Service Provider Security Architecture - · PDF fileThe world has gone mobile Traffic growth,...
41
Andrew Turner Technical Marketing, Security Business Group April 12 th 2017 Service Provider Security Architecture
Transcript of Service Provider Security Architecture - · PDF fileThe world has gone mobile Traffic growth,...
Andrew TurnerTechnical Marketing, Security Business GroupApril 12th 2017
Service Provider Security Architecture
Digitization is disrupting the SP businessThe world has gone mobile Traffic growth, driven by video
Rise of cloud computing Machine-to-Machine
Changing Customer
Expectations Ubiquitous Access to Apps & Services
10X Mobile Traffic GrowthFrom 2013-2019
Changing Enterprise Business Models Efficiency & Capacity
Soon to Change SP
Architectures/ Service Delivery
Emergence of the Internet of Everything
Process ThingsPeople Data
Pet
abyt
es p
er M
onth
Other (43%, 25%)120,000
100,000
80,000
60,000
40,000
20,000
0
Internet Video (57%, 75%)
2013 2014 2015 2016 2017 2018
23% Global CAGR
2013- 2018
Exponential Growth in Data
More and more Data
More and more ways to access Data
More and more regulations on securing Data
Risks to Service Providers and Their Customers
Welcome to the Hackers’ EconomySource: CNBC
Global Cybercrime
Market: $450B‒$1T
All Data has Monetary Value
Social Security
$1 MedicalRecord>$50
DDoSas a Service
~$7/hour
DDoS
CreditCard Data$0.25−$60
Bank Account Info>$1000
depending on account type and balance
$
Exploits$100k-$300K
Facebook Account$1 for an account
with 15 friends
Spam$50/500K emails
Malware Development
$2500(commercial malware)
Mobile Malware$150
Money Motivates AttackersOrganizations Are Under Attack and Malware Is Getting in
Viruses1990-2000
Worms2000-2005
Spyware and Rootkits2005-Today
APTs CyberwareToday +
1990 1995 2000 2005 2010 2015 2020
Phishing, Low Sophistication Hacking Becomes
an Industry Sophisticated Attacks, Complex Landscape
of large companies targeted by malicious traffic95% of organizations interacted
with websites hosting malware100% § Cybercrime is lucrative, barrier to entry is low§ Hackers are smarter and have the resources to compromise your organization§ Malware is more sophisticated§ Organizations face tens of thousands of new malware samples per hour
Being Breached Costs Dollars and Reputation
1Verizon – 2015 Data Breach Investigations Report2 Ponemon Institute - 2015 Cost of Data Breach Study: Global Analysis
3Verizon – 2014 Data Breach Investigations Report4Verizon – 2014 Data Breach Investigations Report
Loss of customer trust
Loss for every 1k data files breached1
$87k
Average lost business cost per attack2
$1.45M
Of security breaches compromise data in
hours3
60%
Of security breaches are not detected until
months later4
54%
Shift to 5G Will Be Led by New ServicesUltra Reliability
(Wherever + Whenever)
Ultra Capacity and Coverage
Ultra High-Speed(up to 10 Gbps to cell site)
Ultra Low Latency(1 ms End-to-End)
Massive Device Connectivity
Pervasive Video
Broadband access in dense areas
Average 1 Gbps per device
Broadband access everywhere
Tactile Internet
Extreme real-time communications
Natural Disaster
Lifeline communications
High Speed Train
Higher user mobility
Sensor Networks
Massive Internet of Things
E-Health Services
Ultra-reliable communications
Broadcast Services
Broadcast-like services
+
1G
New Services Mean New Threats
2G 3G LTE 5G
Threat Surface
Cisco: Committed to Security
#1Cisco Priority
BillionsInvested
5KPeople Strong
Ongoing
Innovation Integrated Best of breed portfolio
250Threat
Researchers
19.7BThreats Blocked
Daily
100xFaster Finding
Breaches
99%Security
Effectiveness
88%Fortune 100 use Cisco Security
S8
S9
SGi
Rx
Datacenter
Corp ITInternet
Traditional Security Needs to Keep Pace
Firewall
Firewall
Firewall
Firewall
Firewall
Firewall
Firewall
Security
Remember This?
Look Inside
https://Or Maybe Not
S8
S9
SGi
Rx
Datacenter
Corp ITInternet
Traditional Security Needs to Keep Pace
Firewall
Firewall
Firewall
Firewall
Firewall
Firewall
Firewall
Once inside, who is talking to who?
S8
S9
SGi
Rx
Datacenter
Corp ITInternet
Traditional Security Needs to Keep Pace
Firewall
Firewall
Firewall
Firewall
Firewall
Firewall
Firewall
Industry Average Time to Detect100 Days
Example Threats inside the Perimeter
Insider Internal DoS
Interception and
Exploitation
Exfiltration
Security begins with visibility
You can’t protect what you can’t see
Who is on the Network?
And what are they up to?
Because when it happens…..
Incidentreported
WHOdid this?
HOWlong?
WHAT was accessed?
WHEN will we know?
WHENdid it
happen?
Evolution of Firewalls
NGIPS
ApplicationControl
AMPFirewall
NGFW
How to increase visibility at the Firewall?
Evolution of Security
Firewall NGFW Architecture including NGFW
Device
Network Cloud
Cisco Open Network Architecture for 5G, IoT, Beyond
Service Creation
Streaming Telemetry
OSS | BSS
Physical & Virtual
Infrastructure
Business | IoT | Video | Mobile I Collaboration
Cloud-Based Services, ApplicationsPublic | Private Cloud and/or On-Prem
Orchestration | Automation
Network Abstraction
Physical & Virtual
Infrastructure
Secu
rity
Polic
y
Anal
ytic
s
Ope
n AP
Is
Security in the Open Network Architecture
Policy & Segmentation
Security Analytics
What is happening on the network
What should happen on the network
Monitoring & Anomaly Detection
Cloud Based Services
Network Abstraction
InfrastructureEnfo
rcem
ent
Visibility
Visi
bilit
y
What is happening on the network
Security Architecture
Access & Aggregation
Partner Edge
Enterprise NetworkLAN / WAN InfraWiFi / BYOD
Call CentresRetail presence
DatacentrePublic Cloud
Internet Edge
IN(IMS,SigTran)
MPC/EPC
Management Network
UE DDOS
eNodeBDOS
Insider Threat
Insider Threat
Smallcell
SmallcellSignaling
DOS
DDOS
Data Exfiltration
Data Exfiltration
Data Exfiltration
DDOS
Malware
Malware
Insider Threat
MalwareData
HoardingPrivilege
Exploitation
Malware
Malware
Interception
Privilege Exploitation
Interception
Interception
Privilege Exploitation
DOS
Mobility Security Architecture - Visibility
Access & Aggregation
Partner Edge
Enterprise NetworkLAN / WAN InfraWiFi / BYOD
Call CentresRetail presence
Datacentre Public Cloud
Internet Edge
IN(IMS,SigTran)
MPC/EPC
Management Network
Network Data
Endpoint Data
Subscriber Data
Partner Data
Internet Data
Service Data
Mobility Security Architecture – Policy & Segmentation
Access & Aggregation
Internet Edge
IN(IMS,SigTran)
MPC/EPC
Segment
Segment
Policy & Segmentation defines
Who is allowed to talk to Who?What are they allowed to talk about?How are they allowed to talk?When are they allowed to talk?
Mobility Security Architecture – Policy & Segmentation
Access & Aggregation
Internet Edge
IN(IMS,SigTran)
MPC/EPC
Segment
Segment
Policy and Segmentation is not just between segments but also within
segments
Mobility Security Architecture – Policy & Segmentation
Access & Aggregation
Partner Edge
Enterprise NetworkLAN / WAN InfraWiFi / BYOD
Call CentresRetail presence
Datacentre Public Cloud
Internet Edge
IN(IMS,SigTran)
MPC/EPC
Management Network
What ishappening
on the network
Segment
Segment
Segment Segment
Segment
Segm
ent
What shouldhappen on the network
Security Architecture - Analytics
Access & Aggregation
Internet Peering
Peering
Enterprise NetworkLAN / WAN InfraWiFi / BYOD
Call CentresRetail presence
BSS (Billing & Mediation)OSS Systems,
Customer PortalsNfV & Orchestration
Datacentre Cloud
Internal / External Cloud
Gi LANOLO
Interconnect
IN(IMS,SigTran)
Con
trol P
lane
(Dia
met
er)
Use
r Pla
ne (S
CTP
, GTP
)MPC/EPC
Management Network
What ishappening
on the network
What shouldhappen on the network
What is versus what should be
Security Architecture - Analytics
Access & Aggregation
Internet Peering
Peering
Enterprise NetworkLAN / WAN InfraWiFi / BYOD
Call CentresRetail presence
BSS (Billing & Mediation)OSS Systems,
Customer PortalsNfV & Orchestration
Datacentre Cloud
Internal / External Cloud
Gi LANOLO
Interconnect
IN(IMS,SigTran)
Con
trol P
lane
(Dia
met
er)
Use
r Pla
ne (S
CTP
, GTP
)MPC/EPC
Management Network
What ishappening
on the network
What shouldhappen on the network
What is versus what should be plus what threats do we know and what is normal behavior
ThreatIntel
Security Architecture - Analytics
Access & Aggregation
Internet Peering
Peering
Enterprise NetworkLAN / WAN InfraWiFi / BYOD
Call CentresRetail presence
BSS (Billing & Mediation)OSS Systems,
Customer PortalsNfV & Orchestration
Datacentre Cloud
Internal / External Cloud
Gi LANOLO
Interconnect
IN(IMS,SigTran)
Con
trol P
lane
(Dia
met
er)
Use
r Pla
ne (S
CTP
, GTP
)MPC/EPC
Management Network
What ishappening
on the network
What shouldhappen on the network
What is versus what should be plus what threats do we know and what is normal behavior
ThreatIntel
Analytics
Visibility Policy
Security Architecture
Access & Aggregation
Internet Peering
Peering
Enterprise NetworkLAN / WAN InfraWiFi / BYOD
Call CentresRetail presence
BSS (Billing & Mediation)OSS Systems,
Customer PortalsNfV & Orchestration
Datacentre Cloud
Internal / External Cloud
Gi LANOLO
Interconnect
IN(IMS,SigTran)
Con
trol P
lane
(Dia
met
er)
Use
r Pla
ne (S
CTP
, GTP
)MPC/EPC
Management Network
What ishappening
on the network
What shouldhappen on the network
ThreatIntel
Visibility Policy
AnalyticsSecurity Trigger
Service Change
Infrastructure Change via
Orchestration
Enforcement Action to Mitigate Threat
What is versus what should be plus what threats do we know and what is normal behavior
Security in the Open Network Architecture
Policy & Segmentation
Security Analytics
What is happening on the network
What should happen on the network
Monitoring & Anomaly Detection
Cloud Based Services
Network Abstraction
InfrastructureEnfo
rcem
ent
Visibility
Visi
bilit
y
What is happening on the network
Security Driven Service Change
Security Auto-Remediation
Example
Device is quarantined for remediation or mitigation –access is denied per security policy
NGFW
ISE PolicyServer
Datacenter Server
Device is compromisedTries to breach datacenter
Trustsec EnabledNetwork
Source Destination Action
IP SGT IP SGT Service Action
Any Employee Any DC Server HTTPS Allow
Any Suspicious Any DC Server Any Deny
Firewall Rules
FMC StealthwatchUser Activity and File Activity monitored, aggregated and analyzed.
PXGRID:
Analytics detect suspicious behavior and inform policy server.
Policy server changes policy for device
Based on the new policy, network enforcers automatically restrict access
Visibility
Analytics
Policy
Enforcement
Rapid Threat Containment
Visibility
InternetEPCUE
Which User Accessed a URL at any particular time?
RAN
Visibility
InternetEPCUE RAN
URLDate/Time of Connection
Duration of the Connection
NAT IP AddressSource IP Address
IMSI/MSISDN
Visibility
Cisco Stealthwatch
Correlates multiple data types and sources to provide traffic details, subscriber info and
application context for every traffic flow passing
through the network
Threat Intelligence
See Once, Enforce Everywhere
NetworkDevice Cloud
Analytics
EnforcementVisibility
Protecting Network, Cloud, Device for 5G, IoT, Beyond
Cloud
NetworkDeviceCentralized SecGW
Firepower 9300
Firepower 4100 Series
ASAv
Distributed SecGW
ASR 900 Series
ASAv
Superior Performance and Scale
High throughput IPsec VPN and Security Gateway
processing
Future ProofPhysical and virtual options
to address architectural requirements
Exceptional FlexibilityRight sized with pay-as-you-grow
options; unique clustering technology on Firepower to optimize
performance while reducing rack space, power and cooling costs
Cloud
NetworkDevice
Protecting Network, Cloud, Device for 5G, IoT, BeyondSecurity Gateway (SecGW) Solutions for Secure Mobile Backhaul
Protecting Network, Cloud, Device for 5G, IoT, BeyondCisco Umbrella for New Revenue Opportunities
Cloud
NetworkDevice
Cisco Umbrella
for Service Providers
LearnIntelligence to see attacks
before they launch
SeeVisibility to protect access
everywhere
BlockStop threats before
connections are made
SMB Connectivity MSSP EnterpriseConsumer
Protecting Network, Cloud, Device for 5G, IoT, Beyond Secure Enterprise Mobility
Cloud
NetworkDevice
Samsung and Cisco are partnering to provide the most secure mobile device platform with unmatched visibility for the enterprise
Trusted Device Visibility Collection & Analytics
Security Business Group
Thank You
“There are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked.”John Chambers
