Security An Imperative for Digital Innovation · © 2016 Cisco and/or its affiliates. All rights...
Transcript of Security An Imperative for Digital Innovation · © 2016 Cisco and/or its affiliates. All rights...
Cisco Confidential© 2016 Cisco and/or its affiliates. All rights reserved. 1
Security – An Imperative for Digital InnovationTimothy SnowSolutions Architect – Security
May 12, 2017
@TimSnowIT
Cisco Confidential© 2016 Cisco and/or its affiliates. All rights reserved. 2
Get Ready For The Digital World –Every country, city and business will become digital
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Lack Of Cybersecurity Hinders Innovation In The Digital Era
“Cybersecurity risks and threats
hinder innovation in my organization.”
Survey
“My organization halted a
mission-critical initiative
due to cybersecurity fears.”
Survey
Innovations are
moving forward, but
probably at 70%-
80% of what they
otherwise could if
there were better
tools to deal with the
dark cloud of
cybersecurity
threats.
Robert Simmons
CFO
71%
Agree
39%
Agree
1014 respondents
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Even the 'bad guys" are moving to digitalA single bitcoin has surpassed the value of an ounce of gold for the first time – All time high March 3, 2017
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Security Challenges Globally
RansomwareMobile Work
Force
IoTCloud
Applications
Automation
Cost Complexity Talent Shortage
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
22%of organisations
cited
lost customers
23%of organisations
cited
lost opportunity
29%of organisations cited
lost revenue
$
What happens if we're wrong once….
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
The struggle to securely digitizeOutdated infrastructure creates vulnerabilities that overwhelm defenders
Budget constraints Not utilizing
available tools
or not getting
enough out of
them
Patch and
Updates
Lack of processOutdated
infrastructure
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Misconfigured
Firewall
Proxy – Out
of Date SW
Old School
Anti-virus
Manual
Segmentation
Standalone
Sandbox
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
of spam is malicious
8%65%of email is spam
201620132010
Em
ails
/ S
econ
d
.5K
1K
1.5K
5K
4.5K
4K
3K
3.5K
2.5K
2K
Spam Comes Roaring BackEmail Is Back In Vogue
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
of organizations investigated
had adware infections
Adware
75%Malvertising
Using brokers to increase speed and
agility – eg existing botnets
Very fast adaption to attack techniques
Leveraging Cloud Hosting services to
role out dynamic infrastructure
Adware And Malvertising Shift Into High Gear
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Vulnerabilities on the Rise
Middleware Vulnerabilities
34% 8% 20%
Network(from 501 to 396)
Client(from 2300 to 2106)
Server(from 2332 to 3142)
Adversaries Find Space and Time on the Server Side. Middleware is Poised to Attract Attackers
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Time to Detect vs Time to EvolveReducing TTD Forces Adversaries to Speed Up Their Effort Just to Keep Up
Median
TTD in
Hours
Percentage of
Total Unique
Hashes
Nov2015
Jan2016
Apr2016
July2016
Nov.2016
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
The Cat and Mouse "game"
"a contrived action involving constant pursuit, near
captures, and repeated escapes."
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Firewall
Last 20 years of security:
Got a problem?
Buy a Box
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
The
Existingsecurity stack…
Firewall
VPN
Email Security
Web Security
DLP
SIEM
Replacement Box
Failover
Persistent Threats
IDS
Firewall 2.0
VPN 2.0
Email Security 2.0
Web Security 2.0
DLP 2.0
SIEM 2.0
Replacement Box 2.0
Failover 2.0
Persistent Threats 2.0
IDS 2.0
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
How many "boxes" do you have?
ADD CISCO IS HERE. . . WITH IT’s ARCH
Do any of them guarantee your company's security?
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
The Security Effectiveness Gap
Budget Constraints with renewals
Lack of Trained Experts
Integration Headaches
Lack of clear policy defination
Misconfigurations
etc…
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Cisco Security reverses the gap to extend capabilities
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Integrated Architectural Approach
Best of Breed Portfolio
Cisco’s Security Strategy
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Industry’s Most Effective Security Portfolio
– Threat Intelligence
Services
Network CloudEndpoint
Integrated Threat Defense
simple open automated effective
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Before During After
Security Everywhere Architecture
Web
Network Analytics
Advanced Malware
Secure Internet Gateway
UTMW W W
Policy & Access
NGFW + NGIPS
Cloud Security
22
Branch IOTCloudData CenterEndpoint CampusEdge
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Cisco
Architectural
Approach
* Final Results
Firewall
VPN
Email Security
Web Security
DLP
SIEM
Replacement Box
Failover
Persistent Threats
IDS
Firewall 2.0
VPN 2.0
Email Security 2.0
Web Security 2.0
DLP 2.0
SIEM 2.0
Replacement Box 2.0
Failover 2.0
Persistent Threats 2.0
IDS 2.0Point
Products
Approach
38%+Return
on Investment*
Cisco Architectural Approach Helps Customers Save Money
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 242
4
Access Control – Identity Services Engine
Network ResourcesAccess Policy
TraditionalCisco
TrustSec®
BYOD Access
Threat Containment
Guest Access
Role-Based
Access
Identity Profiling
and Posture
A centralized security solution that automates context-aware
access to network resources and shares contextual data
Network
Door
ISE pxGrid
Controller
Who
Compliant
What
When
Where
How
Context
Threat (New!)
Vulnerability (New!)
BRKS
90% don't know what's
on their networks
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
The AMP Everywhere Architecture
AMP
Threat Intelligence
Cloud
Windows OS Android Mobile Virtual MAC OSCentOS, Red Hat
Linux for servers
and datacenters
AMP on Web and Email Security AppliancesAMP on Cisco® ASA Firewall
with Firepower Services
AMP Private Cloud Virtual Appliance
AMP on Firepower NGIPS
Appliance
(AMP for Networks)
AMP on Cloud Web Security and Hosted Email
CWS/CTA
Threat Grid
Malware Analysis + Threat
Intelligence Engine
AMP on ISR with Firepower
Services
AMP for Endpoints
AMP for Endpoints
Remote Endpoints
AMP for Endpoints can be
launched from AnyConnect
AFTERScope
Contain
Remediate
Detect
Block
Defend
DURING
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Cisco – A leader in breach detection
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Firewall - Protection & Threat Detection
W W W
Context-
Aware
Functions
NG-IPS
FunctionsMalware
Protection
VPN
FunctionsTraditional
Firewall
Functions
Protection Centric Threat Centric
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
What does Cisco Firepower enable?
Detect earlier,
act faster
Gain more
insightReduce
complexity
Get more from
your network
Stop more
threats
T h r e a t - f o c u s e d F u l l y I n t e g r a t e d
Cisco Firepower NGFW
- Superior
effectiveness
before, during, and
after attacks –
Confirmed by 3rd
party tests (NSS)
- Detect and
contain rapidly
— reduce
exposure time–
IoC's
- Industry
leading
visibility, with
automated
and prioritized
response
- Unified
management
and fewer
vendors
- reduced
complexity
- Enhance security,
leverage existing
investments, with
Cisco and 3rd
party integrations
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
UmbrellaProtection at the DNS layer
- Everywhere
Embedding Secure Gateway capabilities into
Cisco ISR 4K devices Cisco WLAN controllerRoaming Clients
WSA
On-Prem Proxy
Built into the foundation of the internet
Intelligence to see attacks before launched
at the DNS layer
Visibility and protection everywhere
Deploy even at the remote branches
Integrations to amplify existing
investments
NGFW
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
RECONNAISSANCE
BOTNET
DATA
HOARDING
SPREADING
MALWARE
POLICY
VIOLATION
Network as a Sensorto Identify Indicators of Compromise
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Rapid Threat Containment – Leverage the Network!
Network
Switch Router DC FW DC SwitchWireless
XpxGrid
ISE
~5 SecondsIT Admin Initiated or Automatic
SIEM
Firewall
Stealthwatch
FirePower
Custom Detection
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Find and contain problems
fast
Simplifynetwork
segmentation
Control who gets onto your network
Protect users wherever they work
Stop threats at the edge
Security Enables DigitizationProtect your Business During Digital Transformation
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
Techniques to minimize risk
Make Security a Business PriorityLeadership must own, evangelize, fund security.
Measure Operational DisciplineReview security practices, control access points, patch.
Integrate Defense Approach Implement architectural approach to security, automate
processes to reduce time to react to, stop attacks.
Test Security EffectivenessValidate, improve security practices, network
connection activity..
Attack
Preparedness
Plan
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
Moving to a Threat Defense Approach
Business Priority
Measure Operation
Discipline
Integrate Defense Approach
Test Security Effectiveness
PreventTo minimize impact of breaches, encourage
employees to report failures and problems,
and clearly communicate security processes
and procedures.
MitigateImplement and document exact procedures for
incident response and tracking. Inform and
educate all parties on precise, step-by-step
crisis management response protocol.
DetectTo alert your organization to security
weaknesses before they become full-blown
incidents, implement a system for
categorizing incident-related information.
Minimize
Risk!
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
#1Cisco Priority
5KPeople Strong
Ongoing
Innovation Integrated Best of breed portfolio
250Threat
Researchers
19.7BThreats Blocked
Daily
100xFaster Finding
Breaches
99%Security
Effectiveness
88%Fortune 100 use Cisco Security
BillionsInvested
Sourcefire
Lancope
Neohapsis
OpenDNS
ThreatGRID
Cognitive
Portcullis
CloudLock
Cisco’s Security Commitment
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
simple open automated
Effective Security
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
Thank you.
Cisco ConfidentialCisco Confidential© 2016 Cisco and/or its affiliates. All rights reserved. 38
ASEAN Reference Case: FSI Customer
Challenges
Knowledge of external entities with intent
Mandates for compliance
Multiple Security vendors
Solution
Cisco Stealthwatch (NaaS) gave the customer visibility into
foreign threats, internal policy violations and segmentation
faults
Business outcomes achieved
Regulatory mandate compliance and risk reduction
Industry Photo to Be Placed