Cisco Techupdate November 17
|
|
- Amber Waters
- 5 years ago
- Views:
Transcription
1 Cisco Techupdate November 17 Stealthwatch Cloud, ETA brief & Tue s tips & tricks Tue Frei Nørgaard & Jesper Rathsach Consulting systems engineers, Cisco Security North team 9th November 2017
2 Introduktion Stealthwatch Cloud Dagens Agenda Encrypted Traffic Analytics brief Pause Tue s tips og tricks Q & A med test!!! Tak For I dag og på gensyn 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
3 Stealthwatch Cloud
4 Effective security is dependent on the ability to see everything in your network KNOW every host RECORD every conversation Understand what is NORMAL Be alerted to CHANGE Respond to THREATS quickly HQ Network Branch Cloud Users Roaming Users Data Center Admin
5 Stealthwatch provides the security visibility you need Stealthwatch Cloud Stealthwatch Enterprise Public cloud monitoring Private network monitoring Enterprise network monitoring Public cloud monitoring On-premises network monitoring On-premises network monitoring Suitable for enterprises & commercial businesses using public cloud services Suitable for SMBs & commercial businesses Suitable for enterprises & large businesses Software as a Service (SaaS) Software as a Service (SaaS) On-premises virtual or hardware appliance
6 Quick and easy security for dynamic environments Stealthwatch Cloud Public Cloud VPC Flow Logs Other data sources NetFlow Mirror port Other data sources
7 Using modeling to detect security events Dynamic Entity Modeling Collect Input Perform Analysis Draw Conclusions IP Meta Data Role What is the role of the device? System Logs Security Events Passive DNS External Intel Vulnerability Scans Dynamic Entity Modeling Group Consistency Rules What ports/protocols does the device continually access? What connections does it continually make? Does it communicate internally only? What countries does it talk to? Config Changes Forecast How much data does the device normally send/receive?
8 Identify every entity in your network automatically Automated Endpoint Discovery X Detect Track Profile
9 Detailed visibility of every entity Automated Entity Discovery X Time of Day Usage Traffic Statistics Active Traffic Profiles
10 Traffic profiling on every entity Automated Entity Discovery X Connections by profile Traffic Statistics by profile
11 Profile entity behavior Dynamic Entity Modeling X Roles include: Android AWS Resource Wireless LAN Controller Citrix PVS Server Database Server DNS Server Domain Controller Apple ios Kerberos Node Mail Server Medical Imaging Client Remote Desktop Server Terminal Server VolP Client Legacy Windows Device Web Server and 20+ more
12 Detect abnormal activity using entity modeling? IP address detected Communicates with set of IPs Database server identified Data stays within environment Data access from regular location Existing IP accesses database server New External Connection osbservation New High Throughput Connection Classify roles Dynamically assign roles to entities 36 Day Baseline Monitor and model behavior Alert Triggers for Database Exfiltration
13 Detecting Observations Automatic event detection View observations for a a specific host See Observation details
14 Low-noise alerts help you solve problems Dynamic Entity Modeling Excessive failed access attempts DDoS and amplification attacks ALERT: Anomaly detected 96% of customers rated the alerts generated by Stealthwatch Cloud s entity modeling solutions as helpful Potential data exfiltration Geographically unusual remote access Suspected botnet interaction
15 Integrate easily with all your current systems SaaS Management Portal SIEM AWS Stealthwatch Cloud SQS SNS S3 Web Platforms And Other Platforms
16 Cloud security is a shared responsibility Amazon Web Services Microsoft Azure Google Cloud Platform Cloud Provider Responsible for security OF the cloud Hardware Storage Database Networking Regions Availability zones Cloud software Customer Responsible for security IN the cloud Customer data Applications Operating system, network & firewall configuration Identity & access management Client-side data encryption & data integrity authentication Server-side encryption Platforms
17 Public cloud security challenges Detect & Prevent Data Loss Gaps in security Do I have application vulnerabilities? Am I compliant? What are users doing in the account?
18 Stealthwatch Cloud makes it easy to address cloud security challenges Get complete visibility of activity in the public cloud Detect threats automatically Deploy and manage easily
19 Cover your entire cloud attack surface with ease AWS Flow Logs AWS VPC Flow Logs Stealthwatch Cloud Cloud Trail Inspector Config Cloud Watch IAM Lambda Additional AWS Data Sources
20 Detect threats and see network activity using existing telemetry sources Virtual Sensors Collect from all these sources Use DNS Lookups to link dynamics IPs to a host name Stealthwatch Cloud NetFlow SIEM IPFIX DNS Active Directory Gigamon Any Mirror/SPAN DNS Lookup IP Traffic Data Other Security Data Switches Firewalls Mirror/Span Ports Load Balancers Application Servers Threat Detection
21 Stealthwatch Cloud fits seamlessly into your existing network architecture with no messy reorganization Virtual Sensors Encrypted Private Tunnel Core Switching Data Center Segment Stealthwatch Cloud Mgmt Span NetFlow SW Cloud Virtual Appliance Syslog SNMP IPFIX Accounting Segment SIEM SaaS Portal
22 Get the full benefit of the cloud SaaS-based security Easy to use and deploy Centrally managed Flexible pricing Secure data storage Automatically scale
23 Stealthwatch is available across all deployment methods Stealthwatch Cloud Stealthwatch Enterprise Public cloud monitoring Private network monitoring Enterprise network monitoring Any business using public cloud infrastructure Monitors public cloud via SaaS Complements Cisco Enterprise and Private Network offering SMB & commercial companies Monitors private network via SaaS Complements Cisco public cloud offering Enterprise & commercial customers Monitor private network via onpremises virtual or hardware appliance Complements Cisco public cloud offering
24 Start today with a free 60-day trial Schedule consultation with a security specialist See results within hours Learn more: cisco.com/go/ stealthwatch-cloud
25 Encrypted Traffic Analytics 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
26 Network threats are getting smarter Motivated and targeted adversaries State sponsored Financial/espionage motives $1T cybercrime market Scale too many alerts Increased attack surface BYOD blurring perimeter Public cloud services Enterprise IOT Complexity securing everything Increased attack sophistication Advanced persistent threats Encrypted malware Zero-day exploits Sophistication Keeping up against attackers 200days Industry average detection time for a breach 60days Industry average time to contain a breach $3.8M Average cost of a data breach
27 Encryption is changing the threat landscape Percentage of malware Gartner predicts that by % of all traffic will be encrypted 60% 25% 10% 50% Dec Jan Feb Mar Apr May Based on Cisco threat grid analysis, % 41% Straight-line projection 16% 20% 19% 22% 23% 23% 25% 27% 30% FY05 FY06 FY07 FY08 FY09 FY10 FY11 FY12 FY13 FY14 FY Extensive deployment of encryption Percentage of the IT budget earmarked for encryption Source: Thales and Vormetric
28 New threat landscape Organizations are at risk 38% 81% 41% 64% 62% of organizations have been victims of a cyber attack of attackers used encryption to evade detection cannot detect malicious content in encrypted traffic Decrypt Do not decrypt New attack vectors Employees browsing over HTTPS: Malware infection, covert channel with command and control server, data exfiltration Employees on internal network connecting to DMZ servers: Lateral propagation of encrypted threats Source: Ponemon Report, 2016
29 Enhanced network as a sensor Industry s first network with the ability to find threats in encrypted traffic without decryption Avoid, stop, or mitigate threats faster then ever before Real-time flow analysis for better visibility Encrypted traffic Non-Encrypted traffic Secure and manage your digital network in real time, all the time, everywhere
30 Encrypted Traffic Analytics (ETA) Visibility and malware detection without decryption Malware in encrypted traffic Cryptographic compliance Is the payload within the TLS session malicious? End to end confidentiality Channel integrity during inspection Adapts with encryption standards How much of my digital business uses strong encryption? Audit for TLS policy violations Passive detection of Ciphersuite vulnerabilities Continuous monitoring of network opacity
31 Encrypted Traffic Analytics (ETA) Cisco research Known malware traffic Known benign traffic Extract observable features in the data Employ machine learning techniques to build detectors Known malware sessions detected in encrypted traffic with 99% accuracy Identifying encrypted malware traffic with contextual flow data AISec 16 Blake Anderson, David McGrew (Cisco Fellow)
32 ETA data features Cisco research TCP/IP DNS TLS SPLT Watchlist address c15c0.com afb32d75.com Unusual fingerprint Unusual cert C2 Message Data Exfiltration Malware traffic Self-Signed Certificate Bestafera Benign traffic Prevalent address cisco.com Typical fingerprint Typical cert Google search
33 How can we inspect encrypted traffic? Initial data packet Make the most of the unencrypted fields Sequence of packet lengths and times Identify the content type through the size and timing of packets Threat intelligence map Who s who of the Internet s dark side Data exfiltration Self-Signed certificate C2 message Broad behavioral information about the servers on the Internet.
34 Malware detection using Cognitive Analytics Initial data packet Cloud-based machine learning Threat Intelligence Map Sequence of packet lengths and times All three elements reinforce each other inside the analytics engine using them.
35 Finding malicious activity in encrypted traffic New Catalyst 9K* * Other devices will be supported soon NetFlow Telemetry for encrypted malware detection and cryptographic compliance Cisco Stealthwatch Metadata Cognitive Analytics Malware detection and cryptographic compliance Enhanced NetFlow Leveraged network Faster investigation Higher precision Stronger protection Enhanced NetFlow from Cisco s newest switches and routers Enhanced analytics and machine learning Global-to-local knowledge correlation Continuous Enterprise-wide compliance
36 The Cisco Catalyst 9000 Series enables enhanced network as a sensor with ETA Rapidly mitigate malware and vulnerabilities in encrypted traffic ISE pxgrid Mitigation Stealthwatch Machine learning with enhanced behavior analytics Industry s most pervasively deployable solution for Encrypted Traffic Analytics Complements other encrypted traffic management solutions Encrypted Traffic Analytics Network telemetry based (no decryption) Line-rate performance Investment optimization Simplified management Globally correlated threat intel
37 Cisco Stealthwatch with Cognitive Analytics Extended visibility and behavioral analytics Obtain additional visibility and context into global and local traffic. Use machine learning for continuous analysis and detection of command and control communications. Advanced threat detection Detect threats that have bypassed existing security controls. Identify insiders exfiltrating data to legitimate cloud services. Encrypted traffic analytics Pinpoint malicious patterns in encrypted traffic. Compromised host detection speeds incident response.
38 Cryptographic Compliance Flow search results
39 Encrypted Malware Detection Cognitive Analytics Expanded CTA dashboard view Cognitive Analytics
40
41 Encrypted Malware Detection: Example incident
42 Confirmed threats
43 What does the customer buy? Licensing, packaging Solution Element Software Version License Enterprise switches (Cisco Catalyst 9000 Series)* Branch routers (ASR 1000 Series, 4000 Series ISR, CSR, ISRv)** Cisco IOS XE (Jul) Cisco IOS XE (Oct) Included in Cisco DNA Advantage license/ Cisco ONE Advanced Included in SEC/k9 license Stealthwatch with CA Stealthwatch with CA and ETA v6.9.1 (Available now) v6.9.x Cryptographic compliance (Q3CY17) Malware Detection (Q4CY17) *C9300 series with (Jul), C9400 series available with (Oct) **Available for Proof of Concept (PoC) with , General availability in (Oct) Management Console, Flow Collector, Flow Rate License
44 Pause 15 minutter 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
45 ESA ISR API ASA ACS ISE FMC WSA ASR SDA Tue s T ips og Tricks FTD CSM MAC AAA IOS MAB ACL
46 Recommended software versions How to fight SSL traffic without decrypting it Firepower Customizing Dynamic Block with Reputation Simpler SafeSearch (Google, Youtube, Bing) ACL hitcount Custom Workflow OpenAppID Q & A
47 Firepower Recommended software versions
48 Ta Software Recommendation Overview Software selection is a highly tailored process Delicate balance between desired features and code stability Dependent on platform, traffic patterns, and other device interoperability Detailed bug scrubs across all enabled features are mandatory Advanced Services (AS) must provide a custom recommendation A comprehensive network overview and a thorough bug scrub Ongoing certification and re-evaluation process ownership TAC or BU may suggest an upgrade path for known defects only The final recommendation must be based on a customer deployment
49 Current Best Practices Use for Remote access vpn Move to latest code for NGFW FTD with Flow Preservation to eliminate Snort Restart impact Recommendation to use x as flow preservation is not available on FTD to balance Snort Restart impact against full inspection FMC for management Balance new features against code stability with ASA ASA 9.6(3.16) or wait for ASA 9.6(4) for conservative customers ASA 9.8(2) or ASA 9.8(2.8) for longevity and feature velocity Pick latest compatible FXOS based on Logical Device Support FXOS release ASA release FTD release FXOS 2.2(2.19) ASA 9.8(2) FTD , FTD FXOS 2.1(1.86) ASA 9.6(x)
50 Ta Current Best Practise for Firepower 2100 Released with Recommended HOTFIX D important (HA bug)
51 FXOS Upgrade path FP4100 / 9300
52 How to fight SSL traffic without decrypting it
53 SSL and TLS Decrypting challenges It requires deploying an intermediate certificate on all devices (servers, laptop, mobile and desktop) and this is not always easy to do. In certain cases browsers, applications or mobile applications do not work with intermediate certificate. Also, decrypting SSL could impact the performance of a security appliance by 50% to 90%. New protocols like HTTP2 and QUIC Solutions Inspect and control based on none encrypted elements. Look for bad certificate status. Look for bad CA. Look for bad cipher and SSL version. Look for bad public IP. Look for bad domain name.
54 Firepower SSL Policy rules Creating a rule to block (or monitor) certificate with bad status 1 Select the certificate status that you want to drop, example : Invalid Issuer, Invalid Signature, Server Mismatch,etc. 2 Be careful with the Self Signed validation, a lot of customer use Self Signed cert internally.
55 Firepower SSL DN Object in a rule Blocking (or monitoring) certificate signed by a BAD CA 1 Using you prefer browser find the CA or Intermediate CA you want to blacklist. Then you need to create a Distinguished Name to identify the CA in the Objects section. 3 2 Then create a rule to drop that specific DN (Certificate Authority)
56 Firepower SSL Policy rules Blocking old ciphers and SSL version 3 1 Select Cipher Suite that you want to drop based on your requirement. 2 Select the SSL or TLS version you want to drop.
57 WSA SSL configuration SSL configuration Select to Drop all Certificate Error 1 Select to Drop bad OCSP result Be careful if you enable this option End-User Notification devices will have to have our certificate install.
58 WSA SSL configuration Decryption Policy and Certificate Management 1 Update once in a while the Blacklist of certificate from Cisco Set all Category to Monitor 2 Drop request when the URL have a bad reputation and set to pass through for the good one. Make sure not to decrypt. 3 4
59 SSL IP blacklist Public IP associate with SSL Blacklist
60 Customizing Dynamic Block with Reputation Data
61 What is the challenge? Block page on Firepower Firepower only offer static block page. End-user do not get information on why they have been block. When the the Security Intelligence Domain Blacklist feature block a request the end user does not get a notification.
62 Solution? Sinkhole and senderbase.org We will go through a configuration on Firepower to redirect user to a web block page when Security Intelligence or URL filtering deny access to a domain name or URL. The solution will use a external server (could be internal as well) as a sinkhole to show the reputation and category of the requested URL to the user by redirecting the user to the public senderbase.org web site with requested web site embedded in the URL. Ex : If you choose to share this with your customer, make sure they build their own sinkhole. The external sinkhole «internetsinkhole.com» should only be use for demo or for your personal home network. (This is not approved by Cisco) Also there is still some issues with that solution. There will be no block page for HTTPS block by the URL monitoring feature on Firepower.
63 Firepower DNS sinkhole configuration 1 Create a new sinkhole Make sure to select «Log Connection to sinkhole» Name = internetsinkhole.com or your own server name running the sinkhole IPv4 = or IP of your own server running the sinkhole Create a Sinkhole rule in your DNS policy Select the sinkhole you have just created Select all DNS Feeds (blacklist) 2 Apply your DNS Policy to your Access Police 3
64 Firepower Security Intelligence & URL filtering Sinkhole and senderbase.org Make sure all URL Security Intelligence Blacklist all selected Select the web category to block in your Access Policy
65 Firepower Custom Block page Where the magic happen In your «Access Policy» under «HTTP Reponses» tab select «Custom» and edit. Add these lines to the html code : <meta http-equiv="refresh" content="1;url= <script type="text/javascript"> window.location.href = " </script> «internetsinkhole.com should be change with your own sinkhole» The external sinkhole «internetsinkhole.com» should only be used for demo.
66 Building a sinkhole You will need to build a apache web server with PHP. Download the Ubuntu server (or your favorite distro) How to install Apache2 on Ubuntu How to install PHP on Ubuntu. modify default.conf file to include «FallbackResource /index.php» Then modify the index file. The default index.html need to be change for a index.php file. Add to that file theses lines: <?php echo '<h1>'; $HOST = $_SERVER['HTTP_HOST']; $URI = $_SERVER['HTTP_REFERER']; if (isset($uri)) { print "{$URI}<br />"; $URL = $_SERVER['HTTP_REFERER']; } else { print "{$HOST}<br />"; $URL = $_SERVER['HTTP_HOST']; } echo '</h1>';?> <script type="text/javascript"> function Redirect() { window.location=" } settimeout('redirect()', 3000); </script>
67 The results What end-user will see Security Intelligence DNS sinkhole block Security Intelligence URL sinkhole block URL Filtering (Block based on category)
68 A Simpler SafeSearch Solution
69 SafeSearch The Firepower built-in option for SafeSearch requires TLS Decryption. How can you use this on a network where TLS Decryption cannot be used? SafeSearch is a common requirement, especially in education environments to prevent inappropriate images and videos from appearing on search engine results pages. Web Category Filtering can prevent access to pages, but not the search results, themselves. 69
70 SafeSearch Google and Microsoft provide a recommended solution for enabling SafeSearch that does NOT require SSL Decryption. Microsoft: Register the student network with Bing in the Classroom. Provides Ad-free browsing with SafeSearch enabled, by default. OR use a DNS CNAME record to direct searches to a SafeSearch site. Google: Use SafeSearch VIP, which uses DNS to direct searches to a SafeSearch site. This method also works for other Google-owned tools, like YouTube. This can be done using the customer s DNS servers, but we can also use Firepower to do the same. 70
71 Step 1 (Google Example): Define the target domains. Google makes this available at curl sed 's/^\.//' > google-domains.txt Creates a file that looks like this: (today it is 193 lines long) google.com google.ad google.ae google.com.af google.com.ag google.com.ai google.al 71
72 Step 2: Create DNS List in FMC Objects -> Security Intelligence -> DNS Lists and Feeds 72
73 Step 3: Create SafeSearch Sinkhole Objects -> Sinkhole Google searches targeted at forcesafesearch.google.com ( ) will have save image results. 73
74 Step 4: Add DNS Policy Policies -> DNS 74
75 Step 5: Associate DNS Policy to Access Control Policy Policies -> Access Control -> [Select Policy] -> Security Intelligence 75
76 YouTube Safe Mode Strict Safe Mode: Sinkhole to: forcesafesearch.google.com - or - restrict.youtube.com Moderate Safe Mode: Sinkhole to: restrictmoderate.youtube.com 76
77 YouTube Domains DNS List should contain: m.youtube.com youtubei.googleapis.com youtube.googleapis.com DO NOT ADD These: youtube.com s.ytimg.com youtu.be googleapis.com 77
78 Bing Safe Search Strict Safe Mode: Sinkhole to: strict.bing.com 78
79 Putting it all Together: 79
80 DEMO
81 ACL Hitcount Custom Workflow
82 The good old days
83
84 ACL Hitcounts honor the filter you re using in the Connection Events 84
85 OpenAppID
86 OpenAppID Cisco s Open Source Application Layer Plugin for Snort and Firepower OpenAppID uses the Lua programming language to identify applications. There are a number of attributes it can look at, including: ASCII or Hex patterns and offset HTTP User Agent HTTP URL HTTP Content Type SSL Host SSL Organization Unit SSL Common Name SIP Server SIP User Agent RTMP URL Pattern 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
87 OpenAppID Most internal Firepower Application Detectors are included in the Snort OpenAppID rules, including Lua source code Cisco and/or its affiliates. All rights reserved. Cisco Public 87
88 OpenAppID Application Coverage Website Visit this public site to find information about existing Firepower application detectors Cisco and/or its affiliates. All rights reserved. Cisco Public 88
89 OpenAppID within Firepower Application Detectors All Application Detectors in Firepower 6.0 and later use OpenAppID. Custom Application Detectors can be created here, as well Cisco and/or its affiliates. All rights reserved. Cisco Public 89
90 OpenAppID within Firepower Basic Application Detectors FMC provides a Wizard for creation of Basic detectors. Advanced detectors require you to upload the Lua file Cisco and/or its affiliates. All rights reserved. Cisco Public 90
91 OpenAppID within Firepower For Your Reference Advanced Application Detectors 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
92 DEMO 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
93 Q & A
94 Seminarkalender for 2018 Januar til marts 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
95 Seminarkalender for 2018 April til juni 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
96
Hidden Figures: Securing what you cannot see
Hidden Figures: Securing what you cannot see TK Keanini, Distinguished Engineer Stealthwatch, Advanced Threat Solutions CID-0006 Hello My Name is TK Keanini Keanini (Pronounced Kay-Ah-Nee-Nee) TK: The
More informationHow to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption
How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist April 2018 New
More informationEncrypted Traffic Analytics
Encrypted Traffic Analytics Introduction The rapid rise in encrypted traffic is changing the threat landscape. As more businesses become digital, a significant number of services and applications are using
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years
More informationEnhanced Threat Detection, Investigation, and Response
Enhanced Threat Detection, Investigation, and Response What s new in Cisco Stealthwatch Enterprise Release 6.10.2 Cisco Stealthwatch Enterprise is a comprehensive visibility and security analytics solution
More informationCisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics
Solution Overview Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics BENEFITS Gain visibility across all network conversations, including east-west and north-south
More informationCisco Cloud Security. How to Protect Business to Support Digital Transformation
Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,
More informationCisco Security Enterprise License Agreement
Cisco Security Enterprise License Agreement Deploy Software and Technology more easily The Cisco Security Enterprise Licensing Agreement (ELA) gives you a simpler way to manage your licenses. And it saves
More informationBattle between hackers and machine learning. Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019
Battle between hackers and machine learning Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019 Google: facts and numbers Real Cisco Big Data for Security Training Set Why is Machine Learning
More informationApplied Advanced Network Telemetry: ETA and Beyond
BRKSEC-2809 Applied Advanced Network Telemetry: ETA and Beyond TK Keanini, Principal Engineer Blake Anderson, Technical Leader Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker
More informationCisco Advanced Malware Protection against WannaCry
Cisco Advanced Malware Protection against WannaCry "A false sense of security is worse than a true sense of insecurity" Senad Aruc Consulting Systems Engineer Advanced Threats Group Nils Roald Advanced
More informationStealthwatch ülevaade + demo ja kasutusvõimalused. Leo Lähteenmäki
Stealthwatch ülevaade + demo ja kasutusvõimalused Leo Lähteenmäki 09:00-9:30 Hommikukohv ja registreerimine 09:30 11:15 Stealthwatch ülevaade + demo ja kasutusvõimalused 11:00 11:15 Kohvipaus 11:15 12:00
More informationSubscriber Data Correlation
Subscriber Data Correlation Application of Cisco Stealthwatch to Service Provider mobility environment Introduction With the prevalence of smart mobile devices and the increase of application usage, Service
More informationCisco Ransomware Defense The Ransomware Threat Is Real
Cisco Ransomware Defense The Ransomware Threat Is Real Seguridad Integrada Abril 2018 Ransomware B Malicious Software Encrypts Critical Data Demands Payment Permanent Data Loss Business Impacts Ramifications
More informationWhy Most IoT Projects Fail And how to ensure success with OSIsoft and Cisco Kinetic
Why Most IoT Projects Fail And how to ensure success with OSIsoft and Cisco Kinetic Presented by Stephen Friedenthal, IoT Solutions Architect About Cisco Systems, Inc. San Fran Companies want to derive
More informationCisco Secure Access Control
Cisco Secure Access Control Delivering Deeper Visibility, Centralized Control, and Superior Protection Martin Briand - Security Escalation VSE Global Virtual Engineering Oriol Madriles Soriano Security
More informationGlobal vision. Local knowledge. Cisco Forum Kyiv Country Day Month Year
Global vision. Local knowledge. Cisco Forum Kyiv Country Day Month Year Firepower Next Generation Firewall Subtitle goes here William Young Security Solutions Architect, Global Security Architecture Team
More informationConnection Logging. Introduction to Connection Logging
The following topics describe how to configure the Firepower System to log connections made by hosts on your monitored network: Introduction to, page 1 Strategies, page 2 Logging Decryptable Connections
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationSecuring Your Amazon Web Services Virtual Networks
Securing Your Amazon Web Services s IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up a workload,
More informationIdentity Based Network Access
Identity Based Network Access Identity Based Network Access - Agenda What are my issues Cisco ISE Power training What have I achieved What do I want to do What are the issues? Guest Student Staff Contractor
More informationLicensing the Firepower System
The following topics explain how to license the Firepower System. About Firepower Feature Licenses, page 1 Service Subscriptions for Firepower Features, page 1 Classic Licensing for the Firepower System,
More informationThe Future of Threat Prevention
The Future of Threat Prevention Bricata is the leading developer of Next Generation Intrusion Prevention Systems (NGIPS) technology, providing innovative, disruptive, high-speed, high-performance network
More informationPaloalto Networks PCNSA EXAM
Page No 1 m/ Paloalto Networks PCNSA EXAM Palo Alto Networks Certified Network Security Administrator Product: Full File For More Information: /PCNSA-dumps 2 Product Questions: 50 Version: 8.0 Question:
More informationA10 HARMONY CONTROLLER
DATA SHEET A10 HARMONY CONTROLLER AGILE MANAGEMENT, AUTOMATION, ANALYTICS FOR MULTI-CLOUD ENVIRONMENTS PLATFORMS A10 Harmony Controller provides centralized agile management, automation and analytics for
More informationConnection Logging. About Connection Logging
The following topics describe how to configure the Firepower System to log connections made by hosts on your monitored network: About, page 1 Strategies, page 2 Logging Decryptable Connections with SSL
More informationFirepower Techupdate April Jesper Rathsach, Consulting Systems Engineer Cisco Security North April 2017
Firepower 6.2.1 Techupdate April 2017 Jesper Rathsach, Consulting Systems Engineer Cisco Security North April 2017 Firepower 6.2.1 Nr. 1 most important!! Firepower 6.2.1 BUGFIXES!!!!! Alle kendte severity
More informationThreat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN)
Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN) JP Vasseur, PhD - Cisco Fellow jpv@cisco.com Maik G. Seewald, CISSP Sr. Technical Lead maseewal@cisco.com June 2016 Cyber
More informationRethinking Security: The Need For A Security Delivery Platform
Rethinking Security: The Need For A Security Delivery Platform Cybercrime In Asia: A Changing Environment & Shifting Focus Asia, more vulnerable to cybercrime because of diversity and breadth of countries
More informationExamTorrent. Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you
ExamTorrent http://www.examtorrent.com Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you Exam : 400-251 Title : CCIE Security Written Exam (v5.0) Vendor : Cisco Version
More informationService Provider Security Architecture
Service Provider Security Architecture Andrew Turner Technical Marketing, Security Business Group April 12 th 2017 Digitization is disrupting the SP business The world has gone mobile Traffic growth, driven
More informationCisco Cyber Threat Defense Solution 1.0
Cisco Cyber Threat Defense Solution 1.0 Contents 1. Introduction to the Cisco Cyber Threat Defense Solution 1.0 2. Technical overview of the Cisco Cyber Threat Defense Solution 1.0 3. Using the Cisco Cyber
More informationCisco Encrypted Traffic Analytics Security Performance Validation
Cisco Encrypted Traffic Analytics Security Performance Validation March 2018 DR180222D Miercom.com www.miercom.com Contents 1.0 Executive Summary... 3 2.0 About the Product Tested... 5 3.0 How We Did It...
More informationForeScout Extended Module for Carbon Black
ForeScout Extended Module for Carbon Black Version 1.0 Table of Contents About the Carbon Black Integration... 4 Advanced Threat Detection with the IOC Scanner Plugin... 4 Use Cases... 5 Carbon Black Agent
More informationSecuring Your Microsoft Azure Virtual Networks
Securing Your Microsoft Azure Virtual Networks IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationIntroduction. Learning Network License Introduction
The following provides an introduction to installing the Cisco Stealthwatch Learning Network License (Learning Network License) platform, installing a controller on an ESXi host, and deploying an agent
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect
Cisco Cyber Range Paul Qiu Senior Solutions Architect Cyber Range Service A platform to experience the intelligent Cyber Security for the real world What I hear, I forget What I see, I remember What I
More informationEncrypted Traffic Security (ETS) White Paper
Encrypted Traffic Security (ETS) White Paper The rapid rise in encrypted traffic is changing the security landscape. As more organizations become digital, an increasing number of services and applications
More informationCisco - ASA Lab Camp v9.0
Cisco - ASA Lab Camp v9.0 Code: 0007 Lengt h: 5 days URL: View Online Based on our enhanced SASAC v1.0 and SASAA v1.2 courses, this exclusive, lab-based course, provides you with your own set of equipment
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationCognitive Threat Analytics Tech update
Cognitive Threat Analytics Tech update Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting Systems Engineer, Cyber Security, Denmark CTA CTA CTA Cognitive Threat Analytics
More informationUser Identity Sources
The following topics describe Firepower System user identity sources, which are sources for user awareness. These users can be controlled with identity and access control policies: About, on page 1 The
More informationImplementing Cisco Edge Network Security Solutions ( )
Implementing Cisco Edge Network Security Solutions (300-206) Exam Description: The Implementing Cisco Edge Network Security (SENSS) (300-206) exam tests the knowledge of a network security engineer to
More informationCisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer
Cisco Next Generation Firewall and IPS Dragan Novakovic Security Consulting Systems Engineer Cisco ASA with Firepower services Cisco TALOS - Collective Security Intelligence Enabled Clustering & High Availability
More informationThreat Centric Network Security
BRKSEC-2056 Threat Centric Network Security Ted Bedwell, Principal Engineer Network Threat Defence Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationPCI DSS Compliance. White Paper Parallels Remote Application Server
PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3
More informationAby se z toho bezpečnostní správci nezbláznili Cisco security integrace. Milan Habrcetl Cisco CyberSecurity Specialist Mikulov, 5. 9.
Aby se z toho bezpečnostní správci nezbláznili aneb Cisco security integrace Aby se z toho bezpečnostní správci nezbláznili Cisco security integrace Milan Habrcetl Cisco CyberSecurity Specialist Mikulov,
More informationCisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017
Cisco Security Advanced Malware Protection Guillermo González Security Systems Engineer Octubre 2017 The New Security Model Attack Continuum Before During After Before Discover During Detect After Scope
More informationWhite Paper. Why IDS Can t Adequately Protect Your IoT Devices
White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity
More informationINTRODUCING CISCO SECURITY FOR AWS
SESSION ID: SPO1-T08 INTRODUCING CISCO SECURITY FOR AWS Patrick Crowley CTO Cisco, Stealthwatch Cloud @p_crowley Who am I? I work for Cisco Systems, in the Security Business Group Founder, Observable Networks:
More informationLicensing the Firepower System
The following topics explain how to license the Firepower System. About Firepower Feature Licenses, on page 1 Service Subscriptions for Firepower Features, on page 2 Smart Licensing for the Firepower System,
More informationThreat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ
Threat Containment and Operations Yong Kwang Kek, Director of Presales SE, APJ 2018-07-19 1 1 2017 Infoblox Inc. All Rights 2013 Infoblox Inc. All Reserved. Rights Reserved. Three Aspects of Security #1
More informationAgile Security Solutions
Agile Security Solutions Piotr Linke Security Engineer CISSP CISA CRISC CISM Open Source SNORT 2 Consider these guys All were smart. All had security. All were seriously compromised. 3 The Industrialization
More informationHow to build a multi-layer Security Architecture to detect and remediate threats in real time
How to build a multi-layer Security Architecture to detect and remediate threats in real time Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist March 2018 Agenda Cisco Strategy Umbrella
More informationVeč kot SDN - SDA arhitektura v uporabniških omrežjih
Več kot SDN - SDA arhitektura v uporabniških omrežjih Aleksander Kocelj SE Cisco Agenda - Introduction to Software Defined Access - Brief description on SDA - Cisco SDA Assurance - DEMO 2 New Requirements
More informationSecurity, Internet Access, and Communication Ports
Security, Internet Access, and Communication Ports The following topics provide information on system security, internet access, and communication ports: Security Requirements Security Requirements, on
More informationUn SOC avanzato per una efficace risposta al cybercrime
Un SOC avanzato per una efficace risposta al cybercrime Identificazione e conferma di un incidente @RSAEMEA #RSAEMEASummit @masiste75 Mauro Costantini - Presales Consultant Agenda A look into the threat
More informationMonitoring and Threat Detection
Monitoring and Threat Detection with Netflow Michael Belan Consulting Systems Engineer Cisco GSSO January 2017 AGENDA What is SW? Where does it fit in overall Cisco Security framework? What is SW? What
More informationExam : Title : Security Solutions for Systems Engineers. Version : Demo
Exam : 642-566 Title : Security Solutions for Systems Engineers Version : Demo 1. Which one of the following elements is essential to perform events analysis and correlation? A. implementation of a centralized
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationDesign and Deployment of SourceFire NGIPS and NGFWL
Design and Deployment of SourceFire NGIPS and NGFWL BRKSEC - 2024 Marcel Skjald Consulting Systems Engineer Enterprise / Security Architect Abstract Overview of Session This technical session covers the
More informationSECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry
SECURITY ON AWS By Max Ellsberry AWS Security Standards The IT infrastructure that AWS provides has been designed and managed in alignment with the best practices and meets a variety of standards. Below
More informationForeScout Agentless Visibility and Control
ForeScout Agentless Visibility and Control ForeScout Technologies has pioneered an agentless approach to network security that effectively helps address the challenges of endpoint visibility and control
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationComodo Certificate Manager
Comodo Certificate Manager Simple, Automated & Robust SSL Management from the #1 Provider of Digital Certificates 1 Datasheet Table of Contents Introduction 3 CCM Overview 4 Certificate Discovery Certificate
More informationQUALYS SECURITY CONFERENCE Qualys CertView. Managing Digital Certificates. Jimmy Graham Senior Director, Product Management, Qualys, Inc.
18 QUALYS SECURITY CONFERENCE 2018 Qualys CertView Managing Digital Certificates Jimmy Graham Senior Director, Product Management, Qualys, Inc. Agenda Introduction Evolving browser markers Introducing
More informationCisco Advanced Malware Protection for Networks
Data Sheet Cisco Advanced Malware Protection for Networks Product Overview Fighting malware effectively today requires new approaches, strategies, and technologies. Cisco Advanced Malware Protection (AMP)
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationGLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications
GLOBALPROTECT Prevent Breaches and Secure the Mobile Workforce GlobalProtect extends the protection of Palo Alto Networks Next-Generation Security Platform to the members of your mobile workforce, no matter
More informationSpeed Up Incident Response with Actionable Forensic Analytics
WHITEPAPER DATA SHEET Speed Up Incident Response with Actionable Forensic Analytics Close the Gap between Threat Detection and Effective Response with Continuous Monitoring January 15, 2015 Table of Contents
More informationLicensing the Firepower System
The following topics explain how to license the Firepower System. About Firepower Feature Licenses, page 1 Service Subscriptions for Firepower Features, page 2 Smart Licensing for the Firepower System,
More informationCybersecurity Roadmap: Global Healthcare Security Architecture
SESSION ID: TECH-W02F Cybersecurity Roadmap: Global Healthcare Security Architecture Nick H. Yoo Chief Security Architect Disclosure No affiliation to any vendor products No vendor endorsements Products
More informationComprehensive datacenter protection
Comprehensive datacenter protection There are several key drivers that are influencing the DDoS Protection market: DDoS attacks are increasing in frequency DDoS attacks are increasing in size DoS attack
More informationDigital Network Architecture for Securing Enterprise Networks
Digital Network Architecture for Securing Enterprise Networks Matt Robertson Evgeny Mirolyubov Technical Marketing Engineers, Advanced Threat Solutions Cisco Spark How Questions? Use Cisco Spark to communicate
More informationCisco Techupdate Marts 2018 Cisco Annual Security Rapport, Firepower og TTT.
Cisco Techupdate Marts 2018 Cisco Annual Security Rapport, Firepower og TTT. Tue Frei Nørgaard & Jesper Rathsach Consulting systems engineers, Cisco Security North Team 22 nd of march 2018 Dagens Agenda
More informationMcAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks
McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks Key Advantages Stay ahead of zero-day threats, ransomware, and greyware with machine learning and dynamic
More informationPalo Alto Networks PCNSE7 Exam
Volume: 96 Questions Question: 1 Which three function are found on the dataplane of a PA-5050? (Choose three) A. Protocol Decoder B. Dynamic routing C. Management D. Network Processing E. Signature Match
More informationCorrigendum 3. Tender Number: 10/ dated
(A premier Public Sector Bank) Information Technology Division Head Office, Mangalore Corrigendum 3 Tender Number: 10/2016-17 dated 07.09.2016 for Supply, Installation and Maintenance of Distributed Denial
More informationUser Identity Sources
The following topics describe Firepower System user identity sources, which are sources for user awareness. These users can be controlled with identity and access control policies: About, page 1 The User
More informationCisco ISE Features. Cisco Identity Services Engine Administrator Guide, Release 1.4 1
Cisco ISE Overview, page 2 Key Functions, page 2 Identity-Based Network Access, page 2 Support for Multiple Deployment Scenarios, page 3 Support for UCS Hardware, page 3 Basic User Authentication and Authorization,
More informationGuide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1
Guide to Deploying VMware Workspace ONE DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationOutwit Cyber Criminals with Comprehensive Malware and Exploit Protection.
Singtel Business Product Brochure Managed Advanced Threat Prevention Outwit Cyber Criminals with Comprehensive Malware and Exploit Protection. As cyber criminals outwit businesses by employing ever-new
More informationAutomated Threat Management - in Real Time. Vectra Networks
Automated Threat Management - in Real Time Security investment has traditionally been in two areas Prevention Phase Active Phase Clean-up Phase Initial Infection Key assets found in the wild $$$$ $$$ $$
More informationSymantec Endpoint Protection Family Feature Comparison
Symantec Endpoint Protection Family Feature Comparison SEP SBE SEP Cloud SEP Cloud SEP 14.2 Device Protection Laptop, Laptop Laptop, Tablet Laptop Tablet & & Smartphone Smartphone Meter Per Device Per
More informationChristopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud
Christopher Covert Principal Product Manager Enterprise Solutions Group Copyright 2016 Symantec Endpoint Protection Cloud THE PROMISE OF CLOUD COMPUTING We re all moving from challenges like these Large
More informationBorderless Networks. Tom Schepers, Director Systems Engineering
Borderless Networks Tom Schepers, Director Systems Engineering Agenda Introducing Enterprise Network Architecture Unified Access Cloud Intelligent Network & Unified Services Enterprise Networks in Action
More informationCisco Advanced Malware Protection for Networks
Data Sheet Cisco Advanced Malware Protection for Networks Product Overview Fighting malware effectively today requires new approaches, strategies, and technologies. Cisco Advanced Malware Protection (AMP)
More informationDemystifying Machine Learning
Demystifying Machine Learning Dmitry Figol, WW Enterprise Sales Systems Engineer - Programmability @dmfigol CTHRST-1002 Agenda Machine Learning examples What is Machine Learning Types of Machine Learning
More informationSAFE Architecture Guide. Places in the Network: Secure Campus
SAFE Architecture Guide Places in the Network: Secure Campus January 2018 SAFE Architecture Guide Places in the Network: Secure Campus Contents January 2018 Contents 3 5 8 9 13 15 21 22 25 Overview Business
More informationImplementing Cisco Network Security (IINS) 3.0
Implementing Cisco Network Security (IINS) 3.0 COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationSecuring Cisco s Network
Securing Cisco s Network Inside Cisco IT Simon Finn, Solutions Architect, Information Security Oisin MacAlasdair, Member of Technical Staff, Information Technology Agenda Cisco Landscape Trends Changing
More informationTHE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson
THE RSA NETWITNESS SUITE REINVENT YOUR SIEM Presented by: Walter Abeson 1 Reality Goals GOALS VERSUS REALITY OF SIEM 1.0 Single compliance & security interface Analyze & prioritize alerts across various
More informationThe Need For A New IT Security Architecture: Global Study On The Risk Of Outdated Technologies
The Need For A New IT Security Architecture: Global Study On The Risk Of Outdated Technologies Daniel Yeung Technical Manager, Hong Kong & Taiwan AUG 2017 2017 Citrix Why Worry? Security needs to be top-of-mind
More informationSimplify Technology Deployments
Cisco Security Enterprise License Agreement: Simplify Technology Deployments The need for Pervasive Security Coverage Security measures can t be limited to certain areas of your business. Mobility has
More informationCloud-Managed Security for Distributed Networks with Cisco Meraki MX
Cloud-Managed Security for Distributed Networks with Cisco Meraki MX Joe Aronow, Product Architect Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More information