cisco customer education - cisco files · cisco customer education hackers, botnets and malware -...
TRANSCRIPT
Cisco Customer Education Hackers, Botnets and Malware - Oh My!
Battle 21st Century Threats with Cisco Next-Gen Security
This session was recorded via Cisco WebEx! You can watch the live session recording via the following URL:
https://new-webex.webex.com/new-webex/lsr.php?RCID=174725854f484d5c81012ac8a9a2114c
Thanks for your interest and participation!
Cisco Customer Education Hackers, Botnets and Malware - Oh My!
Battle 21st Century Threats with Cisco Next-Gen Security
Connect using the audio conference box or you can call into the meeting:
1. Toll-Free: (866) 432-9903
2. Enter Meeting ID: 208 363 040 and your attendee ID number.
3. Press “1” to join the conference.
Presentation Agenda
► Welcome from Cisco
► Security in the 21st Century
► Conclusion
► There’s Big Money in Hacking
► Introducing Cisco Security About Your Host Brian Avery Territory Business Manager, Cisco Systems, Inc.
Cisco Confident ial 4 © 2 0 1 3 - 2 0 1 4 C isco and/or its affiliates . All rights reserved.
Who Is Cisco?
Cisco Confident ial 5 © 2 0 1 3 - 2 0 1 4 C isco and/or its affiliates . All rights reserved.
C omputer s cientis ts , Len Bos ack and S andy Lerner found C is co S ys tems
B os ack and Lerner run network cables between two different buildings on the S tanford Univers ity campus
A technology has to be invented to deal with dis parate local area protocols ; the multi- protocol router is born
1984
Cisco Confident ial 6 © 2 0 1 3 - 2 0 1 4 C isco and/or its affiliates . All rights reserved.
Who Is Cisco?
John Chambers, Chairman and CEO, Cisco
• Dow Jones Industrial Average Fortune 100 Company
• $145B Market Capitalization
• $48B in Revenue
• $8B in Annual Profits
• $33B More Cash than Debt
• $5.9B in Research and Development
http://finance.yahoo.com/q/ks?s=CSCO+Key+Statistics
Cisco Confident ial 7 © 2 0 1 3 - 2 0 1 4 C isco and/or its affiliates . All rights reserved.
Market Leadership Matters
No. 1
Vo ice
39%
No. 1
TelePresence
43%
No. 1
Web Conferencing
41%
No. 1
Wireless LAN
50%
No. 2
x86 Blade Servers 27%
No. 1
Routing Edge/Core/
Access
45%
No. 1
Security
33%
No. 1
Switching Modular/Fixed
64%
No. 1
Storage Area Networks
47%
Q1CY14
Cisco Confident ial 8 © 2 0 1 3 - 2 0 1 4 C isco and/or its affiliates . All rights reserved.
§ C C E is an educ ational s es s ion for c urrent and pros pec tive C is c o c us tomers
§ Des igned to help you unders tand the c apabilities and bus ines s benefits of C is c o tec hnologies
§ Allow you to interac t direc tly with C is c o s ubjec t matter experts and as k ques tions
§ Offer as s is tanc e if you need/want more information, demons trations , etc .
What Is the Cisco Customer Education Series?
Cisco Confidential 9 C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Security in the 21st Century
Cisco Confidential 10 C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Remember This Movie?
http://www.imdb.com/title/tt0086567/
Cisco Confidential 11 C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Setec Astronomy!
http://www.imdb.com/title/tt0105435/
There’s Big Money in Hacking
Cisco Confidential 13 C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
1990 2020 2015 2010 2005 2000 1995
Phishing, Low Sophistication
Hacking Becomes an Industry
Sophisticated Attacks, Complex
Landscape
Viruses 1990–2000
Worms 2000–2005
Spyware and Rootkits 2005–Today
APTs Cyberware Today +
The Industrialization of Hacking
Cisco Confidential 14 C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
http://www.popsci.com/dark-web-revealed
Cisco Confidential 15 C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
The Problem is “The Easy Button”
As of 12/31/2014 http://www.idtheftcenter.org/images/breach/DataBreachReports_2014.pdf
Total Breaches in 2014 - 783 Records Exposed – 85,611,528
1,000,000
70,000,000
56,000,000 2,600,000
1,100,000
Cisco Confident ial 1 6 © 2 0 1 3 - 2 0 1 4 C isco and/or its affiliates . All rights reserved.
Attack Vectors
§ Virus
§ Trojan
§ W orm
§ P his hing
§ S oc ial Engineering
§ Malware
§ S pyware
§ Botnets
§ Hac king
§ Malic ious W eb S ites
§ OS Vulnerabilities
§ S o muc h more…
Cisco Confidential 17 C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
But… I am just a small fish in a BIG pond.
Yet organizations of every size are targets
Adversaries are attacking you And using you By targeting your organization’s: To attack your enterprise customers and partners:
Customer data
Intellectual property
Company secrets
60% of UK small businesses were compromised in 2014 (2014 Inf ormation Security Breaches Survey)
100% of corporate networks examined had malicious traffic (Cisco 2014 Annual Security Report)
41% of targeted attacks are against organizations with fewer than 500 employees (July 2014 The National Cyber Security Alliance (NCSA)
Multiple Point Solutions
Traditionally your security options have been limited
Difficult integrations leave security gaps
Costly & time-consuming setup and support
Unified Threat Management
(UTM)
Stateful Firewall
VPN
Malware Analysis
Limited threat effectiveness
Dynamic Threat Landscape
It is a Community that hides in plain sight
avoids detection, and attacks swiftly
60% of data is stolen in hours
54% of breaches
remain undiscovered for months
100% of companies connect to domains that host
malicious files or services
If you knew you were going to be compromised, would you do security differently?
The Question Is No Longer if Malware Will Get Into Your Network
Where do I start?
How bad is the situation?
What systems were affected?
What did the threat do?
How do we recover?
How do we keep it from happening again?
Confirm Infection
Analyze Malware
Malware Proliferation
Remediate Search Network Traffic
Search Device Logs
Scan Devices
Define Rules (from
profile)
Build Test Bed
Static & Dynamic Analysis
Device Analysis
Network Analysis
Proliferation Analysis
Notification Quarantine Triage
Malware Profile
Stop
Search for Re-infection
Update Profile
Confirm
Infection Identified
Cannot Identify Infection No
Infection
It’s How Quickly You Can Detect the Infection, Understand Scope, and Remediate the Problem
Introducing Cisco Security
Defending Against These Advanced Threats Requires Greater Visibility and Control Across the Full Attack Continuum
Attack Continuum
Before Discover Enforce Harden
During Detect Block
Defend
After Scope Contain
Remediate
Network Endpoint Mobile Virtual Cloud Email & Web
Point in Time Continuous
Defending Against These Advanced Threats Requires Greater Visibility and Control Across the Full Attack Continuum
Attack Continuum
Before Discover Enforce Harden
During Detect Block
Defend
After Scope Contain
Remediate
FireSIGHT and pxGrid
ASA VPN
NGFW Meraki
Advanced Malware Protection
Cognitive
NGIPS
ESA/WSA
CWS Secure Access + Identity Services ThreatGRID
ASA
NGFW
VPN
Secure Access + Identity Services
NGIPS
CWS
Advanced Malware Protection
Stay protected against the latest threats with regular updates pushed automatically
Identify advanced threats quickly with industry-leading threat research
Get industry-specific threat intelligence tailored to your business
Catch advanced threats endpoints miss with Cisco’s reverse engineers and threat analysts
Deploy the smartest threat defense available
00I00 I00I0I II0I0I 0II0I I0I00I0I0 0II0I0II 0I00I0I I0 00 II0III0I 0II0II0I II00I0I0 0I00I0I00 I0I0 I0I0 I00I0I00
III00II 0II00II I0I0II0II0 I0 I0 I00 00I0 I000 0II0 00
III00II I000I0I I000I0I I000I0I II 0I00 I0I000 0II0 00 00I I0I0I0 I0I0III000 I0I00I0I 0II0I0 I00I0I0I0I 000
II0II0I0I0I I0I0I0I 0I0I0I0I 0I0I00I0 I0I0I0I 0II0I0I0I
0II00 I00I0I0 0I00I0I I00I0I0 I0I0I0I 0I0I0I 0I0I0I0 00I0I0 0I0I0I0 I0I0I00I 0I0I 0I0I 0I0I I0I0I 0I00I0I
III00II 0II00II I0I000 0II0 00I0I00 I0 I000I0I 0II 0I0I0I
III00II 0II00II 0I0I0I0I 0I I0 I00 000II0 I0I0 0II0 00
Email Endpoints Web Networks NGIPS Devices
WWW
24 ñ 7 ñ 365 Operations Jan
600+ Researchers
Research Response
Threat Intelligence
• Monitors 35% of the world’s email traffic
• Receives 1.1 million incoming malware samples daily
• Performs 4.9 billion AV and web filtering blocks per month
• Processes 100 terabytes of security intelligence daily
Talos
Before After
Advanced Malware Protection
Cisco Advanced Malware Protection Built on Unmatched Collective Security Intelligence
1.6 mill ion global sensors 100 TB of data received per day 150 mill ion+ deployed endpoints 600 engineers, technicians, and researchers 35% worldwide email traffic
13 bil l ion web requests
24x7x365 operations
4.3 bil l ion web blocks per day
40+ languages
1.1 mill ion incoming malware samples per day
AMP Community
Private/Public Threat Feeds
Talos Security Intell igence
AMP Threat Grid Intelligence
AMP Threat Grid Dynamic Analysis 10 mill ion fi les/month
Advanced Microsoft and Industry Disclosures
Snort and ClamAV Open Source Communities
AEGIS Program
Email Endpoints Web Networks IPS Devices
WWW Automatic Updates every 3-5 minutes
101000 0110 00 0111000 111010011 101 1100001 110 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
1001 1101 1110011 0110011 101000 0110 00 101000 0110 00 0111000 111010011 101 1100001 1100001110001110 1001 1101 1110011 0110011 10100
1001 1101 1110011 0110011 101000 0110 00 Cisco®
Collective Security
Intelligence Cisco Collective
Security Intelligence Cloud
AMP Advanced Malware Protection
Cisco Confidential 29 C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
AMP Delivers Integrated…
Retrospective Security Additional Point-in-Time Protection
File Reputation and Sandboxing Continuous Analysis
Cisco Confidential 30 C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
AMP Strengthens the First Line of Detection
Reputation Filtering and File Sandboxing
All detection is less than 100%
Dynamic Analysis
Machine Learning
Fuzzy Fingerprinting
Advanced Analytics
One-to-One Signature
Cisco Confidential 31 C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
With Real-Time Malware Scanning Dynamic Vectoring and Streaming ► Optimizes efficiency and catch rate with
intelligent multi-scanning
► Enhances coverage with multiple signature scanning engines
► Identifies encrypted malicious traffic by decrypting and scanning SSL traffic
► Improves user experience with parallel scanning for fastest analysis
► Provides the latest coverage with automated updates
Heuristics Detection Identify Unusual Behaviors
Anti-Malware Scanning
Parallel Scans, Stream Scanning
Signature Inspection Identify Known Behaviors
Multiple Anti-malware
Scanning Engines
Signature and Heuristic Analysis
And Continues to Analyze What Happens Along the Attack Continuum
0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110
1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
Web
WWW
Endpoints Network Email Devices
IPS
File Fingerprint and Metadata
Process Information
Continuous feed
Continuous analysis
File and Network I/O
Breadth and Control points:
Telemetry Stream
Talos + Threat Grid Intelligence
Trajectory Behavioral Indications
of Compromise
Threat Hunting
Retrospective Detection
These applications are affected
What
The breach affected these areas
Where
This is the scope of exposure over time
When
Here is the origin and progression of the threat
How
Focus on these users first
Who
AMP Provides Contextual Awareness and Visibility That Allows You to Take Control of an Attack Before It Causes Damage
And the Power to Surgically Contain and Remediate
Cisco AMP Everywhere Strategy Means Protection Across the Extended Network
AMP Advanced Malware
Protection
AMP for Networks
AMP on Web & Email Security Appliances
AMP on Cisco® ASA Firewall with FirePOWER Services
AMP for Endpoints
AMP for Cloud Web Security & Hosted Email
AMP Private Cloud Virtual Appliance
MAC
PC Mobile
Virtual
CWS
AMP Threat Grid Dynamic Malware Analysis + Threat
Intelligence Engine
There Are Several Ways You Can Deploy AMP AMP
Advanced Malware Protection
Deployment Options Email and Web; AMP
on Cisco® ASA CWS
AMP for Networks (AMP on FirePOWER Network
Appliance)
AMP for Endpoints AMP Private Cloud Virtual Appliance
Method License with ESA, WSA, CWS, or ASA customers Snap into your network Install lightweight
connector on endpoints On-premises Virtual Appliance
Ideal for New or existing Cisco CWS, Email /Web Security, ASA customers
IPS/NGFW customers Windows, Mac, Android, virtual machines
High-Privacy Environments
Details
§ ESA/WSA: Prime visibility into email/web
§ CWS: web and advanced malware protection in a cloud-delivered service
§ AMP capabilities on ASA with FirePOWER Services
§ Wide visibility inside network
§ Broad selection of features- before, during, and after an attack
§ Comprehensive threat protection and response
§ Granular visibility and control
§ Widest selection of AMP features
§ Private Cloud option for those with high-privacy requirements
§ For endpoints and networks
PC/MAC Mobile Virtual
Cisco Confidential 37 C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
AMP Provides Continuous Retrospective Security…
1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110
Continuous Feed
Continuous Analysis
Telemetry Stream
Web
WWW
Endpoints Network Email
Devices
IPS
File Fingerprint and Metadata
File and Network I/O
Process Information
Breadth and Control Points
Cisco Web Security
Web Security Is More Important Than Ever Before
The web is a popular attack vector for criminals
Without proper control, your own users can put your business at risk
Increased cloud adoption creates greater vulnerabilities
Compromise of the business
Breach of trust
Breach of security
Money, Jobs, and Company Reputations Are on the Line
Heartbleed String of Pearls Shell Shock Zeus
Some Try to Increase Security by Investing in More of the Same
Replace functional appliances with the most recent models
Add staff to keep up with the increasing security demands
Purchase and integrate one-off solutions to
address changing threat variants
Cisco Web Security Is A Better Approach
Addresses current web security
demands
Fits with existing infrastructure and grows
with your business
Adapts to meet the changing threat
landscape
Superior Flexibility Advanced Threat Protection
Cisco Web Security Delivers…
Comprehensive Defense
Deploy, manage, and scale easily to fit your business
Protect against advanced threats with adaptive web
security
Defend and control with best-in-class, cloud-delivered web
security
It Starts with Usage Controls and an Active Defense
Comprehensive Defense
Web Usage Control
Web Usage Control
Web Filtering
Block over 50 million known malicious sites
Web Reputation
Restrict access to sites based on assigned reputation score
Dynamic Content Analysis
Categorize webpage content and block sites automatically
Web Usage Reporting
Gain greater visibility into how web resources are used
Roaming Laptop-User Protection
Extend security beyond the network to include mobile users
Application Visibility and Control
Regulate access to individual website components and apps
Outbreak Intelligence
Identify unknown malware and zero-hour outbreaks in real time
Centralized Cloud Management
Enforce policies from a single, centralized location
And Combats Evolving Threats and Advanced Malware
Advanced Threat Protection
Cisco® Advanced Malware Protection (AMP)
File Reputation Increase the accuracy of threat detection by examining every aspect of a file
File Sandboxing Determine the malicious intent of a file before it enters the network
File Retrospection Identify a breach faster by tracking a file’s disposition over time
And the Solution Adapts to Meet Tomorrow’s Challenges
Email Endpoints W eb Networks IPS Devices
WWW
§ 100 TB intelligence § 1.6 million sensors
§ 150 million+ endpoints
§ 35% email worldwide
§ FireAMP™, 3+ million
§ 13 billion web requests each month
§ AEGIS™ and SPARK
§ Open source communities
§ 180,000+ files per day
§ 1 billion SBRS queries per day
§ 3.6 PB monthly through CWS
I00I III0I III00II 0II00II I0I000 0110 00 I00I III0I III00II 0II00II I0I000 0110 00
I00I III0I III00II 0II00II I0I000 0110 00 I00I III0I III00II 0II00II I0I000 0110 00 I00I III0I III00II 0II00II I0I000 0110 00 I00I III0I III00II 0II00II I0I000 0110 00
§ Advanced industry disclosures § Outreach activities § Dynamic analysis § Threat-centric detection content § SEU/SRU § Sandbox § VDB § Security intelligence § Email and web reputation
24 ñ 7 ñ 365 operations
J an 600+ Researchers
Research Response Threat Intelligence
Talos 24 ñ 7 ñ 365 operations
600+ Researchers
Advanced Threat Protection
The Solution Works with Your Evolving Business Model
Superior Flexibility
Multiple Traffic Redirection Methods Connect Cisco® CWS to your current infrastructure
ASA / ASAv
Standalone WSA / WSAv
ISR G2
AnyConnect®
$ $ $
True Security as a Service Manage CapEx and OpEx as your business grows
Web Filtering Webpage Web
Reputation
Application Visibil ity and
Control Anti-
Malware Outbreak
Intell igence File
Reputation Cognitive
Threat Analytics
X X X X
Before After
www.webs i te .c om
During
X
File Retrospection
www
Roaming User
Reporting
Log Extraction
Management
Branch Office
www www
Allow Warn Block Partial Block Campus Office
ASA Standalone WSA ISR G2 Any Connect® Admin Traf f ic Redirections
Talos Cisco® Cloud Web Security (CWS)
www
HQ
File Sandboxing
X
Cisco Confidential 49 C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Web Filtering
Webpage Web
Reputation Application
Visibil ity and Control
Parallel AV Scanning
Data Loss Prevention
File Reputation
Cognitive Threat
Analytics*
X X X X
Before After
www.webs i te .c om
During
X
File Retrospection
www
Roaming User
Reporting
Log Extraction
Management
Branch Office
www www
Allow Warn Block Partial Block Campus Office
WCCP Explicit/PAC Load Balancer PBR Any Connect® Admin Traf f ic Redirections
Talos Cisco® Web Security Appliance (WSA)
www
HQ
File Sandboxing
X
Client Authentication
Technique
Appliance Virtual
* Roadmap f eature: Projected release 2H CY15
Cisco Security Delivers…
Superior Flexibility Advanced Threat Protection
Comprehensive Defense
Cisco Confidential 51 C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Reputation Analysis The Power of Real-Time Context
Suspicious Domain Owner
Server in High Risk Location
Dynamic IP Address
Domain Registered
< 1 Min 192.1.0.68 example.com Example.org 17.0.2.12 Beijing London San Jose Kiev HTTP SSL HTTPS
Domain Registered
> 2 Year
Domain Registered < 1 Month
Web Server < 1 Month
Who How Where When
0101 1100110 1100 111010000 110 0001110 00111 010011101 11000 0111 0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100 0010 010 10010111001 10 100111 010 00010 0101 110011 011 001 110100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000
010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
-10 -9 -8 -7 -6 -5 -4 -3 -2 -1 0 1 2 3 4 5 6 7 8 9 10 IP Reputation Score
Cisco Confidential 52 C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Loss of Productivity Is a Threat How Much Bandwidth and Time Is Being Wasted?
Facebook time: 2,110,516 minutes or 35,175 hours, 1465 days, 4.1 years # of Facebook likes: 3,925,407 at 1 second per like. That’s almost 1100 hours per day, or 45 days just liking things
Bytes on YouTube video playback: 11,344,463,363,245 or 10 TB
Pandora: 713,884,303,727 or 0.6 TB
Total browsing time per day: 2,270,690,423 or 4,320 years Total bytes per day: 70,702,617,989,737 or 64 TB; over 15% from YouTube
Source: Cloud Web Security Report
Cisco Confidential 53 C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Time and Volume Quotas Intelligent Controls of Bandwidth Usage
► Control web usage to meet administrative policies, such as: - Total bandwidth used during work hours - Total bandwidth per day used for social media categories
► Configure polices to restrict access based on the amount of data (in bytes) and time
► Quotas are applicable to HTTP, HTTPS, and FTP traffic
► Configured under access policies and decryption policies
► Create custom end-user notifications of warnings when a quota is close, as well as when exceeded
Cisco Confidential 54 C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Acceptable Use Controls Beyond URL Filtering
URL Filtering
► Constantly updated URL database covering over 50 million sites worldwide
► Real-time dynamic categorization for unknown URLs
HTTP://
Application Visibility and Control (AVC)
Hundreds of Apps
Application Behavior
150,000+ Micro-Apps
► Control over mobile, collaborative, and web 2.0 applications
► Assured policy control over which apps can be used by which users and devices
► Granular enforcement of behaviors within applications
► Visibility of activity across the network
Cisco Confidential 55 C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
1.6 million global sensors
100 TB of data received per day
150 million+ deploy ed endpoints
600+ engineers, technicians, and researchers
35% worldwide email traf fic
13 billion web requests
24-hour daily operations
40+ languages
Cisco Web Security with AMP Built on Talos: Superior Security Intelligence
10I000 0II0 00 0III000 II1010011 101 1100001 110 110000III000III0 I00I II0I III0011 0110011 101000 0110 00
I00I III0I III00II 0II00II I0I000 0110 00
180,000+ file samples per day
FireAMP™ community
Advanced Microsoft and industry disclosures
Snort and ClamAV open source communities
Honeypots
Sourcefire AEGIS™ program
Private and public threat feeds
Dynamic analysis
101000 0II0 00 0III000 III0I00II II II0000I II0 1100001110001III0 I00I II0I III00II 0II00II 101000 0110 00
100I II0I III00II 0II00II I0I000 0II0 00 Cisco® SIO
Sourcefire®
Vulnerability Research Team
(VRT)
Email Endpoints Web Networks IPS Devices
WWW
Cisco Talos
WSA or CWS
Next-Generation Firewall
Multiple Point Solutions
Unified Threat Management
(UTM)
Stateful Firewall
VPN
Malware Analysis
Only Cisco delivers a threat-focused NGFW
Superior Protection Threat-centric defense across the attack continuum
Simplified Management Extensive control through a simpler user experience
Exceptional Value Low TCO with enterprise-grade protection
Cisco ASA with FirePOWER Services Next-Generation Firewall
(NGFW)
URL Filtering
Advanced Malware Protection (AMP)
Application Visibility and Control (AVC)
Next-Gen Intrusion Prevention System (NGIPS)
Reduce your threat exposure
Network Firewalling
Block unauthorized access and activity by controlling traffic flow
Application Visibility and Control (AVC)
Tailor application behavior to reduce attack surface and risk of data loss
URL Filtering
Restrict access to specific sites and sub-sites, as well as categories of sites
VPN Capabilities
Protect both site-to-site connections and remote users with granular control
W W W
Before After
Next Generation Intrusion Prevention System (NGIPS) Detect and prevent threats from entering your network
Malw are
Client applications
Operating systems
Mobile Devices
VOIP phones
Routers & sw itches
Printers
C & C Servers
Netw ork Servers
Users
File transfers
Web applications
Application protocols
Threats
No other NGFW offers this level of visibility The more infrastructure you see, the better protection you get
Typical IPS
Typical NGFW
Cisco ASA with FirePOWER Services
Before After
Reduce clean-up time from weeks to hours with AMP everywhere
Identify malware and suspicious files through behavioral indicators
Eliminate infections by turning back the clock
Continuous analysis + retrospective security
And remediate quickly after a breach Advanced Malware Protection (AMP)
Before After
No other NGFW offers this level of visibility; You cannot protect what you cannot see …
û
ü ü ü ü ü ü ü ü ü ü ü ü ü ü ü
ü ü ü ü
ü
ü Typical NGFW
Cisco® FirePOWER Services
Typical IPS
û û û û û û û û û û
û û û û û û û û û û û û û
Anyconnect
Simply and securely work anywhere on any device
Cisco AnyConnect Secure Mobility Client Extending Control of Context to the Endpoint
§ Delivers reliable and transparent secure remote access for the off-premises users
Helps ensure endpoint integrity § Multiple authentication
options § Comprehensive posture
checks
Provides automatic secure connectivity § End-to-end encryption § Integrated web security § Per-app VPN for mobile
Centralized Endpoint Secure Access Policy Common Context-Based Access Policy Services (Cisco® ISE + Cisco AnyConnect®)
Office Wired Access Office Wireless Access Remote Access
Cisco Prime™ Cisco ISE Third-Party MDM
Cisco Catalyst® Switches
Wired Network Devices
Cisco ASA Firewall
Cisco Confidential 65 C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco AnyConnect Secure Mobility Client Redirect Roaming Users to Premises and/or Cloud
Roaming laptop, mobile, or tablet user
Roaming laptop users
Client installed on machine
Web Users
Block
WWW
Warn
WWW
Allow
WWW
Delivers Verdict
WSA applies w eb security features
Web Security Location
CWS applies w eb security features
Web Traffic Redirection
Router or f irew all re-route traff ic to WSA or CWS
Backhauls traffic through VPN tunnel to HQ
Routes traffic through SSL tunnel direct to closest Cisco® cloud proxy
Cisco AnyConnect®
Client
VPN
ACWS
VPN
Identity Services
Cisco ISE Focuses On…
Enhancing Visibility – Accurately Identify and Assess Network Users & Devices
Securing Access – Grant network access aligned with appropriate business policy and contain network threats
Brokering Context – Collects and shares contextual data to accelerate and improve ecosystem partner capabilities
Cisco ISE is the Market-Leading Security Policy Controller that Offers Deeper Visibility, Secures Network Access Control, and Prevents the Spread of Network Threats.
Cisco Identity Services Engine (ISE)
NETWORK / USER CONTEXT
How
What Who
Where When
Access Policy Compromised
Device CXO Level
Secure Access
BYOD Employee
User
Guest Visitor
INTEGRATED PARTNER ECOSYSTEM
ü MINIMIZE NETWORK UNKNOWNS ü REDUCE YOUR ATTACK SURFACE
ü ENFORCE THE RIGHT LEVEL OF ACCESS CONTROL ü CONTAIN MALICIOUS NETWORK THREATS
Role-Based Secure Access with ISE Confidential
Patient Records
Internal Employee Intranet
Internet
ü Acquires Important Context & Identity from the Network ü Implements Context-Aware Classification & Policy ü Provides Differentiated Access to the Network
Who: Guest What: iPad Where: Office
Who: Doctor What: Laptop Where: Office
Who: Doctor What: iPad Where: Office
Simplifying Guest Access for the Enterprise
Corporate Branding and Themes
Mobile Guest Sponsorship
Streamlined Guest Creation
Design Easily in Minutes, Deploy Securely in Just Hours
Your credentials
username: trex42 password: littlearms
Create Accounts
Print Email SMS
Guest Access Notification via SMS
Desktop & Mobile Ready!
Supports 1M Registered Endpoints and 250K ACTIVE, Concurrent Endpoints
Streamlining BYOD and Enterprise Mobility Reducing the Complexity of Managing BYOD and Device Onboarding
Integrated Native Certificate Authority for Devices
Customizable Branded Experiences
Easy User Onboarding with Self-Service Device Portals
Improved Device Recognition Desktop & Mobile Ready!
Comprehensive Device Security with Posture and EMM
Dynamic Control with Rich Contextual Profiling Simple Identity Simply Isn’t Helpful Enough Anymore
POOR context awareness à “Simple Identity” - Who are you? à IP Address 192.168.1.51
RESULT: Any user, Any device, Anywhere gets on the network
EXTENSIVE context awareness à “RICHER Identity”
RESULT: The Right user, on Right device, from the Right place is granted the RIGHT ACCESS
Who? à Bob
Where? à Building 200, 1st Floor
What? à Tablet
When? à 11:00 AM EST on April 10th
Increase Device Visibility with Profile Feed Service Reduce Unknown Devices on Networks by 74%, on Average*
DEVICE PROFILING FEED SERVICE
IoT Security Camera
VoIP Office Phone
Corporate Managed
Tablet
Get New, Vetted Device Profiles from Cisco & the Community
More Accurately Profiled Devices; Faster, More Secure Onboarding
Enterprise Mobility Management Integrations Enforce True Device Compliance for All Mobile Devices
Sees ALL devices on the network
Requires devices to comply with EMM policy
Provides guest access to non-EMM devices
Sees unregistered devices on the network?
Forces EMM Policy Compliance?
Keeps noncompliant devices off network?
ISE + EMM Together
EMM Secures Actual Device
Cisco ISE Secures Network Access
SOLUTION
Employee Tag
PCI POS Tag
Partner Tag
Non-Compliant Tag
Voice Tag
Employee
Leverage the Network as a Sensor and Enforcer
Non-Compliant
Campus Core
Data Center
Data VLAN 20 (Segmentation within the same VLAN)
Non-Compliant
Access Layer
Voice Employee PCI POS Partner
SSL VPN
ISE
ASA
Lancope (NetFlow Analytics)
Data VLAN 20 Quarantine
Classification Results: Dev ice Type: Apple iPAD User: Mary Group: Employee Corporate Asset: Yes Malware Detected Yes
Data Center Firewall
Conclusion
Defending Against These Advanced Threats Requires Greater Visibility and Control Across the Full Attack Continuum
Attack Continuum
Before Discover Enforce Harden
During Detect Block
Defend
After Scope Contain
Remediate
Network Endpoint Mobile Virtual Cloud Email & Web
Point in Time Continuous
Only Cisco Security Can Deliver… Visibility and Control Across the Full Attack Continuum
Attack Continuum
Before Discover Enforce Harden
During Detect Block
Defend
After Scope Contain
Remediate
FireSIGHT and pxGrid
ASA VPN
NGFW Meraki
Advanced Malware Protection
Cognitive
NGIPS
ESA/WSA
CWS Secure Access + Identity Services ThreatGRID
Cisco Confident ial 7 9 © 2 0 1 3 - 2 0 1 4 C isco and/or its affiliates . All rights reserved.
Thank You and Next Steps
B rian Avery bravery@ c isc o.c om
C ontac t Your C is c o Partner https ://tools .cisco.com/WWChannels/LOC AT R /performB asic S earch.do
www.
Learn more about C is c o S ec urity: www.c is c o.com/go/sec urity/
Cisco Confident ial 8 0 © 2 0 1 3 - 2 0 1 4 C isco and/or its affiliates . All rights reserved.
§ C C E s es s ions are held weekly on a variety of topic s
§ C C E s es s ions c an help you unders tand the c apabilities and bus ines s benefits of C is c o tec hnologies
§ W atc h replays of pas t events and regis ter for upc oming events !
V is it http://cs .co/cisco101 for details
Join us again for a future Cisco Customer Education Event
Thank you.