The Threat Centric Intelligent Cyber Security - cisco.com€¦ · Control, Management ... Scope...

The Threat Centric Intelligent Cyber Security

Diwakar Dayal [email protected]

Cisco Systems, Security

© 2014 Cisco and/or its affi l iates. All rights reserved. 3

Increased Attack Surface

APTs Cyberware

Spyware and Rootkits Worms

Antivirus

(Host-Based)

IDS/IPS

(Network Perimeter)

Reputation (Global)

and Sandboxing

Intelligence and

Analytics (Cloud)

Enterprise

Response

2010 2000 2005 Tomorrow

The Evolution of Threat Landscape


PLAN EXPLOIT / ATTACK INFECT / SPREAD STEAL / DISRUPT

Attacker determines

possible entry points,

formulates a plan of attack

Attacker exploits

vulnerabilities and delivers

its weapon

Malware moves laterally

through the internal

network in search of

additional resources and

data

Attacker takes action

on its objectives and

exfiltrates data or disrupts

systems

HACKER

The Advance Malware Attack Life Cycle


Enterprise’s 3 Biggest Security Challenges

Reduce complexity and fragmentation

of security solutions

Maintain Security and Compliance as business models change (Agility)

Increasing

Security Gap

© 2014 Cisco and/or its affiliates. All rights reserved. 6

In Spite of Layers of Defense, Breach occur

Malware is getting through control based defenses

Malware Prevention

is NOT 100%

Breach

Existing tools are labor intensive and require

expertise

Each stage represents a separate process silo attackers use to their advantage.

Attack Continuum

BEFORE Discover

Enforce

Harden

AFTER Scope

Contain

Remediate

Detect

Block

Defend

DURING


• Is now a tool for financial gain

• Uses formal Development Techniques

• Sandbox aware

• Quality Assurance to evade detection

• 24/7 Tech support available

• Has become a math problem

• End Point AV Signatures ~20 Million

• Total KNOWN Malware Samples ~100 M

• AV Efficacy Rate ~50%

Organizations Are Under Attack from APT


YEARS MONTHS

Impact of a Breach on any Organization

HOURS

Breach occurs 60% data in

breaches is stolen

in hours

54% of breaches remain

undiscovered for months

Information of up to

750 million individuals

on the black market

over last three years

START

Source: Verizon Data Breach Report 2014

Source: Verizon Data Breach Report 2012 Source: Verizon Data Breach Report 2012

Source: Verizon Data Breach Report 2012


Network-Integrated,

Broad Sensor Base,

Context and Automation

Continuous Advanced Threat

Protection, Big Data Analytics

Security Intelligence

Agile and Open Platforms,

Built for Scale, Consistent

Control, Management

Strategic Imperatives of your Security Architecture

Network Endpoint Mobile Virtual Cloud

Visibility-Driven Threat-Focused Platform-Based


BEFORE Discover Enforce Harden

DURING Detect Block Defend

AFTER Scope Contain

Remediate

Network Endpoint Mobile Virtual Email & Web

Continuous Point-in-time

New Threat-Centric Security model Attack Continuum

Cloud

Cisco Security Model provides Visibility & Control


Securing the Entire Attack Continuum

Visibility and Context

Firewall

NGFW

NAC + Identity Services

VPN

UTM

NGIPS

Web Security

Email Security

Advanced Malware Protection

Network Behavior Analysis

BEFORE Discover

Enforce

Harden

AFTER Scope

Contain

Remediate

Attack Continuum

Detect

Block

Defend

DURING


Cisco Threat Centric Solution is Unique with AMP

Visibility and Context

AMP Everywhere

BEFORE Discover

Enforce

Harden

AFTER Scope

Contain

Remediate

Attack Continuum

Detect

Block

Defend

DURING

All the Focus, until now… Continuous Capability

Advanced Analytics

Retrospective Security

+

+


= Point-in-Time + Continuous Protection

Retrospective Security

Continuous Analysis

0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110

1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00

0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00

Breadth and Control points:

File Fingerprint and Metadata

File and Network I/O

Process Information

Telemetry

Stream

Continuous feed

Web WWW

Endpoints

Network Email

Devices IPS

Point-in-Time Protection

File Reputation & Sandboxing

Dynamic

Analysis

Machine

Learning

Fuzzy

Finger-printing

Advanced

Analytics

One-to-One

Signature

Talos + Threat Grid Intelligence


Cisco’s AMP Everywhere - Protect Everything

MAC

AMP for Networks

PC

AMP for

Cloud Web Security

& Hosted Email

CWS

Virtual

AMP on Web & Email

Security Appliances

Mobile

AMP on ASA Firewall

with FirePOWER

Services

AMP for Endpoints

AMP Private Cloud

Virtual Appliance

AMP Threat Grid

Dynamic Malware Analysis +

Threat Intelligence Engine


10I000 0II0 00 0III000 II1010011 101 1100001 110

Working together to create a Security Architecture

ASA FirePOWER

Web & Email Security NGIPS

Common Identity, Policy and Context Sharing

Malware Prevention /

Sandboxing

10I000 0II0 00 0III000 II1010011 101 1100001 110

110000III000III0 I00I II0I III0011 0110011 101000 0110 00

101000 0II0 00 0III000 III0I00II II II0000I II0

100I II0I III00II 0II00II I0I000 0II0 00

Cisco

AMP

Cisco

TrustSec

Cisco Identity

Services

Cisco Collective

Security Intelligence ISE

Context-aware

Segmentation Wired/Wireless and VPN

Pervasive & Integrated

Across the Portfolio

Context Visibility

AMP Client

CTD +

Network

Integration


Customers need a complete Security Solutions

Security Services

Security Products


Advisory Integration Managed

Custom Threat Intelligence

Technical Security Assessments

Integration Services

Security Optimization Services

Managed Threat Defense

Remote Managed Services

Cisco Security Services solves customer Needs

Cisco Confidential 19 © 2014 checked by Security SEVT all members. All rights reserved.

NAC addition

Messaging and Web Security

Appliance

Cloud Security

UTM

Security Analytics

NGIPS / Anti-Malware

Sandbox

2004 2007

2009

2012

2013 2014

2015

Journey of building a strong Security Partner

http://wwwin.cisco.com/data-shared/news/articles/1/5/24014.shtml

http://wwwin.cisco.com/data-shared/cec/rendered_news/html/channels/1/5/101702.shtml




“So do any network security vendors understand data center and what’s needed to accommodate network security? Cisco certainly does.”

“Cisco is disrupting the advanced threat defense industry.”

“… AMP will be one of the most beneficial aspects of the [Sourcefire] acquisition.”

“Based on our (Breach Detection Systems) reports, Advanced Malware Protection from Cisco should be on everyone’s short list.”

2014 Vendor Rating for Security: Positive

Recognition Market

“The AMP products will provide deeper capability to Cisco's role in providing secure services for the Internet of Everything (IoE).”


Case Study: Identify & Remediate Impact After Breach

Challenge

The company is a frequent victim of spear fishing

campaigns with indications of infection emanating

from multiple sources.

Solution Added AMP to a system already using

FirePOWER appliance to enable them to track

and investigate suspicious file activity.

Result

The company gained complete visibility into their

malware infections, determined the attack vector,

assessed the impact to the network and made

intelligent surgical decisions for remediation in a

fraction of the time than it would take to respond

manually.

Power Utility Case Study

Internet of Things… and Everything

EVERY COMPANY BECOMES A TECHNOLOGY COMPANY,

EVERY COMPANY BECOMES A SECURITY COMPANY.

Thank You @diwakardayal

The Threat Centric Intelligent Cyber Security - cisco.com€¦ · Control, Management ... Scope...

Documents

Transcript of The Threat Centric Intelligent Cyber Security - cisco.com€¦ · Control, Management ... Scope...