Cisco CyberSecurity Strategy Ghassan Dreibi
Manager, Business Development
2000 1990 1995 2005 2010 2015 2020 Viruses 1990–2000
Worms 2000–2005
Spyware and Rootkits 2005–Today
APTs Cyberware Today +
Hacking Becomes an Industry
SophisEcated AFacks, Complex Landscape
Phishing, Low SophisEcaEon
“Captive Portal”
“It matches the pattern”
“No false positives, no false negatives.”
Application Control
FW/VPN
IDS / IPS UTM
NAC
AV PKI
“Block or Allow”
“Fix the Firewall”
“No key, no access”
Sandboxing “Detect the Unknown”
There is no Silver bullet
CyberSecurity
Personal Files
Financial Data
Emails Photo
Organiza4ons are more confident but increasingly vulnerable
90% of companies are confident about their policies
But 54% admit to having faced public scru?ny following a security breach.
Countries with higher block ra4os have many Web servers and compromised hosts on networks within their borders.
Russia 0.936
Japan 1.134 China 4.126 Hong Kong 6.255
France 4.197
Germany 1.277
Poland 1.421
Canada 0.863
U.S. 0.760
Brazil 1.135
Malware on a Global Scale
Malicious actors do not respect country boundaries. Malware Traffic
Expected Traffic
Complexity and Fragmented
MOBILIT CLOUD
New surface for threats
THREAT
Internet of Things…and Everything Every company becomes a technology company, Every company becomes a security company
APT’s Advanced Persistent Threats
Game Console / eCommerce
77M Accounts Hacked
Cloud Service
5M Customer Email Records Stolen Through Phishing
WiFi
45M Customer Records Stolen
SCADA Control
Water U4lity Disrup4on by Pump Shutdown
Springfield Water Light & Power
Social Engineering
40M Secure Tokens Stolen
POS
110M Credit Cards and Personal Info Stolen
100% of top 500 companies with
malicious connection detected
60% “collected” in hours
54% of new
Threats Discovered after months
Access Gain access to the Network
How to get access…
Social Medias | PEN Drives | Social Engineering
73% Suspected VPN connec4ons
Camouflage | Distrac4on
Stuxnet Industry Segment threat
Stuxnet Deployed
Stuxnet Detected
BlackEnergy Launched
2008 2009 2010 2011 2012 2013 2014 2015
BlackEnergy Detected Havex Detected*
Havex Launched
Time Time to reach the target….
Time to be detected….
Time
Everywhere Security Strategy
Network Servers
Operating Systems
Routers and
Switches
Mobile Devices
Printers
VoIP Phones
Virtual Machines
Client Applications
Files
Users
Web Applications
Application Protocols
Services
Malware
Command and Control
Servers
Vulnerabilities
NetFlow
Network Behavior
Processes
See more …
Understand the scope of aaack
NETWORK / USER CONTEXT
How
What Who
Where When
EXTERNAL CONTEXT INTELLIGENCE INFO
CONSISTENT SECURE ACCESS POLICY ACROSS WIRED, WIRELESS and VPN
Automa?on Beaer informa4on…Beaer decision
Network as Sensor
Network as Enforcer
?
Threat-‐Focused
Detect, Understand, and Stop Threats
?
Collective Security Intelligence
Threat Identified
Event History
How
What
Who
Where
When
ISE + Network, Appliances (NGFW/NGIPS)
Context AMP, CWS, Appliances
Recorded
Enforcement
Con4nuous Advanced Threat Protec4on
ISE + Network, Appliances (NGFW/NGIPS)
How
What
Who
Where
When
Collective Security
Intelligence
AMP, CWS, Appliances
Enforcement
Event History
AMP, Threat Defense
Continuous Analysis Context
Performance | Capacity | SLA
Cloud Connected Network
Mobile Router Firewall
The Distributed Perimeter
Collective Security Intelligence Telemetry Data Threat Research Advanced Analytics
3M+ Cloud Web Security Users
6GB Web Traffic Examined, Protected Every Hour
75M Unique Hits Every Hour
10M Blocks Enforced Every Hour
Shadow IT Risk Assessment Report
Business Readiness RaEng™
Audit Score
Shadow Data Risk Assessment
Aher
StreamIQ™
ThreatScore™
ContentIQ™
Reports & Analysis
Cloud Apps ? ?
?? ? ? ?
IO IOI
IO IOI
Protect IO IOI
IO IOI Cloud SOC Policy IO IOI
IO IOI
?
54 17
IO IOI
IO IOI
? ?
IO IOI
Audit
Detect
?
Investigate
Web Sec Before During
Securelet™ Gateway
Elastica CloudSOC™
Other Appliances
Firewall
In collabora4on with:
Data Account User
Security OperaEons Center
Analyze & Control
Service Provider
Endpoint
Data Center
Edge
Campus
Opera4onal Technology
Branch WAN
Ecosystem
Services
User
AnyConnect featuring AMP for
Endpoints
FirePOWER Threat
Defense for ISR ACI
Integration with
TrustSec
Ruggedized Cisco ASA
with FirePOWER
Services
pxGrid Ecosystem expansion
ACI + FirePOWER
Services Integration
Threat-Centric
Security for Service
Providers Cloud Web Security + Intelligent
WAN
Services
User
Cisco Hosted Identity
Services
Start with the hardware op4on that fits best
All with built-in Application Visibility and Control (AVC), network firewalling, and VPN capabilities
Desktop 5506-X
Wireless AP 5506W-X
Ruggedized 5506H-X
Rackmount 5508-X/5516-X
Add FirePOWER Services* for enhanced protec4on
*Available as subscriptions
Next-‐GeneraEon Intrusion PrevenEon System (NGIPS)
URL Filtering Advanced Malware ProtecEon (AMP)
Choose the appropriate management solu4on
Appliance sold separately
FireSIGHT Management Center
On-box manager comes standard
AdapEve Security Device Manager (ASDM)
Cisco ASA with FirePOWER
Identity-Policy Control & VPN
URL Filtering (Subscription)
FireSIGHT Analytics & Automation
Advanced Malware
Protection (Subscription)
Application Visibility &
Control
Network Firewall Routing | Switching
Clustering & High Availability
WWW
Cisco Collective Security Intelligence Enabled
Built-in Network Profiling
Intrusion Prevention
(Subscription)
World’s most widely deployed, enterprise-‐class ASA stateful firewall
Granular Cisco® Applica4on Visibility and Control (AVC)
Industry-‐leading FirePOWER next-‐genera4on IPS (NGIPS)
Reputa4on-‐ and category-‐based URL filtering
Advanced malware protec4on
Deployment OpEons
Virtual Appliance
MulE-‐device Support
Desktop Tablet Laptop Mobile
Cloud Managed Hybrid Hybrid
On-‐Premises Cloud
AMP Advanced Malware
Protection
AMP for Networks
AMP on Web and Email Security Appliances
AMP on Cisco® ASA Firewall with FirePOWER Services
AMP for Endpoints
AMP for Cloud Web Security and Hosted Email
AMP Private Cloud Virtual Appliance
MAC OS
Windows OS Android Mobile
Virtual
CWS
AMP Threat Grid Malware Analysis + Threat
Intelligence Engine
Appliance or Cloud
*AMP for Endpoints can be launched from AnyConnect
Employee Tag
PCI POS Tag
Partner Tag
Non-Compliant Tag
Voice Tag
Employee Non-Compliant
Campus Core
Data Center
Data VLAN 20 ( PCI Segmenta4on within the same VLAN)
Non-Compliant
Access Layer
Voice Employee PCI POS Partner
SSL VPN
ISE
ASA
Lancope/Nenlow (SMC/FC)
Data VLAN 20 Quaran4ne
ClassificaEon Results: Device Type: Apple iPAD User: Mary Group: Employee Corporate Asset: Yes Malware Detected Yes
Data Center Firewall
PROTECTIONIntegrated Security and Consistent Policy Enforcement (Physical & Virtual)
Active Monitoring & Comprehensive Diagnostics for Threat Mitigation
PROVISIONINGSimplified Service ChainingDynamic Policy ManagementRapid Instantiation
PERFORMANCEOn Demand Scalability
Increased Clustering SizeMulti-Site Clustering