© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 1You Get What You Measure No Matter...
Transcript of © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 1You Get What You Measure No Matter...
11© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public
2010 2011 2012 2013
Who Moved My Cheese?Who Moved My Cheese?Why The Security Industry Why The Security Industry
Upside Down Upside Down
y y yy y yHas Been Turned Has Been Turned
John N. StewartJohn N. [email protected]@cisco.com
22© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public
Vice President Vice President Chief Security OfficerChief Security Officer FIRST Conference 2010
Challenge Questions…
33© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public
What is our adversarythinking…
right…now ?now…?
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 44
55
66
Significant Security ChallengeTransitionsTransitions
CloudVirtualization
InformationCollaboration
ks
Collaboration
Application SecurityApplications and Databases
Ris
k
Endpoint SecurityMobility and Access
Applications and Databases
Perimeter SecurityD t t C t i
Mobility and Access
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 7© 2008 Cisco Systems, Inc. All rights reserved.DSTA 043010 7Time
Datacenter Centric
Global Flow of InformationGlobal Flow of Information
21 Exabytes per month
56 Exabytesper month
5 Exabytesper month p
4.8 Billion DVDs crossing the Network
p12.8 Billion DVDs
crossing the Network
p1.4 Billion DVDs
crossing the Network
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 8
Source: Cisco Visual Networking Index
Video Will Dominate the Information FlowVideo Will Dominate the Information Flow
486 E b t486 Exabytes
Video TrafficGlobal Consumer Internet Traffic (Annual)
180 Exabytes 91%f llof all
ConsumerInternetTraffic
will be Video 36 Exabytes in 2013
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 9
Source: Cisco Visual Networking Index
World of Connected DevicesWorld of Connected Devices
Total 35 Billion Total 1 TrillionTotal 500 Million Total 35 Billion Total 1 TrillionTotal 500 Million
5 Devices perPerson on Earth
140 Devices perPerson on Earth
1/10th of a Device perPerson on Earth
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 10
Source: Forrester Research, Cisco
World of ApplicationsWorld of Applications
TOTALMOBILE APPS
iPHONEAPPS ALONE
APPSWORLDWIDE
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 11
Source: Apple, Windows Mobile, Cisco Analysis (Forecast of 2013 assuming consistent growth trends)
Increase in Security ThreatsIncrease in Security Threats
624 000 2 600 000 5 700 000624,000 2,600,000 5,700,000(projected)
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 12
Source: Symantec and Cisco Analysis
And Beyond…And Beyond…PEOPLE TO PEOPLE THINGS TO THINGS
High-Bandwidth Pipes Low-Bandwidth and Low-PowerRich/Real-Time Interaction
Enabling Media ExperiencesWireless Sensors Everywhere
Non-Stop Flow of Data
“SmartGrid is theanchor use case”“Video is the killer app”
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 13
a c o use case
Business Internet Consumer Internet Industrial Internet
1414
Asymmetric Problems in Assurance…yExpensive To Protect, Trivial To Shake Confidence
W d i iWe spend an amazing amount protecting, and it is trivial to circumvent
Complexity is the enemy, and the opportunity
Our adversaries use our practice against us, especially when it is fixed
1515© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public
Technology Integration Is Complex
Virus Scanning - Host & Server
PhysicalS it
Vulnerability Scan Risk Management
Theft
VirusOutbreak
Unintentional Loss
Anomaly Detection & Miti ti
Security
Network IntrusionProtection
ComplianceValidation
Security Alerts
Access Control &Video SurveillanceTheft
DDoS& Mitigation
Event Logging
Video Surveillance
Loss ofConfidentiality
WebsiteDefacementOne-Time
Token Software
EndpointSecurity
Router/SwitchSecurity
ApplicationVulnerabilityAssessment
Confidentiality Defacement
Firewall
SecurityManagement
VPNFacility
ManagementUser Transaction
1616© 2010 Cisco Systems, Inc. All rights reserved. Cisco PublicEncryption Software
MultifunctionSecurity
a age e tApplication
Optimization
IdentityManagement
ApplicationSecurity
40,000 Routers on Cisco’s network
1717© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public
40,000 Routers on Cisco s network
Network Layers are Complexy
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 1818
Hosts are Complex
1919© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public
Data is Complex
2,000,000Highly tuned IDS alerts per dayg y p y
2020© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public
“Traditional” Practice Is Losing Effectiveness
www.shadowserver.org/14 June 2010
~10 million new hashed binaries in2010 to date; ~70 million total seen2010 to date; 70 million total seen
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 2121
Where we are good is not what we needAreas of Strength Today: Network and Device SecurityAreas of Strength Today: Network and Device Security
Device SecurityCSA Credent
Device SecurityAltiris AV
Application and Pl tf S itAudit AuditApplication and
Service Security Platform SecurityXML GW XML GW
Email Encryption PGPData Security
N t k d Logging Logging Monitoring
Network Services
Network and System Management
Logging Logging
Logging Logging
Monitoring
AlertingAD LDAP
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 2222
et o Se cesCisco Network
DLPIDSFW VPN ….
Web Security – The DataMalicious Transactions Blocked
600,000+ including:Malware downloads
Malicious Transactions Blocked
Browser hijacking softwareUnwanted advertisement softwareBotnet check-insT j (b kd ) tiTrojan (backdoor) connections
Average response to client = 1.4 seconds Average daily log data = 9Gb
A ll d b t ti d 500K/60 i t Average allowed web transactions passed = 500K/60 minutes
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 2323
Top 10 Blocked Domains Top 10 Blocked Web-based Reputation Scoring
Top Malware Threats blocked
And Data is MovingMeasure
ManageManage
Secure
S l
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSec Arch 061710 24
Scale
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 2525
The best way to predict the future is to invent it.
--Alan Kay
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 2626
Ask The Right QuestionsYou Get What You Measure No Matter WhatYou Get What You Measure, No Matter What
Always question what you are doing –some things have declining investment and results
Stop asking for best practices –start asking “what’s effective and how effective is it?”
What can I see, what don’t I know, how will I know it when I need to?
What can I shamelessly copy from someone else?
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 272727
See, Don’t Feel – AnalyzeyData Removes Emotion
Hosting Net TeamUnderstanding /
Strategy /Action
OthersSecOps
InformationEvent /
BehaviorCorrelation
Information
Network Analysis System Analysis
OthersSecurity Vendor
Data
OthersSecurity Vendor
Identity Homegrown Apps
Proximity
Sensor OthersSCADA
GeoLocation
GeoLocation
GeoLocation
SensorLogs
OthersSCADA
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 2828
“I have a series of questions, and the data gives the answers”~ or ~
“I don’t know the questions yet; let’s look at the data”
A Trend is Emerging…A Trend is Emerging…
Trusted System or ServiceTrusted System or ServiceTrusted Platform
• AuthenticationTrusted Platform
• AuthenticationSoftware
AssuranceSoftware
AssuranceSupply Chain
SecuritySupply Chain
SecurityIndependent
Product C tifi ti
Independent Product
C tifi ti• Trojan Prevention• Strong Identity• Secure Storage• Monitoring• Hardware Assurance
• Trojan Prevention• Strong Identity• Secure Storage• Monitoring• Hardware Assurance
• Threat Modeling• Identity Assurance• Safe Libraries• Run-Time Defenses• Static Analysis
• Threat Modeling• Identity Assurance• Safe Libraries• Run-Time Defenses• Static Analysis
• Preferred Suppliers• Secure Logistics• Preferred Suppliers• Secure Logistics
Certification• Standards-Based• Mutually Recognized
Certification• Standards-Based• Mutually Recognized
Hardware AssuranceHardware Assurance • Static Analysis• Security Defect Triage
and Resolution• Compliance and
Vulnerability Testing
• Static Analysis• Security Defect Triage
and Resolution• Compliance and
Vulnerability Testing
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 2929
My ResponsesThe Hard Work Has Just BegunThe Hard Work… Has Just Begun
Manual Automated
Borders EverywhereBorders Everywhere
Unknown Known/Assured
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 3030
Enterprise Security Architecture Framework
Device Security
Enterprise Security Architecture Framework
Device Identity & Access
“Trusted Devices”
Alternate Storage Device Security
Application and Platform
& Access
External Persona Mgmt
Devices
Audit Functionality
Inspection Vehicles
Platforms
cemen
t
men
tpp
Service SecurityPlatformSecurity
Data-Centric
Strong Authentication
g
Regulatory
Orchestration Engines
Data-Centric
Data Classification
vern
anc
anag
em
anag
em
Data Security
N k d
Data-Centric Identity
Cross-Product Access Control
Service Catalog
g y“Awareness”
Location
Data Centric Policy
Policy Library/Filters
Dat
a G
ov
rvic
e M
a
entit
y M
a
Network and System Mgmnt Common
Admin Framework
Contexting
External Provisioning Capabilities
Data/Svc Tracking
Cross-Product Policy Engines
D
SerIde
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 3131
Cisco Network Network Services
IEN Capabilities
Policy Enforcement Data “Tagging”
High-Level TargetsIdentity Management
• Service opportunity for BUs• STBU SAML exploration• WebEx identity service concepty p• External identity architecture• External identity SOR• Standards for identity “realms”
Data Governance
• Explore encryption gateway
Service Management
• SSBU DLP capabilities• PMBU policy enhancements• External compliance effort• Introduce inspection capabilities• Update policy, RFIs, SLAs, SOWs
• ACS/Positron integration (policy management)• NMTG data tagging/CMS integration• Security product integration with service mgmt• Develop portfolio of “Just Good Enoughs” (JGE)• Data model enhancements
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 3232
• Introduce regulatory capture
Future Client Platform Environment
• Compliance • Management • Enforcement• Remediation
Trusted layer
Managed Platform
Virtualized EnvironmentNetwork Environment
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 3333
Key Takeaways
ConclusionsThis Phase is DifferentBig changes are having a profound affect on securitya ect o secu ty
“Know thyself” - attain a high degree of situational awareness
Ask the right questions to get theAsk the right questions to get the right answers
Look to the data to point the way
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 3434
More InformationSecurity Education
www.cisco.com/go/securityeducationSecurity Intelligence Operationswww cisco com/security
More Information
www.cisco.com/security
Security Blog
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 3535
2009 Security Annual Reportwww.cisco.com/go/securityreport
blogs.cisco.com/security
3636© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public