Securing a Borderless World - Cisco · US-Based Credit Card (with CVV) $1 - $6 Full identity (ssn,...
Transcript of Securing a Borderless World - Cisco · US-Based Credit Card (with CVV) $1 - $6 Full identity (ssn,...
Tim Lee, Director, Regional Sales - Security, Cisco
Securing a Borderless World
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Viruses Then – Stoned Virus
Released in 1987
1 in 8 chance of splashing “Your PC is Now Stoned” on the screen
Wrote “Legalize Marijuana” on Floppy Boot Sectors and Hard Drive MBRs
Written by a University Student in New Zealand
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Viruses Today – Zeus Botnet (Zbot)
On 1 October 2010 FBI arrested over 90 suspects who used Zeus to steal around $70 Million USD
Available to buy in underground forums for as little as $700 USD and up to $3000-$4000 USD for the newest version
Zeus has sent out over 1.5 million phishing messages on Facebook
Data Stealing – account credentials / financial info
Allows remote control of infected machine by command and control server
Cyber Crime has surpassed the Illegal Drug Trade in criminal revenue
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
Going rates
Item Price
US-Based Credit Card (with CVV) $1 - $6
Full identity (ssn, dob, bank account, credit card, …) $14 - $18
Online banking account with $9,900 balance $300
Compromised computer $6 - $20
Phishing Web site hosting – per site $3 - $5
Verified Paypal account with balance $50 - $500
Skype Account $12
World of Warcraft Account $10
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Securing Organizations a Decade Ago
Branch Office
Main Campus
Data Center
Viruses
Denial ofService
UnauthorizedAccess
System Penetration
Telecom Fraud
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Defense for the Last Decade
Branch Office
Main Campus
Data Center
Integrated
Build security into the network
Collaborative
Make security work together as a system
Adaptive
Adjust defenses based on events and real time info
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
The New Borderless Organization
Borderless Experience
Anyone
Anywhere
Anything
Anytime
Requires A New Security Strategy
Branch Office
Main Campus
Data Center
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Evolution to Secure Borderless Networks
Keep the
Bad Guys
Out
Firewall
Access
Intrusion
Prevention
Block Attacks
Content
Security
Email & Web
Traditional Network Security
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Evolution to Secure Borderless Networks
Traditional Network Security
Enable
Secure
Borderless
Access
Firewall
Access
Intrusion
Prevention
Block Attacks
Content
Security
Email & Web
Policy & Identity
Trusted Access
Secure Mobility
Always On
Cloud Security
Hosted/Hybrid
New Security Requirements
Keep the
Bad Guys
Out
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Evolution to Secure Borderless Networks
Traditional Network Security
Enable
Secure
Borderless
Access
Keep the
Bad Guys
Out
Secure Mobility
Always On
Secure Borderless Networks
Secure
Borderless
Experience
Policy & Identity
Trusted Access
Cloud Security
Hosted/Hybrid
Cisco Security Intelligence Operations
Firewall
Access
Intrusion
Prevention
Block Attacks
Content
Security
Email & Web
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Anything AnytimeAnyone Anywhere
Bo
rde
rless
En
d Z
on
es
Bo
rde
rless
Inte
rne
t
Bo
rde
rless
Da
ta C
en
ter
Secure Borderless NetworksSecurity Architecture for the Next Decade
Coffee Shop
Softwareas a Service
Platformas a Service
Infrastructureas a Service
Xas a Service
Airport
Customers
Mobile Users
Partners
Home Office
Policy
Cisco Security
Enforcement Array
Branch Office
Main Campus
Data Center
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Architecture Based Systems and Solutions
Implemented Through Systems and Solutions
DEFEND
Defend Business Operations
Anyone, Anywhere, Anything, Anytime
Threat Defense
EXTEND PREVENT COMPLY
Achieve Regulatory Compliance
Prevent Loss of Business Assets
Secure Enterprise Connectivity
Secure Mobile Workforce
Physical and Data Loss Prevention
Governance, Risk and Compliance
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Defend Your Business Operations
DEFEND EXTEND PREVENT COMPLY
Reduce Risks, Block Attacks, Maximize Uptime
A new browser vulnerability allows an attacker to exploit the flaw with a specially-crafted web page or email
Successful exploitation allows attacker to infect and control vulnerable devices
Cisco SIO ASA 5500 Series IPS 4200 Series Email Security Web Security IOS Security
Threat Defense
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Make the World Your Office
DEFEND EXTEND PREVENT COMPLY
Enable the Workforce, Build a Connected Business,
Secure Network Access
An employee working at home, in the airport, then in a hotel, connects to public networks without protection
Unprotected access exposes critical data and jeopardizes device integrity
AnyConnect Secure Mobility Cisco Virtual Office Cisco Trustsec ASA 5500 Series ISR G2
Secure Mobility
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Put Controls in Place to Prevent Loss
DEFEND EXTEND PREVENT COMPLY
Protect Assets, Enforce Access Policy, Prevent
Information Loss
Employees, partners and customers with different roles all require access to network resources
Failure to control access and monitor information usage leads to loss and improper access
Cisco Trustsec Web Security Email Security
Secure Access Control
and Data Protection
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Fulfill Your Compliance Requirements
DEFEND EXTEND PREVENT COMPLY
Achieve Compliance with PCI DSS, HIPAA, Cyber
Security, ISO 27001…
A new wireless network has been deployed and must now meet PCI DSS requirements
Failure to achieve compliance leads to failed audits and potential fines and fees
Certified Network Architectures
Best Practices from Industry Experts
Technology Solutions IT GRC Services
PCI DSS Compliance
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1717
Secure Borderless Networks in Action
Threat Defense
SecureMobility
AnyConnectSecure Mobility
TrustSec
Cisco Virtual Office Compliance Data Center Security Secure Branch
Policy and Identity
01111010
10101010101010101
01010101011010010
11101010110101010
11010010100101001
01101010011010110
01101001101101110
10110101010101
Network Infrastructure
Access Control
Content Security
Network Security
Security Management
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Moving to Secure Borderless Networks
Secure Borderless Networks
Secure
Borderless
Experience
Cisco Security Intelligence Operations
Leverage Self-Defending
Network implementation for
improved threat defense,
engage with Cisco partners
1
Enable real time
threat defense
with intelligence
from SIO and
Sensorbase
2
Protect collaboration
with email and web
security, including DLP
and encryption
3
Expand remote access to support
diverse mobile users with
AnyConnect Secure Mobility4
Enhance identity and
policy capabilities with
Trustsec, building from
Network Admission
Control
5
Deploy cloud security for
improved protection and
OPEX advantages
6
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Why Cisco?
Borderless Networks Provide Pervasive
Security: in the Network, in the Cloud
Security is a Critical Network Service in the
Borderless Network Architecture
Comprehensive, Real Time Threat
Intelligence Powered by Cisco SIO
Demonstrated Leadership to Secure
Anyone, Anything, Anywhere, Anytime