health agencies

� Observed Destinations (1.6M connections in a month)

vove.3322.org

Ad Network Sites

Pornography Sites (xxxvogue.net )

Ieplugin.com

� Found command and control and sites distributing adware, known malware

Vove.3322.org

• Host associated with

command and control for trojan

• Port 6010

• Trojan masquerades

as a Microsoft .NET Framework service

• Financial information sent back to

command and control


Secure ConnectivitySite-to-Site and Remote Access Virtual Private Networks

Site-to-Site VPN Remote Access VPN

Corporate Headquarters

Customers

BusinessPartners

Mobile Employees

Fixed Telecommuters

Remote / Branch Office

� Integrated firewall / VPN

Access control, threat protection, secure

UC and centralized management

� Highly scalable

10-10,000 VPN sessions per device

Optimized application performance

� High availability and quality of service

� Integrated, versatile solution with:

Broadest connectivity

Highest level of security

Leading mobile support

� Industry’s most widely-deployed VPN

client solution

INTERNETINTERNET


New

© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14Cisco Security

Cisco AnyConnect VPN ClientAnyConnect Essentials

� SSL VPN client with improved manageability and broad platform support (including Vista and 64-bit)

� Tested PDAs & Smartphones running Windows Mobile include:

Treo 700, 800 (Sprint); 750 (ATT, T-Mobile)

T-Mobile Wing

Verizon XV6800

ATT Tilt

Sprint Touch

Axim x51v

iPAQ 2790


https://www.asasslvpn.com/zoo


relias

**********


**********


Spam Trends Through September 2008

Avera

ge D

aily

Volu

me –

bill

ions

Month


The Cisco Spam & Virus Blocker is a dedicated email securityappliance for small business with up to 250 email users.

It provides powerful protection against spam, viruses and other email threats to secure your network and business data while improving productivity.

Reduces operational costs with simple setup in minutes and continuous automatic updates there after.

“Set it. Forget it. It just works.”

Cisco Spam and Virus BlockerImmediate Protection Out of the Box

Email Internet FirewallCisco Spam & Virus Blocker

Groupware (Exchange, Notes,

Groupware)Clients


Integrated Securityendpoint


Cisco Security Agent Comprehensive, “Always Vigilant” Endpoint Security

� Single Integrated Client, Simplified Management

Host IPS, Personal FW, Anti Virus, Anti Spyware, Anti Botnet

� Protection against persistent and evolving threats

Prevent loss of sensitive information

Enforce appropriate use policies

Enhance security through network collaboration

Address corporate and regulatory compliance mandates

� Empower IT to address Business risks

� Enforce policies and protect business critical assets

� Decrease IT administrative burden

� Reduce expenses

Business Benefits:

CSA


Zero-Day Attack Prevention

� CSA has a proven track record of stopping brand new exploits, botnets, targeted attacks, worms, and viruses over past 8 years:

2001 – Code Red, Nimda (all 5 exploits), Pentagone (Gonner)

2002 – Sircam, Debploit, SQL Snake, Bugbear,

2003 – SQL Slammer, So Big, Blaster/Welchia, Fizzer

2004 – MyDoom, Bagle, Sasser, JPEG browser exploit (MS04-028), RPC-DCOM exploit (MS03-039), Buffer Overflow in Workstation service (MS03-049)

2005 – Internet Explorer Command Execution Vulnerability, Zotob

2006 – USB Hacksaw, IE VML exploit, WMF, IE Textrange, RDS Dataspace

2007 – Rinbot, Storm Trojan, Big Yellow, Word(MS07-014), MS ANI 0Day, MS DNS 0Day

2008 – MS08-067 (Conficker/Downadup)

No signatures, reconfiguration or binary updates required


• Banks begin to embrace Web 2.0 paradigms and offer ATM devices that act as multimedia self-service kiosks running on converged IP networks

• Developed using CSA, Wincor Nixdorf's Platform Security Agent (PSA) helps secure self-service system platforms against network and local attacks

http://www.finextra.com/fullpr.asp?id=13990

Applying Zero-Day PreventionCase Study


� ClamAV virus scanning engine packaged with CSA, as single installable agent

� Protects Windows desktops & servers at no additional cost

accurately identifies malware

prevents malware execution

quarantines or deletes malware

� CSA Management Center manages agent policies, signature updates

� Provides a true single agent - single console endpoint security solution

Integrated Agentwith ClamAV™ Open Source Antivirus

All other trademarks mentioned in this document are the property of their respective owners.


Source: Shadowserver.org wild testing

� ClamAV is widely deployed on UNIX/Linux e-mail servers

Scrubs e-mail traffic for malware

Protects millions of Windows desktops

Database contains over 200,000 unique signatures

Integrated Agentwith Clam Antivirus

Shadowserver Foundation independent research: ClamAV™ has high degree of malware detection accuracy.

All other trademarks mentioned in this document are the property of their respective owners.


Data Loss Prevention Management ProcessVisibility and Control for Sensitive Information

� Classification

� Credit card, Social Security #s

� Intellectual property definitions

� Reporting

� Track the location and usage of sensitive data

� Enhanced user education

� Query user and audit

� Updated enforcement controls

� Block printing

� Flexible clipboard control

� NAC quarantine

Discover

Educate

Enforce

Monitor


Accidental Data Loss

Prevent Sensitive Data from Being Transferred to Removable Media, Such As Thumb Drives, USB Sticks, or CDs

Scenario

CiscoSolution

An Australian government agency lost an unencrypted CD containing scanned letters to 3122 trustees of self-managed super funds. Each letter contained the name, address and super fund tax file number of the trustee. The organization waited three weeks to inform those affected of the loss.

October 2008 http://itnews.com.au

� Cisco Security Agent can prevent files containing sensitive data or sensitive keywords from being copied to removable media, such as a CD or USB stick

� Cisco NAC can prevent unauthorized access to the network containing the sensitive databases

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33Cisco Security

Working with a Peace of MindSecurely Connect, Communicate, and Conduct Business

Comprehensive

Threat Intelligence

� Largest security intelligence and operations infrastructure

� Global correlation for sophisticated analysis

� New! Global Correlation for IPS and Cisco ASA with Botnet Traffic Filter

© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33Cisco Security

End-to-End

Security

� Network, content, endpoint and application security

� New! SAFE reference security architecture with validated implementation designs

� www.cisco.com/go/safe

Business-Enabling

Services

� Security-as-a-Service,threat intelligence, andtailored services

� New! Cisco IT GRC security assessment service

working with a peace of mind - cisco · working with a peace of mind securely connect, communicate,...

Documents