![Page 1: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/1.jpg)
11© 2016 Cisco and/or its affiliates. All rights reserved.
3 Ways to Secure Your Network
Presenters: Robb Boyd, Ziad Sarieddine, Beth Barach, Player Pate, Guy Telner
June 14, 2016
![Page 2: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/2.jpg)
22© 2016 Cisco and/or its affiliates. All rights reserved.
What is on my network and why does it matter?
![Page 3: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/3.jpg)
3© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Stop and contain threats
What visibility can help you do
See and share rich user and device details
Control all access throughout the network
from one place
![Page 4: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/4.jpg)
4© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ISE is a powerful visibility and control technology
Network ResourcesAccess Policy
Traditional Cisco TrustSec®
BYOD Access
Threat Containment
Guest Access
Role-BasedAccess
Identity Profilingand Posture
A centralized security solution that automates context-aware access to network resources and shares contextual data
NetworkDoor
Physical or VM
ISE pxGridController
Who
Compliant
What
When
Where
How
Context
Threat (New!)Vulnerability (New!)
Threat Score
![Page 5: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/5.jpg)
5© 2016 Cisco and/or its affiliates. All rights reserved.
![Page 6: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/6.jpg)
6© 2016 Cisco and/or its affiliates. All rights reserved.
![Page 7: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/7.jpg)
7© 2016 Cisco and/or its affiliates. All rights reserved.
![Page 8: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/8.jpg)
8© 2016 Cisco and/or its affiliates. All rights reserved.
![Page 9: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/9.jpg)
9© 2016 Cisco and/or its affiliates. All rights reserved.
![Page 10: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/10.jpg)
10© 2016 Cisco and/or its affiliates. All rights reserved.
Coffee break
![Page 11: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/11.jpg)
11© 2016 Cisco and/or its affiliates. All rights reserved.
![Page 12: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/12.jpg)
12© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
I have identity & device!I need geo-location & MDM…
I have application info!I need location & device-type
I have location!I need app &
identity…
ISE
I have sec events!I need identity &
device…
I have MDM info!I need location…
ISE pxGridOpen* sharing to get answers faster. Control to stop threats
ISEpxGrid
Any-Any Sharing• Publish• Subscribe
ISE Sharing• Identity Context
ISE Network Control• Adaptive Network
Control
* IETF Standards Track: Managed Incident Lightweight Exchange (MILE)
![Page 13: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/13.jpg)
13© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Switch Router
Stealthwatch
WirelessAD
pxGridISENetwork
Making visibility more effective through sharing1. Identify what it is:
ISE creates identity context: user, device type, posture, authorization level, location, threat score?
2. Share the identity contextISE shares with behavioral analysis technology
“It looks like Kevin on a Lenovo X1 Carbon MS Laptop and he’s clean.”
“Hey ISE, let’s put Kevin in quarantine until he cleans up his act”
“Looks like Kevin’s laptop has been infected with malware.”
3. Watch the behaviorsMonitor device behaviors for anomalies
4. Stop bad things Take action to contain a device through ISE using the network as an enforcer
“Hey Stealthwatch, here’s the detail on that IP address you’re asking about.”
“Roger that Stealthwatch. Hey network, put Kevin into quarantine until I tell you to let him back on.”
![Page 14: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/14.jpg)
14© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Stealthwatch and Cisco ISE
pxGrid
Real-Time Visibility into All Network Layers• Data intelligence throughout network• Discovery of assets• Network profile• Security policy monitoring• Anomaly detection• Accelerated incident response
Cisco® Identity Services Engine Mitigation Action
Context InformationNetFlow
Cisco Stealthwatch
![Page 15: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/15.jpg)
15© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Stealthwatch and ISE Integration
![Page 16: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/16.jpg)
16© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Stealthwatch and ISE Integration
![Page 17: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/17.jpg)
17© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Visibility Through NetFlow10.1.8.3
172.168.134.2
InternetFlow Information PacketsSOURCE ADDRESS 10.1.8.3
DESTINATION ADDRESS 172.168.134.2
SOURCE PORT 47321
DESTINATION PORT 443
INTERFACE Gi0/0/0
IP TOS 0x00
IP PROTOCOL 6
NEXT HOP 172.168.25.1
TCP FLAGS 0x1A
SOURCE SGT 100
: :
APPLICATION NAME NBAR SECURE-HTTP
RoutersSwitches
Visibility into every network conversation:• Every record • Every device• Everywhere
![Page 18: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/18.jpg)
18© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Conversational Flow Record
• Highly scalable (enterprise-class) collection
• High compression => long-term storage• Months of data retention
When Who
Where
WhatWho
Security group
More context
![Page 19: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/19.jpg)
19© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Behavioral and Anomaly Detection ModelBehavioral Algorithms Are Applied to Build “Security Events”
SECURITYEVENTS (94 +)
ALARMCATEGORY RESPONSE
Addr_Scan/tcpAddr_Scan/udpBad_Flag_ACK**Beaconing HostBot Command Control ServerBot Infected Host - Attempted Bot Infected Host - SuccessfulFlow_Denied..ICMP Flood..Max Flows InitiatedMax Flows Served.Suspect Long FlowSuspect UDP ActivitySYN Flood
Concern
Exfiltration
C&C
Recon
Data hoarding
Exploitation
DDoS target
Alarm table
Host snapshot
Syslog / SIEM
Mitigation
COLLECT AND ANALYZE FLOWS
FLOWS
![Page 20: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/20.jpg)
20© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Stealthwatch Demo - Dashboard
![Page 21: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/21.jpg)
21© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
List of Alarms for Data Exfiltration
Alarm Triggers
![Page 22: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/22.jpg)
22© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
View of Data Exfiltration Host and Traffic
![Page 23: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/23.jpg)
23© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Data Exfiltration Query
![Page 24: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/24.jpg)
24© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Data Exfiltration Traffic Details
![Page 25: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/25.jpg)
25© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Stealthwatch for Macro-Level VisibilityFight advanced threats with actionable intelligence and analytics
• Obtain comprehensive, scalable enterprise visibility and security context
• Gain real-time situational awareness of traffic
• Benefit from network segmentation
• Detect and analyze network behavior anomalies
• Easily detect behaviors linked to advanced persistent threats (APTs), insider threats, distributed denial-of-service (DDoS) attacks, and malware
• Collect and analyze holistic network audit trails
• Achieve faster root cause analysis
• Conduct thorough forensic investigations
• Accelerate network troubleshooting and threat mitigation
• Respond quicklyto threats bytaking action to quarantine through
Cisco® Identity Services Engine
• Continuously improve enterprise security posture
Monitor Detect Analyze Respond
![Page 26: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/26.jpg)
26© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Visibility from the Core to the Edge
![Page 27: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/27.jpg)
27© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Defense Orchestrator: Security Policy Management Simplified
Policy change management
Policy modeling, analysis and optimization
Policy monitoring and
reporting
Scalable orchestration of changes
Simple searchReports Notifications
Security policy management
• Import from offline• Discover direct from
device
Device onboarding
![Page 28: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/28.jpg)
28© 2016 Cisco and/or its affiliates. All rights reserved.
Next Steps For further information on
Technology 1 Technology 2 Technology 3
Please visit the Cisco Security page: http://www.cisco.com/c/en/us/products/security/index.html
Register for the next event in the Cisco Network Insider series “Cisco Mobility for Hospitality” on June 28 at 10am PT/ 1pm ET
https://grs.cisco.com/grsx/cust/grsEventSite.html?EventCode=14207&LanguageId=1&KeyCode=
Thank you for your participation!
![Page 29: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/29.jpg)
2929© 2016 Cisco and/or its affiliates. All rights reserved.
Check us out on cisco.com/go/securityto learn more about:
ISE Stealthwatch Cisco Defense Orchestrator
![Page 30: Cisco Network Insider: Three Ways to Secure your Network](https://reader034.vdocument.in/reader034/viewer/2022042706/58724d8a1a28ab852f8b63c7/html5/thumbnails/30.jpg)