Innovative Cisco Security- Lösungen für den Endpoint Das Alpha und Omega unsere Next Gen Security

Similar documents
Cisco Cloud Security. How to Protect Business to Support Digital Transformation

How to build a multi-layer Security Architecture to detect and remediate threats in real time

Cisco Ransomware Defense The Ransomware Threat Is Real

Predicting and Preventing Cyber Threats. Paolo Passeri, Consulting Systems Engineer

Cisco Advanced Malware Protection. May 2016

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Cisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Battle between hackers and machine learning. Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019

The Internet of Everything is changing Everything

Cisco Security Exposed Through the Cyber Kill Chain

Cisco Comstor

AMP for Endpoints & Threat Grid

How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption

MODERN DESKTOP SECURITY

Cisco Advanced Malware Protection against WannaCry

A New Security Model for the IoE World. Henry Ong SE Manager - ASEAN Cisco Global Security Sales Organization

Cisco Advanced Malware Protection

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Cisco Security: Advanced Threat Defense for Microsoft Office 365

Cisco Advanced Malware Protection for Endpoints

Security Experts Webinar

Compare Security Analytics Solutions

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

We re ready. Are you?

Modern attacks and malware

Cisco Advanced Malware Protection for Endpoints. Donald J Case BizCare, Inc. Saturday, May 19, 2018

Symantec Ransomware Protection

Advanced Malware Protection: A Buyer s Guide

Cisco Advanced Malware Protection (AMP) for Endpoints

Agile Security Solutions

Agenda: Insurance Academy Event

Security Landscape Thorsten Stoeterau Security Systems Engineer - Barracuda Networks

Easy Setup Guide. Cisco ASA with Firepower Services. You can easily set up your ASA in this step-by-step guide.

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company

Threat Centric Network Security

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

SentinelOne Technical Brief

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks

Secure solutions for advanced threats

Aby se z toho bezpečnostní správci nezbláznili Cisco security integrace. Milan Habrcetl Cisco CyberSecurity Specialist Mikulov, 5. 9.

SAFE Design Guide Security Domain: Threat Defense Use Case: Cisco Ransomware Defense Added Advanced - Updated August 2017

Passit4Sure (50Q) Cisco Advanced Security Architecture for System Engineers

Detecting breach. There are only two types of organisations in the world... Terry Greer-King Director, Cyber security, UK & Africa May 2017

Detect Cyber Threats with Securonix Proxy Traffic Analyzer

Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN)

WINNERS AND LOSERS OF THE 2018 CYBERTHREAT ROLLERCOASTER. Claudio Tosi, Sales Engineer, Malwarebytes

Improved C&C Traffic Detection Using Multidimensional Model and Network Timeline Analysis

Cisco Advanced Malware Protection for Networks

Firewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Access Control Using Intrusion and File Policies

Cisco s Appliance-based Content Security: IronPort and Web Security

CloudSOC and Security.cloud for Microsoft Office 365

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Seqrite Endpoint Security

Cisco AMP Solution. Rene Straube CSE, Cisco Germany January 2017

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Synchronized Security

Cisco Advanced Malware Protection for Networks

Enhanced Threat Detection, Investigation, and Response

Moshe Elias, Product Marketing, Allot. Network Intelligence to See, Control & Secure IT

Automated Threat Management - in Real Time. Vectra Networks

Access Control Using Intrusion and File Policies

Intelligent Cyber Security for Real World

Monitoring the Device

Security, Internet Access, and Communication Ports

CYBER SECURITY EFFECTIVENESS FOR THE RESOURCE-CONSTRAINED ORGANIZATION

Maximum Security with Minimum Impact : Going Beyond Next Gen

FIREWALL BEST PRACTICES TO BLOCK

Security, Internet Access, and Communication Ports

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

Juniper Sky Advanced Threat Prevention

Protection - Before, During And After Attack

2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1

JUNIPER SKY ADVANCED THREAT PREVENTION

SO YOU THINK YOU ARE PROTECTED? THINK AGAIN! NEXT GENERATION ENDPOINT SECURITY

KASPERSKY ANTI-MALWARE PROTECTION SYSTEM BE READY FOR WHAT S NEXT. Kaspersky Open Space Security

3 Ways to Prevent and Protect Your Clients from a Cyber-Attack. George Anderson Product Marketing Director Business October 31 st 2017

PrecisionAccess Trusted Access Control

Un SOC avanzato per una efficace risposta al cybercrime

Connection Logging. Introduction to Connection Logging

Streaming Prevention in Cb Defense. Stop malware and non-malware attacks that bypass machine-learning AV and traditional AV

Cloud Multicloud Portfolio: Cloud Protect

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

Endpoint Protection : Last line of defense?

Cisco Security Enterprise License Agreement

Connection Logging. About Connection Logging

Privacy Data Sheet. This Privacy Data Sheet describes the processing of personal data (or personal identifiable information) by Cisco Threat Grid.

SentinelOne Technical Brief

Cisco Customer Education

Best Practices in Securing a Multicloud World

INTRODUCING SOPHOS INTERCEPT X

Symantec Endpoint Protection

Security, Internet Access, and Communication Ports

Transcription:

Innovative Cisco Security- Lösungen für den Endpoint Das Alpha und Omega unsere Next Gen Security Sven Kutzer Consulting Systems Engineer GSSO - CYBERSECURITY SALES Mittwoch, 7. März 2018

Challenges 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

The way we work has changed Internet Critical infrastructure Amazon, Rackspace, Windows Azure, etc. Business apps Salesforce, Office 365, G Suite, etc. Critical infrastructure Business apps Workplace desktops Roaming laptops Branch office

The threats have also changed Prevention tools alone can t catch everything and provide limited visibility into threats once inside Analysis Stops AV IPS Initial Inspection Sleep Techniques Unknown Protocols Encryption Polymorphism Blind to scope of compromise Initial Disposition = Clean <45% Actual Disposition = Bad Too Late!! AV Efficacy Rate

Cisco Umbrella 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Where do Umbrella and AMP fit? Malware C2 Callbacks Phishing Network and endpoint All starts with DNS Precedes file execution and IP connection NGFW Netflow Proxy Sandbox AMP AMP Network and endpoint Router/UTM AMP AMP Endpoint AMP Detect and Respond With deep visibility, context, and control HQ BRANCH ROAMING

Built into foundation of the internet Destinations Original destination or block page Safe Original destinations Blocked Modified destination Security controls DNS and IP enforcement Risky domain inspection through proxy SSL decryption available Intelligent proxy Deeper inspection Internet traffic On and off-network

Intelligence to see attacks before launched Data Cisco Talos feed of malicious domains Cisco Threat Grid file-based intelligence (1.5M+ daily samples) Umbrella DNS data 120B requests per day Models Security researchers Industry renown researchers Build models that can automatically classify and score domains and IPs Dozens of models continuously analyze millions of live events per second Automatically uncover malware, ransomware, and other threats

Co-occurrence model Domains guilty by inference time - time + a.com b.com c.com x.com d.com e.com f.com Possible malicious domain Known malicious domain Possible malicious domain Co-occurrence of domains means that a statistically significant number of identities have requested both domains consecutively in a short timeframe

Spike rank model Patterns of guilt DGA MALWARE EXPLOIT KIT PHISHING Massive amount of DNS request volume data is gathered and analyzed DNS REQUESTS y.com DAYS y.com is blocked before it can launch full attack DNS request volume matches known exploit kit pattern and predicts future attack

Anycast IP routing for reliability YVR 208.67.222.222 DFW 208.67.222.222 All data centers announce same IP address Requests transparently sent to fastest available

Anycast IP routing for reliability YVR 208.67.222.222 DFW 208.67.222.222 100% uptime since 2006 DDoS protection and global fail-over If down for any reason, automatically re-routes to next fastest available

Connecting to Umbrella Roaming CLIENT / ANYCONNECT Route traffic and IDs via DNS No need for connectors/pac files On-network INTERNAL DNS OR DHCP NETWORK DEVICES Anycast routing Customers not tied to a data center Umbrella VA AND AD CONNECTOR Customer

Prevent, Detect, and Contain Ransomware With Cisco Umbrella, AMP, and Cloud Email Security Encryption Key Infrastructure COMPROMISED SITES AND MALVERTISING Web redirect DNS EXPLOIT KIT DOMAINS C2 DNS PHISHING SPAM Web link DNS Angler Nuclear Neutrino DNS C2 Malicious Infrastructure File drop RANSOMWARE PAYLOAD Email attachment DNS Blocked by Cisco Umbrella Blocked by Cisco AMP for Endpoints Blocked by Cisco Cloud Email Security

Cisco AMP for Endpoints 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Cisco AMP for Endpoints Powerful host-based protection Prevent Prevent attacks and block malware in real time Detect Continuously monitor for threats on your endpoints to decrease time to detection Respond Accelerate investigations and remediate faster and more effectively

Plan A Prevention framework 1-to-1 Signatures Antivirus Engine Exploit Prevention Fuzzy Fingerprinting Machine Learning IN MEMORY ON DISK TIME TO DETECTION

Plan A Prevention framework 1-to-1 Signatures Antivirus Engine Exploit Prevention Fuzzy Fingerprinting Machine Learning IN MEMORY ON DISK TIME TO DETECTION

Prevention eventually fails.

ΑΩ Plan B Device Flow Correlation Detection framework Advanced Analytics <#> Command Line Capture TIME TO DETECTION Indicators of Compromise Dynamic Analysis

Continuous Analysis and Retrospective Security Monitor, record, and analyze all file activity, regardless of disposition RECORDING Identify a threat s point of origin See what it is doing See where it's been Track it s rate of progression and how it spread Surgically target and remediate

Find the Answers to Break the Kill Chain Gain full context for each detection What happened? Where did the malware come from? Where has the malware been? What is it doing? How do we stop it? Recon Stage Launch Exploit Install Callback Persist

Prevent, Detect, and Contain Ransomware With Cisco Umbrella, AMP, and Cloud Email Security Encryption Key Infrastructure COMPROMISED SITES AND MALVERTISING Web redirect DNS EXPLOIT KIT DOMAINS C2 DNS PHISHING SPAM Web link DNS Angler Nuclear Neutrino DNS C2 Malicious Infrastructure File drop RANSOMWARE PAYLOAD Email attachment DNS Blocked by Cisco Umbrella Blocked by Cisco AMP for Endpoints Blocked by Cisco Cloud Email Security

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback