using analytics to intuitively fight future cyber threats · dna center: design, policy, provision,...

Peter RomnessCybersecurity Solutions Lead – Public Sector CTO Office

July 2017

Intuitively Fight Future Cyber ThreatsUsing Analytics to

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

The Digitization of Enterprise


New Customer Experiences

Empower Workforce Innovations

Transform Processes and

Business Models

Digitization Connects and Gives Insight

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Security as an Enabler

• 70% of executives say

digitization is important

• Over 70% say the risks are

slowing them down

• Over 20% have slowed or

stopped a project because

of security

• Major brands are losing

customers and being

disenfranchised


Significant Findings of the Cisco Annual Cybersecurity Report

Survey

• Top obstacles listed by Security

Professionals are not technical.

• Time, Talent, and Money Affect

the Ability to Respond to Threats

Threat Intelligence

• Threats continue to grow

• Threat actors modify their

methods to remain effective

25%Lack of Trained

Personnel

( -4% )

Business Obstacles to Advancing Security

35%Budget

25%Certification

Requirements

28%Compatibility

Issues( -4% )

(+ / -0% )

(Change from 2015)

(+ 3% )

TTE = Time to EvolveMTTD in Hours


The Defender Dilemma

Encryption Non-Technical IssuesSecurity

Smorgasbord

Boundary Expansion


Visibility, Threat Research and Analytics

GLOBALThreats Across

the Internet

LOCALThreats Inside

Your Network&

7.3T Threats

Blocked

Annually

Over 300

Threat

Researchers

Hundreds of

Threat

Analytics

Engines

Tens of

Millions

Users

Hundreds of

Thousands

Customers


Provide InsightsSee problems before your end

users do

Rapidly TroubleshootFind root cause faster with

granular details

Automate ChangesRecognize changes and inform

the self-driving network

Predict PerformanceUse machine learning to predict how

new services will impact service levels

Gain Full VisibilityLearn from the network and

clients attached to it

The Intuitive Network Centralized Management, Analytics and Assurance

Manage and Protect the now. Predict the future.


Simple Open Automated

Effective Security

Intuitive Security Architecture


Simple

Deploy easily in

minutes vs. months:•Immediate setup

•Remote setup

•“Push” to devices

•Recommended rules

Automated workflows &

visualizations, cloud

management •Control policies and traffic

•Policy management

•Single control screen

•Cloud based portal

Remote management

at scale •Branch offices

•Users on and off network

Simple to Deploy Simple to Manage Simple to Scale



Open

Umbrella API

FirepowerAPI

OpenApp ID

Threat Intel API

pxGrid SDK

eStreamerAPI

Host Input API

Remediation API

•Snort

•OpenAppID

•PhishTank

•ClamAV

•SenderBase

•SpamCop

Partners enhance and

complete the solution

• 120 Security Partners

• 42 pxGrid Partners (IETF – XMPP-Grid)

Open API’s, Standards,

Programmability

Open Source

Communities

Ecosystem and

Technical Partners

Effective Integration

through Standards

Shared intelligence

through sponsored

communities:



Automated

See on one device –

block across network

• Collective intelligence

• Cross platform management

• Cross vendor integration

Threat HuntingCross Platform

Response

Continuous hunting

throughout network

• Automatic and continuous

analysis

• Behavior analysis

• Low prevalence detection

Make sense of 1000’s of

alerts

• Prioritized threat presentation

• Recommended actions

Prioritization



Encrypted Traffic AnalysisVisibility and Malware Detection without Decryption

Malware in Encrypted Traffic

Security AND Privacy

DetectionAccuracy

ETA algorithms analyze multiple

network data sources

No Information is decrypted

High Level of Accuracy


Automated Enforcement Scenario

Threat End PointAmp for Endpoints

AMP Cloud

Threat Grid

ENFORCE

EVERYWHERE

Cloud

NGFW Umbrella Threat

Grid

ESA AMP ISE CloudLock

Third Party Integrations

SEE

ONCE


Things are Looking Up for Defenders

Increased AppreciationTechnology

Improvement Clearer Career Path

Public Awareness

Executive Appreciation & Support

Cool New Technologies

Maturation of Technology,

Processes, Policies

Consensus Around Common

Framework (NIST CSF)

Mega Demand

Automation to Make Process Less

Tedious

Established Career Paths


Intuitive Network

Intelligent

Turns decades of

network traffic and

threat data into

actionable insights

Automated

Reducing today's largely

manual processes,

increasing productivity and

reducing costs

Secure

Seeing and acting on

unprecedented scale of

security threats and

learning from every one

of them

Enabling the Digital Enterprise

Peter [email protected]

July 2017

Back Up Slides


1 Million Devices

Online Every Hour

Mobile, IoT, Cloud, AI/ML

Explosion of Data,

Lack of Insights

Digital Disruption Complexity Security

$60B Spent of

Network Operations

95% Manual Operations

Customer Experience in a

Multi-cloud Environment

Attack Surface

Threat Actors

Attack Sophistication

Relevant Insights

at Scale

Dynamic Threat

Landscape

Slow and

Error Prone

Network Challenges


Automated Enforcement Scenerio

Portfolio Architecture Intelligence

Best of Breed Integrated Powered by

Intelligent | Automated | Secure


Digital Network Architecture

• DNA Center

• Built-in expertise to manage and deploy end-to-end network services with a central management (July 2017)

• Network Data Platform for Assurance

• Analytics collects data from users, devices, and applications and uses machine learning to proactively identify problems (Nov 2017)

• Software-Defined Access

• Dynamically adapt to changing needs with policy-based management of the network fabric (Jul 2017)

• Encrypted Threat Analysis

• Uncover threats hidden in encrypted traffic without decryption (Sept 2017)

• Catalyst 9000 Series Switches

• First infrastructure devices purposely designed for DNA

• 9500 (Jun 2017), 9400 (August 2017), 9300 (June 2017)

Software Subscription Licensing | DNA Advisory, Technical, Support Services


DNA Center: Design, Policy, Provision, Assurance A better way to manage your network

DNA Center: Design, provision,

automate policy and assure

services from one place

Logical workflow to design,

provision, set policy

Respond to changes faster

Monitor end-to-end

network performance

Predict and act on problems

before they happen

Pinpoint problems faster

Reduce downtime with an

end-to-end view instead of

hop by hop

Manage hardware and

software lifecycles

Keep up to date, meet

compliance and plan for refresh


• Select Areas, Building, Floors

• Configure Network Settings

• Set IP Address Pools

Design

Design | Provision | Policy | Assurance


• Assign Devices to Locations

• Provision Network Fabric

• On-board Hosts

Provision



Software-Defined AccessIndustry’s first policy-based automation from the edge to the cloud

Single Network Fabric

Automate User Access Policy

End-to-End Segmentation

Keep user, device and applications

traffic separate without redesigning

the network

Apply the right policies for user or

device to any application across

the network

Enable a consistent user

experience anywhere without

compromising on security

Common user policy for the branch, campus, WAN and cloud


• Create Virtual Networks

• Register End Point Types

• Administer Context-Based Policy

Policy



• Network and Device Performance

• Client Access, Connectivity, Monitoring and Troubleshooting

• Application Experience Monitoring & Acceleration

Assurance



• Analyze netflowmetadata without decrypting traffic flows

• Global-to-local knowledge correlation -99.99% threat detection accuracy

• Encrypted traffic analytics from Cisco’s newest switches and routers

Encrypted Traffic Analytics

Security with Privacy


Mobility Ready

Simplify BYOD onboarding

Manage and secure wired and

wireless from one device

IoT Ready

Instantly on-board IoT devices

Automatically segment IoT traffic

for better security

Cloud Ready

Build apps.

Through programmability

Improve applications performance

- user to cloud

Future-Proofed with UADP 2.0

and open and programmable IOS-XE

Integrated Security

Find and contain threats fast

with real-time monitoring

Threat detection for

encrypted traffic

The New Catalyst 9K – Built for SD-Access


The Cisco Network

APIC-EMNetwork Data Platform Identity Services Engine

Routers Switches Wireless AP WLC

DNA Center

DESIGN PROVISION POLICY ASSURANCE

DNA Center:

Simple Workflows


Challenge

Large global network deployment, challenges to

manage network infrastructure with the many

complex requirements of a modern business:

• $4.7M cost in policy changes

• Up to 18 months per software upgrade cycle

• Over $5M to reduce risk and meet compliance

• $2.4M to manually deploy network

Business Outcomes• 67% reduction in cost to carry out tasks such as

network upgrade, inventory management,

provisioning and policy

• 48% cost savings from reducing the impact of

security breaches and maintaining compliance

• Lowered issue resolution cost by 80% with a

simplified dashboard, integration with other Cisco

tools, and automation of monitoring and

troubleshooting – providing visibility across

the network

Customer Study

Petroleum CustomerSD-Access Delivers Real Business Outcomes

Reduce Network

Provisioning Cost

67%*

Improve Issue

Resolution Cost

80%*

Reduce Cost of

Security Breach

48%*

$8.4M $7.6M

$14M

$5.4M

Current With Cisco SDA

CAPEX OPEX

61%

14%

* Source: Internal TCO Analysis with Large Enterprise Customer

** Capex Reduction based on converging IOT Networks


New DNA Services

SD-Access

Services

Catalyst 9K

Services

Network as a

Sensor Services

• Optimization for

SD-Access

• Managed Enterprise

for SD-Access

• Solution Support • SD-Access Training

• DNA Implementation

Essentials

• Network

Programmability

Specialist

Certifications

• DNA Center Advise

and Implement

• SD-Access

Solution Validation

• SD-Access Migration

• SD-Access

Operations Planning

Advisory OptimizationImplementation Managed Technical Training

• DNA Advisory for

SD-Access

• Security

Segmentation

• SD-Access Design

• Network Optimization • Managed Network • Smart Net Total Care

• Partner Support

Service

• Solution Support

• Network Migration

Upgrade

Applicable Services if buying standalone

• Security Optimization • Software Support

• Smart Net Total Care

• Solution Support

• Security

Implementation

• Fixed: Deployment &

Integration

• DNA Ready Infrastructure

(ie. Cat 9K series)

• APIC-EM

• DNA Center

• ISE

• ISE

• Stealthwatch

• Active Threat

Analytics Essential


Adopt IoT at scaleEnd-to-end Segmentation

Connected

Lighting

IP

Surveillance

Users and

Devices

DNA

Center

Before SDA After SDA

• Complex

segmentation of IoT

and user traffic

• Chase down IP

addresses for

troubleshooting

• Expensive high-

voltage Deployments

• Intuitive role-based

segmentation with

device profiling

• Built-in visibility and

granular policy control

• Optimized for low-

voltage building

deployments

Automatic Provisioning and Policy

Automatic Security and Segmentation

Purpose Built Switches for Digital Building


Faster onboarding of users and devicesPolicy Automation


• VLAN and IP address

based

• Create IP

based ACLs for

access policy

• Deal with policy

violations and errors

manually

• No IP address

dependency for

segmentation

• Define one consistent

policy

• Policy follows user

from Edge to Cloud

Group-Based PolicyPolicy from Edge

to CloudCompletely Automated

Drag policy

to apply

Users

Devices

Apps

Employee Virtual Network

IoT Virtual Network

Guest Virtual Network

Group 5

Group 3

Group 1

Group 6

Group 4

Group 2


Wired and wireless accessA single network fabric

DNA

Center


• Repeated policy work

for wired-wireless

• Roaming issues

across L3 domains

• Chase down IP

addresses for

troubleshooting

• Consistent

management across

wired-wireless

• Optimal traffic flows

with seamless

roaming

• Seamless roaming in

Fabric and non-Fabric

domains

Campus-Wide RoamingWired and Wireless

ConsistencySimplified Provisioning

Roam

is L2

Seamless

Roam

Policy stays

with user


Giving IT Time Back Shift IT Time to Business Focus

Improve Network

Provisioning

67%

Improve Issue

Resolution

80%

*Source: Internal TCO Analysis with Large Enterprise Customer (actual results may vary)

** Capex Reduction based on converging IOT Networks

Reduce Security

Breach Impact

48%

Reduce Operating

Expense

61%


Improving Business Outcomes

Return On Investment

402% 5 Year ROI

$48,117 Average annual

benefit per 100 users

9 Month Payback period

Key Performance

Improvements

42% Faster WAN deployments

17% FasterApplication delivery

28% MoreEfficient IT staff

*Source: IDC Business Value for Cisco DNA, 2017


• Analyze netflow metadata without decrypting traffic flows

• Global-to-local knowledge correlation - 99.99% threat detection accuracy

• Encrypted traffic analytics from Cisco’s newest switches and routers

Encrypted Traffic AnalyticsEnhanced Network-as-a-Sensor

Security with Privacy

Encrypted Traffic

Non-Encrypted

Traffic


Why Cisco?

End-to-end

security, analytics,

automation

Best of breed,

integrated architecture,

with intelligence

Broadest Partner

Ecosystem

Award-winning

services and

support

The Network Connects and Secures Everything

using analytics to intuitively fight future cyber threats · dna center: design, policy, provision,...

Documents