John N. Stewart

Senior Vice President and Chief Security and Trust Officer

Cisco Forum Ukraine

Innovative Security in an Accelerating World

8 October 2015

CONNECTED THINGS

Every Country, City and Business Is Becoming a Digital Enterprise

DIGITAL INTERNET OF EVERYTHING

SECURITY FAST INNOVATION FAST IT

Powering a Decade of Explosive IT Growth

1 The next wave of the Internet requires the next wave

of Security

2 We must improve detection, reaction and remediation

3 Trust is critical

The End at the Beginning

Cisco’s Security Business

#1

Cybersecurity

Company

Threat-Centric

Security

Billions

Invested

5K

Strong

Team

Cognitive

Sourcefire

ThreatGRID

Neohapsis

OpenDNS

Portcullis

Broad/Deep

Portfolio

Accelerating

Customer

Adoption

Cisco’s #1

Priority Expanding

Services

Capabilities

Security

Everywhere

Security Everywhere

Branch Operational

Technology

Cloud Data

Center

Services

Endpoint Campus Edge

Cisco Cybersecurity Partnerships and Promotion in the Ukraine

Public Sector Security

Engineer education via Cisco

Networking Academies

Partnerships with key security

bodies: Security compliance for all

Cisco devices

Design and implement

governmental network projects

Promotes National cyber security

strategies for frameworks,

architectures, technologies

Supports expert security

communities such as Ukrainian

Information Security Group (UISG)

Partnership with Ukraine

Government Computer

Emergency Response Team of

Ukraine (CERT-UA)

Cisco Confidential

Security in 2015

By the Numbers

Viet Nam 7.96 | 6.07

Spain 11.17 | 7.19

Germany 8.77 | 8.05

Italy 7.17 | 7.01

U.S. 35.90 | 40.97

Brazil 5.57 | 5.05

Russia 7.0 | 13.33

Global Spam Volume Essentially Unchanged Increases in US, China, and Russian Federation

Source: Cisco Midyear Security Report 2015

Argentina 8.86 | 5.59

Billions of emails per day: December 2014 May 2015

India 3.22 | 5.40

Iran 4.51 | 5.03

China 30.45 | 20.78

Breaches Continue on the Rise

Of worst breaches were caused by inadvertent human error (up 31%)

Of large organizations were attacked by an unauthorized outsider (up 55%)

Of large organizations suffered a staff-related breach (up 58%)

Of large organizations suffered security breaches (up 81%)

Source: PWC Information Security Breaches Survey 2015

75%

90%

50%

69%

Data

Attackers Are Exploiting Point Solutions with Increasing Speed

NGIPS

Malware Sandbox

IAM

Antivirus

IDS Firewall

VPN

Email

NGFW

Time to detection:

200 Days

200 Days – That’s Not Winning Current industry Time to Detection (TTD) rate of 200 days is not good enough.

200 DAYS

Catch It Quicker, Disrupt It

Faster, and Push for

Consequences

Why and What? Evolution and Speed

Step 1 Step 2 Step 3

InfoSec team IT embeds security Security in everything

Residual Risk → Detection

• Data Correlation

• DNS in the Cloud

• Malware

I Had an Idea…

<48 200 HOURS DAYS

Industry Cisco

Source: Cisco Midyear Security Report 2015

Massive Data, Multiple Angles

100TB Security

Intelligence

1.6M Deployed

Devices

13B Web

Requests

150,000 Micro-

applications

1,000 Applications

93B Daily Email

Messages

35% Enterprise

Email

5,500 IPS

Signatures

150M Deployed

Endpoints

3-5 min Updates

5B Daily Email

Connections

4.5B Daily Email

Blocks

14M Deployed

Access

Gateway

75,000 FireAMP

Updates

6,000 New Clam

AV Sigs

120K Sandbox

Reports

Threat Intelligence Platform Core

Services

R&D/Data Analysis/Refinement Data

Scientist

s

Security

Enginee

rs

Security

Scientist

s

Software

Enginee

rs

Direct Access to Raw and Refined Data Load-Balanced, Highly Available APIs

Innovation Platform

IT Services

Data Processing Statistical Computing

Incubation Hosting Visualization

Data Cleansing

Source Code

Management

DC & WAN

Management

Relational Databases Security Monitoring

Identity Access &

Management Service Monitoring Hadoop HDFS

Data Integration Cluster

Message System Broker Proxy and Services

Streaming Processes Map/Reduce Processes

Document Database Graph Database Column Family Story

Data Integration Scripts Consumer Clients for Messages

Products Enterprise Security

Internal and External Datasets for Telemetry, Network Posture, Enrichment,and Reputation

DNS Requests Per Day

70B BGP Peering Partners

500

Daily Active Users

65M Enterprise Customers

10K

OpenDNS Cloud Security Diverse Set of Data

• AMP security agent identifies malware through:

• File fingerprinting and metadata analytics

• Process Information

• File and Network I/O

• Works across endpoints and in the network and data center as part of broader architecture

• Powered by Collective Security Intelligence from the cloud and supported by threat experts in TALOS vulnerability research team

• Continuous zero day detection

• Advanced analytics and correlation

• Multisource IOCs

• Threat analysis reports

• Low prevalence

• Threat hunting (elastic search)

• Enterprise capabilities

• Threat Grid technology adds power

with data source and analysis

Capabilities

Advanced Malware Protection

Trust Is Critical

Trust Is About Principles, Not Products

• We take active measures to safeguard the security and reliability of the network.

• We are committed to securing and protecting our customers and their data.

• We adhere to a Secure Development Lifecycle (SDL) in the development of our products and services.

• We protect the security of our supply chain.

TRUSTWORTHY

• We provide equal and simultaneous access to security vulnerability information for all parties globally.

• We make timely and actionable breach notifications to impacted parties.

• We publish data regarding requests from law enforcement and national security agencies for customer data.

• We drive and follow open, global standards and make decisions to develop and implement new technologies based on customers’

current and anticipated requirements.

TRANSPARENT

• We are committed to helping customers and partners verify and validate our trustworthiness.

• We admit when we make mistakes that affect the security of our customers and partners, and we work to make things right with

those customers and partners.

ACCOUNTABLE

It’s Not Just the “Feature” – It’s How It’s Made

Secure Development

Lifecycle for

Design and Build

Secure Hardware

with Signed

Software

Secure Deployment

and Measures

Secure Supply

Chain and Lifecycle

In Summary…

1

2

3

The End at the End

The next wave of the Internet requires the next wave

of Security

We must improve detection, reaction and remediation

Trust is critical