Cisco Global Editors Conference: The Cyber Security Arms Race
-
Upload
cisco -
Category
Technology
-
view
867 -
download
3
description
Transcript of Cisco Global Editors Conference: The Cyber Security Arms Race
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
The Cyber Security Arms Race Martin Roesch, Chief Security Architect Cisco Security Business Group
Global Editors Day, December 9, 2014
Cisco Confidential 2 ©2014 Cisco and/or its affiliates. All rights reserved.
The Security Problem
Changing Business Models
Dynamic Threat Landscape
Complexity & Fragmentation
Cisco Confidential 2 ©2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 3 ©2014 Cisco and/or its affiliates. All rights reserved.
Threat-Centric and Operational Security Approach
BEFORE Discover Enforce Harden
AFTER Scope
Contain Remediate
Attack Continuum
Detect Block
Defend
DURING
Point in Time Continuous
Endpoint Network Mobile Virtual Cloud
Cisco Confidential 4 ©2014 Cisco and/or its affiliates. All rights reserved.
Security Operations Maturity Model
• Range of five automated controls to increase security effectiveness
• Helps organization understand how security capabilities must evolve
Visibility and Context
Dynamic Predictive Static Human Intervention
Semi Automatic
Cisco Confidential 5 ©2014 Cisco and/or its affiliates. All rights reserved.
Using Visibility & Context to Understand the Threat
Network Servers
Operating Systems
Routers and Switches
Mobile Devices
Printers
VoIP Phones
Virtual Machines
Client Applications
Files
Users Web
Applications
Application Protocols
Services
Malware Command
and Control Servers
Vulnerabilities NetFlow
Network Behavior
Processes
Cisco Confidential 6 ©2014 Cisco and/or its affiliates. All rights reserved.
Collecting and Analyzing Security Telemetry Threat Intelligence effectiveness continues to grow
IPS Rules
Malware Protection
Reputation Feeds
Vulnerability Database Updates
Sourcefire AEGIS™ Program
Private and Public
Threat Feeds Sandnets FireAMP™
Community Honeypots
Advanced Microsoft and Industry Disclosures
SPARK Program Snort and ClamAV
Open Source Communities
File Samples (>180,000 per Day)
Cisco Talos
(Talos Security Intelligence and
Research Group)
Sandboxing Machine Learning
Big Data Infrastructure
Cisco Confidential 7 ©2014 Cisco and/or its affiliates. All rights reserved.
Key Findings
• Security operations must mature to respond to the challenges of changing business models, the dynamic threat landscape, and solution complexity and fragmentation
• The Security Operations Maturity Model outlines a way for organizations to move toward dynamic controls that provide greater visibility, intelligence, and automation to gain better protection
• Cisco is enabling customers to advance controls to meet the security requirements of rapidly evolving business models
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Thank You