The Network. Intuitive.€¦ · The Evolution of Ransomware PC Cyborg 2001 GPCoder 2005 2012 2013...
Transcript of The Network. Intuitive.€¦ · The Evolution of Ransomware PC Cyborg 2001 GPCoder 2005 2012 2013...
Tomas Kupka, Milan Habrcetl
October 10th, 2017
Network Security
The Network. Intuitive.
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Da
taA
va
ilab
ility
The Evolution of Security Threats
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
The Evolution of Ransomware
PC Cyborg
2001
GPCoder
2005 2012 2013 2014
Fake Antivirus
2006
First commercial
Android phone
2007
QiaoZhaz
20081989 2015 2016
CRYZIP
Redplus
Bitcoin network launched
RevetonRansomlock
Dirty DecryptCryptorbitCryptographic LockerUrausy
Cryptolocker
CryptoDefenseKolerKovterSimplelockCokriCBT-LockerTorrentLockerVirlockCoinVaultSvpeng
TeslaCrypt
VirlockLockdroidReveton
ToxCryptvaultDMALockChimeraHidden TearLockscreenTeslacrypt 2.0
Cryptowall
SamSam
Locky
CerberRadamantHydracryptRokkuJigsawPowerware
73V3NKerangerPetyaTeslacrypt 3.0Teslacrypt 4.0Teslacrypt 4.1
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Enterprise Network Security Should Provide…
Effective protection
against known and
unknown threats
Unified security
that reduces risk
and complexity
Detailed network
traffic visibility for
threat detection
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Ransomware Defense
Talos Security
Intelligence and
AMP ThreatGrid
RANSOMWARE
CONTAINED
ISE+TrustSec
deploys
dynamic
Containment
NGFW
protects and
segments from
clean systems
ISE pushes
containment
policy using
TrustSec and
Firepower
Stealthwatch
detects and
alertsSW ISE
RANSOMWARE
INFECTED
Malicious
Infrastructure
Zero-day
Attack and
Infection
CLEAN
SYSTEMS
DETECT AND CONTAIN IN NETWORK
NGFW blocks
inbound and
outbound
connections
Stealthwatch
detects and
alerts
C2 callbacks Worm propagation
Umbrella
w/Web
blocks
AMP4E
Email w/AMP blocks
ransomware phishing attacks
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialSecure your digital network in real-time, all the time, everywhere
Network as a SensorVisibility and analytics across the extended enterprise,
industry-leading threat intelligence
Trustworthy Systems
Security embedded into hardware and software by design
Network as an EnforcerConsistent threat protection and remediation across the network
Cisco Enterprise Network Security
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Network as a Sensor and Enforcer
Get Answers Faster
Use Cisco® Platform Exchange Grid
(pxGrid) partner technologies to find
threats faster and improve visibility
Stop Attacks Faster
Use the network to contain attacks
manually or automatically to reduce time
to respond
Protect Critical Data Faster
Dynamically restrict access
permissions or remove a device as
its threat score worsens
SIEM
Firepower
Firewall
Custom
Detection
Stealthwatch
ThreatSecurity Intelligence
Automatic or Initiated by IT Admin
~5 Seconds
ISEpxGrid
ISE
Switch Router Router Firewall ServerData Center
SwitchWANUser
Who What When Where How
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Video
https://www.youtube.com/watch?v=GvLnb4YQHh0
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Enhanced Network as a Sensor and Enforcer
Default Deny
IoT Virtual Network
Group 3 Group 4
Deny
Limit Lateral
Movement of Threats
Employee Virtual Network
Group 1 Group 2
Deny
Automate Threat
Response
• One time provisioning to implement
across access, campus, and WAN
• No IP Address Management
• No ACL Management
• No VLAN Management
• No CLI
Automation Impact
Reduced attack surface | Opex reduction through simplification | Agility in the network
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
70% of attacks will use encryption in 2019
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Enhanced Network as a Sensor and Enforcer
Encrypted Traffic
Non-Encrypted
Traffic
Industry’s first network with ability to find threats in encrypted trafficAvoid, stop or mitigate threats faster then ever before | Real-time flow analysis for better visibility
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Infrastructure view of the data
Google Search
Firefox self-repair
Bestafera Malware
Global
Risk
Map
Initial Data
Packet
Sequence of Packet
Lengths and Times
Cognitive
Analytics
Malware Detection using Cognitive Analytics
All three elements reinforce each other inside the analytics engine using them.
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
It’s No Longer a Problem Only for Security Teams
Security Networking
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
I N T E N T CONTEXT
S E C U R I T Y
L E A R N I N G
Powered by intent,
informed by context.
THE NETWORK.
INTUITIVE.