Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018.
Security Enables Digitization
Digital Disruption, Massive Scale 50B Devices Connected by 2020 $19T Opportunity Active Adversaries Attack surface Threat Actors Attack Sophistication Security Industry Rapidly expanding number of security companies Not interoperable Not open Changing Business Models Security Challenges Dynamic Threat Landscape Complexity and Fragmentation
Goal The Security for Effective Effectiveness Security Gap
If It s Digital Security Must Evolve
Architectural Approach: Integrated Mobile Users Branch Offices Network Capability Complexity Endpoint Cloud Roaming Laptops Corporate Networks
Premiere Portfolio in the Industry Best of Breed and Integrated Architecture Network Analytics UTM Cloud Access Security Email Secure Internet Gateway Advanced Malware Policy and Access NGFW/ NGIPS W W W Web
Security Enables Digitization Protect your Business During Digital Transformation Stop threats at the edge Control who gets onto your network Find and contain problems fast Protect users wherever they work Simplify network segmentation
Security Enables Digitization OUTCOMES Stop threats at the edge Protect users wherever they work Control who gets onto your network Simplify network segmentation Find and contain problems fast PRODUCTS SERVICES NGFW Risk Assessment Umbrella Architecture Review ISE Stealthwatch + TrustSec Network as a sensor + enforcer Architecture Segmentation Review Services AMP Active Threat Analytics SUMMARY Apply threat-centric visibility and control to your NGFW for truly effective protection at the perimeter. Protect all users regardless of location or device, and whether they are employees or guests. Stop the wrong people from accessing your network. Gain visibility into behavior from within the network. Stop threats from spreading within your organization. Find, stop and remove malicious content with effective tools that are simple to use.
Security Enables Digitization Protect your Business During Digital Transformation Umbrella + Architecture Review Apply consistent controls and polices for securing your mobile users as they move among many locations. Extend your NGFW protection beyond the perimeter with cloud-delivered security enabled at the DNS layer to protect users from malware, phishing and other malicious connections. Protect all users regardless of location or device, whether they are in the office, in a branch Stop threats or mobile on their device, and whether Control they who are gets employees or guest WiFi users. Find and contain at the onto your problems edge network fast Protect users wherever they work Simplify network segmentation
Security Enables Digitization Protect your Business During Digital Transformation AMP + Active Threat Analytics Threats will find a way past the best defenses, and then the race is on. Reduce the time it takes to find bad stuff on your network from days to hours. Traditional endpoint methods of signature detection Stop are threats slow, and threats move fast. Find, Control stop and who remove gets malicious content at the before it does any more damage onto with your effective tools that are edge simple to use. network Find and contain problems fast Protect users wherever they are Simplify network segmentation
Find and stop them in hours, not days VS.
AMP helps you to Make the unknown, known See once, block everywhere Accelerate security response
Continuously monitor to make the unknown, known Make the unknown, known See once, block everywhere Accelerate security response No threat symptoms displayed Sent information from internal server? IoC identified? Compromised Customer data Origin Threat Contained Initial device compromised Launched malicious file downloads Threat AMP continuously records all activity In most networks, there s no way to see threat progression or origin With AMP, trace back threat activity and remediate incidents quickly
See once, block everywhere Make the unknown, known See once, block everywhere Accelerate security response Protect, detect, and respond across your environment Sandboxing AMP AMP Cloud Automatically block threats seen outside your network NGFW NGIPS Endpoint WSA ESA ISR 3 rd party products APIs Augment the functionality of Cisco and 3 rd party products Talos AMP makes everything in your network better API integration
Accelerate security response Make the unknown, known See once, block everywhere Accelerate security response Understand which alerts need further investigation with precision Accelerate investigations and reduce management complexity Eliminate time-consuming and error-prone tasks Automate intelligencedriven security responses
More Ways To: Find and contain problems fast Investigate Cisco Investigate provides the most complete view of the relationships and evolution of Internet domains, IP addresses, and autonomous systems to pinpoint attackers infrastructures and predict future threats. Rapid Threat Containment Cisco Rapid Threat Containment uses an open integration of Cisco s security products, technologies from Cisco security partners, and the network control of the Cisco Identity Services Engine (ISE). Ransomware Defense Cisco Ransomware Defense reduces the risk of ransomware infections with a layered approach, from the DNS layer to the endpoint to the network, email, and the web.
Cisco Umbrella First line of defense for threats on the internet
Cisco Umbrella Cloud security platform Malware C2 Callbacks Phishing Built into the foundation of the internet Intelligence to see attacks before launched Visibility and protection everywhere 208.67.222.222 Enterprise-wide deployment in minutes Integrations to amplify existing investments
Where does Umbrella fit? Malware C2 Callbacks Phishing Benefits NGFW Netflow Proxy First line Block malware before it hits the enterprise Contains malware if already inside Sandbox AV AV HQ Router/UTM AV AV BRANCH AV ROAMING Internet access is faster Provision globally in minutes
It all starts with DNS DNS = Domain Name System First step in connecting to the internet Precedes file execution and IP connection Used by all devices Port agnostic Umbrella Cisco.com 72.163.4.161
Built into foundation of the internet Umbrella provides: Connection for safe requests Prevention for user and malwareinitiated connections Proxy inspection for risky domains Safe request Blocked request
ENFORCEMENT Intelligent proxy Requests for risky domains URL inspection Cisco Talos feeds Cisco WBRS Partner feeds Custom URL block list File inspection AV Engines Cisco AMP
Prevents connections before and during the attack Web and email-based infection Malvertising / exploit kit Phishing / web link Watering hole compromise Command and control callback Malicious payload drop Encryption keys Updated instructions Stop data exfiltration and ransomware encryption
Malware doesn t just happen Intelligence to see attacks before launched Build. Test. Launch. Repeat. Ransomware Web server Malware Web server www www Email delivery Domain/IP Malvertising Domain/IP ATTACK 1 ATTACK 2
Our view of the internet 125B requests per day 90M daily active users 15K enterprise customers 160+ countries worldwide
Intelligence to see attacks before launched Data Cisco Talos feed of malicious domains Umbrella DNS data 125B requests per day Security researchers Industry renown researchers Build models that can automatically classify and score domains and IPs Models Dozens of models continuously analyze millions of live events per second Automatically uncover malware, ransomware, and other threats
Intelligence Statistical models 2M+ live events per second 11B+ historical events Co-occurrence model Identifies other domains looked up in rapid succession of a given domain Natural language processing model Detect domain names that spoof terms and brands Spike rank model Detect domains with sudden spikes in traffic Predictive IP space monitoring Analyzes how servers are hosted to detect future malicious domains Dozens more models
Our efficacy Discover 3M+ daily new domain names Identify 60K+ daily malicious destinations Enforce 7M+ malicious destinations while resolving DNS
Visibility and protection for all activity, anywhere Umbrella HQ IoT Mobile Branch Roaming ON-NETWORK OFF-NETWORK All office locations Any device on your network Roaming laptops Every port and protocol ALL PORTS AND PROTOCOLS
Allowed, blocked, and proxied traffic per device or network IDENTITY REPORTS Quickly spot and remediate victims Top activity and categories per device or network
Local vs. global trends for malicious domains DESTINATION REPORTS Quickly assess extent of exposure Top identities associated with malicious activity
Total and newly seen cloud services Cloud apps by classification and traffic volume CLOUD SERVICES REPORT Effectively combat shadow IT
Enterprise-wide deployment in minutes On-network coverage With one setting change Integrated with Cisco ISR 4K series and Cisco WLAN controllers Off-network coverage ANY DEVICE ON NETWORK ROAMING LAPTOP BRANCH OFFICES With AnyConnect VPN client integration Or with any VPN using lightweight Umbrella client
Integrations to amplify existing security Block malicious domains from partner or custom systems YOUR CURRENT SECURITY STACK Threat analysis feed AMP Threat Grid + Others Umbrella Appliance-based detection Threat intelligence platform + Others + Others IOCs Cloud Access Security Broker Cloudlock + Others Custom integrations Python Script Bro IPS + Others
What sets Umbrella apart from other solutions Fastest and most reliable cloud infrastructure Broadest coverage of malicious destinations and files Most open platform for integration Easiest connect-to-cloud deployment Most predictive intelligence to stop threats earlier
Simple Effective Security Open Automated
Thank you