This session was recorded via Cisco WebEx! You can watch ... · Welcome from Cisco Introducing...
Transcript of This session was recorded via Cisco WebEx! You can watch ... · Welcome from Cisco Introducing...
Cisco Customer Education You've Already Been Hacked. Now What? Cisco Next-Gen Security Can Help
This session was recorded via Cisco WebEx! You can watch the live session recording via the following URL:
https://acecloud.webex.com/acecloud/lsr.php?RCID=2a9e13dcb37a4721b5c9fc97052488bb
Thanks for your interest and participation!
Presentation Agenda
► Welcome from Cisco
► Introducing Cisco Security
► Cloud Web Security and OpenDNS
► Talos and Advanced Malware Protection
► Next Generation Threat Protection
About Your Host Brian Avery Territory Business Manager, Cisco Systems, Inc.
[email protected] ► Conclusion
Who Is Cisco?
Cisco Confidential 4 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Computer scientists, Len Bosack and Sandy Lerner found Cisco Systems
Bosack and Lerner run network cables between two different buildings on the Stanford University campus
A technology has to be invented to deal with disparate local area protocols; the multi-protocol router is born
1984
WellFleet
SynOptics
3Com
ACC
DEC
Proteon
IBM
Bay Netw orks
Newbridge
Cabletron
Ascend
Fore
Xylan
3Com Nortel
Ericsson
Alcatel
Juniper Lucent
Siemens
NEC Foundry
Redback
Riverstone
Extreme Arista HP
Avaya
Juniper
Huawei
Aruba
Brocade
Checkpoint
Fortinet
ShoreTel
Polycom
Microsoft
F5
Riverbed
Dell
Internet of Everything
1990 – 1995 1996 – 2000 2001 – 2007 2008 – Today
The Landscape is Constantly
Changing
Leading for Nearly 30 Years
2016
Cisco Confidential 6 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Who Is Cisco?
Chuck Robbins, CEO, Cisco
• Dow Jones Industrial Average Fortune 100 Company (AAPL, CSCO, INTC, MSFT)
• $117B Market Capitalization
• $49.6B in Revenue
• $10B in Annual Net Profits
• $34B More Cash than Debt
• $6.3B in Research and Development
http://finance.yahoo.com/q/ks?s=CSCO+Key+Statistics
No. 1
Voice
41%
No. 1
TelePresence
50%
No. 1
Web Conferencing
43%
No. 1
Wireless LAN
50%
No. 2
x86 Blade Servers
29%
No. 1
Routing Edge/Core/
Access
47%
No. 1
Security
31%
No. 1
Switching Modular/Fixed
65%
No. 1
Storage Area Networks
47%
Market Leadership Matters
Cisco Confidential 8 C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Security in the 21st Century
Cisco Confidential 9 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
The Good Old Days Are Over
Organizations Are Under Attack Industrial Hackers Are Making Big Money with Innovative Tactics
1990 1995 2000 2005 2010 2015 2020
Viruses 1990–2000
Worms 2000–2005
Spyware and Rootkits 2005–Today
APTs Cyberware Today +
Phishing, Low Sophistication Hacking Becomes
an Industry Sophisticated Attacks, Complex Landscape
of large companies targeted by malicious traffic 95% of organizations interacted
with websites hosting malware 100% 1. Cybercrime is lucrative, barrier to entry is low 2. Hackers are smarter and have the resources to compromise your organization 3. Malware is more sophisticated 4. Organizations face tens of thousands of new malware samples per hour
Source: 2014 Cisco Annual Security Report
Global Cybercrime Market $450B‒$1T
Cisco Confidential 11 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
High Profile Breaches
As of 12/31/2014 http://www.idtheftcenter.org/images/breach/DataBreachReports_2014.pdf
1,000,000
70,000,000
56,000,000 2,600,000
1,100,000
And Yet… Organizations of every size are targets
60% of UK small businesses were compromised in 2014 (2014 Inf ormation Security Breaches Survey)
100% of corporate networks examined had malicious traffic (Cisco 2014 Annual Security Report)
41% of targeted attacks are against organizations with fewer than 500 employees (July 2014 The National Cyber Security Alliance (NCSA)
If you knew you were going to be compromised, would you do security differently?
It’s no longer a question of “if” you’ll be breached, it’s a question of “when”
Cisco Security Overview
Cybersecurity today requires a “Defense-in-Depth” Approach ► Defense-in-depth is the coordinated use of
multiple security countermeasures to protect the integrity of the information assets in an enterprise
► Firewalls are are the first step, not an overall strategy
► Firewalls offer only a single layer of defense
Too Many Disparate Security Products Mean Gaps in Protection
vs
â
â
Fragmented offerings across multiple vendors
Streamlined advanced security solution
Cost
Lower opex and easier to manage
Higher total cost to build and run
Overall performance
Less communication betw een components
Better communication and integration
Time to detection
Faster time to detection
More lag in f inding threats
Defending Against These Advanced Threats Requires Greater Visibility and Control Across the Full Attack Continuum
Before Discover Enforce Harden
During Detect Block
Defend
After Scope Contain
Remediate
FireSIGHT and pxGrid
ASA VPN
OpenDNS Meraki
Advanced Malware Protection
Network as Enforcer
NGIPS
ESA/WSA
CWS Secure Access + Identity Services ThreatGRID
Attack Continuum
Defending Against These Advanced Threats Requires Greater Visibility and Control Across the Full Attack Continuum
Attack Continuum
Before Discover Enforce Harden
During Detect Block
Defend
After Scope Contain
Remediate
FireSIGHT and pxGrid
ASA VPN
OpenDNS Meraki
Advanced Malware Protection
Network as Enforcer
NGIPS
ESA/WSA
CWS Secure Access + Identity Services ThreatGRID
Advanced Malware Protection ASA
OpenDNS
NGIPS
ESA/WSA
CWS
Combined with the Best Threat Intelligence Capabilities World-Class Threat Research
221B Total Threats
991M
Web + Malware Threats
19.7B Threats Per Day
1.4M
2.6M 9.9B
1.1M
1.8B
1B
8.2B
Incoming Malware Samples Per Day
Sender Base Reputation Queries
Per Day
Web Filtering Blocks Per Month
AV Blocks Per Day
Spyware Blocks Per Month
Blocks Per Sec Total Blocks Per Month
3.5 BILLION SEARCHES
TODAY
19.7 BILLION THREATS BLOCKED
TODAY
More Effective Against Sophisticated Attacks
Source: Cisco Annual Security Report, 2016
Less than
1 Day 100 VS.
DAYS
Industry Cisco
Much Faster Than Most Organizations Discover Breaches
Advanced Malware Protection
Malware WILL Get Into Your Environment
95% of large companies
targeted by malicious traffic
60% of data stolen in hours
65% of organizations say attacks evaded existing preventative
security tools
41% of attacks against companies
under 500 employes
Once Inside, Organizations Struggle to Deal With It
33% of organizations take 2+ years to discover breach
55% of organizations unable to
determine cause of a breach
45 days Average time to resolve
a cyber-attack
54% of breaches remain
undiscovered for months
When Malware Strikes, You Have Questions
Where did it come from?
Who else is infected?
What is it doing? How do I stop it?
Unique to Cisco® AMP
Cisco AMP Delivers a Better Approach
Point-in-Time Protection
File Reputation, Sandboxing, and Behavioral Detection
Retrospective Security
Continuous Analysis
Comprehensive Security Requires
Breach Prevention Rapid Breach Detection, Response, Remediation Threat Intelligence
Cisco AMP Defends With Reputation Filtering And Behavioral Detection
Point-in-Time Detection Retrospective Security
Cisco Collective Security Intelligence
Continuous Protection Reputation Filtering Behavioral Detection
Dynamic Analysis
Machine Learning
Fuzzy Finger-printing
Advanced Analytics
One-to-One Signature
Indications of Compromise
Device Flow Correlation
Dynamic Analysis
Machine Learning
Fuzzy Finger-printing
Advanced Analytics
One-to-One Signature
Indications of Compromise
Device Flow Correlation
Reputation Filtering Behavioral Detection
Dynamic Analysis
Machine Learning
Fuzzy Finger-printing
Advanced Analytics
One-to-One Signature
Indications of Compromise
Device Flow Correlation
Reputation Filtering: Example Point-in-Time Detection Retrospective Security
Cisco Collective Security Intelligence
Unknown file is encountered, signature is analyzed, sent to cloud
1
File is not known to be malicious and is admitted 2
Unknown file is encountered, signature is analyzed, sent to cloud
3
File signature is known to be malicious and is prevented from entering the system
4
Collective Security Intelligence Cloud
Dynamic Analysis
Machine Learning
Fuzzy Finger-printing
Advanced Analytics
One-to-One Signature
Indications of Compromise
Device Flow Correlation
Reputation Filtering: Example Point-in-Time Detection Retrospective Security
Cisco Collective Security Intelligence
Collective Security Intelligence Cloud
Fingerprint of file is analyzed and determined to be malicious 1
Malicious file is not allowed entry 2
Polymorphic form of the same file tries to enter the system 3
The fingerprints of the two files are compared and found to be similar to one another
4
Polymorphic malware is denied entry based on its similarity to known malware
5
Dynamic Analysis
Machine Learning
Fuzzy ger-printing
Advanced Analytics
Indications of Compromise
Device Flow Correlation
Behavioral Detection: Example Point-in-Time Detection Retrospective Security
Cisco Collective Security Intelligence
Collective Security Intelligence Cloud
File of unknown disposition is encountered 1
File replicates itself and this information is communicated to the cloud
2
File communicates with malicious IP addresses or starts downloading files with known malware disposition
3
Combination of activities indicates a compromise and the behavior is reported to the cloud and AMP client
4
These indications are prioritized and reported to security team as possible compromise
5
namic alysis
Advanced Analytics
Device Flow Correlation
Behavioral Detection: Example Point-in-Time Detection Retrospective Security
Cisco Collective Security Intelligence
Collective Security Intelligence Cloud
IP: 64.233.160.0
Device Flow Correlation monitors communications of a host on the network
1
Two unknown files are seen communicating with a particular IP address
2
One is sending information to the IP address, the other is receiving commands from the IP address
3
Collective Security Intelligence Cloud recognizes the external IP as a confirmed, malicious site
4
Unknown files are identified as malware because of the association
5
Cisco AMP Delivers A Better Approach
Unique to Cisco® AMP
Point-in-Time Protection
File Reputation, Sandboxing, and Behavioral Detection
Retrospective Security
Continuous Analysis
Cisco AMP Defends With Retrospective Security
Point-in-Time Detection Retrospective Security
Cisco Collective Security Intelligence
To be effective, you have to be everywhere
Continuously
Why Continuous Protection Is Necessary
0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110
1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
Web
WWW
Endpoints Network Email Devices
Gateways
File Fingerprint and Metadata
Process Information
Continuous feed
Continuous analysis
File and Network I/O
Breadth and Control points:
Telemetry Stream
Point-in-Time Detection Retrospective Security
Cisco Collective Security Intelligence
Talos + Threat Grid Intelligence
Cisco AMP Defends With Retrospective Security
Point-in-Time Detection Retrospective Security
Cisco Collective Security Intelligence
Trajectory Behavioral Indications
of Compromise
Elastic Search
Continuous Analysis
Attack Chain Weaving
Trajectory Behavioral Indications
of Compromise
Breach Hunting
Continuous Analysis
Attack Chain Weaving
Continuous Analysis: Example Point-in-Time Detection Retrospective Security
Cisco Collective Security Intelligence
Performs analysis the first time a file is seen
1
Persistently analyzes the file over time to see if the disposition is changed
2
Giving unmatched visibility into the path, actions, or communications that are associated with a particular piece of software
3
Trajectory Behavioral Indications
of Compromise
Breach Hunting
Continuous Analysis
Attack Chain Weaving
Attack Chain Weaving: Example Point-in-Time Detection Retrospective Security
Cisco Collective Security Intelligence
Uses retrospective capabilities in three ways:
File Trajectory records the trajectory of the software from device to device
File Trajectory 1
Process Monitoring monitors the I/O activity of all devices on the system Communications Monitoring monitors which applications are performing actions
Attack Chain Weaving analyzes the data collected by File Trajectory, Process, and Communication Monitoring to provide a new level of threat intelligence
Process Monitoring 2
Communications Monitoring 3
Trajectory Behavioral Indications
of Compromise
Breach Hunting
nuous ysis
Attack Chain Weaving
Behavioral Indications of Compromise: Example
Point-in-Time Detection Retrospective Security
Cisco Collective Security Intelligence
Behavioral Indications of Compromise uses continuous analysis and retrospection to monitor systems for suspicious and unexplained activity… not just signatures!
Using the power of Attack Chain Weaving, Cisco® AMP is able to recognize patterns and activities of a given fi le, and identify an action to look for across your environment rather than a fi le fingerprint or signature
An unknown file is admitted into the network
1 The unknown file copies itself to multiple machines
2 Duplicates content from the hard drive
3 Sends duplicate content to an unknown IP address
4
Cisco AMP Defends With Reputation Filtering And Behavioral Detection
Point-in-Time Detection Retrospective Security
Cisco Collective Security Intelligence
Continuous Protection Reputation Filtering Behavioral Detection
Dynamic Analysis
Machine Learning
Fuzzy Finger-printing
Advanced Analytics
One-to-One Signature
Indications of Compromise
Device Flow Correlation
Advanced Malware Protection AMP Everywhere: See Once, Protect Everywhere
Networks Web Endpoint
AMP Intelligence Sharing
W W W
Visibility
Cisco AMP Provides Contextual Awareness and Visibility That Allows You to Take Control of an Attack Before It Causes Damage
These applications are affected
What
The breach affected these areas
Where
This is the scope of exposure over time
When
Here is the origin and progression of the threat
How
Focus on these users first
Who
The Leader in Security Effectiveness Cisco AMP offers superior security effectiveness, excellent performance, and provides security across more attack vectors than any other vendor
• 99.2% Security Effectiveness rating in BDS testing, the highest of all vendors tested.
• Only vendor to block 100% of evasion techniques during testing.
• Excellent performance with minimal impact on network, endpoint, or application latency.
…and with Cisco AMP Everywhere Strategy Means Protection Across the Extended Network
AMP Advanced Malware
Protection
AMP for Networks
AMP on Web & Email Security Appliances
AMP on Cisco® ASA Firewall with FirePOWER Services
AMP for Endpoints
AMP for Cloud Web Security & Hosted Email
AMP Private Cloud Virtual Appliance
MAC
PC Mobile
Virtual
CWS
AMP Threat Grid Dynamic Malware Analysis + Threat
Intelligence Engine
AMP for Meraki Cloud Networking
Meraki
Next-Generation Firewall
Typical NGFWs are focused too narrowly on apps and are too hard to manage
NGFW
DDoS Sandbox URL IPS
Focused on apps, not threats Another silo to manage
Threat
Threat
Threat
Cisco Confidential 46 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Introducing
Industry’s First Threat-Focused NGFW
• Integrating defense layers helps organizations get the best visibility
• Enable dynamic controls to automatically adapt
• Protect against advanced threats across the entire attack continuum
Proven Cisco ASA firewalling
Industry leading NGIPS and AMP
Cisco ASA with FirePOWER Services Next-Generation
Firewall (NGFW)
Cisco ASA with FirePOWER Services
Cisco Confidential 47 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Superior Integrated & Multilayered Protection
Cisco ASA
URL Filtering (Subscription)
FireSIGHT Analytics & Automation
Advanced Malware
Protection (Subscription)
Application Visibil ity & Control Network Firewall
Routing | Switching
Clustering & High Availability
WWW
Cisco Collective Security Intelligence Enabled
Built-in Network Profil ing
Intrusion Prevention
(Subscription)
World’s most widely deployed, enterprise-class ASA stateful firewall
Granular Cisco® Application Visibility and Control (AVC)
Industry-leading FirePOWER next-generation IPS (NGIPS)
Reputation- and category-based URL filtering
Advanced malware protection
Identity-Policy Control & VPN
Cisco Meraki Cloud Security
Meraki MS Ethernet Switches
Meraki SME Enterprise Mobility
Management
Meraki MR Wireless LAN
Meraki MX Security
Appliances
Wired, wireless &
EMM
Client fingerprints
Security & bandwidth
policy
Instant search
Location analytics
Real-time control Integrated
MDM
Application visibility
On-Prem Managed Cloud Managed
Cisco Architecture
Cisco Traditional
ISR / ASA
Catalyst
Aironet
Meraki Systems Manager EMM
Cisco Meraki
MX
MS
MR
Systems Manager EMM Cisco ISE
Policy & Control
Cisco Prime Management & Analytics
52
Application Control Traffic Shaping, Content Filtering, Web Caching
Security NG Firewall, Client VPN, Site to Site VPN, IDS/IPS
Networking NAT/DHCP, 3G/4G Cellular, Static Routing, Link Balancing
Intuitive centralized management • No training, no command line • Templates to configure at-scale • Packet capture, built-in tools and
diagnostics
Industry-leading visibility • Fingerprints users, applications, and devices • Network-wide monitoring and alerts • Full stack: APs, switches, Security, MDM
Designed for distributed enterprises • Single pane of glass visibility • Zero-touch provisioning • Seamless updates from the cloud • Site-to-site IPSec VPN in 3 clicks
Best IPS SOURCEfire IDS / IPS, updated every day
Anti-Malware Advanced Malware Protection powered by Cisco Sourcefire and Talos
Content Filtering 4+ billions URLS, updated in real-time
Geo-based security Block attackers from rogue countries
AV / anti-phishing Kaspersky AV, updated every hour
PCI compliance PCI L1 certified cloud-based management
Enterprise License Advanced Security License
Stateful firewall
Site to site VPN
Branch routing
Internet load-balancing (over dual WAN)
Application control
Web caching
Intelligent WAN (IWAN)
Client VPN
`
All enterprise features, plus Content filtering (with Google SafeSearch)
Kaspersky Anti-Virus and Anti-Phishing
SourceFire IPS / IDS
Geo-based firewall rules
Advanced Malware Protection (AMP)
Cisco Web Security
Today’s cyber-threat reality
Hackers will likely command and control
your environment via web
You’ll most likely be infected via email
Your environment will get breached
Exposure – web blocks
82,000 Virus Blocks
181 Million Spyware Blocks
818 Million Web Blocks
Daily Web Breakdown
Daily
Yearly
19.7 Billion
7.2 Trillion
Total Threats Blocked
Exposure- email blocks
Large Attack Surface
Attack surface – web browsers
More than
85% of the companies studied were affected each month by malicious browser extensions
Users becoming complicit enablers of attacks Untrustworthy sources
Clickfraud and Adware
Outdated browsers 10% 64% IE requests running latest version
Chrome requests running latest version
vs
Attack surface – user error on web
Attackers: Shifts in the attack vectors
Java
Silverlight
Flash
Java drop 34%
Silverlight rise 228%
PDF and Flash steady
Log Volume
2015 Cisco Annual Security Report
Attack surface – web applications
Attack surface – web protocol
Encrypted traffic is increasing. It represents over 50% of bytes transferred.
Individual Privacy Government Compliance
Organizational Security
The growing trend of web encryption creates a false sense of security and blind spots for defenders
https://
Attackers:
Malvertising is on the rise: low-limit exfiltration makes infection hard to detect
In October 2014, there is a spike of
250%
Compromising without clicking
Attackers:
A growing appetite to leverage targeted phishing campaigns
Example: Snowshoe SPAM attack
SPAM up
250%
Attack surface - email
Exploit Kits, e.g. Cryptowall version 4
• Notorious ransomware • Version 1 first seen in 2014 • Distributed via Exploitkits and Phishing Emails • Fast Evolution
CRYPTOWALL 4.0
Threats from a user’s perspective
Sample attacking: Joe CFO Waiting for his plane
Meet Joe. He is heading home for a well deserved vacation.
He’s catching up on email using the airport Wi-Fi while he waits for his flight.
Sample attacking: Joe CFO Checks his email
Joe just got an email from his vacation resort.
Your Tropical Getaway
Joe,
Thank you for choosing us. We look forward to seeing you.
Before your arrival, please verify your information here: www.vacationresort.com
Best, Resort Team
Sample attacking: Joe CFO Instinctively, he clicks on the link
No problem, right? Everything looks normal.
The site may even be a trusted site, or maybe a site that is newly minted.
Your Tropical Getaway
Joe,
Thank you for choosing us. We look forward to seeing you.
Before your arrival, please verify your information here: www.vacationresort.com
Best, Resort Team
Sample attacking: Joe CFO Joe is now infected
Joe opens the link and the resort video plays.
Although he doesn’t know it, Joe’s machine has been compromised by a Silverlight based video exploit.
The malware now starts to harvest Joe’s confidential information:
• Passwords
• Credentials
• Company access authorizations
It Starts with Usage Controls and an Active Defense
Comprehensive Defense
Web Usage Control
Web Usage Control
Web Filtering
Block over 50 million known malicious sites
Web Reputation
Restrict access to sites based on assigned reputation score
Dynamic Content Analysis
Categorize webpage content and block sites automatically
Web Usage Reporting
Gain greater visibility into how web resources are used
Roaming Laptop-User Protection
Extend security beyond the network to include mobile users
Application Visibility and Control
Regulate access to individual website components and apps
Outbreak Intelligence
Identify unknown malware and zero-hour outbreaks in real time
Centralized Cloud Management
Enforce policies from a single, centralized location
Web Filtering Webpage Web
Reputation
Application Visibil ity and
Control Anti-
Malware Outbreak
Intell igence File
Reputation Cognitive
Threat Analytics
X X X X
Before After
www.webs i te .c om
During
X
File Retrospection
www
Roaming User
Reporting
Log Extraction
Management
Branch Office
www www
Allow Warn Block Partial Block Campus Office
ASA Standalone WSA ISR G2 Any Connect® Admin Traf f ic Redirections
Talos Cisco® Cloud Web Security (CWS)
www
HQ
File Sandboxing
X
Cisco Security and OpenDNS
§ A system for relating names and numbers § Domain = IP Address § Amazon.com =
205.251.242.103 § Like a library of phone books
What is DNS? Domain Name System
Why DNS?
DNS is Everywhere
OpenDNS adds a Layer of Security
Everything uses DNS
Simple to Set Up Easy Win Blocks Access to Unsafe Places
DNS: Doth Protest Too Much
91.3% of malware uses DNS
68% of organizations don’t monitor it
A blind spot for attackers to gain command and control, exfiltrate data, and redirect traffic
Requests Per Day
80B Countries 160+
Daily Active Users
65M Enterprise Customers
10K
Our Perspective Diverse Set of Data
Our View of the Internet providing visibility into global Internet activity (e.g. BGP, AS, Whois, DNS)
We see where attacks are staged
82 CONFIDENTIAL
INTERNET
MALWARE BOTNETS/C2 PHISHING
SANDBOX PROXY
NGFW NETFLOW
AV AV
AV AV
AV
AV
AV AV
ROUTER/UTM
AV AV
ROUTER/UTM
HERE?
& HERE?
& HERE?
& HERE?
& HERE?
OR HERE?
Where Do You Enforce Security?
CHALLENGES
Too Many Alerts via Appliances & AV
Wait Until Payloads Reaches Target
Every Payload Scan Slows Things Down
Too Much Time to Deploy Everywhere
BENEFITS
Alerts Reduced 2x; Improves Your SIEM
Traffic & Payloads Never Reach Target
Internet Access Is Faster; Not Slower
Provision Globally in UNDER 30 MINUTES
HQ
Branch Branch
Mobile
Mobile
Apply statistical models and
human intelligence
Identify probable
malicious sites
Ingest millions of data
points per second
How Our Security Classification Works
a.ru
b.cn
7.7.1.3
e.net
5.9.0.1
p.com/jpg
Where Does Umbrella Fit?
INTERNET
ON NETWORK
ALL OTHER TRAFFIC
WEB TRAFFIC
EMAIL TRAFFIC
INTERNET ALL
OTHER TRAFFIC
WEB TRAFFIC
EMAIL TRAFFIC
OFF NETWORK
ASA blocks inline by IP, URL or packet
ESA/CES blocks by sender
or content
WSA/CWS blocks by URL or content via proxy
ESA/CES blocks by sender
or content
CWS blocks by URL or content via proxy
Umbrella blocks by domain as w ell as IP or URL
Umbrella blocks by domain as w ell as IP or URL
A New Layer of Breach Protection
Threat Prevention Not just threat detection
Protects On & Off Network Not limited to devices forwarding traffic through on-prem appliances
Partner & Custom Integrations Does not require professional services to setup
Block by Domains for All Ports Not just IP addresses or domains only over ports 80/443
Always Up to Date No need for device to VPN back to an on-prem server for updates
UMBRELLA Enforcement
Conclusion
Defending Against These Advanced Threats Requires Greater Visibility and Control Across the Full Attack Continuum
Attack Continuum
Before Discover Enforce Harden
During Detect Block
Defend
After Scope Contain
Remediate
FireSIGHT and pxGrid
ASA VPN
OpenDNS Meraki
Advanced Malware Protection
Network as Enforcer
NGIPS
ESA/WSA
CWS Secure Access + Identity Services ThreatGRID
Thank You and Next Steps
Brian Avery [email protected]
www.
Learn more about Cisco Security: www.cisco.com/go/security/
Contact Your Cisco Partner https://tools.cisco.com/WWChannels/LOCATR/performBasicSearch.do
• CCE sessions are held weekly on a variety of topics
• CCE sessions can help you understand the capabilities and business benefits of Cisco technologies
• Watch replays of past events and register for upcoming events!
Visit http://cs.co/cisco101 for details
Join us again for a future Cisco Customer Education Event