Tomorrow Starts Here - Security Everywhere
-
Upload
cisco-canada -
Category
Technology
-
view
173 -
download
0
Transcript of Tomorrow Starts Here - Security Everywhere
1 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Tomorrow Starts Here Security Everywhere
Mandar Rege, Security Principal Cisco Security Solutions
5 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Are Canadian Businesses Prepared for Future Security Threats?
60% of Canadian businesses don’t have Security strategies in place—or are unsure how to prepare their networks for evolving mobile and cloud-based models
Source: Cisco and IDC Canada Survey, Dec. 2014
6 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Are Canadian Businesses Prepared for Future Security Threats?
60% Less than 60% of Canadian businesses have IT solutions in place to protect company data on employee-owned devices.
Source: Cisco and IDC Canada Survey, Dec. 2014
31% of Canada’s largest companies are unsure if their IT security strategy accounts for evolving data center and IT consumption models.
7 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Market Trends
Massive Increase in Connected Devices
Process Things People Data
+ + +
Rise of Cloud Computing
Changing Business Models, Architectures
& Service Delivery
The World Has Gone Mobile
Mobile Traffic Growth
2013-2019
10X
Ubiquitous Access to Apps
180 billion apps will download in
2015
8 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
IoT Challenges
Data Capture, store, and analyze data
Things
Connect to capture useful data
Process Business and operational benefits
People Enable workers
1230 Respondents Source: Cisco Consulting Services Global IoT Study, 2014
20%
27%
13% 40%
Which Areas Does Your Organization Need to Improve to Capitalize on IoT?
9 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Bus
ines
s an
d S
ocie
tal
Impa
ct
Intelligent Connections
§ Email § Web Browser § Search
Connectivity Digitize Access to
Information § Social § Mobility § Cloud § Video
Immersive Experiences
Digitize Interactions (Business
and Social)
§ E-commerce § Digital Supply Chain § Collaboration
Networked Economy
Digitize Business Process Connecting
§ People § Process § Data § Things
Internet of Everything
Digitize the World
Evolution of the Internet
10 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
1B 1M 1K 10B 50B
CONNECTED THINGS
11 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Internet of Things …and Everything
Every company becomes a technology company… Every company becomes a security company
12 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cyber Security is a Boardroom Discussion
Security breaches are costly
Cisco Confidential 12 ©2014 Cisco and/or its affiliates. All rights reserved.
Security is the #1 issue for your customers
Protect now the value you intend to create tomorrow
13 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
The Security Problem
Changing Business Models
Dynamic Threat Landscape
Complexity and Fragmentation
14 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Changing Business Models
Dynamic Threat Landscape
Complexity and Fragmentation
Security Challenges Increasing Connectivity Drives New Business Models
90% of organizations are not
fully aware of all network devices
5-10 times more cloud services
are being used than known by IT
92% of top Android apps carry
security/privacy/risk
14% of organizations had malware enter the
corporate network through social media/web apps
BYOD Social Media Cloud App Stores
15 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
60%
Changing Business Models
Dynamic Threat Landscape
Complexity and Fragmentation
Security Challenges Threats Hide in Plain Sight and Attack Swiftly
of data is stolen in
of point-of-sale intrusions aren’t discovered for
27 of breaches remain undiscovered for
increase of companies reporting a $10M loss or more in the last
2015
51% 54% 85%
16 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Security Challenges Security Silos Complicate Protection
Security Vendors at RSA
Demand for Security Talent
Complexity Talent Fragmentation
45 Security Vendors for
Some Customers
480 12x
Changing Business Models
Dynamic Threat Landscape
Complexity and Fragmentation
17 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Growth in Security
Source: Gartner
Total Security Market
Security Product Market
Security Services Market
$95B CAGR 8.4% 2015-2018
$32B CAGR 6.4% 2015-2018
$63B CAGR 9.6% 2015-2018
19 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Security Hypothesis
Advisory Integration Managed Threat-centric Platform-based Visibility-driven
Operational Focus Talent Shortage
+ Security Challenges
+
Requires Improved Outcomes
20 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Intelligence
10I000 0II0 00 0III000 II1010011 101 1100001 110 101000 0II0 00 0III000 III0I00II II II0000I II0
110000III000III0 I00I II0I III0011 0110011 101000 0110 00 1100001110001III0 I00I II0I III00II 0II00II 101000 0110 00
I00I III0I III00II 0II00II I0I000 0110 00 1100001 110 1100001110001III0 101000 0110 00
Threat Intelligence
Research Response
Collective
Security Intelligence
21 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Threat Intelligence Unprecedented Breadth & Depth
100TB 1.6M 13B 120,000 Daily Security Intelligence Daily Web Requests Deployed Security Devices Daily Malware
Sandbox Reports
100TB Security
Intelligence
1.6M Deployed Devices
13B Web
Requests
150,000 Micro-
applications
1,000 Applications
93B Daily Email Messages
35% Enterprise
5,500 IPS
Signatures
150M Deployed Endpoints
3-5 min Updates
5B Daily Email
Connections
4.5B Daily Email
Blocks
14M Deployed Access
Gateway
75,000 FireAMP Updates
6,000 New Clam
AV Sigs
120K Sandbox Reports
Cisco Security Intelligence Global Visibility Global Footprint
23 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Security Product Portfolio
Email Policy & Access
Web
NGFW
/NGIPS Advanced Threat
24 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Security Service Portfolio
Assessments
Architecture & Design
Program Strategy
Managed SecurityProduct Support Hosted Security
Optimization
Migration
Integration
Advisory
Managed
Integration
25 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Continued Security Technology Innovation Inorganic Growth
2007 2009
2012
2013
2014
20152011
Messaging & Web Security Appliance
XML Firewall Cloud Security Advanced Malware Protection (AMP)
UTM Threat-Centric Security (NGIPS & AMP)
Security ConsulingSecurity AnalyticsDynamic Malware Analysis
26 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Neohapsis Acquisition
Industry leading expertise focused on compliance,
cloud, mobile, and application security
World class security consultants with an
average of 15+ years experience
Emerging threat research and analysis to support advanced threat
protection
Advisory Expertise
Top Talent
Advanced Research
28 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Gaining Visibility Video
29 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
§ Near real-time analytics
§ Anomaly detection
§ Zero day threat focus
§ Identification to suppression mean time reduction
§ Integration of the latest security technology
§ Extensible platform designed to evolve with market demands
§ Improved technology leverage and accountability
§ Access to actionable sources of intelligence
§ Cisco proprietary telemetry
§ Adapted for customer intelligence
§ Publicly available intelligence
§ Operationalization
§ Advanced expertise
§ Combat security talent shortage
§ Force multiply internal resources
Managed Threat Defense (MTD) Organic Innovation
Analytics People Intelligence Technology
CISCO MTD
30 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Security Operations Centers
Americas
Austin Raleigh
EMEAR
Dubai Krakow
APJC
Sydney
Top Talent Targeted Expertise Custom Operations
31 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Managed Threat Defense Architecture
DEDICATED CUSTOMER SEGMENT
Administrative Consoles
PORTAL
TICKETING
COMMON SERVICES
Threat Intelligence
Dedicated Customer Portal
Alerting/Ticketing System
Investigator Portal
Authentication Services
24/7 ACCESS
CUSTOMER
SOC
Secure Connection (HTTPS/SSH/IPSec)
VPN INTERNET VPN FIR
EWA
LL
FIR
EWA
LL
CMSP
Advanced Malware
Protection
Full Packet Capture
Anomaly Detection
Sourcefire IDS
Collective Security
Intelligence
Streaming Analytics
ThreatGrid
NetFlow
Full Packet
Machine Exhaust
Cisco
Third Party
32 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
DMZ Users
Endpoint Agents
NetFlow Generator
Access Control
Data Center
NetFlow Generator
Access Control
Web Proxy
Email Proxy
Endpoint Agent
NetFlow Generator
Access Control
Talos
MTD: A Comprehensive Threat Solution
Perimeter Firewall
Cisco Cloud Security Internet
Mobile Endpoints Anywhere / Anytime
MTD
ThreatGRID Sourcefire
Full Packet Anomalies
Endpoint Agent
Application Security
33 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
MTD’s High Fidelity Approach
Post-investigation tickets 71
269,808 Security Events
Unique events 113,713
High fidelity events 1710
207,992 61,816 Threat intel sourced Telemetry generated
34 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Strong Differentiation
Advanced Analytics and Correlation
Continuous and Zero-Day Detection
AMP Everywhere
Reduced Cost and Complexity
Threat-Focused Next-Generation Firewall
ASA with FirePOWER
Integrated Threat Defense
Diverse Threat Intelligence
Real Time Analytics
Managed Threat Defense
Advanced Expertise
35 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Threat Intelligence
Feeds
Enrichment Data
OpenSOC Overview
Full packet capture
Protocol metadata
NetFlow
Machine exhaust (logs)
Unstructured telemetry
Other streaming telemetry
Parse + Format Enrich Alert
Log Mining and Analytics
Big Data Exploration, Predictive Modelling
Network Packet Mining
and PCAP Reconstruction
Applications + Analyst Tools
36 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
OpenSOC Framework Sources Data Collection Messaging Broker Real-Time Processing Storage Access
Analytic Tools
Tableau
R / Python
Power Pivot
Web Services
Search
PCAP Reconstruction
Telemetry Sources
NetFlow
Machine Exhaust
HTTP
Other
Flume
Agent B
Agent N
Agent A
Kafka
B Topic
N Topic
PCAP Topic
DPI Topic
A Topic
Storm
B Topology
N Topology
A Topology
PCAP Topology
DPI Topology
Hive
Raw Data
ORC
Elasticsearch
Index
HBase
Packet Table
PCAP Passive
Tap
Traffic Replicator
37 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
NEW - Incident Management Services Execution Across the Entire Threat Kill Chain
Know your threats
Detect threat activity
Engage kill chain
Contain and remove threat
Threat Intelligence, Advisory and Managed Security Services
Managed Threat Defense
Incident Response Services
Advisory Services
Enable growth Reduce costs Mitigate Risk
Managed Services
Enhanced visibility Advanced analytics
38 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Incident Response Services Experts Combine Latest Intelligence and Best Practices
Security Experts
Threat Intelligence
Readiness • Infrastructure Breach Preparedness • Security Operations Readiness • Breach Communications • DDOS preparedness • Incident Response Training • Tabletop Exercises
Response • Log Source Assessment, Analysis & Data Mining • Forensic Image Analysis • Infected System Dynamic Instrumentation • Malware Reverse Engineering • Exploit Analysis and Re-Implementation • Post-breach Remediation
Prepare, assess infrastructure, operations, communications and skill
Identification, isolation, and remediation expedience
40 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
NEOHAPSIS Third Party Risk
§ Multiple vendor assessment programs
§ Ineffective prioritization and remediation for vendor risks
§ Bandwidth challenges had limited the number of assessments
Challenge
§ Piloted vendor assessment program including program management and 25 assessments
§ Delivered improvements to program processes, assessment, executive metrics, and management oversight
Solution
§ Continuous improvement in program and assessment efficacy
§ Greater management transparency to vendor risks
§ Annual assessments and summary analysis across all programs
Outcomes
41 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ADVISORY Custom Threat Intelligence
§ Desire to identify “unknown unknowns”
§ Limited capability for compromise detection
§ Lack of expertise and tools for incident management
Challenge
§ Combination of external and internal instrumentation
§ Detailed traffic monitoring and forensic analysis
§ Tailored risk impact assessment and targeted operational remediation
Solution
§ 500+ previously missed indicators of compromise (IOCs) within first 90 days
§ 65% savings with targeted security remediation
§ Positive BoD feedback on improved compliance posture
Outcomes
42 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
INTEGRATION Identity Services Engine
§ Limited control over user access to the network
§ Shortage of internal security experts for design and build
§ Inability to effectively operate security policy and controls
Challenge
§ Audit of devices and security policy configuration
§ ISE implementation and knowledge transfer
§ 24/7 threat monitoring via Remote Managed Services
Solution
§ 100% visibility and control for BYOD across the network
§ Zero downtime for the deployment of ISE
§ 56% cost reduction through managed solution
Outcomes
43 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
MANAGED Managed Threat Defense (MTD)
§ Uneven visibility into multiple threat vectors
§ Shortage of operational security expertise
§ Limited real-time security analytics capabilities
§ Need for better threat intelligence
Challenge
§ Predictive analysis and behavior-based tools
§ 24/7 real-time expert staffed SOCs
§ Incident prioritization and event correlation
§ Industry leading hybrid intelligence
Solution
§ 34% savings on information security management through leverage of MTD SOC
§ 95% decrease in redundant investigations due to higher fidelity detection
§ 70+ high priority threats remediated per day
Outcomes
44 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Only Cisco Delivers
Physical, Virtual or Cloud models to fit multiscreen,
IoE and other changing business needs
Adaptable Business Models
Unmatched Visibility & End to End Security
across Cloud, Network and Customer Premise
Advanced Threat Protection
Complexity Reduction
Consistent Policies & Control Across Devices,
Network, and Data Center