simple and effective security lewis tan cissp, opst · lewis tan cissp, opst regional sales...
TRANSCRIPT
![Page 1: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/1.jpg)
Lewis Tan CISSP, OPST
Regional Sales Specialist, ATS Asia
Simple and Effective Security
![Page 2: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/2.jpg)
Branch office
HQ
Airport
![Page 3: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/3.jpg)
Productivity
![Page 4: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/4.jpg)
Productivity File share
![Page 5: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/5.jpg)
Productivity File share
CRM
![Page 6: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/6.jpg)
Deny Allow access
Productivity File share
Connected
Apps
CRM
Allow access
![Page 7: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/7.jpg)
![Page 8: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/8.jpg)
Risks Faced Using Cloud
• Users not protected by traditional security stack
• Gaps in visibility and coverage
• Expose sensitive info (inadvertently or
maliciously)
• Users can install and use risky apps on their
own
![Page 9: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/9.jpg)
The way we work has changed
49% of the workforce
are mobile
82%admit to not
using the VPN
70%increase in
SaaS usage
70% of branch offices
have DIA
25% of corporate
data bypass
perimeter security
, security must too
![Page 10: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/10.jpg)
Infrastructure
as a Service (IaaS)
Platform
as a Service (PaaS)SaaS
People People People
Data Data Data
Applications Applications Applications
Runtime Runtime Runtime
Middleware Middleware Middleware
Operating system Operating system Operating system
Virtual network Virtual network Virtual network
Hypervisor Hypervisor Hypervisor
Servers Servers Servers
Storage Storage Storage
Physical network Physical network Physical network
Cloud shared responsibility – SaaS/PaaS/IaaS
CSR responsibilityCustomer responsibility
![Page 11: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/11.jpg)
Security Weaknesses of Native Cloud Service Providers
Single Platform OnlySolves Fewer
Problems
Lack of Security
Expertise
& Focus
UpchargeNo Incident
ManagementWeak Remediation
Capabilities
1
![Page 12: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/12.jpg)
Key questions for Cloud Usage
ApplicationsDataUsers/Accounts
Who is doing what in
my cloud applications?
How do I detect account
compromises?
Are malicious insiders
extracting information?
Do I have toxic and
regulated data in the cloud?
Do I have data that is being
shared inappropriately?
How do I detect policy
violations?
How can I monitor app
usage and risk?
Do I have any 3rd party
connected apps?
How do I revoke risky apps?
![Page 13: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/13.jpg)
Keys to the kingdom: third-party appsLet’s start with an example
![Page 15: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/15.jpg)
OAuth-connected apps have extensive access to corporate environments
![Page 16: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/16.jpg)
The attackers gained
a persistent connection
to the victim’s identity
Cloudlock CyberLab estimates:
Approximately 300,000corporations have been infected
On Average 0.65%got infected per organization within the first
2 hrs.
of employees
May 3rd 2017, Google OAuth Attack Aftermath
![Page 17: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/17.jpg)
Do you know all the apps that are accessing your cloud data?
Yes or No?
![Page 18: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/18.jpg)
Your security challenges
Malware and
ransomware
Gaps in visibility
and talent shortage
Budget Competition Difficult to
manage security
![Page 19: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/19.jpg)
To be effective, cloud security must be
Simple Open Automated
![Page 20: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/20.jpg)
Services
Leveraging the Attack Continuum to shift the conversations to
business outcomes!
Before During After
Branch Operational
Technology
CloudData
Center
Endpoint CampusEdge
SECURITY EVERYWHERE
![Page 21: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/21.jpg)
250+Full Time Threat
Intel Researchers
MILLIONSOf Telemetry
Agents
4Global Data
Centers
1100+Threat Traps
100+Threat Intelligence
Partners
THREAT INTEL Per Day
1.5 MILLIONDaily Malware
Samples
600 BILLIONDaily Email
Messages, 86% SPAM
16 BILLIONDaily Web
Requests
Honeypots
Open Source
Communities
Vulnerability
Discovery (Internal)
Product
Telemetry
Internet-Wide
Scanning
20 BILLION
Threats Blocked
INTEL SHARING
Why Cisco - Eff icacy
Customer Data
Sharing
Programs
Service Provider
Coordination
Program
Open
Source
Intel
Sharing
3rd Party Programs
(MAPP)
Industry
Sharing
Partnerships
(ISACs)
500+
Participants
*Google : 3.5B searches/day
![Page 22: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/22.jpg)
Branch office
Simple & Effective Cloud Security
CloudLock / Stealthwatch CloudSecure Usage of Cloud Services
Umbrella / Amp for EndpointsSecure Access to Internet
HQ Roaming
![Page 23: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/23.jpg)
Cisco Cloudlock addresses customers’ most critical cloud security use cases
Discover and Control
User and Entity
Behavior Analytics
Cloud Data Loss
Prevention (DLP)Apps Firewall
Cloud Malware
Shadow IT/OAuth
Discovery and Control
Data Exposures
and Leakages
Privacy and
Compliance Violations
Compromised
Accounts
Insider Threats
![Page 24: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/24.jpg)
Multi-Cloud
SWC SaaS Portal
Stealthwatch
Cloud
Hybrid-Cloud
![Page 25: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/25.jpg)
How Cisco Security helps
Victimredirected
to attacker’s
domain
Attackergains access
to OAuth token
Attackerhas persistent
access to the
victims’ account
Victimopens email
and clicks link
Victimgrants access
to their account
Cloudlockrevokes OAuth token
Umbrellablocks user redirect to
malicious domain.
Attacker never
receives OAuth token
if blocked here.
Umbrella
Investigateused to research
attacker’s infrastructure
Security blocks
malicious
emails
Google Docs would
like to
Read, send, delete,
manage your email
Manage your
contacts
AllowDeny
![Page 26: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/26.jpg)
Stopping Attacks Before It Happens
![Page 27: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/27.jpg)
• Wouldn’t it be great if you could...
Best Defenses
Stop Ransomware
from running
on endpoints
DNS
Stop Ransomware
from arriving
by email
Stop Ransomware
from using DNS or
arriving by the web
![Page 28: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/28.jpg)
Introducing Umbrella – Simple & Effective DNS Security
Overview
Authoritative DNS
Owns and publishes
the “phone books”
Domain registrar
Maps and records names
to #s in “phone books”
Recursive DNS
Looks up and remembers
the #s for each name
![Page 29: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/29.jpg)
Our view of the internet
140Brequests per day
15Kenterprise customers
100Mdaily active
users
160+countriesworldwide
INTELLIGENCE
![Page 30: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/30.jpg)
Our efficacy
3M+daily new
domain names
Discover
60K+daily malicious
destinations
Identify
7M+malicious destinations while resolving DNS
Enforce
INTELLIGENCE
![Page 31: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/31.jpg)
Intelligence to see attacks before launched
Data
Cisco Talos feed of malicious
domains
Cisco Threat Grid file-based
intelligence (1.5M+ daily
samples)
Umbrella DNS data —
125B requests per day
Security researchers
Industry renown researchers
Build models that can
automatically classify and
score domains and IPs
Models
Dozens of models continuously
analyze millions of live events
per second
Automatically uncover malware,
ransomware, and other threats
![Page 32: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/32.jpg)
What is Umbrella?
a) DNS Securityb) Ransomware Protection for all
devicesc) Protecting you when you are on
network onlyd) All of the abovee) A + B
![Page 33: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/33.jpg)
WHY?
Top Use Cases Using Umbrella
OFF-NETWORK SECURITY
50% of PCs are already mobile1
DIRECT-TO-NET OFFICES / GUEST WIFI
70% of offices already go direct2
PROACTIVE AND PREDICTIVE SECURITY
70-90% of malware is unique to each org3
IMPROVED INCIDENT
RESPONSE
Only 4% of alerts are investigated per
week
SIMPLIFIED SECURITY & VISIBILITY
Mean time-to-contain threats 26-39 hours4
Sources: (1) Gartner, (2) Forrester, (3) Verizon,
![Page 34: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/34.jpg)
Enterprise-wide deployment in minutes
DEPLOYMENT
Existing
DNS/DHCP servers,
Wi-Fi APs
Simple config
change to
redirect DNS
ISR4K(today)
WLC(today)
Network footprint
Provisioning and policies per VLAN/SSID;
tags for granular filtering and reporting
Out-of-the-box integration
(Umbrella virtual appliance also available)
Meraki MR
Endpoint footprint
Granular filtering and
reporting on- & off-network
(Umbrella roaming client
also available)
AnyConnect roaming module
Cisco Security Connector
vEdge(future)
![Page 35: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/35.jpg)
Protecting Your Endpoints
![Page 36: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/36.jpg)
Typically
updates 2
times a day
Typically once a
week older
machines once a
month or never
Can take hrs /
Days to complete
a full Scan
![Page 37: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/37.jpg)
![Page 38: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/38.jpg)
Should Ransomware happen, would you pay the ransom?
a) Yesb) Noc) Depends on
value of data
![Page 39: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/39.jpg)
Permanent Innovation makes Prevention a Non Ending Game
BRKSEC-2139 39
1. Cyber Criminal Organizations are like IT companies
2. Security companies innovate Every Day to Protect youBetter
3. Cyber Criminals innovate Every Day to Breach youBetter
![Page 40: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/40.jpg)
INTERNET
MALWARE
C2/BOTNETS
PHISHING
AV
AV
AV AV
ROUTER/UTM
AV AV
ROUTER/UTM
SANDBOX
PROXY
NGFW
NETFLOW
AV AV
AV AV
MID
LAYER
LAST
LAYERMID
LAYER
LAST
LAYER
MID
LAYER
FIRST
LAYER
Where Do You Enforce Security?
Perimeter
Perimeter Perimeter
Endpoint
Endpoint
CHALLENGES
Too Many Alerts via Appliances & AV
Wait Until Payloads Reaches Target
Too Much Time to Deploy Everywhere
BENEFITS
Alerts Reduced 2-10x; Improves Your SIEM
Traffic & Payloads Never Reach Target
Contain Malware if already inside
Internet is faster not slower
AMP AMPAMP AMP
AMP AMP
AMP AMP
AMP
AMP
Data At Rest
Intra Cloud Traffic
Public / Private Cloud
![Page 41: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/41.jpg)
How are we helping customers today with Umbrella?
![Page 42: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/42.jpg)
![Page 43: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/43.jpg)
Next Steps
![Page 44: Simple and Effective Security Lewis Tan CISSP, OPST · Lewis Tan CISSP, OPST Regional Sales Specialist, ATS Asia Simple and Effective Security. Branch office HQ Airport. Productivity](https://reader030.vdocuments.us/reader030/viewer/2022041100/5ed87b3f86e3a10d342b89e0/html5/thumbnails/44.jpg)
Easiest security trial you’ll ever deploy
UmbrellaStart blocking in minutes
Signup1
2 Point your DNS
3 Done