cisco on cisco: why security is the heart of our approach

Cisco Confidential © 2015 Cisco and/or its affiliates. All rights reserved. 1

Cisco-on-Cisco: Why Security is the Heart of our Approach Steve Martino

VP, Chief Information Security Officer

May 19, 2016

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

What Does 2030 Look Like?

‘‘There will be more than 500B connected devices in 2030’’

Connectable Things Smartphones Connected Devices

CAGR 2014-2030

Connections

per Human

Software IT

Spending

Cloud Software

CAGR 2014-2030

per Human

2.5T 6.1B 18.5 % 26

$820B 17.1 % 10.4 Zettabytes 13.6 Terabytes

2019 Global

IT Traffic


Add the 39% Stat and Quote

From next slide.

Added

Digitization Drives Growth… and Requires Strong Cybersecurity

“ My organization halted a mission-critical initiative

due to Cybersecurity fears.”…39% Agree

Survey Survey

How important is digitization

to your current growth strategy?

How much does the success

of digitization depend on strong cybersecurity?

69%

27%

Very important

Moderately important 64%

32%

Significant driver of success

Moderate driver of success


Security Breaches on the Rise

Source: PWC Information Security Breaches Survey 2015

Awareness

Training

Security

Spend

up 65% up 53%

Security

Breaches

up 81%

90%

Staff

Related

up 58%

75%

Human

Error

up 31%

50%

Unauthorized

Outsider

up 55%

69% 72% 44%

Aligned everything and

modified order labels

Large Organizations Suffering Breaches Reactions to Breaches



Well Publicized Security Breaches Victim industry (filtered for network intrusions)


21.7% 12.2% 10.4% 9.9% 9.9% 8.1% 6.1% 22%

Retail

Manufacturing

Information

Food Services

Professional

Finance

Transportation

Unknown

Source: Verizon Data Breach Report


500B Devices Connected by 2030

$19T

Opportunity

Digital Disruption,

Massive Scale Active

Adversaries

Security

Attack surface

Threat Actors

Attack Sophistication

Increasingly harder to detect

sophisticated threats

A Board level issue

Cloud must be Secure

No Device Type is Safe

Changing

Business Models Dynamic Threat

Landscape Pervasive Security

is Imperative

Security Challenges



Security: Cisco’s #1 Priority

“ We Securely Connect

Everything to Make

Anything Possible”




“ Become the

#1 Trusted IT Partner

in the World”




“ Requires a

Trustworthy Company

to Deliver Secure IT”



Security is not a Business Obstacle to Success

Security is a Business Enabler


http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwirwpugooPMAhUCzmMKHbrWABYQjRwIBw&url=http://www.boisebasinins.com/commercial-cyber-insurance-eagle-id/&bvm=bv.119028448,d.cGc&psig=AFQjCNEi7UssmaIgGUMrsu12kXvzy2U14g&ust=1460350109707826


Cisco’s Commitment to Security


Cisco’s #1

Priority

Billions

Invested

#1

Cybersecurity

Solutions

Provider

5K

People

Strong

Cognitive

Sourcefire

ThreatGRID

Neohapsis

OpenDNS

Portcullis

Lancope

Broad/Deep

Portfolio

Expanded

Services

Capabilities

Trusted

Advisor

Effective

Automated

Open

Simple

Securely

Connect

Everything

to Make

Anything

Possible


A Portfolio of Trust: The Differentiator A Holistic Approach to Trust that Differentiates Cisco – the Six Pillars

Security

and Trust

Trusted

Enterprise

Customer Data

Protection

Transparency

and Validation

Trusted

Cloud

Trustworthy

Systems

Value Chain

Security


Trustworthy Systems

Technology

Secure

Process

Secure

Standards

Trusted Systems – Foundation of Trust

Process Policy

CSDL

Technology

ISO 27034

FIPS/USGv6

TCG

Visibility and Control

Secure Communications

Platform Integrity

Perform

GAP

Analysis Register and

Update 3rd

Party

Software

Identify and

Address

Security

Threats Prevent

Security

Attacks

Detect

Security

Defects

Validate

Requirements

and Resiliency

Lifecycle/Security Baseline Information Assurance (IA) Common Modules and Hardware


Growing Cloud Infrastructure

The Future

69 current cloud offerings growing to over 200 in

the next few years – 40% YoY growth

• Much of the growth is coming in the from of

existing On-Prem products moving to the Cloud

(i.e. Cloud VPN, Cloud MPLS, Cloud iWAN)


Success Today

Customers are now outsourcing to Cloud at an

accelerated rate. Not just in the number of capabilities

outsourced, but accelerating the transaction volume

18M+ WebEx meetings per month –

14% YoY growth

70M+ WebEx meeting attendees per month –

18% YoY growth

1B+ WebEx audio minutes per month –

47% YoY growth

4B+ WebEx meeting minutes per month –

24% YoY growth


Cloud Security Model to Drive Trust Cloud Security Lifecycle

• Security Standards and Architectures

• Threat Analysis and Protection

• Common Secure Services

Build

• Data Encryption and Protection

• Intrusion Detection and Prevention Systems

• Security Governance

Operate

• Self Service Customer Transparency

• Secure Cloud Supply Chain

• Application Layer Data and Event Monitoring

Monitor

69 Clouds in Development or Operation

Continuous Security Automation


Trusted Enterprise: What We Must Protect

122K Workforce

170 Countries

~3M IP Addresses

215K Infra Devices

275K Total Hosts

2500+ IT Applications

26K Remote Office Connections

via Cisco Virtual Office

16 major Internet connections

~32 TB bandwidth used daily

1350 Labs

160+ Acquisitions

300 partner extranet connections

400 Cloud ASPs

WebEx, Meraki, OpenDNS and Growing Portfolio of Offers


Need to Adjust build

- Slide – building, (grn) Challenges/Solutions

- 95%

- (orange) threats, 5%, Evolving Solutions Animation per above

How Well are You Dealing with Threats?

• Social networking attacks

• Targeted spear phishing and Trojans

• Compromised hosts/remotely controlled

• Nation state attacks

Advanced Threats

• Managed/Unmanaged desktops

• Generic Spam/Malware

• DDoS

• Rapidly changing environment

Security Challenges

• Expanded data collection

• NetFlow, IP Attribution, DNS…

• Big data analytics and playbooks

• Rapid containment

• DNS/RPZ, Quarantine, On-line host forensics

• Threat/situational awareness

Evolving Solutions

• Anti-virus

• NGFirewall/IDS/IPS

• IronPort WSA/ESA

• DLP

• Identity/Access

• Network segmentation

Foundational Solutions

5%

95%


Add – But want to

Play with layout.

Added new background

One Day Defending Cisco


4TB

Data Collected

and Analyzed

NetFlow Analyzed

p/day

(Lancope)

15B

Traffic Inspected

p/day

27TB

Alerts p/day

(NG-IPS)

1.5M

Network

Events

1.7T

10K

Files Analyzed

p/day

(ThreatGRID)

5.8B

DNS Records

p/day

6M

Web Transactions

Blocked p/day

(WSA)

425

Devices Detecting and

Preventing Incidents

4.1M

Email Transactions

Blocked p/day

(ESA)


Who, What, Where, When and…

Confidential

Data

Damage the brand

Exploit the Network

Steal Customer

Data

Pivot Through us to Attack Customers

Fraud

Steal IP

Game the Stock Price

Industrial Espionage

How


Analytics Security Events

Business Policies and Procedures

Network Instrumentation

Controls

Accountability Security Metrics

Firewalls, Proxies, ID/Access, Segmentation

ISMS to manage Risk Across the Enterprise

Security Aligned to Business/Tech Changes

Detects and Remediate Threats

Foundation: People – Process - Technology

IT and Business Partnerships

Understanding of Threat Landscape and Critical Assets

Operationalizing Security


Security Policies Integral part of Code of Business Conduct

Clean up--- needs two columns so font is big enough

• Information Security

• Acceptable Use

• Data Protection

• Access Management

• Password Management

• Network Access

• Application Security

• Server Security

• Computer Security Incident Management

• Cloud Service Provider

• Cryptographic Controls

• Intellectual Assets Protection

• Lab Security

• Audit

Policy Creation

Policy

Implementation

CISO CIO

Aligns with ISO; maps to NIST, Others

People/Process/Tech Partnership

Threat & Assets


Phishing Campaign

Q1

New Doctor

Q2

Background Check

Q3

Account Closing

Q4

Plan Recruitment

Cisco 13% 19% 10% 5%

Information Security 1% 8% 6% 1%

• Phishing is #1 source of endpoint compromise

• Different levels of sophistication and difficulty each quarter

• Remember it only takes one Phish to compromise YOU


Threat & Assets


Expanding Accountability Services security primes

Service

Executive

1 or more primes

Service Owner

1 or more primes

Service Security

Prime

• CSO of the Service

• Single point of accountability

• Increase communication and awareness around security

Partner Security

Architect

InfoSec Team

• Security SMEs

• Security architecture reviews

• Trusted advisors

• Establishes security technology baselines

• Formal approval for exceptions

• Establishes corporate security policies and guidelines


Threat & Assets


Balancing Operational Requirements vs. Enhancements

Service Owner

Score Cards

*Pending

Service Execs

Vulnerabilities

and Performance *Trending

CIO

Unified

Services Metrics *Aging and Trending


Threat & Assets


Devices

Firewalls

Intrusion Detection and Prevention (IPS)

Email and Web Security

Anti Virus Identity and Access

VPN

Security Information

and Event Monitoring

Exploit Trusted

Layer

Traditional Defense in Depth Approach

Trusted

Platform

Virtualized

Environment

Network

Environment


Threat & Assets


Devices

Firewalls

Intrusion Detection and Prevention (IPS)

Email and Web Security

Anti Virus Identity and Access

VPN

Security Information

and Event Monitoring

Exploit Trusted

Layer

Next Wave of Security – Trusted Enterprise E

xte

rnaliz

ed P

eri

mete

r Active Response Integrated Threat

Defense

Any Device

Trusted

Platform

Virtualized

Environment

Network

Environment


Threat & Assets


Product As a Service

Meeting Place On-Prem

Hosted Collaboration

Call Manager On-Prem

Team Collaboration IWE

(WebEx Social)

Documentation In-House

140

182

237

308

400

0

100

200

300

400

500

2011 2012 2013 2014 2015

Nu

mb

er

of P

rovid

ers

CAGR

= 30%

Cloud Providers

Hosted Unified

Communications

in the cloud

Need way to connect slides 37-44 to

“yellow” bars on 36 (i.e. “External Perimeter”

Added labels on slide 36-42

Cisco Enterprise Journey to Cloud


Privacy and Data Security

Application Security

Infrastructure Security

Authentication Authorization

Vulnerability Management

Logging and Auditability

Support and Operations

Incident Analysis and Forensics

Business Continuity and

Resiliency

Externalized Perimeter Next Wave – Enabling Clouds (Cloud Assessment and Service Provider Remediation)


Cloud Vendors: CASPR Models

CASPR Standard CASPR

Lite

CASPR

Plus

Data Classification

Infrastructure

Business and

Risk Impact

Cisco Public or

Cisco Confidential only

Integration with Cisco

Internal networks not

permitted: (Examples: SSO,

VPN, Database

to Database connectivity)

Low and Medium

(Primarily focused on the

SaaS)

Cisco Public, Cisco

Confidential Only, Cisco

Highly Confidential,

or Cisco Restricted

All integration and

deployment models are

accepted dependent on

further review

Low and Medium

Risk CSPs

Cisco Highly Confidential or

Cisco Restricted only

All integration and

deployment models are

accepted dependent on

further review

High

(Monetary damage greater

than $400mil. The need for

continuous monitoring of

technical controls)

Externalized Perimeter


Growths based on a 3 month period (including some other device types)

18 month Sparkline

135,074 Laptops & Desktops

(COD or BYOD)

Any Device

Diversity of Cisco Users | As of January 2016

87,864

-0.5% Growth

10,107

-1.6% Growth

37,103

-0.6% Growth

68,344* Mobile Devices

(BYOD)

380

-5.0% Growth

471

-11.1% Growth

11,056

0.6% Growth

40,850

0.2% Growth

15,587

-1.3% Growth


Trusted Device

More controls needed to scale

access and services

Remote Wipe (Cisco Data)

Anti-Malware

Encryption (Cisco Data)

Minimum OS

Software Patching

Rooted Device Detection (Mobile

Devices Only)

Device Registration

Password/Screen-lock Enforcement

Hardware/Software Inventory

Any Device

Next Wave - Trusted Device



Any Device

ISE Enabled

Differentiated Access

Trusted Device

More controls needed to

scale access and services

Remote Wipe (Cisco Data)

Anti-Malware

Encryption (Cisco Data)

Minimum OS

Software Patching

Rooted Device Detection (Mobile

Devices Only)

Device Registration

Password/Screen-lock Enforcement

Hardware/Software Inventory

Identity Application and Data Network

Content

Workforce Data

ID Management

Cisco ISE

Devices

Instant Messaging

Conferencing

Tagging

SDN

Cisco pxGrid

Policy Management


Next Wave – Trusted Device and Differentiated Access


1% of all WSA

transactions blocked

Web and Email Security Appliances

AMP for Networks

4

1

5

2

6

3

7 8UCS

C220 M4

Intel

Inside

XEO N

Console!

4

1

5

2

6

3

7 8UCS

C220 M4

Intel

Inside

XEO N

Console!

FireSight Management Center

Threat Grid AMP for Endpoints

NG-IPS 83xx and

VM series deployed

Passive and Inline

capabilities

25K+ quarterly alerts 80 WSAs/

30 ESA Deployed

3K+ email files blocked

by AMP monthly

14 TG appliances

Deployed

On-Prem

Sandboxing

Eight Global Appliances Deployed

10K+ files analyzed

every 24hrs.

Analytics

Engine

Machine

Learning Engine

10K+ agents

deployed

Maximizing Existing

Investments

13 iPOPs

**Deployment Progress Completion (%)

50%**

10%**

100%**

100%**

100%**

Cloud Enabled

AMP &Threat Grid

Integrated Threat

Defense Next Wave – Integrated Threat Defense


Playbook

Information Sharing

Network Services

Detection

Tools

Collect/Analyze

1.2T events throughout

network

47TB traffic inspected

15B NetFlows

analyzed/day

4.8B DNS records

4TB data collected and

analyzed

~200 Plays

Active

Response Next Wave – Security Analytics Enabling Active Response to Threats

Mitigate Remediate


Digitization and Threats Security the Enabler

Business, IT and Security

Partnership Required –

Alignment and

Risk Management

Holistic and Balance

Approach Require 95/5

Instrument the Network Visibility to remediate

threats/attacks

Trusted Partner Cisco

Cisco Confidential 36

Key Takeaways

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCMeH4cH3gcgCFQw9kgod4q8Ebw&url=http://www.data-smart.com/networking/networkingnetwork-security-virus-protection/&bvm=bv.103073922,d.aWw&psig=AFQjCNFABx8wmxXYt1nK2xErOY9BT1mhkQ&ust=1442712012141992