© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public.

Bing Reaport

Cybersecurity Specialist

Protecting what’s now and what’s next

Cisco Security

Workplace

desktops

Business

apps

Critical

infrastructure

How IT was built

Internet

Business appsSalesforce, Office 365,

G Suite, etc.

Branch office

Critical infrastructureAmazon, Rackspace,

Windows Azure, etc.

Roaming laptops

Workplace

desktops

Business

apps

Critical

infrastructure

Internet

Infrastructure has changed

ComplianceWorkforce mobilityDigital transformation Risk management

Global scaleCloud adoption Application workloads

Infrastructure demands a lot from security teams

The way we use the NETWORK is changing

The security industry isn’t making it any easier

3000+Cybersecurity vendors globally

75Average security tools per enterprise environment

91%Of security leaders think integration is a significant challenge

Threats are more numerous and complex

Threats are using encryption to evade detection

More IoT devices connect everyday

Users work anywhere across many devices

By 2020, 2/3rds of all IP traffic will come from wireless and mobile devices

The Problem: Digitization complicates visibilityMarket demands have taken the network beyond your perimeter

Over 20B connected “things" will be in use by 2020

Companies experienced a 27.4% average increase in security

breaches in 2017

3X increase in encrypted communication from malware in a

12-month period

Have you been compromised?How and when would you know?

You have already made a lot of investment in network and security

…yet threats are getting through.

How prepared are your customers for a breach?

Time

Late detection

High impact

Early detection

Low impact

1 in 4Risk of a major breach in the next 24 months

There are 3 questions that can determine your breach preparedness –

• Do you know if your network has already been breached?• Can you easily determine the cause of the breach?• Can you contain the potential impact and effects of the breach?

Customer Journey

Customer struggles with...

User trust and identity

Too much malware getting

in?

Takes too long to detect a breach?

Manual investigation is too difficult?

Too long to remediate the

issue?

Isn’t it time for network + security solutions to act as a team?

See everything

Transform the network into a powerful security sensor for complete visibility

Cisco Security: Network + SecurityActivate your infrastructure for more holistic security

Contain and isolate threats

Dynamically enforce software-defined segmentation based on business roles

Detect encrypted threats

Use advanced analytics to automatically detect encrypted threats

without decryption

Understand behavior

Identify host role and monitor behavior without endpoint agents

Visibility: The Network Sees Everything

Network Servers

Operating Systems

Routers and

Switches

Mobile Devices Printers

VoIP Phones

Virtual Machines

Client Applications

Files

Users

Web Applications

Application Protocols

Services

Malware

Command and Control

Servers

VulnerabilitiesNetFlow

NetworkBehavior

Processes

You can not hide from the network!

Network

Usxaers

HQ

Data Center

Admin

Branch

SEE

every conversation

Understand what

is NORMAL

Be alerted to

CHANGE

KNOW

every host

Respond to

THREATS quickly

Effective security depends on total visibility

Roaming Users

Cloud

CiscoSecurity Platform

Network

Endpoint

Cloud

Application

Managementand Response

Continuous Trust Verification

Constant Threat Intelligence

The Cisco Security Platform

Industry-leading threat intelligence. The largest threat detection network in the world.

250+Full Time Threat Intel Researchers

MILLIONSOf Telemetry Agents

4Global Data Centers

1100+Threat Traps

100+Threat Intelligence Partners

THREAT INTEL

1.5 MILLIONDaily Malware Samples

600 BILLIONDaily Email Messages

16 BILLIONDaily Web Requests

Honeypots

Open Source Communities

Vulnerability Discovery (Internal)

Product Telemetry

Internet-Wide Scanning

20 BILLIONThreats Blocked

INTEL SHARING

INTEL BR EAKDOWN

Customer Data Sharing Programs

Service Provider Coordination Program

Open Source Intel Sharing

3rd Party Programs (MAPP)

Industry Sharing Partnerships (ISACs)

500+Participants

Contextual Intelligence

1%

AutomatedAnalysis

Specialized Tools

Telemetry

Network Intrusion

s

Network Flow

Analysis

Web/URL

DNS/IP

Endpoint/

Malware

Email

How Talos Protects Customers

threats that matter

Users Endpoints

Security PortfolioBest of breed products integrated to protect all key vectors

UNMANAGED

ENDPOINTS

Network Security

Endpoint Security

Security via the cloud

MANAGED

ENDPOINTS

MANAGED

LOCATIONS

INTERNET

THE SHIFTING

PERIMETER CORPORATE

NETWORK/DATA CENTERUNMANAGED

USERS / APPS

UNMANAGED LOCATIONS

FTD –Firepower Threat DefenseEmail SecurityWeb Security

ASA / FTD / Merki

Data

CloudLockVirtual NGFW;Cloud Security Analytics Platform;Duo: MFA

Users Data Apps

SaaS APPS,

PUBLIC & PRIVATE

CLOUDS

Stealthwatch / ISEINTERNAL

SUBNET/VLANS

Umbrella:

Secure Internet

Gateway

VPN

AMP Endpoint Security and Roaming Protection;

Cloud-managed network security, cloud–managed UTM, Cloud Threat Analytics and Sandboxing, Cloud Email Security

CISCO SECURITY

AS A SERVICE

IoT

Cloud Security

Cisco Security Platform Strategy

Firepower Threat Defense

My team can answer questions faster about observables.

• Unknown disposition.

• See how it affects organization.

• Get details of program executing.

My team can block and unblock domains from Cisco Threat Response.

• Execute block from Cisco Threat Response.

• Block is effected in Cisco Umbrella.

• API integration to block and unblock.

My team can block and unblock file executions from Cisco Threat Response.

• Execute block from Cisco Threat Response.

• Block is effected in Cisco AMP for Endpoints.

• And, via AMP Unity feature: NGFW, WSA, ESA, etc

• API integration to block and unblock.

My team can hunt for an observable associated with a known actor and see organizational impact.

• Targets affected

• Additional IPs connected

• Programs associated

My team can save a point in time snapshot of our investigations for further analysis.

• Point in time

• Reference

• Launch point for subsequent investigations

Secure Multicloud

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public.

Cisco Secure Internet Gateway

It all starts with DNS

Umbrella

Cisco.com 72.163.4.161

DNS = Domain Name System

First step in connecting to the internet

Precedes file execution and IP connection

Used by all devices

Port agnostic

Cisco Umbrella

Built into the foundation of the internet

Intelligence to see attacks before launched

Visibility and protection everywhere

Enterprise-wide deployment in minutes

Integrations to amplify existing investments

Cloud security platform

Malware

C2 Callbacks

Phishing

208.67.222.222

Malware

C2 Callbacks

Phishing

Benefits

Block malware before it hits the enterprise

Contains malware if already inside

Internet access is faster

Provision globally in minutes

Where does Umbrella fit?

HQ

Sandbox

NGFW

Proxy

Netflow

AV AV

BRANCH

Router/UTM

AV AV

First line

AV

ROAMING

Built into foundation of the internet

Umbrella provides:

Connection for safe requests

Prevention for user and malware-initiated connections

Proxy inspection for risky domains

Safe request

Blocked request

Cisco Talos feeds

Cisco WBRS

Partner feeds

Custom URL block list

Requests for “risky” domainsSelective proxy

URL inspection

File inspectionAV Engines

Cisco AMP

Cloud-delivered firewall

Capabilities: • Content and security controls via DNS• IP, port, and protocol controls on outbound traffic• IP obfuscation• Activity logging

Use cases: • Address guest wi-fi concerns related to infected

devices, inappropriate content like pornography, and peer-to-peer file sharing services

• Secure IaaS dev environment concerns without backhauling traffic to corporate firewall IPsec Tunnel

Example Source IP: 70.149.x.x

Guest Networks

Umbrella

Internet

Source IP: 146.112.x.x (Umbrella)

DNS

NAT

FWPROXY

Data

• Cisco Talos feed of malicious

domains, IPs, and URLs

• Umbrella DNS data —

180B requests per day

Security researchers

• Industry renown researchers

• Build models that can

automatically classify and

score domains and IPs

Models

• Dozens of models continuously

analyze millions of live events

per second

• Automatically uncover malware,

ransomware, and other threats

Intelligence to see attacks before launched

Intelligence

Co-occurrence modelIdentifies other domains looked up in rapid succession of a given domain

Natural language processing modeldomain names that spoof terms and bDetectrands

Spike rank modelDetect domains with sudden spikes in traffic

Predictive IP space monitoringAnalyzes how servers are hosted to detect future malicious domains

2M+ live events per second

11B+ historical events

Statistical models

Data centers co-located at major IXPs

31data centers worldwide

Visibility and protection for all activity, anywhere

Branch

Roaming

ALL PORTS AND PROTOCOLS

ON-NETWORK

OFF-NETWORK

Umbrella

All office locations

Any device on your network

Roaming laptops and supervised iOS devices

Every port and protocol Supervised iOS devices

HQ

BYOD

IoT

Enterprise-wide coverage in minutes, not months

ANY DEVICE ON NETWORK

ROAMING / MOBILE

On-network coverage

With one setting change

Integrated with Cisco SD-WAN, Cisco ISR 1K and 4K series, Cisco Meraki MR, and Cisco WLAN controllers

Off-network laptop coverage

With AnyConnect VPN client integration

Or with any VPN using lightweight Umbrella client

Or with Umbrella Chromebook client

Off-network mobile coverage

With Cisco Security Connector

BRANCH OFFICES

Cisco Cloud Access Security

Perimeter security used to be effective

Headquarters Branch offices

By 2020, 92% of global data center traffic will come from the cloud.Cisco® Global Cloud Index (GCI)

The very nature of network traffic has changedContent created in the cloud

Cloud-to-cloud traffic

Your challenges

Malware and

ransomware

Compromised

accounts and

malicious insiders

Gaps in visibility

and coverage

Data breaches

and compliance

HQ BranchRoaming user

Security challenges have evolved

Users Data Apps

SaaS

Key questions organizations have

ApplicationsDataUsers/Accounts

▪ Who is doing what in

my cloud applications?

▪ How do I detect account

compromises?

▪ Are malicious insiders

extracting information?

▪ Do I have toxic and

regulated data in the cloud?

▪ Do I have data that is being

shared inappropriately?

▪ How do I detect policy

violations?

▪ How can I monitor app

usage and risk?

▪ Do I have any 3rd party

connected apps?

▪ How do I revoke risky apps?

More than 24,000 files per organization publicly accessibleData exposure per organization

Accessible by

external collaborators

Accessible publicly

Accessible

organization-wide

2%

10%

12%

24,000 filespublicly accessible per organization

of external sharing done with

non-corporate email addresses70%

Source: Cloudlock CyberLab

Without CASB, companies are blind to the most obvious malicious traffic

User

Here’s an example of why you need cloud user security

North America9:00 AM ETLogin

Africa10:00 AM ETData export▪ Distance from the US

to the Central African

Republic: 7362 miles

▪ At a speed of 800 mph,

it would take 9.2 hours

to travel between them

In one hour

There’s a better way

Cisco Cloudlock addresses organizations’ most critical cloud security use cases

Discover and Control

User and Entity

Behavior Analytics

Cloud Data Loss

Prevention (DLP)Apps Firewall

OAuth Discovery and

Control

Shadow IT

Data Exposures

and Leakages

Privacy and

Compliance Violations

Compromised

Accounts

Insider Threats

CASB

Visibility

Data Security

Compliance

Threat Prevention

How Does it Work?

Cloud

Infrastructure

Client InfrastructureOn-premise or off-premise

Application Access

Public APIs

CASB - API Access (Cloud to Cloud)

Unmanaged

Users

Unmanaged

Devices

Unmanaged

Network

Remote Users

Cisco NGFW / Umbrella

Managed

Users

Managed

Devices

Managed

Network

On-Premise Networks

Cloudlock has over 80 pre-defined policies

PII

▪ SSN/ID

numbers

▪ Driver license

numbers

▪ Passport

numbers

Education

▪ Inappropriate

content

▪ Student loan

application

information

▪ FERPA

compliance

General

▪ Email address

▪ IP address

▪ Passwords/

login

information

PHI

▪ HIPAA

▪ Health

identification

numbers

(global)

▪ Medical

prescriptions

PCI

▪ Credit card

numbers

▪ Bank account

numbers

▪ SWIFT codes

Cisco Multifactor Authentication

© 2019 Cisco and/or affiliates. All rights reserved. | CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC.

Three Customer Jobsto Be Done

1. Verify User Trust

2. Verify Device Trust

3. Access Controls

© 2019 Cisco and/or affiliates. All rights reserved. | CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC.

User Trust

Establishuser trustwith MFA

Key Driver: Meet Compliance Requirements

Meet MFA

requirements

outlined in PCI-

DSS 3.2

Section 8.3

Helps meet NIST

800-63 and 800-

171 access

security

requirements

Meet DEA’s EPCS

requirements

when approving e-

prescriptions

Aligned with

GDPR data

protection laws

in Europe

Meet FFIEC

requirements for

financial

applications

Get visibility

into personal

devices used to

access PHI

Every security best practices guide and regulation asks for MFA and device visibility

Security Risks Persist with Traditional MFA

of breaches leverage

stolen or weak passwords

81%

Source: Verizon 2018 Data Breach Investigations Report

● Compromised credentials

is a major security risk

● Cumbersome tokens and

one-time passwords;

not user friendly

World’s Easiest and Most Secure MFA

● Instantly integrates with all apps

● Users self-enroll in minutes

● Users authenticate in seconds; no codes to enter

© 2019 Cisco and/or affiliates. All rights reserved. | CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC.

Device TrustAssess the healthand security postureof any device

Compromised Devices Can Access Your Data

of vulnerabilities exploited

will be ones known by security

team for at least one year

(through 2021)

99%

Source: Gartner, Dale Gardner, 2018 Security Summit

● Attackers exploit known

vulnerabilities

● Patching devices (especially user

owned) is complex

● End users continue to access data

from potentially vulnerable devices

● Accessing critical data from

vulnerable devices can be risky

Verify Trust for Any DeviceLimit Access to Compliant Devices

● Identify corporate-owned & BYOD

● Verify if devices are out-of-date and potentially vulnerable to security risks

● Block devices access to critical applications

● Apply policies consistently for any device platform: Windows, MacOS, iOS & Android

End users get just-in-time notification

about

out-of-date OS, browsers, Flash and

Java

If users do not update by a certain

day,

the endpoints are blocked

Improve Security Posture by Informing the User

Learn more about self remediation

Secure Web Gateway

Magic Quadrant 2018

Challenger

Zero TrustForrester Wave

2018Strong

Performer

Email Security Forrester Wave

2019Leader

Endpoint SecuritySuites Forrester

Wave 2018Visionary

Built by a recognized leader

Enterprise Network Firewall Magic Quadrant

2018Leader

Defending 100% of Fortune 100 companies every day

Thank you© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public.