© 2014 Cisco and/or its affiliates. All rights reserved. 1 © 2014 Cisco and/or its affiliates. All rights eserved. Cisco 1

Christian Nordve Systems Engineer chnordve@cisco.com

I forkant av svindleren -med teknologien på din side

© 2014 Cisco and/or its affiliates. All rights reserved. 2

The Security Problem

Changing Business Models

Dynamic Threat Landscape

Complexity and Fragmentation

© 2014 Cisco and/or its affiliates. All rights reserved. 3

Breach Statistics

avoids detection and attacks swiftly

It is a Community that hides in plain sight

60% of data

is stolen in hours

100% of companies connect to domains that host

malicious files or services

54% of breaches

remain undiscovered for months

© 2014 Cisco and/or its affiliates. All rights reserved. 4

“There are two types of companies: Those who have been hacked, and those who don’t yet know they have been hacked.”

John Chambers Chief Executive Officers of Cisco

© 2014 Cisco and/or its affiliates. All rights reserved. 5

Hvorfor?

© 2014 Cisco and/or its affiliates. All rights reserved. 6

Why?

© 2014 Cisco and/or its affiliates. All rights reserved. 7

Ville du gjort noe annerledes i dag om du viste at du kom til å bli

angrepet i mogen?

© 2014 Cisco and/or its affiliates. All rights reserved. 8

Når bygde Noha arken?

Før det begynte å regne!

© 2014 Cisco and/or its affiliates. All rights reserved. 9 Cisco 9 © 2013 Cisco and/or its affiliates. All rights reserved.

En endring i vår forståelse og innstilling er i ferd med å endres

© 2014 Cisco and/or its affiliates. All rights reserved. 10

A Threat-Centric Security Model is Needed

BEFORE Discover Enforce Harden

AFTER Scope

Contain Remediate

Visibility-Driven & Threat-Focused

Attack Continuum

Network Endpoint Mobile Virtual Cloud

Detect Block

Defend

DURING

Shared Context & Security Intelligence

© 2014 Cisco and/or its affiliates. All rights reserved. 11 Cisco 11 © 2013 Cisco and/or its affiliates. All rights reserved.

Building a Threat-Centric Cisco Security Architecture

BEFORE Discover Enforce Harden

AFTER Scope

Contain Remediate

Detect Block

Defend

DURING

Attack Continuum

© 2014 Cisco and/or its affiliates. All rights reserved. 12

© 2014 Cisco and/or its affiliates. All rights reserved. 13

Se og forstå det sammensatte bilde!

© 2014 Cisco and/or its affiliates. All rights reserved. 14

•  Hvis noe kommer seg inn på nettet hos oss eller på en av våre maskiner forde vi ikke vet om det er farlig

•  ...Fordi det er helt nytt og ingen har sette det før….

•  Men, i morgen så vet vi mer og kan nå slå fast at det er et “virus”...

•  Ville ikke du da helst vite om det? - Hvem lastet det? - Hvor er det nå? –Hvor har det spredd seg

Evne til å se ting i perspektiv og retroperspektiv

© 2014 Cisco and/or its affiliates. All rights reserved. 15

Network Servers

Operating Systems

Routers and

Switches

Mobile Devices

Printers

VoIP Phones

Virtual Machines

Client Applications

Files

Users

Web Applications

Application Protocols

Services

Malware

Command and Control

Servers

Vulnerabilities NetFlow

Network Behavior

Processes

Nettverket ser alt

© 2014 Cisco and/or its affiliates. All rights reserved. 16

Vi må integrere mer effektivt for å skape en virkningsfull

sikkerhetsløsning.

© 2014 Cisco and/or its affiliates. All rights reserved. 17 Cisco 17 © 2013 Cisco and/or its affiliates. All rights reserved.

Det krever arkitektur

© 2014 Cisco and/or its affiliates. All rights reserved. 18

Utfordringer •  Ikke noe av dette virker hvis alt må være på plass for at noe skal virke

•  Hver enkel løsning/produkt må kunne “stå på egene ben” og være blandt de beste, hver for seg

Når Cisco løsningen settes sammen vil de skape mulighet for å bruke hverandres innsikt og innsyn til å berike hverandre

18

“Our fundamental job is to reduce complexity and increase capability”

© 2014 Cisco and/or its affiliates. All rights reserved. 19

Superior Intelligence to battle Advanced Threats

10I000 0II0 00 0III000 II1010011 101 1100001 110 110000III000III0 I00I II0I III0011 0110011 101000 0110 00

I00I III0I III00II 0II00II I0I000 0110 00

200,000+ File Samples per Day

FireAMP™ Community, 3+ million

Advanced Microsoft and Industry Disclosures

Snort and ClamAV Open Source Communities

Honeypots

Sourcefire AEGIS™ Program

Private and Public Threat Feeds

Dynamic Analysis

101000 0II0 00 0III000 III0I00II II II0000I II0 1100001110001III0 I00I II0I III00II 0II00II 101000 0110 00

100I II0I III00II 0II00II I0I000 0II0 00 Cisco® SIO Talos

Cisco Collective Security Intelligence

Email AMP Web Network NGIPS NGFW

WWW

1.8 million global sensors

100 TB of data received per day

180 million+ deployed endpoints

600+ engineers, technicians, and researchers

35% worldwide email traffic

13 billion web requests

24x7x365 operations

40+ languages

Sourcefire VRT®

Pervasive across Portfolio

© 2014 Cisco and/or its affiliates. All rights reserved. 20

Oppsummert

BEFORE Discover Enforce Harden

AFTER Scope

Contain Remediate

Covers the entire Attack Continuum

Detect Block

Defend

DURING

Collective Security Intelligence

Network-Integrated, Broad Sensor Base, Context sharing and

Automation

Continuous Advanced Threat Protection,

Cloud-Based Security Intelligence

Leading products working together as a system

Built for Scale, Consistent Control, Management

Visibility-Driven Threat-Focused Platform-Based Strategic Imperatives

© 2014 Cisco and/or its affiliates. All rights reserved. 21 Cisco 21 © 2013 Cisco and/or its affiliates. All rights reserved.

Takk for meg!