Cisco Cyber Range. Paul Qiu Senior Solutions Architect June 2016

Similar documents
Cisco Cyber Range. Paul Qiu Senior Solutions Architect

Nebraska CERT Conference

Cybersecurity: Incident Response Short

Advanced Malware Protection. Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe

Cisco ASA 5500-X NGFW

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Cisco Security Exposed Through the Cyber Kill Chain

Key Security Measures to Enable Next-Generation Data Center Transformation

Cyber Security Technologies

External Supplier Control Obligations. Cyber Security

Aby se z toho bezpečnostní správci nezbláznili Cisco security integrace. Milan Habrcetl Cisco CyberSecurity Specialist Mikulov, 5. 9.

Cisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017

The Internet of Everything is changing Everything

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

locuz.com SOC Services

Security by Default: Enabling Transformation Through Cyber Resilience

NEN The Education Network

Compare Security Analytics Solutions

Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN)

Defining cybersecurity.

Technology Risk Management and Information Security A Practical Workshop

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

CYBER RESILIENCE & INCIDENT RESPONSE

Cyber Security Program

The Evolution of : Continuous Advanced Threat Protection

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

SECURITY SERVICES SECURITY

Managed Security Services - Endpoint Managed Security on Cloud

Security Challenges and

IoT & SCADA Cyber Security Services

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

Schedule document N4MDM. PUBLIC Node4 limited 31/11/2018. Node4 Limited Millennium Way Pride Park Derby DE24 8HZ

Netwrix Auditor. Visibility platform for user behavior analysis and risk mitigation. Mason Takacs Systems Engineer

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

align security instill confidence

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

Cyber Criminal Methods & Prevention Techniques. By

Intelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

QUARTERLY TRENDS AND ANALYSIS REPORT

Cybersecurity Overview

BUILDING AND MAINTAINING SOC

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

An Investment Checklist

Cisco Advanced Malware Protection. May 2016

Information Security Controls Policy

CCNA Cybersecurity Operations 1.1 Scope and Sequence

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

SCHEDULE DOCUMENT N4MDM PUBLIC NODE4 LIMITED 13/07/2017. Node4 Limited Millennium Way Pride Park Derby DE24 8HZ

CCISO Blueprint v1. EC-Council

ForeScout Extended Module for Splunk

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

New Zealand National Cyber Security Centre Incident Summary

Firewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků

CloudSOC and Security.cloud for Microsoft Office 365

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

Designing and Building a Cybersecurity Program

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Gujarat Forensic Sciences University

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

CYBER CAMPUS KPMG BUSINESS SCHOOL THE CYBER SCHOOL FOR THE REAL WORLD. The Business School for the Real World

Expert Reference Series of White Papers. Cisco Completes the Security Picture with Sourcefire

Canada Life Cyber Security Statement 2018

Proactive Approach to Cyber Security

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

TRUE SECURITY-AS-A-SERVICE

Data Center Security. Fuat KILIÇ Consulting Systems

Vendor Overview This is is the go to value-added distributor that accelerates market entry and growth for innovative cybersecurity, networking and inf

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Certified Cyber Security Specialist

IMPACT Global Response Centre. Technical Note GLOBAL RESPONSE CENTRE

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

Information Security Controls Policy

Getting over Ransomware - Plan your Strategy for more Advanced Threats

Co-operation against cybercrime CSIRTs LE private sector

RSA NetWitness Suite Respond in Minutes, Not Months

Incident Response Services

Cyber Analyst Academy. Closing the Cyber Security Skills Gap.

Stakeholders Analysis

CYBER SECURITY TRAINING

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

Wireless and Network Security Integration Solution Overview

Security Architecture

Cyber security - why and how

Cisco Secure Access Control

2016 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG

Security Principles for Stratos. Part no. 667/UE/31701/004

Are we breached? Deloitte's Cyber Threat Hunting

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Cyber Risk in the Marine Transportation System

The Eight Components of a Strong Cyber Security Defense System

CCNA Cybersecurity Operations. Program Overview

Enterprise D/DoS Mitigation Solution offering

Transcription:

Cisco Cyber Range Paul Qiu Senior Solutions Architect June 2016

What I hear, I forget What I see, I remember What I do, I understand ~ Confucius

Agenda

Agenda Cyber Range Highlights Cyber Range Overview & Architecture Cyber Range Threat Response Exercise Cyber Range Further Investigation 4

Cyber Range Highlights

Cyber Range Highlights Defence Organisations Enterprise NOC/SOC Teams. Oil and Gas Sectors Government Regulatory authorities Consulting and Auditing firms Large Service Providers Cyber Emergency Response Teams Information Security and Surveillance teams Partners, distributors, value added resellers, and security system integrators

Workshops all over the world

Cyber Range Overview

Cyber Range Service Delivery Platform A Platform for Service Delivery and Learning Deeper understanding of leading security methodologies, operations, and procedures Empower customers with the architecture and capability to combat modern cyber threats Over 100 Attack Cases for 12 Technology Solutions 100+ applications simultaneously merged with 200-500 different Malware types Virtual environment accessible from any place in the world PEOPLE PROCESS DATA THINGS

Cisco Cyber Range Service Packages 3 or 5 day intensive real life experience reacting to and defending against rudimentary and Complex Cyber Attacks delivery to any location Cyber Range build on customer premise with updates via subscription Threat Intelligence Report Threat modelling for customers network environment and regular consulting on impact of latest threats to customer s security posture 3 or 5 day intensive real life experience, Rent Cyber Range Services Delivery Platform Including test engineer Local Cisco Services Lab

Cyber Range Capabilities can improve cyber defence operational capabilities, by way of: Architecture / Design validation Incident response playbook creation / validation War game exercises Hands-on training for individual technologies Threat mitigation process verification Simulating advanced threats (zero day / APT)

Cyber Range Architecture

Covering The Entire Attack Continuum Attack Continuum BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Firewall VPN NGIPS Advanced Malware Protection NGFW UTM Web Security Network Behaviour Analysis NAC + Identity Services Email Security Visibility and Context

Cisco CSIRT Protection Model Prevent Detect Network IPS Host IPS Network IDS Advanced Malware Firewall Anti-Virus Web proxy Anti-Spam Behavioural anomaly NetFlow anomaly Collect NetFlow Event logs Web proxy logs Web firewall Analyse SIEM analysis NetFlow analysis Malware analysis Mitigate IP blackhole account disablement Foundation scalable load balancer device monitoring

Cyber Range Network Components Overview StealthWatch Management SMC Internet Cisco Talos Flow Collector Identity Services Engine FC Web Security Appliance Email Security Appliance Sourcefire IPS Wireless Security ASAv N1KV Cyber Threat Defence NetFlow AVC TrustSec ASA NGFW Fire SIGHT Cisco Prime Splunk Virtual Security IXIA Breaking Point Open Source Attack Tools Inside Host Data Analytics

Cyber Range Network 1

Meet the Teams Red Team Blue Team Green Team AGENDA: Infiltrate networks to steal data and/or cause damage for publicity or gain. AGENDA: Monitor and defend attacks against CyberRange Networks and their clients. AGENDA: Enhance knowledge of attack and defence strategies. Hopes to one day join the red or blue teams. Skill Set: High Skill Set: High Skill Set: Varied LOCATION: Everywhere LOCATION: Security Operations Centre LOCATION: This room

Cyber Range Networks Biggest Threats?

Cyber Range Threat Response Exercise

Incident Categories by CERT Category Title Description CAT 0 Exercise / Network Defence Testing Known vulnerability assessments, audits, Q/C incident tests, table-top exercises, etc CAT 1 CAT 2 CAT 3 CAT 4 CAT 5 CAT 6 Unauthorised Access Denial of Service (DoS) Malicious Code Improper Usage Scans/Probes/Attempted Access Investigation Logical or physical access without permission (regardless of awareness) to a network, system, application, data, or other resource from internal to external An attack that successfully prevents or impairs the normal authorised functionality of networks, systems or applications by exhausting resources. This activity includes being the victim or participating in the DoS. Successful installation of malicious software (e.g., virus, worm, Trojan horse, or other code-based malicious entity) that infects an operating system or application. Any acceptable-use, lab, minimum host, general insecurity, or other policy violations, unscheduled vulnerability assessments, external vulnerability notification, etc. An employee violates acceptable computing use polices. This category includes any activity that seeks to access or identify a company asset, including computer, open ports, protocols, service, or any combination for later exploit. This activity does not directly result in a compromise or denial of service. Unconfirmed incidents where evidence is inconclusive, or when supporting another team s investigation. Potentially malicious or anomalous activity deemed by the reporting entity to warrant further review.

Cyber Range Further Investigation

Additional Resources

Additional Resources Service Overview: www.getcyberrange.com https://www.servicesdiscovery.com/en/article.php?idx=218 Sales Collateral: https://cisco.jiveon.com/groups/cisco-cyber-range Contact Us: Cyber-Range@cisco.com

What I hear, I forget What I see, I remember What I do, I understand ~ Confucius

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback