The Business Value Model Christi McClellan Security CAM - Cisco Systems.

The Business Value Model

Christi McClellanSecurity CAM - Cisco Systems

Security = Top Business Issue

Selected change in ranking compared with 2003

* New question for 2004

* Need for revenue growth

* Use of information in products/services

* Economic recovery

Single view of customer

Faster innovation

Greater transparency in reporting

Enterprise risk management

-

-

-

5

7

4

3

-

-

-

3

-

-

5

4

5

6

7

9

10

8

Security breaches/business disruptions

Operating costs/budgets

Data protection and privacy

Ranking

12

1

2

20032002

-

1

4

1

2

3

2004Gartner: Top Ten Business Trends In 2004

• Inability to quantify benefits

• Lack of risk analysis

• Perceived cost

• Preconceived notions

• Quickly evolving networks and applications

Why Customers Lack Sufficient Security

• Assets

• Vulnerabilities

• Threats

• Consequences

Threats and Vulnerabilities

52% experienced attacks from outside48% experienced attacks from inside

Most expensive attacks come from inside (Up to 10x more costly)

Source: CSI / FBI Security Study 2004

Internet

Virus

Introduction: Integrated Security Strategies

Why Business Disruptions Continue

• Viruses, Worms, Trojan Horses, Botnets penetrating defenses– Viruses now #1 cause of financial loss (2004 CSI/FBI)

• Day-zero attacks are sophisticated and complex• Point technologies easily bypassed, not designed to preserve network integrity

or resiliency• Non-compliant servers/desktops common, difficult to detect and contain• Locating and isolating infected systems is time and resource intensive

Security Drivers Continue

GlobalInfrastructur

eImpact

RegionalNetworks

MultipleNetworks

IndividualNetworks

IndividualComputer

Target and Target and Scope of Scope of DamageDamage

1st Gen• Boot viruses

1st Gen• Boot viruses

WeeksWeeks 2nd Gen• Macro viruses• E-mail • DoS• Limited

hacking

2nd Gen• Macro viruses• E-mail • DoS• Limited

hacking

DaysDays3rd Gen• Network DoS• Blended threat

(worm + virus+ trojan)

• Turbo worms • Widespread

system hacking

3rd Gen• Network DoS• Blended threat

(worm + virus+ trojan)

• Turbo worms • Widespread

system hacking

MinutesMinutes

Next Gen• Infrastructure

hacking • Flash threats• Massive

worm driven DDoS

• Damaging payload viruses and worms

Next Gen• Infrastructure

hacking • Flash threats• Massive

worm driven DDoS

• Damaging payload viruses and worms

SecondsSeconds

1980s 1990s Today Future

Time from Time from knowledge of knowledge of

vulnerability to vulnerability to release of release of exploit is exploit is shrinkingshrinking

Threat Defense

• Products that protect the network and endpoints from both known and unknown threats.

• These products are crucial to layered security deployment in any network.

• Defensive strategy• Is Defense all you need to win?

Trust and Identity

• Mitigate the risk associated with unauthorized individuals or devices accessing the company’s network. – Use analogies such as security badges providing varied levels of

access for different individuals. • Develop a more robust method to manage how and who

can access certain information. – Manage access by functional areas within an organization i.e.

(Human Resources and Finance.)

Secure Communications

• Converged and wireless networks create a great deal of interesting issues related to securing communication.– A "must have" solution for companies with employees

who work remotely or companies that engage in e-commerce or other business-to-business electronic communications.

Management

• Network and security management tools allow one to offensively detect, prioritize, and respond to perceived threats. – Use analogies such as the airport control tower, where all is

monitored, managed, and directed. Having the ability to direct and control the network activities is a critical element in a successful security program.

– Reinforce that without the tools to identify and prioritize potential issues, one will not be able to leverage the investment made in all of the robust defense equipment.

What are Customers Looking For?

The Self-Defending Network and Solution: Integrated Security Management

1990s 2000 2002

• Integrated security

RoutersSwitchesAppliancesEndpoints

• FW + VPN + IDS. . .

• Integrated management software

• Evolving advanced services

• Security appliances

• Enhanced router security

• Separate management software

• Basic router security

• Command Line Interface (CLI)

2003

• End-to-End Protection

• Security aware elements

• Dynamic comm. between security elements

• Self-protecting

SDNs

2004

IntegratedSecurity

Defense In Depth

PointProducts

Basic Security

Integrated Security: Building Blocks for The SDN

• Multiple technologies

• Multiple locations

• Multiple appliances

• Little / no integration

The Cisco Story

Competition

IP NetworkIP Network

The New Computing Paradigm

E-MailE-MailCollaborationCollaboration CalendarCalendar

Video-Video-on-Demandon-Demand

Web Web ApplicationApplication

Audio-Audio-ConferencingConferencing

Instant Instant MessagingMessaging

Voice Voice MessagingMessaging

ContactContactCenterCenter

TelephoneTelephoneServicesServices

TelephoneTelephoneServicesServices

SECURITYSECURITY

IT managers must use their existing corporate networks more effectively to create, maintain and maximize business relationships. That means opening the network to implement more flexible

access models that make the right information available to the right people at the right time. On the other hand, that very openness requires a new approach to security. Jamie Lewis – CEO, Burton

IT managers must use their existing corporate networks more effectively to create, maintain and maximize business relationships. That means opening the network to implement more flexible

access models that make the right information available to the right people at the right time. On the other hand, that very openness requires a new approach to security. Jamie Lewis – CEO, Burton

Evolution of Security Requirements

A Collaborative Systems Approach

NEEDED NOWNEEDED NOWPASTPAST

StandaloneStandalone Integrated Multiple LayersIntegrated Multiple Layers

Reactive Reactive Automated, ProactiveAutomated, Proactive

Product Level Product Level System-level ServicesSystem-level Services

New Methods & New Architectures

Why Self Defending Networks?

• Organizations cannot react quickly enough to these new blended threats

• The security threat is only getting worse. Point products only address a small segment of the network

• Customers need an automated system to address these ongoing threats with the right security capabilities embedded everywhere in their network infrastructure and end points

Self-Defending Network Strategy

• Endpoints + Endpoints + Networks + PoliciesNetworks + Policies

• ServicesServices• PartnershipsPartnerships

SECURITY TECHNOLOGYINNOVATION


• Endpoint SecurityEndpoint Security• Application FirewallApplication Firewall• SSL VPNSSL VPN• Network Anomaly Network Anomaly

DetectionDetection

INTEGRATED SECURITY –

BUSINESS VALUE MODEL

INTEGRATED SECURITY –

BUSINESS VALUE MODEL

• Trust and Identity• Threat Defense • Secure Connectivity


Cisco Strategy to Dramatically Improve the Network’s Ability to Identify, Prevent, and Adapt to Threats

SYSTEM-LEVEL SOLUTIONS


SELF-DEFENDING NETWORK


http://newsroom.cisco.com/dlls/tln/execnet/shows/giancarlo3/hi_bandwidth/index.html

http://newsroom.cisco.com/dlls/tln/execnet/shows/giancarlo3/hi_bandwidth/index.html

Rethinking Security

1. What are you trying to do?– What are your business objectives?– What technologies or services are needed to support

these objectives?– Do they leverage your existing resources? – Are they compatible with your current infrastructure and

security solutions?

2. What risks are associated with this?– Will you introduce new risks not covered by your

current security solutions or policy?

3. How do you reduce that risk?– How valuable are the assets at risk? What is your

tolerance for risk?

Business objectives

should drive security

decisions

Rethinking Security

• Security is more than products…Security solutions must be chosen with business objectives in mind

They must also:• - Leverage existing infrastructure and intelligence- - Contribute to correlative analysis and response - - Provide automated, collaborative defense• - Be INTEGRATED parts of a security SYSTEM

- Security IS about RISK REDUCTION in a rapidly evolving environment

Maximum risk reduction is ALWAYS achieved with an integrated solution built on a flexible and intelligent infrastructure

Risk reduction

requires integrated solutions

and services

Self Defending Network Advantages

Use What You Have

Leverage existing network infrastructure by enabling security in existing infrastructure

Protect Your Infrastructure

Use the network to protect the network

Save Time and Money

Minimize the number of devices and management tools; maximize IT staff efficiency

Deploy Security Where You Need It Most

Apply security functionality anywhere in the network – protect all network entry points

Reduce Your Risk

Deploy integrated security to minimize exposure to risk

Security Acquisitions

1995, PIX

1998, IDS

2000, VPN (SP)

2000, VPN (Enterprise)

2001, VPN (Technology)

2002, CTR (Technology)

2003, HIPS

2004, SSL VPN Client

2004, DDOS Protection

2004, Security Mgmt.

2004, NAC addition

Announced December 2004 – Affordable Correlation, Mitigation

Cisco Security Product OverviewCisco Systems

222222

TRUST AND IDENTITY

222222The Self-Defending Network and Solution: Trust and Identity

© 2003, Cisco Systems, Inc. All rights reserved. 232323

Policy Server Decision

Points

Network Access Devices

Cisco’s NAC Solution Overview

NAC Solution: Leverage the network to intelligently enforce access privileges based on endpoint security compliance

Cisco ACS

Server

AV Vendor Server

Host Attempting

Network Access

Cisco Trust Agent

RADIUS

2

Access Device forwards Credentials to Policy Server (ACS)using RADIUS

2

HCAP

3ACS Server authenticates ID and passes AV info to AV VendorsServers

3

4

AV Vendors Servers respond with Compliance/Non-ComplianceMessage

45

Policy Server Responds to AccessDevice with Access Rights andVLAN assignment

5

Access Device accepts rights,enforces policy, and notifies client:(Allow/Deny/Restrict/Quarantine)7

6

7

EAP

1

Host Sends Credentials to AccessDevice using EAP (UDP or 802.1x)

1

6

IBMIBM

http://www.cisco.com/en/US/partners/pr46/nac/partners.html

242424

Cisco Clean Access Solution (Perfigo)

Cisco Clean Access Server

Cisco Clean Access Manager

Cisco Clean Access Agent

(Perfigo SmartManager)Centralizes management for administrators, support personnel, and operators

(Perfigo SmartServer)Serves as an in-line device for network access control

(Perfigo SmartEnforcer)Optional client for device-based scanning and remediation in managed and unmanaged environments

Recognizes:Users, device, and role (guest, employee, contractor)

Evaluates:Identify security posture and vulnerabilities

Enforces:Enforce security policies and eliminate vulnerabilities

• Cisco has licensed the Perfigo CleanMachines solution, and will sell under the name “Cisco Clean Access”

• Products Orderable as of October 29, 2004

252525

THE GOAL

Intranet/Network

Cisco Acquisition of Perfigo – CleanMachinesAdmission control for Small-Medium Business

2. User is redirected to a login page

3a. Device is non compliant or login is incorrect 3b. Device is “clean.”

Machine gets on “clean list”and is granted access to network.

CleanMachines validates username andpassword. Also performs device and networkscans to assess vulnerabilities on the device.

Perfigo SmartServerPerfigo SmartManager

1. End user attempts to access a web page or uses an optional clientNetwork access is blocked until end user provides login information.

AuthenticationServer

User is denied access and assigned to a quarantinerole with access to online remediation resources.

QuarantineRole

Perfigo SmartEnforcer (optional)

2626© 2004 Cisco Systems, Inc. All rights reserved.

THREAT DEFENSE SYSTEMS

262626The Self-Defending Network and Solution: Threat Defense


Threat Defense System Technologies

Firewall PIX Security Appliance, IOS FW, Catalyst FWSM

Network IDS / IPS IDS Appliances, Catalyst IDS Module, Router IDS Module, IOS- IDS, Cisco Guard XT 5650, Anomaly Detector 5600

Endpoint Security Cisco Security Agent

Network Services IOS Security Services, Private VLANs, ACLs, QoS

IOS Infrastructure Security

AutoSecure, Secure ACL, Control Plane Rate Limiting, CPU/Memory Thresholding

Intelligent Investigation

Cisco Threat Response (CTR)

Content Security Content Engines, Router Network Modules

Security Management Device Managers, CiscoWorks VMS, Cisco Works SIMS

New IPS Capabilities

The Self-Defending Network and Solution: Threat Defense


SECURE CONNECTIVITY

282828The Self-Defending Network and Solution: Secure Connectivity


SSL VPN IPSEC VPN

• Uses a standard web browser to access the corporate network

• SSL encryption native to browser provides transport security

• Applications accessed through browser portal

• Limited client/server applications accessed using applets

• Uses purpose-built client software for network access

• Client provides encryption and desktop security

• Client establishes seamless connection to network

• All applications are accessible through their native interfaces

SSL VPN and IPSec

Connectivity Profiles

The Self-Defending Network and Solution: Secure Connectivity


INTEGRATED SECURITY MANAGEMENT

303030The Self-Defending Network and Solution: Integrated Security Management


Security Management, PolicyAdministration, Monitoring and Analysis

Embedded Device Managers

IPS Firewall VPN

Cisco SDM

Cisco IDM Cisco PDM Cisco VPN3KDM

Cisco IEV

CiscoWorks VPN/Security Management Solution

CiscoWorks Security Information Mgmt. Solution

Single Device Managers

Multi-Device and Services Managers

Cisco Secure – Access Control SeverUser AAA Control Framework for Managing Administrative Access to the Network

Cisco Security Management Portfolio


Protego MARS Overview and Product Line

• Founded August 2002

• Based in Sunnyvale , CA

• 40+ customers

• 38 employees

Protego is a pioneer and leading provider of enterprise security monitoring and threat mitigation utilizing a custom appliance, empowering companies to readily identify, manage and eliminate network attacks, as well as maintain compliance.

1TB

na

MARS GC

1TB750GB750GB120GB120GBRAID Storage

10,0005,0003,0001,000500Events / Second

MARS 200MARS 100MARS 100eMARS 50MARS 20Model


Self-Defending Network Strategy

• Endpoints + Endpoints + Networks + PoliciesNetworks + Policies

• ServicesServices• PartnershipsPartnerships



• Endpoint SecurityEndpoint Security• SSL VPNSSL VPN• Network Anomaly Network Anomaly

DetectionDetection• Application FirewallApplication Firewall

INTEGRATED SECURITY

INTEGRATED SECURITY



Cisco Strategy to Dramatically Improve the Network’s Ability to Identify, Prevent, and Adapt to Threats






• Next-generation security solution provides threat protection for servers and desktops

• Identifies and prevents malicious behavior before it occurs

• Unique behavior analysis addresses known and unknown threats

• Protects against: • port scans• buffer overflows• Trojan horses• Malformed packets• Malicious HTML requests• e-mail worms• “Day-zero” attacks• and more…

Cisco Security Agent


Cisco Security AgentBehavioral Protection for Endpoints

Target

12

3

45

Probe

Penetrate

Persist

Propagate

Paralyze

• Ping addresses• Scan ports• Guess passwords• Guess mail users

• Mail attachments• Buffer overflows• ActiveX controls• Network installs• Compressed messages• Backdoors

• Create new files• Modify existing files• Weaken registry security settings• Install new services• Register trap doors

• Mail copy of attack• Web connection• IRC• FTP• Infect file shares

• Delete files• Modify files• Drill security hole• Crash computer• Denial of service• Steal secrets

Most damaging Change very slowly Inspiration for Cisco® Security Agent solution

Rapidly mutating Continual signature

updates Inaccurate


Why Cisco for Security?

Cisco is uniquely positioned to execute, design and deliver the Self Defending Network

• Largest suite of offerings with security capabilities embedded in all of our networking products

• Unique endpoint protection for desktops and critical servers with CSA and intelligent management of the endpoints with NAC

• Cisco’s long term strategy is to deliver automated prevention and remediation mechanisms throughout the network


StorageNetworking

StorageNetworking

Security Now a Baseline Architecture for All Cisco Technologies

IP TelephonyIP Telephony

Wireless LANWireless LANNetworked

HomeNetworked

Home

RoutingRoutingSwitchingSwitching


“The frustrating reality of the security guy is that when everything runs perfectly…

nobody notices…which is exactly what should happen.”

404040

Robb Boyd, CISSPCisco Systems

The Business Value Model Christi McClellan Security CAM - Cisco Systems.

Documents

Transcript of The Business Value Model Christi McClellan Security CAM - Cisco Systems.