Advanced Malware Protection

Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

How would you do security

differently if you knew you

were going to be hacked?

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

Security Challenges No change convert

Changing Business Models

Dynamic Threat Landscape

Complexity and Fragmentation

A community that hides in plain sight avoids detection and attacks swiftly

60% of data is stolen in HOURS

54% of breaches remain undiscovered for

MONTHS

YEARS MONTHS WEEKS HOURS START

85% of point-of-sale intrusions

aren’t discovered for WEEKS

51% increase of companies reporting a $10M loss

or more in the last YEAR

complete

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

The Reality: Organizations Are Under Attack

Source: 2014 Cisco Annual Security Report

95% of large companies targeted by malicious traffic 100% of organizations interacted

with websites hosting malware

2000 1990 1995 2005 2010 2015 2020 Viruses 1990–2000

Worms 2000–2005

Spyware and Rootkits 2005–Today

APTs Cyberware Today +

Hacking Becomes an Industry

Sophisticated Attacks, Complex Landscape

Phishing, Low Sophistication

§  Cybercrime is lucrative, barrier to entry is low §  Hackers are smarter and have the resources to compromise your organization

§  Malware is more sophisticated §  Organizations face tens of thousands of new malware samples per hour

AMP – Advanced Malware Protection

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

The Full Attack Continuum

BEFORE Discover Enforce Harden

DURING Detect Block

Defend

AFTER Scope

Contain Remediate

Network Endpoint Mobile Virtual Email & Web

Continuous Point-in-time

Attack Continuum

Cloud

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

Point-in-Time Malware Detection Alone is not 100% Effective

It will catch But only takes 99% 1% of threats to cause a breach

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

Cisco AMP Defends With Retrospective Security

To be effective, you have to be everywhere

Continuously

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

AMP provides contextual awareness and visibility that allows you to take control of an attack before it causes damage

Who

What

Where

When

How

Focus on these users first

These applications are affected

The breach impacted these areas

This is the scope of exposure over time

Here is the origin and progression of the threat

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

Cisco’s AMP Everywhere Strategy Means Protection Across the Extended Network

MAC

AMP for Networks

PC

AMP for Cloud Web Security

& Hosted Email

CWS

Virtual

AMP on Web & Email Security Appliances

Mobile

AMP on ASA Firewall with FirePOWER

Services

AMP for Endpoints

AMP Private Cloud Virtual Appliance

AMP Threat Grid Dynamic Malware Analysis + Threat Intelligence Engine

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

NSS Labs Report Comparative Testing on Breach Detection Systems

Who is NSS Labs? NSS Labs, one of the best and most thorough independent testing bodies in the industry, performed comparative testing on Breach Detection Systems.

What was measured? Security Effectiveness of Breach Detection Systems •  HTTP/Email Malware, Exploits, Evasions, and False

Positive Rate Total Cost of Ownership per protected Mbps

What Cisco-Sourcefire products were tested?

AMP Everywhere •  AMP for Networks and AMP for Endpoints (TCO

calculations include this set of FireAMP connectors) •  FirePOWER 8120 (with AMP subscription)*

What competitor products were evaluated?

FireEye, AhnLab, Fortinet, TrendMicro, Fidelis

BDS Methodology v1.5

[The methodology] utilizes real threats and attack methods that exist in the wild and are actually being used by cyber-criminals and other threat actors. This is the real thing, not facsimile; systems under test (SUT) are real stacks connected to a live internet feed.

--NSS Labs

*Dedicated AMP Appliances (AMP8150/AP7150) were not shipping at the time of the test, otherwise one would have been used

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

Secu

rity

Effe

ctiv

enes

s

TCO per Protected-Mbps

The Results Cisco AMP is a Leader in Security Effectiveness and TCO and offers Best Protection Value

Cisco Advanced Malware Protection

Best Protection Value

99.0% Breach Detection

Rating

Lowest TCO per Protected-Mbps

Other Products Do Not Provide Retrospective Security After a

Breach

NSS Labs Security Value Map (SVM) for Breach Detection Systems

Security Effectiveness

Overall Product Ratings

Cisco-Sourcefire AMP Results – For Detection Capability Only

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

Business Impact Summary

•  Better Protection: Before, During, After

•  Better Visibility and Control

•  Better Intelligence

•  Faster Response

•  Save Money, Time

•  Protect Resources and Maintain Business Critical Functions

•  Lowest TCO and Highest Security Leadership (NSS Labs)

AMP Case Studies

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

Are you able to defend against advanced malware?

1

2

3

Can you detect advanced malware in web and email?

Assess your current level of network protection

Assess your current level of endpoint protection

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

Block Threats Before They Breach

Challenge

Experienced security team of 7 supporting over 120 locations needed greater intelligence to quickly identify and stop threats. Current defenses alerted personnel and logged details but did nothing to aid investigation of the issue.

Solution Augmented intrusion prevention systems with FireAMP for Endpoint.

Result

After installation of FireAMP, a targeted attack was identified and remediated in half a day. 7 days after the initial attack, new business processes and intelligences implemented by FireAMP resulted in the immediate mitigation of a second targeted attack.

BEFORE

Bank Case Study

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

Identify Scope And Remediate Impact After Breach

Challenge The company is a frequent victim of spear fishing campaigns with indications of infection emanating from multiple sources.

Solution Added FireAMP to a system already using FirePOWER to enable them to track and investigate suspicious file activity.

Result

The company gained complete visibility into their malware infections, determined the attack vector, assessed the impact to the network and made intelligent surgical decisions for remediation in a fraction of the time than it would take to respond manually.

AFTER Power Utility Case Study

AMP- Demo