The Threat Centric Intelligent Cyber Security - cisco.com€¦ · Control, Management ... Scope...
Transcript of The Threat Centric Intelligent Cyber Security - cisco.com€¦ · Control, Management ... Scope...
The Threat Centric Intelligent Cyber Security
Diwakar Dayal [email protected]
Cisco Systems, Security
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 2
© 2014 Cisco and/or its affi l iates. All rights reserved. 3
Increased Attack Surface
APTs Cyberware
Spyware and Rootkits Worms
Antivirus
(Host-Based)
IDS/IPS
(Network Perimeter)
Reputation (Global)
and Sandboxing
Intelligence and
Analytics (Cloud)
Enterprise
Response
2010 2000 2005 Tomorrow
The Evolution of Threat Landscape
© 2014 Cisco and/or its affi l iates. All rights reserved. 4
PLAN EXPLOIT / ATTACK INFECT / SPREAD STEAL / DISRUPT
Attacker determines
possible entry points,
formulates a plan of attack
Attacker exploits
vulnerabilities and delivers
its weapon
Malware moves laterally
through the internal
network in search of
additional resources and
data
Attacker takes action
on its objectives and
exfiltrates data or disrupts
systems
HACKER
The Advance Malware Attack Life Cycle
© 2014 Cisco and/or its affi l iates. All rights reserved. 5
Enterprise’s 3 Biggest Security Challenges
Reduce complexity and fragmentation
of security solutions
Maintain Security and Compliance as business models change (Agility)
Increasing
Security Gap
© 2014 Cisco and/or its affiliates. All rights reserved. 6
In Spite of Layers of Defense, Breach occur
Malware is getting through control based defenses
Malware Prevention
is NOT 100%
Breach
Existing tools are labor intensive and require
expertise
Each stage represents a separate process silo attackers use to their advantage.
Attack Continuum
BEFORE Discover
Enforce
Harden
AFTER Scope
Contain
Remediate
Detect
Block
Defend
DURING
© 2014 Cisco and/or its affiliates. All rights reserved. 7
• Is now a tool for financial gain
• Uses formal Development Techniques
• Sandbox aware
• Quality Assurance to evade detection
• 24/7 Tech support available
• Has become a math problem
• End Point AV Signatures ~20 Million
• Total KNOWN Malware Samples ~100 M
• AV Efficacy Rate ~50%
Organizations Are Under Attack from APT
© 2014 Cisco and/or its affiliates. All rights reserved. 8
YEARS MONTHS
Impact of a Breach on any Organization
HOURS
Breach occurs 60% data in
breaches is stolen
in hours
54% of breaches remain
undiscovered for months
Information of up to
750 million individuals
on the black market
over last three years
START
Source: Verizon Data Breach Report 2014
Source: Verizon Data Breach Report 2012 Source: Verizon Data Breach Report 2012
Source: Verizon Data Breach Report 2012
© 2014 Cisco and/or its affiliates. All rights reserved. 10
Network-Integrated,
Broad Sensor Base,
Context and Automation
Continuous Advanced Threat
Protection, Big Data Analytics
Security Intelligence
Agile and Open Platforms,
Built for Scale, Consistent
Control, Management
Strategic Imperatives of your Security Architecture
Network Endpoint Mobile Virtual Cloud
Visibility-Driven Threat-Focused Platform-Based
© 2014 Cisco and/or its affi l iates. All rights reserved. 11
BEFORE Discover Enforce Harden
DURING Detect Block Defend
AFTER Scope Contain
Remediate
Network Endpoint Mobile Virtual Email & Web
Continuous Point-in-time
New Threat-Centric Security model Attack Continuum
Cloud
Cisco Security Model provides Visibility & Control
© 2014 Cisco and/or its affiliates. All rights reserved. 12
Securing the Entire Attack Continuum
Visibility and Context
Firewall
NGFW
NAC + Identity Services
VPN
UTM
NGIPS
Web Security
Email Security
Advanced Malware Protection
Network Behavior Analysis
BEFORE Discover
Enforce
Harden
AFTER Scope
Contain
Remediate
Attack Continuum
Detect
Block
Defend
DURING
© 2014 Cisco and/or its affiliates. All rights reserved. 13
Cisco Threat Centric Solution is Unique with AMP
Visibility and Context
AMP Everywhere
BEFORE Discover
Enforce
Harden
AFTER Scope
Contain
Remediate
Attack Continuum
Detect
Block
Defend
DURING
All the Focus, until now… Continuous Capability
Advanced Analytics
Retrospective Security
+
+
© 2014 Cisco and/or its affi l iates. All rights reserved. 14
= Point-in-Time + Continuous Protection
Retrospective Security
Continuous Analysis
0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110
1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
Breadth and Control points:
File Fingerprint and Metadata
File and Network I/O
Process Information
Telemetry
Stream
Continuous feed
Web WWW
Endpoints
Network Email
Devices IPS
Point-in-Time Protection
File Reputation & Sandboxing
Dynamic
Analysis
Machine
Learning
Fuzzy
Finger-printing
Advanced
Analytics
One-to-One
Signature
Talos + Threat Grid Intelligence
© 2014 Cisco and/or its affi l iates. All rights reserved. 15
Cisco’s AMP Everywhere - Protect Everything
MAC
AMP for Networks
PC
AMP for
Cloud Web Security
& Hosted Email
CWS
Virtual
AMP on Web & Email
Security Appliances
Mobile
AMP on ASA Firewall
with FirePOWER
Services
AMP for Endpoints
AMP Private Cloud
Virtual Appliance
AMP Threat Grid
Dynamic Malware Analysis +
Threat Intelligence Engine
© 2014 Cisco and/or its affi l iates. All rights reserved. 16
10I000 0II0 00 0III000 II1010011 101 1100001 110
Working together to create a Security Architecture
ASA FirePOWER
Web & Email Security NGIPS
Common Identity, Policy and Context Sharing
Malware Prevention /
Sandboxing
10I000 0II0 00 0III000 II1010011 101 1100001 110
110000III000III0 I00I II0I III0011 0110011 101000 0110 00
101000 0II0 00 0III000 III0I00II II II0000I II0
100I II0I III00II 0II00II I0I000 0II0 00
Cisco
AMP
Cisco
TrustSec
Cisco Identity
Services
Cisco Collective
Security Intelligence ISE
Context-aware
Segmentation Wired/Wireless and VPN
Pervasive & Integrated
Across the Portfolio
Context Visibility
AMP Client
CTD +
Network
Integration
© 2014 Cisco and/or its affi l iates. All rights reserved. 17
Customers need a complete Security Solutions
Security Services
Security Products
© 2014 Cisco and/or its affi l iates. All rights reserved. 18
Advisory Integration Managed
Custom Threat Intelligence
Technical Security Assessments
Integration Services
Security Optimization Services
Managed Threat Defense
Remote Managed Services
Cisco Security Services solves customer Needs
Cisco Confidential 19 © 2014 checked by Security SEVT all members. All rights reserved.
NAC addition
Messaging and Web Security
Appliance
Cloud Security
UTM
Security Analytics
NGIPS / Anti-Malware
Sandbox
2004 2007
2009
2012
2013 2014
2015
Journey of building a strong Security Partner
© 2014 Cisco and/or its affi l iates. All rights reserved. 20
“So do any network security vendors understand data center and what’s needed to accommodate network security? Cisco certainly does.”
“Cisco is disrupting the advanced threat defense industry.”
“… AMP will be one of the most beneficial aspects of the [Sourcefire] acquisition.”
“Based on our (Breach Detection Systems) reports, Advanced Malware Protection from Cisco should be on everyone’s short list.”
2014 Vendor Rating for Security: Positive
Recognition Market
“The AMP products will provide deeper capability to Cisco's role in providing secure services for the Internet of Everything (IoE).”
© 2014 Cisco and/or its affi l iates. All rights reserved. 21
Case Study: Identify & Remediate Impact After Breach
Challenge
The company is a frequent victim of spear fishing
campaigns with indications of infection emanating
from multiple sources.
Solution Added AMP to a system already using
FirePOWER appliance to enable them to track
and investigate suspicious file activity.
Result
The company gained complete visibility into their
malware infections, determined the attack vector,
assessed the impact to the network and made
intelligent surgical decisions for remediation in a
fraction of the time than it would take to respond
manually.
Power Utility Case Study
Internet of Things… and Everything
EVERY COMPANY BECOMES A TECHNOLOGY COMPANY,
EVERY COMPANY BECOMES A SECURITY COMPANY.