Cisco Cyber Range. Paul Qiu Senior Solutions Architect

Similar documents
Cisco Cyber Range. Paul Qiu Senior Solutions Architect June 2016

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Cisco Security Exposed Through the Cyber Kill Chain

The Internet of Everything is changing Everything

Key Security Measures to Enable Next-Generation Data Center Transformation

Cisco ASA 5500-X NGFW

Automated Threat Management - in Real Time. Vectra Networks

Cisco Cyber Threat Defense Solution 1.0

ANATOMY OF AN ATTACK!

Security Challenges and

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

Agenda: Insurance Academy Event

Aby se z toho bezpečnostní správci nezbláznili Cisco security integrace. Milan Habrcetl Cisco CyberSecurity Specialist Mikulov, 5. 9.

Passit4Sure (50Q) Cisco Advanced Security Architecture for System Engineers

A New Security Model for the IoE World. Henry Ong SE Manager - ASEAN Cisco Global Security Sales Organization

Agile Security Solutions

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Intelligent Cyber Security for Real World

Cyber Threat Defence. Cisco Public BRKSEC Cisco and/or its affiliates. All rights reserved.

SDN Security BRKSEC Alok Mittal Security Business Group, Cisco

Cisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Cisco Firepower NGFW. Anticipate, block, and respond to threats

An Investment Checklist

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

Advanced Threat Defence using NetFlow and ISE

Advanced Malware Protection. Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe

align security instill confidence

Top 10 most important IT priorities over the next 12 months. (Percent of respondents, N=633, ten responses accepted)

The Future of Threat Prevention

Synchronized Security

LA RELEVANCIA DEL ANALISIS POST- BRECHA

Improved C&C Traffic Detection Using Multidimensional Model and Network Timeline Analysis

Firewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků

Stealthwatch ülevaade + demo ja kasutusvõimalused. Leo Lähteenmäki

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

Stop Threats Before They Stop You

Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN)

How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption

Cisco Ransomware Defense The Ransomware Threat Is Real

Compare Security Analytics Solutions

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

RSA Security Analytics

Service Provider Security Architecture

Enterprise D/DoS Mitigation Solution offering

Design and Deployment of SourceFire NGIPS and NGFWL

RSA NetWitness Suite Respond in Minutes, Not Months

Cisco ASA with FirePOWER Services

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

Rethinking Security: The Need For A Security Delivery Platform

Novetta Cyber Analytics

Securing Cisco s Network

How Vectra Cognito enables the implementation of an adaptive security architecture

THE ACCENTURE CYBER DEFENSE SOLUTION

Cisco Secure Access Control

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

The Internet of Everything is changing Everything

Implementing Cisco Network Security (IINS) 3.0

AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Using Visibility To Turn The Tables on Cybercriminals

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Cisco ASA Next-Generation Firewall Services

Stopping Advanced Persistent Threats In Cloud and DataCenters

Proactive Approach to Cyber Security

Identity Based Network Access

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Building Resilience in a Digital Enterprise

A Unified Threat Defense: The Need for Security Convergence

Sourcefire and ThreatGrid. A new perspective on network security

PrecisionAccess Trusted Access Control

Incident Response Agility: Leverage the Past and Present into the Future

Protecting Your Digital Business: The Case for Next-Generation Intrusion Prevention

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Encrypted Traffic Analytics

Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers

Outwit Cyber Criminals with Comprehensive Malware and Exploit Protection.

External Supplier Control Obligations. Cyber Security

Cisco Advanced Malware Protection. May 2016

How to securely connect user endpoints to network access wireless or wired. Gyorgy Acs Consulting Systems Engineer Cisco

Changing face of endpoint security

Sourcefire Network Security Analytics: Finding the Needle in the Haystack

Building a Threat-Based Cyber Team

Next Generation IPS and Advance Malware Protection. Mahmoud Rabi Consulting Systems Engineer - Security

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

Endpoint Protection : Last line of defense?

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

Data Center Security. Fuat KILIÇ Consulting Systems

Cisco Systems Korea

Architecting a More Effective Enterprise Security Program

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Cognitive Threat Analytics Tech update

Battle between hackers and machine learning. Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019

Transcription:

Cisco Cyber Range Paul Qiu Senior Solutions Architect

Cyber Range Service A platform to experience the intelligent Cyber Security for the real world What I hear, I forget What I see, I remember What I do, I understand ~ Confucius

Cyber Range Overview 4

Agenda Cyber Range Journey Cisco Cyber Security Overview Cyber Range Overview & Architecture Cyber Range APT Case Study 5

Cisco Cyber Range Journey

08/2014 - PACIFIC ENDEAVOR 2014 10 teams are doing Cyber Range Challenge

09/2014 - Cyber Range 5 Day Workshop India Service Provider

01/2015 Cyber Range 5 day Workshop India Service Provider

10/2014 - Cyber Range 3 Day Workshop Taiwan Manufacturer

Cisco Cyber Security Overview

Breaches Happen in Hours. But Go Undetected For Weeks/Months Seconds Minutes Hours Days Weeks Months Years In 60% of breaches, data is stolen in hours. Initial Attack to Initial Compromise 10% 75% 12% 2% 0% 1% 1% Initial Compromise to Data Exfiltration 8% 38% 14% 25% 8% 8% 0% 85% of breaches are not discovered for weeks. Initial Compromise to Discovery Discovery to Containment/ Restoration 0% 0% 0% 1% 2% 9% 13% 32% 29% 38% 54% + 17% 2% 4% Timespan of events by percent of breaches

Anatomy of a Modern Threat Enterprise Internet and Cloud Apps Campus Public Network Perimeter Infection entry point occurs outside of the enterprise Advanced online threat bypasses perimeter defence Data Centre Threat spreads and attempts to exfiltrate valuable data

Cisco Cyber Security VISIBILITY Deep Insight to Detect Advanced Threats INTELLIGENCE Contextual Awareness to Pinpoint Attacks CONTROL Ubiquitous Defence to Manage Threats

Visibility Identity AVC NetFlow Security User, device, access, location, time Application recognition and identification Network-wide traffic patterns Firewall, intrusion, web & email security

Intelligence Analytics Stealthwatch, Splunk Reputation Security Intelligence Operations (SIO)

Control TrustSec Network flow tagging and blocking Security Firewall, intrusion, web & email security

Cyber Range Overview

Cyber Range Overview A platform to experience the intelligent Cyber Security for the real world

Cyber Range Remote Capabilities Road Show Internet Exhibition Centre Customer Sites Campuses Partners

Cyber Range Capabilities can improve cyber defence operational capabilities, by way of: Architecture / Design validation Incident response playbook creation / validation War game exercises Hands-on training for individual technologies Threat mitigation process verification Simulating advanced threats (zero day / APT)

Cisco Cyber Range Service Features Infrastructure Attacks Visibility and Control Wired, wireless, and remote access Network and routing Client simulator Server simulator Application simulator Traffic generation Day 0 Attack/New threats DDoS Network reconnaissance Application attacks Data Loss Computer malware Mobile device malware Wireless Attacks Evasion techniques Botnet simulation Open source attack tools Virtual Network Attacks Global Threat Intelligence(Cloud) Firewall & IDS/IPS Signature based Detection Behaviour based Detection Data Loss Prevention Web & email Security Application Visibility & Control Wireless Security Identity & access management Security and event management Event correlation Packet Capture and Analysis Virtual Network Security TrustSec-SGT Software Defined Network

Cyber Range Architecture

Covering The Entire Attack Continuum Attack Continuum BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Firewall VPN NGIPS Advanced Malware Protection NGFW UTM Web Security Network Behaviour Analysis NAC + Identity Services Email Security Visibility and Context

Cisco CSIRT Protection Model Prevent Detect Network IPS Host IPS Network IDS Advanced Malware Firewall Anti-Virus Web proxy Anti-Spam Behavioural anomaly NetFlow anomaly Collect NetFlow Event logs Web proxy logs Web firewall Analyse SIEM analysis NetFlow analysis Malware analysis Mitigate IP blackhole account disablement Foundation scalable load balancer device monitoring

Cyber Range Network Components Overview

Cyber Range Splunk Architecture 2 x Search Heads 1 x Indexer Index Forwarding Mirrored Dev Servers CyberRange Live Inside Network syslog TCP/UDP Scripted Input HTTPS Lancope Mail Logs (ESA) WWW Access Logs (WSA) Syslog (ASA, ISE, etc) SDEE (IPS) estreamer (sfire)

Cisco Cyber Range APT Case Study

APT - Kill Chain Recon Harvest contact info from social media Weaponize Couple exploit with backdoor to deliver payload Deliver Deliver weaponized bundle to victim via email, web, USB Exploit Leverage vulnerability to execute code on victim system Install Install malware on asset Control Use command channel to control victim remotely Action on Objectives Steal information, exfiltrate, etc.

The Great Bank Robbery: the Carbanak APT https://securelist.com/blog/research/68732/the-great-bank-robbery-the-carbanak-apt/

Carbanak APT Case Study Attackers Finance Server

Cyber Range The Defenders

Cyber Range Network Components Overview

Sourcefire Intrusion Events

Sourcefire Intrusion Events Detail

Sourcefire Intrusion Events Packet Capture

CTD Shows Data Loss

CTD Shows Data Loss Alarms

CTD Detail Flow

Splunk Search

Q & A

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback