Cisco tec chris young - security intelligence operations
-
Upload
cisco-public-relations -
Category
Technology
-
view
1.222 -
download
2
Transcript of Cisco tec chris young - security intelligence operations
![Page 1: Cisco tec chris young - security intelligence operations](https://reader030.fdocuments.net/reader030/viewer/2022032700/55d4df32bb61eb092a8b4686/html5/thumbnails/1.jpg)
1 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
Cisco Innovation Security Intelligence Operations (SIO)
Chris Young, SVP, Security & Government
Lee Jones, Principal Engineer, Security Applications
Technical Editors Day May 24, 2012
![Page 2: Cisco tec chris young - security intelligence operations](https://reader030.fdocuments.net/reader030/viewer/2022032700/55d4df32bb61eb092a8b4686/html5/thumbnails/2.jpg)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential. 2
1990 2000 2010
NAC Pioneer
Reputation Pioneer
SaaS Leader 1st Switch
Security Blade
1st Dual-Mode VPN Client
1st Router Integrated Security
Launch SecureX Strategy
Identity Services Engine
| |
Cybercriminals Capitalize on Disaster
![Page 3: Cisco tec chris young - security intelligence operations](https://reader030.fdocuments.net/reader030/viewer/2022032700/55d4df32bb61eb092a8b4686/html5/thumbnails/3.jpg)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential. 3
MOBILITY
THE NETWORK
COLLABORATION
SECURITY
THREAT LANDSCAPE
CLOUD
![Page 4: Cisco tec chris young - security intelligence operations](https://reader030.fdocuments.net/reader030/viewer/2022032700/55d4df32bb61eb092a8b4686/html5/thumbnails/4.jpg)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential. 4
![Page 5: Cisco tec chris young - security intelligence operations](https://reader030.fdocuments.net/reader030/viewer/2022032700/55d4df32bb61eb092a8b4686/html5/thumbnails/5.jpg)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential. 5
![Page 6: Cisco tec chris young - security intelligence operations](https://reader030.fdocuments.net/reader030/viewer/2022032700/55d4df32bb61eb092a8b4686/html5/thumbnails/6.jpg)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential. 6
![Page 7: Cisco tec chris young - security intelligence operations](https://reader030.fdocuments.net/reader030/viewer/2022032700/55d4df32bb61eb092a8b4686/html5/thumbnails/7.jpg)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential. 7
![Page 8: Cisco tec chris young - security intelligence operations](https://reader030.fdocuments.net/reader030/viewer/2022032700/55d4df32bb61eb092a8b4686/html5/thumbnails/8.jpg)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential. 8
Compliance (GRC)
Ecosystem (Partners & Providers)
Services (TS, AS, Partner)
Network (Enforcement)
Secure Unified
Access
Enabling
Endpoint
Transformation
Protecting
Network
Edges
Threat
Defense
Securing
Cloud
Transition
Virtualization
& Cloud
Application
Visibility & Control
Authorizing
Content
Usage
Threat Intelligence (Visibility)
Contextual Policy
Management
![Page 9: Cisco tec chris young - security intelligence operations](https://reader030.fdocuments.net/reader030/viewer/2022032700/55d4df32bb61eb092a8b4686/html5/thumbnails/9.jpg)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential. 9
Detect Accurately
Protect Holistically
Adapt Continuously
![Page 10: Cisco tec chris young - security intelligence operations](https://reader030.fdocuments.net/reader030/viewer/2022032700/55d4df32bb61eb092a8b4686/html5/thumbnails/10.jpg)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential. 10
Threat Operations Center SensorBase Dynamic Updates
![Page 11: Cisco tec chris young - security intelligence operations](https://reader030.fdocuments.net/reader030/viewer/2022032700/55d4df32bb61eb092a8b4686/html5/thumbnails/11.jpg)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential. 11
Threat Operations Center Dynamic Updates
13B 150M 35%
GLOBALLY DEPLOYED DEVICES
1.6M DATA RECEIVED PER DAY
75 TB
WEB REQUESTS GLOBALLY DEPLOYED ENDPOINTS WORLDWIDE EMAIL TRAFFIC
SensorBase
![Page 12: Cisco tec chris young - security intelligence operations](https://reader030.fdocuments.net/reader030/viewer/2022032700/55d4df32bb61eb092a8b4686/html5/thumbnails/12.jpg)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential. 12
Threat Operations Center
24x7x365 $100M OPERATIONS SPENT IN DYNAMIC RESEARCH
AND DEVELOPMENT
600 40+ 80+ ENGINEERS, TECHNICIANS AND RESEARCHERS
LANGUAGES Ph.D.s, CCIE, CISSPs, MSCEs
![Page 13: Cisco tec chris young - security intelligence operations](https://reader030.fdocuments.net/reader030/viewer/2022032700/55d4df32bb61eb092a8b4686/html5/thumbnails/13.jpg)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential. 13
Dynamic Updates
70 200 8M
IPS SIGNATURES PRODUCED
5,500+
PUBLICATIONS PRODUCED PARAMETERS TRACKED RULES per DAY
MIN UTE UPDATES
3 to 5
![Page 14: Cisco tec chris young - security intelligence operations](https://reader030.fdocuments.net/reader030/viewer/2022032700/55d4df32bb61eb092a8b4686/html5/thumbnails/14.jpg)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential. 14
Malware
Distributing Site
Directed
Attack
Spam with
Malicious Attachment
SensorBase Threat Operations Center Dynamic Updates
![Page 15: Cisco tec chris young - security intelligence operations](https://reader030.fdocuments.net/reader030/viewer/2022032700/55d4df32bb61eb092a8b4686/html5/thumbnails/15.jpg)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential. 15
Co
mp
eti
tors
C
onte
nt O
nly
C
isc
o S
IO
Conte
nt +
Conte
xt
9:25am 9:45am 10:30am
![Page 16: Cisco tec chris young - security intelligence operations](https://reader030.fdocuments.net/reader030/viewer/2022032700/55d4df32bb61eb092a8b4686/html5/thumbnails/16.jpg)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential. 16
Phishing
SIO
Content
Security
(WSA/ESA)
Network
Security
(IPS/ASA) Users
![Page 17: Cisco tec chris young - security intelligence operations](https://reader030.fdocuments.net/reader030/viewer/2022032700/55d4df32bb61eb092a8b4686/html5/thumbnails/17.jpg)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential. 17
Internal & 3rd Party Feeds
• Best of the threat intelligence ecosystem:
• Visibility into criminal networks
• Leading AV Scanners
• ISPs, Hosting Providers, Registrars, etc.
Same infrastructure was
used for other attacks
Haiti Spear Phishing
![Page 18: Cisco tec chris young - security intelligence operations](https://reader030.fdocuments.net/reader030/viewer/2022032700/55d4df32bb61eb092a8b4686/html5/thumbnails/18.jpg)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential. 18
Depth of SensorBase
• Visibility into the widest threat telemetry database in the industry
• Sensors in network security infrastructure and endpoints
• History of domain registration
• Information across web, email and IPS/ASA
Haiti Spear Phishing
Spike in spear phishing volume and malicious web traffic
![Page 19: Cisco tec chris young - security intelligence operations](https://reader030.fdocuments.net/reader030/viewer/2022032700/55d4df32bb61eb092a8b4686/html5/thumbnails/19.jpg)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential. 19
Reputation
• Determine risk of zero-day threats through a web of connections
• Global data correlation across:
• Source IP
• Hosts
• Registrars and more
Haiti Spear Phishing
Reputation filters tripped early, preventing the mutating threat from
gaining traction
![Page 20: Cisco tec chris young - security intelligence operations](https://reader030.fdocuments.net/reader030/viewer/2022032700/55d4df32bb61eb092a8b4686/html5/thumbnails/20.jpg)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential. 20
Change is constant:
Signatures
Domains
Hosts
Registrars
Content
Blended attacks
Multiple vectors
Sophisticated
Persistent
Evolving
Block at the connection level with content
and context.
No matter when an attack comes in through
any avenue
![Page 21: Cisco tec chris young - security intelligence operations](https://reader030.fdocuments.net/reader030/viewer/2022032700/55d4df32bb61eb092a8b4686/html5/thumbnails/21.jpg)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential. 21
SensorBase Threat Operations Center Dynamic Updates
![Page 22: Cisco tec chris young - security intelligence operations](https://reader030.fdocuments.net/reader030/viewer/2022032700/55d4df32bb61eb092a8b4686/html5/thumbnails/22.jpg)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential. 22
![Page 23: Cisco tec chris young - security intelligence operations](https://reader030.fdocuments.net/reader030/viewer/2022032700/55d4df32bb61eb092a8b4686/html5/thumbnails/23.jpg)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential. 23
Header
Body of Objects
Cross-Ref Table
Trailer
AV Scanners
scan the file.
Based on
industry-leading
signatures, it is a
clean file
![Page 24: Cisco tec chris young - security intelligence operations](https://reader030.fdocuments.net/reader030/viewer/2022032700/55d4df32bb61eb092a8b4686/html5/thumbnails/24.jpg)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential. 24
After inspection
we find
• Security Feeds
• Geolocation
• Registrant Info
• Registrar
• Traffic Volume
and Age
• Sensor Info