Post on 14-Jul-2020
Martin Roesch
Vice President and Chief Architect, Cisco Security Business Group
April 22, 2016
AFCEA Defensive Cyber Operations Symposium
Towards Effective Security
Security Perspective
2
The Problem is THREATS
The Global Hacker Economy is
3x to 5x the size of the security industry.
Industrialization of Hacking.
Source: Center for Strategic and International Studies, 2014
Cisco ASR 2016 Findings: Attack Awareness Fades Confidence
59% confident in having the latest technology
51% have strong confidence in ability to detect a security weakness in advance
54% have strong confidence in ability to defend against attacks
45% have strong confidence in ability to scope and contain an attack
54% have strong confidence in ability to verify an attack
56% review security policies on a regular basis
-5% 0% -4%
-1% +0% +0%
If you knew you
were going to be
compromised,
would you do
security differently?
Source: Cisco Annual Security Report, 2016
Less than 100 VS. DAYS
Industry Cisco
Timeliness Counts
1 Day
Reduced Time to Detection
No Customer is an Island World-Class Threat Research
19.7B Threats Per Day
1.4M
1.1M
1.8B
1B
8.2B
Incoming Malware
Samples Per Day Sender Base
Reputation Queries
Per Day
Web Filtering
Blocks Per Month
AV Blocks
Per Day
Spyware Blocks
Per Month
260+ Threat Researchers
100 TB Threat Intelligence
The Threat-Centric Security Model
Visibility and Context
Firewall
App Control
VPN
Patch Mgmt
Vuln Mgmt
IAM/NAC
IPS
Antivirus
Email/Web
IDS
FPC
Forensics
AMD
Log Mgmt
SIEM
Attack Continuum
Discover Enforce Harden
Detect Block
Defend
Scope Contain
Remediate
The Threat-Centric Security Model
Attack Continuum
Network Endpoint Mobile Virtual Cloud
Point in Time Continuous
Discover Enforce Harden
Detect Block
Defend
Scope Contain
Remediate
THE STATE OF SECURITY
The Security
Effectiveness Gap Incremental Capability
Mountains of Complexity
The Security Effectiveness Gap Goal for Effective Security
Integration
Effective Security Requires
Consolidation Automation
Faster Time to Detection, Faster Time to Remediate
Cisco Confidential
Integrated Threat Defense Architecture
Visibility Control Intelligence Context
Integrated Threat Defense: Future Direction Visibility, Analytics, and Automation to Simplify and Increase Security Efficacy
Integrated
Management Visibility
Real-time map of the operational environment
API
Config Impact IOC Apps… Apps/Automation
Te
lem
etr
y Inte
llige
nce
Global
Intelligence
Control
Broker access between users, applications, data, devices
Threat
Defeat known Threats
Breach
Scope, Contain, Remediate
Before After During
API
Simplicity at Scale