the business relevance of security: challenges & solutions

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 1

The Business Relevance of Security:Challenges & Solutions

Fred Kost and Calvin Chai

Interop Las Vegas

April 30, 2008


How Many of You Have…

� been notified of a potential identity breach?

� been notified of a potential breach of

payment card information?

� been a victim of malware or lured to a

phishing site?


Security 2007: A Year In Review


The Motive: Financial Gain

Threats are becoming increasingly difficult to detect and mitigate

Thre

at Severity

1990 1995 2000 2005

FINANCIAL:Theft & Damage

FAME:Viruses and Malware

TESTING THE WATERS:Basic Intrusions and Viruses

2008 2010


A More Sophisticated Threat Environment With a Structured Network for Financial Gain

Writers Middle MenSecond Stage

AbusersFirst Stage Abusers

End Value

Spyware

Viruses

Trojans

Worms

Malware Writers

Internal Theft Abuse of Privilege

Information Harvesting

Machine Harvesting

Extortionist DDoS for Hire

Spammer

Phisher

Pharmer/DNS Poisioning

Identity Theft

Compromised Host and

Application

Botnet Creation

Botnet Management

Personal Information

Information Brokerage

Electronic IP Leakage

Theft

Espionage

Extortion

Commercial Sales

Fraudulent Sales

Click Fraud

Financial Fraud

Tool WritersHacker/Direct

AttackFame


Emergence of New Attack Types

Source: 2007 CSI Survey


“Classic” SocialEngineering

� SPAM

� Phishing

� Pharming

� Fraud

� Persuasion


You Have Mail – and Malware

� SPAM Email sent by Botnet

� Directs user to malicious web server that hosts exploit

� Upon visit, user system is compromised by server, may now be used by botnet

� Becoming more targeted: Spearphishing, Whaling


226,784,543

Source: www.privacyrights.org

TOTAL number of records containing sensitive personal information involved in security breaches in the U.S. since

January 2005.


Connected World with Complex Security Challenges

The Business Impact of Security

� IT Risk Management

� Regulatory Compliance

� Security as Business Enabler

The New Threat Environment

� The Vanishing Perimeter

� SPAM/Malware/Profit driven hacking

� Data Leakage and Theft

� Cisco TelePresence/Video/IM/Email

� Mobility

� Web 2.0/Web Services/SOA

Collaboration and Communication


Security to Enable Today’s Businesses

Data LossRegulatory

Compliance

Malware

Today’s Security and Compliance Challenges Require a Systems Approach


Cisco Solutions for Business Security

Network Security

Endpoint Security

Content Security

Application Security

System ManagementPolicy—Reputation—Identity

Cisco Self-Defending Network:

Best of Breed Security in a Systems Approach


Putting It All TogetherThe Power of a Systems Approach to Security

Solutions to Address PCI, Malware and DLP

Endpoint Security

System Management Policy—Reputation—Identity

Network Security

Endpoint Security

Content Security

Application Security

CSA, NAC, Trustsec

ASA (Firewall, VPN, IPS), IPS, ISR, Switch security, Trustsec

IronPort, ASA with Content Security, ISR, PISA

ACE XML and Web Application Firewall

CS-MARS, CSM, ACS


The Business Relevance of Security

Regulatory Compliance

Data Loss

Malware

Self-Defending NetworkBest of Breed Security in a Systems Approach

CSA, IronPort, Cisco SME,

Trustsec

ASA, CSA, NAC,

IPS, Web Application

Firewall, MARS

IronPort, ASA, CSA, IPS,

MARS


Malware is the New “Threat”

Disruption Affects Productivity (an IT Problem)

� Employee disruption and application outages

� Business process downtime

Loss Impacts Value (a Financial Problem)

� Risk and liability management

� (Non) compliance costs

Damage Affects Reputation (a Business Problem)

� Customer satisfaction and retention

� Investor and partner confidence

Small 20–100

Medium 100–1000

Large

DDoS Attacks $11.7K $39.7K $15,578K

Client Malware $8.6K $114.5K $2,633K

Srvr Malware $11.3K $71.4K $13,052K

Total $31.7K $225.6K $31.2M

The Annual Cost of Downtime Can Be up to $31M from Loss of Revenue and Productivity

Infonetics

Impact of Threats:Disruption, Loss, and Damage

threat (thrět) n.

� An expression of an intention to inflict pain, injury, evil, or punishment.

� Any network-based attempt to compromise information, systems, network resources, steal information, destroy data, deny access to servers, shut down embedded devices


Firewalland VPN

Intrusion Prevention

Content Security

Endpoint Security

Systems Approach to Stop Malware:Visibility and Control

Centralized Policy Management and Monitoring

� Traffic access control

� Encryption

� Detection

� Precision response

� Email SPAM

� Web filtering

� Host IPS

� AV solutions


• Converged branch protection• Local content scanning to

mitigate malware introduction• Network Admission Control to

prevent malware and enforce policy

• Router-based IPS to protect local clients and preserve bandwidth

Monitoring, Correlation,

and Response

CSACSA

Internet Intranet

Day Zero Endpoint Protection

Branch Protection Converged

Perimeter Protection

Integrated Data Center Protection

Server Protection

Policy-based Solution

Management

Mitigating Malware and Targeted AttacksSelf-Defending Network Applied

• High-capacity protection of servers and applications

• Application and protocol inspection to protect servers and systems

• Local server protection from targeted exploit attempts

Data Center

• Endpoint protection from spyware, botnets, spam, trojans

• High-capacity internet-edge security

• Inbound, outbound, and intra-LAN protection and control

• Content security and Network Admission Control to mitigate malware propagation

CampusBranch

Cisco Security Agent (CSA)

Cisco Security Management Suite

Cisco ISR Routers with IPS and NAC

ASA5500 with Content Security

Cisco ASA 5500 Adaptive Security Appliance with IPS

Cisco IronportNAC Appliance

Catalyst Service ModulesIPS4200 SeriesASA5500 Series

Cisco Security Agent (CSA)ACE XML Gateway


Data Loss PreventionThe Real Insider Threat

� DLP: Security measures to protect company’s data-in-use, data-in-motion and data-at-rest

� The risk of Data Loss has increased due to the Web 2.0 business reality of providing “anywhere access” to data from multiple user devices

� Business Drivers for DLP in the network and on hosts

Acceptable Use: Company data usage policy

Intellectual Property Protection


Cisco Security Agent� Scan files for sensitive data

� Prevents copying to external media

� Prevents transfer with internetworkapplications

� Prevents bypass of gateway security policy

Sure Bob, I’ll find a way to get those files to you!

Hi Joan, Could you send those files over?

Cisco Data Loss Prevention SolutionNAC, CSA, IronPort, and TrustSec

IronPort

Internet

Intranet

NAC Appliance

ASA

printer

IronPort � Prevent data loss at perimeter

� Mail policy verification

� Logs transaction

� Encrypts mail message and notifies recipient

NAC Appliance� Verifies CSA and endpoint

posture

TrustSec

TrustSec� Enforces data policy through role-

based access control


PCI Data Security StandardApplies to Nearly Every Industry

PCINot Just for Retail

UtilitiesE-Commerce

Transportation

Restaurant

Financial/Insurance

Retail

Service Provider

Healthcare

Federal

Mobile

Universities

Sports and Entertainment

State Agencies


The Payment Card Industry (PCI) Data Security Standard

� Published January 2005

� Impacts ALL who process, transmit, or store cardholder data

� Also applies to 3rd party hosting companies, information storage companies, etc.

� Has global, horizontal reach

� Impact of non-compliance:

Increased transaction processing fees

Monthly fines ranging from $5,000 to $50,000 for missed deadlines

Source: pcisecuritystandards.org

Not Published yet

Latin American CEMEA

2008 TBD2008 TBD2008 TBDCanada

DEC 2009DEC 2009DEC 2009Asia

MAR-DEC 2008

MAR-DEC 2008

Negotiated individually

Western Europe

DEC 2008DEC 2007SEP 2007US

Level 3Level 2Level 1Theater


Internet

Credit Card Storage

Wireless Device

Branch Router

BranchSwitch

Core Switch with Integrated Security

Monitoring and Reporting

Core Switch

Desktop Security

WAP

E-Commerce

Integrated Security Appliance

Head-end Router

Management

WAP

POS Cash Register

Mobile POS

POS Server

Store Worker PC

Cisco Security Portfolio – Offers End-to-End Compliance with PCI Requirements

Policy ManagerAAA

WAP

SSL/IPsec VPN Termination

NAC

Application Server

Application Firewall

Remote Branch Location

InternetEdge

Main Campus

Data Center and NOC

Confidentiality, Data Integrity, Availability, Auditing and Reporting



Regulatory Compliance

Data Loss

Malware

Self-Defending NetworkBest of Breed Security in a Systems Approach

CSA, IronPort, Cisco SME,

Trustsec

ASA, CSA, NAC,

IPS, Web Application

Firewall, MARS

IronPort, ASA, CSA, IPS,

MARS


Complete Lifecycle Services Portfolio

• Security Design • Incident Readiness Assessment & Design

• Security Implementation• CSA, NAC, IPS, ICS, Guard/Detector and

MARS Deployment

• Security Optimization

• Security Posture Assessment (SPA)• Security Architecture Review• Unified Communications Security Review• Security Technology Planning• Enterprise Architecture Consulting

Plan

Design

Implement

Operate

Optimize

Technology supports business objectives, sound financial decisions

Alignment of investments to requirements

Maintain network health; keep threat management current, proactive

Network stays ahead of changing user demands and corporate policies

High availability of network resources

• Security Center• Intelligent Information Services• Security Remote Management Services• Incident Response• Cisco Services for IPS


Summary

� Security increasingly a key business relevant issue

� Complex, connected world has changed security

� Current challenges require a systems approach


Thank you for attending

Please stay for your chance to win a GPS



Threat Management: Business disruption, reputation damage and loss of control from compromised systems remains an issue for most businesses

Data Loss Prevention: DLP is a top of mind issue affecting many organizations, complicated by disclosure laws and uncertainty over actual data use

Regulatory Compliance: Global requirements to achieve compliance and in particular, PCI compliance, is a major horizontal business issue

the business relevance of security: challenges & solutions

Economy & Finance