From Overwhelmed to Empowered - 2020 · Effective Security for the Modern Enterprise From...

Effective Security for the Modern Enterprise

From Overwhelmed to Empowered

John Maynard

VP, Global Security Specialists

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Today’s risk reality

Workers connecting

everywhere

Loss of control

More interconnected than ever

Expanded attack surface Multi-cloud reality

A software-defined world

Automated and

sophisticated threats

High likelihood of a breach

Continuous operations

Must keep business running


Phishing

DDoS

Advanced Persistent Threats

Ransomware

Botnets

Wiper Attacks

Data/IP Theft

Spyware/Malware

Man in the Middle

Drive by Downloads

Malvertising

Unpatched Software

Rogue Software

Credential compromiseCryptomining

Attack landscape

constantly evolving Supply chain attacks


We just asked 3200 security decision makers around the world

What’s Keeping CISOs Up At Night?


Impossibly complex

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

That’s up from 74% last

year!

79%

said it was challenging to orchestrate alerts from multiple vendor

productsSource: CISCO CYBERSECURITY SERIES 2019 • CISO BENCHMARK STUDY 2019


34%of investigated

alerts are legitimate

51%of legitimate

alerts are

remediated

49%of legitimate

alerts are not

remediated

44%of alerts are

NOT investigated

51%of alerts are

investigated

So many alerts…

Source: Cisco Annual CyberSecurity Report 2019


So CISOs are trying to consolidate

54%

2018

2019

10 or fewer vendors

63%


Breaches cost more than

money.

In the wake of a breach, CISOs

are most concerned about:

operations (36%) customer

retention (33%) brand

reputation (32%)

51%

are driving breach costs below $500K

8% still have breach cost of $5M+


The most collaborative teams lose the least money.

of those who stated that

their networking and

security teams were

collaborative

59%

<$100K Also reported the lowest

category of breach cost


From Overwhelmed to

Empowered

a new approach to security


Three questions for empowerment

Source: Gartner (September 2018)

What’s real?

What’s

important?

What’s

dangerous?


Security approach to confront riskContinuously detecting threats and verifying trust

Continuous trust verificationContinuously verify identity and device trust

across the software-defined perimeter

Continuous threat detectionPrevent attacks while continuously detecting and

remediating the most advanced threats

Dynamic Context


Cisco Security Architecture

Open APIs · Developer Environment · Services

Enforcement Everywhere

Management · Response

Deploy Policy

InvestigateDetect Remediate

3rd

Parties

Technology

Partners and

other 3rd

party threat

feeds

Comprehensive Threat Intelligence

Known Threats Unknown/Zero-day

Continuous

Trust

Verification

Users, devices,

applications,

and more

EndpointNetwork Cloud Application


© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public

Backed by the industry’s best threat intelligence

Email Malware/Endpoint Network IntrusionsWeb/URL Network Analysis DNS/IP

III00II I000I0I I000I0I I000I0I II 0I00 I0I000 0II0

II0II0I0I0I I0I0I0I 0I0I0I0I 0I0I00I0 I0I0I0I 0II0I0I0I

00I I0I0I0 I0I0III000 I0I00I0I 0II0I0 I00I0I0I0I 00

0II00 I00I0I0 0I00I0I I00I0I0 I0I0I0I 0I0I0I 0I0I0

III00II 0II00II I0I0II0II0 I0 I0 I00 00I0 I000 0II0 00

III00II 0II00II I0I000 0II0 00I0I00 I0 I000I0I 0II 0I0

00I00 I00I0I II0I0I 0II0I I0I00I0I0 0II0I0II 0I00I0I I0

II0III0I 0II0II0I II00I0I0 0I00I0I00 I0I0 I0I0 I00I0I00

Quickly analyze

suspicious payloads

Detect and block threats

in email messages

Block access to known or suspected

malicious web sites

Accurately identify

and block known threatsThreat intelligence researchers

Analyze network telemetry

Threat processing centers

Threat intelligence partners




How Cisco Integrates Security

Threat Intel/EnforcementIncreased Threat Prevention

Automated PolicyDecreased Time to Remediate

Context AwarenessDecreased Time to Investigate

Event VisibilityDecreased Time to Detect

Advanced Threat

Cloud Workload

Protection

Switches and Access

Points

Identity and Network

Access Control

Secure

AS-WAN/ Routers

Enterprise Mobility

Management

Cloud Access Security

Email

Security

Secure Internet

Gateway

Web

Security

Next-Gen

FW/IPS

Network Traffic

Security Analytics


Cisco Threat ResponseUnleashing the power of the Cisco

Integrated Security Architecture

Increased security

with reduced

time and effort



Open for Security IntegrationAPIs connect to 160+ Network, Endpoint, Cloud technologies

EMM/MobilityEndpoint and

Custom DetectionSIEM and Analytics

Threat

Intelligence

Vulnerability

Management

NPM/APM and

Visualization

Other

Cloud Apps and

Infrastructure

UEBA

Forensics and IR

Infrastructure

Firewall and Policy Management

CASB

Deception

IAM/SSO

Orchestration


Reduce exposure and prepare with drills and training


Find ways to orchestrate and automate threat response across tools to move from detection to response faster


Keep organizations saferwith machine learning the right way


Technology 2018 2019

Machine

learning (ML)77% 67%

Artificial

Intelligence (AI)74% 66%

Automation 83% 75%

Technology adoption


Encrypted Traffic Analytics (ETA)Visibility and malware detection without decryption

Cryptographic complianceMalware in Encrypted Traffic

Is the payload within the TLS

session malicious?

• End to end confidentiality

• Channel integrity during inspection

• Adapts with encryption standards

How much of my digital business uses

strong encryption?

• Audit for TLS policy violations

• Passive detection of

Ciphersuite vulnerabilities

• Continuous monitoring of network opacity


Cisco Encrypted Traffic Analytics

Known malware

traffic

Known

benign traffic

Extract

observable

features

in the data

Employ

machine learning

techniques

to build detectors

Malware detected

in Encrypted

Traffic


Continue collaboration between Networking and Security


Enterprise FirewallClassification of +1400 layer 7 apps

Intrusion Protection SystemMost widely deployed IPS engine in the

world

URL-FilteringWeb reputation score using 82+ web

categories

Simplified Cloud SecurityEasy deployment of Cisco Umbrella

Cisco SD-WAN

Cisco

Security

Security and SD-WAN


Budgeting for risk

40%

are using cyber insurance


Data privacy goes hand-in-hand with security GDPR-ready companies have fewer and less costly breaches

Strategic Partnership


“Cyber Fatigue,” defined as “having virtually given up on staying ahead of malicious threats and bad actors”

46%

2018

2019

Cyber fatigue is going

down

30%

From Overwhelmed to Empowered - 2020 · Effective Security for the Modern Enterprise From...

Documents

Transcript of From Overwhelmed to Empowered - 2020 · Effective Security for the Modern Enterprise From...