· idc 2019 –global security appliance market share forrester 2019 –zero trust wave 5k people...
TRANSCRIPT
Roman Vargas
Seguridad completa en entornos de TeletrabajoNextGen workforce securitywww.cisco.com/go/SecureRemoteWorker
CyberSecurity Specialist - CCIE/CISSP
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Security
#1Worldwide
Security Vendor*
* Canalys 2019 – Cybersecurity LeadershipIDC 2019 – Global Security Appliance Market ShareForrester 2019 – Zero Trust Wave
5KPeople Strong
LargestThreat Detection
Network
100xFaster Finding
Breaches
19.7BThreats
Blocked Daily
99%Security
Effectiveness
250KCustomers
30%Cost Savings
+150Ecosystem
Partners
88%Fortune 100 use Cisco Security
~$4.0 Billion
Security revenues
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
2009
Leader of Cloud-based Web Security
2013
Best-in-class intrusion prevention
system (IPS) and advanced malware protection (AMP)
2014
Leading Dynamic Malware Analysis
(Sandbox)
2016
Cloud Access Security Broker that provides
visibility and control for SaaS, IaaS and PaaS
2017
Cloud basedsecurity forensics
and visibility
2018
Unified AccessSecurity (UAS)for zero-trust
Top Leaders of security advisory services
Provides risk management and compliance to Fortune
500 customers
2015
Cloud based DNS security
service
Best security analytics platform to defend against advanced
cyber threats
2020
Cloud basedsecurity orchestration
platform
1995
PIX Firewall which was foundation of
current ASALeader for on premise email and web security
2007
Cisco’s Continued Investment in Security
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cybersecurity for the 21st CenturySecurity Challenges
DIGITAL TRANSFORMATION
Capture the benefits of mobility, cloud and IoE
DYNAMICTHREAT LANDSCAPE
Protect against new and changing attack vectors
COMPLEXITY &FRAGMENTATION
Simplify operations and reduce costs
Zero Trust Cisco SecureXCisco TALOS
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Digital TransformationWhere is the perimeter?
Business apps
Critical infrastructure
Internet
Workplace desktops
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Digital TransformationWhere is the perimeter?
Cloud (SaaS)Business appsSalesforce, Office 365,DocuSASEn, etc.
Cloud (IaaS)Critical infrastructure
Amazon AWS, Microsoft Azure, etc.
Business apps
Critical infrastructure
SD-Access/SD-WANCampus/Branch office
MobilityEndpoints
Windows, OS X, IOS, Android
75%
Internet
Workplace desktops
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud (SaaS)Business appsSalesforce, Office 365,DocuSASEn, etc.
Cloud (IaaS)Critical infrastructure
Amazon AWS, Microsoft Azure, etc.
Business apps
Critical infrastructure
SD-Access/SD-WANCampus/Branch office
MobilityEndpoints
Windows, OS X, IOS, Android
75%
Internet
Workplace desktops
75% protection means 100% vulnerable
Digital TransformationWhere is the perimeter?
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
MobilityWindows, OS X, IOS, Android
75% protection
Business apps
Critical infrastructure
InternetDigital Transformation
Workplace desktops
Cloud (SaaS)Business appsSalesforce, Office 365,DocuSign, etc.
Cloud (IaaS)Critical infrastructure
Amazon AWS, Microsoft Azure, etc.
SD-Access/SD-WANCampus/Branch office
Cloud (SaaS)Cloud (IaaS)
SD-Access/SD-WANMobilityWindows, OS X, IOS, Android
100% protection InvestigateDetect Remediate
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Mobility
100% protection InternetDigital Transformation
Workplace desktops
InvestigateDetect Remediate
Cisc AMP for Endpoints(EPP/EDR)
DeviceSecurity
Cisco Umbrella(SIG)
UserSecurity
Cisco DUO(MFA/SDP)
IdentitySecurity
ClientBased
Clientless Based
Cisco DUO Beyond
Cisco ASA/FTDCisco Anyconnect
(VPN)
TransportSecurity
Cisco Cloudlock(CASB)
DataSecurity
Cisco WebexCollaboration
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Business apps
Critical infrastructure
DC
Secure Remote Worker - Client based overview
Internet
Digital Transformation
Remote Worker VPN
Cisco Firepower/ASA
VPN Concentrator
Cisco Umbrella
SIG
Cisco DUO
MFA/SDP
• Cisco ISE: Posture – Robust endpoint hygiene check• Cisco DUO: Identity security - Robust user/endpoint authentication• Cisco Umbrella: User security* - Prevent user-driven infections (First line of defense)• Cisco AMP for endpoints: Endpoint security – Prevent endpoint infection (Last line of defense)
* With or without VPN Split tunnelling (DNS;SWG)
Cisco Cloudlock
CASB
CASB
• Cisco Cloudlock: Data security – Granular SaaS usage control
• Cisco Firepower/ASA: VPN* - Secure connectivity to DC
Cisco AMP for Endpoints
EPP/EDR
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Identity securityCisco DUO (MFA/SDP)
Easiest way to protect all of your users with simple and powerful access security
www.duo.com
Instantly integrates with all apps
Users self-enroll in minutes
Users authenticate in seconds; no codes to enter
1 Verify User Trust
2 Verify Device Trust
3 Conditional Access Controls
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
First line of defenseCisco Umbrella (SASE)
Easiest way to protect all of your users and endpoints in minutes
ANY DEVICE ON NETWORK
ROAMING / MOBILE
BRANCH OFFICES
• Safe DNS• Content control• Application control• Advanced web content control• Advanced web application control• L3/L4/L7 Firewalling• Data at rest control
wwwCASB
DNSControls
CloudNGFW
www
CloudProxy
53 80-.443
Umbrella
www.cisco.com/go/umbrella
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Umbrella (SASE)Leading security efficacy
Source: AV-Test Feb 2020
Cloud ProxyDNS Control
www.cisco.com/go/umbrella
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Last line of defenseCisco AMP for Endpoints (EPP/EDR)
www.cisco.com/go/amp
RespondDetect
1:1 Fingerprint
FuzzyFingerprint
Machine Learning
Device Flow Correlation
Exploit Prevention
System Process Protection
Malicious Activity Protection
AntiVirus
Vulnerable soft Detection
Low Prevalence
Indications of Compromise
Cognitive Threat Analytics (CTA)
Endpoint Isolation
Network Isolation (ISE)
Application Isolation (DUO)
Orbital
Prevent
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Leading security efficacyCisco AMP for Endpoints (EPP/EDR)
Validated by 3rd party tests: AV Comparatives, Miercom, and NSS Labs
Recognized for accuracy, reliability and consistency
Strong prevention – multiple engines and blocking tools
Malware Protection Test
Real WorldProtection Test
Protection Rate
False Alarms
100%
99.3%
0
1
Factsheet Business Test (March-April 2020), go to: https://www.av-comparatives.org/tests/business-security-test-march-april-2020-factsheet/
False Alarm Test• “Very High” FP has
as many as 100-150 false positives
www.cisco.com/go/amp
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Business apps
Critical infrastructure
DC
Secure Remote Worker - Clientless based overview
Internet
Digital Transformation
Remote Worker
Cisco DUO
MFA/SDP
• Cisco DUO: Robust user/device authentication* + Clientless access
* With endpoint hygiene check (Posture)
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cybersecurity for the 21st CenturySecurity Challenges
DIGITAL TRANSFORMATION
Capture the benefits of mobility, cloud and IoE
DYNAMICTHREAT LANDSCAPE
Protect against new and changing attack vectors
COMPLEXITY &FRAGMENTATION
Simplify operations and reduce costs
Zero Trust Cisco SecureXCisco TALOS
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco
Dynamic Threat LandscapeCisco - Leading Threat Intelligence
www
SASECisco Umbrella
EPP/EDRCisco AMP for
Endpoints
NBACisco Stealthwatch
ProxyCisco WSA
EmailCisco ESA/CES
CWPCisco Tetration
UASCisco DUO
NACCisco ISE
NGFWCisco Firepower/Meraki
NGIPSCisco Firepower
Widest threat intelligencefighting the good fight
- 35% worldwide corporate email- 4% worldwide DNS- 16B web requests/day- 1,5M samples/day- 250+ Threat investigators
With Cisco , your multiplesecurity products can globallyshare data and work together
Multivector approach to get themost accurate threat intelligence
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cybersecurity for the 21st CenturySecurity Challenges
DIGITAL TRANSFORMATION
Capture the benefits of mobility, cloud and IoE
DYNAMICTHREAT LANDSCAPE
Protect against new and changing attack vectors
COMPLEXITY &FRAGMENTATION
Simplify operations and reduce costs
Zero Trust Cisco SecureXCisco TALOS
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
CiscoComplexity and Fragmentation
Cisco
www
SIGCisco Umbrella
EPP/EDRCisco AMP for
Endpoints
NBACisco Stealthwatch
ProxyCisco WSA
EmailCisco ESA/CES
CWPCisco Tetration
UASCisco DUO
NACCisco ISE
NGFWCisco Firepower/Meraki
NGIPSCisco Firepower
You can block 99% of threats…the other 1% require investigation
www.cisco.com/go/csecureX
InvestigateDetect Remediatewww.cisco.com/go/securex
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Integrated security – Security that works togetherCisco Security
Open APIs · Developer Environment · Services
Network User/ Endpoint Cloud
Leading Security Portfolio
1001010100101010010101001010010010010100010010001001001011001010110101010010101001010010010010100010010101001001000101101001010110101010010101001010010010010100010010101001001000101
1101010100101010010101001010010010010100010010001001000111001010110101010010101001010010010010100010010101001001000101110001010110101001010100010010010010100010010101001010001011011
Leading Threat IntelligenceCiscoArchitectures:
· Networking· Data Center· Collaboration
Unified - Harmonized - Simplified - OpenIntegrated -
Unified Management
InvestigateDetect Remediate
150 security
tech partners