From Overwhelmed to Empowered - 2020 · Effective Security for the Modern Enterprise From...
Transcript of From Overwhelmed to Empowered - 2020 · Effective Security for the Modern Enterprise From...
Effective Security for the Modern Enterprise
From Overwhelmed to Empowered
John Maynard
VP, Global Security Specialists
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Today’s risk reality
Workers connecting
everywhere
Loss of control
More interconnected than ever
Expanded attack surface Multi-cloud reality
A software-defined world
Automated and
sophisticated threats
High likelihood of a breach
Continuous operations
Must keep business running
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Phishing
DDoS
Advanced Persistent Threats
Ransomware
Botnets
Wiper Attacks
Data/IP Theft
Spyware/Malware
Man in the Middle
Drive by Downloads
Malvertising
Unpatched Software
Rogue Software
Credential compromiseCryptomining
Attack landscape
constantly evolving Supply chain attacks
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
We just asked 3200 security decision makers around the world
What’s Keeping CISOs Up At Night?
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Impossibly complex
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
That’s up from 74% last
year!
79%
said it was challenging to orchestrate alerts from multiple vendor
productsSource: CISCO CYBERSECURITY SERIES 2019 • CISO BENCHMARK STUDY 2019
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
34%of investigated
alerts are legitimate
51%of legitimate
alerts are
remediated
49%of legitimate
alerts are not
remediated
44%of alerts are
NOT investigated
51%of alerts are
investigated
So many alerts…
Source: Cisco Annual CyberSecurity Report 2019
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
So CISOs are trying to consolidate
54%
2018
2019
10 or fewer vendors
63%
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Breaches cost more than
money.
In the wake of a breach, CISOs
are most concerned about:
operations (36%) customer
retention (33%) brand
reputation (32%)
51%
are driving breach costs below $500K
8% still have breach cost of $5M+
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
The most collaborative teams lose the least money.
of those who stated that
their networking and
security teams were
collaborative
59%
<$100K Also reported the lowest
category of breach cost
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
From Overwhelmed to
Empowered
a new approach to security
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Three questions for empowerment
Source: Gartner (September 2018)
What’s real?
What’s
important?
What’s
dangerous?
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Security approach to confront riskContinuously detecting threats and verifying trust
Continuous trust verificationContinuously verify identity and device trust
across the software-defined perimeter
Continuous threat detectionPrevent attacks while continuously detecting and
remediating the most advanced threats
Dynamic Context
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Security Architecture
Open APIs · Developer Environment · Services
Enforcement Everywhere
Management · Response
Deploy Policy
InvestigateDetect Remediate
3rd
Parties
Technology
Partners and
other 3rd
party threat
feeds
Comprehensive Threat Intelligence
Known Threats Unknown/Zero-day
Continuous
Trust
Verification
Users, devices,
applications,
and more
EndpointNetwork Cloud Application
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Backed by the industry’s best threat intelligence
Email Malware/Endpoint Network IntrusionsWeb/URL Network Analysis DNS/IP
III00II I000I0I I000I0I I000I0I II 0I00 I0I000 0II0
II0II0I0I0I I0I0I0I 0I0I0I0I 0I0I00I0 I0I0I0I 0II0I0I0I
00I I0I0I0 I0I0III000 I0I00I0I 0II0I0 I00I0I0I0I 00
0II00 I00I0I0 0I00I0I I00I0I0 I0I0I0I 0I0I0I 0I0I0
III00II 0II00II I0I0II0II0 I0 I0 I00 00I0 I000 0II0 00
III00II 0II00II I0I000 0II0 00I0I00 I0 I000I0I 0II 0I0
00I00 I00I0I II0I0I 0II0I I0I00I0I0 0II0I0II 0I00I0I I0
II0III0I 0II0II0I II00I0I0 0I00I0I00 I0I0 I0I0 I00I0I00
Quickly analyze
suspicious payloads
Detect and block threats
in email messages
Block access to known or suspected
malicious web sites
Accurately identify
and block known threatsThreat intelligence researchers
Analyze network telemetry
Threat processing centers
Threat intelligence partners
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
How Cisco Integrates Security
Threat Intel/EnforcementIncreased Threat Prevention
Automated PolicyDecreased Time to Remediate
Context AwarenessDecreased Time to Investigate
Event VisibilityDecreased Time to Detect
Advanced Threat
Cloud Workload
Protection
Switches and Access
Points
Identity and Network
Access Control
Secure
AS-WAN/ Routers
Enterprise Mobility
Management
Cloud Access Security
Security
Secure Internet
Gateway
Web
Security
Next-Gen
FW/IPS
Network Traffic
Security Analytics
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Threat ResponseUnleashing the power of the Cisco
Integrated Security Architecture
Increased security
with reduced
time and effort
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Open for Security IntegrationAPIs connect to 160+ Network, Endpoint, Cloud technologies
EMM/MobilityEndpoint and
Custom DetectionSIEM and Analytics
Threat
Intelligence
Vulnerability
Management
NPM/APM and
Visualization
Other
Cloud Apps and
Infrastructure
UEBA
Forensics and IR
Infrastructure
Firewall and Policy Management
CASB
Deception
IAM/SSO
Orchestration
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Reduce exposure and prepare with drills and training
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Find ways to orchestrate and automate threat response across tools to move from detection to response faster
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Keep organizations saferwith machine learning the right way
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Technology 2018 2019
Machine
learning (ML)77% 67%
Artificial
Intelligence (AI)74% 66%
Automation 83% 75%
Technology adoption
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Encrypted Traffic Analytics (ETA)Visibility and malware detection without decryption
Cryptographic complianceMalware in Encrypted Traffic
Is the payload within the TLS
session malicious?
• End to end confidentiality
• Channel integrity during inspection
• Adapts with encryption standards
How much of my digital business uses
strong encryption?
• Audit for TLS policy violations
• Passive detection of
Ciphersuite vulnerabilities
• Continuous monitoring of network opacity
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Encrypted Traffic Analytics
Known malware
traffic
Known
benign traffic
Extract
observable
features
in the data
Employ
machine learning
techniques
to build detectors
Malware detected
in Encrypted
Traffic
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Continue collaboration between Networking and Security
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Enterprise FirewallClassification of +1400 layer 7 apps
Intrusion Protection SystemMost widely deployed IPS engine in the
world
URL-FilteringWeb reputation score using 82+ web
categories
Simplified Cloud SecurityEasy deployment of Cisco Umbrella
Cisco SD-WAN
Cisco
Security
Security and SD-WAN
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Budgeting for risk
40%
are using cyber insurance
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Data privacy goes hand-in-hand with security GDPR-ready companies have fewer and less costly breaches
Strategic Partnership
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
“Cyber Fatigue,” defined as “having virtually given up on staying ahead of malicious threats and bad actors”
46%
2018
2019
Cyber fatigue is going
down
30%