Advanced Malware Protection - Cisco€¦ · convert No change Changing Business Models Dynamic...
Transcript of Advanced Malware Protection - Cisco€¦ · convert No change Changing Business Models Dynamic...
Advanced Malware Protection
Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
How would you do security
differently if you knew you
were going to be hacked?
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Security Challenges No change convert
Changing Business Models
Dynamic Threat Landscape
Complexity and Fragmentation
A community that hides in plain sight avoids detection and attacks swiftly
60% of data is stolen in HOURS
54% of breaches remain undiscovered for
MONTHS
YEARS MONTHS WEEKS HOURS START
85% of point-of-sale intrusions
aren’t discovered for WEEKS
51% increase of companies reporting a $10M loss
or more in the last YEAR
complete
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
The Reality: Organizations Are Under Attack
Source: 2014 Cisco Annual Security Report
95% of large companies targeted by malicious traffic 100% of organizations interacted
with websites hosting malware
2000 1990 1995 2005 2010 2015 2020 Viruses 1990–2000
Worms 2000–2005
Spyware and Rootkits 2005–Today
APTs Cyberware Today +
Hacking Becomes an Industry
Sophisticated Attacks, Complex Landscape
Phishing, Low Sophistication
§ Cybercrime is lucrative, barrier to entry is low § Hackers are smarter and have the resources to compromise your organization
§ Malware is more sophisticated § Organizations face tens of thousands of new malware samples per hour
AMP – Advanced Malware Protection
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
The Full Attack Continuum
BEFORE Discover Enforce Harden
DURING Detect Block
Defend
AFTER Scope
Contain Remediate
Network Endpoint Mobile Virtual Email & Web
Continuous Point-in-time
Attack Continuum
Cloud
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Point-in-Time Malware Detection Alone is not 100% Effective
It will catch But only takes 99% 1% of threats to cause a breach
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco AMP Defends With Retrospective Security
To be effective, you have to be everywhere
Continuously
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
AMP provides contextual awareness and visibility that allows you to take control of an attack before it causes damage
Who
What
Where
When
How
Focus on these users first
These applications are affected
The breach impacted these areas
This is the scope of exposure over time
Here is the origin and progression of the threat
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco’s AMP Everywhere Strategy Means Protection Across the Extended Network
MAC
AMP for Networks
PC
AMP for Cloud Web Security
& Hosted Email
CWS
Virtual
AMP on Web & Email Security Appliances
Mobile
AMP on ASA Firewall with FirePOWER
Services
AMP for Endpoints
AMP Private Cloud Virtual Appliance
AMP Threat Grid Dynamic Malware Analysis + Threat Intelligence Engine
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
NSS Labs Report Comparative Testing on Breach Detection Systems
Who is NSS Labs? NSS Labs, one of the best and most thorough independent testing bodies in the industry, performed comparative testing on Breach Detection Systems.
What was measured? Security Effectiveness of Breach Detection Systems • HTTP/Email Malware, Exploits, Evasions, and False
Positive Rate Total Cost of Ownership per protected Mbps
What Cisco-Sourcefire products were tested?
AMP Everywhere • AMP for Networks and AMP for Endpoints (TCO
calculations include this set of FireAMP connectors) • FirePOWER 8120 (with AMP subscription)*
What competitor products were evaluated?
FireEye, AhnLab, Fortinet, TrendMicro, Fidelis
BDS Methodology v1.5
[The methodology] utilizes real threats and attack methods that exist in the wild and are actually being used by cyber-criminals and other threat actors. This is the real thing, not facsimile; systems under test (SUT) are real stacks connected to a live internet feed.
--NSS Labs
*Dedicated AMP Appliances (AMP8150/AP7150) were not shipping at the time of the test, otherwise one would have been used
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Secu
rity
Effe
ctiv
enes
s
TCO per Protected-Mbps
The Results Cisco AMP is a Leader in Security Effectiveness and TCO and offers Best Protection Value
Cisco Advanced Malware Protection
Best Protection Value
99.0% Breach Detection
Rating
Lowest TCO per Protected-Mbps
Other Products Do Not Provide Retrospective Security After a
Breach
NSS Labs Security Value Map (SVM) for Breach Detection Systems
Security Effectiveness
Overall Product Ratings
Cisco-Sourcefire AMP Results – For Detection Capability Only
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Business Impact Summary
• Better Protection: Before, During, After
• Better Visibility and Control
• Better Intelligence
• Faster Response
• Save Money, Time
• Protect Resources and Maintain Business Critical Functions
• Lowest TCO and Highest Security Leadership (NSS Labs)
AMP Case Studies
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Are you able to defend against advanced malware?
1
2
3
Can you detect advanced malware in web and email?
Assess your current level of network protection
Assess your current level of endpoint protection
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Block Threats Before They Breach
Challenge
Experienced security team of 7 supporting over 120 locations needed greater intelligence to quickly identify and stop threats. Current defenses alerted personnel and logged details but did nothing to aid investigation of the issue.
Solution Augmented intrusion prevention systems with FireAMP for Endpoint.
Result
After installation of FireAMP, a targeted attack was identified and remediated in half a day. 7 days after the initial attack, new business processes and intelligences implemented by FireAMP resulted in the immediate mitigation of a second targeted attack.
BEFORE
Bank Case Study
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Identify Scope And Remediate Impact After Breach
Challenge The company is a frequent victim of spear fishing campaigns with indications of infection emanating from multiple sources.
Solution Added FireAMP to a system already using FirePOWER to enable them to track and investigate suspicious file activity.
Result
The company gained complete visibility into their malware infections, determined the attack vector, assessed the impact to the network and made intelligent surgical decisions for remediation in a fraction of the time than it would take to respond manually.
AFTER Power Utility Case Study
AMP- Demo