the internet of everything is changing everything€¦ · everything is changing everything ....

39
The Internet of Everything is changing Everything

Upload: others

Post on 23-Jun-2020

33 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

The Internet of Everything is changing Everything

Page 2: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

Intelligent Threat Defense for the Enterprise Mobility

Nikos Mourtzinos, CCIE #9763

Global Security Sales Organization

Page 3: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

Any Device to Any Cloud

PRIVATE CLOUD

PUBLIC CLOUD

HYBRID CLOUD

Changing Business Models

Page 4: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

Internet of Things…and Everything

Every company becomes a technology company,

Every company becomes a security company

Page 5: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

Cisco Confidential 5 ©2014 Cisco and/or its affiliates. All rights reserved.

The Industrialization of Hacking

2000 1990 1995 2005 2010 2015 2020

Viruses 1990–2000

Worms 2000–2005

Spyware and Rootkits 2005–Today

APTs Cyberware Today +

Hacking Becomes an Industry

Sophisticated Attacks, Complex Landscape

Phishing, Low Sophistication

Page 6: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

Cisco Confidential 6 ©2014 Cisco and/or its affiliates. All rights reserved.

How Industrial Hackers Monetize the Opportunity

Social Security

$1

Medical

Record

>$50

DDOS

as a Service

~$7/hour

Cisco Confidential 6 ©2014 Cisco and/or its affiliates. All rights reserved.

WELCOME TO THE HACKERS’ ECONOMY Source: RSA/CNBC

DDoS

Credit

Card Data

$0.25-$60

Bank Account Info

>$1000 depending on account

type and balance

$

Exploits

$1000-$300K

Facebook

Account

$1 for an account

with 15 friends

Spam

$50/500K emails

Malware

Development

$2500 (commercial malware)

Global

Cybercrime

Market:

$450B

Mobile Malware

$150

Page 7: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

What do these companies have in common ?

Page 8: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

Cyber attacks are one of the unfortunate realities of doing business today.

All were smart, all had security All were seriously compromised.

Today’s Reality….

Page 9: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

Cisco Confidential 9 ©2014 Cisco and/or its affiliates. All rights reserved.

“Five Things Boards Should do about Cybersecurity NOW”

Many Organizations have Cybersecurity tucked away in

IT departments. It’s time to bring it up and dust it off.

Know the scope of risk to the organization 2

Decide what your crown jewels are 3

Know the regulations 4

Know where to spend 5

Understand the problem 1

Cisco Confidential 9 ©2014 Cisco and/or its affiliates. All rights reserved.

Page 10: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10

The Security Problem

Changing

Business Models

Dynamic

Threat Landscape

Complexity

and Fragmentation

Page 11: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

Collective Security Intelligence

NGFW

Secure Access + Policy Control

VPN NGIPS

Web Security

Email Security

Advanced Malware Protection

Network Behavior Analysis

BEFORE Discover

Enforce

Harden

AFTER Scope

Contain

Remediate

Attack Continuum

Detect

Block

Defend

DURING

Cisco Threat-Centric Security Model

Page 12: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

Enhanced Security & Cost Savings

Superior Network

Visibility

Rogue hosts, Vulnerabilities,

Applications, OS, Servers, Mobiles

Impact Assessment &

Correlation

Industry Leading

Threat Detection

Threat correlation reduces

actionable events by up to 99%

Automated Tuning

Adjust IPS policies automatically

based on network changes

Continuous Analysis,

Trajectory

Remediation

Page 13: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13

Network Servers

Operating Systems

Routers and

Switches

Mobile Devices

Printers

VoIP Phones

Virtual Machines

Client Applications

Files

Users

Web Applications

Application Protocols

Services

Malware

Command and Control

Servers

Vulnerabilities

NetFlow

Network Behavior

Processes

Cisco Sees More Than the Competition

Rogue hosts, Vulnerabilities,

Applications, OS, Servers, Mobiles

Superior Network

Visibility

Page 14: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14

Superior Network Visibility Geolocation

Superior Network

Visibility

Rogue hosts, Vulnerabilities,

Applications, OS, Servers, Mobiles

Page 15: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15

Automated Tuning

Adjust IPS policies automatically

based on network changes

Automated Tuning

• Automated Recommended Rules customized & based on Customer’s Infrastructure

• Automated IPS Policies based on network changes

• Simplifies Operations & Reduces Costs

Page 16: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16

Impact Assessment & Correlation Impact Assessment &

Correlation

Determine the relevance and impact of

the attack

With automated impact assessment,

intrusion events requiring manual

investigation are typically reduced

by more than 90%.

1

2

3

4

0

IMPACT FLAG ADMINISTRATOR

ACTION

Act Immediately;

Vulnerable

Investigate;

Potentially

Vulnerable

Good to Know;

Currently Not

Vulnerable

Good to Know;

Unknown Target

Good to Know;

Unknown Network

Page 17: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17

Actual Disposition = Bad = Blocked

NGFW

NGIPS

Initial Disposition = unknown

Point-in-time Detection

Retrospective Detection, Analysis Continues

Initial Disposition = unknown

Continuous

Blind to scope of

compromise

Sleep Techniques

Unknown Protocols

Encryption

Polymorphism

Actual Disposition = Bad = Too Late!!

Turns back time Visibility and Control are Key

Not 100%

Analysis Stops Continuous Analysis,

Trajectory

Remediation

Remediation

Page 18: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

18 C97-728331-00 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Control

Cisco

AnyConnect®

Cisco

IPS

Cisco CWS

WWW

Cisco WSA Cisco ASA Cisco ESA

Visibility

WWW

Web

Endpoints

Devices

Networks

Email

IPS

Cisco Security Intelligence Outstanding cloud-based global threat intelligence

1.6 million global sensors

100 TB of data received per day

150 million+ deployed endpoints

35% worldwide email traffic

16 billion web requests

24x7x365 operations

40+ languages

600+ engineers, technicians, and researchers

80+ PH.D., CCIE, CISSP, AND MSCE users

More than US$100

million spent on dynamic research and development

3- to 5- minute updates

5,500+ IPS signatures produced

8 million+ rules per day

200+ parameters tracked

70+ publications produced

Info

rmation

U

pd

ate

s

Industry Leading

Threat Detection

Big Analytics

Sandbox

Advanced Malware

SIO

Sourcefire VRT

ThreatGrid

Cognitive Security

Page 19: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19

Threats by the Numbers

7399 CVE Entries in 2013 a 10% increase from 2012

1,100,000 Incoming Malware Samples Per Day, Increasing Daily –

400K AV Blocks

4.2 Billion Web Filtering Blocks Per Day

peak of

6.4 Billion daily blocks

1 Billion Reputation Queries Per Day

Industry Leading

Threat Detection

The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and

exposures

Page 20: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20

Industry Leading Threat Detection Industry Leading

Threat Detection

Cisco

Best Protection Value

99.2%

Security

Effectiveness

The NGFW Security Value Map

shows the placement of Cisco

ASA with FirePOWER Services

as compared to other vendors.

Cisco achieved 99.2 percent in

security effectiveness and now all

can be confident that they will

receive the best protections

possible

Source: NSS Labs 2014

Page 21: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21

NSS Labs Next-Generation Firewall Reports: Cisco ASA with FirePOWER Services Excels

http://www.cisco.com/web/offers/NSSLabsReportNGFW.html?keycode=000551632

Page 22: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22

Perimeter Security

Firewall

IPS

Web Sec

Email Sec

Customized Threat Bypasses Security Gateways

Security Inside Perimeter

AMP

Page 23: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23

The User to Device Ratio Has Changed

What is all this stuff

on my network?!!!

Page 24: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24

COMMON POLICY, MANAGEMENT & CONTEXT

Who/What is currently connected on the Network ? How Do I Control Who and What Access the Network/Resources? How to Quarantine a User ?

Page 25: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25

Who What Where When How

Virtual machine client, IP device, guest, employee, and remote user

Cisco Identity

Services Engine

Wired Wireless VPN

Business-Relevant

Policies

Identity Context Policy Management Increases Operational

Efficiency

Onboarding & Remediation

Increases Productivity and Improves

User Experience

Device Profiling & Posture Provides Comprehensive Secure Access

Mobile Device Management

Network Enforcement Decreases Operational Costs

All-in-One Enterprise Policy Control

Page 26: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26

Cisco Identity Services Engine

Who?

When?

Where?

How?

What?

Employee Guest

Personal Device Company Asset

Wired Wireless VPN

@ Coffee Shop Headquarters

Weekends (8:00am – 5:00pm)

Page 27: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27

802.1x,

MAC-Authentication Bypass (MAB)

Web Authentication

Page 28: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28

Non-User Device

Page 29: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29

Page 30: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30

Guest Management

Page 31: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31

ISE 1.3.1 Mobile Enablement with AnyConnect 4.0

Configuration

Email & Calendar

Network Access (Wi-Fi / VPN)

Exchange Active Sync

Restriction (camera usage)

App Distribution / Public Stores

Compliance Enforcement Set the PIN lock

Enable Passcode - Screen Lock

Enable Disk Encryption

Restrict Jailbroken device

Security

Locate lost/stolen Device

Lock /Unlock Device

Remote Wipe Device

Remove / Unenroll Device

from Network

Restore factory default

Page 32: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32

Putting It All Together

?

Event History

How

What

Who

Where

When

NGFW

Secure Access / Policy Control

VPN

Discover, Enforce, Harden

BEFORE

NGIPS

Web Security

Email Security

Detect, Block, Defend

DURING

Page 33: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33

Putting It All Together

How

What

Who

Where

When

Event History

NGFW

Secure Access / Policy Control

VPN

Discover, Enforce, Harden

BEFORE

NGIPS

Web Secuirty

Email Security

Detect, Block, Defend

DURING Advanced Malware Protection

Network Behavior Analysis

Scope, Contain, Remediate

AFTER

Page 34: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34

Putting It All Together

Event History

How

What

Who

Where

When

NGFW

Secure Access / Identity Services

VPN

Discover, Enforce, Harden

BEFORE

NGIPS

Web Secuirty

Email Security

Detect, Block, Defend

DURING Advanced Malware Protection

Network Behavior Analysis

Scope, Contain, Remediate

AFTER

Patient ZERO

How The Malware Spread

STOP The Malware From Spreading

REMEDIATE

Page 35: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2014 Cisco and/or its affiliates. All rights reserved. 35

Continuous File Analytics

Sandbox Reputation Determination

Visibility, Context and Control • Determine Scope:

• File Trajectory: systems impacted, point of entry,

file type, protocol, direction, etc…

• Correlated contextual events: Users, apps, threats, etc…

• Retrospective Detection

• IoC Determination

Intelligent Cybersecurity with Integrated Threat Defense in action

3

AMP for Endpoints • Integrated or standalone

• PC, mobile & virtual

• Malware Detection

• Automated IoC detection

• Trajectory

• File Analysis

• Outbreak Control

AMP for Networks,

Sandbox • Malware detection/blocking

• File detection/blocking

• CNC detection/blocking

• File Dynamic Analysis

• Threat Analytics

4

Wired Wireless VPN

Contextual and Consistent Policies across the entire

Campus Network & D/C (User/Device/Access method,

Network location), BYOD, Device Profiling

1

Security Gateways • NGFW

• NGIPS

• Web Security Gateways

• Email Security Gateways

• AMP Services for Gateways

Identity & Control

2

Page 36: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36

Ecosystem and Integration

Combined API Framework

BEFORE Policy and

Control

AFTER Analysis and Remediation

Detection and Blocking

DURING

Infrastructure & Mobility

NAC Vulnerability Management Custom Detection Full Packet Capture Incident Response

SIEM Visualization Network Access Taps

Page 37: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37

“So do any network security vendors understand data center and what’s needed to accommodate network security? Cisco certainly does.”

“Cisco is disrupting the advanced threat defense industry.”

“… AMP will be one of the most beneficial aspects of the [Sourcefire] acquisition.”

“Based on our (Breach Detection Systems) reports, Advanced Malware Protection from Cisco should be on everyone’s short list.”

2014 Vendor Rating for Security: Positive

Recognition Market

“The AMP products will provide deeper

capability to Cisco's role in providing

secure services for the Internet of

Everything (IoE).”

Page 38: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38

Your First step to Threat Focused Security FirePOWER Services for ASA

Start today!

• Bring the worlds most secure firewall platform capabilities to the top cyber-security platform

• Let us show you what you are missing

• Put Cisco in behind of your existing NGFW to show you what threats you aren’t seeing

Page 39: The Internet of Everything is changing Everything€¦ · Everything is changing Everything . Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763