© 2019 cisco and/or its affiliates. all rights reserved ... · digital transformation workforce...
TRANSCRIPT
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public.
Bing Reaport
Cybersecurity Specialist
Protecting what’s now and what’s next
Cisco Security
Workplace
desktops
Business
apps
Critical
infrastructure
How IT was built
Internet
Business appsSalesforce, Office 365,
G Suite, etc.
Branch office
Critical infrastructureAmazon, Rackspace,
Windows Azure, etc.
Roaming laptops
Workplace
desktops
Business
apps
Critical
infrastructure
Internet
Infrastructure has changed
ComplianceWorkforce mobilityDigital transformation Risk management
Global scaleCloud adoption Application workloads
Infrastructure demands a lot from security teams
The way we use the NETWORK is changing
The security industry isn’t making it any easier
3000+Cybersecurity vendors globally
75Average security tools per enterprise environment
91%Of security leaders think integration is a significant challenge
Threats are more numerous and complex
Threats are using encryption to evade detection
More IoT devices connect everyday
Users work anywhere across many devices
By 2020, 2/3rds of all IP traffic will come from wireless and mobile devices
The Problem: Digitization complicates visibilityMarket demands have taken the network beyond your perimeter
Over 20B connected “things" will be in use by 2020
Companies experienced a 27.4% average increase in security
breaches in 2017
3X increase in encrypted communication from malware in a
12-month period
Have you been compromised?How and when would you know?
You have already made a lot of investment in network and security
…yet threats are getting through.
How prepared are your customers for a breach?
Time
Late detection
High impact
Early detection
Low impact
1 in 4Risk of a major breach in the next 24 months
There are 3 questions that can determine your breach preparedness –
• Do you know if your network has already been breached?• Can you easily determine the cause of the breach?• Can you contain the potential impact and effects of the breach?
Customer Journey
Customer struggles with...
User trust and identity
Too much malware getting
in?
Takes too long to detect a breach?
Manual investigation is too difficult?
Too long to remediate the
issue?
Isn’t it time for network + security solutions to act as a team?
See everything
Transform the network into a powerful security sensor for complete visibility
Cisco Security: Network + SecurityActivate your infrastructure for more holistic security
Contain and isolate threats
Dynamically enforce software-defined segmentation based on business roles
Detect encrypted threats
Use advanced analytics to automatically detect encrypted threats
without decryption
Understand behavior
Identify host role and monitor behavior without endpoint agents
Visibility: The Network Sees Everything
Network Servers
Operating Systems
Routers and
Switches
Mobile Devices Printers
VoIP Phones
Virtual Machines
Client Applications
Files
Users
Web Applications
Application Protocols
Services
Malware
Command and Control
Servers
VulnerabilitiesNetFlow
NetworkBehavior
Processes
You can not hide from the network!
Network
Usxaers
HQ
Data Center
Admin
Branch
SEE
every conversation
Understand what
is NORMAL
Be alerted to
CHANGE
KNOW
every host
Respond to
THREATS quickly
Effective security depends on total visibility
Roaming Users
Cloud
CiscoSecurity Platform
Network
Endpoint
Cloud
Application
Managementand Response
Continuous Trust Verification
Constant Threat Intelligence
The Cisco Security Platform
Industry-leading threat intelligence. The largest threat detection network in the world.
250+Full Time Threat Intel Researchers
MILLIONSOf Telemetry Agents
4Global Data Centers
1100+Threat Traps
100+Threat Intelligence Partners
THREAT INTEL
1.5 MILLIONDaily Malware Samples
600 BILLIONDaily Email Messages
16 BILLIONDaily Web Requests
Honeypots
Open Source Communities
Vulnerability Discovery (Internal)
Product Telemetry
Internet-Wide Scanning
20 BILLIONThreats Blocked
INTEL SHARING
INTEL BR EAKDOWN
Customer Data Sharing Programs
Service Provider Coordination Program
Open Source Intel Sharing
3rd Party Programs (MAPP)
Industry Sharing Partnerships (ISACs)
500+Participants
Contextual Intelligence
1%
AutomatedAnalysis
Specialized Tools
Telemetry
Network Intrusion
s
Network Flow
Analysis
Web/URL
DNS/IP
Endpoint/
Malware
How Talos Protects Customers
threats that matter
Users Endpoints
Security PortfolioBest of breed products integrated to protect all key vectors
UNMANAGED
ENDPOINTS
Network Security
Endpoint Security
Security via the cloud
MANAGED
ENDPOINTS
MANAGED
LOCATIONS
INTERNET
THE SHIFTING
PERIMETER CORPORATE
NETWORK/DATA CENTERUNMANAGED
USERS / APPS
UNMANAGED LOCATIONS
FTD –Firepower Threat DefenseEmail SecurityWeb Security
ASA / FTD / Merki
Data
CloudLockVirtual NGFW;Cloud Security Analytics Platform;Duo: MFA
Users Data Apps
SaaS APPS,
PUBLIC & PRIVATE
CLOUDS
Stealthwatch / ISEINTERNAL
SUBNET/VLANS
Umbrella:
Secure Internet
Gateway
VPN
AMP Endpoint Security and Roaming Protection;
Cloud-managed network security, cloud–managed UTM, Cloud Threat Analytics and Sandboxing, Cloud Email Security
CISCO SECURITY
AS A SERVICE
IoT
Cloud Security
Cisco Security Platform Strategy
Firepower Threat Defense
My team can answer questions faster about observables.
• Unknown disposition.
• See how it affects organization.
• Get details of program executing.
My team can block and unblock domains from Cisco Threat Response.
• Execute block from Cisco Threat Response.
• Block is effected in Cisco Umbrella.
• API integration to block and unblock.
My team can block and unblock file executions from Cisco Threat Response.
• Execute block from Cisco Threat Response.
• Block is effected in Cisco AMP for Endpoints.
• And, via AMP Unity feature: NGFW, WSA, ESA, etc
• API integration to block and unblock.
My team can hunt for an observable associated with a known actor and see organizational impact.
• Targets affected
• Additional IPs connected
• Programs associated
My team can save a point in time snapshot of our investigations for further analysis.
• Point in time
• Reference
• Launch point for subsequent investigations
Secure Multicloud
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public.
Cisco Secure Internet Gateway
It all starts with DNS
Umbrella
Cisco.com 72.163.4.161
DNS = Domain Name System
First step in connecting to the internet
Precedes file execution and IP connection
Used by all devices
Port agnostic
Cisco Umbrella
Built into the foundation of the internet
Intelligence to see attacks before launched
Visibility and protection everywhere
Enterprise-wide deployment in minutes
Integrations to amplify existing investments
Cloud security platform
Malware
C2 Callbacks
Phishing
208.67.222.222
Malware
C2 Callbacks
Phishing
Benefits
Block malware before it hits the enterprise
Contains malware if already inside
Internet access is faster
Provision globally in minutes
Where does Umbrella fit?
HQ
Sandbox
NGFW
Proxy
Netflow
AV AV
BRANCH
Router/UTM
AV AV
First line
AV
ROAMING
Built into foundation of the internet
Umbrella provides:
Connection for safe requests
Prevention for user and malware-initiated connections
Proxy inspection for risky domains
Safe request
Blocked request
Cisco Talos feeds
Cisco WBRS
Partner feeds
Custom URL block list
Requests for “risky” domainsSelective proxy
URL inspection
File inspectionAV Engines
Cisco AMP
Cloud-delivered firewall
Capabilities: • Content and security controls via DNS• IP, port, and protocol controls on outbound traffic• IP obfuscation• Activity logging
Use cases: • Address guest wi-fi concerns related to infected
devices, inappropriate content like pornography, and peer-to-peer file sharing services
• Secure IaaS dev environment concerns without backhauling traffic to corporate firewall IPsec Tunnel
Example Source IP: 70.149.x.x
Guest Networks
Umbrella
Internet
Source IP: 146.112.x.x (Umbrella)
DNS
NAT
FWPROXY
Data
• Cisco Talos feed of malicious
domains, IPs, and URLs
• Umbrella DNS data —
180B requests per day
Security researchers
• Industry renown researchers
• Build models that can
automatically classify and
score domains and IPs
Models
• Dozens of models continuously
analyze millions of live events
per second
• Automatically uncover malware,
ransomware, and other threats
Intelligence to see attacks before launched
Intelligence
Co-occurrence modelIdentifies other domains looked up in rapid succession of a given domain
Natural language processing modeldomain names that spoof terms and bDetectrands
Spike rank modelDetect domains with sudden spikes in traffic
Predictive IP space monitoringAnalyzes how servers are hosted to detect future malicious domains
2M+ live events per second
11B+ historical events
Statistical models
Data centers co-located at major IXPs
31data centers worldwide
Visibility and protection for all activity, anywhere
Branch
Roaming
ALL PORTS AND PROTOCOLS
ON-NETWORK
OFF-NETWORK
Umbrella
All office locations
Any device on your network
Roaming laptops and supervised iOS devices
Every port and protocol Supervised iOS devices
HQ
BYOD
IoT
Enterprise-wide coverage in minutes, not months
ANY DEVICE ON NETWORK
ROAMING / MOBILE
On-network coverage
With one setting change
Integrated with Cisco SD-WAN, Cisco ISR 1K and 4K series, Cisco Meraki MR, and Cisco WLAN controllers
Off-network laptop coverage
With AnyConnect VPN client integration
Or with any VPN using lightweight Umbrella client
Or with Umbrella Chromebook client
Off-network mobile coverage
With Cisco Security Connector
BRANCH OFFICES
Cisco Cloud Access Security
Perimeter security used to be effective
Headquarters Branch offices
By 2020, 92% of global data center traffic will come from the cloud.Cisco® Global Cloud Index (GCI)
The very nature of network traffic has changedContent created in the cloud
Cloud-to-cloud traffic
Your challenges
Malware and
ransomware
Compromised
accounts and
malicious insiders
Gaps in visibility
and coverage
Data breaches
and compliance
HQ BranchRoaming user
Security challenges have evolved
Users Data Apps
SaaS
Key questions organizations have
ApplicationsDataUsers/Accounts
▪ Who is doing what in
my cloud applications?
▪ How do I detect account
compromises?
▪ Are malicious insiders
extracting information?
▪ Do I have toxic and
regulated data in the cloud?
▪ Do I have data that is being
shared inappropriately?
▪ How do I detect policy
violations?
▪ How can I monitor app
usage and risk?
▪ Do I have any 3rd party
connected apps?
▪ How do I revoke risky apps?
More than 24,000 files per organization publicly accessibleData exposure per organization
Accessible by
external collaborators
Accessible publicly
Accessible
organization-wide
2%
10%
12%
24,000 filespublicly accessible per organization
of external sharing done with
non-corporate email addresses70%
Source: Cloudlock CyberLab
Without CASB, companies are blind to the most obvious malicious traffic
User
Here’s an example of why you need cloud user security
North America9:00 AM ETLogin
Africa10:00 AM ETData export▪ Distance from the US
to the Central African
Republic: 7362 miles
▪ At a speed of 800 mph,
it would take 9.2 hours
to travel between them
In one hour
There’s a better way
Cisco Cloudlock addresses organizations’ most critical cloud security use cases
Discover and Control
User and Entity
Behavior Analytics
Cloud Data Loss
Prevention (DLP)Apps Firewall
OAuth Discovery and
Control
Shadow IT
Data Exposures
and Leakages
Privacy and
Compliance Violations
Compromised
Accounts
Insider Threats
CASB
Visibility
Data Security
Compliance
Threat Prevention
How Does it Work?
Cloud
Infrastructure
Client InfrastructureOn-premise or off-premise
Application Access
Public APIs
CASB - API Access (Cloud to Cloud)
Unmanaged
Users
Unmanaged
Devices
Unmanaged
Network
Remote Users
Cisco NGFW / Umbrella
Managed
Users
Managed
Devices
Managed
Network
On-Premise Networks
Cloudlock has over 80 pre-defined policies
PII
▪ SSN/ID
numbers
▪ Driver license
numbers
▪ Passport
numbers
Education
▪ Inappropriate
content
▪ Student loan
application
information
▪ FERPA
compliance
General
▪ Email address
▪ IP address
▪ Passwords/
login
information
PHI
▪ HIPAA
▪ Health
identification
numbers
(global)
▪ Medical
prescriptions
PCI
▪ Credit card
numbers
▪ Bank account
numbers
▪ SWIFT codes
Cisco Multifactor Authentication
© 2019 Cisco and/or affiliates. All rights reserved. | CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC.
Three Customer Jobsto Be Done
1. Verify User Trust
2. Verify Device Trust
3. Access Controls
© 2019 Cisco and/or affiliates. All rights reserved. | CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC.
User Trust
Establishuser trustwith MFA
Key Driver: Meet Compliance Requirements
Meet MFA
requirements
outlined in PCI-
DSS 3.2
Section 8.3
Helps meet NIST
800-63 and 800-
171 access
security
requirements
Meet DEA’s EPCS
requirements
when approving e-
prescriptions
Aligned with
GDPR data
protection laws
in Europe
Meet FFIEC
requirements for
financial
applications
Get visibility
into personal
devices used to
access PHI
Every security best practices guide and regulation asks for MFA and device visibility
Security Risks Persist with Traditional MFA
of breaches leverage
stolen or weak passwords
81%
Source: Verizon 2018 Data Breach Investigations Report
● Compromised credentials
is a major security risk
● Cumbersome tokens and
one-time passwords;
not user friendly
World’s Easiest and Most Secure MFA
● Instantly integrates with all apps
● Users self-enroll in minutes
● Users authenticate in seconds; no codes to enter
© 2019 Cisco and/or affiliates. All rights reserved. | CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC.
Device TrustAssess the healthand security postureof any device
Compromised Devices Can Access Your Data
of vulnerabilities exploited
will be ones known by security
team for at least one year
(through 2021)
99%
Source: Gartner, Dale Gardner, 2018 Security Summit
● Attackers exploit known
vulnerabilities
● Patching devices (especially user
owned) is complex
● End users continue to access data
from potentially vulnerable devices
● Accessing critical data from
vulnerable devices can be risky
Verify Trust for Any DeviceLimit Access to Compliant Devices
● Identify corporate-owned & BYOD
● Verify if devices are out-of-date and potentially vulnerable to security risks
● Block devices access to critical applications
● Apply policies consistently for any device platform: Windows, MacOS, iOS & Android
End users get just-in-time notification
about
out-of-date OS, browsers, Flash and
Java
If users do not update by a certain
day,
the endpoints are blocked
Improve Security Posture by Informing the User
Learn more about self remediation
Secure Web Gateway
Magic Quadrant 2018
Challenger
Zero TrustForrester Wave
2018Strong
Performer
Email Security Forrester Wave
2019Leader
Endpoint SecuritySuites Forrester
Wave 2018Visionary
Built by a recognized leader
Enterprise Network Firewall Magic Quadrant
2018Leader
Defending 100% of Fortune 100 companies every day
Thank you© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public.