using analytics to intuitively fight future cyber threats · dna center: design, policy, provision,...
TRANSCRIPT
Peter RomnessCybersecurity Solutions Lead – Public Sector CTO Office
July 2017
Intuitively Fight Future Cyber ThreatsUsing Analytics to
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
The Digitization of Enterprise
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
New Customer Experiences
Empower Workforce Innovations
Transform Processes and
Business Models
Digitization Connects and Gives Insight
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Security as an Enabler
• 70% of executives say
digitization is important
• Over 70% say the risks are
slowing them down
• Over 20% have slowed or
stopped a project because
of security
• Major brands are losing
customers and being
disenfranchised
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Significant Findings of the Cisco Annual Cybersecurity Report
Survey
• Top obstacles listed by Security
Professionals are not technical.
• Time, Talent, and Money Affect
the Ability to Respond to Threats
Threat Intelligence
• Threats continue to grow
• Threat actors modify their
methods to remain effective
25%Lack of Trained
Personnel
( -4% )
Business Obstacles to Advancing Security
35%Budget
25%Certification
Requirements
28%Compatibility
Issues( -4% )
(+ / -0% )
(Change from 2015)
(+ 3% )
TTE = Time to EvolveMTTD in Hours
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
The Defender Dilemma
Encryption Non-Technical IssuesSecurity
Smorgasbord
Boundary Expansion
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Visibility, Threat Research and Analytics
GLOBALThreats Across
the Internet
LOCALThreats Inside
Your Network&
7.3T Threats
Blocked
Annually
Over 300
Threat
Researchers
Hundreds of
Threat
Analytics
Engines
Tens of
Millions
Users
Hundreds of
Thousands
Customers
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Provide InsightsSee problems before your end
users do
Rapidly TroubleshootFind root cause faster with
granular details
Automate ChangesRecognize changes and inform
the self-driving network
Predict PerformanceUse machine learning to predict how
new services will impact service levels
Gain Full VisibilityLearn from the network and
clients attached to it
The Intuitive Network Centralized Management, Analytics and Assurance
Manage and Protect the now. Predict the future.
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Simple Open Automated
Effective Security
Intuitive Security Architecture
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Simple Open Automated
Effective Security
Intuitive Security Architecture
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Simple
Deploy easily in
minutes vs. months:•Immediate setup
•Remote setup
•“Push” to devices
•Recommended rules
Automated workflows &
visualizations, cloud
management •Control policies and traffic
•Policy management
•Single control screen
•Cloud based portal
Remote management
at scale •Branch offices
•Users on and off network
Simple to Deploy Simple to Manage Simple to Scale
Intuitive Security Architecture
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Open
Umbrella API
FirepowerAPI
OpenApp ID
Threat Intel API
pxGrid SDK
eStreamerAPI
Host Input API
Remediation API
•Snort
•OpenAppID
•PhishTank
•ClamAV
•SenderBase
•SpamCop
Partners enhance and
complete the solution
• 120 Security Partners
• 42 pxGrid Partners (IETF – XMPP-Grid)
Open API’s, Standards,
Programmability
Open Source
Communities
Ecosystem and
Technical Partners
Effective Integration
through Standards
Shared intelligence
through sponsored
communities:
Intuitive Security Architecture
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Automated
See on one device –
block across network
• Collective intelligence
• Cross platform management
• Cross vendor integration
Threat HuntingCross Platform
Response
Continuous hunting
throughout network
• Automatic and continuous
analysis
• Behavior analysis
• Low prevalence detection
Make sense of 1000’s of
alerts
• Prioritized threat presentation
• Recommended actions
Prioritization
Intuitive Security Architecture
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Encrypted Traffic AnalysisVisibility and Malware Detection without Decryption
Malware in Encrypted Traffic
Security AND Privacy
DetectionAccuracy
ETA algorithms analyze multiple
network data sources
No Information is decrypted
High Level of Accuracy
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Automated Enforcement Scenario
Threat End PointAmp for Endpoints
AMP Cloud
Threat Grid
ENFORCE
EVERYWHERE
Cloud
NGFW Umbrella Threat
Grid
ESA AMP ISE CloudLock
Third Party Integrations
SEE
ONCE
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Things are Looking Up for Defenders
Increased AppreciationTechnology
Improvement Clearer Career Path
Public Awareness
Executive Appreciation & Support
Cool New Technologies
Maturation of Technology,
Processes, Policies
Consensus Around Common
Framework (NIST CSF)
Mega Demand
Automation to Make Process Less
Tedious
Established Career Paths
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Intuitive Network
Intelligent
Turns decades of
network traffic and
threat data into
actionable insights
Automated
Reducing today's largely
manual processes,
increasing productivity and
reducing costs
Secure
Seeing and acting on
unprecedented scale of
security threats and
learning from every one
of them
Enabling the Digital Enterprise
Peter [email protected]
July 2017
Back Up Slides
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
1 Million Devices
Online Every Hour
Mobile, IoT, Cloud, AI/ML
Explosion of Data,
Lack of Insights
Digital Disruption Complexity Security
$60B Spent of
Network Operations
95% Manual Operations
Customer Experience in a
Multi-cloud Environment
Attack Surface
Threat Actors
Attack Sophistication
Relevant Insights
at Scale
Dynamic Threat
Landscape
Slow and
Error Prone
Network Challenges
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Automated Enforcement Scenerio
Portfolio Architecture Intelligence
Best of Breed Integrated Powered by
Intelligent | Automated | Secure
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Digital Network Architecture
• DNA Center
• Built-in expertise to manage and deploy end-to-end network services with a central management (July 2017)
• Network Data Platform for Assurance
• Analytics collects data from users, devices, and applications and uses machine learning to proactively identify problems (Nov 2017)
• Software-Defined Access
• Dynamically adapt to changing needs with policy-based management of the network fabric (Jul 2017)
• Encrypted Threat Analysis
• Uncover threats hidden in encrypted traffic without decryption (Sept 2017)
• Catalyst 9000 Series Switches
• First infrastructure devices purposely designed for DNA
• 9500 (Jun 2017), 9400 (August 2017), 9300 (June 2017)
Software Subscription Licensing | DNA Advisory, Technical, Support Services
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
DNA Center: Design, Policy, Provision, Assurance A better way to manage your network
DNA Center: Design, provision,
automate policy and assure
services from one place
Logical workflow to design,
provision, set policy
Respond to changes faster
Monitor end-to-end
network performance
Predict and act on problems
before they happen
Pinpoint problems faster
Reduce downtime with an
end-to-end view instead of
hop by hop
Manage hardware and
software lifecycles
Keep up to date, meet
compliance and plan for refresh
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Select Areas, Building, Floors
• Configure Network Settings
• Set IP Address Pools
Design
Design | Provision | Policy | Assurance
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Assign Devices to Locations
• Provision Network Fabric
• On-board Hosts
Provision
Design | Provision | Policy | Assurance
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Software-Defined AccessIndustry’s first policy-based automation from the edge to the cloud
Single Network Fabric
Automate User Access Policy
End-to-End Segmentation
Keep user, device and applications
traffic separate without redesigning
the network
Apply the right policies for user or
device to any application across
the network
Enable a consistent user
experience anywhere without
compromising on security
Common user policy for the branch, campus, WAN and cloud
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Create Virtual Networks
• Register End Point Types
• Administer Context-Based Policy
Policy
Design | Provision | Policy | Assurance
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Network and Device Performance
• Client Access, Connectivity, Monitoring and Troubleshooting
• Application Experience Monitoring & Acceleration
Assurance
Design | Provision | Policy | Assurance
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Analyze netflowmetadata without decrypting traffic flows
• Global-to-local knowledge correlation -99.99% threat detection accuracy
• Encrypted traffic analytics from Cisco’s newest switches and routers
Encrypted Traffic Analytics
Security with Privacy
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Mobility Ready
Simplify BYOD onboarding
Manage and secure wired and
wireless from one device
IoT Ready
Instantly on-board IoT devices
Automatically segment IoT traffic
for better security
Cloud Ready
Build apps.
Through programmability
Improve applications performance
- user to cloud
Future-Proofed with UADP 2.0
and open and programmable IOS-XE
Integrated Security
Find and contain threats fast
with real-time monitoring
Threat detection for
encrypted traffic
The New Catalyst 9K – Built for SD-Access
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
The Cisco Network
APIC-EMNetwork Data Platform Identity Services Engine
Routers Switches Wireless AP WLC
DNA Center
DESIGN PROVISION POLICY ASSURANCE
DNA Center:
Simple Workflows
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Challenge
Large global network deployment, challenges to
manage network infrastructure with the many
complex requirements of a modern business:
• $4.7M cost in policy changes
• Up to 18 months per software upgrade cycle
• Over $5M to reduce risk and meet compliance
• $2.4M to manually deploy network
Business Outcomes• 67% reduction in cost to carry out tasks such as
network upgrade, inventory management,
provisioning and policy
• 48% cost savings from reducing the impact of
security breaches and maintaining compliance
• Lowered issue resolution cost by 80% with a
simplified dashboard, integration with other Cisco
tools, and automation of monitoring and
troubleshooting – providing visibility across
the network
Customer Study
Petroleum CustomerSD-Access Delivers Real Business Outcomes
Reduce Network
Provisioning Cost
67%*
Improve Issue
Resolution Cost
80%*
Reduce Cost of
Security Breach
48%*
$8.4M $7.6M
$14M
$5.4M
Current With Cisco SDA
CAPEX OPEX
61%
14%
* Source: Internal TCO Analysis with Large Enterprise Customer
** Capex Reduction based on converging IOT Networks
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
New DNA Services
SD-Access
Services
Catalyst 9K
Services
Network as a
Sensor Services
• Optimization for
SD-Access
• Managed Enterprise
for SD-Access
• Solution Support • SD-Access Training
• DNA Implementation
Essentials
• Network
Programmability
Specialist
Certifications
• DNA Center Advise
and Implement
• SD-Access
Solution Validation
• SD-Access Migration
• SD-Access
Operations Planning
Advisory OptimizationImplementation Managed Technical Training
• DNA Advisory for
SD-Access
• Security
Segmentation
• SD-Access Design
• Network Optimization • Managed Network • Smart Net Total Care
• Partner Support
Service
• Solution Support
• Network Migration
Upgrade
Applicable Services if buying standalone
• Security Optimization • Software Support
• Smart Net Total Care
• Solution Support
• Security
Implementation
• Fixed: Deployment &
Integration
• DNA Ready Infrastructure
(ie. Cat 9K series)
• APIC-EM
• DNA Center
• ISE
• ISE
• Stealthwatch
• Active Threat
Analytics Essential
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Adopt IoT at scaleEnd-to-end Segmentation
Connected
Lighting
IP
Surveillance
Users and
Devices
DNA
Center
Before SDA After SDA
• Complex
segmentation of IoT
and user traffic
• Chase down IP
addresses for
troubleshooting
• Expensive high-
voltage Deployments
• Intuitive role-based
segmentation with
device profiling
• Built-in visibility and
granular policy control
• Optimized for low-
voltage building
deployments
Automatic Provisioning and Policy
Automatic Security and Segmentation
Purpose Built Switches for Digital Building
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Faster onboarding of users and devicesPolicy Automation
Before SDA After SDA
• VLAN and IP address
based
• Create IP
based ACLs for
access policy
• Deal with policy
violations and errors
manually
• No IP address
dependency for
segmentation
• Define one consistent
policy
• Policy follows user
from Edge to Cloud
Group-Based PolicyPolicy from Edge
to CloudCompletely Automated
Drag policy
to apply
Users
Devices
Apps
Employee Virtual Network
IoT Virtual Network
Guest Virtual Network
Group 5
Group 3
Group 1
Group 6
Group 4
Group 2
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Wired and wireless accessA single network fabric
DNA
Center
Before SDA After SDA
• Repeated policy work
for wired-wireless
• Roaming issues
across L3 domains
• Chase down IP
addresses for
troubleshooting
• Consistent
management across
wired-wireless
• Optimal traffic flows
with seamless
roaming
• Seamless roaming in
Fabric and non-Fabric
domains
Campus-Wide RoamingWired and Wireless
ConsistencySimplified Provisioning
Roam
is L2
Seamless
Roam
Policy stays
with user
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Giving IT Time Back Shift IT Time to Business Focus
Improve Network
Provisioning
67%
Improve Issue
Resolution
80%
*Source: Internal TCO Analysis with Large Enterprise Customer (actual results may vary)
** Capex Reduction based on converging IOT Networks
Reduce Security
Breach Impact
48%
Reduce Operating
Expense
61%
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Improving Business Outcomes
Return On Investment
402% 5 Year ROI
$48,117 Average annual
benefit per 100 users
9 Month Payback period
Key Performance
Improvements
42% Faster WAN deployments
17% FasterApplication delivery
28% MoreEfficient IT staff
*Source: IDC Business Value for Cisco DNA, 2017
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Analyze netflow metadata without decrypting traffic flows
• Global-to-local knowledge correlation - 99.99% threat detection accuracy
• Encrypted traffic analytics from Cisco’s newest switches and routers
Encrypted Traffic AnalyticsEnhanced Network-as-a-Sensor
Security with Privacy
Encrypted Traffic
Non-Encrypted
Traffic
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Why Cisco?
End-to-end
security, analytics,
automation
Best of breed,
integrated architecture,
with intelligence
Broadest Partner
Ecosystem
Award-winning
services and
support
The Network Connects and Secures Everything