the business relevance of security: challenges & solutions
DESCRIPTION
Security continues to be an area of growth as risks continue to be on the rise. Attacks are becoming more sophisticated, as botnets, spam and fraud continue to proliferate. Understand the vision and innovations in network security, content security, and application security. And, learn key solutions that address customers' business-relevant security problems such as compliance, data loss prevention, and threat management.TRANSCRIPT
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 1
The Business Relevance of Security:Challenges & Solutions
Fred Kost and Calvin Chai
Interop Las Vegas
April 30, 2008
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 2
How Many of You Have…
� been notified of a potential identity breach?
� been notified of a potential breach of
payment card information?
� been a victim of malware or lured to a
phishing site?
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 3
Security 2007: A Year In Review
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 4
The Motive: Financial Gain
Threats are becoming increasingly difficult to detect and mitigate
Thre
at Severity
1990 1995 2000 2005
FINANCIAL:Theft & Damage
FAME:Viruses and Malware
TESTING THE WATERS:Basic Intrusions and Viruses
2008 2010
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 5
A More Sophisticated Threat Environment With a Structured Network for Financial Gain
Writers Middle MenSecond Stage
AbusersFirst Stage Abusers
End Value
Spyware
Viruses
Trojans
Worms
Malware Writers
Internal Theft Abuse of Privilege
Information Harvesting
Machine Harvesting
Extortionist DDoS for Hire
Spammer
Phisher
Pharmer/DNS Poisioning
Identity Theft
Compromised Host and
Application
Botnet Creation
Botnet Management
Personal Information
Information Brokerage
Electronic IP Leakage
Theft
Espionage
Extortion
Commercial Sales
Fraudulent Sales
Click Fraud
Financial Fraud
Tool WritersHacker/Direct
AttackFame
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 6
Emergence of New Attack Types
Source: 2007 CSI Survey
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 7
“Classic” SocialEngineering
� SPAM
� Phishing
� Pharming
� Fraud
� Persuasion
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 8
You Have Mail – and Malware
� SPAM Email sent by Botnet
� Directs user to malicious web server that hosts exploit
� Upon visit, user system is compromised by server, may now be used by botnet
� Becoming more targeted: Spearphishing, Whaling
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 9
226,784,543
Source: www.privacyrights.org
TOTAL number of records containing sensitive personal information involved in security breaches in the U.S. since
January 2005.
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 10
Connected World with Complex Security Challenges
The Business Impact of Security
� IT Risk Management
� Regulatory Compliance
� Security as Business Enabler
The New Threat Environment
� The Vanishing Perimeter
� SPAM/Malware/Profit driven hacking
� Data Leakage and Theft
� Cisco TelePresence/Video/IM/Email
� Mobility
� Web 2.0/Web Services/SOA
Collaboration and Communication
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 11
Security to Enable Today’s Businesses
Data LossRegulatory
Compliance
Malware
Today’s Security and Compliance Challenges Require a Systems Approach
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 12
Cisco Solutions for Business Security
Network Security
Endpoint Security
Content Security
Application Security
System ManagementPolicy—Reputation—Identity
Cisco Self-Defending Network:
Best of Breed Security in a Systems Approach
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 13
Putting It All TogetherThe Power of a Systems Approach to Security
Solutions to Address PCI, Malware and DLP
Endpoint Security
System Management Policy—Reputation—Identity
Network Security
Endpoint Security
Content Security
Application Security
CSA, NAC, Trustsec
ASA (Firewall, VPN, IPS), IPS, ISR, Switch security, Trustsec
IronPort, ASA with Content Security, ISR, PISA
ACE XML and Web Application Firewall
CS-MARS, CSM, ACS
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 14
The Business Relevance of Security
Regulatory Compliance
Data Loss
Malware
Self-Defending NetworkBest of Breed Security in a Systems Approach
CSA, IronPort, Cisco SME,
Trustsec
ASA, CSA, NAC,
IPS, Web Application
Firewall, MARS
IronPort, ASA, CSA, IPS,
MARS
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 15
Malware is the New “Threat”
Disruption Affects Productivity (an IT Problem)
� Employee disruption and application outages
� Business process downtime
Loss Impacts Value (a Financial Problem)
� Risk and liability management
� (Non) compliance costs
Damage Affects Reputation (a Business Problem)
� Customer satisfaction and retention
� Investor and partner confidence
Small 20–100
Medium 100–1000
Large
DDoS Attacks $11.7K $39.7K $15,578K
Client Malware $8.6K $114.5K $2,633K
Srvr Malware $11.3K $71.4K $13,052K
Total $31.7K $225.6K $31.2M
The Annual Cost of Downtime Can Be up to $31M from Loss of Revenue and Productivity
Infonetics
Impact of Threats:Disruption, Loss, and Damage
threat (thrět) n.
� An expression of an intention to inflict pain, injury, evil, or punishment.
� Any network-based attempt to compromise information, systems, network resources, steal information, destroy data, deny access to servers, shut down embedded devices
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 16
Firewalland VPN
Intrusion Prevention
Content Security
Endpoint Security
Systems Approach to Stop Malware:Visibility and Control
Centralized Policy Management and Monitoring
� Traffic access control
� Encryption
� Detection
� Precision response
� Email SPAM
� Web filtering
� Host IPS
� AV solutions
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 17
• Converged branch protection• Local content scanning to
mitigate malware introduction• Network Admission Control to
prevent malware and enforce policy
• Router-based IPS to protect local clients and preserve bandwidth
Monitoring, Correlation,
and Response
CSACSA
Internet Intranet
Day Zero Endpoint Protection
Branch Protection Converged
Perimeter Protection
Integrated Data Center Protection
Server Protection
Policy-based Solution
Management
Mitigating Malware and Targeted AttacksSelf-Defending Network Applied
• High-capacity protection of servers and applications
• Application and protocol inspection to protect servers and systems
• Local server protection from targeted exploit attempts
Data Center
• Endpoint protection from spyware, botnets, spam, trojans
• High-capacity internet-edge security
• Inbound, outbound, and intra-LAN protection and control
• Content security and Network Admission Control to mitigate malware propagation
CampusBranch
Cisco Security Agent (CSA)
Cisco Security Management Suite
Cisco ISR Routers with IPS and NAC
ASA5500 with Content Security
Cisco ASA 5500 Adaptive Security Appliance with IPS
Cisco IronportNAC Appliance
Catalyst Service ModulesIPS4200 SeriesASA5500 Series
Cisco Security Agent (CSA)ACE XML Gateway
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 18
Data Loss PreventionThe Real Insider Threat
� DLP: Security measures to protect company’s data-in-use, data-in-motion and data-at-rest
� The risk of Data Loss has increased due to the Web 2.0 business reality of providing “anywhere access” to data from multiple user devices
� Business Drivers for DLP in the network and on hosts
Acceptable Use: Company data usage policy
Intellectual Property Protection
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 19
Cisco Security Agent� Scan files for sensitive data
� Prevents copying to external media
� Prevents transfer with internetworkapplications
� Prevents bypass of gateway security policy
Sure Bob, I’ll find a way to get those files to you!
Hi Joan, Could you send those files over?
Cisco Data Loss Prevention SolutionNAC, CSA, IronPort, and TrustSec
IronPort
Internet
Intranet
NAC Appliance
ASA
printer
IronPort � Prevent data loss at perimeter
� Mail policy verification
� Logs transaction
� Encrypts mail message and notifies recipient
NAC Appliance� Verifies CSA and endpoint
posture
TrustSec
TrustSec� Enforces data policy through role-
based access control
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 20
PCI Data Security StandardApplies to Nearly Every Industry
PCINot Just for Retail
UtilitiesE-Commerce
Transportation
Restaurant
Financial/Insurance
Retail
Service Provider
Healthcare
Federal
Mobile
Universities
Sports and Entertainment
State Agencies
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 21
The Payment Card Industry (PCI) Data Security Standard
� Published January 2005
� Impacts ALL who process, transmit, or store cardholder data
� Also applies to 3rd party hosting companies, information storage companies, etc.
� Has global, horizontal reach
� Impact of non-compliance:
Increased transaction processing fees
Monthly fines ranging from $5,000 to $50,000 for missed deadlines
Source: pcisecuritystandards.org
Not Published yet
Latin American CEMEA
2008 TBD2008 TBD2008 TBDCanada
DEC 2009DEC 2009DEC 2009Asia
MAR-DEC 2008
MAR-DEC 2008
Negotiated individually
Western Europe
DEC 2008DEC 2007SEP 2007US
Level 3Level 2Level 1Theater
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 22
Internet
Credit Card Storage
Wireless Device
Branch Router
BranchSwitch
Core Switch with Integrated Security
Monitoring and Reporting
Core Switch
Desktop Security
WAP
E-Commerce
Integrated Security Appliance
Head-end Router
Management
WAP
POS Cash Register
Mobile POS
POS Server
Store Worker PC
Cisco Security Portfolio – Offers End-to-End Compliance with PCI Requirements
Policy ManagerAAA
WAP
SSL/IPsec VPN Termination
NAC
Application Server
Application Firewall
Remote Branch Location
InternetEdge
Main Campus
Data Center and NOC
Confidentiality, Data Integrity, Availability, Auditing and Reporting
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 23
The Business Relevance of Security
Regulatory Compliance
Data Loss
Malware
Self-Defending NetworkBest of Breed Security in a Systems Approach
CSA, IronPort, Cisco SME,
Trustsec
ASA, CSA, NAC,
IPS, Web Application
Firewall, MARS
IronPort, ASA, CSA, IPS,
MARS
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 24
Complete Lifecycle Services Portfolio
• Security Design • Incident Readiness Assessment & Design
• Security Implementation• CSA, NAC, IPS, ICS, Guard/Detector and
MARS Deployment
• Security Optimization
• Security Posture Assessment (SPA)• Security Architecture Review• Unified Communications Security Review• Security Technology Planning• Enterprise Architecture Consulting
Plan
Design
Implement
Operate
Optimize
Technology supports business objectives, sound financial decisions
Alignment of investments to requirements
Maintain network health; keep threat management current, proactive
Network stays ahead of changing user demands and corporate policies
High availability of network resources
• Security Center• Intelligent Information Services• Security Remote Management Services• Incident Response• Cisco Services for IPS
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 25
Summary
� Security increasingly a key business relevant issue
� Complex, connected world has changed security
� Current challenges require a systems approach
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 26
Thank you for attending
Please stay for your chance to win a GPS
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 27
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 28
The Business Relevance of Security
Threat Management: Business disruption, reputation damage and loss of control from compromised systems remains an issue for most businesses
Data Loss Prevention: DLP is a top of mind issue affecting many organizations, complicated by disclosure laws and uncertainty over actual data use
Regulatory Compliance: Global requirements to achieve compliance and in particular, PCI compliance, is a major horizontal business issue