cisco customer education - cisco files · cisco customer education hackers, botnets and malware -...

Cisco Customer Education Hackers, Botnets and Malware - Oh My!

Battle 21st Century Threats with Cisco Next-Gen Security

This session was recorded via Cisco WebEx! You can watch the live session recording via the following URL:

https://new-webex.webex.com/new-webex/lsr.php?RCID=174725854f484d5c81012ac8a9a2114c

Thanks for your interest and participation!








Cisco Customer Education Hackers, Botnets and Malware - Oh My!

Battle 21st Century Threats with Cisco Next-Gen Security

Connect using the audio conference box or you can call into the meeting:

1. Toll-Free: (866) 432-9903

2. Enter Meeting ID: 208 363 040 and your attendee ID number.

3. Press “1” to join the conference.

Presentation Agenda

► Welcome from Cisco

► Security in the 21st Century

► Conclusion

► There’s Big Money in Hacking

► Introducing Cisco Security About Your Host Brian Avery Territory Business Manager, Cisco Systems, Inc.

[email protected]

Cisco Confident ial 4 © 2 0 1 3 - 2 0 1 4 C isco and/or its affiliates . All rights reserved.

Who Is Cisco?


C omputer s cientis ts , Len Bos ack and S andy Lerner found C is co S ys tems

B os ack and Lerner run network cables between two different buildings on the S tanford Univers ity campus

A technology has to be invented to deal with dis parate local area protocols ; the multi- protocol router is born

1984


Who Is Cisco?

John Chambers, Chairman and CEO, Cisco

• Dow Jones Industrial Average Fortune 100 Company

• $145B Market Capitalization

• $48B in Revenue

• $8B in Annual Profits

• $33B More Cash than Debt

• $5.9B in Research and Development

http://finance.yahoo.com/q/ks?s=CSCO+Key+Statistics




Market Leadership Matters

No. 1

Vo ice

39%

No. 1

TelePresence

43%

No. 1

Web Conferencing

41%

No. 1

Wireless LAN

50%

No. 2

x86 Blade Servers 27%

No. 1

Routing Edge/Core/

Access

45%

No. 1

Security

33%

No. 1

Switching Modular/Fixed

64%

No. 1

Storage Area Networks

47%

Q1CY14


§ C C E is an educ ational s es s ion for c urrent and pros pec tive C is c o c us tomers

§ Des igned to help you unders tand the c apabilities and bus ines s benefits of C is c o tec hnologies

§ Allow you to interac t direc tly with C is c o s ubjec t matter experts and as k ques tions

§ Offer as s is tanc e if you need/want more information, demons trations , etc .

What Is the Cisco Customer Education Series?

Cisco Confidential 9 C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.

Security in the 21st Century


Remember This Movie?

http://www.imdb.com/title/tt0086567/


Setec Astronomy!

http://www.imdb.com/title/tt0105435/

There’s Big Money in Hacking


1990 2020 2015 2010 2005 2000 1995

Phishing, Low Sophistication

Hacking Becomes an Industry

Sophisticated Attacks, Complex

Landscape

Viruses 1990–2000

Worms 2000–2005

Spyware and Rootkits 2005–Today

APTs Cyberware Today +

The Industrialization of Hacking


http://www.popsci.com/dark-web-revealed

http://www.popsci.com/dark-web-revealed


The Problem is “The Easy Button”

As of 12/31/2014 http://www.idtheftcenter.org/images/breach/DataBreachReports_2014.pdf

Total Breaches in 2014 - 783 Records Exposed – 85,611,528

1,000,000

70,000,000

56,000,000 2,600,000

1,100,000

http://www.idtheftcenter.org/images/breach/DataBreachReports_2014.pdf

Cisco Confident ial 1 6 © 2 0 1 3 - 2 0 1 4 C isco and/or its affiliates . All rights reserved.

Attack Vectors

§ Virus

§ Trojan

§ W orm

§ P his hing

§ S oc ial Engineering

§ Malware

§ S pyware

§ Botnets

§ Hac king

§ Malic ious W eb S ites

§ OS Vulnerabilities

§ S o muc h more…


But… I am just a small fish in a BIG pond.

Yet organizations of every size are targets

Adversaries are attacking you And using you By targeting your organization’s: To attack your enterprise customers and partners:

Customer data

Intellectual property

Company secrets

60% of UK small businesses were compromised in 2014 (2014 Inf ormation Security Breaches Survey)

100% of corporate networks examined had malicious traffic (Cisco 2014 Annual Security Report)

41% of targeted attacks are against organizations with fewer than 500 employees (July 2014 The National Cyber Security Alliance (NCSA)

Multiple Point Solutions

Traditionally your security options have been limited

Difficult integrations leave security gaps

Costly & time-consuming setup and support

Unified Threat Management

(UTM)

Stateful Firewall

VPN

Malware Analysis

Limited threat effectiveness

Dynamic Threat Landscape

It is a Community that hides in plain sight

avoids detection, and attacks swiftly

60% of data is stolen in hours

54% of breaches

remain undiscovered for months

100% of companies connect to domains that host

malicious files or services

If you knew you were going to be compromised, would you do security differently?

The Question Is No Longer if Malware Will Get Into Your Network

Where do I start?

How bad is the situation?

What systems were affected?

What did the threat do?

How do we recover?

How do we keep it from happening again?

Confirm Infection

Analyze Malware

Malware Proliferation

Remediate Search Network Traffic

Search Device Logs

Scan Devices

Define Rules (from

profile)

Build Test Bed

Static & Dynamic Analysis

Device Analysis

Network Analysis

Proliferation Analysis

Notification Quarantine Triage

Malware Profile

Stop

Search for Re-infection

Update Profile

Confirm

Infection Identified

Cannot Identify Infection No

Infection

It’s How Quickly You Can Detect the Infection, Understand Scope, and Remediate the Problem

Introducing Cisco Security

Defending Against These Advanced Threats Requires Greater Visibility and Control Across the Full Attack Continuum

Attack Continuum

Before Discover Enforce Harden

During Detect Block

Defend

After Scope Contain

Remediate

Network Endpoint Mobile Virtual Cloud Email & Web

Point in Time Continuous


Attack Continuum


During Detect Block

Defend

After Scope Contain

Remediate

FireSIGHT and pxGrid

ASA VPN

NGFW Meraki

Advanced Malware Protection

Cognitive

NGIPS

ESA/WSA

CWS Secure Access + Identity Services ThreatGRID

ASA

NGFW

VPN

Secure Access + Identity Services

NGIPS

CWS


Stay protected against the latest threats with regular updates pushed automatically

Identify advanced threats quickly with industry-leading threat research

Get industry-specific threat intelligence tailored to your business

Catch advanced threats endpoints miss with Cisco’s reverse engineers and threat analysts

Deploy the smartest threat defense available

00I00 I00I0I II0I0I 0II0I I0I00I0I0 0II0I0II 0I00I0I I0 00 II0III0I 0II0II0I II00I0I0 0I00I0I00 I0I0 I0I0 I00I0I00

III00II 0II00II I0I0II0II0 I0 I0 I00 00I0 I000 0II0 00

III00II I000I0I I000I0I I000I0I II 0I00 I0I000 0II0 00 00I I0I0I0 I0I0III000 I0I00I0I 0II0I0 I00I0I0I0I 000

II0II0I0I0I I0I0I0I 0I0I0I0I 0I0I00I0 I0I0I0I 0II0I0I0I

0II00 I00I0I0 0I00I0I I00I0I0 I0I0I0I 0I0I0I 0I0I0I0 00I0I0 0I0I0I0 I0I0I00I 0I0I 0I0I 0I0I I0I0I 0I00I0I

III00II 0II00II I0I000 0II0 00I0I00 I0 I000I0I 0II 0I0I0I

III00II 0II00II 0I0I0I0I 0I I0 I00 000II0 I0I0 0II0 00

Email Endpoints Web Networks NGIPS Devices

WWW

24 ñ 7 ñ 365 Operations Jan

600+ Researchers

Research Response

Threat Intelligence

• Monitors 35% of the world’s email traffic

• Receives 1.1 million incoming malware samples daily

• Performs 4.9 billion AV and web filtering blocks per month

• Processes 100 terabytes of security intelligence daily

Talos

Before After

Cisco Advanced Malware Protection Built on Unmatched Collective Security Intelligence

1.6 mill ion global sensors 100 TB of data received per day 150 mill ion+ deployed endpoints 600 engineers, technicians, and researchers 35% worldwide email traffic

13 bil l ion web requests

24x7x365 operations

4.3 bil l ion web blocks per day

40+ languages

1.1 mill ion incoming malware samples per day

AMP Community

Private/Public Threat Feeds

Talos Security Intell igence

AMP Threat Grid Intelligence

AMP Threat Grid Dynamic Analysis 10 mill ion fi les/month

Advanced Microsoft and Industry Disclosures

Snort and ClamAV Open Source Communities

AEGIS Program

Email Endpoints Web Networks IPS Devices

WWW Automatic Updates every 3-5 minutes

101000 0110 00 0111000 111010011 101 1100001 110 1100001110001110 1001 1101 1110011 0110011 101000 0110 00

1001 1101 1110011 0110011 101000 0110 00 101000 0110 00 0111000 111010011 101 1100001 1100001110001110 1001 1101 1110011 0110011 10100

1001 1101 1110011 0110011 101000 0110 00 Cisco®

Collective Security

Intelligence Cisco Collective

Security Intelligence Cloud

AMP Advanced Malware Protection


AMP Delivers Integrated…

Retrospective Security Additional Point-in-Time Protection

File Reputation and Sandboxing Continuous Analysis


AMP Strengthens the First Line of Detection

Reputation Filtering and File Sandboxing

All detection is less than 100%

Dynamic Analysis

Machine Learning

Fuzzy Fingerprinting

Advanced Analytics

One-to-One Signature


With Real-Time Malware Scanning Dynamic Vectoring and Streaming ► Optimizes efficiency and catch rate with

intelligent multi-scanning

► Enhances coverage with multiple signature scanning engines

► Identifies encrypted malicious traffic by decrypting and scanning SSL traffic

► Improves user experience with parallel scanning for fastest analysis

► Provides the latest coverage with automated updates

Heuristics Detection Identify Unusual Behaviors

Anti-Malware Scanning

Parallel Scans, Stream Scanning

Signature Inspection Identify Known Behaviors

Multiple Anti-malware

Scanning Engines

Signature and Heuristic Analysis

And Continues to Analyze What Happens Along the Attack Continuum

0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110

1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00

0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00

Web

WWW

Endpoints Network Email Devices

IPS

File Fingerprint and Metadata

Process Information

Continuous feed

Continuous analysis

File and Network I/O

Breadth and Control points:

Telemetry Stream

Talos + Threat Grid Intelligence

Trajectory Behavioral Indications

of Compromise

Threat Hunting

Retrospective Detection

These applications are affected

What

The breach affected these areas

Where

This is the scope of exposure over time

When

Here is the origin and progression of the threat

How

Focus on these users first

Who

AMP Provides Contextual Awareness and Visibility That Allows You to Take Control of an Attack Before It Causes Damage

And the Power to Surgically Contain and Remediate

Cisco AMP Everywhere Strategy Means Protection Across the Extended Network

AMP Advanced Malware

Protection

AMP for Networks

AMP on Web & Email Security Appliances

AMP on Cisco® ASA Firewall with FirePOWER Services

AMP for Endpoints

AMP for Cloud Web Security & Hosted Email

AMP Private Cloud Virtual Appliance

MAC

PC Mobile

Virtual

CWS

AMP Threat Grid Dynamic Malware Analysis + Threat

Intelligence Engine

There Are Several Ways You Can Deploy AMP AMP


Deployment Options Email and Web; AMP

on Cisco® ASA CWS

AMP for Networks (AMP on FirePOWER Network

Appliance)

AMP for Endpoints AMP Private Cloud Virtual Appliance

Method License with ESA, WSA, CWS, or ASA customers Snap into your network Install lightweight

connector on endpoints On-premises Virtual Appliance

Ideal for New or existing Cisco CWS, Email /Web Security, ASA customers

IPS/NGFW customers Windows, Mac, Android, virtual machines

High-Privacy Environments

Details

§ ESA/WSA: Prime visibility into email/web

§ CWS: web and advanced malware protection in a cloud-delivered service

§ AMP capabilities on ASA with FirePOWER Services

§ Wide visibility inside network

§ Broad selection of features- before, during, and after an attack

§ Comprehensive threat protection and response

§ Granular visibility and control

§ Widest selection of AMP features

§ Private Cloud option for those with high-privacy requirements

§ For endpoints and networks

PC/MAC Mobile Virtual


AMP Provides Continuous Retrospective Security…

1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00

0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110

Continuous Feed

Continuous Analysis

Telemetry Stream

Web

WWW

Endpoints Network Email

Devices

IPS

File Fingerprint and Metadata

File and Network I/O

Process Information

Breadth and Control Points

Cisco Web Security

Web Security Is More Important Than Ever Before

The web is a popular attack vector for criminals

Without proper control, your own users can put your business at risk

Increased cloud adoption creates greater vulnerabilities

Compromise of the business

Breach of trust

Breach of security

Money, Jobs, and Company Reputations Are on the Line

Heartbleed String of Pearls Shell Shock Zeus

Some Try to Increase Security by Investing in More of the Same

Replace functional appliances with the most recent models

Add staff to keep up with the increasing security demands

Purchase and integrate one-off solutions to

address changing threat variants

Cisco Web Security Is A Better Approach

Addresses current web security

demands

Fits with existing infrastructure and grows

with your business

Adapts to meet the changing threat

landscape

Superior Flexibility Advanced Threat Protection

Cisco Web Security Delivers…

Comprehensive Defense

Deploy, manage, and scale easily to fit your business

Protect against advanced threats with adaptive web

security

Defend and control with best-in-class, cloud-delivered web

security

It Starts with Usage Controls and an Active Defense


Web Usage Control

Web Usage Control

Web Filtering

Block over 50 million known malicious sites

Web Reputation

Restrict access to sites based on assigned reputation score

Dynamic Content Analysis

Categorize webpage content and block sites automatically

Web Usage Reporting

Gain greater visibility into how web resources are used

Roaming Laptop-User Protection

Extend security beyond the network to include mobile users

Application Visibility and Control

Regulate access to individual website components and apps

Outbreak Intelligence

Identify unknown malware and zero-hour outbreaks in real time

Centralized Cloud Management

Enforce policies from a single, centralized location

And Combats Evolving Threats and Advanced Malware

Advanced Threat Protection

Cisco® Advanced Malware Protection (AMP)

File Reputation Increase the accuracy of threat detection by examining every aspect of a file

File Sandboxing Determine the malicious intent of a file before it enters the network

File Retrospection Identify a breach faster by tracking a file’s disposition over time

And the Solution Adapts to Meet Tomorrow’s Challenges

Email Endpoints W eb Networks IPS Devices

WWW

§ 100 TB intelligence § 1.6 million sensors

§ 150 million+ endpoints

§ 35% email worldwide

§ FireAMP™, 3+ million

§ 13 billion web requests each month

§ AEGIS™ and SPARK

§ Open source communities

§ 180,000+ files per day

§ 1 billion SBRS queries per day

§ 3.6 PB monthly through CWS

I00I III0I III00II 0II00II I0I000 0110 00 I00I III0I III00II 0II00II I0I000 0110 00

I00I III0I III00II 0II00II I0I000 0110 00 I00I III0I III00II 0II00II I0I000 0110 00 I00I III0I III00II 0II00II I0I000 0110 00 I00I III0I III00II 0II00II I0I000 0110 00

§ Advanced industry disclosures § Outreach activities § Dynamic analysis § Threat-centric detection content § SEU/SRU § Sandbox § VDB § Security intelligence § Email and web reputation

24 ñ 7 ñ 365 operations

J an 600+ Researchers

Research Response Threat Intelligence

Talos 24 ñ 7 ñ 365 operations

600+ Researchers

Advanced Threat Protection

The Solution Works with Your Evolving Business Model

Superior Flexibility

Multiple Traffic Redirection Methods Connect Cisco® CWS to your current infrastructure

ASA / ASAv

Standalone WSA / WSAv

ISR G2

AnyConnect®

$ $ $

True Security as a Service Manage CapEx and OpEx as your business grows

Web Filtering Webpage Web

Reputation

Application Visibil ity and

Control Anti-

Malware Outbreak

Intell igence File

Reputation Cognitive

Threat Analytics

X X X X

Before After

www.webs i te .c om

During

X

File Retrospection

www

Roaming User

Reporting

Log Extraction

Management

Branch Office

www www

Allow Warn Block Partial Block Campus Office

ASA Standalone WSA ISR G2 Any Connect® Admin Traf f ic Redirections

Talos Cisco® Cloud Web Security (CWS)

www

HQ

File Sandboxing

X


Web Filtering

Webpage Web

Reputation Application

Visibil ity and Control

Parallel AV Scanning

Data Loss Prevention

File Reputation

Cognitive Threat

Analytics*

X X X X

Before After

www.webs i te .c om

During

X

File Retrospection

www

Roaming User

Reporting

Log Extraction

Management

Branch Office

www www

Allow Warn Block Partial Block Campus Office

WCCP Explicit/PAC Load Balancer PBR Any Connect® Admin Traf f ic Redirections

Talos Cisco® Web Security Appliance (WSA)

www

HQ

File Sandboxing

X

Client Authentication

Technique

Appliance Virtual

* Roadmap f eature: Projected release 2H CY15

Cisco Security Delivers…

Superior Flexibility Advanced Threat Protection



Reputation Analysis The Power of Real-Time Context

Suspicious Domain Owner

Server in High Risk Location

Dynamic IP Address

Domain Registered

< 1 Min 192.1.0.68 example.com Example.org 17.0.2.12 Beijing London San Jose Kiev HTTP SSL HTTPS

Domain Registered

> 2 Year

Domain Registered < 1 Month

Web Server < 1 Month

Who How Where When

0101 1100110 1100 111010000 110 0001110 00111 010011101 11000 0111 0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100 0010 010 10010111001 10 100111 010 00010 0101 110011 011 001 110100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000

010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00

-10 -9 -8 -7 -6 -5 -4 -3 -2 -1 0 1 2 3 4 5 6 7 8 9 10 IP Reputation Score


Loss of Productivity Is a Threat How Much Bandwidth and Time Is Being Wasted?

Facebook time: 2,110,516 minutes or 35,175 hours, 1465 days, 4.1 years # of Facebook likes: 3,925,407 at 1 second per like. That’s almost 1100 hours per day, or 45 days just liking things

Bytes on YouTube video playback: 11,344,463,363,245 or 10 TB

Pandora: 713,884,303,727 or 0.6 TB

Total browsing time per day: 2,270,690,423 or 4,320 years Total bytes per day: 70,702,617,989,737 or 64 TB; over 15% from YouTube

Source: Cloud Web Security Report


Time and Volume Quotas Intelligent Controls of Bandwidth Usage

► Control web usage to meet administrative policies, such as: - Total bandwidth used during work hours - Total bandwidth per day used for social media categories

► Configure polices to restrict access based on the amount of data (in bytes) and time

► Quotas are applicable to HTTP, HTTPS, and FTP traffic

► Configured under access policies and decryption policies

► Create custom end-user notifications of warnings when a quota is close, as well as when exceeded


Acceptable Use Controls Beyond URL Filtering

URL Filtering

► Constantly updated URL database covering over 50 million sites worldwide

► Real-time dynamic categorization for unknown URLs

HTTP://

Application Visibility and Control (AVC)

Hundreds of Apps

Application Behavior

150,000+ Micro-Apps

► Control over mobile, collaborative, and web 2.0 applications

► Assured policy control over which apps can be used by which users and devices

► Granular enforcement of behaviors within applications

► Visibility of activity across the network


1.6 million global sensors

100 TB of data received per day

150 million+ deploy ed endpoints

600+ engineers, technicians, and researchers

35% worldwide email traf fic

13 billion web requests

24-hour daily operations

40+ languages

Cisco Web Security with AMP Built on Talos: Superior Security Intelligence

10I000 0II0 00 0III000 II1010011 101 1100001 110 110000III000III0 I00I II0I III0011 0110011 101000 0110 00

I00I III0I III00II 0II00II I0I000 0110 00

180,000+ file samples per day

FireAMP™ community

Advanced Microsoft and industry disclosures

Snort and ClamAV open source communities

Honeypots

Sourcefire AEGIS™ program

Private and public threat feeds

Dynamic analysis

101000 0II0 00 0III000 III0I00II II II0000I II0 1100001110001III0 I00I II0I III00II 0II00II 101000 0110 00

100I II0I III00II 0II00II I0I000 0II0 00 Cisco® SIO

Sourcefire®

Vulnerability Research Team

(VRT)

Email Endpoints Web Networks IPS Devices

WWW

Cisco Talos

WSA or CWS

Next-Generation Firewall

Multiple Point Solutions

Unified Threat Management

(UTM)

Stateful Firewall

VPN

Malware Analysis

Only Cisco delivers a threat-focused NGFW

Superior Protection Threat-centric defense across the attack continuum

Simplified Management Extensive control through a simpler user experience

Exceptional Value Low TCO with enterprise-grade protection

Cisco ASA with FirePOWER Services Next-Generation Firewall

(NGFW)

URL Filtering

Advanced Malware Protection (AMP)


Next-Gen Intrusion Prevention System (NGIPS)

Reduce your threat exposure

Network Firewalling

Block unauthorized access and activity by controlling traffic flow


Tailor application behavior to reduce attack surface and risk of data loss

URL Filtering

Restrict access to specific sites and sub-sites, as well as categories of sites

VPN Capabilities

Protect both site-to-site connections and remote users with granular control

W W W

Before After

Next Generation Intrusion Prevention System (NGIPS) Detect and prevent threats from entering your network

Malw are

Client applications

Operating systems

Mobile Devices

VOIP phones

Routers & sw itches

Printers

C & C Servers

Netw ork Servers

Users

File transfers

Web applications

Application protocols

Threats

No other NGFW offers this level of visibility The more infrastructure you see, the better protection you get

Typical IPS

Typical NGFW

Cisco ASA with FirePOWER Services

Before After

Reduce clean-up time from weeks to hours with AMP everywhere

Identify malware and suspicious files through behavioral indicators

Eliminate infections by turning back the clock

Continuous analysis + retrospective security

And remediate quickly after a breach Advanced Malware Protection (AMP)

Before After

No other NGFW offers this level of visibility; You cannot protect what you cannot see …

û

ü ü ü ü ü ü ü ü ü ü ü ü ü ü ü

ü ü ü ü

ü

ü Typical NGFW

Cisco® FirePOWER Services

Typical IPS

û û û û û û û û û û

û û û û û û û û û û û û û

Anyconnect

Simply and securely work anywhere on any device

Cisco AnyConnect Secure Mobility Client Extending Control of Context to the Endpoint

§ Delivers reliable and transparent secure remote access for the off-premises users

Helps ensure endpoint integrity § Multiple authentication

options § Comprehensive posture

checks

Provides automatic secure connectivity § End-to-end encryption § Integrated web security § Per-app VPN for mobile

Centralized Endpoint Secure Access Policy Common Context-Based Access Policy Services (Cisco® ISE + Cisco AnyConnect®)

Office Wired Access Office Wireless Access Remote Access

Cisco Prime™ Cisco ISE Third-Party MDM

Cisco Catalyst® Switches

Wired Network Devices

Cisco ASA Firewall


Cisco AnyConnect Secure Mobility Client Redirect Roaming Users to Premises and/or Cloud

Roaming laptop, mobile, or tablet user

Roaming laptop users

Client installed on machine

Web Users

Block

WWW

Warn

WWW

Allow

WWW

Delivers Verdict

WSA applies w eb security features

Web Security Location

CWS applies w eb security features

Web Traffic Redirection

Router or f irew all re-route traff ic to WSA or CWS

Backhauls traffic through VPN tunnel to HQ

Routes traffic through SSL tunnel direct to closest Cisco® cloud proxy

Cisco AnyConnect®

Client

VPN

ACWS

VPN

Identity Services

Cisco ISE Focuses On…

Enhancing Visibility – Accurately Identify and Assess Network Users & Devices

Securing Access – Grant network access aligned with appropriate business policy and contain network threats

Brokering Context – Collects and shares contextual data to accelerate and improve ecosystem partner capabilities

Cisco ISE is the Market-Leading Security Policy Controller that Offers Deeper Visibility, Secures Network Access Control, and Prevents the Spread of Network Threats.

Cisco Identity Services Engine (ISE)

NETWORK / USER CONTEXT

How

What Who

Where When

Access Policy Compromised

Device CXO Level

Secure Access

BYOD Employee

User

Guest Visitor

INTEGRATED PARTNER ECOSYSTEM

ü MINIMIZE NETWORK UNKNOWNS ü REDUCE YOUR ATTACK SURFACE

ü ENFORCE THE RIGHT LEVEL OF ACCESS CONTROL ü CONTAIN MALICIOUS NETWORK THREATS

Role-Based Secure Access with ISE Confidential

Patient Records

Internal Employee Intranet

Internet

ü Acquires Important Context & Identity from the Network ü Implements Context-Aware Classification & Policy ü Provides Differentiated Access to the Network

Who: Guest What: iPad Where: Office

Who: Doctor What: Laptop Where: Office

Who: Doctor What: iPad Where: Office

Simplifying Guest Access for the Enterprise

Corporate Branding and Themes

Mobile Guest Sponsorship

Streamlined Guest Creation

Design Easily in Minutes, Deploy Securely in Just Hours

Your credentials

username: trex42 password: littlearms

Create Accounts

Print Email SMS

Guest Access Notification via SMS

Desktop & Mobile Ready!

Supports 1M Registered Endpoints and 250K ACTIVE, Concurrent Endpoints

Streamlining BYOD and Enterprise Mobility Reducing the Complexity of Managing BYOD and Device Onboarding

Integrated Native Certificate Authority for Devices

Customizable Branded Experiences

Easy User Onboarding with Self-Service Device Portals

Improved Device Recognition Desktop & Mobile Ready!

Comprehensive Device Security with Posture and EMM

Dynamic Control with Rich Contextual Profiling Simple Identity Simply Isn’t Helpful Enough Anymore

POOR context awareness à “Simple Identity” - Who are you? à IP Address 192.168.1.51

RESULT: Any user, Any device, Anywhere gets on the network

EXTENSIVE context awareness à “RICHER Identity”

RESULT: The Right user, on Right device, from the Right place is granted the RIGHT ACCESS

Who? à Bob

Where? à Building 200, 1st Floor

What? à Tablet

When? à 11:00 AM EST on April 10th

Increase Device Visibility with Profile Feed Service Reduce Unknown Devices on Networks by 74%, on Average*

DEVICE PROFILING FEED SERVICE

IoT Security Camera

VoIP Office Phone

Corporate Managed

Tablet

Get New, Vetted Device Profiles from Cisco & the Community

More Accurately Profiled Devices; Faster, More Secure Onboarding

Enterprise Mobility Management Integrations Enforce True Device Compliance for All Mobile Devices

Sees ALL devices on the network

Requires devices to comply with EMM policy

Provides guest access to non-EMM devices

Sees unregistered devices on the network?

Forces EMM Policy Compliance?

Keeps noncompliant devices off network?

ISE + EMM Together

EMM Secures Actual Device

Cisco ISE Secures Network Access

SOLUTION

Employee Tag

PCI POS Tag

Partner Tag

Non-Compliant Tag

Voice Tag

Employee

Leverage the Network as a Sensor and Enforcer

Non-Compliant

Campus Core

Data Center

Data VLAN 20 (Segmentation within the same VLAN)

Non-Compliant

Access Layer

Voice Employee PCI POS Partner

SSL VPN

ISE

ASA

Lancope (NetFlow Analytics)

Data VLAN 20 Quarantine

Classification Results: Dev ice Type: Apple iPAD User: Mary Group: Employee Corporate Asset: Yes Malware Detected Yes

Data Center Firewall

Conclusion


Attack Continuum


During Detect Block

Defend

After Scope Contain

Remediate

Network Endpoint Mobile Virtual Cloud Email & Web

Point in Time Continuous

Only Cisco Security Can Deliver… Visibility and Control Across the Full Attack Continuum

Attack Continuum


During Detect Block

Defend

After Scope Contain

Remediate

FireSIGHT and pxGrid

ASA VPN

NGFW Meraki


Cognitive

NGIPS

ESA/WSA

CWS Secure Access + Identity Services ThreatGRID


Thank You and Next Steps

B rian Avery bravery@ c isc o.c om

C ontac t Your C is c o Partner https ://tools .cisco.com/WWChannels/LOC AT R /performB asic S earch.do

www.

Learn more about C is c o S ec urity: www.c is c o.com/go/sec urity/

mailto:[email protected]

https://tools.cisco.com/WWChannels/LOCATR/performBasicSearch.do

https://tools.cisco.com/WWChannels/LOCATR/performBasicSearch.do

http://www.cisco.com/go/security/


§ C C E s es s ions are held weekly on a variety of topic s

§ C C E s es s ions c an help you unders tand the c apabilities and bus ines s benefits of C is c o tec hnologies

§ W atc h replays of pas t events and regis ter for upc oming events !

V is it http://cs .co/cisco101 for details

Join us again for a future Cisco Customer Education Event

http://cs.co/cisco101

Thank you.

cisco customer education - cisco files · cisco customer education hackers, botnets and malware -...

Documents