cisco umbrella overview - tech data advanced solutions...cisco umbrella commercial sales emea 17th...
TRANSCRIPT
Ali Wadi
Cisco Umbrella Commercial Sales EMEA
17th Jan 2017
DNS-Layer Network Security Delivered from the Cloud
Cisco Umbrella Overview
PRODUCTS & TECHNOLOGIES
UMBRELLA Enforcement Network security service protects any device, anywhere
INVESTIGATE Intelligence Threat intelligence on domains and IPs across the Internet
TRUSTED by Enterprises Worldwide
Fortune 500
companies in retail,
healthcare, energy,
and entertainment
Over 600 leading
professional services
including law and
consulting firms
Over 500 leading
finance, banking,
and insurance
companies
Over 500 leading
manufacturing and
technology
companies
INTERNET
MALWARE
C2/BOTNETS
PHISHING
AV
AV
AV AV
ROUTER/UTM
AV AV
ROUTER/UTM
SANDBOX
PROXY
NGFW
NETFLOW
AV AV
AV AV
MID LAYER
LAST LAYER
MID LAYER
LAST LAYER
MID LAYER
FIRST
LAYER
Where Do You Enforce Security?
Perimeter
Perimeter Perimeter
Endpoint
Endpoint
CHALLENGES
Too Many Alerts via Appliances & AV
Wait Until Payloads Reaches Target
Too Much Time to Deploy Everywhere
BENEFITS
Alerts Reduced 2-10x; Improves Your SIEM
Traffic & Payloads Never Reach Target
Provision Globally in UNDER 30 MINUTES
Shortage of Security Talent
Many tools require
more resources than
you have available
to make work
50% of PCs are Mobile 70% of Offices go Direct
Most mobile & remote workers don’t
keep VPN always on, most branch
offices don’t backhaul traffic, and
most new endpoint tools only detect
70-90% of Malware is Unique to Each Org
Signature-based tools, reactive
threat intelligence, and isolated
security enforcement cannot
stay ahead of attacks
Common Security Challenges
WEB NON-WEB
15% of C2 bypasses
web ports 80 & 443
DNS IP IP
91% of C2 can be blocked
at the DNS layer
You Need a Different Approach to Block Threats Others Miss
Enterprise Location A
Internal Infoblox Appliance
Enterprise Location C
Internal BIND Server
Enterprise Location B
Internal Windows DNS Server
Home Users
Roaming Laptops
Mobile Devices
Remote Sites
ISP 1
mobile
carrier
ISP 2
ISP 3
ISP ?
ISP ?
ISP ?
CHALLENGES
Multiple Internet Service Providers
Direct-to-Internet Branch Offices
Users Forget to Always Turn VPN On
Different DNS Log Formats
Who Resolves Your DNS Requests?
Authoritative DNS for Intranet Domains
Recursive DNS for Internet Domains
BENEFITS
Global Internet Activity Visibility
Network Security w/o Adding Latency
Consistent Policy Enforcement
Internet-Wide Cloud App Visibility
ISP 1
mobile
carrier
ISP 2
ISP 3
ISP ?
ISP ?
ISP ?
Authoritative DNS for Intranet Domains
Recursive DNS for Internet Domains
Leveraging a Single Global Recursive DNS Service
Predictive Intelligence Using Statistical Models
observes relationships in global DNS
requests & BGP routes to discover
where attacks are staged
Global Network Using Recursive DNS
just point DNS from your network
devices, our virtual appliance, or our
roaming client to our global network
DNS xyz.com 1.2.3.4
How We Do It
Off-Network Security Using Lightweight Agent
does not scan system or run in
kernel space, so it will not crash,
hog memory, or pester the end user
Used to detect:
• Compromised systems
• Command & control callbacks
• Malware & phishing attempts
• Algorithm-generated domains
• Domain co-occurrences
• Newly registered domains
Any Device Recursive DNS
Gather Intelligence & Enforce Security at the DNS Layer
Authoritative DNS
root
com.
domain.com.
Used to find:
• Newly staged infrastructures
• Malicious domains, IPs, ASNs
• DNS hijacking
• Fast flux domains
• Related domains
ZERO added latency
peer w/ top 500 ISPs & CDNs
2% worldwide
activity
globally-shared DNS cache
100% uptime
since 2006
Global Network Built into the Fabric of the Internet
400+ Gbps capacity, protection & global
fail-over
Apply statistical models and
human intelligence
Identify probable
malicious sites
Ingest millions of data
points per second
How Our Security Classification Works
a.ru
b.cn
7.7.1.3
e.net
5.9.0.1
p.com/jpg
A New Layer of Breach Protection
Threat Prevention Not just threat detection
Protects On & Off Network Not limited to devices forwarding traffic thru appliances
Turn-Key & Custom API-Based Integrations Does not require professional services to setup
Block by Domains, IPs & URLs for All Ports Not just ports 80/443 or only IPs
Always Up to Date No need for device to VPN back to an on-prem server for updates
UMBRELLA
Why Partners love selling Umbrella? • Help your customers stop phishing and malware infections earlier.
• Give customers complete visibility into internet activity across all locations and users.
• Provide one of the simplest security products to deploy and manage.
• Grow your share of the cloud security market.
• Sell Cisco Umbrella and increase your profitability through recurring revenues and upsell
opportunities
• Cisco Umbrella Partner Portal: https://communities.cisco.com/docs/DOC-64565
For custom trial requests other than the standard 14-day Umbrella Insights trial on the website,
Please send a detailed email to: [email protected]; [email protected]; [email protected]
Please avoid making custom trial requests for accounts with less than 500 users.