this session was recorded via cisco webex! you can watch the...
TRANSCRIPT
![Page 1: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/1.jpg)
Cisco Customer EducationMalware, Malware Everywhere - Battle 21st Century Security Threats with Cisco
This session was recorded via Cisco WebEx! You can watch the live session recording via the following URL:
https://acecloud.webex.com/acecloud/lsr.php?RCID=2a9e13dcb37a4721b5c9fc97052488bb
Thanks for your interest and participation!
This session was recorded via Cisco WebEx! You can watch the live session recording via the following URL:
https://acecloud.webex.com/acecloud/lsr.php?RCID=9179b646be6a4f03a3480b1a1db8d72b
![Page 2: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/2.jpg)
Cisco Customer EducationMalware, Malware Everywhere - Battle 21st Century Security Threats with Cisco
This session was recorded via Cisco WebEx! You can watch the live session recording via the following URL:
https://acecloud.webex.com/acecloud/lsr.php?RCID=2a9e13dcb37a4721b5c9fc97052488bb
Thanks for your interest and participation!
This session was recorded via Cisco WebEx! You can watch the live session recording via the following URL:
https://acecloud.webex.com/acecloud/lsr.php?RCID=a95525d3a4d94e6887d6edc67ddd0e24
Connect using the audio conference box or you can call into the meeting:1. Toll-Free: (866) 432-99032. Enter Meeting ID: 201 146 961 3. Press “1” to join the conference.
![Page 3: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/3.jpg)
Presentation Agenda
► Welcome from Cisco
► Security in the 21st Century
► Mid-Year Security Report
► Talos and Advanced Malware Protection
► Next Generation Threat Protection
► Conclusion
Priors:Cisco Sales and Channels (11 yrs)President and CEO (6 yrs) - Cisco Premier Partner Director of Sales (2 yrs) - Cisco Silver PartnerFinancial Analyst (7 yrs) - Sprint Corporation
About Your HostBrian AveryTerritory Business ManagerCisco Systems, [email protected]
► Conclusion
![Page 4: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/4.jpg)
Who Is Cisco?
![Page 5: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/5.jpg)
Cisco Confidential 5
Computer scientists, Len Bosack and Sandy Lerner found Cisco Systems
Bosack and Lerner run network cables between two different buildings on the Stanford University campus
A technology has to be invented to deal with disparate local area protocols; the multi-protocol router is born
1984
![Page 6: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/6.jpg)
WellFleet
SynOptics
3Com
ACC
DEC
Proteon
IBM
Bay Networks
Newbridge
Cabletron
Ascend
Fore
Xylan
3ComNortel
Ericsson
Alcatel
JuniperLucent
Siemens
NECFoundry
Redback
Riverstone
Extreme AristaHP
Avaya
Juniper
Huawei
Aruba
Brocade
Checkpoint
Fortinet
ShoreTel
Polycom
Microsoft
F5
Riverbed
Dell
Internet of Everything
1990 –1995 1996 – 2000 2001 – 2007 2008 – Today
The Landscape is Constantly
Changing
Leading for Nearly 30 Years
2016
![Page 7: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/7.jpg)
Cisco Confidential 7
Who Is Cisco?
Chuck Robbins,CEO, Cisco
• Dow Jones Industrial AverageFortune 100 Company (AAPL, CSCO, INTC, MSFT)
• $117B Market Capitalization
• $49.6B in Revenue
• $10B in Annual Net Profits
• $34B More Cash than Debt
• $6.3B in Research and Development
http://finance.yahoo.com/q/ks?s=CSCO+Key+Statistics
![Page 8: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/8.jpg)
No. 1Voice
41%
No. 1TelePresence
50%
No. 1Web
Conferencing43%
No. 1Wireless LAN
50%
No. 2x86 Blade Servers
29%
No. 1RoutingEdge/Core/
Access
47%
No. 1Security
31%
No. 1SwitchingModular/Fixed
65%
No. 1Storage Area
Networks47%
Market Leadership Matters
![Page 9: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/9.jpg)
CCE is an educational session for current and prospective Cisco customers
Designed to help you understand the capabilities and business benefits of Cisco technologies
Allow you to interact directly with Cisco subject matter experts and ask questions
Offer assistance if you need/want more information, demonstrations, etc.
What Is the Cisco Customer Education Series?
![Page 10: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/10.jpg)
Security in the 21st Century
![Page 11: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/11.jpg)
Cisco Confidential 11© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Remember This Movie?
http://www.imdb.com/title/tt0086567/
![Page 12: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/12.jpg)
Global Cybercrime Market $450B‒$1T
It’s All About The MoneyIndustrial Hackers Are Making Big Money with Innovative Tactics
1990 1995 2000 2005 2010 2015 2020
Viruses1990–2000
Worms2000–2005
Spyware and Rootkits2005–Today
APTs CyberwareToday +
Phishing, Low Sophistication Hacking Becomes
an Industry Sophisticated Attacks, Complex Landscape
of large companies targeted by malicious traffic95% of organizations interacted
with websites hosting malware100% 1. Cybercrime is lucrative, barrier to entry is low2. Hackers are smarter and have the resources to compromise your organization3. Malware is extremely sophisticated and complex4. Cybercrime is now a formal, for-profit industry
Source: 2014 Cisco Annual Security Report
![Page 13: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/13.jpg)
Cisco Confidential 13© 2013-2014 Cisco and/or its affiliates. All rights reserved.
High Profile Breaches
As of 12/31/2014 http://www.idtheftcenter.org/images/breach/DataBreachReports_2014.pdf
1,000,000
70,000,000
56,000,0002,600,000
1,100,000
And Yet…Organizations of every size are targets
60% of UK small businesses were compromised in 2014 (2014 Information Security Breaches Survey)
100% of corporate networks examined had malicious traffic(Cisco 2014 Annual Security Report)
41% of targeted attacks are against organizations with fewer than 500 employees (July 2014 The National Cyber Security Alliance (NCSA)
41% of targeted attacks are against organizations with fewer than 500 employees (July 2014 The National Cyber Security Alliance (NCSA)
![Page 14: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/14.jpg)
Today’s cyber-threat reality
If you know you are going to be compromised, how should you do security
differently?
Why? Because you’ll never be able to prevent 100% of
attacks.
Your environmentwill get breached –it’s not an “IF” it’s a
“WHEN”
![Page 15: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/15.jpg)
The Attack Surface
![Page 16: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/16.jpg)
Attack surface – web browsers
More than
85% of the companies studied were affected each month by malicious browser extensions
![Page 17: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/17.jpg)
Users becoming complicit enablers of attacksUntrustworthy sources
Clickfraud and Adware
Outdated browsers 10% 64%IE requests running latest version
Chrome requests running latest version
vs
Attack surface – user error on web
![Page 18: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/18.jpg)
Attackers:Shifts in the attack vectors
Java
Silverlight
Flash
Java drop 34%
Silverlight rise 228%
PDF and Flash steady
Log Volume
2015 Cisco Annual Security Report
Attack surface – web applications
![Page 19: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/19.jpg)
Attackers:
Malvertising is on the rise: low-limit exfiltration makes infection hard to detect
In October 2014, there is a spike of
250%
Compromising without clicking
![Page 20: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/20.jpg)
Ransomware and Exploit Kits, e.g. Cryptowallversion 4
Encryption technique allows per-target customization
Marking systems and files have already been encrypted
Using Bitcoin for anonymous payment
Dual deadlines for:1.Cost increase2.Deleting data
![Page 21: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/21.jpg)
Phishing and Social Engineering
![Page 22: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/22.jpg)
Attackers:
A growing appetite to leverage targeted phishing campaigns
Example: Snowshoe SPAM attack
SPAM up
250%
Attack surface - email
![Page 23: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/23.jpg)
Social EngineeringWaiting for his plane
Meet Brian, an employee at Sysco (not Cisco).
He is catching up on life using the public Wi-Fi at Starbucks prior to a meeting.
Brian decides to check on Facebook where his Mom had posted pictures of her vacation.
![Page 24: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/24.jpg)
Social EngineeringChecks his email
Brian then gets an email from his mom.
The email says she’s having a great vacation and took a video she wants him to see. In the email is a link to what looks to be a normal video link.
Your Tropical Getaway
Joe,
Thank you for choosing us. We look forward to seeing you.
Before your arrival, please verify your information here: www.vacationresort.com
Best,Resort Team
No problem, right? Everything looks normal. After all, his mom IS on vacation.
And the video site has an https: so it looks trustworthy, so he clicks the link.
![Page 25: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/25.jpg)
Social EngineeringJoe is now infected
Brian opens the link and a video of the resort plays.
Although he doesn’t know it, Brian’s device has been compromised by a Silverlight based video exploit.
The malware now starts to harvest Brian’s confidential information:
• Passwords
• Credentials
• Company access authorizations
Why did the cybercriminal target Brian?
![Page 26: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/26.jpg)
Cisco Security Overview
![Page 27: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/27.jpg)
Too Many Disparate Security Products Mean Gaps in Protection
Fragmented offerings across multiple vendors
Cost
Higher total cost to build and run
Overall performance
Less communication between components
Time to detection
More lag in finding threats
![Page 28: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/28.jpg)
![Page 29: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/29.jpg)
Too Many Disparate Security Products Mean Gaps in Protection
vs
Fragmented offerings across multiple vendors
Streamlined advanced security solution
Cost
Lower opex and easier to manage
Higher total cost to build and run
Overall performance
Less communication between components
Better communication and integration
Time to detection
Faster time to detection
More lag in finding threats
![Page 30: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/30.jpg)
Antivirus
Legacy IPSInitial Disposition = Clean Actual Disposition = Bad
Too Late!!
Analysis Stops
Even
t Hor
izon Sleep Techniques
Unknown ProtocolsEncryptionPolymorphism
Blind to scope of compromise
Point-in-Time Detection Tools Alone Are Insufficient and Provide Limited or No Visibility Into Threats Once They Get in
Not 100%
![Page 31: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/31.jpg)
I'm going for fearsome here, but I just don't feel it!
I'm think I'm just coming off as annoying.
Competitors
![Page 32: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/32.jpg)
What’s Needed to Protect Against Advanced Threats That Manage to Slip by YourFront-Line Defenses?
Deep Visibility
Control
+
![Page 33: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/33.jpg)
Defending Against These Advanced Threats Requires Greater Visibility and Control Across the Full Attack Continuum
BeforeDiscover EnforceHarden
DuringDetect Block
Defend
AfterScope
ContainRemediate
Attack Continuum
Data Center/Servers EndpointsEmail and Web Network Mobile
Threat intelligence and analytics
Point-in-Time detection
Retrospective security and continuous analysis
![Page 34: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/34.jpg)
Defending Against These Advanced Threats Requires Greater Visibility and Control Across the Full Attack Continuum
BeforeDiscover EnforceHarden
DuringDetect Block
Defend
AfterScope
ContainRemediate
FireSIGHT and pxGrid
ASA VPN
OpenDNS Meraki
Advanced Malware Protection
Network as Enforcer
NGIPS
ESA/WSA
CWSSecure Access + Identity Services ThreatGRID
Attack Continuum
![Page 35: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/35.jpg)
Cisco Advanced Malware Protection
AMP
![Page 36: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/36.jpg)
Cisco Advanced Malware Protection
Software-as-a-ServiceCloud Managed
Subscription Based
![Page 37: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/37.jpg)
![Page 38: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/38.jpg)
THREAT LANDSCAPE
1.5 Million
![Page 39: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/39.jpg)
THREAT LANDSCAPE
![Page 40: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/40.jpg)
![Page 41: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/41.jpg)
THREAT LANDSCAPE
![Page 42: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/42.jpg)
Cisco Secur i ty Decreases Time to Detect ion
42
Current Industry Average (TTD)
100 days- Source: 2016 Cisco Annual Security Report
![Page 43: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/43.jpg)
Cisco Secur i ty Decreases Time to Detect ion
43
100 days to 13.8 hours- Source: 2016 Cisco Annual Security Report
![Page 44: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/44.jpg)
Point in Time Protection
![Page 45: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/45.jpg)
Point-in-Time DetectionAMP Delivers the First Line of Defense, Blocking Known and Emerging Threats with Point-in-Time Defenses
One-to-one signature
Fuzzy finger-printing
Machine learning
Advanced analytics
Static and dynamic analysis (sandboxing)
Offer better accuracy and dispositioning
Block known and emerging threats
Protect your business with no lag
Automatically stop as many threats as possible, known and unknown
![Page 46: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/46.jpg)
Dynamic Analysis
Machine Learning
Fuzzy ger-printing
Advanced Analytics
Indications of Compromise
Device Flow Correlation
Behavioral Detection: ExamplePoint-in-Time Detection Retrospective Security
Cisco Collective Security Intelligence
Collective Security Intelligence Cloud
File of unknown disposition is encountered1
File replicates itself and this information is communicated to the cloud
2
File communicates with malicious IP addresses or starts downloading files with known malware disposition
3
Combination of activities indicates a compromise and the behavior is reported to the cloud and AMP client
4
These indications are prioritized and reported to security team as possible compromise
5
![Page 47: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/47.jpg)
namic alysis
Advanced Analytics
Device Flow Correlation
Behavioral Detection: ExamplePoint-in-Time Detection Retrospective Security
Cisco Collective Security Intelligence
Collective Security Intelligence Cloud
IP: 64.233.160.0
Device Flow Correlation monitors communications of a host on the network
1
Two unknown files are seen communicating with a particular IP address
2
One is sending information to the IP address, the other is receiving commands from the IP address
3
Collective Security Intelligence Cloud recognizes the external IP as a confirmed, malicious site
4
Unknown files are identified as malware because of the association
5
![Page 48: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/48.jpg)
TrajectoryBehavioralIndications
of Compromise
BreachHunting
nuous ysis
Attack Chain Weaving
Behavioral Indications of Compromise: Example
Point-in-Time Detection Retrospective Security
Cisco Collective Security Intelligence
Behavioral Indications of Compromise uses continuous analysis and retrospection to monitor systems for suspicious and unexplained activity… not just signatures!
Using the power of Attack Chain Weaving, Cisco® AMP is able to recognize patterns and activities of a given file, and identify an action to look for across your environment rather than a file fingerprint or signature
An unknown file is admitted into the network
1The unknown file copies itself to multiple machines
2Duplicates content from the hard drive
3Sends duplicate content to anunknown IP address
4
![Page 49: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/49.jpg)
How Malware Gets In to Your Network
Breach Prevention Rapid Breach Detection, Response, Remediation Threat Intelligence
![Page 50: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/50.jpg)
But Point-in-Time Detection Alone Will Never Be100% Effective
![Page 51: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/51.jpg)
Continuous Analysis and Retrospective SecurityOnly AMP Continuously Monitors and Analyzes All File Activity, Regardless of Disposition
Across all control points
To answer the questions that matter…
Take advantage of key capabilities
Web
WWW
EndpointsEmail Network
Mobile
Track it’s rate of progression and how it spread
See what it is doingIdentify a threat’s point of origin
See where it's been Surgically targetand remediate
![Page 52: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/52.jpg)
Continuous Analysis and Retrospective Security
0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110
1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
Web
WWW
Endpoints NetworkEmail DevicesIPS
File Fingerprint and Metadata
Process Information
Continuous feed
Continuous analysis
File and Network I/O
Breadth and Control points:
Telemetry Stream
Talos + Threat Grid Intelligence
TrajectoryBehavioralIndications
of Compromise
Threat Hunting
Retrospective Detection
![Page 53: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/53.jpg)
If Something Gets in, Retrospective Security Helps You Find Answers to the Most PressingSecurity Questions
What happened?Where did the malware come from?Where has the malware been?What is it doing?How do we stop it?
See AMP in Action!
![Page 54: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/54.jpg)
See Where It Entered the System
What happened?
Track threat’s origin and progression: • How did it get into the system• What is the point of origin• What was the attack vector
Where has the malware been?What is it doing?How do we stop it?
Where did the malware come from?
See AMP in Action!
![Page 55: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/55.jpg)
See Everywhere That It Has Been
What happened?Where did the malware come from?Where has the malware been?
What is it doing?How do we stop it?
Track infected areas in the system: • Where is the attack now• What other endpoints have seen it• Where should I focus my response• Where is still safe
See AMP in Action!
![Page 56: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/56.jpg)
Determine What the Malware Is Doing
What happened?Where did the malware come from?Where has the malware been?What is it doing?
How do we stop it?
Understand the details of how themalware works: • What is it trying to do, in plain English• How does the malware behave• Get detailed information vital for
incident response
See AMP in Action!
![Page 57: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/57.jpg)
Stop It with a Few Clicks
Where did the malware come from?Where has the malware been?What is it doing?
Knowing the details above,surgically remediate: • Stop it at the source and all infected areas• Simply right click, add to a blocklist, and
remediate the malware from theentire system
What happened?
How do we stop it?
See AMP in Action!
![Page 58: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/58.jpg)
The Leader in Security Effectiveness
99.2% Security Effectiveness rating in BDS testing, the highest of all vendors tested.
Only vendor to block 100% of evasion techniquesduring testing.
Excellent performance with minimal impact on network, endpoint, or application latency.
Download the flysheet and full report here.
Cisco AMP offers superior security effectiveness, excellent performance, and provides security across more attack vectors than any other vendor
![Page 59: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/59.jpg)
Next-Generation Security
![Page 60: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/60.jpg)
The AMP Everywhere ArchitectureAMP Protection Across the Extended Network for an Integrated Threat Defense
AMPThreat Intelligence
Cloud
Windows OS Android Mobile Virtual MAC OSCentOS, Red Hat Linux for servers and datacenters
AMP on Web and Email Security Appliances
AMP on Cisco® ASA Firewall with Firepower Services
AMP Private Cloud Virtual Appliance
AMP on Firepower NGIPS Appliance
(AMP for Networks)
AMP on Cloud Web Security and Hosted Email
CWS/CTA
Threat GridMalware Analysis + Threat
Intelligence Engine
AMP on ISR with Firepower Services
AMP for Endpoints
AMP for Endpoints
Remote Endpoints
AMP for Endpoints can be launched from AnyConnect
AMP on MerakiMX Appliances
![Page 61: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/61.jpg)
Cisco Confidential 61© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Introducing Cisco Adaptive Security Appliances
Industry’s First Threat-Focused NGFW
• Integrating defense layers helps organizations get the best visibility
• Enable dynamic controls to automatically adapt
• Protect against advanced threats across the entire attack continuum
Proven Cisco ASA firewalling
Industry leading NGIPS and AMP
Cisco ASA with FirePOWERServices Next-Generation
Firewall (NGFW)
Cisco ASA with FirePOWER Services
![Page 62: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/62.jpg)
Cisco Confidential 62© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Superior Integrated & Multilayered Protection
Cisco ASA
URL Filtering(Subscription)FireSIGHT
Analytics & Automation
Advanced Malware
Protection(Subscription)
Application Visibility & ControlNetwork Firewall
Routing | Switching
Clustering & High Availability
WWW
Cisco Collective Security Intelligence Enabled
Built-in Network Profiling
Intrusion Prevention
(Subscription)
World’s most widely deployed, enterprise-class ASA stateful firewall
Granular Cisco® Application Visibility and Control (AVC)
Industry-leading FirePOWERnext-generation IPS (NGIPS)
Reputation- and category-based URL filtering
Advanced malware protection
Identity-Policy Control & VPN
![Page 63: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/63.jpg)
Cisco Confidential 63© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Malware
Client applications
Operating systems
Mobile Devices
VOIP phones
Routers & switches
Printers
C & C Servers
Network Servers
Users
File transfers
Web applications
Applicationprotocols
Threats
No other NGFW offers this level of visibility• The more infrastructure you see, the better protection you get
Typical IPS
Typical NGFW
Cisco ASA with FirePOWER Services
![Page 64: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/64.jpg)
Cisco Confidential 64© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Meraki MR Wireless LAN
Meraki MX Security
Appliances
Meraki MS Ethernet Switches
Cisco Meraki - Cloud Managed Networking
Meraki SMEEnterprise Mobility
ManagementMC
Communications
![Page 65: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/65.jpg)
Application ControlTraffic Shaping, Content Filtering, Web Caching
SecurityNG Firewall, Client VPN, Site to Site VPN, IDS/IPS
NetworkingNAT/DHCP, 3G/4G Cellular, Static Routing, Link Balancing
![Page 66: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/66.jpg)
Best IPS SOURCEfire IDS / IPS, updated every day
Anti-MalwareAdvanced Malware Protection powered by Cisco Sourcefire and Talos
Content Filtering 4+ billions URLS, updated in real-time
Geo-basedsecurity Block attackers from rogue countries
AV / anti-phishing Kaspersky AV, updated every hour
PCI compliance PCI L1 certified cloud-based management
![Page 67: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/67.jpg)
Enterprise License Advanced Security License
Stateful firewall
Site to site VPN
Branch routing
Internet load-balancing (over dual WAN)
Application control
Web caching
Intelligent WAN (IWAN)
Client VPN
`
All enterprise features, plus
Content filtering (with Google SafeSearch)
Kaspersky Anti-Virus and Anti-Phishing
SourceFire IPS / IDS
Geo-based firewall rules
Advanced Malware Protection (AMP)
![Page 68: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/68.jpg)
Cisco Email Security
![Page 69: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/69.jpg)
Cisco Confidential 69© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco SensorBase: Email Reputation Database
Complaint Reports IP Blacklists and Whitelists
Domain Blacklist and Safelists
Compromised Host Lists
Website Composition Data
Other DataGlobal Volume Data
Message Composition Data
Spam Traps
+100-10
IP Reputation Score
Breadth and quality of data make the difference
![Page 70: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/70.jpg)
Cisco Confidential 70© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Email Security Architecture
Threat Defense
Antispam
Antivirus and Virus Outbreak Filter
Data Security
Data Loss Prevention
Encryption
Management
![Page 71: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/71.jpg)
Cisco Email Security
ReportingMessage Track
Management
Allow Warn
AdminHQ
Anti-Spam and
Anti-Virus
Mail Flow Policies Data Loss
Protection Encryption
Before DuringX XXX
Inbound Email
Outbound Email
CiscoAppliance Virtual
Talos
Block Partial Block
Outbound Liability
BeforeAfterDuring
Tracking User click Activity
(Anti-Phish)
File Sandboxing & Retrospection
X X XXX
Cloud
ContentControls
X
EmailReputation
AcceptanceControls File
ReputationAnti-SpamAnti-Virus Outbreak
Filters
X
Mail FlowPolicies Graymail
ManagementSafe Unsubscribe
X
Anti-PhishThreatGrid URL Rep & Cat
![Page 72: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/72.jpg)
Cisco Security and OpenDNS
![Page 73: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/73.jpg)
A system for relating names and numbers
Domain = IP Address Amazon.com =
205.251.242.103 Like a library of phone books
What is DNS?Domain Name System
![Page 74: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/74.jpg)
AUTHORITATIVE DNSOwns and publishes the “phone books”
DOMAIN REGISTRAR Maps and records names to #s in “phone books”
RECURSIVE DNSLooks up & remembers
the #s for each name
Types of DNS
![Page 75: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/75.jpg)
Malware validated as “known bad” –91% of all malware - use the Domain Name Service in one of these three ways:
• To gain command and control • To exfiltrate data • To redirect traffic
Few companies are monitoring DNS for security purposes (or monitoring DNS at all).
91%
DNS and Malware
![Page 76: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/76.jpg)
76 CONFIDENTIAL
INTERNET
MALWAREBOTNETS/C2PHISHING
SANDBOXPROXY
NGFWNETFLOW
AV AV
AV AV
AV
AV
AV AV
ROUTER/UTM
AV AV
ROUTER/UTM
HERE?
& HERE?
& HERE?
& HERE?
& HERE?
OR HERE?
Where Do You Enforce Security?
CHALLENGES
Too Many Alerts via Appliances & AV
Wait Until Payloads Reaches Target
Every Payload Scan Slows Things Down
Too Much Time to Deploy Everywhere
BENEFITS
Alerts Reduced 2x; Improves Your SIEM
Traffic & Payloads Never Reach Target
Internet Access Is Faster; Not Slower
Provision Globally in UNDER 30 MINUTES
HQ
Branch Branch
Mobile
Mobile
![Page 77: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/77.jpg)
OpenDNS Works With Everything You Use
FUTURE-PROOF EXTENSIBILITY
ANY NETWORK
Routers, Wi-Fi, SDN
ANY ENDPOINTVPN, IoE ANY
TECHNOLOGYFirewalls, Gateways
SECURE APIs OPEN TO EVERYONE
SECURITY PROVIDERS
FireEye, Cisco, Check
Point
NETWORK PROVIDERS
Meraki, Aruba,Aerohive
CUSTOMERSIn-houseSecurity Systems
![Page 78: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/78.jpg)
Where Does Umbrella Fit?
INTERNET
ON NETWORK
ALLOTHER
TRAFFICWEB
TRAFFICEMAIL
TRAFFIC
INTERNETALL
OTHERTRAFFIC
WEBTRAFFIC
EMAILTRAFFIC
OFF NETWORK
ASAblocks inline by IP, URLor packet
ESA/CESblocks by sender
or content
WSA/CWSblocks by URL or content via proxy
ESA/CESblocks by sender
or content
CWSblocks by URL or content via proxy
Umbrellablocks by domainas well as IP or URL
Umbrellablocks by domainas well as IP or URL
![Page 79: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/79.jpg)
Network As A SensorNework As An Enforcer
![Page 80: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/80.jpg)
Insider Threats
With lateral movement of advanced persistent threats,even external attacks eventually become internal threats
95% of all cybercrimeis user-triggered by
disguisedmalicious links
One out of four breaches are caused by malicious insiders
Two out of three breaches exploit weak
or stolen passwords
![Page 81: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/81.jpg)
Cisco Stealthwatch: Ubiquitous visibility via flow telemetry
81
… your infrastructure is the source:
InternetAmador
Delta
Solano
Border
DMZ
Virtual Hosts
PerimeterDatacenter
WAN Hub
WAN
Access
IDFDatacenter
WAN
DMZ
Access
FlowFlow
Flow
Flow
Flow
Flow
Flow
Flow
Flow
Flow
Flow
Flow
Flow
Flow
FlowFlow
81
![Page 82: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/82.jpg)
enterprise network
Attacker
Perimeter(Inbound)
Perimeter(Outbound)
Infiltration and Backdoor establishment
1
C2 Server
Admin Node
Reconnaissance and Network Traversal
2
Exploitation and Privilege Elevation
3
Staging and Persistence (Repeat 2,3,4)
4
Data Exfiltration
5
Anatomy of a Data Breach
![Page 83: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/83.jpg)
July 2016
Cisco 2016Midyear Cybersecurity ReportHighlights
![Page 84: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/84.jpg)
Asymmetric battles are greater than our ability to respond
Persistent Attacks
Overwhelmed Defenders
Innovative Methods
Fragile Infrastructure
Shifting Tactics
Rising Vulnerabilities
Encryption Dilemma
Global Operations
![Page 85: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/85.jpg)
![Page 86: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/86.jpg)
Security practitioners need to identify and constrain the operational space of the adversaries
![Page 87: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/87.jpg)
Current Threat Landscape
• Evolution of Ransomware• Advances in Malicious
Tradecraft• Questionable Network Hygiene
![Page 88: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/88.jpg)
Encryption technique allows per-target customization
Marking systems and files have already been encrypted
Using Bitcoin for anonymous payment
Dual deadlines for:1.Cost increase2.Deleting data
Ransomware
![Page 89: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/89.jpg)
Self-propagating• Utilization of a vulnerability in a widely deployed product • Replication to all available drives• File infections • Limited brute-force activity • Resilient command and control • Use of other backdoors
Ransomware 2.0
Modular• Autorun.Inf/USB Mass Storage Propagation• Authentication Infrastructure Exploits• Command and Control/Reporting Infections• Rate Limiter• RFC 1918 Target Address Limiter
![Page 90: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/90.jpg)
Attack Vectors: Servers on the HorizonAdversaries expand focus from client-side attacks to server-side attack
In April, Cisco estimated that 10% of all Jboss servers worldwide were compromised.
Adobe Flash vulnerabilities continue to be leveraged by exploit kits.
![Page 91: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/91.jpg)
Lower volume malware for dropping payloadsWormTrojanTrojan-FlashTrojan-RansomwareTrojan-DropperAndroid-Trojan
Attack Methods: A Spectrum of Opportunity
Higher volume malware for gaining accessWindows BinariesFacebook ScamsRedirectorsPacked BinariesAndroid AdwareTrojans
![Page 92: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/92.jpg)
Exploit Kit Activity: Adobe Flash and MalvertisingAdobe Flash and Microsoft Silverlight vulnerabilities are leveraged by most exploit kits
Nuclear Magnitude Angler Neutrino RIGFlash
CVE-2015-7645
CVE-2015-8446
CVE-2015-8651
CVE-2016-1019
CVE-2016-1001
CVE-2016-4117
Silverlight
CVE-2016-0034
Vuln
erab
ilitie
s
![Page 93: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/93.jpg)
Malware Use of HTTPS:HTTPS increased 300% for ad-injectors in the last 4 months.
Ad injection is the biggest contributor. Adversaries are using HTTPS traffic to expand time to operate.
300%Increased
in 4 months
![Page 94: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/94.jpg)
2016 Midyear Cybersecurity Report
www.cisco.com/go/mcr2016
![Page 95: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/95.jpg)
Conclusion
![Page 96: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/96.jpg)
Cisco Provides Threat Intelligence,Point-in-Time Detection, and Continuous Analysis of Files to Defeat Advanced Threats
Attack Continuum
Data Center/Servers EndpointsEmail and Web Network Mobile
Before During AfterBefore
Discover EnforceHarden
DuringDetect Block
Defend
AfterScope
ContainRemediate
Threat intelligence and analytics
Point-in-Time detection
Retrospective security and continuous analysis
![Page 97: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/97.jpg)
Thank You and Next Steps
Brian [email protected]
www.
Learn more about Cisco Security:www.cisco.com/go/security/
Contact Your Cisco Partnerhttps://tools.cisco.com/WWChannels/LOCATR/performBasicSearch.do
![Page 98: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/98.jpg)
• CCE sessions are held weekly on a variety of topics• CCE sessions can help you understand the
capabilities and business benefits of Cisco technologies
• Watch replays of past events and register for upcoming events!
Visit http://cs.co/cisco101 for details
Join us again for a future Cisco Customer Education Event
![Page 99: This session was recorded via Cisco WebEx! You can watch the …ciscofiles.com/cce/cce_08312016.pdf · 2020. 4. 27. · Sophistication Hacking Becomes an Industry Sophisticated Attacks,](https://reader035.vdocuments.us/reader035/viewer/2022071114/5feb293e38a152495a0c3feb/html5/thumbnails/99.jpg)
Thank you.