innovative security in an accelerating world · 2015. 10. 8. · innovative security in an...
TRANSCRIPT
John N. Stewart
Senior Vice President and Chief Security and Trust Officer
Cisco Forum Ukraine
Innovative Security in an Accelerating World
8 October 2015
CONNECTED THINGS
Every Country, City and Business Is Becoming a Digital Enterprise
DIGITAL INTERNET OF EVERYTHING
SECURITY FAST INNOVATION FAST IT
Powering a Decade of Explosive IT Growth
1 The next wave of the Internet requires the next wave
of Security
2 We must improve detection, reaction and remediation
3 Trust is critical
The End at the Beginning
Cisco’s Security Business
#1
Cybersecurity
Company
Threat-Centric
Security
Billions
Invested
5K
Strong
Team
Cognitive
Sourcefire
ThreatGRID
Neohapsis
OpenDNS
Portcullis
Broad/Deep
Portfolio
Accelerating
Customer
Adoption
Cisco’s #1
Priority Expanding
Services
Capabilities
Security
Everywhere
Security Everywhere
Branch Operational
Technology
Cloud Data
Center
Services
Endpoint Campus Edge
Cisco Cybersecurity Partnerships and Promotion in the Ukraine
Public Sector Security
Engineer education via Cisco
Networking Academies
Partnerships with key security
bodies: Security compliance for all
Cisco devices
Design and implement
governmental network projects
Promotes National cyber security
strategies for frameworks,
architectures, technologies
Supports expert security
communities such as Ukrainian
Information Security Group (UISG)
Partnership with Ukraine
Government Computer
Emergency Response Team of
Ukraine (CERT-UA)
Cisco Confidential
Security in 2015
By the Numbers
Viet Nam 7.96 | 6.07
Spain 11.17 | 7.19
Germany 8.77 | 8.05
Italy 7.17 | 7.01
U.S. 35.90 | 40.97
Brazil 5.57 | 5.05
Russia 7.0 | 13.33
Global Spam Volume Essentially Unchanged Increases in US, China, and Russian Federation
Source: Cisco Midyear Security Report 2015
Argentina 8.86 | 5.59
Billions of emails per day: December 2014 May 2015
India 3.22 | 5.40
Iran 4.51 | 5.03
China 30.45 | 20.78
Breaches Continue on the Rise
Of worst breaches were caused by inadvertent human error (up 31%)
Of large organizations were attacked by an unauthorized outsider (up 55%)
Of large organizations suffered a staff-related breach (up 58%)
Of large organizations suffered security breaches (up 81%)
Source: PWC Information Security Breaches Survey 2015
75%
90%
50%
69%
Data
Attackers Are Exploiting Point Solutions with Increasing Speed
NGIPS
Malware Sandbox
IAM
Antivirus
IDS Firewall
VPN
NGFW
Time to detection:
200 Days
200 Days – That’s Not Winning Current industry Time to Detection (TTD) rate of 200 days is not good enough.
200 DAYS
Catch It Quicker, Disrupt It
Faster, and Push for
Consequences
Why and What? Evolution and Speed
Step 1 Step 2 Step 3
InfoSec team IT embeds security Security in everything
Residual Risk → Detection
• Data Correlation
• DNS in the Cloud
• Malware
I Had an Idea…
<48 200 HOURS DAYS
Industry Cisco
Source: Cisco Midyear Security Report 2015
Massive Data, Multiple Angles
100TB Security
Intelligence
1.6M Deployed
Devices
13B Web
Requests
150,000 Micro-
applications
1,000 Applications
93B Daily Email
Messages
35% Enterprise
5,500 IPS
Signatures
150M Deployed
Endpoints
3-5 min Updates
5B Daily Email
Connections
4.5B Daily Email
Blocks
14M Deployed
Access
Gateway
75,000 FireAMP
Updates
6,000 New Clam
AV Sigs
120K Sandbox
Reports
Threat Intelligence Platform Core
Services
R&D/Data Analysis/Refinement Data
Scientist
s
Security
Enginee
rs
Security
Scientist
s
Software
Enginee
rs
Direct Access to Raw and Refined Data Load-Balanced, Highly Available APIs
Innovation Platform
IT Services
Data Processing Statistical Computing
Incubation Hosting Visualization
Data Cleansing
Source Code
Management
DC & WAN
Management
Relational Databases Security Monitoring
Identity Access &
Management Service Monitoring Hadoop HDFS
Data Integration Cluster
Message System Broker Proxy and Services
Streaming Processes Map/Reduce Processes
Document Database Graph Database Column Family Story
Data Integration Scripts Consumer Clients for Messages
Products Enterprise Security
Internal and External Datasets for Telemetry, Network Posture, Enrichment,and Reputation
DNS Requests Per Day
70B BGP Peering Partners
500
Daily Active Users
65M Enterprise Customers
10K
OpenDNS Cloud Security Diverse Set of Data
• AMP security agent identifies malware through:
• File fingerprinting and metadata analytics
• Process Information
• File and Network I/O
• Works across endpoints and in the network and data center as part of broader architecture
• Powered by Collective Security Intelligence from the cloud and supported by threat experts in TALOS vulnerability research team
• Continuous zero day detection
• Advanced analytics and correlation
• Multisource IOCs
• Threat analysis reports
• Low prevalence
• Threat hunting (elastic search)
• Enterprise capabilities
• Threat Grid technology adds power
with data source and analysis
Capabilities
Advanced Malware Protection
Trust Is Critical
Trust Is About Principles, Not Products
• We take active measures to safeguard the security and reliability of the network.
• We are committed to securing and protecting our customers and their data.
• We adhere to a Secure Development Lifecycle (SDL) in the development of our products and services.
• We protect the security of our supply chain.
TRUSTWORTHY
• We provide equal and simultaneous access to security vulnerability information for all parties globally.
• We make timely and actionable breach notifications to impacted parties.
• We publish data regarding requests from law enforcement and national security agencies for customer data.
• We drive and follow open, global standards and make decisions to develop and implement new technologies based on customers’
current and anticipated requirements.
TRANSPARENT
• We are committed to helping customers and partners verify and validate our trustworthiness.
• We admit when we make mistakes that affect the security of our customers and partners, and we work to make things right with
those customers and partners.
ACCOUNTABLE
It’s Not Just the “Feature” – It’s How It’s Made
Secure Development
Lifecycle for
Design and Build
Secure Hardware
with Signed
Software
Secure Deployment
and Measures
Secure Supply
Chain and Lifecycle
In Summary…
1
2
3
The End at the End
The next wave of the Internet requires the next wave
of Security
We must improve detection, reaction and remediation
Trust is critical