© 2014 Cisco and/or its affiliates. All rights reserved. 1 © 2014 Cisco and/or its affiliates. All rights reserved. 1

Advance Threat Defense

Security Sales Manager – Indochina

+668 6900 7667

sassawas@cisco.com

Sutee Assawasoontarangkoon

26 April 2014 @Sheraton Hua Hin

© 2014 Cisco and/or its affiliates. All rights reserved. 2

MOBILITY CLOUD THREAT

Nexus of

Forces,

Driving need

for

Architectural

approach to

Security

Connectivity Digital Access

Immersive Experience Digital Interactions

Networked Economy Digital Biz Processes

Internet of Everything

Digitize the World

Evolution of the Internet The Industrialization of Hacking & Threat landscape

2000 1990 1995 2005 2010 2015 2020

Viruses 1990–2000

Worms 2000–2005

Spyware and Rootkits 2005–Today

APTs Cyberware Today +

Hacking Becomes an Industry

Sophisticated Attacks, Complex Landscape

Phishing, Low Sophistication Anti-Virus,

Worms

© 2014 Cisco and/or its affiliates. All rights reserved. 4

Cisco Annual Security Report 2014

• Security is now a boardroom discussion.

• Breaches mean lost IP, compromised customer information, lack of confidence and valuation

impact.

• In addition, a major consideration is the change in what defines a network, which goes beyond

traditional walls and includes data centers, endpoints, virtual and mobile; this is the extended

network.

In the Cisco Annual Security Report 2014, three key trends highlighted are:

• Increased sophistication and proliferation of the threat landscape.

• Increased complexity of threats and solutions due to rapid growth in intelligent mobile device

adoption and cloud computing provide a greater attack surface than ever before.

• Cybercriminals have learned that harnessing the power of Internet infrastructure yields far more

benefits than simply gaining access to individual computers or devices.

99% of all mobile

malware in 2013

targeted Android

devices.

64% of malware

are Trojans,

followed by

adware at 20%.

A shortage of more than a

million security

professionals across the

globe in 2014.

100% of the world’s largest

multinational company networks

generated visitor traffic to Web

sites that host malware.

© 2014 Cisco and/or its affiliates. All rights reserved. 5

From: www.manager.co.th

© 2014 Cisco and/or its affiliates. All rights reserved. 6

Heartbleed – Cisco Respond

130,000 servers

4,000 servers

2.7% From: ThaiCert

© 2014 Cisco and/or its affiliates. All rights reserved. 7

© 2014 Cisco and/or its affiliates. All rights reserved. 8

Enable Business New Technology Secure Enterprise

Market Transition - Balancing Priorities ( CEO :: CIO :: CISO )

Growth & Innovations

Productivity

New Business models / M&A

Globalizations

Compliance

Mobile

Cloud

Apps

Data & Analytics

Internet of Things

Policy Enforcement Wired, Wireless, VPN, Cloud

Threat Mitigation Physical, Virtual, Cloud

Data Protection On-Prem, In The Cloud

IR / DR / Forensics

© 2014 Cisco and/or its affiliates. All rights reserved. 10

Biggest Security Challenges Today

© 2014 Cisco and/or its affiliates. All rights reserved. 11

The Silver Bullet Does Not Exist… Combatting Advanced Threats over last 15 years

“Captive Port”

“It matches the pattern”

“No false positives,

no false negatives.”

App Control

FW/VPN

IDS / IPS

UTM

NAC

AV

PKI

“Block or Allow”

“Fix the Firewall”

“No key, no access”

Sandboxing

“Virtual Execution”

© 2014 Cisco and/or its affiliates. All rights reserved. 12

BEFORE Discover

Enforce

Harden

AFTER Scope

Contain

Remediate

A t t a c k C o n t i n u u m

Network Endpoint Mobile Virtual Cloud

Detect

Block

Defend

DURING

Point in Time Continuous

Integrated Threat Defense

• Visibility & Context driven

• Continuous analysis & remediation

• Covers broad set of attack vectors

• Integrated & coordinated response

• Leverages existing infrastructure

• Scales with increasing workloads

The Threat Centric Security Model Looking beyond a single silver bullet

© 2014 Cisco and/or its affiliates. All rights reserved. 13

Network Endpoint Mobile Virtual Cloud

Who What Where When How

BREADTH

DEPTH

NAC | NGFW | NGIPS | Ant-Malware | Web | Email | Threat Defense

Visibility needs both Breadth & Depth

© 2014 Cisco and/or its affiliates. All rights reserved. 14

Visibility: Cisco Sees More Than the Competition

Network Servers

Operating Systems

Routers and Switches

Mobile Devices

Printers

VoIP Phones

Virtual Machines

Client Applications

Files

Users

Web Applications

Application Protocols

Services

Malware

Command and Control

Servers

Vulnerabilities

NetFlow

Network Behavior

Processes

© 2014 Cisco and/or its affiliates. All rights reserved. 15

Initial Disposition = Clean

Point-in-time

Detection

Initial Disposition = Clean

Blind to scope

of compromise

Actual Disposition = Bad = Too Late!!

Turns back time

Visibility & Control

are Key

Not 100%

Analysis Stops

Sleep Techniques

Unknown Protocols

Encryption

Polymorphism

Actual Disposition = Bad = Blocked

Retrospective Detection,

Analysis Continues

Continuous Analysis & Remediation Beyond the Event Horizon

Antivirus

Sandboxing

Old

School

Point in Time

Cisco AMP Next

Gen

Continuous

© 2014 Cisco and/or its affiliates. All rights reserved. 16

The Power of Continuous Analysis

Point-in-time security

sees a lighter, bullet,

cufflink, pen & cigarette

case…

Wouldn’t it be nice to

know if you’re dealing

with something more

deadly?

© 2014 Cisco and/or its affiliates. All rights reserved. 17

Advanced Malware Protection (AMP) Everywhere

Dedicated Appliance

February 2013

NGIPS / NGFW on FirePOWER

October 2012

Mobile

June 2012

PC

Since January 2012

Virtual

August 2012

Cisco Web & Email

Security Appliances

SaaS

Cisco Cloud Web Security

& Hosted Email

NOW Available

ON

© 2014 Cisco and/or its affiliates. All rights reserved. 18

Network Behavior Analysis

Advance Malware Protection

NAC + Identity Services

NGFW

Firewall

UTM

VPN

A T T A C K C O N T I N U U M

Control Enforce Harden

Detect Block

Defend

Scope Contain

Remediate

NGIPS

Web Security

Email Security

Cisco Threat Centric – Complete Security Portfolio Gartner Magic Quadrant Leader in all Security Products

© 2014 Cisco and/or its affiliates. All rights reserved. 19

Comprehensive Security Portfolio

IPS & NGIPS

• Cisco IPS 4300 Series

• Cisco ASA 5500-X Series integrated IPS

• FirePOWER NGIPS

• FirePOWER NGIPS w/ Application Control

• FirePOWER Virtual NGIPS

Web Security

• Cisco Web Security Appliance (WSA)

• Cisco Virtual Web Security Appliance (vWSA)

• Cisco Cloud Web Security

Firewall & NGFW

• Cisco ASA 5500-X Series

• Cisco ASA 5500-X w/ NGFW license

• Cisco ASA 5585-X w/ NGFW blade

• FirePOWER NGFW

Advanced Malware Protection

• FireAMP

• FireAMP Mobile

• FireAMP Virtual

• AMP for FirePOWER license

• Dedicated AMP FirePOWER appliance

NAC + Identity Services

• Cisco Identity Services Engine (ISE)

• Cisco Access Control Server (ACS)

Email Security

• Cisco Email Security Appliance (ESA)

• Cisco Virtual Email Security Appliance (vESA)

• Cisco Cloud Email Security

• Cisco

• Sourcefire

UTM

• Meraki MX

VPN

• Cisco AnyConnect VPN

© 2014 Cisco and/or its affiliates. All rights reserved. 20

40,000 routers on Cisco’s network

20 billion NetFlows /day

27TB of traffic inspected / day

3 billion DNS records / day

750GB of system logs collected / day

2 billion events / day collected in Splunk

6 million transactions / day handled by WSAs

Malware for 1.2% of all transactions automatically blocked by WSAs

Over 100 Application Service Providers

More than 200 Business Support and Development Partners

1500 Labs globally More than 25,000 Channel Partners

12 Critical Enterprise Production DCs

68,000 FTEs

56,000 vendors

120,000 Windows hosts

124,000 employees worldwide

Cisco Confidential – Do Not Distribute

© 2014 Cisco and/or its affiliates. All rights reserved. 21

OpenAppID – First Open Source Security AppID OSS Application & Control

• Open App ID Language Documentation

o Accelerate identification & protection for cloud-delivered apps

• Special Snort engine with OpenAppID Preprocessor

o Detect apps on network

o Report Usage Stats, Append ‘App Name’ to IPS events

o Block apps by policy

o Snort rule language extensions to enable app specification

• Library of Open App ID Detectors

o Over 1000 new detectors to use with Snort preprocessor

o Extendable sample detectors

Available now at Snort.org

© 2014 Cisco and/or its affiliates. All rights reserved. 22

Cisco Managed Threat Defense

© 2014 Cisco and/or its affiliates. All rights reserved. 23

Cisco Partners Ecosystem and Integration

Combined API Framework

BEFORE Policy and

Control

AFTER Analysis and Remediation

Identification and Block

DURING

Infrastructure & Mobility

NAC Vulnerability Management Custom Detection Full Packet Capture Incident Response

SIEM Visualization Network Access Taps

© 2014 Cisco and/or its affiliates. All rights reserved. 24

Network Integrated,

Broad Sensor Base,

Context and Automation

Continuous Advanced Threat

Protection, Cloud-Based

Security Intelligence

Agile and Open Platforms,

Built for Scale, Consistent

Control, Management

Network Endpoint Mobile Virtual Cloud

Visibility-Driven Threat-Focused Platform-Based

Cisco’s Strategic Focus & Customer Value Intelligent Cyber security for the Real World

© 2014 Cisco and/or its affiliates. All rights reserved. 25

“If the attackers know more than you do

about your network, the battle is lost.” Martin Roesch

Founder & CTO, Sourcefire

VP, Chief Architect, Cisco Security Group

© 2014 Cisco and/or its affiliates. All rights reserved. 26

Thank You

Security Sales Manager – Indochina

+668 6900 7667

sassawas@cisco.com

Sutee Assawasoontarangkoon