i forkant av svindleren -...
TRANSCRIPT
© 2014 Cisco and/or its affiliates. All rights reserved. 1 © 2014 Cisco and/or its affiliates. All rights eserved. Cisco 1
Christian Nordve Systems Engineer [email protected]
I forkant av svindleren -med teknologien på din side
© 2014 Cisco and/or its affiliates. All rights reserved. 2
The Security Problem
Changing Business Models
Dynamic Threat Landscape
Complexity and Fragmentation
© 2014 Cisco and/or its affiliates. All rights reserved. 3
Breach Statistics
avoids detection and attacks swiftly
It is a Community that hides in plain sight
60% of data
is stolen in hours
100% of companies connect to domains that host
malicious files or services
54% of breaches
remain undiscovered for months
© 2014 Cisco and/or its affiliates. All rights reserved. 4
“There are two types of companies: Those who have been hacked, and those who don’t yet know they have been hacked.”
John Chambers Chief Executive Officers of Cisco
© 2014 Cisco and/or its affiliates. All rights reserved. 5
Hvorfor?
© 2014 Cisco and/or its affiliates. All rights reserved. 6
Why?
© 2014 Cisco and/or its affiliates. All rights reserved. 7
Ville du gjort noe annerledes i dag om du viste at du kom til å bli
angrepet i mogen?
© 2014 Cisco and/or its affiliates. All rights reserved. 8
Når bygde Noha arken?
Før det begynte å regne!
© 2014 Cisco and/or its affiliates. All rights reserved. 9 Cisco 9 © 2013 Cisco and/or its affiliates. All rights reserved.
En endring i vår forståelse og innstilling er i ferd med å endres
© 2014 Cisco and/or its affiliates. All rights reserved. 10
A Threat-Centric Security Model is Needed
BEFORE Discover Enforce Harden
AFTER Scope
Contain Remediate
Visibility-Driven & Threat-Focused
Attack Continuum
Network Endpoint Mobile Virtual Cloud
Detect Block
Defend
DURING
Shared Context & Security Intelligence
© 2014 Cisco and/or its affiliates. All rights reserved. 11 Cisco 11 © 2013 Cisco and/or its affiliates. All rights reserved.
Building a Threat-Centric Cisco Security Architecture
BEFORE Discover Enforce Harden
AFTER Scope
Contain Remediate
Detect Block
Defend
DURING
Attack Continuum
© 2014 Cisco and/or its affiliates. All rights reserved. 12
© 2014 Cisco and/or its affiliates. All rights reserved. 13
Se og forstå det sammensatte bilde!
© 2014 Cisco and/or its affiliates. All rights reserved. 14
• Hvis noe kommer seg inn på nettet hos oss eller på en av våre maskiner forde vi ikke vet om det er farlig
• ...Fordi det er helt nytt og ingen har sette det før….
• Men, i morgen så vet vi mer og kan nå slå fast at det er et “virus”...
• Ville ikke du da helst vite om det? - Hvem lastet det? - Hvor er det nå? –Hvor har det spredd seg
Evne til å se ting i perspektiv og retroperspektiv
© 2014 Cisco and/or its affiliates. All rights reserved. 15
Network Servers
Operating Systems
Routers and
Switches
Mobile Devices
Printers
VoIP Phones
Virtual Machines
Client Applications
Files
Users
Web Applications
Application Protocols
Services
Malware
Command and Control
Servers
Vulnerabilities NetFlow
Network Behavior
Processes
Nettverket ser alt
© 2014 Cisco and/or its affiliates. All rights reserved. 16
Vi må integrere mer effektivt for å skape en virkningsfull
sikkerhetsløsning.
© 2014 Cisco and/or its affiliates. All rights reserved. 17 Cisco 17 © 2013 Cisco and/or its affiliates. All rights reserved.
Det krever arkitektur
© 2014 Cisco and/or its affiliates. All rights reserved. 18
Utfordringer • Ikke noe av dette virker hvis alt må være på plass for at noe skal virke
• Hver enkel løsning/produkt må kunne “stå på egene ben” og være blandt de beste, hver for seg
Når Cisco løsningen settes sammen vil de skape mulighet for å bruke hverandres innsikt og innsyn til å berike hverandre
18
“Our fundamental job is to reduce complexity and increase capability”
© 2014 Cisco and/or its affiliates. All rights reserved. 19
Superior Intelligence to battle Advanced Threats
10I000 0II0 00 0III000 II1010011 101 1100001 110 110000III000III0 I00I II0I III0011 0110011 101000 0110 00
I00I III0I III00II 0II00II I0I000 0110 00
200,000+ File Samples per Day
FireAMP™ Community, 3+ million
Advanced Microsoft and Industry Disclosures
Snort and ClamAV Open Source Communities
Honeypots
Sourcefire AEGIS™ Program
Private and Public Threat Feeds
Dynamic Analysis
101000 0II0 00 0III000 III0I00II II II0000I II0 1100001110001III0 I00I II0I III00II 0II00II 101000 0110 00
100I II0I III00II 0II00II I0I000 0II0 00 Cisco® SIO Talos
Cisco Collective Security Intelligence
Email AMP Web Network NGIPS NGFW
WWW
1.8 million global sensors
100 TB of data received per day
180 million+ deployed endpoints
600+ engineers, technicians, and researchers
35% worldwide email traffic
13 billion web requests
24x7x365 operations
40+ languages
Sourcefire VRT®
Pervasive across Portfolio
© 2014 Cisco and/or its affiliates. All rights reserved. 20
Oppsummert
BEFORE Discover Enforce Harden
AFTER Scope
Contain Remediate
Covers the entire Attack Continuum
Detect Block
Defend
DURING
Collective Security Intelligence
Network-Integrated, Broad Sensor Base, Context sharing and
Automation
Continuous Advanced Threat Protection,
Cloud-Based Security Intelligence
Leading products working together as a system
Built for Scale, Consistent Control, Management
Visibility-Driven Threat-Focused Platform-Based Strategic Imperatives
© 2014 Cisco and/or its affiliates. All rights reserved. 21 Cisco 21 © 2013 Cisco and/or its affiliates. All rights reserved.
Takk for meg!