The Internet of Everything is changing Everything
Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763 Global Security Sales Organization
Changing Business Models Any Device to Any Cloud PUBLIC CLOUD HYBRID CLOUD PRIVATE CLOUD 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Internet of Things and Everything Every company becomes a technology company, Every company becomes a security company 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
The Industrialization of Hacking Sophisticated Attacks, Complex Landscape Hacking Becomes an Industry Phishing, Low Sophistication 1990 1995 2000 2005 2010 2015 2020 Viruses 1990 2000 Worms 2000 2005 Spyware and Rootkits 2005 Today APTs Cyberware Today + 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
How Industrial Hackers Monetize the Opportunity Social Security $1 DDoS DDOS as a Service ~$7/hour Medical Record >$50 Credit Card Data $0.25-$60 $ Bank Account Info >$1000 depending on account type and balance Global Cybercrime Market: $450B Mobile Malware Exploits $150 Spam $1000-$300K $50/500K emails Malware Development $2500 (commercial malware) Facebook Account $1 for an account with 15 friends Source: RSA/CNBC 2014 Cisco and/or its affiliates. All rights reserved. WELCOME TO THE HACKERS ECONOMY Cisco Confidential 6
What do these companies have in common? 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Today s Reality. Cyber attacks are one of the unfortunate realities of doing business today. All were smart, all had security All were seriously compromised. 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Five Things Boards Should do about Cybersecurity NOW Many Organizations have Cybersecurity tucked away in IT departments. It s time to bring it up and dust it off. 1 Understand the problem 2 Know the scope of risk to the organization 3 Decide what your crown jewels are 4 Know the regulations 2014 Cisco and/or its affiliates. All rights reserved. 5 Know where to spend Cisco Confidential 9
The Security Problem Changing Business Models Dynamic Threat Landscape Complexity and Fragmentation 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Cisco Threat-Centric Security Model Attack Continuum BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate NGFW VPN NGIPS Advanced Malware Protection Secure Access + Policy Control Web Security Email Security Network Behavior Analysis Collective Security Intelligence 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Enhanced Security & Cost Savings Superior Network Visibility Automated Tuning Impact Assessment & Correlation Rogue hosts, Vulnerabilities, Applications, OS, Servers, Mobiles Adjust IPS policies automatically based on network changes Threat correlation reduces actionable events by up to 99% Remediation Industry Leading Threat Detection Continuous Analysis, Trajectory 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Cisco Sees More Than the Competition Superior Network Visibility Rogue hosts, Vulnerabilities, Applications, OS, Servers, Mobiles NetFlow Files Users Web Applications Application Protocols Services Malware Command and Control Servers Vulnerabilities Processes Network Servers Operating Systems Routers and Switches Mobile Devices Printers VoIP Phones Virtual Machines Client Applications Network Behavior 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Superior Network Visibility Geolocation Superior Network Visibility Rogue hosts, Vulnerabilities, Applications, OS, Servers, Mobiles 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Automated Tuning Automated Tuning Adjust IPS policies automatically based on network changes Automated Recommended Rules customized & based on Customer s Infrastructure Automated IPS Policies based on network changes Simplifies Operations & Reduces Costs 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Impact Assessment & Correlation Impact Assessment & Correlation IMPACT FLAG ADMINISTRATOR ACTION Determine the relevance and impact of the attack With automated impact assessment, intrusion events requiring manual investigation are typically reduced by more than 90%. 1 2 3 4 0 Act Immediately; Vulnerable Investigate; Potentially Vulnerable Good to Know; Currently Not Vulnerable Good to Know; Unknown Target Good to Know; Unknown Network 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Remediation Remediation Point-in-time Detection NGFW NGIPS Analysis Stops Not 100% Sleep Techniques Unknown Protocols Encryption Polymorphism Blind to scope of compromise Continuous Analysis, Trajectory Initial Disposition = unknown Actual Disposition = Bad = Too Late!! Retrospective Detection, Analysis Continues Continuous Turns back time Visibility and Control are Key Initial Disposition = unknown Actual Disposition = Bad = Blocked 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Information Cisco Security Intelligence Outstanding cloud-based global threat intelligence Industry Leading Threat Detection 24x7x365 operations 40+ languages More than US$100 million spent on dynamic research and development 600+ engineers, technicians, and researchers 80+ PH.D., CCIE, CISSP, AND MSCE users Big Analytics Sandbox Advanced Malware WWW SIO Sourcefire VRT ThreatGrid Cognitive Security Email Devices Web Cisco CWS Cisco IPS Cisco AnyConnect IPS Networks Endpoints Updates Cisco ESA Cisco ASA WWW Cisco WSA Visibility Control 1.6 million global sensors 35% worldwide email traffic 3- to 5- minute updates 200+ parameters tracked 100 TB of data received per day 16 billion web requests 5,500+ IPS signatures produced 70+ publications produced 150 million+ deployed endpoints 8 million+ rules per day C97-728331-00 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Threats by the Numbers Industry Leading Threat Detection 7399 CVE Entries in 2013 a 10% increase from 2012 1,100,000 Incoming Malware Samples Per Day, Increasing Daily 400K AV Blocks 4.2 Billion Web Filtering Blocks Per Day 6.4 Billion daily blocks peak of 1 Billion Reputation Queries Per Day The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Industry Leading Threat Detection Industry Leading Threat Detection The NGFW Security Value Map shows the placement of Cisco ASA with FirePOWER Services as compared to other vendors. Cisco Best Protection Value 99.2% Security Effectiveness Cisco achieved 99.2 percent in security effectiveness and now all can be confident that they will receive the best protections possible Source: NSS Labs 2014 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
NSS Labs Next-Generation Firewall Reports: Cisco ASA with FirePOWER Services Excels http://www.cisco.com/web/offers/nsslabsreportngfw.html?keycode=000551632 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Perimeter Security Customized Threat Bypasses Security Gateways Security Inside Perimeter Firewall IPS AMP Web Sec Email Sec 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
The User to Device Ratio Has Changed What is all this stuff on my network?!!! 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
COMMON POLICY, MANAGEMENT & CONTEXT Who/What is currently connected on the Network? How Do I Control Who and What Access the Network/Resources? How to Quarantine a User? 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
All-in-One Enterprise Policy Control Policy Management Increases Operational Efficiency Identity Context Who What Where When How Device Profiling & Posture Provides Comprehensive Secure Access Mobile Device Management Onboarding & Remediation Increases Productivity and Improves User Experience Cisco Identity Services Engine Wired Wireless VPN Business-Relevant Policies Network Enforcement Decreases Operational Costs Virtual machine client, IP device, guest, employee, and remote user 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Cisco Identity Services Engine Who? Employee Guest What? Personal Device Company Asset How? Wired Wireless VPN Where? @ Coffee Shop Headquarters When? Weekends (8:00am 5:00pm) 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
802.1x, MAC-Authentication Bypass (MAB) Web Authentication 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Non-User Device 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Guest Management 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
ISE 1.3.1 Mobile Enablement with AnyConnect 4.0 Configuration Email & Calendar Network Access (Wi-Fi / VPN) Exchange Active Sync Restriction (camera usage) App Distribution / Public Stores Compliance Enforcement Set the PIN lock Enable Passcode - Screen Lock Enable Disk Encryption Restrict Jailbroken device Security Locate lost/stolen Device Lock /Unlock Device Remote Wipe Device Remove / Unenroll Device from Network Restore factory default 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Putting It All Together Who What Event History Where? When How Discover, Enforce, Harden Detect, Block, Defend NGFW VPN NGIPS BEFORE Secure Access / Policy Control DURING Web Security Email Security 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Putting It All Together Who What Event History Where When How Discover, Enforce, Harden Detect, Block, Defend Scope, Contain, Remediate BEFORE NGFW VPN Secure Access / Policy Control DURING NGIPS Web Secuirty Email Security AFTER Advanced Malware Protection Network Behavior Analysis 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
Putting It All Together Who What Patient ZERO How The Malware Spread STOP The Malware From Spreading REMEDIATE Event History Where When How Discover, Enforce, Harden Detect, Block, Defend Scope, Contain, Remediate BEFORE NGFW VPN Secure Access / Identity Services DURING NGIPS Web Secuirty Email Security AFTER Advanced Malware Protection Network Behavior Analysis 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
Intelligent Cybersecurity with Integrated Threat Defense in action Security Gateways NGFW NGIPS Web Security Gateways Email Security Gateways AMP Services for Gateways AMP for Networks, Sandbox Malware detection/blocking File detection/blocking CNC detection/blocking File Dynamic Analysis Threat Analytics 1 4 Identity & Control Wired Wireless VPN Contextual and Consistent Policies across the entire Campus Network & D/C (User/Device/Access method, Network location), BYOD, Device Profiling Continuous File Analytics Sandbox Reputation Determination Visibility, Context and Control Determine Scope: File Trajectory: systems impacted, point of entry, file type, protocol, direction, etc Correlated contextual events: Users, apps, threats, etc Retrospective Detection IoC Determination 2014 Cisco and/or its affiliates. All rights reserved. 35 3 2 AMP for Endpoints Integrated or standalone PC, mobile & virtual Malware Detection Automated IoC detection Trajectory File Analysis Outbreak Control
Ecosystem and Integration Vulnerability Management Custom Detection Full Packet Capture NAC Incident Response BEFORE Policy and Control DURING Detection and Blocking AFTER Analysis and Remediation Network Access Taps Infrastructure & Mobility Visualization SIEM Combined API Framework 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Based on our (Breach Detection Systems) reports, Advanced Malware Protection from Cisco should be on everyone s short list. So do any network security vendors understand data center and what s needed to accommodate network security? Cisco certainly does. Cisco is disrupting the advanced threat defense industry. 2014 Vendor Rating for Security: Positive AMP will be one of the most beneficial aspects of the [Sourcefire] acquisition. The AMP products will provide deeper capability to Cisco's role in providing secure services for the Internet of Everything (IoE). Market Recognition 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
Your First step to Threat Focused Security FirePOWER Services for ASA Start today! Bring the worlds most secure firewall platform capabilities to the top cyber-security platform Let us show you what you are missing Put Cisco in behind of your existing NGFW to show you what threats you aren t seeing 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38