Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS...

17
Martin Roesch Vice President and Chief Architect, Cisco Security Business Group April 22, 2016 AFCEA Defensive Cyber Operations Symposium Towards Effective Security

Transcript of Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS...

Page 1: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is

Martin Roesch

Vice President and Chief Architect, Cisco Security Business Group

April 22, 2016

AFCEA Defensive Cyber Operations Symposium

Towards Effective Security

Page 2: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is

Security Perspective

2

Page 3: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is

The Problem is THREATS

Page 4: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is

The Global Hacker Economy is

3x to 5x the size of the security industry.

Industrialization of Hacking.

Source: Center for Strategic and International Studies, 2014

Page 5: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is

Cisco ASR 2016 Findings: Attack Awareness Fades Confidence

59% confident in having the latest technology

51% have strong confidence in ability to detect a security weakness in advance

54% have strong confidence in ability to defend against attacks

45% have strong confidence in ability to scope and contain an attack

54% have strong confidence in ability to verify an attack

56% review security policies on a regular basis

-5% 0% -4%

-1% +0% +0%

Page 6: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is

If you knew you

were going to be

compromised,

would you do

security differently?

Page 7: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is

Source: Cisco Annual Security Report, 2016

Less than 100 VS. DAYS

Industry Cisco

Timeliness Counts

1 Day

Reduced Time to Detection

Page 8: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is

No Customer is an Island World-Class Threat Research

19.7B Threats Per Day

1.4M

1.1M

1.8B

1B

8.2B

Incoming Malware

Samples Per Day Sender Base

Reputation Queries

Per Day

Web Filtering

Blocks Per Month

AV Blocks

Per Day

Spyware Blocks

Per Month

260+ Threat Researchers

100 TB Threat Intelligence

Page 9: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is

The Threat-Centric Security Model

Visibility and Context

Firewall

App Control

VPN

Patch Mgmt

Vuln Mgmt

IAM/NAC

IPS

Antivirus

Email/Web

IDS

FPC

Forensics

AMD

Log Mgmt

SIEM

Attack Continuum

Discover Enforce Harden

Detect Block

Defend

Scope Contain

Remediate

Page 10: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is

The Threat-Centric Security Model

Attack Continuum

Network Endpoint Mobile Virtual Cloud

Point in Time Continuous

Discover Enforce Harden

Detect Block

Defend

Scope Contain

Remediate

Page 11: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is

THE STATE OF SECURITY

The Security

Effectiveness Gap Incremental Capability

Mountains of Complexity

Page 12: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is

The Security Effectiveness Gap Goal for Effective Security

Page 13: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is

Integration

Effective Security Requires

Consolidation Automation

Page 14: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is

Faster Time to Detection, Faster Time to Remediate

Cisco Confidential

Integrated Threat Defense Architecture

Visibility Control Intelligence Context

Page 15: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is

Integrated Threat Defense: Future Direction Visibility, Analytics, and Automation to Simplify and Increase Security Efficacy

Integrated

Management Visibility

Real-time map of the operational environment

API

Config Impact IOC Apps… Apps/Automation

Te

lem

etr

y Inte

llige

nce

Global

Intelligence

Control

Broker access between users, applications, data, devices

Threat

Defeat known Threats

Breach

Scope, Contain, Remediate

Before After During

API

Page 16: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is

Simplicity at Scale

Page 17: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is

Cisco Firewall Security

Cisco Firewall Security

Cisco Wireless Security

Cisco Wireless Security

Cloud security cisco

Cloud security cisco

Cisco M190 Content Security Management Appliance ...€¦ · Thank you for choosing the Cisco M190 Content Security Management Appliance (Cisco M190). The Cisco M190 Content Security

Cisco M190 Content Security Management Appliance ...€¦ · Thank you for choosing the Cisco M190 Content Security Management Appliance (Cisco M190). The Cisco M190 Content Security

Cisco 1710 Security Router Software Configuration Guide 1710 Security... · CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Systems,

Cisco 1710 Security Router Software Configuration Guide 1710 Security... · CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Systems,

Cisco Web Security Appliance Security Target

Cisco Web Security Appliance Security Target

Cisco SecurityCisco Security Intelligence Operations (Cisco SIO) Overview… · Cisco SecurityCisco Security Intelligence Operations (Cisco SIO) Overview(Cisco SIO) Overview Karaked

Cisco SecurityCisco Security Intelligence Operations (Cisco SIO) Overview… · Cisco SecurityCisco Security Intelligence Operations (Cisco SIO) Overview(Cisco SIO) Overview Karaked

Cisco Equipment Security

Cisco Equipment Security

Implementing Cisco Network Security · Implementing Cisco Network Security Cisco 210-260 Dumps Available Here at:

Implementing Cisco Network Security · Implementing Cisco Network Security Cisco 210-260 Dumps Available Here at:

Cisco IronPort Security Appliances - Information Store · Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cisco IronPort Security Appliances Cisco

Cisco IronPort Security Appliances - Information Store · Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cisco IronPort Security Appliances Cisco

Security Overview - Cisco - Global Home Page Cisco Unified Communications Manager Security Guide OL-24964-01 Chapter 1 Security Overview Security Icons Security Icons Cisco Unified

Security Overview - Cisco - Global Home Page Cisco Unified Communications Manager Security Guide OL-24964-01 Chapter 1 Security Overview Security Icons Security Icons Cisco Unified

Cisco Security Everywhere

Cisco Security Everywhere

Cisco Security target

Cisco Security target

Cisco Cloud Security

Cisco Cloud Security

Cisco CCNA Security

Cisco CCNA Security

Cisco CCIE Security

Cisco CCIE Security

Cisco Security Control Framework (SCF) Model · Cisco Security Control Framework (SCF) Model OL-19432-01 Cisco Security Control Framework Cisco Security Control Framework The Cisco

Cisco Security Control Framework (SCF) Model · Cisco Security Control Framework (SCF) Model OL-19432-01 Cisco Security Control Framework Cisco Security Control Framework The Cisco

Cisco SAFE Security

Cisco SAFE Security

Cisco Switch Security

Cisco Switch Security

Managing Cisco NFVI Security...Managing Cisco NFVI Security ThefollowingtopicsdescribeCiscoNFVInetworkandapplicationsecurityandbestpractices. • VerifyingManagementNodeNetworkPermissions,

Managing Cisco NFVI Security...Managing Cisco NFVI Security ThefollowingtopicsdescribeCiscoNFVInetworkandapplicationsecurityandbestpractices. • VerifyingManagementNodeNetworkPermissions,