We re ready. Are you?
|
|
- Everett Gilmore
- 5 years ago
- Views:
Transcription
1 We re ready. Are you?
2 Defense against Multi-Vector Threats with Cisco and Web Security Usman Din Consulting Systems Engineer
3 Agenda Threat Landscape and Web Solutions: Reputation Filtering Content Scanning Engines Advanced Malware Scanning Reporting and Analytics
4 Threat Landscape
5 Threat Landscape The number of CVE Entries in 2015 so far is 8147
6 Threat Landscape
7 Threat Landscape
8 Threat Landscape
9 Blended Threats Watering hole Spear phishing Dropper Approach Infect or inject a trusted site Target users through compromised links Deliver malware with stealth and self-deleting programs Tactic Conduct reconnaissance on a target Leverage social engineering Gain access via DLL injection, control firewalls, antivirus, etc Impact Deliver an exploit that will attack Deliver an exploit that will attack Compromises system control, personal data and authorization Threat vector
10 THREATS DON T GO AWAY, HOW DO WE ADDRESS IT?
11 Multi-Tiered Defense Cloud to Core Coverage Web: Reputation, URL Filtering, AVC End Point: Software ClamAV, Razorback, Moflow Cloud: FireAMP & ClamAV detection content Reputation, AntiSpam, Outbreak Filters Network: Snort Subscription Rule Set, VDB FireSIGHT Updates & Content, SEU/SRU Product Detection & Prevention Content Global Threat Intelligence Updates
12 Talos: Before, During and After Threat Intelligence I00I III0I III00II 0II00II I0I I000 0II0 00 0III000 II Cisco III000III0 I00I II0I III Talos Research Response III0 I00I II0I III00II 0II00II II0 00 0III000 III0I00II II II0000I II0 100I II0I III00II 0II00II I0I000 0II0 00 Endpoints Web Networks IPS Devices 1.6 million global sensors WWW 100 TB of data received per day 150 million+ deployed endpoints 600+ engineers, technicians, and researchers 35% worldwide traffic 13 billion web requests 24x7x365 operations 40+ languages ESA/WSA/CWS 1.1 million file samples per day AMP community Advanced Microsoft and industry disclosures Snort and ClamAV open source communities AMP TG Intelligence AEGIS program Private and public threat feeds 10 million files per month - AMP TG Dynamic analysis
13 Defending across the full attack continuum: Attack Continuum Before Discover Enforce Harden During Detect Block Defend After Scope Contain Remediate Reputation Filtering Acceptance Controls Signature, AV, Spam scanning URL Scanning File Reputation Continuous Retrospection Message Tracking File Sandboxing
14 Defending across the full attack continuum: Web Attack Continuum Before Discover Enforce Harden During Detect Block Defend After Scope Contain Remediate Web Reputation Filtering Acceptable Usage Controls Application Controls Malware scanning File Reputation File Sandboxing Continuous Retrospection Threat Analytics Reporting & Tracking
15 Deep Dive: Reputation Filtering
16 Deep Dive: and Web Reputation Spam Traps Complaint Reports IP Blacklists and Whitelists Geo-Location data Message Composition Data Global Volume Data Compromised Host Lists Domain Blacklist and Safelists Website Composition Data Other Data Host Data DNS Data Real-time insight into this data that allows us to see threats before anyone else in the industry to protect our customers IP Reputation Score
17 Using Reputation on the ESA Default Settings: Moderate Blocking Custom Settings: Aggressive Throttling Reputation Score determined when connection initiated Sender Groups and actions are defined by the administrator Reputation can block 80-90% connections on the ESA
18 Controlling Senders with Connection Throttling Throttling allows for mail to be delivered but not in excessive amounts Additional verification steps surrounding envelope sender and DNS can be enforced in throttle policies Reputation Score is used through out the workqueue process
19 Limiting Hosts and Senders Host and Envelope sender limits are extremely useful for protecting against mail storm attacks Sliding time windows allows for customized rate limiting Use exception tables for known / accepted bulk mail senders
20 Check those senders! DMARC, SPF and DKIM Use SPF to verify Identity Use DKIM to Authenticate Use DMARC to correlate the information from SPF and DKIM into an actionable policy
21 Using Reputation on Web
22 Web Reputation Analysis IP Reputation Score Who Where How When Suspicious Server in High example.com Example.org San London Beijing Kiev Jose Domain Owner Risk Location Dynamic IP HTTPS SSL Address Domain Web Server Registered < 1 Month > < 21 Month Year Min
23 Adaptive Scanning Dynamic Scanner Selection Cisco Talos HTML WSA HTML Sophos Adaptive Scanning McAfee HTML Webroot Reputation + Content Type + Scanner Selection = Adaptive Scanning
24 Adaptive Scanning Detail, Step 1: Analyze every object on a page & assign a risk score Object One - PDF Object Two - JPG +0.0 (low risk) +5.6 (safe) Object Three - JavaScript -5.3 (high risk) Scores below -6 automatically blocked Object Four - Flash -7.8 (very high risk - blocked)
25 Adaptive Scanning Detail, Step 2: Scans prioritized in order of risk Object One - PDF +0.0 (low risk) Chooses McAfee best for Flash Object Two - JPG +5.6 (safe) If CPU at low load, scans with all available scanners Object Three - JavaScript -5.3 (high risk) Looks at all licensed scanners, chooses Sophos best for Javascript Scores below -6 automatically blocked Object Four - Flash -7.8 (very high risk - blocked)
26 Reputation in action: Blocking Angler Nodes IP Infrastructure Only Unique IP s hosting Angler Daily Hosting Information Found 60%+ Angler activity for month at two providers Referrers Found Thousands of Different Referrers Malvertising Lots of top websites seen directing to Angler News Sites, Real Estate, Sports, Popular Culture Response: Published Community Rules for Front-End & Back-End Communication Blacklisted all servers Blacklisted all domains Working with Providers resulted in huge returns Exposed Largest Angler Actor Active on Internet Today
27 Deep Dive: Content Scanning
28 ESA: Anti-Spam Defense in Depth What Incoming mail good, bad, and unknown Cisco Talos Suspicious mail is rate limited and spam filtered Who Where Cisco Anti-Spam When How > 99% catch rate < 1 in 1 million false positives Known bad mail is blocked before it enters the network Choice of scanning engines to suit every customer s risk posture
29 Best in class Anti-Spam Efficacy Intelligence is key to best in class Efficacy Cisco ESA remembers and uses information from Reputation to enhance efficacy No vendor can block 100% Source: Opus1 2015
30 Evaluating URLs inside an Contains URL Web Rep and/or Web Cat Send to Cloud Rewrite URL Analysis Cisco Talos Defang BLOCKEDwww.playboy.comBLOCKED BLOCKEDwww.proxy.orgBLOCKED Replace This URL is blocked by policy
31 1 st Layer of Defense against malicious URLs WBRS directly integrated on the ESA in a Content Filter Can be defined as Condition or Action Combine WBRS and SBRS to provide a better way to use onbox intelligence
32 2 nd Layer of Defense against malicious URLs Link is clicked Website is clean Cisco Security Dynamic, real-time inspection via HTTP Cisco Talos Website is blocked The requested web page has been blocked Cisco and Web Security protects your organization s network from malicious software. Malware is designed to look like a legitimate or website which accesses your computer, hides itself in your system, and damages files.
33 And for files too Outbreak Filters Advantage Average lead time*: Over 13 hours Outbreaks blocked*: 291 outbreaks Total incremental protection*: Over 157 days Cisco Talos Dynamic Quarantine Virus Filter Advanced Malware Protection Outbreak Filters in Action Cloud Powered Zero-Hour Malware Detection Zero-Hour Virus and Malware Detection
34 WSA Real-Time Malware Scanning Dynamic Vectoring and Streaming Signature and Heuristic Analysis Heuristics Detection Identify Unusual Behaviors Antimalware Scanning Optimizes efficiency and catch rate with intelligent multiscanning Enhances coverage with multiple signature scanning engines Multiple Antimalware Scanning Engines Signature Inspection Identify Known Behaviors Parallel Scans, Stream Scanning Identifies encrypted malicious traffic by decrypting and scanning SSL traffic Improves user experience with parallel scanning for the fastest analysis Provides the latest coverage with automated updates
35 Real-Time Sandbox Analysis for Zero-Day Defense Real-Time Emulation
36 Layer 4 Traffic Monitor Packet and Header Inspection Network - Layer Analysis Internet Users Cisco S-Series Preventing Phone-Home Traffic Scans all traffic, all ports, all protocols Detects malware bypassing port 80 Prevents botnet traffic Powerful Antimalware Data Automatically updated rules Real-time rule generation using dynamic discovery
37 Content Scanning in action: Windows 10 Upgrade
38 Deep Dive: Advanced Malware
39 Cisco AMP Delivers a Better Approach Point-in-Time Protection Retrospective Security File Reputation, Sandboxing, and Behavioral Detection Continuous Analysis
40 Point-in-Time, Continuous, and Retrospective Security AMP enables you to know: where the threat started understand how it entered the system see everywhere it s been determine what it s done learn how to stop it. Policy AV 1 AMP File Reputation File Unknown 2 AMP Dynamic Malware Analysis OI Retrospective Incidents 3 AMP Cloud AMP Retrospection Know Where It All Started Understand How It Entered the System See Everywhere It Has Been Determine What It Has Done Learn How to Stop It
41 Accurate Threat Identification with File Reputation File Reputation One-to-One Identifies specific instances of malware with a signature-based approach Fuzzy Fingerprinting Automatically detects polymorphic variants of known malware Machine Learning Identifies new malware using statistical modeling and analytics engines Machine Learning Decision Tree Possible Malware Confirmed Malware Confirmed Clean File Collective User Base Collective User Base Possible clean file Confirmed Clean File Confirmed Clean File
42 Zero-Day Detection with Dynamic Malware Analysis Dynamic Malware Analysis Dynamic Analysis Analyzes unknown malware and assigns a threat score within minutes Advanced Analytics Works in tandem with One-to-One, fuzzy fingerprinting, and machine learning to identify malware that remains undetected Collective User Base AMP Dynamic Malware Analysis AMP Dynamic Malware Analysis Collective User Base
43 Incoming Traffic AMP Threat Grid Public Cloud Cisco AMP Client AMP Cloud Advanced malware analysis combined with deep threat analytics content in a single solution ESA or WSA AMP Connector Threat Grid API File Reputation update In-depth malware analysis and data pivoting capabilities Local AV Scanners Optional Threat Grid Appliance Threat Grid Cloud Robust API to integrate and automate sample submissions Automated threat intelligence feeds
44 AMP Threat Grid Low Prevalence Files Actionable AMP Threat threat Grid content platform and intelligence correlates is generated the sample that can be packaged result 00 with and integrated millions in to 00 a variety of other of existing samples systems and or Analyst or system (API) submits suspicious used billions independently. of artifacts Threat Score / Behavioral Indicators sample to Threat Grid Big Data Correlation Threat Feeds Actionable Intelligence AMP Threat Grid platform correlates the sample result with millions of other samples and billions of artifacts Proprietary techniques for static and dynamic analysis Outside looking in approach 350 Behavioral Indicators An automated engine observes, deconstructs, and analyzes using multiple techniques Sample and Artifact Intelligence Database Actionable threat content and intelligence is generated that can be utilized by AMP, or packaged and integrated into a variety of existing systems or used independently.
45 Get Insight on What and Where with Retrospection File Retrospection Analyze Monitor Identify 1 Performs analysis the first time a file is seen 2 Analyzes the file persistently over time to see if the disposition is changed 3 Gives unmatched visibility into the path, actions, or communications associated with a particular software
46 AMP Everywhere *AMP for Endpoints can be launched from AnyConnect Virtual AMP for Networks Windows OS Android Mobile MAC OS AMP for Endpoints AMP on Cisco ASA Firewall with FirePOWER Services AMP Advanced Malware Protection AMP Private Cloud Virtual Appliance AMP Threat Grid Malware Analysis + Threat Intelligence Engine Appliance or Cloud CWS AMP on Web and Security Appliances AMP for Cloud Web Security and Hosted
47 AMP in action: My Resume sent with an attached zip file that contains a resume (html) Through redirection, Cryptowall 3.0 is delivered after execution Protection provided via , Web and AMP
48 Deep Dive: Reporting & Analytics
49 Finding the needle in the haystack Message tracking is key tool to finding messages inbound and outbound on the appliances Messages can be filtered to look for specific criteria Use an Security Management Appliance (SMA) to consolidate tracking and reporting from multiple appliances
50 ESA Reporting API Introduced in version 9.0 Full REST based API for reporting data Results returned in JSON format Resource request (Health Status) Agent Auth Type Data returned in JSON
51 Web Interaction Tracking Enabling tracking of URLs rewritten by policy Filtering User A Rewritten URL: 2asyncfs.com Click Time: 09:23:25 12 Jan 2015 Re-write reason: Outbreak Action taken: Blocked User B Rewritten URL: 5asynxsf.com Click Time: 11:01:13 09 Mar 2015 Re-write reason: Policy Action taken: Allowed App 1 App 2 App 3 App 5 App 4 G App 6 App 7 Potentially Malicious URLs Rewritten URLs User C Rewritten URL: 8esynttp.com Click Time: 16:17:44 15 Jun 2015 Re-write reason: Outbreak Action taken: Blocked Monitor users from a single pane of glass
52 Drill Down Reporting Web Integration Tracking
53 AMP Reporting: Tracking Malware Block based on hash value Something changed with a file Files sent to the Sandbox AMP Blocks file based on changed disposition Ben s PC needs to be checked
54 Cisco Cloud Access Security In collaboration with??? Cloud Apps???????? Shadow IT Risk Assessment Report WSA Security Operations Center Audit Analyze & Control Detect Securlet IO IOI IO IOI 17 IO IOI IO IOI Gateway 54 Data Account User Audit Score Business Readiness Rating Shadow Data Risk Assessment StreamIQ ThreatScore Before During Protect Cloud SOC Policy IO IOI IO IOI IO IOI IO IOI ContentIQ Elastica CloudSOC Investigate IO IOI Reports & Analysis After
55 Cognitive Threat Analytics (CTA) Integration Reduced time to discovery Active, continuous monitoring to stop the spread of an attack Normal or not? Spots symptoms of infection using behavioral anomaly detection algorithms and trust modeling Security that learns Uses machine learning and big data analytics to learn from what it sees and adapt over time Behavior Analysis Machine Learning Anomaly Detection No more rule sets Discovers threats on its own just turn it on
56 Proxy Cognitive Threat Analytics As users go through a web proxy, access logs are generated Time IP URL User Agent 2: Mozilla ( 2: Mozilla ( 2: Chrome ( 2: Mozilla ( HTTP/HTTPS Cisco Cognitive Threat Analytics (CTA) HTTP/HTTPS Headers (meta data)
57 CTA Layered Processing Anomaly Detection Trust Modeling Classification Entity Modeling Relationship Modeling Cluster 1 Classifier X Classifier A Cluster 1 Threat Campaigns Cluster 3 Cluster 2 Classifier H Classifier Z Classifier K Classifier M Cluster 2 Cluster 3 10B requests per day +/- 1% is anomalous 10M events per day 1K-50K incidents per day Near real-time processing
58 C&C URLS
59 AMP ThreatGRID enriches CTA reports Key benefits C&C channels linked with threat artifacts Endpoint-level data Help define custom IoC
60 CTA Exports STIX / TAXII API Transform Poll Service CTA Incident STIX formatted CTA threat intelligence Adapter TAXII Log Adapter:
61 In Closing
62 Today s cyber-threat reality Your environment will get breached You ll most likely be infected via Hackers will likely command and control your environment via web
63 Cisco provides some of the best protection available No one can provide 100% protection 2015 NSS Breach Detection Report
64 The Reality We need to do better. It s not an option. It s a requirement. Now is the time. We re ready. Are you?
65 Thank you
66
67
Cisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017
Cisco Security Advanced Malware Protection Guillermo González Security Systems Engineer Octubre 2017 The New Security Model Attack Continuum Before During After Before Discover During Detect After Scope
More informationSecurity Experts Webinar
Security Experts Webinar Content Security Email and Web Fabio Panada Consulting Systems Engineer Security Mauro Pellicioli Systems Engineer May 2016 Content Security - Agenda Threat Landscape Cisco Approach
More informationCisco Advanced Malware Protection. May 2016
Cisco Advanced Malware Protection May 2016 The Reality Organizations Are Under Attack and Malware Is Getting in 95% of large companies targeted by malicious traffic 100% Cybercrime is lucrative, barrier
More informationAgile Security Solutions
Agile Security Solutions Piotr Linke Security Engineer CISSP CISA CRISC CISM Open Source SNORT 2 Consider these guys All were smart. All had security. All were seriously compromised. 3 The Industrialization
More informationCisco s Appliance-based Content Security: IronPort and Web Security
Cisco s Appliance-based Content Security: IronPort E-mail and Web Security Hrvoje Dogan Consulting Systems Engineer, Security, Emerging Markets East 2010 Cisco and/or its affiliates. All rights reserved.
More informationCisco Security Exposed Through the Cyber Kill Chain
Cisco Forschung & Lehre Forum für Mecklenburg Vorpommern Cisco Security Exposed Through the Cyber Kill Chain Rene Straube CSE, Cisco Advanced Threat Solutions January, 2017 The Cisco Security Model BEFORE
More informationCisco and Web Security News
Cisco Email and Web Security News Threat-centric email and web security Dragan Novakovic Security Consulting Systems Engineer dnovakov@cisco.com Email is still the #1 threat vector Phishing leaves businesses
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationSecure solutions for advanced threats
Secure solutions for advanced email threats Threat-centric email security Cosmina Calin Virtual System Engineer November 2016 Get ahead of attackers with threat-centric security solutions In our live Security
More informationCisco Cloud Security. How to Protect Business to Support Digital Transformation
Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years
More informationCisco Advanced Malware Protection against WannaCry
Cisco Advanced Malware Protection against WannaCry "A false sense of security is worse than a true sense of insecurity" Senad Aruc Consulting Systems Engineer Advanced Threats Group Nils Roald Advanced
More informationAdvanced Malware Protection: A Buyer s Guide
Advanced Malware Protection: A Buyer s Guide What You Will Learn This document will identify the essential capabilities you need in an advanced malware protection solution, the key questions you should
More informationSymantec Ransomware Protection
Symantec Ransomware Protection Protection Against Ransomware Defense in depth across all control points is required to stop ransomware @ Email Symantec Email Security.cloud, Symantec Messaging Gateway
More informationThe Internet of Everything is changing Everything
The Internet of Everything is changing Everything Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763 Global Security Sales Organization Changing Business Models Any Device
More informationModern attacks and malware
Modern attacks and malware Everything starts with an email and web Dragan Novakovic Cisco Systems New Cyber Threat Reality Your environment will get breached You ll most likely be infected via email Hackers
More informationSourcefire and ThreatGrid. A new perspective on network security
Sourcefire and ThreatGrid A new perspective on network security Agenda An overview of traditional IPS solutions Next-Generation IPS Requirements Sourcefire Next-Generation IPS Advanced Malware Protection
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview Organizations today are under the constant threat of cyber attack, and security breaches happen every day. Cisco Advanced Malware
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationProtection - Before, During And After Attack
Advanced Malware Protection for FirePOWER TM BENEFITS Continuous detection of malware - immediately and retrospectively Inline detection of sophisticated malware that evades traditional network protections
More informationSecurity Hands-On Lab
Email Security Hands-On Lab Ehsan A. Moghaddam Consulting Systems Engineer Nicole Wajer Consulting Systems Engineer LTRSEC-2009 Ehsan & Nicole Ehsan Moghaddam Consulting Systems Engineer @MoghaddamE EMEAR
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationInnovative Cisco Security- Lösungen für den Endpoint Das Alpha und Omega unsere Next Gen Security
Innovative Cisco Security- Lösungen für den Endpoint Das Alpha und Omega unsere Next Gen Security Sven Kutzer Consulting Systems Engineer GSSO - CYBERSECURITY SALES Mittwoch, 7. März 2018 Challenges 2017
More informationCisco AMP Solution. Rene Straube CSE, Cisco Germany January 2017
Cisco AMP Solution Rene Straube CSE, Cisco Germany January 2017 The AMP Everywhere Architecture AMP Protection Across the Extended Network for an Integrated Threat Defense AMP Threat Intelligence Cloud
More informationCisco Advanced Malware Protection for Endpoints. Donald J Case BizCare, Inc. Saturday, May 19, 2018
Cisco Advanced Malware Protection for Endpoints Donald J Case, Inc. Saturday, May 19, 2018 Every single attack that an organization experiences is either on an endpoint or it s headed there Malware is
More informationHow to build a multi-layer Security Architecture to detect and remediate threats in real time
How to build a multi-layer Security Architecture to detect and remediate threats in real time Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist March 2018 Agenda Cisco Strategy Umbrella
More informationChapter 1: Content Security
Chapter 1: Content Security Cisco Cloud Web Security (CWS) Cisco offers Cisco Cloud Web Security (CWS) to protect End Stations and Users devices from infection. Cisco Cloud Web Security (CWS) depends upon
More informationMcAfee Advanced Threat Defense
Advanced Threat Defense Detect advanced malware Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike
More informationAdvanced Malware Protection. Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe
Advanced Malware Protection Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe How would you do security differently if you knew you were going to be hacked? Security Challenges Changing
More informationIntelligent Cyber Security for Real World
Intelligent Cyber Security for Real World Simone Posti Security Account Manager Cisco GSSO June 2016 The Security Challenges Without integrated security, our data is at risk 60% of data is stolen in HOURS
More informationSymantec & Blue Coat Technical Update Webinar 29. Juni 2017
Avantec Blue Coat/Symantec Webinar Jean Marc Edder Senior Systems Engineer The Global Leader in Cyber Network + + Cloud Global market leader in Endpoint, Email, Data Loss Prevention and Website, User Authentication
More informationFirewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků
Firewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků Jiří Tesař, CSE Security, jitesar@cisco.com CCIE #14558, SFCE #124266 Mapping Technologies to the
More informationCisco Advanced Malware Protection for Networks
Data Sheet Cisco Advanced Malware Protection for Networks Product Overview Fighting malware effectively today requires new approaches, strategies, and technologies. Cisco Advanced Malware Protection (AMP)
More informationAMP for Endpoints & Threat Grid
AMP for Endpoints & Threat Grid Response & Prevention Dean De Beer & Eric Hulse BRKSEC-2029 AMP Threat Grid Malware Analysis Engines & Techniques A little background Malware Analysis & Threat Intelligence
More informationCisco Advanced Malware Protection for Networks
Data Sheet Cisco Advanced Malware Protection for Networks Product Overview Fighting malware effectively today requires new approaches, strategies, and technologies. Cisco Advanced Malware Protection (AMP)
More informationA New Security Model for the IoE World. Henry Ong SE Manager - ASEAN Cisco Global Security Sales Organization
A New Security Model for the IoE World Henry Ong SE Manager - ASEAN Cisco Global Security Sales Organization Internet of Everything The Internet of Everything brings together people, process, data and
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationCognitive Threat Analytics Tech update
Cognitive Threat Analytics Tech update Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting Systems Engineer, Cyber Security, Denmark CTA CTA CTA Cognitive Threat Analytics
More informationCisco Security Enterprise License Agreement
Cisco Security Enterprise License Agreement Deploy Software and Technology more easily The Cisco Security Enterprise Licensing Agreement (ELA) gives you a simpler way to manage your licenses. And it saves
More informationUn SOC avanzato per una efficace risposta al cybercrime
Un SOC avanzato per una efficace risposta al cybercrime Identificazione e conferma di un incidente @RSAEMEA #RSAEMEASummit @masiste75 Mauro Costantini - Presales Consultant Agenda A look into the threat
More informationThreat Centric Network Security
BRKSEC-2056 Threat Centric Network Security Ted Bedwell, Principal Engineer Network Threat Defence Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More informationCISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1
CISCO BORDERLESS NETWORKS 2009 Cisco Systems, Inc. All rights reserved. 1 Creating New Business Models The Key Change: Putting the Interaction Where the Customer Is Customer Experience/ Innovation Productivity/
More informationAutomated Response in Cyber Security SOC with Actionable Threat Intelligence
Automated Response in Cyber Security SOC with Actionable Threat Intelligence while its biggest weakness is lack of visibility: SOCs still can t detect previously unknown threats, which is a consistent
More informationSilverBlight. Craig Williams Sr. Technical Leader / Security Outreach Manager Cisco and/or its affiliates. All rights reserved.
SilverBlight Craig Williams Sr. Technical Leader / Security Outreach Manager 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 2014 Cisco and/or its affiliates. All rights reserved.
More informationCisco Security: Advanced Threat Defense for Microsoft Office 365
Cisco Email Security: Advanced Threat Defense for Microsoft Office 365 Microsoft Office 365 has become the standard productivity platform in organizations large and small around the world. It is a cost-effective
More informationCisco ASA 5500-X NGFW
Cisco ASA 5500-X NGFW Sieťová ochrana pre malé a stredné podniky pred modernými hrozbami Peter Mesjar CCIE 17428, Systémový Inžinier, Cisco What are we going to talk about Problem is THREATS How today
More informationEnabling AMP on Content Security Products (ESA/WSA) November 2016 Version 2.0. Bill Yazji
Enabling AMP on Content Security Products (ESA/WSA) November 2016 Version 2.0 Bill Yazji byazji@cisco.com C O N T E N T S E C U R I T Y A M P B E S T P R A C T I C E S Overview: The vast majority of threats,
More informationDetect Cyber Threats with Securonix Proxy Traffic Analyzer
Detect Cyber Threats with Securonix Proxy Traffic Analyzer Introduction Many organizations encounter an extremely high volume of proxy data on a daily basis. The volume of proxy data can range from 100
More informationFIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?
WHAT IS FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT? While firewalls started life simply protecting networks from outside hacks and attacks, the role of the firewall has greatly evolved to take
More informationDelivering Integrated Cyber Defense for the Cloud Generation Darren Thomson
Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582
More informationNetwork Visibility and Advanced Malware Protection. James Weathersby, Director Technical Marketing Gyorgy Acs, Consulting Security Engineer
Network Visibility and Advanced Malware Protection James Weathersby, Director Technical Marketing Gyorgy Acs, Consulting Security Engineer Security Challenges Changing Business Models Dynamic Threat Landscape
More informationVendor: Cisco. Exam Code: Exam Name: Implementing Cisco Threat Control Solutions. Version: Demo
Vendor: Cisco Exam Code: 300-207 Exam Name: Implementing Cisco Threat Control Solutions Version: Demo DEMO QUESTION 1 When learning accept mode is set to auto, and the action is set to rotate, when is
More informationwith Advanced Protection
with Advanced Email Protection OVERVIEW Today s sophisticated threats are changing. They re multiplying. They re morphing into new variants. And they re targeting people, not just technology. As organizations
More informationNext Generation IPS and Advance Malware Protection. Mahmoud Rabi Consulting Systems Engineer - Security
Next Generation IPS and Advance Malware Protection Mahmoud Rabi Consulting Systems Engineer - Security Threat Landscape and Attack Continuum Today s Real World: Threats are evolving and evading traditional
More informationCisco ASA with FirePOWER Services
Cisco ASA with FirePOWER Services TDM Thomas Jankowsky Consulting Systems Engineer May 2015 Introduction Industry s First Threat-Focused Next-Generation Firewall (NGFW) Proven Cisco ASA firewalling Industry-leading
More informationCisco Advanced Malware Protection
Cisco Advanced Malware Protection Security Webinar Nikos Mourtzinos, CCIE#9763 Cisco Security Product Sales Specialist October 2016 Agenda AMP Malware - Today s Reality Cisco AMP Solution Components &
More informationGladiator Incident Alert
Gladiator Incident Alert Allen Eaves Sabastian Fazzino FINANCIAL PERFORMANCE RETAIL DELIVERY IMAGING PAYMENT SOLUTIONS INFORMATION SECURITY & RISK MANAGEMENT ONLINE & MOBILE 1 2016 Jack Henry & Associates,
More informationIBM Security Network Protection Solutions
Systems IBM Security IBM Security Network Protection Solutions Pre-emptive protection to keep you Ahead of the Threat Tanmay Shah Product Lead Network Protection Appliances IBM Security Systems 1 IBM Security
More informationCisco Advanced Malware Protec3on
Cisco Advanced Malware Protec3on Malware is an ever- growing problem The Reality: Organiza3ons Are Under AAack 95% of large companies targeted by malicious traffic 100% of organiza3ons interacted with
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationAgenda: Insurance Academy Event
Agenda: Insurance Academy Event Drs Ing René Pluis MBA MBI Cyber Security Lead, Country Digitization Acceleration program the Netherlands The Hague, Thursday 16 November Introduction Integrated Security
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationSimplify Technology Deployments
Cisco Security Enterprise License Agreement: Simplify Technology Deployments The need for Pervasive Security Coverage Security measures can t be limited to certain areas of your business. Mobility has
More informationJuniper Sky Advanced Threat Prevention
Juniper Sky Advanced Threat Prevention Product Overview Juniper Sky Advanced Threat Prevention is a cloud-based service that provides complete advanced malware protection. Integrated with SRX Series Services
More informationCloud Security & Advance Threat Protection. Cloud Security & Advance Threat Protection
Cloud Email Security & Advance Threat Protection Cloud Email Security & Advance Threat Protection Overview Over the years Cyber criminals have become more inventive in their attack methods to infiltrate
More informationADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY
ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY OUTLINE Advanced Threat Landscape (genv) Why is endpoint protection essential? Types of attacks and how to prevent them
More informationAutomated Threat Management - in Real Time. Vectra Networks
Automated Threat Management - in Real Time Security investment has traditionally been in two areas Prevention Phase Active Phase Clean-up Phase Initial Infection Key assets found in the wild $$$$ $$$ $$
More informationJUNIPER SKY ADVANCED THREAT PREVENTION
Data Sheet JUNIPER SKY ADVANCED THREAT PREVENTION Product Overview Juniper Sky Advanced Threat Prevention is a cloud-based service that provides complete advanced malware protection. Integrated with SRX
More informationPassit4Sure (50Q) Cisco Advanced Security Architecture for System Engineers
Passit4Sure.500-265 (50Q) Number: 500-265 Passing Score: 800 Time Limit: 120 min File Version: 5.8 Cisco 500-265 Advanced Security Architecture for System Engineers Today is big day for me as I passed
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect
Cisco Cyber Range Paul Qiu Senior Solutions Architect Cyber Range Service A platform to experience the intelligent Cyber Security for the real world What I hear, I forget What I see, I remember What I
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST \ http://www.pass4test.com We offer free update service for one year Exam : 300-207 Title : Implementing Cisco Threat Control Solutions (SITCS) Vendor : Cisco Version : DEMO Get Latest & Valid
More informationCisco Threat Grid Integrations with Web, and Endpoint Security
Cisco Threat Grid Integrations with Web, Email and Endpoint Security Moritz Wenz, Manager Systems Engineering, Advanced Threat Solutions Rene Straube, Consulting Systems Engineer, Advanced Threat Solutions
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationProteggere Office365 e Cloud file sharing in meno di un minuto Tiberio Molino Sr.Sales Engineer Trend Micro
Proteggere Office365 e Cloud file sharing in meno di un minuto Tiberio Molino Sr.Sales Engineer Trend Micro 2 Customer Challenges 3 Most Attacks Include Phishing Emails 5 Advanced Malware Difficult to
More informationFully Integrated, Threat-Focused Next-Generation Firewall
Cisco Firepower NGFW Fully Integrated, Threat-Focused Next-Generation Firewall Fuat KILIÇ, fkilic@cisco.com, +905339284608 Security Consulting Systems Engineer, CCIE #21150 September 2016 Get ahead of
More informationBarracuda Advanced Threat Protection. Bringing a New Layer of Security for . White Paper
Barracuda Advanced Threat Protection Bringing a New Layer of Security for Email White Paper Evolving Needs for Protection Against Advanced Threats IT security threats are constantly evolving and improving,
More informationHow Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity
How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity Why is the NIST framework important? GOH Seow Hiong Executive Director, Global Policy & Government Affairs, Asia Pacific
More informationAdvanced Threat Protection Buyer s Guide GUIDANCE TO ADVANCE YOUR ORGANIZATION S SECURITY POSTURE
Advanced Threat Protection Buyer s Guide GUIDANCE TO ADVANCE YOUR ORGANIZATION S SECURITY POSTURE 1 Advanced Threat Protection Buyer s Guide Contents INTRODUCTION 3 ADVANCED THREAT PROTECTION 4 BROAD COVERAGE
More informationAnalyzing Huge Data for Suspicious Traffic. Christian Landström, Airbus DS
Analyzing Huge Data for Suspicious Traffic Christian Landström, Airbus DS Topics - Overview on security infrastructure - Strategies for network defense - A look at malicious traffic incl. Demos - How Wireshark
More informationOffice 365 Buyers Guide: Best Practices for Securing Office 365
Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationThe Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy
The Next Generation Security Platform Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy The Next Generation Enterprise Security Platform Core Value Proposition An Enterprise Security
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationFile Reputation Filtering and File Analysis
This chapter contains the following sections: Overview of, page 1 Configuring File Reputation and Analysis Features, page 5 File Reputation and File Analysis Reporting and Tracking, page 14 Taking Action
More informationImplementing Cisco Edge Network Security Solutions ( )
Implementing Cisco Edge Network Security Solutions (300-206) Exam Description: The Implementing Cisco Edge Network Security (SENSS) (300-206) exam tests the knowledge of a network security engineer to
More informationTHE ACCENTURE CYBER DEFENSE SOLUTION
THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly
More informationDATA SHEET RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE.
RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE. KEY CUSTOMER BENEFITS: Gain complete visibility into all endpoints, regardless of whether they are on or off the
More informationMODERN DESKTOP SECURITY
MODERN DESKTOP SECURITY I M GOING TO BE HONEST. WE RE IN THE FIGHT OF OUR DIGITAL LIVES, AND WE ARE NOT WINNING! M I C H A E L M C C A U L, C H A I R M A N, U S H O M E L A N D S E C U R I T Y C O M M
More informationFidelis Overview. ISC 2 DoD and Industry Forum. Rapid Detection and Automated Incident Response DoD & Commercial Active Defense Use Cases
Fidelis Overview ISC 2 DoD and Industry Forum Rapid Detection and Automated Incident Response DoD & Commercial Active Defense Use Cases Vince Holtmann-Cyber Subject Matter Expert Vincent.Holtmann@fidelissecurity.com
More informationOn the Surface. Security Datasheet. Security Datasheet
Email Security Datasheet Email Security Datasheet On the Surface No additional hardware or software required to achieve 99.9%+ spam and malware filtering effectiveness Initiate service by changing MX Record
More informationYes, You can protect your endpoints! Szilard Csordas, Security Consultant scsordas [at] cisco.com
Yes, You can protect your endpoints! Szilard Csordas, Security Consultant scsordas [at] cisco.com Endpoint Footprint Problem: TOO MANY AGENTS! Anti-Virus/Anti-Spyware agent IPSec/SSLVPN agent Host IPS/FW
More informationCyber Security. Our part of the journey
Cyber Security Our part of the journey The Journey Evolved Built on the past Will be continued Not always perfect Small Steps moving forward The Privileged How to make enemies quickly Ask before acting
More informationReduce Your Network's Attack Surface
WHITE PAPER Reduce Your Network's Attack Surface Ixia's ThreatARMOR Frees Up Security Resources and Personnel The Threat Landscape When you re dealing with network security, one of the primary measurements
More informationThreat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ
Threat Containment and Operations Yong Kwang Kek, Director of Presales SE, APJ 2018-07-19 1 1 2017 Infoblox Inc. All Rights 2013 Infoblox Inc. All Reserved. Rights Reserved. Three Aspects of Security #1
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationSelftestengine q
Selftestengine 700-281 49q Number: 700-281 Passing Score: 800 Time Limit: 120 min File Version: 18.5 http://www.gratisexam.com/ 700-281 Web Security for Field Engineers Still Valid in Egypt, Passed today
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More information