© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1
Working with a Peace of Mind
Ricky EliasSecurity Architect
Advanced Technology (Security)
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
Agenda
� Information Security Landscape
� Strategies for Securing SMB Networks
� Demo
� Q&A
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
Botnet Epidemic
� Botnets (network of compromised computers) control approximately 25% of all personal computers
� Attacks include spam, identity theft, information harvesting and denial-of-service attacks to attacks on websites for profit
� More than 5 Million hosts infected in US alone
� Normal security mechanisms are only 75% effective against malware that are used to recruit bots
BBC Purchases BotnetOffered For Rent
CBS News Covers ConfickerWorm, Malware Epidemic
Next-gen Botnet Armies Fill Spam Void
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4
The Growing Need for Security Solutions
Regulatory Compliance
Malware
An Integrated Approach to Streamline IT Risk Management for Security and Compliance
Data Loss
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5
Integrated Securityn e t w o r k
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6
Th
reat C
on
trol
Secu
re C
om
mu
nic
ati
on
s
Security Services Extensibility
Cisco Intelligent Networking, High Availability, and ScalabilityCisco Intelligent Networking, High Availability, and Scalability ServicesServices
ApplicationApplicationInspectionInspection& Control& Control
IPS & AntiIPS & Anti--X X DefensesDefenses
Access ControlAccess Control& Authentication& Authentication
Remote Access Remote Access VPN VPN
ConnectivityConnectivity
SiteSite--toto--Site Site VPNVPN
ConnectivityConnectivity
Cisco Technology and Service Extensions Partner Technology and Service Extensions
The Cisco ASA 5500 Series Allows Business to Adapt and Extend the Security Services Profile Via Cisco-Developed and Partner-Provide Innovations
Delivering High Current Services Performance and Services Extensibility
Cisco Adaptive Security Appliance (ASA) Scalable, Multi-Function, Feature Rich Appliance
SoHoSoHo
Data CenterData Center
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7
A Seismic Shift
� 2000-2008: IT securityproducts look deeper
� 2009: Cisco Securityproducts look around and
respond faster
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8
Cisco Global CorrelationSensorBase: World’s Largest Traffic Monitoring Network
LARGEST FOOTPRINT | GREATEST BREADTH | FULL CONTEXT ANALYSIS
Cisco SensorBase
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9
Network IPS to Global IPSMonitoring Network Activity in Real-Time
� Accurate protection for broad range of threats
� Advanced detection techniques, including anomaly detection, behavior analysis, vulnerability, exploit detection…
� 100X faster response
� Mandated for PCI compliance
Cisco IPS Solution
Industry’s most widely-deployed IPS technology
� Global Correlation
� IPS Reputation Filters
� Endpoint trustworthiness
� Attack relevance
OnlyIPS Solution
to offer
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10
Cisco IPS with Global Correlation
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10Empowered Branch
SensorBaseTechnicians
Updates
CiscoCallManager ServersDesktop
Cisco IPS
Internet
� “Reputation” alone stops 10–15% of total attacks
� Benefits
� Stop attacks earlier
� Automation increases security team productivity and effectiveness
Download Global
Threat Data
IPS Checks Global
Threat Data
Attacker
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11
Cisco ASA Botnet Traffic FilterLeveraging Comprehensive Threat Intelligence
Infected Clients
Cisco ASA
Command and Control
Anti-Malware
� Monitors malware traffic
Scans all traffic, ports & protocols
Detects infected clients by tracking rogue “phone home” traffic
Dynamic database integrated into Cisco Security Intelligence Operations
� Immediate Benefits
Optimize network availability and performance with early bot detection and reporting
Protect employee privacy and productivity with bot detection and reporting
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12
Botnet Traffic Filter for Cisco ASACustomer Case Study
� Customer Network
Healthcare provider in Illinois and Indiana
Hospitals, long-term care and senior residential facilities, clinics, home health agencies
� Observed Destinations (1.6M connections in a month)
vove.3322.org
Ad Network Sites
Pornography Sites (xxxvogue.net )
Ieplugin.com
� Found command and control and sites distributing adware, known malware
Vove.3322.org
• Host associated with
command and control for trojan
• Port 6010
• Trojan masquerades
as a Microsoft .NET Framework service
• Financial information sent back to
command and control
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13
Secure ConnectivitySite-to-Site and Remote Access Virtual Private Networks
Site-to-Site VPN Remote Access VPN
Corporate Headquarters
Customers
BusinessPartners
Mobile Employees
Fixed Telecommuters
Remote / Branch Office
� Integrated firewall / VPN
Access control, threat protection, secure
UC and centralized management
� Highly scalable
10-10,000 VPN sessions per device
Optimized application performance
� High availability and quality of service
� Integrated, versatile solution with:
Broadest connectivity
Highest level of security
Leading mobile support
� Industry’s most widely-deployed VPN
client solution
INTERNETINTERNET
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14
New
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14Cisco Security
Cisco AnyConnect VPN ClientAnyConnect Essentials
� SSL VPN client with improved manageability and broad platform support (including Vista and 64-bit)
� Tested PDAs & Smartphones running Windows Mobile include:
Treo 700, 800 (Sprint); 750 (ATT, T-Mobile)
T-Mobile Wing
Verizon XV6800
ATT Tilt
Sprint Touch
Axim x51v
iPAQ 2790
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15
https://www.asasslvpn.com/zoo
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18
relias
**********
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21
**********
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23
Spam Trends Through September 2008
Avera
ge D
aily
Volu
me –
bill
ions
Month
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24
The Cisco Spam & Virus Blocker is a dedicated email securityappliance for small business with up to 250 email users.
It provides powerful protection against spam, viruses and other email threats to secure your network and business data while improving productivity.
Reduces operational costs with simple setup in minutes and continuous automatic updates there after.
“Set it. Forget it. It just works.”
Cisco Spam and Virus BlockerImmediate Protection Out of the Box
Email Internet FirewallCisco Spam & Virus Blocker
Groupware (Exchange, Notes,
Groupware)Clients
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25
Integrated Securityendpoint
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26
Cisco Security Agent Comprehensive, “Always Vigilant” Endpoint Security
� Single Integrated Client, Simplified Management
Host IPS, Personal FW, Anti Virus, Anti Spyware, Anti Botnet
� Protection against persistent and evolving threats
Prevent loss of sensitive information
Enforce appropriate use policies
Enhance security through network collaboration
Address corporate and regulatory compliance mandates
� Empower IT to address Business risks
� Enforce policies and protect business critical assets
� Decrease IT administrative burden
� Reduce expenses
Business Benefits:
CSA
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27
Zero-Day Attack Prevention
� CSA has a proven track record of stopping brand new exploits, botnets, targeted attacks, worms, and viruses over past 8 years:
2001 – Code Red, Nimda (all 5 exploits), Pentagone (Gonner)
2002 – Sircam, Debploit, SQL Snake, Bugbear,
2003 – SQL Slammer, So Big, Blaster/Welchia, Fizzer
2004 – MyDoom, Bagle, Sasser, JPEG browser exploit (MS04-028), RPC-DCOM exploit (MS03-039), Buffer Overflow in Workstation service (MS03-049)
2005 – Internet Explorer Command Execution Vulnerability, Zotob
2006 – USB Hacksaw, IE VML exploit, WMF, IE Textrange, RDS Dataspace
2007 – Rinbot, Storm Trojan, Big Yellow, Word(MS07-014), MS ANI 0Day, MS DNS 0Day
2008 – MS08-067 (Conficker/Downadup)
No signatures, reconfiguration or binary updates required
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28
• Banks begin to embrace Web 2.0 paradigms and offer ATM devices that act as multimedia self-service kiosks running on converged IP networks
• Developed using CSA, Wincor Nixdorf's Platform Security Agent (PSA) helps secure self-service system platforms against network and local attacks
http://www.finextra.com/fullpr.asp?id=13990
Applying Zero-Day PreventionCase Study
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29
� ClamAV virus scanning engine packaged with CSA, as single installable agent
� Protects Windows desktops & servers at no additional cost
accurately identifies malware
prevents malware execution
quarantines or deletes malware
� CSA Management Center manages agent policies, signature updates
� Provides a true single agent - single console endpoint security solution
Integrated Agentwith ClamAV™ Open Source Antivirus
All other trademarks mentioned in this document are the property of their respective owners.
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30
Source: Shadowserver.org wild testing
� ClamAV is widely deployed on UNIX/Linux e-mail servers
Scrubs e-mail traffic for malware
Protects millions of Windows desktops
Database contains over 200,000 unique signatures
Integrated Agentwith Clam Antivirus
Shadowserver Foundation independent research: ClamAV™ has high degree of malware detection accuracy.
All other trademarks mentioned in this document are the property of their respective owners.
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31
Data Loss Prevention Management ProcessVisibility and Control for Sensitive Information
� Classification
� Credit card, Social Security #s
� Intellectual property definitions
� Reporting
� Track the location and usage of sensitive data
� Enhanced user education
� Query user and audit
� Updated enforcement controls
� Block printing
� Flexible clipboard control
� NAC quarantine
Discover
Educate
Enforce
Monitor
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32
Accidental Data Loss
Prevent Sensitive Data from Being Transferred to Removable Media, Such As Thumb Drives, USB Sticks, or CDs
Scenario
CiscoSolution
An Australian government agency lost an unencrypted CD containing scanned letters to 3122 trustees of self-managed super funds. Each letter contained the name, address and super fund tax file number of the trustee. The organization waited three weeks to inform those affected of the loss.
October 2008 http://itnews.com.au
� Cisco Security Agent can prevent files containing sensitive data or sensitive keywords from being copied to removable media, such as a CD or USB stick
� Cisco NAC can prevent unauthorized access to the network containing the sensitive databases
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33Cisco Security
Working with a Peace of MindSecurely Connect, Communicate, and Conduct Business
Comprehensive
Threat Intelligence
� Largest security intelligence and operations infrastructure
� Global correlation for sophisticated analysis
� New! Global Correlation for IPS and Cisco ASA with Botnet Traffic Filter
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33Cisco Security
End-to-End
Security
� Network, content, endpoint and application security
� New! SAFE reference security architecture with validated implementation designs
� www.cisco.com/go/safe
Business-Enabling
Services
� Security-as-a-Service,threat intelligence, andtailored services
� New! Cisco IT GRC security assessment service
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 34