Network Visibility and Advanced Malware Protection. James Weathersby, Director Technical Marketing Gyorgy Acs, Consulting Security Engineer

Size: px
Start display at page:

Download "Network Visibility and Advanced Malware Protection. James Weathersby, Director Technical Marketing Gyorgy Acs, Consulting Security Engineer"

Transcription

1

2 Network Visibility and Advanced Malware Protection James Weathersby, Director Technical Marketing Gyorgy Acs, Consulting Security Engineer

3 Security Challenges Changing Business Models Dynamic Threat Landscape Complexity and Fragmentation

4 Security Challenges Changing Business Models Dynamic Threat Landscape Complexity and Fragmentation BYOD SOCIAL MEDIA CLOUD APP STORES 90% of organizations not fully aware of all network devices 14% of organizations had malware enter the corporate network through social media/web apps 5 10 times more cloud services are being used than known by IT 92% of top 500 Android apps carry security/privacy risks

5 Security Challenges Changing Business Models Dynamic Threat Landscape Complexity and Fragmentation A community that hides in plain sight avoids detection and attacks swiftly 60% of data is stolen in HOURS 85% of point-of-sale intrusions aren t discovered for WEEKS 54% of breaches remain undiscovered for MONTHS 51% increase of companies reporting a $10M loss or more in the last YEAR START HOURS WEEKS MONTHS YEARS

6 Security Challenges Changing Business Models Dynamic Threat Landscape Complexity and Fragmentation Complexity Fragmentation Talent x Security Vendors for Some Customers Security Vendors at RSA Demand for Security Talent

7 The Reality: Organizations Are Under Attack 95% of large companies targeted by malicious traffic 100% of organizations interacted with websites hosting malware Source: 2014 Cisco Annual Security Report Cybercrime is lucrative, barrier to entry is low Hackers are smarter and have the resources to compromise your organization Malware is more sophisticated Organizations face tens of thousands of new malware samples per hour Phishing, Low Sophistication Hacking Becomes an Industry Sophisticated Attacks, Complex Landscape Viruses Worms Spyware and Rootkits 2005 Today APTs Cyberware Today +

8 Comprehensive Security Requires Breach Prevention Rapid Breach Detection, Response, Remediation Threat Intelligence Source: erage-of new-malware-t hreats- per- day- in html

9 The Full Attack Continuum Attack Continuum BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Network Endpoint Mobile Virtual Cloud & Web Point-in-time Continuous

10 Mapping Technologies to the Model Attack Continuum BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Firewall Patch Mgmt IPS IDS AMP App Control Vuln Mgmt Antivirus FPC Log Mgmt VPN IAM/NAC /Web Forensics SIEM Visibility and Context Secure DC, Enterprise Licensing Agreement, Enterprise Mobility

11 FireSIGHT Sees Everything CATEGORIES EXAMPLES SOURCEFIRE NGIPS & NGFW TYPICAL IPS Threats Attacks, Anomalies Users AD, LDAP, POP3 Web Applications Facebook Chat, Ebay Application Protocols HTTP, SMTP, SSH File Transfers PDF, Office, EXE, JAR Malw are Conficker, Flame Command & Control Servers C&C Security Intelligence Client Applications Firefox, IE6, BitTorrent Netw ork Servers Apache 2.3.1, IIS4 Operating Systems Window s, Linux Routers & Sw itches Cisco, Nortel, Wireless Mobile Devices iphone, Android, Jail Printers HP, Xerox, Canon VoIP Phones Avaya, Polycom Virtual Machines VMw are, Xen, RHEV Information Superiority Contextual Awareness TYPICAL NGFW

12 FireSIGHT Enables Automation IT Insight Spot rogue hosts, anomalies, policy violations, and more Impact Assessment Threat correlation reduces actionable events by up to 99% Automated Tuning Adjust IPS policies automatically based on network change User Identification Associate users with security and compliance events

13 FireSight Demo

14 Cisco Advanced Malware Protection Built on unmatched collective security intelligence Cisco Collective Security Intelligence WWW Cisco Collective Security Intelligence Cloud Endpoints Web Networks IPS Devices Automatic Updates in real-time 1.6 million global sensors 100 TB of data received per day 150 million+ deployed endpoints 600 engineers, technicians, and researchers 35% w orldw ide traffic 13 billion w eb requests 24x7x365 operations 4.3 billion w eb blocks per day 40+ languages 1.1 million incoming malw are samples per day AMP Community Private/Public Threat Feeds Talos Security Intelligence AMP Threat Grid Cisco Intelligence and/or its affiliates. All rights reserved. AMP Threat Grid Dynamic Analysis 10 million files/month Advanced Microsoft and Industry Disclosures Snort and ClamAV Open Source Communities AEGIS Program

15 Cisco AMP Delivers A Better Approach Point-in-Time Protection Retrospective Security File Reputation, Sandboxing and Behavioral Detection Continuous Analysis Unique To Cisco AMP

16 Cisco AMP Defends With Reputation Filtering And Behavioral Detection Reputation Filtering Point-in-Time Protection Behavioral Detection Cisco Collective Security Intelligence Continuous Protection File Reputation & Behavioral Detection Unique to Cisco AMP Retrospective Security One-to-One Signature Fuzzy Finger-printing Machine Learning Indications of Compromise Dynamic Analysis Advanced Analytics Device Flow Correlation

17 Reputation Filtering Is Built On Three Features Reputation Filtering Behavioral Detection Unknown file is encountered, signature is analyzed, sent to cloud File is not known to be malicious and is admitted Unknown file is encountered, signature is analyzed, sent to cloud File s signature is known to be malicious and is prevented from entering the system Collective Security Intelligence Cloud One-to-One Signature Fuzzy Finger-printing Machine Learning Indications of Compromise Dynamic Analysis Advanced Analytics Device Flow Correlation

18 Reputation Filtering Is Built On Three Features Reputation Filtering Behavioral Detection Fingerprint of file is analyzed and determined to be malicious Malicious file is not allowed entry Polymorphic form of the same file tries to enter the system The fingerprints of the two files are compared and found to be similar to one another Polymorphic malware is denied entry based on its similarity to known malware Collective Security Intelligence Cloud One-to-One Signature Fuzzy Finger-printing Machine Learning Indications of Compromise Dynamic Analysis Advanced Analytics Device Flow Correlation

19 Reputation Filtering Is Built On Three Features 1 Unknown file s metadata is sent to the cloud to be analyzed 2 Metadata is recognized as possible malware Collectiv e Security Intelligence Cloud to-one ature Fuzzy Finger-printing Machine Learning File is compared to known malware and is confirmed as malware A second unknown file s metadata is sent to cloud to be analyzed Metadata is similar to known clean file, possibly clean File is confirmed as a clean file after being compared to a 6 similarly clean file Indications of Compromise Dynamic Analysis Advanced Analytics Machine Learning Decision Tree Possible malware Device Flow Correlation Possible clean f ile Conf irmed malware Conf irmed clean f ile Conf irmed malware Conf irmed clean f ile

20 Behavioral Detection Is Built On Four Features File of unknown disposition is encountered File replicates itself and this inf ormation is communicated to the cloud File communicates with malicious IP addresses or starts downloading files with known malware disposition Combination of activities indicates a compromise and the behavior is reported to the cloud and AMP client These indications are prioritized and reported to security team as possible compromise zzy -printing Machine Learning Indications of Compromise Dynamic Analysis Advanced Analytics Device Flow Correlation Collective Security Intelligence Cloud

21 Behavioral Detection Is Built On Four Features 1 Dynamic Analysis Engine executes unknown files in onpremise or cloud sandboxes powered by AMP Threat Grid 2 Two files are determined to be malware, one is confirmed as clean 3 Intelligence Cloud is updated with analysis results and retrospective alerts are broadcast to users hine rning Indications of Compromise Dynamic Analysis Advanced Analytics Device Flow Correlation Collective Security Intelligence Cloud AMP Threat Grid Sandbox Collective User Base

22 Behavioral Detection Is Built On Four Features 1 Receives information regarding software unidentified by Reputation Filtering appliances Receives context regarding unknown software from Collective Collective Security 2 Collective User Base Intelligence Cloud User Base 3 Analyzes file in light of the information and context provided AMP Threat Grid Analysis 4 Identifies the advanced malware and communicates the new signature to the user base ations promise Dynamic Analysis Advanced Analytics Device Flow Correlation

23 Behavioral Detection Is Built On Four Features Device Flow Correlation monitors communications of a host on the network Two unknown files are seen communicating with a particular IP address One is sending information to the IP address, the other is receiving commands from the IP address Collective Security Intelligence Cloud recognizes the external IP as a confirmed, malicious site Unknown files are identified as malware because of the association IP: Collective Security Intelligence Cloud amic lysis Advanced Analytics Device Flow Correlation

24 Cisco AMP Delivers A Better Approach Point-in-Time Detection Retrospective Security File Reputation & Behavioral Detection Continuous Protection Unique to Cisco AMP

25 Cisco AMP Defends With Retrospective Security To be effective, you have to be everywhere Continuously

26 Cisco AMP Provides Retrospective Security Continuous Analysis Attack Chain Weaving Behavioral Indications of Compromise Trajectory Elastic Search

27 Retrospective Security Is Built On Continuous Analysis Attack Chain Weaving 1 Behavioral Indications of Compromise Performs analysis the first time a file is seen 2 Persistently analyzes the file over time to see if the disposition is changed Trajectory Breach Hunting 3 Giving unmatched visibility into the path, actions or communications that are associated with a particular piece of software

28 Retrospective Security Is Built On Leverages retrospective capabilities in three ways: File Trajectory Process Monitoring Communications Monitoring Continuous Analysis Attack Chain Weaving Attack Chain Weaving analy zes the data collected by File Trajectory, Process and Behavioral Indications intelligence of Compromise Communication Monitoring to prov ide a new lev el of threat File Communications Process Trajectory Monitoring Monitoring Trajectory Breach Hunting records monitors the which the trajectory I/O applications activity of the of all software devices performing from on the device actions system to device

29 Retrospective Security Is Built On Behavioral Indications of Compromise uses continuous analysis and retrospection to monitor systems for suspicious and unexplained activity not just signatures! tinuous alysis Attack Chain Weaving Behavioral Indications of Compromise 1 An unknown file Trajectory is admitted into the network The unknown f ile copies itself to multiple machines 2 Breach Hunting 3 Duplicates content from the hard drive Sends duplicate content to an unknown IP address Leveraging the power of Attack Chain Weaving, AMP is able to recognize patterns and activities of a given file, and identify an action to look for across your environment rather than a file fingerprint or signature 4

30 Retrospective Security Is Built On File Trajectory 1 2 Unknown f ile is downloaded to dev ice Fingerprint is recorded and sent to cloud f or analysis Collective Security Intelligence Cloud ck Chain eaving Behavioral Indications of Compromise Trajectory The unknown f ile travels across the network to different devices File trajectory automatically records propagation of the file across the network Sandbox analy tics determines the f ile is malicious and notifies all dev ices Breach Hunting If f ile is deemed malicious, file trajectory can provide insight into which hosts are infected and it prov ides greater visibility into the extent of an infection Mobile Mobile Computer Mobile Computer Mobile Network Virtual Machine Virtual Machine

31 Retrospective Security Is Built On Device Trajectory 1 Unknown file is downloaded to a particular device 2 The file executes 3 Device trajectory records this, the parent processes, lineage, and all actions performed by the file Drive #1 Drive #2 Drive #3 vioral tions f omise Trajectory Breach Hunting 4 File is convicted as malicious and the user is alerted to the root cause and extent of the compromise Computer

32 Retrospective Security Is Built On vioral tions f omise Trajectory Elastic Search 1 Elastic Search is the ability to leverage the indicators generated by Behavioral IoC s to monitor and search for threats across an environment 2 Once a threat has been identified, it can be used to search for and identify if that threat exists anywhere else 3 This functionality enables quick searches to aid in the detection of files that remain unknown but are malicious

33 AMP Provides Contextual Awareness and Visibility Who Focus on these users first What These applications are affected Where The breach impacted these areas When How This is the scope of exposure over time Here is the origin and progression of the threat

34 There are several ways you can deploy AMP Deployment Options and Web; AMP on ASA CWS AMP for Networks (AMP on FirePOWER Network Appliance) PC / MAC Mobile AMP for Endpoints Virtua l AMP Private Cloud Virtual Appliance Method License with ESA, WSA, CWS, or ASA customers Snap into your network Install lightweight connector on endpoints On-premise Virtual Appliance Ideal for New or existing Cisco CWS, /Web Security, ASA customers IPS/NGFW customers Windows, Mac, Android, VMs High Privacy Environments Details ESA/WSA: Prime visibility into /web CWS: web and advanced malware protection in a cloud-delivered service AMP capabilities on ASA with FirePOWER Services Wide visibility inside network Broad selection of features- before, during and after an attack Comprehensive threat protection and response Granular visibility and control Widest selection of AMP features Private Cloud option for those with high privacy requirements For endpoints and networks

35 AMP Demo

36 Block Threats Before They Breach A US Bank Case Study BEFORE Challenge Solution Result Experienced security team of 7 supporting over 120 locations needed greater intelligence to quickly identify and stop threats. Current defenses alerted personnel and logged details but did nothing to aid investigation of the issue. Augmented intrusion prevention systems with AMP for Endpoint. After installation of AMP, a targeted attack was identified and remediated in half a day. 7 days after the initial attack, new business processes and intelligences implemented by AMP resulted in the immediate mitigation of a second targeted attack.

37 Identify Scope And Remediate Impact After Breach Power Utility Case Study AFTER Challenge Solution Result The company is a frequent victim of spear fishing campaigns with indications of infection emanating from multiple sources. Added AMP for Endpoints to a system already using FirePOWER to enable them to track and investigate suspicious file activity. The company gained complete visibility into their malware infections, determined the attack vector, assessed the impact to the network and made intelligent surgical decisions for remediation in a fraction of the time than it would take to respond manually.

38

39

40 How Cisco AMP Works: Network File Trajectory Use Case

41

42 An unknown file is present on IP: , having been downloaded from Firefox

43 At 10:57, the unknown file is from IP to IP:

44 Seven hours later the file is then transferred to a third device ( ) using an SMB application

45 The file is copied yet again onto a fourth device ( ) through the same SMB application a half hour later

46 The Cisco Collective Security Intelligence Cloud has learned this file is malicious and a retrospective event is raised for all four devices immediately.

47 At the same time, a device with the FireAMP endpoint connector reacts to the retrospective event and immediately stops and quarantines the newly detected malware

48 8 hours after the first attack, the Malware tries to re-enter the system through the original point of entry but is recognized and blocked.

49 DEMO TITLE

50

51 Protection Across Networks Netw ork Endpoint Content The Network platform uses indications of compromise, file analysis, and in this example file trajectory to show you exactly how malicious files have moved across the environment

52 Protection Across Endpoints Netw ork Endpoint Content The Endpoint platform has device trajectory, elastic search and outbreak control which in this example is shown quarantining recently detected malware on a device that has the FireAMP connector installed

53 Protection Across Web and Netw ork Endpoint Content AMP for Web and protects against malware threats in web and traffic by blocking known malware and issuing retrospective alerts when unknown files are convicted

Cisco Advanced Malware Protection. May 2016

Cisco Advanced Malware Protection. May 2016 Cisco Advanced Malware Protection May 2016 The Reality Organizations Are Under Attack and Malware Is Getting in 95% of large companies targeted by malicious traffic 100% Cybercrime is lucrative, barrier

More information

Advanced Malware Protection. Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe

Advanced Malware Protection. Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe Advanced Malware Protection Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe How would you do security differently if you knew you were going to be hacked? Security Challenges Changing

More information

Agile Security Solutions

Agile Security Solutions Agile Security Solutions Piotr Linke Security Engineer CISSP CISA CRISC CISM Open Source SNORT 2 Consider these guys All were smart. All had security. All were seriously compromised. 3 The Industrialization

More information

Cisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017

Cisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017 Cisco Security Advanced Malware Protection Guillermo González Security Systems Engineer Octubre 2017 The New Security Model Attack Continuum Before During After Before Discover During Detect After Scope

More information

The Internet of Everything is changing Everything

The Internet of Everything is changing Everything The Internet of Everything is changing Everything Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763 Global Security Sales Organization Changing Business Models Any Device

More information

Next Generation IPS and Advance Malware Protection. Mahmoud Rabi Consulting Systems Engineer - Security

Next Generation IPS and Advance Malware Protection. Mahmoud Rabi Consulting Systems Engineer - Security Next Generation IPS and Advance Malware Protection Mahmoud Rabi Consulting Systems Engineer - Security Threat Landscape and Attack Continuum Today s Real World: Threats are evolving and evading traditional

More information

Sourcefire and ThreatGrid. A new perspective on network security

Sourcefire and ThreatGrid. A new perspective on network security Sourcefire and ThreatGrid A new perspective on network security Agenda An overview of traditional IPS solutions Next-Generation IPS Requirements Sourcefire Next-Generation IPS Advanced Malware Protection

More information

Cisco Advanced Malware Protec3on

Cisco Advanced Malware Protec3on Cisco Advanced Malware Protec3on Malware is an ever- growing problem The Reality: Organiza3ons Are Under AAack 95% of large companies targeted by malicious traffic 100% of organiza3ons interacted with

More information

Protection - Before, During And After Attack

Protection - Before, During And After Attack Advanced Malware Protection for FirePOWER TM BENEFITS Continuous detection of malware - immediately and retrospectively Inline detection of sophisticated malware that evades traditional network protections

More information

Advanced Malware Protection: A Buyer s Guide

Advanced Malware Protection: A Buyer s Guide Advanced Malware Protection: A Buyer s Guide What You Will Learn This document will identify the essential capabilities you need in an advanced malware protection solution, the key questions you should

More information

Firewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků

Firewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků Firewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků Jiří Tesař, CSE Security, jitesar@cisco.com CCIE #14558, SFCE #124266 Mapping Technologies to the

More information

Cisco ASA with FirePOWER Services

Cisco ASA with FirePOWER Services Cisco ASA with FirePOWER Services TDM Thomas Jankowsky Consulting Systems Engineer May 2015 Introduction Industry s First Threat-Focused Next-Generation Firewall (NGFW) Proven Cisco ASA firewalling Industry-leading

More information

Cisco Advanced Malware Protection for Endpoints. Donald J Case BizCare, Inc. Saturday, May 19, 2018

Cisco Advanced Malware Protection for Endpoints. Donald J Case BizCare, Inc. Saturday, May 19, 2018 Cisco Advanced Malware Protection for Endpoints Donald J Case, Inc. Saturday, May 19, 2018 Every single attack that an organization experiences is either on an endpoint or it s headed there Malware is

More information

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Cisco Firepower NGFW. Anticipate, block, and respond to threats Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid

More information

A New Security Model for the IoE World. Henry Ong SE Manager - ASEAN Cisco Global Security Sales Organization

A New Security Model for the IoE World. Henry Ong SE Manager - ASEAN Cisco Global Security Sales Organization A New Security Model for the IoE World Henry Ong SE Manager - ASEAN Cisco Global Security Sales Organization Internet of Everything The Internet of Everything brings together people, process, data and

More information

Passit4Sure (50Q) Cisco Advanced Security Architecture for System Engineers

Passit4Sure (50Q) Cisco Advanced Security Architecture for System Engineers Passit4Sure.500-265 (50Q) Number: 500-265 Passing Score: 800 Time Limit: 120 min File Version: 5.8 Cisco 500-265 Advanced Security Architecture for System Engineers Today is big day for me as I passed

More information

Cisco Security Exposed Through the Cyber Kill Chain

Cisco Security Exposed Through the Cyber Kill Chain Cisco Forschung & Lehre Forum für Mecklenburg Vorpommern Cisco Security Exposed Through the Cyber Kill Chain Rene Straube CSE, Cisco Advanced Threat Solutions January, 2017 The Cisco Security Model BEFORE

More information

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Cisco Firepower NGFW. Anticipate, block, and respond to threats Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years

More information

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.

More information

Cisco Advanced Malware Protection against WannaCry

Cisco Advanced Malware Protection against WannaCry Cisco Advanced Malware Protection against WannaCry "A false sense of security is worse than a true sense of insecurity" Senad Aruc Consulting Systems Engineer Advanced Threats Group Nils Roald Advanced

More information

Intelligent Cyber Security for Real World

Intelligent Cyber Security for Real World Intelligent Cyber Security for Real World Simone Posti Security Account Manager Cisco GSSO June 2016 The Security Challenges Without integrated security, our data is at risk 60% of data is stolen in HOURS

More information

Intelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales

Intelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales Intelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales The Industrialization of Hacking Sophisticated Attacks, Complex Landscape Hacking Becomes an Industry Phishing,

More information

The Importance of Threat-Centric Security

The Importance of Threat-Centric Security The Importance of Threat-Centric Security Jay Iyer Distinguished Engineer, Office of the Security CTO Martin Roesch Vice President and Chief Architect, Cisco Security Business Group BRKSEC-2135 Agenda

More information

Cisco Advanced Malware Protection for Endpoints

Cisco Advanced Malware Protection for Endpoints Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview Organizations today are under the constant threat of cyber attack, and security breaches happen every day. Cisco Advanced Malware

More information

Cisco ASA 5500-X NGFW

Cisco ASA 5500-X NGFW Cisco ASA 5500-X NGFW Sieťová ochrana pre malé a stredné podniky pred modernými hrozbami Peter Mesjar CCIE 17428, Systémový Inžinier, Cisco What are we going to talk about Problem is THREATS How today

More information

The Importance of Threat-Centric Security

The Importance of Threat-Centric Security The Importance of Threat-Centric Security Martin Roesch Vice President and Chief Architect, Cisco Security Business Group Leon Ward Group Product Manager, Security Innovation Agenda Today s Security Challenges

More information

Cisco AMP Solution. Rene Straube CSE, Cisco Germany January 2017

Cisco AMP Solution. Rene Straube CSE, Cisco Germany January 2017 Cisco AMP Solution Rene Straube CSE, Cisco Germany January 2017 The AMP Everywhere Architecture AMP Protection Across the Extended Network for an Integrated Threat Defense AMP Threat Intelligence Cloud

More information

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Cisco Cloud Security. How to Protect Business to Support Digital Transformation Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,

More information

Cisco Advanced Malware Protection for Networks

Cisco Advanced Malware Protection for Networks Data Sheet Cisco Advanced Malware Protection for Networks Product Overview Fighting malware effectively today requires new approaches, strategies, and technologies. Cisco Advanced Malware Protection (AMP)

More information

Cisco Advanced Malware Protection for Networks

Cisco Advanced Malware Protection for Networks Data Sheet Cisco Advanced Malware Protection for Networks Product Overview Fighting malware effectively today requires new approaches, strategies, and technologies. Cisco Advanced Malware Protection (AMP)

More information

An Investment Checklist

An Investment Checklist Next-Generation Addressing Advanced Firewalls: Web Threats Next-Generation Firewalls: What You Will Learn When you buy a next-generation firewall (NGFW), you want to determine whether the solution can

More information

Security Experts Webinar

Security Experts Webinar Security Experts Webinar Content Security Email and Web Fabio Panada Consulting Systems Engineer Security Mauro Pellicioli Systems Engineer May 2016 Content Security - Agenda Threat Landscape Cisco Approach

More information

Introduction to the Cisco Sourcefire NGIPS

Introduction to the Cisco Sourcefire NGIPS Introduction to the Cisco Sourcefire NGIPS Gary Spiteri Consulting Security Engineer #clmel Are you a laugher or a liar? Problems with Traditional IPS Technology Overwhelms you with irrelevant events Doesn

More information

Snort: The World s Most Widely Deployed IPS Technology

Snort: The World s Most Widely Deployed IPS Technology Technology Brief Snort: The World s Most Widely Deployed IPS Technology Overview Martin Roesch, the founder of Sourcefire and chief security architect at Cisco, created Snort in 1998. Snort is an open-source,

More information

The Internet of Everything is changing Everything

The Internet of Everything is changing Everything The Internet of Everything is changing Everything Next Generation Security John Tzortzakakis Security Solutions Architect, Security Business Group November 2014 Threat Landscape evolution 60% of data is

More information

Cisco Customer Education

Cisco Customer Education This session was recorded via Cisco WebEx! You can watch the live session recording via the following URL: Cisco Customer Education https://acecloud.webex.com/acecloud/lsr.php?rcid =2a9e13dcb37a4721b5c9fc97052488bb

More information

We re ready. Are you?

We re ready. Are you? We re ready. Are you? Defense against Multi-Vector Threats with Cisco Email and Web Security Usman Din Consulting Systems Engineer Agenda Threat Landscape Email and Web Solutions: Reputation Filtering

More information

CloudSOC and Security.cloud for Microsoft Office 365

CloudSOC and  Security.cloud for Microsoft Office 365 Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed

More information

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

Cisco Cyber Range. Paul Qiu Senior Solutions Architect Cisco Cyber Range Paul Qiu Senior Solutions Architect Cyber Range Service A platform to experience the intelligent Cyber Security for the real world What I hear, I forget What I see, I remember What I

More information

Service Provider Security Architecture

Service Provider Security Architecture Service Provider Security Architecture Andrew Turner Technical Marketing, Security Business Group April 12 th 2017 Digitization is disrupting the SP business The world has gone mobile Traffic growth, driven

More information

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric

More information

Expert Reference Series of White Papers. Cisco Completes the Security Picture with Sourcefire

Expert Reference Series of White Papers. Cisco Completes the Security Picture with Sourcefire Expert Reference Series of White Papers Cisco Completes the Security Picture with Sourcefire 1-800-COURSES www.globalknowledge.com Cisco Completes the Security Picture with Sourcefire Rich Hummel, CCNA,

More information

Cognitive Threat Analytics Tech update

Cognitive Threat Analytics Tech update Cognitive Threat Analytics Tech update Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting Systems Engineer, Cyber Security, Denmark CTA CTA CTA Cognitive Threat Analytics

More information

Cisco Advanced Malware Protection

Cisco Advanced Malware Protection Cisco Advanced Malware Protection Security Webinar Nikos Mourtzinos, CCIE#9763 Cisco Security Product Sales Specialist October 2016 Agenda AMP Malware - Today s Reality Cisco AMP Solution Components &

More information

THE ACCENTURE CYBER DEFENSE SOLUTION

THE ACCENTURE CYBER DEFENSE SOLUTION THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly

More information

Design and Deployment of SourceFire NGIPS and NGFWL

Design and Deployment of SourceFire NGIPS and NGFWL Design and Deployment of SourceFire NGIPS and NGFWL BRKSEC - 2024 Marcel Skjald Consulting Systems Engineer Enterprise / Security Architect Abstract Overview of Session This technical session covers the

More information

How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption

How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist April 2018 New

More information

NGFW Requirements for SMBs and Distributed Enterprises

NGFW Requirements for SMBs and Distributed Enterprises White Paper NGFW Requirements for SMBs and Distributed Enterprises The Case for NGFWs for SMBs The need for threat-focused next-generation firewalls (NGFWs) that can effectively mitigate risks that traditional

More information

Aby se z toho bezpečnostní správci nezbláznili Cisco security integrace. Milan Habrcetl Cisco CyberSecurity Specialist Mikulov, 5. 9.

Aby se z toho bezpečnostní správci nezbláznili Cisco security integrace. Milan Habrcetl Cisco CyberSecurity Specialist Mikulov, 5. 9. Aby se z toho bezpečnostní správci nezbláznili aneb Cisco security integrace Aby se z toho bezpečnostní správci nezbláznili Cisco security integrace Milan Habrcetl Cisco CyberSecurity Specialist Mikulov,

More information

McAfee Advanced Threat Defense

McAfee Advanced Threat Defense Advanced Threat Defense Detect advanced malware Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike

More information

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches

More information

Stopping Advanced Persistent Threats In Cloud and DataCenters

Stopping Advanced Persistent Threats In Cloud and DataCenters Stopping Advanced Persistent Threats In Cloud and DataCenters Frederik Van Roosendael PSE Belgium Luxembourg 10/9/2015 Copyright 2013 Trend Micro Inc. Agenda How Threats evolved Transforming Your Data

More information

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux EU GENERAL DATA PROTECTION: TIME TO ACT Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux Is this the WAY you handle GDPR today 2 3 area s to consider

More information

AMP for Endpoints & Threat Grid

AMP for Endpoints & Threat Grid AMP for Endpoints & Threat Grid Response & Prevention Dean De Beer & Eric Hulse BRKSEC-2029 AMP Threat Grid Malware Analysis Engines & Techniques A little background Malware Analysis & Threat Intelligence

More information

Sourcefire Network Security Analytics: Finding the Needle in the Haystack

Sourcefire Network Security Analytics: Finding the Needle in the Haystack Sourcefire Network Security Analytics: Finding the Needle in the Haystack Mark Pretty Consulting Systems Engineer #clmel Agenda Introduction The Sourcefire Solution Real-time Analytics On-Demand Analytics

More information

Secure solutions for advanced threats

Secure solutions for advanced  threats Secure solutions for advanced email threats Threat-centric email security Cosmina Calin Virtual System Engineer November 2016 Get ahead of attackers with threat-centric security solutions In our live Security

More information

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office

More information

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582

More information

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive

More information

ForeScout ControlFabric TM Architecture

ForeScout ControlFabric TM Architecture ForeScout ControlFabric TM Architecture IMPROVE MULTI-VENDOR SOLUTION EFFECTIVENESS, RESPONSE AND WORKFLOW AUTOMATION THROUGH COLLABORATION WITH INDUSTRY-LEADING TECHNOLOGY PARTNERS. The Challenge 50%

More information

SYMANTEC DATA CENTER SECURITY

SYMANTEC DATA CENTER SECURITY SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information

More information

Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers

Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers Speaker: Mun Hossain Director of Product Management - Security Business Group Cisco Twitter: @CiscoDCSecurity 2 Any

More information

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response STAY ONE STEP AHEAD OF THE CRIMINAL MIND F-Secure Rapid Detection & Response INTRO PROTECT YOUR BUSINESS AND ITS DATA AGAINST ADVANCED ATTACKS Effective pre-compromise threat prevention is the cornerstone

More information

Cisco Advanced Malware Protection (AMP) for Endpoints Security Testing

Cisco Advanced Malware Protection (AMP) for Endpoints Security Testing Cisco Advanced Malware Protection (AMP) for Endpoints Security Testing 7 September 2018 DR180821E Miercom.com www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Test Summary... 4 3.0 Product Tested...

More information

SIEM Solutions from McAfee

SIEM Solutions from McAfee SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an

More information

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Transforming Security from Defense in Depth to Comprehensive Security Assurance Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new

More information

Cisco s Appliance-based Content Security: IronPort and Web Security

Cisco s Appliance-based Content Security: IronPort  and Web Security Cisco s Appliance-based Content Security: IronPort E-mail and Web Security Hrvoje Dogan Consulting Systems Engineer, Security, Emerging Markets East 2010 Cisco and/or its affiliates. All rights reserved.

More information

Compare Security Analytics Solutions

Compare Security Analytics Solutions Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch

More information

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ Threat Containment and Operations Yong Kwang Kek, Director of Presales SE, APJ 2018-07-19 1 1 2017 Infoblox Inc. All Rights 2013 Infoblox Inc. All Reserved. Rights Reserved. Three Aspects of Security #1

More information

Cisco Comstor

Cisco Comstor Cisco Security @ Comstor 1 Agenda 1. Cisco Security Fundamentals Cyber Security? Cisco Security Solutions - Cisco NGFW - Cisco Umbrella Cisco Meraki, MR, MS, MV and MX Meraki Insight 2 1. Cisco Security

More information

Global vision. Local knowledge. Cisco Forum Kyiv Country Day Month Year

Global vision. Local knowledge. Cisco Forum Kyiv Country Day Month Year Global vision. Local knowledge. Cisco Forum Kyiv Country Day Month Year Firepower Next Generation Firewall Subtitle goes here William Young Security Solutions Architect, Global Security Architecture Team

More information

RSA NetWitness Suite Respond in Minutes, Not Months

RSA NetWitness Suite Respond in Minutes, Not Months RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations

More information

Trend Micro and IBM Security QRadar SIEM

Trend Micro and IBM Security QRadar SIEM Trend Micro and IBM Security QRadar SIEM Ellen Knickle, PM QRadar Integrations Robert Tavares, VP IBM Strategic Partnership February 19, 2014 1 Agenda 1. Nature of the IBM Relationship with Trend Micro

More information

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response INTRO PROTECT YOUR BUSINESS AND ITS DATA AGAINST ADVANCED ATTACKS Effective pre-compromise threat prevention is the cornerstone of cyber security,

More information

Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN)

Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN) Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN) JP Vasseur, PhD - Cisco Fellow jpv@cisco.com Maik G. Seewald, CISSP Sr. Technical Lead maseewal@cisco.com June 2016 Cyber

More information

Key Security Measures to Enable Next-Generation Data Center Transformation

Key Security Measures to Enable Next-Generation Data Center Transformation Key Security Measures to Enable Next-Generation Data Center Transformation Bill McGee Senior Manager, Security Solutions Cisco Systems, Inc. Agenda Data Center Security Challenges Secure DC Strategies

More information

Cisco Cyber Range. Paul Qiu Senior Solutions Architect June 2016

Cisco Cyber Range. Paul Qiu Senior Solutions Architect June 2016 Cisco Cyber Range Paul Qiu Senior Solutions Architect June 2016 What I hear, I forget What I see, I remember What I do, I understand ~ Confucius Agenda Agenda Cyber Range Highlights Cyber Range Overview

More information

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity Why is the NIST framework important? GOH Seow Hiong Executive Director, Global Policy & Government Affairs, Asia Pacific

More information

Simplify Technology Deployments

Simplify Technology Deployments Cisco Security Enterprise License Agreement: Simplify Technology Deployments The need for Pervasive Security Coverage Security measures can t be limited to certain areas of your business. Mobility has

More information

Managed Endpoint Defense

Managed Endpoint Defense DATA SHEET Managed Endpoint Defense Powered by CB Defense Next-gen endpoint threat detection and response DEPLOY AND HARDEN. Rapidly deploy and optimize endpoint prevention with dedicated security experts

More information

Threat Centric Network Security

Threat Centric Network Security BRKSEC-2056 Threat Centric Network Security Ted Bedwell, Principal Engineer Network Threat Defence Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this

More information

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT? WHAT IS FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT? While firewalls started life simply protecting networks from outside hacks and attacks, the role of the firewall has greatly evolved to take

More information

Seceon s Open Threat Management software

Seceon s Open Threat Management software Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real

More information

SIEM (Security Information Event Management)

SIEM (Security Information Event Management) SIEM (Security Information Event Management) Topic: SECURITY and RISK Presenter: Ron Hruby Topics Threat landscape Breaches and hacks Leadership and accountability Evolution of security technology What

More information

Fully Integrated, Threat-Focused Next-Generation Firewall

Fully Integrated, Threat-Focused Next-Generation Firewall Cisco Firepower NGFW Fully Integrated, Threat-Focused Next-Generation Firewall Fuat KILIÇ, fkilic@cisco.com, +905339284608 Security Consulting Systems Engineer, CCIE #21150 September 2016 Get ahead of

More information

Best Practices in Securing a Multicloud World

Best Practices in Securing a Multicloud World Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers

More information

IBM Security Network Protection Solutions

IBM Security Network Protection Solutions Systems IBM Security IBM Security Network Protection Solutions Pre-emptive protection to keep you Ahead of the Threat Tanmay Shah Product Lead Network Protection Appliances IBM Security Systems 1 IBM Security

More information

Proactive Approach to Cyber Security

Proactive Approach to Cyber Security Proactive roach to Cyber Security Jeffrey Neo Sales Director HP Enterprise Security Products Customers struggle to manage the security challenge Today, security is a board-level agenda item 2 Trends driving

More information

File Policies and Advanced Malware Protection

File Policies and Advanced Malware Protection The following topics provide an overview of file control, file policies, file rules, AMP cloud connections, and dynamic analysis connections. About, on page 1 File Control and Cisco AMP Basics, on page

More information

Visibility: The Foundation of your Cybersecurity Infrastructure. Marlin McFate Federal CTO, Riverbed

Visibility: The Foundation of your Cybersecurity Infrastructure. Marlin McFate Federal CTO, Riverbed Visibility: The Foundation of your Cybersecurity Infrastructure Marlin McFate Federal CTO, Riverbed Detection is Only One Part of the Story Planning and Remediation are just as critical 20 18 Hackers Went

More information

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.

More information

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS 10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND

More information

Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.

Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse. Sobering statistics The frequency and sophistication of cybersecurity attacks are getting worse. 146 >63% $500B $3.8M The median # of days that attackers reside within a victim s network before detection

More information

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect NOTHING IS WHAT IT SIEMs: COVER PAGE Simpler Way to Effective Threat Management TEMPLATE Dan Pitman Principal Security Architect Cybersecurity is harder than it should be 2 SIEM can be harder than it should

More information

IBM Next Generation Intrusion Prevention System

IBM Next Generation Intrusion Prevention System IBM Next Generation Intrusion Prevention System Fadly Yahaya SWAT Optimizing the World s Infrastructure Oct 2012 Moscow 2012 IBM Corporation Please note: IBM s statements regarding its plans, directions,

More information

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

The SANS Institute Top 20 Critical Security Controls. Compliance Guide The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise

More information

Are we breached? Deloitte's Cyber Threat Hunting

Are we breached? Deloitte's Cyber Threat Hunting Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the

More information

The Future of Threat Prevention

The Future of Threat Prevention The Future of Threat Prevention Bricata is the leading developer of Next Generation Intrusion Prevention Systems (NGIPS) technology, providing innovative, disruptive, high-speed, high-performance network

More information

Innovative Cisco Security- Lösungen für den Endpoint Das Alpha und Omega unsere Next Gen Security

Innovative Cisco Security- Lösungen für den Endpoint Das Alpha und Omega unsere Next Gen Security Innovative Cisco Security- Lösungen für den Endpoint Das Alpha und Omega unsere Next Gen Security Sven Kutzer Consulting Systems Engineer GSSO - CYBERSECURITY SALES Mittwoch, 7. März 2018 Challenges 2017

More information

Carbon Black PCI Compliance Mapping Checklist

Carbon Black PCI Compliance Mapping Checklist Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and

More information