Security An Imperative for Digital Innovation · © 2016 Cisco and/or its affiliates. All rights...

Cisco Confidential© 2016 Cisco and/or its affiliates. All rights reserved. 1

Security – An Imperative for Digital InnovationTimothy SnowSolutions Architect – Security

May 12, 2017

@TimSnowIT

Cisco Confidential© 2016 Cisco and/or its affiliates. All rights reserved. 2

Get Ready For The Digital World –Every country, city and business will become digital

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

Lack Of Cybersecurity Hinders Innovation In The Digital Era

“Cybersecurity risks and threats

hinder innovation in my organization.”

Survey

“My organization halted a

mission-critical initiative

due to cybersecurity fears.”

Survey

Innovations are

moving forward, but

probably at 70%-

80% of what they

otherwise could if

there were better

tools to deal with the

dark cloud of

cybersecurity

threats.

Robert Simmons

CFO

71%

Agree

39%

Agree

1014 respondents


Even the 'bad guys" are moving to digitalA single bitcoin has surpassed the value of an ounce of gold for the first time – All time high March 3, 2017


Security Challenges Globally

RansomwareMobile Work

Force

IoTCloud

Applications

Automation

Cost Complexity Talent Shortage


22%of organisations

cited

lost customers

23%of organisations

cited

lost opportunity

29%of organisations cited

lost revenue

$

What happens if we're wrong once….


The struggle to securely digitizeOutdated infrastructure creates vulnerabilities that overwhelm defenders

Budget constraints Not utilizing

available tools

or not getting

enough out of

them

Patch and

Updates

Lack of processOutdated

infrastructure


Misconfigured

Firewall

Proxy – Out

of Date SW

Old School

Anti-virus

Manual

Segmentation

Standalone

Sandbox


of spam is malicious

8%65%of email is spam

201620132010

Em

ails

/ S

econ

d

.5K

1K

1.5K

5K

4.5K

4K

3K

3.5K

2.5K

2K

Spam Comes Roaring BackEmail Is Back In Vogue


of organizations investigated

had adware infections

Adware

75%Malvertising

Using brokers to increase speed and

agility – eg existing botnets

Very fast adaption to attack techniques

Leveraging Cloud Hosting services to

role out dynamic infrastructure

Adware And Malvertising Shift Into High Gear


Vulnerabilities on the Rise

Middleware Vulnerabilities

34% 8% 20%

Network(from 501 to 396)

Client(from 2300 to 2106)

Server(from 2332 to 3142)

Adversaries Find Space and Time on the Server Side. Middleware is Poised to Attract Attackers


Time to Detect vs Time to EvolveReducing TTD Forces Adversaries to Speed Up Their Effort Just to Keep Up

Median

TTD in

Hours

Percentage of

Total Unique

Hashes

Nov2015

Jan2016

Apr2016

July2016

Nov.2016


The Cat and Mouse "game"

"a contrived action involving constant pursuit, near

captures, and repeated escapes."


Firewall

Last 20 years of security:

Got a problem?

Buy a Box


The

Existingsecurity stack…

Firewall

VPN

Email Security

Web Security

DLP

SIEM

Replacement Box

Failover

Persistent Threats

IDS

Firewall 2.0

VPN 2.0

Email Security 2.0

Web Security 2.0

DLP 2.0

SIEM 2.0

Replacement Box 2.0

Failover 2.0

Persistent Threats 2.0

IDS 2.0


How many "boxes" do you have?

ADD CISCO IS HERE. . . WITH IT’s ARCH

Do any of them guarantee your company's security?


The Security Effectiveness Gap

Budget Constraints with renewals

Lack of Trained Experts

Integration Headaches

Lack of clear policy defination

Misconfigurations

etc…


Cisco Security reverses the gap to extend capabilities


Integrated Architectural Approach

Best of Breed Portfolio

Cisco’s Security Strategy


Industry’s Most Effective Security Portfolio

– Threat Intelligence

Services

Network CloudEndpoint

Integrated Threat Defense

simple open automated effective


Before During After

Security Everywhere Architecture

Web

Network Analytics

Advanced Malware

Secure Internet Gateway

UTMW W W

Policy & Access

Email

NGFW + NGIPS

Cloud Security

22

Branch IOTCloudData CenterEndpoint CampusEdge


Cisco

Architectural

Approach

* Final Results

Firewall

VPN

Email Security

Web Security

DLP

SIEM

Replacement Box

Failover

Persistent Threats

IDS

Firewall 2.0

VPN 2.0

Email Security 2.0

Web Security 2.0

DLP 2.0

SIEM 2.0

Replacement Box 2.0

Failover 2.0

Persistent Threats 2.0

IDS 2.0Point

Products

Approach

38%+Return

on Investment*

Cisco Architectural Approach Helps Customers Save Money


4

Access Control – Identity Services Engine

Network ResourcesAccess Policy

TraditionalCisco

TrustSec®

BYOD Access

Threat Containment

Guest Access

Role-Based

Access

Identity Profiling

and Posture

A centralized security solution that automates context-aware

access to network resources and shares contextual data

Network

Door

ISE pxGrid

Controller

Who

Compliant

What

When

Where

How

Context

Threat (New!)

Vulnerability (New!)

BRKS

90% don't know what's

on their networks


The AMP Everywhere Architecture

AMP

Threat Intelligence

Cloud

Windows OS Android Mobile Virtual MAC OSCentOS, Red Hat

Linux for servers

and datacenters

AMP on Web and Email Security AppliancesAMP on Cisco® ASA Firewall

with Firepower Services

AMP Private Cloud Virtual Appliance

AMP on Firepower NGIPS

Appliance

(AMP for Networks)

AMP on Cloud Web Security and Hosted Email

CWS/CTA

Threat Grid

Malware Analysis + Threat

Intelligence Engine

AMP on ISR with Firepower

Services

AMP for Endpoints

AMP for Endpoints

Remote Endpoints

AMP for Endpoints can be

launched from AnyConnect

AFTERScope

Contain

Remediate

Detect

Block

Defend

DURING


Cisco – A leader in breach detection


Firewall - Protection & Threat Detection

W W W

Context-

Aware

Functions

NG-IPS

FunctionsMalware

Protection

VPN

FunctionsTraditional

Firewall

Functions

Protection Centric Threat Centric


What does Cisco Firepower enable?

Detect earlier,

act faster

Gain more

insightReduce

complexity

Get more from

your network

Stop more

threats

T h r e a t - f o c u s e d F u l l y I n t e g r a t e d

Cisco Firepower NGFW

- Superior

effectiveness

before, during, and

after attacks –

Confirmed by 3rd

party tests (NSS)

- Detect and

contain rapidly

— reduce

exposure time–

IoC's

- Industry

leading

visibility, with

automated

and prioritized

response

- Unified

management

and fewer

vendors

- reduced

complexity

- Enhance security,

leverage existing

investments, with

Cisco and 3rd

party integrations


UmbrellaProtection at the DNS layer

- Everywhere

Embedding Secure Gateway capabilities into

Cisco ISR 4K devices Cisco WLAN controllerRoaming Clients

WSA

On-Prem Proxy

Built into the foundation of the internet

Intelligence to see attacks before launched

at the DNS layer

Visibility and protection everywhere

Deploy even at the remote branches

Integrations to amplify existing

investments

NGFW


RECONNAISSANCE

BOTNET

DATA

HOARDING

SPREADING

MALWARE

POLICY

VIOLATION

Network as a Sensorto Identify Indicators of Compromise


Rapid Threat Containment – Leverage the Network!

Network

Switch Router DC FW DC SwitchWireless

XpxGrid

ISE

~5 SecondsIT Admin Initiated or Automatic

SIEM

Firewall

Stealthwatch

FirePower

Custom Detection


Find and contain problems

fast

Simplifynetwork

segmentation

Control who gets onto your network

Protect users wherever they work

Stop threats at the edge

Security Enables DigitizationProtect your Business During Digital Transformation


Techniques to minimize risk

Make Security a Business PriorityLeadership must own, evangelize, fund security.

Measure Operational DisciplineReview security practices, control access points, patch.

Integrate Defense Approach Implement architectural approach to security, automate

processes to reduce time to react to, stop attacks.

Test Security EffectivenessValidate, improve security practices, network

connection activity..

Attack

Preparedness

Plan


Moving to a Threat Defense Approach

Business Priority

Measure Operation

Discipline

Integrate Defense Approach

Test Security Effectiveness

PreventTo minimize impact of breaches, encourage

employees to report failures and problems,

and clearly communicate security processes

and procedures.

MitigateImplement and document exact procedures for

incident response and tracking. Inform and

educate all parties on precise, step-by-step

crisis management response protocol.

DetectTo alert your organization to security

weaknesses before they become full-blown

incidents, implement a system for

categorizing incident-related information.

Minimize

Risk!


#1Cisco Priority

5KPeople Strong

Ongoing

Innovation Integrated Best of breed portfolio

250Threat

Researchers

19.7BThreats Blocked

Daily

100xFaster Finding

Breaches

99%Security

Effectiveness

88%Fortune 100 use Cisco Security

BillionsInvested

Sourcefire

Lancope

Neohapsis

OpenDNS

ThreatGRID

Cognitive

Portcullis

CloudLock

Cisco’s Security Commitment


simple open automated

Effective Security


Thank you.

Cisco ConfidentialCisco Confidential© 2016 Cisco and/or its affiliates. All rights reserved. 38

ASEAN Reference Case: FSI Customer

Challenges

Knowledge of external entities with intent

Mandates for compliance

Multiple Security vendors

Solution

Cisco Stealthwatch (NaaS) gave the customer visibility into

foreign threats, internal policy violations and segmentation

faults

Business outcomes achieved

Regulatory mandate compliance and risk reduction

Industry Photo to Be Placed

Security An Imperative for Digital Innovation · © 2016 Cisco and/or its affiliates. All rights...

Documents

Transcript of Security An Imperative for Digital Innovation · © 2016 Cisco and/or its affiliates. All rights...