Security Experts Webinar

Similar documents
Cisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017

Modern attacks and malware

We re ready. Are you?

Cisco s Appliance-based Content Security: IronPort and Web Security

Cisco Security Exposed Through the Cyber Kill Chain

Cisco and Web Security News

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Cisco Advanced Malware Protection. May 2016

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Passit4Sure (50Q) Cisco Advanced Security Architecture for System Engineers

The Internet of Everything is changing Everything

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Agile Security Solutions

Secure solutions for advanced threats

Innovative Cisco Security- Lösungen für den Endpoint Das Alpha und Omega unsere Next Gen Security

CloudSOC and Security.cloud for Microsoft Office 365

How to build a multi-layer Security Architecture to detect and remediate threats in real time

Symantec Ransomware Protection

Chapter 1: Content Security

Cisco Advanced Malware Protection against WannaCry

Consumerization. Copyright 2014 Trend Micro Inc. IT Work Load

SilverBlight. Craig Williams Sr. Technical Leader / Security Outreach Manager Cisco and/or its affiliates. All rights reserved.

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

A New Security Model for the IoE World. Henry Ong SE Manager - ASEAN Cisco Global Security Sales Organization

Cisco Security: Advanced Threat Defense for Microsoft Office 365

Cognitive Threat Analytics Tech update

Sourcefire and ThreatGrid. A new perspective on network security

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

Agenda: Insurance Academy Event

Cisco Security Appliances

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

File Reputation Filtering and File Analysis

McAfee Advanced Threat Defense

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Simplify Technology Deployments

Proteggere Office365 e Cloud file sharing in meno di un minuto Tiberio Molino Sr.Sales Engineer Trend Micro

Cisco Advanced Malware Protec3on

Cisco AMP Solution. Rene Straube CSE, Cisco Germany January 2017

Cisco Advanced Malware Protection for Endpoints

Office 365 Buyers Guide: Best Practices for Securing Office 365

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Firewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků

Seceon s Open Threat Management software

Cisco Security Enterprise License Agreement

Un SOC avanzato per una efficace risposta al cybercrime

with Advanced Protection

MODERN DESKTOP SECURITY

Stopping Advanced Persistent Threats In Cloud and DataCenters

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Cisco Ransomware Defense The Ransomware Threat Is Real

Protection - Before, During And After Attack

Selftestengine q

Symantec Protection Suite Add-On for Hosted Security

Intelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales

SandBlast Agent FAQ Check Point Software Technologies Ltd. All rights reserved P. 1. [Internal Use] for Check Point employees

Security Hands-On Lab

Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE

Threat Centric Network Security

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

Building Resilience in a Digital Enterprise

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

Vendor: Cisco. Exam Code: Exam Name: Implementing Cisco Threat Control Solutions. Version: Demo

Cisco ASA Next-Generation Firewall Services

McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks

Compare Security Analytics Solutions

2018 Edition. Security and Compliance for Office 365

Cisco AnyConnect Secure Mobility & VDI Demo Guide

Avanan for G Suite. Technical Overview. Copyright 2017 Avanan. All rights reserved.

2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1

Network Visibility and Advanced Malware Protection. James Weathersby, Director Technical Marketing Gyorgy Acs, Consulting Security Engineer

IBM Security Network Protection Solutions

Advanced Malware Protection: A Buyer s Guide

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

Behavioral Analytics A Closer Look

Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN)

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Total Threat Protection. Whitepaper

Cisco Advanced Malware Protection for Networks

Security and Compliance for Office 365

Implementing Cisco Edge Network Security Solutions ( )

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Cisco Advanced Malware Protection for Endpoints. Donald J Case BizCare, Inc. Saturday, May 19, 2018

Fully Integrated, Threat-Focused Next-Generation Firewall

Trend Micro and IBM Security QRadar SIEM

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Product Guide. McAfee Web Gateway Cloud Service

Juniper Sky Advanced Threat Prevention

Product Guide. McAfee Web Gateway Cloud Service

JUNIPER SKY ADVANCED THREAT PREVENTION

File Policies and AMP for Firepower

Cisco ASA with FirePOWER Services

OPSWAT Metadefender. Superior Malware Threat Prevention and Analysis

An Investment Checklist

Cisco Advanced Malware Protection for Networks

Transcription:

Security Experts Webinar Content Security Email and Web Fabio Panada Consulting Systems Engineer Security Mauro Pellicioli Systems Engineer May 2016

Content Security - Agenda Threat Landscape Cisco Approach to modern threats Web Security Email Security Q&A

Threat Landscape

Attack surface - email Attackers: A growing appetite to leverage targeted phishing campaigns SPAM up 250% Example: Snowshoe SPAM attack Email morphing

Attack surface web browsers More than 85% of the companies studied were affected each month by malicious browser extensions

Attack surface user error on web Users becoming complicit enablers of attacks Untrustworthy sources Clickfraud and Adware Outdated browsers 10% 64% vs IE requests running latest version Chrome requests running latest version

Exploit Kits, e.g. Cryptowall version 4 CRYPTOWALL 4.0 Notorious ransomware Version 1 first seen in 2014 Distributed via Exploitkits and Phishing Emails Fast Evolution

Web and email are portable Mobile Coffee shop Corporate Home Airport

Sample attacking: Joe CFO Joe is now infected Joe opens the link and the resort video plays. Although he doesn t know it, Joe s machine has been compromised by a Silverlight based video exploit. The malware now starts to harvest Joe s confidential information: Passwords Credentials Company access authorizations

The Attack Continuum BEFORE Discover Enforce Harden DURING Detect Defend AFTER Scope Contain Remediate Network Endpoint Mobile Virtual Cloud X Threat IntelligencePoint in Time Continuous

Cloud to Core Coverage 18.5 BILLION AMP queries a day END POINT: Software ClamAV, Razorback, Moflow 16 BILLION web requests a day WEB: Reputation, URL Filtering, AVC CLOUD: FireAMP & ClamAV detection content 300 BILLION email messages a day EMAIL: Reputation, AntiSpam, Outbreak Filters

Cisco Email Security Integration with Threat Intelligence Built on Outstanding Collective Security Analytics I00I III0I III00II 0II00II I0I000 0110 00 10I000 0II0 00 0III000 II1010011 101 1100001 110 Cisco 110000III000III0 I00I II0I III0011 0110011 101000 0110 00 Cisco SIO Email Endpoints Web Networks IPS Devices 1.6 million global sensors WWW 100 TB of data received per day 150 million+ deployed endpoints 600+ engineers, technicians, and researchers 35% worldwide email traffic 13 billion web requests 24x7x365 operations 40+ languages Cisco Sourcefire 1100001110001III0 I00I II0I III00II 0II00II 101000 0110 00 101000 0II0 00 0III000 III0I00II II II0000I II0 100I II0I III00II 0II00II I0I000 0II0 00 Talos Cisco ESA AMP Advanced Malware Protection VRT (Vulnerability Research Team) 180,000+ File Samples per Day Cisco AMP Community Advanced Microsoft and Industry Disclosures Snort and ClamAV Open Source Communities Honeypots Sourcefire AEGIS Program Private and Public Threat Feeds Dynamic Analysis

Email Security

Cisco Email Security Threat Defense Complete Inbound Protection Before Discover Enforce Harden During Detect Defend After Scope Contain Remediate Cisco Talos SenderBase Reputation Filtering Drop Antispam Drop/Quarantine Antivirus Drop/Quarantine Advanced Malware Protection (AMP) Drop/Quarantine Graymail Detection Rewrite Outbreak Filters Quarantine/Rewrite Real-Time URL Analysis Deliver Quarantine Rewrite URLs Drop

Cisco Email Reputation Database Before Discover Enforce Harden During Detect Defend After Scope Contain Remediate Threat Intelligence Over 1.6 million global devices Historical library of 40,000 threats Spam Traps Complaint Reports IP Blacklists and Whitelists 35% of global email traffic seen per day 13 billion+ worldwide web requests seen per day 200+ parameters tracked Message Composition Data Compromised Host Lists Website Composition Data Multivector visibility Benefits 360-degree dynamic threat visibility Understanding of vulnerabilities and exploit technologies Global Volume Data Domain Blacklist and Safelists Other Data Visibility into highest threat vehicles Latest attack trends and techniques IP Reputation Score -10 0 +10

Antispam Processing Defense in Depth Before Discover Enforce Harden During Detect Defend After Scope Contain Remediate Intelligent multiscan (IMS) Cisco Antispam Engine What Cisco Antispam Engine Antispam Engine B Incoming mail good, bad, and unknown email SBRS Powered by Cisco SIO Mail Policies Normal mail is spam filtered Suspicious emails are rate limited and spam filtered Who Where Cisco Anti-Spam When How Antispam Engine (Future) Whitelist is spam filtered Known bad email is blocked before entering the network URL reputation and context used in scoring > 99% catch rate < 1 in 1 million false positives

Antispam Architecture Marketing Message Detection Before Discover Enforce Harden During Detect Defend After Scope Contain Remediate Privacy Policy At Buy.com, your privacy is a top priority. Please read our privacy policy details. All information collected from you will be shared with Buy.com and its affiliate companies.

URL Defense Integrated Email and Web Security Before Discover Enforce Harden During Detect Defend After Scope Contain Remediate Email Contains URL Cisco Talos Rewrite Send to Cloud Defang/ BLOCKEDwww.playb oy.comblocked BLOCKEDwww.prox y.orgblocked Replace This URL is blocked by policy URL Reputation and Categorization

Antivirus Defense in Depth Before Discover Enforce Harden During Detect Defend After Scope Contain Remediate Antispam Engines Antivirus Engines Cisco Anti-Spam Choice of Antivirus Engines Sophos McAfee Or both Sophos and McAfee

Cisco Zero-Hour Malware Protection Advanced Malware Protection Before Discover Enforce Harden During Detect Defend After Scope Contain Remediate Cisco AMP integration Reputation update File Reputation File Sandboxing Known file reputation Advanced Malware Protection Unknown files are uploaded for sandboxing (archived, Windows PE, PDF, MS Office) Outbreak Filters

Cisco Zero-Hour Malware Protection Cisco AMP Retrospective Alerts Before Discover Enforce Harden During Detect Defend After Scope Contain Remediate Retrospective alerts and reports Give updates on files that have passed through the system Alert administrators to files that have changed disposition Inform you of files that had delayed payloads or other techniques designed to bypass sandboxing Collective Security Intelligence Event History Retrospection = Continuous Advanced Threat Protection

DLP and Compliance Standalone or Part of a Comprehensive DLP Solution Before Discover Enforce Harden During Detect Defend After Scope Contain Remediate Accurate, Easy, and Extensible On-Box RSA DLP Engine Data-Loss Prevention Integrated with RSA Enterprise DLP Email Uptime Risk-Policy Definition Threat Prevention Email Scanning Policy Enforcement Incidents Policies Advanced Incident Workflow Fingerprinting

Rate Limiting Outbound Rate Limit per Mail from Before Discover Enforce Harden During Detect Defend After Scope Contain Remediate Receive alerts identifying high-volume possibly infected senders Rate limit can be set higher for senders such as marketing or customer help desk Users can send up to 100 mails per hour 1-100 Emails 101-1000 Emails Malicious Sender Known High- Volume Sender Typical User! Policy! Administrator can set rate limit for individual senders Admin Alert admin when limit is hit

Cisco Envelope Encryption Easy for the Sender Before Discover Enforce Harden During Detect Defend After Scope Contain Remediate Cisco Email Security Appliance Message Key Sender Controls Recipient Automated key management No desktop software requirements Send transparently to any email address Encryption triggered by + keywords policies senders recipients etc.

And Easy for the Recipient Before Discover Enforce Harden During Detect Defend After Scope Contain Remediate Cisco Registered Envelope Service Corporate Credentials (opt) 1 2 3 Open attachment Confirm identity View message

Flexible Deployment Options Industry-Leading, Best-in-Class Email Protection at the Gateway On Premises Cloud Deployment Options Appliance Virtual Hybrid Hybrid Cloud Managed Multidevice Support Desktop Mobile Laptop Cloud Tablet

Web Security

Web Pages Contain Hidden Threats Flash Java JPG PDF Script.exe Etc. Potential Threats

Loss of Productivity Is Also a Threat How Much Bandwidth and Time Is Being Wasted on Web 2.0 Every Day? Facebook YouTube Pandora Option Facebook time: 2,110,516 minutes or 35,175 hours, 1465 days, 4.1 years Number of Facebook likes: 3,925,407 at 1 second a like; that s almost 1100 hours per day or 45 days just liking things Bytes on YouTube video playback: 11,344,463,363,245 or 10 TB Pandora: 713,884,303,727 or.6 TB Total browse time for the day: 2,270,690,423 or 4320 years Total bytes for the day: 70,702,617,989,737 or 64 TB or 15% from YouTube Source: Cloud Web Security Report

Talos Cisco Web Security Appliance (WSA) Before During Appliance After Virtual Web Reputation Web Filtering Application Visibility and Control Cloud Access Security Parallel AV Scanning File Reputation Data-Loss Prevention File Sandboxing Cognitive Threat Analytics* www Client Authentication Technique File Retrospection Cisco ISE X X X X X X X Traffic Redirections WCCP Load Balancer Explicit/PAC PBR AnyConnect Client www www www HQ Admin Management Reporting Log Extraction Campus Office Branch Office Roaming User Allow Warn Partial * Roadmap feature: Projected release 2H CY15

Reputation Analysis The Power of Real-Time Context BEFORE Discover Enforce Harden DURING Detect Defend AFTER Scope Contain Remediate -10-9 -8-7 -6-5 -4-3 -2-1 0 1 2 3 4 5 6 7 8 9 10 IP Reputation Score Who Where How When Suspicious Server in High example.com Example.org 192.1.0.68 17.0.2.12 San London Beijing Kiev Jose Domain Owner Risk Location Dynamic IP HTTPS SSL Address Web Domain Server Registered Less Than < > < 1 2 Month 1 Year Min 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0101 1100110 1100 111010000 110 0001110 00111 010011101 11000 0111 0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100 010 010 10010111001 10 100111 010 00010 0101 110011 011 001 110100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000

Cisco Web Usage Controls URL Filtering and Dynamic Content Analysis BEFORE Discover Enforce Harden DURING Detect Defend AFTER Scope Contain Remediate WWW WWW Allow WWW Warn If Unknown, the Page Is Analyzed URL Database If Known WWW 1. Scans text 2. Scores relevancy 3. Calculates model document proximity 4. Returns closest category match Finance Adult Health Finance Adult Health 5. Enforces policy WWW Allow WWW WWW Partial Warn WWW

Acceptable Use Controls for Today s Web Reduce Disruptions from Distracted Users URL Filtering Application Visibility and Control (AVC) 1000+ Apps Control over collaborative and Web 2.0 applications http:// URL database covers over 50 million sites worldwide Real-time dynamic categorization for unknown URLs + 150,000+ Micro-Apps Application Behavior Policy control over which apps can be used by which users and devices Granular enforcement of behaviors within applications Visibility of activity across the network

Time and Volume Quotas Intelligent Controls of Bandwidth Usage Time and volume quotas allow WSA administrators to configure polices to restrict access based on amount of data (in bytes) and time Quotas are applicable to HTTP, HTTPS, and FTP traffic Can be configured under access policies and decryption policies Can be configured with time ranges to apply them for specific periods of time Quotas are reset daily; the reset time is configurable When more than one quota is applicable the most restrictive quota applies Quotas are applied per user; when user identity is not available they are applied per IP address

Cisco AMP Delivers a Better Approach BEFORE Discover Enforce Harden DURING Detect Defend AFTER Scope Contain Remediate Point-in-Time Protection Retrospective Security File Reputation, Sandboxing, and Behavioral Detection Continuous Analysis Unique to Cisco AMP

Improve the Accuracy of Threat Identification with File Reputation BEFORE Discover Enforce Harden DURING Detect Defend AFTER Scope Contain Remediate File Reputation One-to-One Identifies specific instances of malware with a signature-based approach Fuzzy Fingerprinting Automatically detects polymorphic variants of known malware Machine Learning Identifies new malware using statistical modeling and analytics engines AMP Collective User Base File Reputation AMP Dynamic Malware Analysis CTA Layer 1 Collective User Base Anomaly detection Trust modeling CWS PREMIUM CTA Layer 2 Event classification Machine Learning Decision Tree Possible Malware Possible clean file Entity modeling Confirmed Malware Confirmed Clean File Confirmed Clean File Confirmed Clean File CTA Layer 3 Relations File Retrospection

Get Insight on What a File Has Done and Where It Has Been with File Retrospection File Retrospection BEFORE Discover Enforce Harden DURING Detect Defend AFTER Scope Contain Remediate Analyze Monitor Identify AMP File Reputation AMP Dynamic Malware Analysis CTA Layer 1 Anomaly detection Trust modeling CWS PREMIUM CTA Layer 2 Event classification Entity modeling CTA Layer 3 Relations File Retrospection 1 Performs analysis the first time a file is seen 2 Analyzes the file persistently over time to see if the disposition is changed 3 Gives unmatched visibility into the path, actions, or communications associated with a particular software

Incoming Traffic AMP Threat Grid Feeds Dynamic Malware Analysis and Threat Intelligence to the Cisco AMP Solution BEFORE Discover Enforce Harden DURING Detect Defend AFTER Scope Contain Remediate Public Cloud Web Security Cisco AMP Client AMP Cloud Advanced malware analysis combined with deep threat analytics content in a single solution Web Proxy AMP Connector Threat Grid API File Reputation update In-depth malware analysis and data pivoting capabilities Local AV Scanners Optional Threat Grid Appliance Threat Grid Cloud Robust API to integrate and automate sample submissions Automated threat intelligence feeds

Easily Identify and Prioritize threats Easy-to-understand Threat Scores guide decision making 450+ behavioral indicators (and growing) Malware families, malicious behaviors, and more Detailed description and actionable information Prioritize threats with confidence Enhance SOC analyst and IR knowledge and effectiveness (and security product)

How CTA Analyzes a Threat BEFORE Discover Enforce Harden DURING Detect Defend AFTER Scope Contain Remediate Attacker Techniques: Domain Generation Algorithm (DGA) 0 Domain Age: 2 Weeks - Active Channels Data Tunneling via URL (C&C) DGA DGA Domain Age: 3 Hours - WSA Proxy Webrep DGA Domain Age: 1 Day DGA C&C 0 Domain Age: 2 Weeks AV C&C +

Data Loss Prevention Reduce Risk of Sensitive Information Leaks Basic DLP CWS Cloud Basic DLP WSA On-Premises Advanced DLP Enterprise DLP Integration through ICAP protocol WSA + DLP Vendor Box

Redirect Roaming Users to Premises and Cloud Cisco AnyConnect Secure Mobility Client Web Users Cisco AnyConnect Client Web Traffic Redirection Web Security Location BEFORE Discover Enforce Harden DURING AFTER Detect Scope Contain Defend Remediate Delivers Verdict Roaming Laptop Users Client Installed on Machine VPN ACWS Routes Traffic Through SSL Tunnel Directly to Closest Cisco Cloud Proxy CWS Applies Web Security Features WWW Allow WWW Roaming Laptop, Mobile, or Tablet User VPN Backhauls Traffic Through VPN Tunnel to HQ Warn WWW Router or Firewall Router or firewall Reroutes re-route traffic Traffic to to WSA WSA or or CWS CWS WSA Applies Web Security Features

Extend User Identity and Context Who: Doctor What: Laptop Where: Office Identity Services Engine Integration Acquires important context and identity from the network Who: Doctor What: ipad Where: Office Who: Guest What: ipad Where: Office Cisco Identity Services Engine Consistent Secure Access Policy WSA Confidential Patient Records Internal Employee Intranet Monitors and provides visibility into unauthorized access Provides differentiated access to the network Cisco TrustSec provides segmentation throughout the network Cisco Web Security Appliance provides web security and policy enforcement Internet Available only on WSA

Centralized Management and Reporting Complete Solution for On-Premises or Cloud Deployment Centralized Management Centralized Reporting Centralized Policy Management Delegated Administration In-Depth Threat Visibility Extensive Forensic Capabilities Insight Across Threats, Data, and Applications Control Consistent Policy Across Offices and for Remote Users Analyze, Troubleshoot, and Refine Security Policies Visibility Visibility Across Different Devices, Services, and Network Layers

With unified reporting and policy management Unified Reporting Unified Policies Roaming user HQ Roaming user HQ WSA WSA Web Security Reporting Application Cloud Web Security Graphical User Interface

Flexible Deployment Options On- and Off-Premises On-Premises Cloud Deployment Options Appliance Virtual Next-Generation Firewall Cloud Connectors and Redirects Router Firewall Roaming Router Firewall Appliance Roaming Client Options Implicit Explicit Implicit Explicit

Call to Action Trial version WSA/CWS/CTA ESA/CES 45 days try and buy Ask your Cisco Sales Rep

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback