Fast Innovation & Fast IT require security

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1

Fast Innovation & Fast IT require SECURITY Nikos Mourtzinos, CCIE #9763

Security Product Specialist

November 2015

Global Security Sales Organization

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

What do these companies have in common ?


Cyber attacks are one of the unfortunate realities of doing business today.

All were smart, all had securityAll were compromised.

Today’s Reality….


The Industrialization of Hacking

20001990 1995 2005 2010 2015 2020

Viruses1990–2000

Worms2000–2005

Spyware and Rootkits2005–Today

APTs CyberwareToday +

Hacking Becomesan Industry

Sophisticated Attacks, Complex Landscape

Phishing, Low Sophistication


Changing Threat Landscape

pieces of new malware

per second4

web sites compromised1,111,399


Global Cybercrime Market

Social Security

$1

Medical

Record

>$50

DDOS

as a Service

~$7/hour

Cisco Confidential 6©2014 Cisco and/or its affiliates. All rights reserved.

WELCOME TO THE HACKERS’ ECONOMYSource: RSA/CNBC

DDoS

Credit

Card Data

$0.25-$60

Bank Account Info

>$1000 depending on account

type and balance

$

Exploits

$1000-$300K

Facebook

Account

$1 for an account

with 15 friends

Spam

$50/500K emails

Malware

Development

$2500(commercial malware)

Global

Cybercrime

Market:

$$$B

Mobile Malware

$150


Which Industry is More At Risk ?


Why Are Investors Concerned ?

• Direct financial loss from breach

• Steal Money

• Steal Data (Loss of intellectual property or trade secrets to competitors)

• Loss of customers

• Indirect costs from a breach

• Forensics

• Lawyers

• Public Relations

• Improving cybersecurity requires financial investment

• Poor cyber hygiene is a factor in today’s competitive business environment


Hack in the Retail Industry

According to the Ponemon 2015 Cost of Data

Breach Study, an average event of this type

could drive

the average costs up to $5,920,000

for a business.

Lost Business Costs:

$3,720,000

Post Breach Costs:

$1,640,000

Notification Costs:

$560,000

http://www.ponemon.org/blog/cost-of-data-breach-grows-as-does-frequency-of-attacks


Hack in the Manufacturing Industry

According to the Ponemon 2015 Cost of Data Breach

Study, an average event of this type impacts 28,000

records, driving

the average cost to a business to $1,728,000

Detection Costs:

$610,000

Notification Costs:

$560,000

Legal Settlement Costs:

$558,000

http://www.ponemon.org/blog/cost-of-data-breach-grows-as-does-frequency-of-attacks


Investments on Security

Any Device to Any Cloud

PRIVATECLOUD

PUBLICCLOUD

HYBRIDCLOUD

Changing Business Models


Internet of Things…and Everything

Every company becomes a technology company,

Every company becomes a security company

More Connections = More Value

More ‘things’ equals more threats

Security Must Enable the IoE Business


TIMELINE

2010 2015 2020

BIL

LIO

NS

OF

DE

VIC

ES

0

10

20

30

50

IoT is Here Now – and Growing!

Adoption rate of digital infrastructure:

5X faster than electricity and telephony

25

12.5

7.26.8 7.6

World Population

50 Billion Smart Objects

Inflectionpoint


What Cybersecurity Questions Are Boards Asking CISOs?

Are profit-generating assets adequately secured?

How well-protected is high-value information?

Would the organization be able to detect a breach?

How is the effectiveness of the cybersecurity program measured?

How does the organization’s security program compare to that of its peers?

Is the organization spending appropriately on security priorities?


Collective Security Intelligence

NGFW

Secure Access + Policy Control

VPN NGIPS

Web Security

Advanced Malware Protection

Network Behavior Analysis

BEFOREDiscover

Enforce

Harden

AFTERScope

Contain

Remediate

Attack Continuum

Detect

Block

Defend

DURING

The Threat-Centric Security Model

Email Security


Enhanced Security & Simplifies Operations & Cost Savings

Superior Network

Visibility

Servers, hosts, Mobiles

Applications, OS, Vulnerabilities,

Impact Assessment &

Correlation

Threat correlation reduces

actionable events by up to 99%

Automated Tuning

Adjust IPS policies automatically

based on network changes

Continuous Analysis,

Trajectory

Remediation Indications of

Compromise

Warning indicator to more rapidly

remediate threats

Advanced Malware

Protection

Analyses files to block malware


Superior Network VisibilitySuperior Network

Visibility

Rogue hosts, Vulnerabilities,

Applications, OS, Servers, MobilesCategories

Hosts

Network Servers

Routers & Switches

Mobile Devices

Printers

VoIP Phones

Virtual Machines

Operating Systems

Applications (Web , Client etc)

Users

File Transfers

Command & Control Servers

Threats

Vulnerabilities

You can’t protect

what you can’t see

Real-time notifications of changes


Automated Tuning

Adjust IPS policies automatically

based on network changes

Automated Tuning

• Automated Recommended Rules based on Customer’s Infrastructure

• Automated IPS Policies based on Changes

• Simplifies Operations & Reduces Costs

NSS IPS Test Key Findings:

Protection varied widely between 31% and 98%.

Tuning is required,

Organizations that do not tune could be missing

numerous “catchable” attacks.


Impact Assessment & CorrelationImpact Assessment &

Correlation

Threat correlation reduces

actionable events by up to 99%

Automatically Correlates

all intrusion events

1

2

3

4

0

IMPACT FLAGADMINISTRATOR

ACTIONWHY

Act Immediately;

Vulnerable

Event corresponds

with vulnerability

mapped to host

Investigate;

Potentially

Vulnerable

Relevant port open

or protocol in use,

but no vulnerability

mapped

Good to Know;

Currently Not

Vulnerable

Relevant port not

open or protocol not

in use

Good to Know;

Unknown Target

Monitored network,

but unknown host

Good to Know;

Unknown Network

Unmonitored

network

Impact AssessmentThreat correlation reduces actionable events


Advanced Malware Protection

Analyses files to block malware

Advanced Malware

Protection

Analyses files to detect and block malware

• File Reputation

• Multi AV engines

• State-of-the-art Algorithms for continuous malware targeting

• Big data analytics

• Dynamic Analysis with Sandboxing

• Continuous analysis


Actual Disposition = Bad = Blocked

NGFW

NGIPS

Initial Disposition = unknown

Point-in-time Detection

Retrospective Detection,Analysis Continues

Initial Disposition = unknown

Continuous

Blind to scope of

compromise

Actual Disposition = Bad = Too Late!!

Turns back time

Visibility and Control are Key

Not 100%

Analysis Stops Continuous Analysis,

Trajectory

Remediation

Remediation


Indications of Compromise (IoCs)Indications of

Compromise

IPS Events

Malware Backdoors CnC Connections

Exploit KitsAdmin Privilege

Escalations

Web App Attacks

SI Events

Connections to Known CnC IPs

MalwareEvents

Malware Detections Malware Executions

Office/PDF/Java Compromises

Dropper Infections

Warning indicator to more rapidly

remediate threats

Early warning indicator to more rapidly remediate threats before they spread


Cisco Cyber Threat Defense: The Need

Firewall

IPS

Web Sec

Email Sec

Customized Threat Bypasses Security Gateways

Threat Spreads Inside Perimeter

Customized Cyber Threats Evade Existing Security Constructs

Fingerprints of Threat are Found Only in Network Fabric

AMP


Key Concept — NetFlow

• NetFlow is like a phone bill

NetFlow provides detailed data such as:

• What is talking to what

• Direction of traffic

• over what protocols and ports

• for how long, at what speed

• for what duration

• Volume of traffic

• What nations traffic is going to

• Protocol sequence anomalies

Internal Network &

Borders


Next Generation Cyber Threat Defense Announcement: Cisco announced its intent to acquire Lancope

SIO

Unified ViewThreat Analysis and Context in

Lancope StealthWatch

Threat Context DataCisco Identity, Device, Posture

NetFlow TelemetryCisco Switches, Routers, and ASA NGFW

Internal Network and Borders

• Aggregating, analyzing NetFlow

telemetry data

• Baseline

• Sophisticated behavioral analysis

• Reputation

• Modern Detection Algorithms


Ecosystem and Integration

Combined API Framework

BEFOREPolicy and

Control

AFTERAnalysis and Remediation

Detectionand Blocking

DURING

Infrastructure & Mobility

NACVulnerability Management Custom Detection Full Packet Capture Incident Response

SIEMVisualizationNetwork Access Taps


Industry Leading Threat DetectionIndustry Leading

Threat Detection

Cisco

Best Protection Value

99.5%

Security

Effectiveness

The NGFW Security Value Map

shows the placement of Cisco

ASA with FirePOWER Services

as compared to other vendors.

Cisco achieved 99.5 percent in

security effectiveness and now all

can be confident that they will

receive the best protections

possible

Source: NSS Labs 2015

Vendor Rating for Security: Positive

“The AMP products will provide deeper

capability to Cisco's role in providing

secure services for the Internet of

Everything (IoE).”

“Cisco is disrupting the advanced threat defense industry.”

“Based on our (Breach Detection Systems) reports, Advanced Malware Protection from Cisco should be on everyone’s short list.”


Thank You

Fast Innovation & Fast IT require security

Technology

Transcript of Fast Innovation & Fast IT require security