Cisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017

Similar documents
Cisco Advanced Malware Protection. May 2016

Cisco Security Exposed Through the Cyber Kill Chain

Cisco AMP Solution. Rene Straube CSE, Cisco Germany January 2017

Modern attacks and malware

Intelligent Cyber Security for Real World

Secure solutions for advanced threats

Agenda: Insurance Academy Event

We re ready. Are you?

Aby se z toho bezpečnostní správci nezbláznili Cisco security integrace. Milan Habrcetl Cisco CyberSecurity Specialist Mikulov, 5. 9.

The Internet of Everything is changing Everything

Cisco Advanced Malware Protection against WannaCry

Security Experts Webinar

How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption

Sourcefire and ThreatGrid. A new perspective on network security

Cisco Advanced Malware Protection for Endpoints. Donald J Case BizCare, Inc. Saturday, May 19, 2018

Cisco Advanced Malware Protec3on

Cisco and Web Security News

Agile Security Solutions

Firewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků

Network Visibility and Advanced Malware Protection. James Weathersby, Director Technical Marketing Gyorgy Acs, Consulting Security Engineer

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Advanced Malware Protection: A Buyer s Guide

Cisco ASA with FirePOWER Services

Chapter 1: Content Security

Protection - Before, During And After Attack

AMP for Endpoints & Threat Grid

Cisco Advanced Malware Protection

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Global vision. Local knowledge. Cisco Forum Kyiv Country Day Month Year

How to build a multi-layer Security Architecture to detect and remediate threats in real time

A New Security Model for the IoE World. Henry Ong SE Manager - ASEAN Cisco Global Security Sales Organization

Cisco Advanced Malware Protection for Endpoints

Cisco Advanced Malware Protection for Networks

Cisco Security Enterprise License Agreement

Threat Centric Network Security

Cisco Advanced Malware Protection for Networks

Security Hands-On Lab

Fully Integrated, Threat-Focused Next-Generation Firewall

Cisco Threat Grid Integrations with Web, and Endpoint Security

Enabling AMP on Content Security Products (ESA/WSA) November 2016 Version 2.0. Bill Yazji

Advanced Malware Protection. Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Innovative Cisco Security- Lösungen für den Endpoint Das Alpha und Omega unsere Next Gen Security

The Internet of Everything is changing Everything

Simplify Technology Deployments

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

An Investment Checklist

Cisco Customer Education

Intelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales

Cisco s Appliance-based Content Security: IronPort and Web Security

Easy Setup Guide. Cisco ASA with Firepower Services. You can easily set up your ASA in this step-by-step guide.

Improving Security with Cisco ASA Firepower Services Claudiu Onisoru, Senior Solutions Engineer Cisco Connect - 18 March 2015

File Reputation Filtering and File Analysis

CloudSOC and Security.cloud for Microsoft Office 365

Cisco Comstor

Next Generation IPS and Advance Malware Protection. Mahmoud Rabi Consulting Systems Engineer - Security

Cisco ASA 5500-X NGFW

Security, Internet Access, and Communication Ports

Best Practices: Enabling AMP on Content Security Products (ESA/WSA) March 2017 Version 2.3. Bill Yazji

File Policies and Advanced Malware Protection

Symantec Ransomware Protection

Security, Internet Access, and Communication Ports

Cisco Security: Advanced Threat Defense for Microsoft Office 365

Security, Internet Access, and Communication Ports

SilverBlight. Craig Williams Sr. Technical Leader / Security Outreach Manager Cisco and/or its affiliates. All rights reserved.

NGFW Requirements for SMBs and Distributed Enterprises

Compare Security Analytics Solutions

Synchronized Security

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

Licensing the Firepower System

File Policies and AMP for Firepower

Implementing Cisco Edge Network Security Solutions ( )

Design and Deployment of SourceFire NGIPS and NGFWL

Cisco Ransomware Defense The Ransomware Threat Is Real

Vendor: Cisco. Exam Code: Exam Name: Implementing Cisco Threat Control Solutions. Version: Demo

Synchronized Security

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

Licensing the System

Passit4Sure (50Q) Cisco Advanced Security Architecture for System Engineers

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

SAFE Architecture Guide. Places in the Network: Secure Campus

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

For example, if a message is both a virus and spam, the message is categorized as a virus as virus is higher in precedence than spam.

The Importance of Threat-Centric Security

Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim

Cisco Cyber Range. Paul Qiu Senior Solutions Architect June 2016

Access Control Using Intrusion and File Policies

Cloud-Managed Security for Distributed Networks with Cisco Meraki MX

MODERN DESKTOP SECURITY

The Importance of Threat-Centric Security

Licensing the Firepower System

AT&T Endpoint Security

Office 365 Buyers Guide: Best Practices for Securing Office 365

Herd Intelligence: true protection from targeted attacks. Ryan Sherstobitoff, Chief Corporate Evangelist

THE ACCENTURE CYBER DEFENSE SOLUTION

Cisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer

NetDefend Firewall UTM Services

Transcription:

Cisco Security Advanced Malware Protection Guillermo González Security Systems Engineer Octubre 2017

The New Security Model Attack Continuum Before During After Before Discover During Detect After Scope Enforce Harden Block Defend Contain Remediate Threat intelligence and analytics Point-in-Time detection Retrospective security and continuous analysis Email and Web Data Center/Servers Network Endpoints Mobile

Gain security backed by the most advanced threat intelligence 100 TB Of Data Received Daily 1.5 MILLION Daily Malware Samples 600 BILLION Daily Email Messages WEB III00II 0II00II 0I0I0I0I 0I I0 I00 000II0 I0I0 0II0 00 III00II 0II00II I0I0II0II0 I0 I0 I00 00I0 I000 0II0 00 NETWORK ENDPOINT III00II 0II00II I0I000 0II0 00I0I00 I0 I000I0I 0II 0I0I0I 00I00 I00I0I II0I0I 0II0I I0I00I0I0 0II0I0II 0I00I0I I0 00 II0III0I 0II0II0I II00I0I0 0I00I0I00 I0I0 I0I0 I00I0I00 II0II0I0I0I I0I0I0I 0I0I0I0I 0I0I00I0 I0I0I0I 0II0I0I0I III00II I000I0I I000I0I I000I0I II 0I00 I0I000 0II0 00 00I I0I0I0 I0I0III000 I0I00I0I 0II0I0 I00I0I0I0I 000 0II00 I00I0I0 0I00I0I I00I0I0 I0I0I0I 0I0I0I 0I0I0I0 00I0I0 0I0I0I0 I0I0I00I 0I0I 0I0I 0I0I I0I0I 0I00I0I 250+ Full Time Threat Intel Researchers MILLIONS Of Telemetry Agents 4 Global Data Centers 16 BILLION Daily Web Requests VIRTUAL CLOUD Over 100 Threat Intelligence Partners 24 7 365 Operations EMAIL Global scanning 30 years building the world s networks

Cisco Advanced Malware Protection Built on Unmatched Collective Security Intelligence Cisco Collective Security Intelligence 1001 1101 1110011 0110011 101000 0110 00 1001 1101 1110011 0110011 101000 0110 00 101000 0110 00 0111000 111010011 101 1100001 110 101000 0110 00 0111000 111010011 AMP Threat 101 1100001 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 1100001110001110 1001 1101 1110011 0110011 10100 Intelligence Cloud WWW Email Endpoints 1.6 million global sensors 100 TB of data received per day 150 million+ deployed endpoints Team of engineers, technicians, and researchers 35% worldwide email traffic Web 13 billion web requests 24x7x365 operations 4.3 billion web blocks per day 40+ languages 1.1 million incoming malware samples per day AMP Community Private/Public Threat Feeds Networks IPS Talos Security Intelligence AMP Threat Grid Intelligence AMP Threat Grid Dynamic Analysis 10 million files/month Advanced Microsoft and Industry Disclosures Snort and ClamAV Open Source Communities AEGIS Program Devices Automatic Updates in real time AMP Advanced Malware Protection

AMP Plan A: The Prevention AMP Plan B: Retrospective Security Device Flow Dynamic 1-to-1 Signatures Spero (Machine Learn) Correlation Analysis Ethos (Polimorph) Reputation Filtering IOCs Advanced Analytics Behavioral Detection All Methods < 100% Detection

Continuous Analysis and Retrospective Security Breadth and Control points: WWW Email Endpoints Web Network IPS Devices Telemetry Stream Retrospective Detection Behavioral Indications of Compromise Trajectory Threat Hunting File Fingerprint and Metadata Continuous feed File and Network I/O Process Information 1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110 0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 Talos + Threat Grid Intelligence Continuous analysis

Cisco AMP Cisco AMP gives you the answers for the most common questions after a Breach Continuous Looks ACROSS the organization and answers: When did it happen? Where is patient 0? What systems were infected? What was the entry point? What else did it bring in? www.cisco.com/go/amp

The AMP Everywhere Architecture AMP Protection Across the Extended Network for an Integrated Threat Defense AMP Threat Intelligence Cloud Remote Endpoints AMP for Endpoints AMP for Networks (AMP on Firepower NGIPS Appliance bundle) Threat Grid Malware Analysis + Threat Intelligence Engine AMP Private Cloud Virtual Appliance AMP on Cisco NGFW Firewalls AMP for Endpoints AMP on Web and Email Security Appliances AMP on ISR with Firepower Services Windows OS Android Mobile Virtual MAC OS AMP for Endpoints can be launched from AnyConnect CentOS, Red Hat Linux for servers and datacenters CWS/CTA AMP on Cloud Web Security and Hosted Email

Cisco AMP AMP Everywhere INTERNET INTERNET WSA/CWS blocks by URL or content via proxy WEB TRAFFIC ALL OTHER TRAFFIC EMAIL TRAFFIC ESA/CES blocks by sender or content CWS blocks by URL or content via proxy WEB TRAFFIC ALL OTHER TRAFFIC EMAIL TRAFFIC ESA/CES blocks by sender or content ASA / Firepower Meraki blocks inline by IP, URL or packet OpenDNS blocks by domain as well as IP or URL OpenDNS blocks by domain as well as IP or URL ON NETWORK OFF NETWORK

How it works Check hash AMP Internet AMP Connector ThreatGrid Connector Submit file

AMP Threat Intelligence Cloud MALICIOUS AMP on ESA CLEAN UNKNOWN 8A8116429189D 6MALICIOUS Score < > 91 90 31FC0059627... Malware Sandbox NGFW DMZ Security 2 Cisco ESA Email Security Appliance with AMP Security Web Proxy DMZ Security Cisco FMC Log Vulnerability Management Management Admin Network NGIPS Mail Server NGIPS File Server DMZ Production Users Network SOC / NOC

Cisco Email Security Talos Cisco Before During Cloud Appliance After Virtual Inbound Email Email Reputation Mail Flow Policies Acceptance Controls Anti-Spam Anti-Virus File Reputation ThreatGrid Graymail Management Safe Unsubscribe Content Controls URL Rep & Cat Outbreak Filters Anti-Phish File Sandboxing & Retrospection Tracking User click Activity (Anti-Phish) X X X X X X X X Outbound Email Outbound Liability Before X X During X X HQ Admin Management Reporting Message Track Mail Flow Policies Anti-Spam and Anti-Virus Data Loss Protection Encryption Allow Warn Block Partial Block

AMP with ThreatGrid ESA AMP Client Heartbeat retrospective Cisco Talos AMP Cloud AMP connector Local Cache File Reputation Query Email Pre- Classification Sandbox connector Local AV Scanners Disposition Query Update the Cache with disposition value & upload_action 2 Qualified File, upload for Sandboxing AMP feedback loop only for Malicious Files Cisco AMP ThreatGrid Starting with the 9.5 version of code, public cloud and local sandboxing is supported

Plan B: Security Retrospective AMP for Networks www.cisco.com/go/amp

AMP Provides Contextual Awareness and Visibility That Allows You to Take Control of an Attack Before It Causes Damage Focus on these users first Who These applications are affected What The breach affected these areas Where This is the scope of exposure over time When How Here is the origin and progression of the threat

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback