Tim Lee, Director, Regional Sales - Security, Cisco

Securing a Borderless World

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

Viruses Then – Stoned Virus

Released in 1987

1 in 8 chance of splashing “Your PC is Now Stoned” on the screen

Wrote “Legalize Marijuana” on Floppy Boot Sectors and Hard Drive MBRs

Written by a University Student in New Zealand

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

Viruses Today – Zeus Botnet (Zbot)

On 1 October 2010 FBI arrested over 90 suspects who used Zeus to steal around $70 Million USD

Available to buy in underground forums for as little as $700 USD and up to $3000-$4000 USD for the newest version

Zeus has sent out over 1.5 million phishing messages on Facebook

Data Stealing – account credentials / financial info

Allows remote control of infected machine by command and control server

Cyber Crime has surpassed the Illegal Drug Trade in criminal revenue

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44

Going rates

Item Price

US-Based Credit Card (with CVV) $1 - $6

Full identity (ssn, dob, bank account, credit card, …) $14 - $18

Online banking account with $9,900 balance $300

Compromised computer $6 - $20

Phishing Web site hosting – per site $3 - $5

Verified Paypal account with balance $50 - $500

Skype Account $12

World of Warcraft Account $10

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

Securing Organizations a Decade Ago

Branch Office

Main Campus

Data Center

Viruses

Denial ofService

UnauthorizedAccess

System Penetration

Telecom Fraud

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6

Defense for the Last Decade

Branch Office

Main Campus

Data Center

Integrated

Build security into the network

Collaborative

Make security work together as a system

Adaptive

Adjust defenses based on events and real time info

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

The New Borderless Organization

Borderless Experience

Anyone

Anywhere

Anything

Anytime

Requires A New Security Strategy

Branch Office

Main Campus

Data Center

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

Evolution to Secure Borderless Networks

Keep the

Bad Guys

Out

Firewall

Access

Intrusion

Prevention

Block Attacks

Content

Security

Email & Web

Traditional Network Security

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9

Evolution to Secure Borderless Networks

Traditional Network Security

Enable

Secure

Borderless

Access

Firewall

Access

Intrusion

Prevention

Block Attacks

Content

Security

Email & Web

Policy & Identity

Trusted Access

Secure Mobility

Always On

Cloud Security

Hosted/Hybrid

New Security Requirements

Keep the

Bad Guys

Out

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10

Evolution to Secure Borderless Networks

Traditional Network Security

Enable

Secure

Borderless

Access

Keep the

Bad Guys

Out

Secure Mobility

Always On

Secure Borderless Networks

Secure

Borderless

Experience

Policy & Identity

Trusted Access

Cloud Security

Hosted/Hybrid

Cisco Security Intelligence Operations

Firewall

Access

Intrusion

Prevention

Block Attacks

Content

Security

Email & Web

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

Anything AnytimeAnyone Anywhere

Bo

rde

rless

En

d Z

on

es

Bo

rde

rless

Inte

rne

t

Bo

rde

rless

Da

ta C

en

ter

Secure Borderless NetworksSecurity Architecture for the Next Decade

Coffee Shop

Softwareas a Service

Platformas a Service

Infrastructureas a Service

Xas a Service

Airport

Customers

Mobile Users

Partners

Home Office

Policy

Cisco Security

Enforcement Array

Branch Office

Main Campus

Data Center

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

Architecture Based Systems and Solutions

Implemented Through Systems and Solutions

DEFEND

Defend Business Operations

Anyone, Anywhere, Anything, Anytime

Threat Defense

EXTEND PREVENT COMPLY

Achieve Regulatory Compliance

Prevent Loss of Business Assets

Secure Enterprise Connectivity

Secure Mobile Workforce

Physical and Data Loss Prevention

Governance, Risk and Compliance

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13

Defend Your Business Operations

DEFEND EXTEND PREVENT COMPLY

Reduce Risks, Block Attacks, Maximize Uptime

A new browser vulnerability allows an attacker to exploit the flaw with a specially-crafted web page or email

Successful exploitation allows attacker to infect and control vulnerable devices

Cisco SIO ASA 5500 Series IPS 4200 Series Email Security Web Security IOS Security

Threat Defense

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14

Make the World Your Office

DEFEND EXTEND PREVENT COMPLY

Enable the Workforce, Build a Connected Business,

Secure Network Access

An employee working at home, in the airport, then in a hotel, connects to public networks without protection

Unprotected access exposes critical data and jeopardizes device integrity

AnyConnect Secure Mobility Cisco Virtual Office Cisco Trustsec ASA 5500 Series ISR G2

Secure Mobility

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15

Put Controls in Place to Prevent Loss

DEFEND EXTEND PREVENT COMPLY

Protect Assets, Enforce Access Policy, Prevent

Information Loss

Employees, partners and customers with different roles all require access to network resources

Failure to control access and monitor information usage leads to loss and improper access

Cisco Trustsec Web Security Email Security

Secure Access Control

and Data Protection

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16

Fulfill Your Compliance Requirements

DEFEND EXTEND PREVENT COMPLY

Achieve Compliance with PCI DSS, HIPAA, Cyber

Security, ISO 27001…

A new wireless network has been deployed and must now meet PCI DSS requirements

Failure to achieve compliance leads to failed audits and potential fines and fees

Certified Network Architectures

Best Practices from Industry Experts

Technology Solutions IT GRC Services

PCI DSS Compliance

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1717

Secure Borderless Networks in Action

Threat Defense

SecureMobility

AnyConnectSecure Mobility

TrustSec

Cisco Virtual Office Compliance Data Center Security Secure Branch

Policy and Identity

01111010

10101010101010101

01010101011010010

11101010110101010

11010010100101001

01101010011010110

01101001101101110

10110101010101

Network Infrastructure

Access Control

Content Security

Network Security

Security Management

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18

Moving to Secure Borderless Networks

Secure Borderless Networks

Secure

Borderless

Experience

Cisco Security Intelligence Operations

Leverage Self-Defending

Network implementation for

improved threat defense,

engage with Cisco partners

1

Enable real time

threat defense

with intelligence

from SIO and

Sensorbase

2

Protect collaboration

with email and web

security, including DLP

and encryption

3

Expand remote access to support

diverse mobile users with

AnyConnect Secure Mobility4

Enhance identity and

policy capabilities with

Trustsec, building from

Network Admission

Control

5

Deploy cloud security for

improved protection and

OPEX advantages

6

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19

Why Cisco?

Borderless Networks Provide Pervasive

Security: in the Network, in the Cloud

Security is a Critical Network Service in the

Borderless Network Architecture

Comprehensive, Real Time Threat

Intelligence Powered by Cisco SIO

Demonstrated Leadership to Secure

Anyone, Anything, Anywhere, Anytime