Network Visibility and Advanced Malware Protection. James Weathersby, Director Technical Marketing Gyorgy Acs, Consulting Security Engineer
|
|
- Coral Campbell
- 5 years ago
- Views:
Transcription
1
2 Network Visibility and Advanced Malware Protection James Weathersby, Director Technical Marketing Gyorgy Acs, Consulting Security Engineer
3 Security Challenges Changing Business Models Dynamic Threat Landscape Complexity and Fragmentation
4 Security Challenges Changing Business Models Dynamic Threat Landscape Complexity and Fragmentation BYOD SOCIAL MEDIA CLOUD APP STORES 90% of organizations not fully aware of all network devices 14% of organizations had malware enter the corporate network through social media/web apps 5 10 times more cloud services are being used than known by IT 92% of top 500 Android apps carry security/privacy risks
5 Security Challenges Changing Business Models Dynamic Threat Landscape Complexity and Fragmentation A community that hides in plain sight avoids detection and attacks swiftly 60% of data is stolen in HOURS 85% of point-of-sale intrusions aren t discovered for WEEKS 54% of breaches remain undiscovered for MONTHS 51% increase of companies reporting a $10M loss or more in the last YEAR START HOURS WEEKS MONTHS YEARS
6 Security Challenges Changing Business Models Dynamic Threat Landscape Complexity and Fragmentation Complexity Fragmentation Talent x Security Vendors for Some Customers Security Vendors at RSA Demand for Security Talent
7 The Reality: Organizations Are Under Attack 95% of large companies targeted by malicious traffic 100% of organizations interacted with websites hosting malware Source: 2014 Cisco Annual Security Report Cybercrime is lucrative, barrier to entry is low Hackers are smarter and have the resources to compromise your organization Malware is more sophisticated Organizations face tens of thousands of new malware samples per hour Phishing, Low Sophistication Hacking Becomes an Industry Sophisticated Attacks, Complex Landscape Viruses Worms Spyware and Rootkits 2005 Today APTs Cyberware Today +
8 Comprehensive Security Requires Breach Prevention Rapid Breach Detection, Response, Remediation Threat Intelligence Source: erage-of new-malware-t hreats- per- day- in html
9 The Full Attack Continuum Attack Continuum BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Network Endpoint Mobile Virtual Cloud & Web Point-in-time Continuous
10 Mapping Technologies to the Model Attack Continuum BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Firewall Patch Mgmt IPS IDS AMP App Control Vuln Mgmt Antivirus FPC Log Mgmt VPN IAM/NAC /Web Forensics SIEM Visibility and Context Secure DC, Enterprise Licensing Agreement, Enterprise Mobility
11 FireSIGHT Sees Everything CATEGORIES EXAMPLES SOURCEFIRE NGIPS & NGFW TYPICAL IPS Threats Attacks, Anomalies Users AD, LDAP, POP3 Web Applications Facebook Chat, Ebay Application Protocols HTTP, SMTP, SSH File Transfers PDF, Office, EXE, JAR Malw are Conficker, Flame Command & Control Servers C&C Security Intelligence Client Applications Firefox, IE6, BitTorrent Netw ork Servers Apache 2.3.1, IIS4 Operating Systems Window s, Linux Routers & Sw itches Cisco, Nortel, Wireless Mobile Devices iphone, Android, Jail Printers HP, Xerox, Canon VoIP Phones Avaya, Polycom Virtual Machines VMw are, Xen, RHEV Information Superiority Contextual Awareness TYPICAL NGFW
12 FireSIGHT Enables Automation IT Insight Spot rogue hosts, anomalies, policy violations, and more Impact Assessment Threat correlation reduces actionable events by up to 99% Automated Tuning Adjust IPS policies automatically based on network change User Identification Associate users with security and compliance events
13 FireSight Demo
14 Cisco Advanced Malware Protection Built on unmatched collective security intelligence Cisco Collective Security Intelligence WWW Cisco Collective Security Intelligence Cloud Endpoints Web Networks IPS Devices Automatic Updates in real-time 1.6 million global sensors 100 TB of data received per day 150 million+ deployed endpoints 600 engineers, technicians, and researchers 35% w orldw ide traffic 13 billion w eb requests 24x7x365 operations 4.3 billion w eb blocks per day 40+ languages 1.1 million incoming malw are samples per day AMP Community Private/Public Threat Feeds Talos Security Intelligence AMP Threat Grid Cisco Intelligence and/or its affiliates. All rights reserved. AMP Threat Grid Dynamic Analysis 10 million files/month Advanced Microsoft and Industry Disclosures Snort and ClamAV Open Source Communities AEGIS Program
15 Cisco AMP Delivers A Better Approach Point-in-Time Protection Retrospective Security File Reputation, Sandboxing and Behavioral Detection Continuous Analysis Unique To Cisco AMP
16 Cisco AMP Defends With Reputation Filtering And Behavioral Detection Reputation Filtering Point-in-Time Protection Behavioral Detection Cisco Collective Security Intelligence Continuous Protection File Reputation & Behavioral Detection Unique to Cisco AMP Retrospective Security One-to-One Signature Fuzzy Finger-printing Machine Learning Indications of Compromise Dynamic Analysis Advanced Analytics Device Flow Correlation
17 Reputation Filtering Is Built On Three Features Reputation Filtering Behavioral Detection Unknown file is encountered, signature is analyzed, sent to cloud File is not known to be malicious and is admitted Unknown file is encountered, signature is analyzed, sent to cloud File s signature is known to be malicious and is prevented from entering the system Collective Security Intelligence Cloud One-to-One Signature Fuzzy Finger-printing Machine Learning Indications of Compromise Dynamic Analysis Advanced Analytics Device Flow Correlation
18 Reputation Filtering Is Built On Three Features Reputation Filtering Behavioral Detection Fingerprint of file is analyzed and determined to be malicious Malicious file is not allowed entry Polymorphic form of the same file tries to enter the system The fingerprints of the two files are compared and found to be similar to one another Polymorphic malware is denied entry based on its similarity to known malware Collective Security Intelligence Cloud One-to-One Signature Fuzzy Finger-printing Machine Learning Indications of Compromise Dynamic Analysis Advanced Analytics Device Flow Correlation
19 Reputation Filtering Is Built On Three Features 1 Unknown file s metadata is sent to the cloud to be analyzed 2 Metadata is recognized as possible malware Collectiv e Security Intelligence Cloud to-one ature Fuzzy Finger-printing Machine Learning File is compared to known malware and is confirmed as malware A second unknown file s metadata is sent to cloud to be analyzed Metadata is similar to known clean file, possibly clean File is confirmed as a clean file after being compared to a 6 similarly clean file Indications of Compromise Dynamic Analysis Advanced Analytics Machine Learning Decision Tree Possible malware Device Flow Correlation Possible clean f ile Conf irmed malware Conf irmed clean f ile Conf irmed malware Conf irmed clean f ile
20 Behavioral Detection Is Built On Four Features File of unknown disposition is encountered File replicates itself and this inf ormation is communicated to the cloud File communicates with malicious IP addresses or starts downloading files with known malware disposition Combination of activities indicates a compromise and the behavior is reported to the cloud and AMP client These indications are prioritized and reported to security team as possible compromise zzy -printing Machine Learning Indications of Compromise Dynamic Analysis Advanced Analytics Device Flow Correlation Collective Security Intelligence Cloud
21 Behavioral Detection Is Built On Four Features 1 Dynamic Analysis Engine executes unknown files in onpremise or cloud sandboxes powered by AMP Threat Grid 2 Two files are determined to be malware, one is confirmed as clean 3 Intelligence Cloud is updated with analysis results and retrospective alerts are broadcast to users hine rning Indications of Compromise Dynamic Analysis Advanced Analytics Device Flow Correlation Collective Security Intelligence Cloud AMP Threat Grid Sandbox Collective User Base
22 Behavioral Detection Is Built On Four Features 1 Receives information regarding software unidentified by Reputation Filtering appliances Receives context regarding unknown software from Collective Collective Security 2 Collective User Base Intelligence Cloud User Base 3 Analyzes file in light of the information and context provided AMP Threat Grid Analysis 4 Identifies the advanced malware and communicates the new signature to the user base ations promise Dynamic Analysis Advanced Analytics Device Flow Correlation
23 Behavioral Detection Is Built On Four Features Device Flow Correlation monitors communications of a host on the network Two unknown files are seen communicating with a particular IP address One is sending information to the IP address, the other is receiving commands from the IP address Collective Security Intelligence Cloud recognizes the external IP as a confirmed, malicious site Unknown files are identified as malware because of the association IP: Collective Security Intelligence Cloud amic lysis Advanced Analytics Device Flow Correlation
24 Cisco AMP Delivers A Better Approach Point-in-Time Detection Retrospective Security File Reputation & Behavioral Detection Continuous Protection Unique to Cisco AMP
25 Cisco AMP Defends With Retrospective Security To be effective, you have to be everywhere Continuously
26 Cisco AMP Provides Retrospective Security Continuous Analysis Attack Chain Weaving Behavioral Indications of Compromise Trajectory Elastic Search
27 Retrospective Security Is Built On Continuous Analysis Attack Chain Weaving 1 Behavioral Indications of Compromise Performs analysis the first time a file is seen 2 Persistently analyzes the file over time to see if the disposition is changed Trajectory Breach Hunting 3 Giving unmatched visibility into the path, actions or communications that are associated with a particular piece of software
28 Retrospective Security Is Built On Leverages retrospective capabilities in three ways: File Trajectory Process Monitoring Communications Monitoring Continuous Analysis Attack Chain Weaving Attack Chain Weaving analy zes the data collected by File Trajectory, Process and Behavioral Indications intelligence of Compromise Communication Monitoring to prov ide a new lev el of threat File Communications Process Trajectory Monitoring Monitoring Trajectory Breach Hunting records monitors the which the trajectory I/O applications activity of the of all software devices performing from on the device actions system to device
29 Retrospective Security Is Built On Behavioral Indications of Compromise uses continuous analysis and retrospection to monitor systems for suspicious and unexplained activity not just signatures! tinuous alysis Attack Chain Weaving Behavioral Indications of Compromise 1 An unknown file Trajectory is admitted into the network The unknown f ile copies itself to multiple machines 2 Breach Hunting 3 Duplicates content from the hard drive Sends duplicate content to an unknown IP address Leveraging the power of Attack Chain Weaving, AMP is able to recognize patterns and activities of a given file, and identify an action to look for across your environment rather than a file fingerprint or signature 4
30 Retrospective Security Is Built On File Trajectory 1 2 Unknown f ile is downloaded to dev ice Fingerprint is recorded and sent to cloud f or analysis Collective Security Intelligence Cloud ck Chain eaving Behavioral Indications of Compromise Trajectory The unknown f ile travels across the network to different devices File trajectory automatically records propagation of the file across the network Sandbox analy tics determines the f ile is malicious and notifies all dev ices Breach Hunting If f ile is deemed malicious, file trajectory can provide insight into which hosts are infected and it prov ides greater visibility into the extent of an infection Mobile Mobile Computer Mobile Computer Mobile Network Virtual Machine Virtual Machine
31 Retrospective Security Is Built On Device Trajectory 1 Unknown file is downloaded to a particular device 2 The file executes 3 Device trajectory records this, the parent processes, lineage, and all actions performed by the file Drive #1 Drive #2 Drive #3 vioral tions f omise Trajectory Breach Hunting 4 File is convicted as malicious and the user is alerted to the root cause and extent of the compromise Computer
32 Retrospective Security Is Built On vioral tions f omise Trajectory Elastic Search 1 Elastic Search is the ability to leverage the indicators generated by Behavioral IoC s to monitor and search for threats across an environment 2 Once a threat has been identified, it can be used to search for and identify if that threat exists anywhere else 3 This functionality enables quick searches to aid in the detection of files that remain unknown but are malicious
33 AMP Provides Contextual Awareness and Visibility Who Focus on these users first What These applications are affected Where The breach impacted these areas When How This is the scope of exposure over time Here is the origin and progression of the threat
34 There are several ways you can deploy AMP Deployment Options and Web; AMP on ASA CWS AMP for Networks (AMP on FirePOWER Network Appliance) PC / MAC Mobile AMP for Endpoints Virtua l AMP Private Cloud Virtual Appliance Method License with ESA, WSA, CWS, or ASA customers Snap into your network Install lightweight connector on endpoints On-premise Virtual Appliance Ideal for New or existing Cisco CWS, /Web Security, ASA customers IPS/NGFW customers Windows, Mac, Android, VMs High Privacy Environments Details ESA/WSA: Prime visibility into /web CWS: web and advanced malware protection in a cloud-delivered service AMP capabilities on ASA with FirePOWER Services Wide visibility inside network Broad selection of features- before, during and after an attack Comprehensive threat protection and response Granular visibility and control Widest selection of AMP features Private Cloud option for those with high privacy requirements For endpoints and networks
35 AMP Demo
36 Block Threats Before They Breach A US Bank Case Study BEFORE Challenge Solution Result Experienced security team of 7 supporting over 120 locations needed greater intelligence to quickly identify and stop threats. Current defenses alerted personnel and logged details but did nothing to aid investigation of the issue. Augmented intrusion prevention systems with AMP for Endpoint. After installation of AMP, a targeted attack was identified and remediated in half a day. 7 days after the initial attack, new business processes and intelligences implemented by AMP resulted in the immediate mitigation of a second targeted attack.
37 Identify Scope And Remediate Impact After Breach Power Utility Case Study AFTER Challenge Solution Result The company is a frequent victim of spear fishing campaigns with indications of infection emanating from multiple sources. Added AMP for Endpoints to a system already using FirePOWER to enable them to track and investigate suspicious file activity. The company gained complete visibility into their malware infections, determined the attack vector, assessed the impact to the network and made intelligent surgical decisions for remediation in a fraction of the time than it would take to respond manually.
38
39
40 How Cisco AMP Works: Network File Trajectory Use Case
41
42 An unknown file is present on IP: , having been downloaded from Firefox
43 At 10:57, the unknown file is from IP to IP:
44 Seven hours later the file is then transferred to a third device ( ) using an SMB application
45 The file is copied yet again onto a fourth device ( ) through the same SMB application a half hour later
46 The Cisco Collective Security Intelligence Cloud has learned this file is malicious and a retrospective event is raised for all four devices immediately.
47 At the same time, a device with the FireAMP endpoint connector reacts to the retrospective event and immediately stops and quarantines the newly detected malware
48 8 hours after the first attack, the Malware tries to re-enter the system through the original point of entry but is recognized and blocked.
49 DEMO TITLE
50
51 Protection Across Networks Netw ork Endpoint Content The Network platform uses indications of compromise, file analysis, and in this example file trajectory to show you exactly how malicious files have moved across the environment
52 Protection Across Endpoints Netw ork Endpoint Content The Endpoint platform has device trajectory, elastic search and outbreak control which in this example is shown quarantining recently detected malware on a device that has the FireAMP connector installed
53 Protection Across Web and Netw ork Endpoint Content AMP for Web and protects against malware threats in web and traffic by blocking known malware and issuing retrospective alerts when unknown files are convicted
Cisco Advanced Malware Protection. May 2016
Cisco Advanced Malware Protection May 2016 The Reality Organizations Are Under Attack and Malware Is Getting in 95% of large companies targeted by malicious traffic 100% Cybercrime is lucrative, barrier
More informationAdvanced Malware Protection. Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe
Advanced Malware Protection Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe How would you do security differently if you knew you were going to be hacked? Security Challenges Changing
More informationAgile Security Solutions
Agile Security Solutions Piotr Linke Security Engineer CISSP CISA CRISC CISM Open Source SNORT 2 Consider these guys All were smart. All had security. All were seriously compromised. 3 The Industrialization
More informationCisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017
Cisco Security Advanced Malware Protection Guillermo González Security Systems Engineer Octubre 2017 The New Security Model Attack Continuum Before During After Before Discover During Detect After Scope
More informationThe Internet of Everything is changing Everything
The Internet of Everything is changing Everything Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763 Global Security Sales Organization Changing Business Models Any Device
More informationNext Generation IPS and Advance Malware Protection. Mahmoud Rabi Consulting Systems Engineer - Security
Next Generation IPS and Advance Malware Protection Mahmoud Rabi Consulting Systems Engineer - Security Threat Landscape and Attack Continuum Today s Real World: Threats are evolving and evading traditional
More informationSourcefire and ThreatGrid. A new perspective on network security
Sourcefire and ThreatGrid A new perspective on network security Agenda An overview of traditional IPS solutions Next-Generation IPS Requirements Sourcefire Next-Generation IPS Advanced Malware Protection
More informationCisco Advanced Malware Protec3on
Cisco Advanced Malware Protec3on Malware is an ever- growing problem The Reality: Organiza3ons Are Under AAack 95% of large companies targeted by malicious traffic 100% of organiza3ons interacted with
More informationProtection - Before, During And After Attack
Advanced Malware Protection for FirePOWER TM BENEFITS Continuous detection of malware - immediately and retrospectively Inline detection of sophisticated malware that evades traditional network protections
More informationAdvanced Malware Protection: A Buyer s Guide
Advanced Malware Protection: A Buyer s Guide What You Will Learn This document will identify the essential capabilities you need in an advanced malware protection solution, the key questions you should
More informationFirewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků
Firewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků Jiří Tesař, CSE Security, jitesar@cisco.com CCIE #14558, SFCE #124266 Mapping Technologies to the
More informationCisco ASA with FirePOWER Services
Cisco ASA with FirePOWER Services TDM Thomas Jankowsky Consulting Systems Engineer May 2015 Introduction Industry s First Threat-Focused Next-Generation Firewall (NGFW) Proven Cisco ASA firewalling Industry-leading
More informationCisco Advanced Malware Protection for Endpoints. Donald J Case BizCare, Inc. Saturday, May 19, 2018
Cisco Advanced Malware Protection for Endpoints Donald J Case, Inc. Saturday, May 19, 2018 Every single attack that an organization experiences is either on an endpoint or it s headed there Malware is
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationA New Security Model for the IoE World. Henry Ong SE Manager - ASEAN Cisco Global Security Sales Organization
A New Security Model for the IoE World Henry Ong SE Manager - ASEAN Cisco Global Security Sales Organization Internet of Everything The Internet of Everything brings together people, process, data and
More informationPassit4Sure (50Q) Cisco Advanced Security Architecture for System Engineers
Passit4Sure.500-265 (50Q) Number: 500-265 Passing Score: 800 Time Limit: 120 min File Version: 5.8 Cisco 500-265 Advanced Security Architecture for System Engineers Today is big day for me as I passed
More informationCisco Security Exposed Through the Cyber Kill Chain
Cisco Forschung & Lehre Forum für Mecklenburg Vorpommern Cisco Security Exposed Through the Cyber Kill Chain Rene Straube CSE, Cisco Advanced Threat Solutions January, 2017 The Cisco Security Model BEFORE
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationCisco Advanced Malware Protection against WannaCry
Cisco Advanced Malware Protection against WannaCry "A false sense of security is worse than a true sense of insecurity" Senad Aruc Consulting Systems Engineer Advanced Threats Group Nils Roald Advanced
More informationIntelligent Cyber Security for Real World
Intelligent Cyber Security for Real World Simone Posti Security Account Manager Cisco GSSO June 2016 The Security Challenges Without integrated security, our data is at risk 60% of data is stolen in HOURS
More informationIntelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales
Intelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales The Industrialization of Hacking Sophisticated Attacks, Complex Landscape Hacking Becomes an Industry Phishing,
More informationThe Importance of Threat-Centric Security
The Importance of Threat-Centric Security Jay Iyer Distinguished Engineer, Office of the Security CTO Martin Roesch Vice President and Chief Architect, Cisco Security Business Group BRKSEC-2135 Agenda
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview Organizations today are under the constant threat of cyber attack, and security breaches happen every day. Cisco Advanced Malware
More informationCisco ASA 5500-X NGFW
Cisco ASA 5500-X NGFW Sieťová ochrana pre malé a stredné podniky pred modernými hrozbami Peter Mesjar CCIE 17428, Systémový Inžinier, Cisco What are we going to talk about Problem is THREATS How today
More informationThe Importance of Threat-Centric Security
The Importance of Threat-Centric Security Martin Roesch Vice President and Chief Architect, Cisco Security Business Group Leon Ward Group Product Manager, Security Innovation Agenda Today s Security Challenges
More informationCisco AMP Solution. Rene Straube CSE, Cisco Germany January 2017
Cisco AMP Solution Rene Straube CSE, Cisco Germany January 2017 The AMP Everywhere Architecture AMP Protection Across the Extended Network for an Integrated Threat Defense AMP Threat Intelligence Cloud
More informationCisco Cloud Security. How to Protect Business to Support Digital Transformation
Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,
More informationCisco Advanced Malware Protection for Networks
Data Sheet Cisco Advanced Malware Protection for Networks Product Overview Fighting malware effectively today requires new approaches, strategies, and technologies. Cisco Advanced Malware Protection (AMP)
More informationCisco Advanced Malware Protection for Networks
Data Sheet Cisco Advanced Malware Protection for Networks Product Overview Fighting malware effectively today requires new approaches, strategies, and technologies. Cisco Advanced Malware Protection (AMP)
More informationAn Investment Checklist
Next-Generation Addressing Advanced Firewalls: Web Threats Next-Generation Firewalls: What You Will Learn When you buy a next-generation firewall (NGFW), you want to determine whether the solution can
More informationSecurity Experts Webinar
Security Experts Webinar Content Security Email and Web Fabio Panada Consulting Systems Engineer Security Mauro Pellicioli Systems Engineer May 2016 Content Security - Agenda Threat Landscape Cisco Approach
More informationIntroduction to the Cisco Sourcefire NGIPS
Introduction to the Cisco Sourcefire NGIPS Gary Spiteri Consulting Security Engineer #clmel Are you a laugher or a liar? Problems with Traditional IPS Technology Overwhelms you with irrelevant events Doesn
More informationSnort: The World s Most Widely Deployed IPS Technology
Technology Brief Snort: The World s Most Widely Deployed IPS Technology Overview Martin Roesch, the founder of Sourcefire and chief security architect at Cisco, created Snort in 1998. Snort is an open-source,
More informationThe Internet of Everything is changing Everything
The Internet of Everything is changing Everything Next Generation Security John Tzortzakakis Security Solutions Architect, Security Business Group November 2014 Threat Landscape evolution 60% of data is
More informationCisco Customer Education
This session was recorded via Cisco WebEx! You can watch the live session recording via the following URL: Cisco Customer Education https://acecloud.webex.com/acecloud/lsr.php?rcid =2a9e13dcb37a4721b5c9fc97052488bb
More informationWe re ready. Are you?
We re ready. Are you? Defense against Multi-Vector Threats with Cisco Email and Web Security Usman Din Consulting Systems Engineer Agenda Threat Landscape Email and Web Solutions: Reputation Filtering
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect
Cisco Cyber Range Paul Qiu Senior Solutions Architect Cyber Range Service A platform to experience the intelligent Cyber Security for the real world What I hear, I forget What I see, I remember What I
More informationService Provider Security Architecture
Service Provider Security Architecture Andrew Turner Technical Marketing, Security Business Group April 12 th 2017 Digitization is disrupting the SP business The world has gone mobile Traffic growth, driven
More informationMAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER
MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric
More informationExpert Reference Series of White Papers. Cisco Completes the Security Picture with Sourcefire
Expert Reference Series of White Papers Cisco Completes the Security Picture with Sourcefire 1-800-COURSES www.globalknowledge.com Cisco Completes the Security Picture with Sourcefire Rich Hummel, CCNA,
More informationCognitive Threat Analytics Tech update
Cognitive Threat Analytics Tech update Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting Systems Engineer, Cyber Security, Denmark CTA CTA CTA Cognitive Threat Analytics
More informationCisco Advanced Malware Protection
Cisco Advanced Malware Protection Security Webinar Nikos Mourtzinos, CCIE#9763 Cisco Security Product Sales Specialist October 2016 Agenda AMP Malware - Today s Reality Cisco AMP Solution Components &
More informationTHE ACCENTURE CYBER DEFENSE SOLUTION
THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly
More informationDesign and Deployment of SourceFire NGIPS and NGFWL
Design and Deployment of SourceFire NGIPS and NGFWL BRKSEC - 2024 Marcel Skjald Consulting Systems Engineer Enterprise / Security Architect Abstract Overview of Session This technical session covers the
More informationHow to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption
How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist April 2018 New
More informationNGFW Requirements for SMBs and Distributed Enterprises
White Paper NGFW Requirements for SMBs and Distributed Enterprises The Case for NGFWs for SMBs The need for threat-focused next-generation firewalls (NGFWs) that can effectively mitigate risks that traditional
More informationAby se z toho bezpečnostní správci nezbláznili Cisco security integrace. Milan Habrcetl Cisco CyberSecurity Specialist Mikulov, 5. 9.
Aby se z toho bezpečnostní správci nezbláznili aneb Cisco security integrace Aby se z toho bezpečnostní správci nezbláznili Cisco security integrace Milan Habrcetl Cisco CyberSecurity Specialist Mikulov,
More informationMcAfee Advanced Threat Defense
Advanced Threat Defense Detect advanced malware Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationStopping Advanced Persistent Threats In Cloud and DataCenters
Stopping Advanced Persistent Threats In Cloud and DataCenters Frederik Van Roosendael PSE Belgium Luxembourg 10/9/2015 Copyright 2013 Trend Micro Inc. Agenda How Threats evolved Transforming Your Data
More informationEU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux
EU GENERAL DATA PROTECTION: TIME TO ACT Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux Is this the WAY you handle GDPR today 2 3 area s to consider
More informationAMP for Endpoints & Threat Grid
AMP for Endpoints & Threat Grid Response & Prevention Dean De Beer & Eric Hulse BRKSEC-2029 AMP Threat Grid Malware Analysis Engines & Techniques A little background Malware Analysis & Threat Intelligence
More informationSourcefire Network Security Analytics: Finding the Needle in the Haystack
Sourcefire Network Security Analytics: Finding the Needle in the Haystack Mark Pretty Consulting Systems Engineer #clmel Agenda Introduction The Sourcefire Solution Real-time Analytics On-Demand Analytics
More informationSecure solutions for advanced threats
Secure solutions for advanced email threats Threat-centric email security Cosmina Calin Virtual System Engineer November 2016 Get ahead of attackers with threat-centric security solutions In our live Security
More informationJoe Stocker, CISSP, MCITP, VTSP Patriot Consulting
Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office
More informationDelivering Integrated Cyber Defense for the Cloud Generation Darren Thomson
Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationForeScout ControlFabric TM Architecture
ForeScout ControlFabric TM Architecture IMPROVE MULTI-VENDOR SOLUTION EFFECTIVENESS, RESPONSE AND WORKFLOW AUTOMATION THROUGH COLLABORATION WITH INDUSTRY-LEADING TECHNOLOGY PARTNERS. The Challenge 50%
More informationSYMANTEC DATA CENTER SECURITY
SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information
More informationEvolution of Data Center Security Automated Security for Today s Dynamic Data Centers
Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers Speaker: Mun Hossain Director of Product Management - Security Business Group Cisco Twitter: @CiscoDCSecurity 2 Any
More informationSTAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response
STAY ONE STEP AHEAD OF THE CRIMINAL MIND F-Secure Rapid Detection & Response INTRO PROTECT YOUR BUSINESS AND ITS DATA AGAINST ADVANCED ATTACKS Effective pre-compromise threat prevention is the cornerstone
More informationCisco Advanced Malware Protection (AMP) for Endpoints Security Testing
Cisco Advanced Malware Protection (AMP) for Endpoints Security Testing 7 September 2018 DR180821E Miercom.com www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Test Summary... 4 3.0 Product Tested...
More informationSIEM Solutions from McAfee
SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationCisco s Appliance-based Content Security: IronPort and Web Security
Cisco s Appliance-based Content Security: IronPort E-mail and Web Security Hrvoje Dogan Consulting Systems Engineer, Security, Emerging Markets East 2010 Cisco and/or its affiliates. All rights reserved.
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationThreat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ
Threat Containment and Operations Yong Kwang Kek, Director of Presales SE, APJ 2018-07-19 1 1 2017 Infoblox Inc. All Rights 2013 Infoblox Inc. All Reserved. Rights Reserved. Three Aspects of Security #1
More informationCisco Comstor
Cisco Security @ Comstor 1 Agenda 1. Cisco Security Fundamentals Cyber Security? Cisco Security Solutions - Cisco NGFW - Cisco Umbrella Cisco Meraki, MR, MS, MV and MX Meraki Insight 2 1. Cisco Security
More informationGlobal vision. Local knowledge. Cisco Forum Kyiv Country Day Month Year
Global vision. Local knowledge. Cisco Forum Kyiv Country Day Month Year Firepower Next Generation Firewall Subtitle goes here William Young Security Solutions Architect, Global Security Architecture Team
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationTrend Micro and IBM Security QRadar SIEM
Trend Micro and IBM Security QRadar SIEM Ellen Knickle, PM QRadar Integrations Robert Tavares, VP IBM Strategic Partnership February 19, 2014 1 Agenda 1. Nature of the IBM Relationship with Trend Micro
More informationBREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response
BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response INTRO PROTECT YOUR BUSINESS AND ITS DATA AGAINST ADVANCED ATTACKS Effective pre-compromise threat prevention is the cornerstone of cyber security,
More informationThreat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN)
Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN) JP Vasseur, PhD - Cisco Fellow jpv@cisco.com Maik G. Seewald, CISSP Sr. Technical Lead maseewal@cisco.com June 2016 Cyber
More informationKey Security Measures to Enable Next-Generation Data Center Transformation
Key Security Measures to Enable Next-Generation Data Center Transformation Bill McGee Senior Manager, Security Solutions Cisco Systems, Inc. Agenda Data Center Security Challenges Secure DC Strategies
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect June 2016
Cisco Cyber Range Paul Qiu Senior Solutions Architect June 2016 What I hear, I forget What I see, I remember What I do, I understand ~ Confucius Agenda Agenda Cyber Range Highlights Cyber Range Overview
More informationHow Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity
How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity Why is the NIST framework important? GOH Seow Hiong Executive Director, Global Policy & Government Affairs, Asia Pacific
More informationSimplify Technology Deployments
Cisco Security Enterprise License Agreement: Simplify Technology Deployments The need for Pervasive Security Coverage Security measures can t be limited to certain areas of your business. Mobility has
More informationManaged Endpoint Defense
DATA SHEET Managed Endpoint Defense Powered by CB Defense Next-gen endpoint threat detection and response DEPLOY AND HARDEN. Rapidly deploy and optimize endpoint prevention with dedicated security experts
More informationThreat Centric Network Security
BRKSEC-2056 Threat Centric Network Security Ted Bedwell, Principal Engineer Network Threat Defence Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More informationFIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?
WHAT IS FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT? While firewalls started life simply protecting networks from outside hacks and attacks, the role of the firewall has greatly evolved to take
More informationSeceon s Open Threat Management software
Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real
More informationSIEM (Security Information Event Management)
SIEM (Security Information Event Management) Topic: SECURITY and RISK Presenter: Ron Hruby Topics Threat landscape Breaches and hacks Leadership and accountability Evolution of security technology What
More informationFully Integrated, Threat-Focused Next-Generation Firewall
Cisco Firepower NGFW Fully Integrated, Threat-Focused Next-Generation Firewall Fuat KILIÇ, fkilic@cisco.com, +905339284608 Security Consulting Systems Engineer, CCIE #21150 September 2016 Get ahead of
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationIBM Security Network Protection Solutions
Systems IBM Security IBM Security Network Protection Solutions Pre-emptive protection to keep you Ahead of the Threat Tanmay Shah Product Lead Network Protection Appliances IBM Security Systems 1 IBM Security
More informationProactive Approach to Cyber Security
Proactive roach to Cyber Security Jeffrey Neo Sales Director HP Enterprise Security Products Customers struggle to manage the security challenge Today, security is a board-level agenda item 2 Trends driving
More informationFile Policies and Advanced Malware Protection
The following topics provide an overview of file control, file policies, file rules, AMP cloud connections, and dynamic analysis connections. About, on page 1 File Control and Cisco AMP Basics, on page
More informationVisibility: The Foundation of your Cybersecurity Infrastructure. Marlin McFate Federal CTO, Riverbed
Visibility: The Foundation of your Cybersecurity Infrastructure Marlin McFate Federal CTO, Riverbed Detection is Only One Part of the Story Planning and Remediation are just as critical 20 18 Hackers Went
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationSobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.
Sobering statistics The frequency and sophistication of cybersecurity attacks are getting worse. 146 >63% $500B $3.8M The median # of days that attackers reside within a victim s network before detection
More informationNOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect
NOTHING IS WHAT IT SIEMs: COVER PAGE Simpler Way to Effective Threat Management TEMPLATE Dan Pitman Principal Security Architect Cybersecurity is harder than it should be 2 SIEM can be harder than it should
More informationIBM Next Generation Intrusion Prevention System
IBM Next Generation Intrusion Prevention System Fadly Yahaya SWAT Optimizing the World s Infrastructure Oct 2012 Moscow 2012 IBM Corporation Please note: IBM s statements regarding its plans, directions,
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationAre we breached? Deloitte's Cyber Threat Hunting
Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the
More informationThe Future of Threat Prevention
The Future of Threat Prevention Bricata is the leading developer of Next Generation Intrusion Prevention Systems (NGIPS) technology, providing innovative, disruptive, high-speed, high-performance network
More informationInnovative Cisco Security- Lösungen für den Endpoint Das Alpha und Omega unsere Next Gen Security
Innovative Cisco Security- Lösungen für den Endpoint Das Alpha und Omega unsere Next Gen Security Sven Kutzer Consulting Systems Engineer GSSO - CYBERSECURITY SALES Mittwoch, 7. März 2018 Challenges 2017
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More information