cisco on cisco: why security is the heart of our approach
TRANSCRIPT
Cisco Confidential © 2015 Cisco and/or its affiliates. All rights reserved. 1
Cisco-on-Cisco: Why Security is the Heart of our Approach Steve Martino
VP, Chief Information Security Officer
May 19, 2016
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
What Does 2030 Look Like?
‘‘There will be more than 500B connected devices in 2030’’
Connectable Things Smartphones Connected Devices
CAGR 2014-2030
Connections
per Human
Software IT
Spending
Cloud Software
CAGR 2014-2030
per Human
2.5T 6.1B 18.5 % 26
$820B 17.1 % 10.4 Zettabytes 13.6 Terabytes
2019 Global
IT Traffic
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Add the 39% Stat and Quote
From next slide.
Added
Digitization Drives Growth… and Requires Strong Cybersecurity
“ My organization halted a mission-critical initiative
due to Cybersecurity fears.”…39% Agree
Survey Survey
How important is digitization
to your current growth strategy?
How much does the success
of digitization depend on strong cybersecurity?
69%
27%
Very important
Moderately important 64%
32%
Significant driver of success
Moderate driver of success
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Security Breaches on the Rise
Source: PWC Information Security Breaches Survey 2015
Awareness
Training
Security
Spend
up 65% up 53%
Security
Breaches
up 81%
90%
Staff
Related
up 58%
75%
Human
Error
up 31%
50%
Unauthorized
Outsider
up 55%
69% 72% 44%
Aligned everything and
modified order labels
Large Organizations Suffering Breaches Reactions to Breaches
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Well Publicized Security Breaches Victim industry (filtered for network intrusions)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
21.7% 12.2% 10.4% 9.9% 9.9% 8.1% 6.1% 22%
Retail
Manufacturing
Information
Food Services
Professional
Finance
Transportation
Unknown
Source: Verizon Data Breach Report
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
500B Devices Connected by 2030
$19T
Opportunity
Digital Disruption,
Massive Scale Active
Adversaries
Security
Attack surface
Threat Actors
Attack Sophistication
Increasingly harder to detect
sophisticated threats
A Board level issue
Cloud must be Secure
No Device Type is Safe
Changing
Business Models Dynamic Threat
Landscape Pervasive Security
is Imperative
Security Challenges
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Security: Cisco’s #1 Priority
“ We Securely Connect
Everything to Make
Anything Possible”
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Security: Cisco’s #1 Priority
“ Become the
#1 Trusted IT Partner
in the World”
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Security: Cisco’s #1 Priority
“ Requires a
Trustworthy Company
to Deliver Secure IT”
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Security is not a Business Obstacle to Success
Security is a Business Enabler
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Cisco’s Commitment to Security
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Cisco’s #1
Priority
Billions
Invested
#1
Cybersecurity
Solutions
Provider
5K
People
Strong
Cognitive
Sourcefire
ThreatGRID
Neohapsis
OpenDNS
Portcullis
Lancope
Broad/Deep
Portfolio
Expanded
Services
Capabilities
Trusted
Advisor
Effective
Automated
Open
Simple
Securely
Connect
Everything
to Make
Anything
Possible
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
A Portfolio of Trust: The Differentiator A Holistic Approach to Trust that Differentiates Cisco – the Six Pillars
Security
and Trust
Trusted
Enterprise
Customer Data
Protection
Transparency
and Validation
Trusted
Cloud
Trustworthy
Systems
Value Chain
Security
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Trustworthy Systems
Technology
Secure
Process
Secure
Standards
Trusted Systems – Foundation of Trust
Process Policy
CSDL
Technology
ISO 27034
FIPS/USGv6
TCG
Visibility and Control
Secure Communications
Platform Integrity
Perform
GAP
Analysis Register and
Update 3rd
Party
Software
Identify and
Address
Security
Threats Prevent
Security
Attacks
Detect
Security
Defects
Validate
Requirements
and Resiliency
Lifecycle/Security Baseline Information Assurance (IA) Common Modules and Hardware
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Growing Cloud Infrastructure
The Future
69 current cloud offerings growing to over 200 in
the next few years – 40% YoY growth
• Much of the growth is coming in the from of
existing On-Prem products moving to the Cloud
(i.e. Cloud VPN, Cloud MPLS, Cloud iWAN)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Success Today
Customers are now outsourcing to Cloud at an
accelerated rate. Not just in the number of capabilities
outsourced, but accelerating the transaction volume
18M+ WebEx meetings per month –
14% YoY growth
70M+ WebEx meeting attendees per month –
18% YoY growth
1B+ WebEx audio minutes per month –
47% YoY growth
4B+ WebEx meeting minutes per month –
24% YoY growth
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Cloud Security Model to Drive Trust Cloud Security Lifecycle
• Security Standards and Architectures
• Threat Analysis and Protection
• Common Secure Services
Build
• Data Encryption and Protection
• Intrusion Detection and Prevention Systems
• Security Governance
Operate
• Self Service Customer Transparency
• Secure Cloud Supply Chain
• Application Layer Data and Event Monitoring
Monitor
69 Clouds in Development or Operation
Continuous Security Automation
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Trusted Enterprise: What We Must Protect
122K Workforce
170 Countries
~3M IP Addresses
215K Infra Devices
275K Total Hosts
2500+ IT Applications
26K Remote Office Connections
via Cisco Virtual Office
16 major Internet connections
~32 TB bandwidth used daily
1350 Labs
160+ Acquisitions
300 partner extranet connections
400 Cloud ASPs
WebEx, Meraki, OpenDNS and Growing Portfolio of Offers
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Need to Adjust build
- Slide – building, (grn) Challenges/Solutions
- 95%
- (orange) threats, 5%, Evolving Solutions Animation per above
How Well are You Dealing with Threats?
• Social networking attacks
• Targeted spear phishing and Trojans
• Compromised hosts/remotely controlled
• Nation state attacks
Advanced Threats
• Managed/Unmanaged desktops
• Generic Spam/Malware
• DDoS
• Rapidly changing environment
Security Challenges
• Expanded data collection
• NetFlow, IP Attribution, DNS…
• Big data analytics and playbooks
• Rapid containment
• DNS/RPZ, Quarantine, On-line host forensics
• Threat/situational awareness
Evolving Solutions
• Anti-virus
• NGFirewall/IDS/IPS
• IronPort WSA/ESA
• DLP
• Identity/Access
• Network segmentation
Foundational Solutions
5%
95%
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Add – But want to
Play with layout.
Added new background
One Day Defending Cisco
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
4TB
Data Collected
and Analyzed
NetFlow Analyzed
p/day
(Lancope)
15B
Traffic Inspected
p/day
27TB
Alerts p/day
(NG-IPS)
1.5M
Network
Events
1.7T
10K
Files Analyzed
p/day
(ThreatGRID)
5.8B
DNS Records
p/day
6M
Web Transactions
Blocked p/day
(WSA)
425
Devices Detecting and
Preventing Incidents
4.1M
Email Transactions
Blocked p/day
(ESA)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Who, What, Where, When and…
Confidential
Data
Damage the brand
Exploit the Network
Steal Customer
Data
Pivot Through us to Attack Customers
Fraud
Steal IP
Game the Stock Price
Industrial Espionage
How
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Analytics Security Events
Business Policies and Procedures
Network Instrumentation
Controls
Accountability Security Metrics
Firewalls, Proxies, ID/Access, Segmentation
ISMS to manage Risk Across the Enterprise
Security Aligned to Business/Tech Changes
Detects and Remediate Threats
Foundation: People – Process - Technology
IT and Business Partnerships
Understanding of Threat Landscape and Critical Assets
Operationalizing Security
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Security Policies Integral part of Code of Business Conduct
Clean up--- needs two columns so font is big enough
• Information Security
• Acceptable Use
• Data Protection
• Access Management
• Password Management
• Network Access
• Application Security
• Server Security
• Computer Security Incident Management
• Cloud Service Provider
• Cryptographic Controls
• Intellectual Assets Protection
• Lab Security
• Audit
Policy Creation
Policy
Implementation
CISO CIO
Aligns with ISO; maps to NIST, Others
People/Process/Tech Partnership
Threat & Assets
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Phishing Campaign
Q1
New Doctor
Q2
Background Check
Q3
Account Closing
Q4
Plan Recruitment
Cisco 13% 19% 10% 5%
Information Security 1% 8% 6% 1%
• Phishing is #1 source of endpoint compromise
• Different levels of sophistication and difficulty each quarter
• Remember it only takes one Phish to compromise YOU
People/Process/Tech Partnership
Threat & Assets
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Expanding Accountability Services security primes
Service
Executive
1 or more primes
Service Owner
1 or more primes
Service Security
Prime
• CSO of the Service
• Single point of accountability
• Increase communication and awareness around security
Partner Security
Architect
InfoSec Team
• Security SMEs
• Security architecture reviews
• Trusted advisors
• Establishes security technology baselines
• Formal approval for exceptions
• Establishes corporate security policies and guidelines
People/Process/Tech Partnership
Threat & Assets
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Balancing Operational Requirements vs. Enhancements
Service Owner
Score Cards
*Pending
Service Execs
Vulnerabilities
and Performance *Trending
CIO
Unified
Services Metrics *Aging and Trending
People/Process/Tech Partnership
Threat & Assets
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Devices
Firewalls
Intrusion Detection and Prevention (IPS)
Email and Web Security
Anti Virus Identity and Access
VPN
Security Information
and Event Monitoring
Exploit Trusted
Layer
Traditional Defense in Depth Approach
Trusted
Platform
Virtualized
Environment
Network
Environment
People/Process/Tech Partnership
Threat & Assets
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Devices
Firewalls
Intrusion Detection and Prevention (IPS)
Email and Web Security
Anti Virus Identity and Access
VPN
Security Information
and Event Monitoring
Exploit Trusted
Layer
Next Wave of Security – Trusted Enterprise E
xte
rnaliz
ed P
eri
mete
r Active Response Integrated Threat
Defense
Any Device
Trusted
Platform
Virtualized
Environment
Network
Environment
People/Process/Tech Partnership
Threat & Assets
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Product As a Service
Meeting Place On-Prem
Hosted Collaboration
Call Manager On-Prem
Team Collaboration IWE
(WebEx Social)
Documentation In-House
140
182
237
308
400
0
100
200
300
400
500
2011 2012 2013 2014 2015
Nu
mb
er
of P
rovid
ers
CAGR
= 30%
Cloud Providers
Hosted Unified
Communications
in the cloud
Need way to connect slides 37-44 to
“yellow” bars on 36 (i.e. “External Perimeter”
Added labels on slide 36-42
Cisco Enterprise Journey to Cloud
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Privacy and Data Security
Application Security
Infrastructure Security
Authentication Authorization
Vulnerability Management
Logging and Auditability
Support and Operations
Incident Analysis and Forensics
Business Continuity and
Resiliency
Externalized Perimeter Next Wave – Enabling Clouds (Cloud Assessment and Service Provider Remediation)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Cloud Vendors: CASPR Models
CASPR Standard CASPR
Lite
CASPR
Plus
Data Classification
Infrastructure
Business and
Risk Impact
Cisco Public or
Cisco Confidential only
Integration with Cisco
Internal networks not
permitted: (Examples: SSO,
VPN, Database
to Database connectivity)
Low and Medium
(Primarily focused on the
SaaS)
Cisco Public, Cisco
Confidential Only, Cisco
Highly Confidential,
or Cisco Restricted
All integration and
deployment models are
accepted dependent on
further review
Low and Medium
Risk CSPs
Cisco Highly Confidential or
Cisco Restricted only
All integration and
deployment models are
accepted dependent on
further review
High
(Monetary damage greater
than $400mil. The need for
continuous monitoring of
technical controls)
Externalized Perimeter
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Growths based on a 3 month period (including some other device types)
18 month Sparkline
135,074 Laptops & Desktops
(COD or BYOD)
Any Device
Diversity of Cisco Users | As of January 2016
87,864
-0.5% Growth
10,107
-1.6% Growth
37,103
-0.6% Growth
68,344* Mobile Devices
(BYOD)
380
-5.0% Growth
471
-11.1% Growth
11,056
0.6% Growth
40,850
0.2% Growth
15,587
-1.3% Growth
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Trusted Device
More controls needed to scale
access and services
Remote Wipe (Cisco Data)
Anti-Malware
Encryption (Cisco Data)
Minimum OS
Software Patching
Rooted Device Detection (Mobile
Devices Only)
Device Registration
Password/Screen-lock Enforcement
Hardware/Software Inventory
Any Device
Next Wave - Trusted Device
Externalized Perimeter
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
Any Device
ISE Enabled
Differentiated Access
Trusted Device
More controls needed to
scale access and services
Remote Wipe (Cisco Data)
Anti-Malware
Encryption (Cisco Data)
Minimum OS
Software Patching
Rooted Device Detection (Mobile
Devices Only)
Device Registration
Password/Screen-lock Enforcement
Hardware/Software Inventory
Identity Application and Data Network
Content
Workforce Data
ID Management
Cisco ISE
Devices
Instant Messaging
Conferencing
Tagging
SDN
Cisco pxGrid
Policy Management
Externalized Perimeter
Next Wave – Trusted Device and Differentiated Access
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
1% of all WSA
transactions blocked
Web and Email Security Appliances
AMP for Networks
4
1
5
2
6
3
7 8UCS
C220 M4
Intel
Inside
XEO N
Console!
4
1
5
2
6
3
7 8UCS
C220 M4
Intel
Inside
XEO N
Console!
FireSight Management Center
Threat Grid AMP for Endpoints
NG-IPS 83xx and
VM series deployed
Passive and Inline
capabilities
25K+ quarterly alerts 80 WSAs/
30 ESA Deployed
3K+ email files blocked
by AMP monthly
14 TG appliances
Deployed
On-Prem
Sandboxing
Eight Global Appliances Deployed
10K+ files analyzed
every 24hrs.
Analytics
Engine
Machine
Learning Engine
10K+ agents
deployed
Maximizing Existing
Investments
13 iPOPs
**Deployment Progress Completion (%)
50%**
10%**
100%**
100%**
100%**
Cloud Enabled
AMP &Threat Grid
Integrated Threat
Defense Next Wave – Integrated Threat Defense
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
Playbook
Information Sharing
Network Services
Detection
Tools
Collect/Analyze
1.2T events throughout
network
47TB traffic inspected
15B NetFlows
analyzed/day
4.8B DNS records
4TB data collected and
analyzed
~200 Plays
Active
Response Next Wave – Security Analytics Enabling Active Response to Threats
Mitigate Remediate
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Digitization and Threats Security the Enabler
Business, IT and Security
Partnership Required –
Alignment and
Risk Management
Holistic and Balance
Approach Require 95/5
Instrument the Network Visibility to remediate
threats/attacks
Trusted Partner Cisco
Cisco Confidential 36
Key Takeaways