Innovatie & Gloeilampen - Fast Innovation Breakfast (28 okt 2014)
Fast Innovation & Fast IT require security
-
Upload
cisco-greece -
Category
Technology
-
view
294 -
download
0
Transcript of Fast Innovation & Fast IT require security
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Fast Innovation & Fast IT require SECURITY Nikos Mourtzinos, CCIE #9763
Security Product Specialist
November 2015
Global Security Sales Organization
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
What do these companies have in common ?
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Cyber attacks are one of the unfortunate realities of doing business today.
All were smart, all had securityAll were compromised.
Today’s Reality….
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
The Industrialization of Hacking
20001990 1995 2005 2010 2015 2020
Viruses1990–2000
Worms2000–2005
Spyware and Rootkits2005–Today
APTs CyberwareToday +
Hacking Becomesan Industry
Sophisticated Attacks, Complex Landscape
Phishing, Low Sophistication
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Changing Threat Landscape
pieces of new malware
per second4
web sites compromised1,111,399
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Global Cybercrime Market
Social Security
$1
Medical
Record
>$50
DDOS
as a Service
~$7/hour
Cisco Confidential 6©2014 Cisco and/or its affiliates. All rights reserved.
WELCOME TO THE HACKERS’ ECONOMYSource: RSA/CNBC
DDoS
Credit
Card Data
$0.25-$60
Bank Account Info
>$1000 depending on account
type and balance
$
Exploits
$1000-$300K
Account
$1 for an account
with 15 friends
Spam
$50/500K emails
Malware
Development
$2500(commercial malware)
Global
Cybercrime
Market:
$$$B
Mobile Malware
$150
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Which Industry is More At Risk ?
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Why Are Investors Concerned ?
• Direct financial loss from breach
• Steal Money
• Steal Data (Loss of intellectual property or trade secrets to competitors)
• Loss of customers
• Indirect costs from a breach
• Forensics
• Lawyers
• Public Relations
• Improving cybersecurity requires financial investment
• Poor cyber hygiene is a factor in today’s competitive business environment
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Hack in the Retail Industry
According to the Ponemon 2015 Cost of Data
Breach Study, an average event of this type
could drive
the average costs up to $5,920,000
for a business.
Lost Business Costs:
$3,720,000
Post Breach Costs:
$1,640,000
Notification Costs:
$560,000
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Hack in the Manufacturing Industry
According to the Ponemon 2015 Cost of Data Breach
Study, an average event of this type impacts 28,000
records, driving
the average cost to a business to $1,728,000
Detection Costs:
$610,000
Notification Costs:
$560,000
Legal Settlement Costs:
$558,000
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Investments on Security
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Any Device to Any Cloud
PRIVATECLOUD
PUBLICCLOUD
HYBRIDCLOUD
Changing Business Models
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Internet of Things…and Everything
Every company becomes a technology company,
Every company becomes a security company
More Connections = More Value
More ‘things’ equals more threats
Security Must Enable the IoE Business
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
TIMELINE
2010 2015 2020
BIL
LIO
NS
OF
DE
VIC
ES
0
10
20
30
50
IoT is Here Now – and Growing!
Adoption rate of digital infrastructure:
5X faster than electricity and telephony
25
12.5
7.26.8 7.6
World Population
50 Billion Smart Objects
Inflectionpoint
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
What Cybersecurity Questions Are Boards Asking CISOs?
Are profit-generating assets adequately secured?
How well-protected is high-value information?
Would the organization be able to detect a breach?
How is the effectiveness of the cybersecurity program measured?
How does the organization’s security program compare to that of its peers?
Is the organization spending appropriately on security priorities?
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Collective Security Intelligence
NGFW
Secure Access + Policy Control
VPN NGIPS
Web Security
Advanced Malware Protection
Network Behavior Analysis
BEFOREDiscover
Enforce
Harden
AFTERScope
Contain
Remediate
Attack Continuum
Detect
Block
Defend
DURING
The Threat-Centric Security Model
Email Security
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Enhanced Security & Simplifies Operations & Cost Savings
Superior Network
Visibility
Servers, hosts, Mobiles
Applications, OS, Vulnerabilities,
Impact Assessment &
Correlation
Threat correlation reduces
actionable events by up to 99%
Automated Tuning
Adjust IPS policies automatically
based on network changes
Continuous Analysis,
Trajectory
Remediation Indications of
Compromise
Warning indicator to more rapidly
remediate threats
Advanced Malware
Protection
Analyses files to block malware
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Superior Network VisibilitySuperior Network
Visibility
Rogue hosts, Vulnerabilities,
Applications, OS, Servers, MobilesCategories
Hosts
Network Servers
Routers & Switches
Mobile Devices
Printers
VoIP Phones
Virtual Machines
Operating Systems
Applications (Web , Client etc)
Users
File Transfers
Command & Control Servers
Threats
Vulnerabilities
You can’t protect
what you can’t see
Real-time notifications of changes
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Automated Tuning
Adjust IPS policies automatically
based on network changes
Automated Tuning
• Automated Recommended Rules based on Customer’s Infrastructure
• Automated IPS Policies based on Changes
• Simplifies Operations & Reduces Costs
NSS IPS Test Key Findings:
Protection varied widely between 31% and 98%.
Tuning is required,
Organizations that do not tune could be missing
numerous “catchable” attacks.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Impact Assessment & CorrelationImpact Assessment &
Correlation
Threat correlation reduces
actionable events by up to 99%
Automatically Correlates
all intrusion events
1
2
3
4
0
IMPACT FLAGADMINISTRATOR
ACTIONWHY
Act Immediately;
Vulnerable
Event corresponds
with vulnerability
mapped to host
Investigate;
Potentially
Vulnerable
Relevant port open
or protocol in use,
but no vulnerability
mapped
Good to Know;
Currently Not
Vulnerable
Relevant port not
open or protocol not
in use
Good to Know;
Unknown Target
Monitored network,
but unknown host
Good to Know;
Unknown Network
Unmonitored
network
Impact AssessmentThreat correlation reduces actionable events
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Advanced Malware Protection
Analyses files to block malware
Advanced Malware
Protection
Analyses files to detect and block malware
• File Reputation
• Multi AV engines
• State-of-the-art Algorithms for continuous malware targeting
• Big data analytics
• Dynamic Analysis with Sandboxing
• Continuous analysis
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Actual Disposition = Bad = Blocked
NGFW
NGIPS
Initial Disposition = unknown
Point-in-time Detection
Retrospective Detection,Analysis Continues
Initial Disposition = unknown
Continuous
Blind to scope of
compromise
Actual Disposition = Bad = Too Late!!
Turns back time
Visibility and Control are Key
Not 100%
Analysis Stops Continuous Analysis,
Trajectory
Remediation
Remediation
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Indications of Compromise (IoCs)Indications of
Compromise
IPS Events
Malware Backdoors CnC Connections
Exploit KitsAdmin Privilege
Escalations
Web App Attacks
SI Events
Connections to Known CnC IPs
MalwareEvents
Malware Detections Malware Executions
Office/PDF/Java Compromises
Dropper Infections
Warning indicator to more rapidly
remediate threats
Early warning indicator to more rapidly remediate threats before they spread
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Cisco Cyber Threat Defense: The Need
Firewall
IPS
Web Sec
Email Sec
Customized Threat Bypasses Security Gateways
Threat Spreads Inside Perimeter
Customized Cyber Threats Evade Existing Security Constructs
Fingerprints of Threat are Found Only in Network Fabric
AMP
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Key Concept — NetFlow
• NetFlow is like a phone bill
NetFlow provides detailed data such as:
• What is talking to what
• Direction of traffic
• over what protocols and ports
• for how long, at what speed
• for what duration
• Volume of traffic
• What nations traffic is going to
• Protocol sequence anomalies
Internal Network &
Borders
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Next Generation Cyber Threat Defense Announcement: Cisco announced its intent to acquire Lancope
SIO
Unified ViewThreat Analysis and Context in
Lancope StealthWatch
Threat Context DataCisco Identity, Device, Posture
NetFlow TelemetryCisco Switches, Routers, and ASA NGFW
Internal Network and Borders
• Aggregating, analyzing NetFlow
telemetry data
• Baseline
• Sophisticated behavioral analysis
• Reputation
• Modern Detection Algorithms
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Ecosystem and Integration
Combined API Framework
BEFOREPolicy and
Control
AFTERAnalysis and Remediation
Detectionand Blocking
DURING
Infrastructure & Mobility
NACVulnerability Management Custom Detection Full Packet Capture Incident Response
SIEMVisualizationNetwork Access Taps
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Industry Leading Threat DetectionIndustry Leading
Threat Detection
Cisco
Best Protection Value
99.5%
Security
Effectiveness
The NGFW Security Value Map
shows the placement of Cisco
ASA with FirePOWER Services
as compared to other vendors.
Cisco achieved 99.5 percent in
security effectiveness and now all
can be confident that they will
receive the best protections
possible
Source: NSS Labs 2015
Vendor Rating for Security: Positive
“The AMP products will provide deeper
capability to Cisco's role in providing
secure services for the Internet of
Everything (IoE).”
“Cisco is disrupting the advanced threat defense industry.”
“Based on our (Breach Detection Systems) reports, Advanced Malware Protection from Cisco should be on everyone’s short list.”
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
Thank You