You Are Not Alone - Educate Yourself - Find Support - Get ...
Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November...
Transcript of Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November...
Glenn WelbyGlobal Security Sales Organisation
November 2016
Find yourself in the Future Fighting Cyber crime-what problems are we fixing?
What is the
problem?
Rapid Digital Disruption on a Massive Scale
500BIn 2030
50BIn 2020
15BDevices Today
$19 Trillion Opportunity
Digital Disruption Drives the Hacker Economy
Attack SophisticationThreat ActorsAttack Surface
…Creating an ever-evolving, dynamic threat landscape
The Result is Constantly Evolving Challenges
10I000 0II0 00 0III000
I00I III0I III00II 0II00II
Protect
Infrastructure and
Critical Data
Secure the
Mobile WorkforceDefend Across the
Extended NetworkNetwork + Endpoint + Cloud
Enable
Business GrowthNew Business Value
New Business Models
Asymmetric battles are greater than our ability to respond
Persistent Attacks
Overwhelmed Defenders
Innovative Methods
Fragile Infrastructure
Shifting Tactics
Rising Vulnerabilities
Encryption Dilemma
Global Operations
Current Threat Landscape
• Evolution of Ransomware
• Advances in Malicious
Tradecraft
• Questionable Network Hygiene
• Conflicting Geopolitical
Perspective
Attacker's Infrastructure Built to be ResilientDesigned to evade and reconstitute
Why is there a
problem?
Direct Attacks Generate Big ProfitsMore efficient and more lucrative
What to do to fix
it?
Security practitioners need
to identify and constrain the
operational space of the adversaries
Actionable Collaboration is Critical
Actionable collaboration is needed between people, processes, and technology, and on the back-end infrastructure that attackers are using.
Processes
People
Technology
DNS: Doth Protest Too Much
91.3% of malware uses DNS
68% of organizations don’tmonitor it
A blind spot for attackers to gain command and control, exfiltrate data, and redirect traffic
Cyber Defence is
sexy!
-everybody’s doing it
Security Weighs on the Minds of Executives
Of Executives Very Concerned About Security
Agreed More Information Will Be Expected
48%
92%
Much More Concerned Than 3 Years Ago41%
But is confusing…. who do
you choose?
Cisco Confidential 18© 2015 Cisco and/or its affiliates. All rights reserved.
Startups Receiving VC
funding in last 5 years
1208 $7.3B
Security Vendors for
Some Customers
54
Demand for
Security Talent
12x
Security ChallengesSecurity Silos Complicate Protection
Changing
Business Models
Dynamic
Threat Landscape
Complexity
and Fragmentation
NGIPS
Encryption
BEFORE DURING AFTER
Baseline Systems
Predict Attacks
Proactive Exposure Analysis
Harden and Isolate Systems
Divert Attackers
Prevent incident
Detect IncidentsConfirm and
Prioritize Risk
Contain Incidents
IR-
Investigate/Forensics
Design/
Model Change
Remediate/
Make Change
Network-based Malware Sandboxes
Endpoint SIEM/Correlation and Analytics
Advanced Threat Defense
App Control/Whitelisting
Threat Intelligence/Intelligence Broker
AV/Next Gen AV
Patch Management
DLP
1
2
3
4 5
6
7 8 9
10
11
12
Honeypot
MDM
Endpoint Mgmt.
Incident Response (incl. Arbitration, Forensics, Automatic Incident
Generation, Threat Intelligence and Attack Path
Analysis, Journaling, Case Mgmt/Workflow )Micro Virtualization/Process Isolation
Host based IPS
Web SecurityFirewall
NGFWNAC + Identity
VPN
AVC
Email Security Advanced Malware Protection
Network Behavior Analysis
Patch / Vuln. Mgmt
AV / MRL Forensics
SIEMProducts
Technology Function
How is Cisco addressing
the challenge?
1. Richer network and security architecture needed
2. Best-in-class technology alone cannot deal with threat landscape
3. Integrated threat defense can converge on encrypted malicious activities
4. Open APIs are crucial
5. Requires less gear and software to install and manage
6. Automation and coordination aspects help to reduce TTD, containment, and remediation
Six Tenets of an Integrated Threat Defense
Cisco’s #1Priority
Threat-Centric Security
BillionsInvested
5KPeopleStrong
CognitiveSourcefire
ThreatGRIDNeohapsisOpenDNSPortcullisLancope
Broad/Deep Portfolio
Trusted Advisor
#1 Cybersecurity
CompanyExpanding Services
Capabilities
Pervasive Security
Cisco Is Investing in Security Growth
Integrated Architectural Approach
Unified Management
Endpoint CloudNetwork
Visibility
Threat Intelligence -
Services
• 16 billion web requests a day
• 600 billion emails a day
• In aggregate, block almost 20 billion threats per day
• More than 1.5 million unique malware samples daily (17/sec)
• 18.5 billion AMP queries
• 214k AMP queries/sec
A View Across Cisco’s Global Telemetry
MarketLeader
Committed to Security
Innovation
Strongest Portfolio &
Architecture
Why Cisco
Cisco Confidential 26© 2015 Cisco and/or its affiliates. All rights reserved.
Source: Cisco Midyear Security Report, 2016
100 VS.Days
IndustryCisco
Game Changing Innovation
~13
Reduced Time to Detection
Hours
Choose Cyber Defence ..its
a job for life
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Cisco Confidential© 2012 Cisco and/or its affiliates. All rights reserved. 29
STUDENTS WHO ATTENDED ARE STUDYING Cisco Netacad APJC 2015
THIS
SESSIONHELPED
STUDENTS
IDENTIFY THE
STEPS THEY NEED
TO TAKE
IN
THEIR CAREER JOURNEY
85%
VERYSATISFIED WITH THE
EVENT
84%
93%
70%
THOSE WHO ATTENDED
WOULD LIKE TO
SPECIALISEIN THESE TECHNOLOGIES
AS THEIR CAREER FOCUS
CCNA ROUTING + SWITCHING
STUDENTS
68% 11%CCNA SECURITYSTUDENTS
9% CCNPSTUDENTS
66% 45% 37% 36%
THIS SESSION
HELPED STUDENTSIDENTIFY THEIR
FUTURE CAREER IN TECHNOLOGY
CYBERSECURITY R&S
WIRELESS
IoE CLOUDCOMPUTING
November, 2016
@savgoust
Find Yourself In The Future Fighting Cyber Crime
1. ReconnaissanceHarvest information to
create attack strategy
and toolset
2. WeaponizationCoupling exploit with
backdoor into deliverable
payload
3. DeliveryDelivering weaponized
bundle to the victim via
email, web, USB, etc.
4. ExploitationExploiting a vulnerability
to execute code on
victim’s system
5. InstallationInstalling malware on
the asset
6. Command & ControlCommand channel for
remote manipulation of
victim’s system
7. Actions on ObjectivesWith ’Hands on Keyboard’
access, intruders accomplish
Preparation Intrusion Active Breach
Based on Lockheed Martin’s Cyber Kill Chain
RECONSTAGE
LAUNCH
EXPLOIT
INSTALL
CALLBACKPERSIST
Don’t believe the hype….
(https://en.wikipedia.org/wiki/Don't_Believe_the_Hype)
Capability Defense against the “Kill Chain”
RECON STAGE
TARGET
CALLBACK PERSIST
BREACH
LAUNCH EXPLOIT INSTALL
COMPROMISE
End–to–EndInfrastructure
Defense
NGIPS
NGFW
FlowAnalytics
NetworkAnti-
Malware
NGIPS
NGFW
HostAnti-
Malware
DNSDNS Security
WebSecurity
EmailSecurity
NGIPS
DNSDNS Security
WebSecurity
NGIPS
Threat Intelligence Restrospection
Reduce your threat exposure
Network Firewalling
Block unauthorized
access and activity by
controlling traffic flow
Application Visibility and Control (AVC)
Tailor application behavior
to reduce attack surface
and risk of data loss
URL Filtering
Restrict access to specific
sites and sub-sites, as
well as categories of sites
VPN Capabilities
Protect both site-to-site
connections and remote
users with granular control
W W W
Next Generation Intrusion Prevention System (NGIPS)Detect and prevent threats from entering your network
Control It All from a Single LocationNetwork, Data, and Application
Remote User
ContractorGuest
WirelessWired
Secure access from any
location, regardless of
connection type
Apply access and
usage policies across
entire network
Monitor access, activity,
and compliance of
noncorporate assets,
take containment actions
when needed
Admin
Enterprise
Mobility
Partner
VPN
BranchHeadquarters
Cisco Confidential 39© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Most used attack vectors – Web and Email
Approach
Tactic
Impact
Threat
vector
Infect or inject a trusted site
Conduct reconnaissance
on a target
Deliver an exploit that will attack
Target users through
compromised links
Leverage social engineering
Deliver an exploit that will attack
Deliver malware with stealth and
self-deleting programs
Gain access through DLL injection
and control firewalls, antivirus, ect
Compromises system control,
personal data and authorizations
DropperWatering hole Spear phishing
Protection Across Networks
The Network platform uses indications of compromise, file analysis, and in this example file trajectory to show you exactly how malicious files have moved across the environment
Endpoint
Content
Network
WWW
Protection Across Endpoints
The Endpoint platform has device trajectory, elastic search, and outbreak control, which in this exampleis shown quarantining recently detected malware on a device that has the AMP for Endpointsconnector installed
Endpoint
Content
Network
WWW
Protection Across Web and Email
Cisco® AMP for Web and Email protects against malware threats in web and email traffic by blocking known malware and issuing retrospective alerts when unknown files are convicted
Endpoint
Content
Network
WWW