CISCO OPENDNS CLOUD SERVIS ZA DODATNU SIGURNOST U ENTERPRISE MREŽAMA

Septembar 2016. Beograd

Nikola Milovanović

Cisco CCNP, CCDP

nikola.milovanovic@rrc.rs

Agenda

• Agenda: 1. Security u enterprise

mrežama danas

2. OpenDNS

tehnologija/rešenje

3. Cisco i OpenDNS

4. Demo

5. Zaključak

2

Shortage of Security Talent

Many tools require more resources than

you have available to make work

50% of PCs are Mobile 70% of Offices go Direct

Most mobile & remote workers don’t keep VPN always on, most branch offices don’t backhaul traffic, and

most new endpoint tools only detect

70-90% of Malwareis Unique to Each Org

Signature-based tools, reactive threat intelligence, and isolated security

enforcement cannot stay ahead of attacks

1. Enterprise mreže i sigurnost danas

Potencijalni sigurnosni problemi jedne kompanije

4

• Typical malware threats, especially ransomware

• External employee and consultant access

• Administrative access and delegation of privileges

• Loss of intellectual property

• Any compromise to client safety

Kako zaštititi mrežu u sledećim slučajevima?

Sources: (1) Gartner, (2) Forrester, (3) Verizon, and (4) Ponemon

2. Zbog čega dodati sigurnost na DNS nivou?

• Most command & control (C2) is initiated via DNS lookups with some non-Web callbacks

INTERNET

MALWARE

BOTNETS/C2

PHISHING

& HERE!

Rešenje OpenDNS + Cisco

LANCOPE

WSA(+ESA)

FIREPOWER

AMP AMP

AMP AMP

AMP

AMP

AMP AMP

MERAKI

AMP AMP

ASA

HERE

HEREHERE

HERE

HERE

HQ

Branch Branch

Mobile

Mobile

BENEFITS

Alerts Reduced 2x; Improves your SIEM

Block malware before it hits the enterprise

Contains malware if already inside

Internet access Is faster; Not slower

Provision globally in under 30 minutes

Umbrella: Najbrži i najefikasniji način da se blokiraju pretnje

BENEFITS

Simple to point DNS w/o technical or pro services

No hardware to install No software to maintain

Provision globally in under 30 minutes

Infinitely scalable enforcement platform

Novi nivo zaštite

OpenDNS inteligencija – korelacija informacija

Key Points

Intelligence about domains and IPs across the Internet

Live graph of DNS requests and other contextual data

Correlated against statistical models

Discover & predict malicious domains & IPs

Enrich security data with global intelligence

OpenDNS Investigate

OpenDNS InvestigateOpenDNS Umbrella

3. Cisco Threat-Centric Model

DURINGDetect

Block

Defend

AFTERScope

Contain

Remediate

BEFOREDiscover

Enforce

Harden

ASA & AnyConnect

ISE & TrustSec

FirePOWER

WSA/ESA > CWS/CAS/CES

Lancope Stealthwatch

Advanced Malware Protection (AMP) & Threat Grid

Cognitive Threat Analytics (CTA)

OpenDNS Umbrella OpenDNS Investigate

OpenDNS Investigate

Talos

12

Always-on zaštita – Umbrella + AnyConnect

13

Direct-to-Net offices – Umbrella + ISR ili Meraki

14

Mrežna sigurnost preko OpenDNS + TALOS

15

4. Demo: OpenDNS Umbrella + AnyConnect

16

Polise (Security Settings)

17

Identiteti

18

Pregled / izveštaji

19

http://system.opendns.com/Amsterdam, Berlin, Pariz,

Kopenhagen, Frankfurt, Prag,

Varšava, Bukurešt, London

Online status sistema

5. Zaključak

20

• Protection from web-based ransomware

• Speed to deployment

• Enforcement at the perimeter greatly reduces circumvention

• Ability to protect all sites, large and small

• Simple management of policies

• No impact to regulatory requirements

• Standardization of DNS server configurations

• www.rrc-bt.com

• www.rrc-bt.mk

• www.rrc.rs

• www.rrc.com.ro

• www.rrc.hu

• www.rrc.cz

• www.rrc.pl

• www.rrc.com.ua

• www.rrc.az

• www.rrc.kz

• www.rrc.ru

• www.rrc.hr

Hvala!