Idc security roadshow may2015 Adrian Aron
•Download as PPTX, PDF•
0 likes•884 views
Idc security roadshow may2015 Adrian Aron
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Idc security roadshow may2015 Adrian Aron
Similar to Idc security roadshow may2015 Adrian Aron (20)
More from Dejan Jeremic
More from Dejan Jeremic (20)
Recently uploaded
Recently uploaded (20)
Idc security roadshow may2015 Adrian Aron
- 1. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 CyberSecurity today Adrian Aron Security Sales Cisco Systems Romania
- 2. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 Behind the Headlines © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
- 3. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 Industrialization of Hacking There is a multi-billion dollar global industry targeting your prized assets $450 Billion to $1 TrillionSocial Security $1 Mobile Malware $150 $Bank Account Info >$1000 depending on account type and balance Facebook Accounts $1 for an account with 15 friends Credit Card Data $0.25-$60 Malware Development $2500 (commercial malware) DDoS DDoS as A Service ~$7/hour Spam $50/500K emails Medical Records >$50 Exploits $1000- $300K © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
- 4. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 IT Sprawl $ 3.3 55% Mobile Devices Per Knowledge Worker* IP Traffic Mobile by 2017** 545 44% Cloud Cloud Apps Per Organization* Annual Cloud Workload Growth*** Growth in M2M IP Traffic 2013–18** 50B Connected “Smart Objects” by 2020* 36X IoE
- 5. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 Strategic Imperatives Network-Integrated, Broad Sensor Base, Context and Automation Continuous Advanced Threat Protection, Cloud-Based Security Intelligence Agile and Open Platforms, Built for Scale, Consistent Control, Management EndpointNetwork Mobile Virtual Cloud Visibility-Driven Threat-Focused Platform-Based
- 6. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 Infrastructure as a sensor, selfdefending, selfhealing architecture Advanced Malware protection everywhere ! Big Data analytics and forensics with Open SoC How Cisco is protecting © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
- 7. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 ACompany with a Digital Overlay The security architecture impact Geo distributed firewall clusters Switching Wired & WiFi Routing Secure Datacenter interconnect Dynamic Multipoint Corelated Full sample Netflow MDM enforced Cloud security Unified Access for Unified Security Policy IPv6 complete security Hardened 802.1x MacSEC REMOTE BRANCHES DATACENTER PARTNERS REMOTE SECURE SECURE vDC PARTNERS TRUSTED Intelligent sensors VPN Physical access BYoD Cisco architecture for security Cloud, On-premises, Collective & Collaborative PxGrid REST identity BRANCHES CONTAINED TrustSEC with
- 8. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Security capable infrastructure Attack Continuum Discover Enforce Harden Detect Block Defend Scope Contain Remediate Firewall NGFW NAC + Identity Services VPN UTM NGIPS Web Security Email Security Advanced Malware Protection Network Behavior Analysis Malware Sandboxing
- 9. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 Advanced Malware protection everywhere ! How Cisco is protecting © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
- 10. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 Continuous Protection when advanced malware evades point-in-time detection Antivirus Sandboxing Initial Disposition = Clean Point-in-time Detection Initial Disposition = Clean AMP Actual Disposition = Bad = Too Late!! Not 100% Analysis Stops Sleep Techniques Unknown Protocols Encryption Polymorphism Actual Disposition = Bad = Blocked Retrospective Detection, Analysis Continues
- 11. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 AMP, the secret sauce Collective Security Intelligence SPERO Uses AI methods for real-time discovery of malware based on environment and behavior. Uses periodic review of Big Data store to implement retrospection ONE-TO-ONE Catches “well known” malware through use of primary SHA match. Equivalent to a signature- based system. ETHOS Catches families of malware through use of “fuzzy hashes” embedded in the Feature Print. Counters malware evasion by “bit-twiddling”. ADVANCED ANALYTICS Integrates heuristics from the malware environment, the Big Data store, ETHOS and SPERO to clarify the outcome of a marginal conviction
- 12. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 AMP Everywhere Strategy Means Protection Across the Extended Network MAC AMP for Networks PC AMP for Cloud Web Security & Hosted Email CWS Virtual AMP on Web & Email Security Appliances Mobile AMP on ASA Firewall with FirePOWER Services AMP for Endpoints AMP Private Cloud Virtual Appliance AMP Threat Grid Dynamic Malware Analysis + Threat Intelligence Engine
- 13. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 Big Data analytics and forensics with Open SoC How Cisco is protecting © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
- 14. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 AMP Everywhere, down to the smallest scale
- 15. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
- 16. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
- 17. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
- 18. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 Why Cisco ? 1.6 Million sensors globally 100 TB data received every day 150+ Million IP terminals 600 engineers, tehnicians and security researchers 35% world wide emails inspected 6+ Mld $ invested in research and development TALOS – Global Operation center for CyberSecurity 10 Million files inspected everyday Email PCs MACs Web Networks IPS mobile WWW Arhitecture Solutions IT building blocks Rezults Network Data Center Colaboration Security 13 Mld web request inspected 24x7x365 operations 4.3 Mld web attacks blocked / day 40+ programming languages 1.1 Million malware samples analysed / day Advanced Malware Protection and Snort Community (AMP) Intelligent infrastructure Secure infrastructure & Continuous defence Intelligent cities Conformity & Security Business operations Education and Health Production Public Administratio n
- 19. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 Thank You
Editor's Notes
- You are not alone with your concerns about cyber security. Everyday another headlines highlight another breach resulting in data loss and lost to business are becoming a weekly if not dally occurrence. Security is top of mind for all organizations, rising up to top executives. What is behind tis dramatic shift in out IT landscape? [CLICK]
- Today’s cybercriminals are more sophisticated and backed by a multi-billion dollar industry that has been monetized where data and malware are being commoditized. With this their tactics have changed. They are not looking for quick wins, but long-term payouts. Adapting from attacking an individual computer or person and are now aiming to capture the full power of your infrastructure, to gain a long-term return on their investment . What have we done in response? Add individual point in time security solutions to stop individual problems. Now we’re stuck dealing with complexity and fragmentation that has created gaps in our security and reduced visibility .
- For One: Organizations have been quick to evolve with IT innovations. Capturing the benefits of [CLICK] mobility, [CLICK] cloud and the IoT. These new business models have resulted in a new domain in a connect “any to any” environment. The modern extended network is sprawling your perimeter and assets across many entry points. And has created a dynamic threat landscape that cyber criminals are exploiting . With the shortage of IT security professionals compiled with a culture of “putting your head in the sand” and crossing your fingers around a cyber attack is rapidly becoming a strategy you can longer afford. We know it’s not a matter of if, but when you will be attacked. Why ?
- We need to be threat–centric, and think like an attacker. Why? You are up against a highly motivated and compensated workforce. Who are using advances in technology, changing business models and user behaviors to their advantage . The dynamic threat landscape is demanding an adapt or die strategy. We think like you do. We have taken a threat–centric approach in creating our cybersecurity solutions to tackle your biggest issues .
- IN CLOSING, CISCO SECURITY NOW HAS THE INDUSTRY’S MOST COMPREHENSIVE ADVANCED THREAT PROTECTION COVERING THE ENTIRE ATTACK CONTINUUM AND THE INDUSTRY’S BROADEST SET OF ENFORCEMENT AND REMEDIATION OPTIONS AT ATTACK VECTORS WHERE THREATS MANIFEST THE CISCO SECURITY PRODUCT PORTFOLIO HAS SPECIFIC PLATFORM BASED SOLUTIONS TO SOLVE YOUR CURRENT PROBLEMS, BUT ALSO INTEGRATE INTO AN OVERALL SECURITY SYSTEM. THEY WORK TOGETHER TO PROVIDE PROTECTION THROUGHOUT THE ATTACK CONTINUUM – BEFORE, DURING, AND AFTER AN ATTACK.
- Lets be upfront, we are not proposing that we have a magic bullet. It doesn’t exist. And those who tell you it does are only perpetuating your problem. [CLICK] You can go back to a number of “point in time” cybersecurity solutions, such as a stand-alone firewall. We too have learned and adapted to the effects of IT Sprawl, and the industrialization of hacking. Any stand-alone solution, even a firewall on its own in not sufficient in a threat-centric strategy and does not cover the entire attack continuum. What we need to stop these criminals is a security strategy that provides protection [CLICK] Before-During and After and attack. Protection across the entire attack continuum, [CLICK] that is visibility-driven, threat–focused with a platform based approach. Pervasive, continuous and always-on cybersecuirty, across the entire attack continuum . At Cisco, our mission states our intentions…intelligent cybersecurity for the real world. Not claims that we have a fantasy solution to solve your real word cyberthreats.
- We need to be threat–centric, and think like an attacker. Why? You are up against a highly motivated and compensated workforce. Who are using advances in technology, changing business models and user behaviors to their advantage . The dynamic threat landscape is demanding an adapt or die strategy. We think like you do. We have taken a threat–centric approach in creating our cybersecurity solutions to tackle your biggest issues .
- SECURITY IS ABOUT DETECTING, UNDERSTANDING AND STOPPING THREATS. USING THE FOUNDATION OF VISIBILITY YOU CAN UNDERSTAND CONTEXT AND APPLY COLLECTIVE INTELLIGENCE TO DETECT A THREAT. ONCE THREAT IS DETECTED, YOU WANT AUTOMATED ENFORCEMENT TO STOP THE THREAT. BUT WITH ZERO DAY ATTACKS AND ADVANCED THREATS, YOU MAY NOT KNOW IF SOMETHING IS GOOD OR BAD WHEN YOU SEE IT. IT IS KEY TO RECORD EVERYTHING THAT IS SEEN TO HAVE A CONTINUOUS CAPABILITY TO DETECT THREATS HOURS, DAYS OR EVEN WEEKS LATER.
- Cisco has one of the most comprehensive AMP portfolios in the market. With investment and innovation spanning over several years, our AMP Everywhere strategy means customers are protected across the extended network including PCs, Macs, mobile devices and virtual environments, through a standalone AMP appliances, as part of FirePOWER appliances for Next-Generation IPS or Next-Generation Firewall, and via Cisco Web Security Appliances, Email Security Appliances and the Cloud Web and Hosted Email Security and SaaS offers. For dynamic malware analysis and threat intelligence capabilities, you can even deploy Amp Threat Grid as a standalone appliance.
- systems deliver both file and network trajectory – Security personnel struggle to understand the broader impact, context, and spread of malware across the network and endpoints. Is the malware detection an isolated incident or were multiple systems affected? Network and file trajectory delivers the ability to track malware across the network using existing Sourcefire sensors or FireAMP connectors; providing detailed information on point of entry, propagation, protocols used, and which users or endpoints are involved, which are then followed up with detailed file trajectory analysis.
- Cisco has one of the most comprehensive AMP portfolios in the market. With investment and innovation spanning over several years, our AMP Everywhere strategy means customers are protected across the extended network including PCs, Macs, mobile devices and virtual environments, through a standalone AMP appliances, as part of FirePOWER appliances for Next-Generation IPS or Next-Generation Firewall, and via Cisco Web Security Appliances, Email Security Appliances and the Cloud Web and Hosted Email Security and SaaS offers. For dynamic malware analysis and threat intelligence capabilities, you can even deploy Amp Threat Grid as a standalone appliance.
- We need to be threat–centric, and think like an attacker. Why? You are up against a highly motivated and compensated workforce. Who are using advances in technology, changing business models and user behaviors to their advantage . The dynamic threat landscape is demanding an adapt or die strategy. We think like you do. We have taken a threat–centric approach in creating our cybersecurity solutions to tackle your biggest issues .
- Cisco has one of the most comprehensive AMP portfolios in the market. With investment and innovation spanning over several years, our AMP Everywhere strategy means customers are protected across the extended network including PCs, Macs, mobile devices and virtual environments, through a standalone AMP appliances, as part of FirePOWER appliances for Next-Generation IPS or Next-Generation Firewall, and via Cisco Web Security Appliances, Email Security Appliances and the Cloud Web and Hosted Email Security and SaaS offers. For dynamic malware analysis and threat intelligence capabilities, you can even deploy Amp Threat Grid as a standalone appliance.
- Cisco has one of the most comprehensive AMP portfolios in the market. With investment and innovation spanning over several years, our AMP Everywhere strategy means customers are protected across the extended network including PCs, Macs, mobile devices and virtual environments, through a standalone AMP appliances, as part of FirePOWER appliances for Next-Generation IPS or Next-Generation Firewall, and via Cisco Web Security Appliances, Email Security Appliances and the Cloud Web and Hosted Email Security and SaaS offers. For dynamic malware analysis and threat intelligence capabilities, you can even deploy Amp Threat Grid as a standalone appliance.
- Cisco has one of the most comprehensive AMP portfolios in the market. With investment and innovation spanning over several years, our AMP Everywhere strategy means customers are protected across the extended network including PCs, Macs, mobile devices and virtual environments, through a standalone AMP appliances, as part of FirePOWER appliances for Next-Generation IPS or Next-Generation Firewall, and via Cisco Web Security Appliances, Email Security Appliances and the Cloud Web and Hosted Email Security and SaaS offers. For dynamic malware analysis and threat intelligence capabilities, you can even deploy Amp Threat Grid as a standalone appliance.
- Cisco has one of the most comprehensive AMP portfolios in the market. With investment and innovation spanning over several years, our AMP Everywhere strategy means customers are protected across the extended network including PCs, Macs, mobile devices and virtual environments, through a standalone AMP appliances, as part of FirePOWER appliances for Next-Generation IPS or Next-Generation Firewall, and via Cisco Web Security Appliances, Email Security Appliances and the Cloud Web and Hosted Email Security and SaaS offers. For dynamic malware analysis and threat intelligence capabilities, you can even deploy Amp Threat Grid as a standalone appliance.