towards effective security - afceasource: cisco annual security report, 2016 100 vs. less than days...
TRANSCRIPT
![Page 1: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is](https://reader034.vdocuments.us/reader034/viewer/2022050110/5f47e4d4b597d8263e4690d4/html5/thumbnails/1.jpg)
Martin Roesch
Vice President and Chief Architect, Cisco Security Business Group
April 22, 2016
AFCEA Defensive Cyber Operations Symposium
Towards Effective Security
![Page 2: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is](https://reader034.vdocuments.us/reader034/viewer/2022050110/5f47e4d4b597d8263e4690d4/html5/thumbnails/2.jpg)
Security Perspective
2
![Page 3: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is](https://reader034.vdocuments.us/reader034/viewer/2022050110/5f47e4d4b597d8263e4690d4/html5/thumbnails/3.jpg)
The Problem is THREATS
![Page 4: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is](https://reader034.vdocuments.us/reader034/viewer/2022050110/5f47e4d4b597d8263e4690d4/html5/thumbnails/4.jpg)
The Global Hacker Economy is
3x to 5x the size of the security industry.
Industrialization of Hacking.
Source: Center for Strategic and International Studies, 2014
![Page 5: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is](https://reader034.vdocuments.us/reader034/viewer/2022050110/5f47e4d4b597d8263e4690d4/html5/thumbnails/5.jpg)
Cisco ASR 2016 Findings: Attack Awareness Fades Confidence
59% confident in having the latest technology
51% have strong confidence in ability to detect a security weakness in advance
54% have strong confidence in ability to defend against attacks
45% have strong confidence in ability to scope and contain an attack
54% have strong confidence in ability to verify an attack
56% review security policies on a regular basis
-5% 0% -4%
-1% +0% +0%
![Page 6: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is](https://reader034.vdocuments.us/reader034/viewer/2022050110/5f47e4d4b597d8263e4690d4/html5/thumbnails/6.jpg)
If you knew you
were going to be
compromised,
would you do
security differently?
![Page 7: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is](https://reader034.vdocuments.us/reader034/viewer/2022050110/5f47e4d4b597d8263e4690d4/html5/thumbnails/7.jpg)
Source: Cisco Annual Security Report, 2016
Less than 100 VS. DAYS
Industry Cisco
Timeliness Counts
1 Day
Reduced Time to Detection
![Page 8: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is](https://reader034.vdocuments.us/reader034/viewer/2022050110/5f47e4d4b597d8263e4690d4/html5/thumbnails/8.jpg)
No Customer is an Island World-Class Threat Research
19.7B Threats Per Day
1.4M
1.1M
1.8B
1B
8.2B
Incoming Malware
Samples Per Day Sender Base
Reputation Queries
Per Day
Web Filtering
Blocks Per Month
AV Blocks
Per Day
Spyware Blocks
Per Month
260+ Threat Researchers
100 TB Threat Intelligence
![Page 9: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is](https://reader034.vdocuments.us/reader034/viewer/2022050110/5f47e4d4b597d8263e4690d4/html5/thumbnails/9.jpg)
The Threat-Centric Security Model
Visibility and Context
Firewall
App Control
VPN
Patch Mgmt
Vuln Mgmt
IAM/NAC
IPS
Antivirus
Email/Web
IDS
FPC
Forensics
AMD
Log Mgmt
SIEM
Attack Continuum
Discover Enforce Harden
Detect Block
Defend
Scope Contain
Remediate
![Page 10: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is](https://reader034.vdocuments.us/reader034/viewer/2022050110/5f47e4d4b597d8263e4690d4/html5/thumbnails/10.jpg)
The Threat-Centric Security Model
Attack Continuum
Network Endpoint Mobile Virtual Cloud
Point in Time Continuous
Discover Enforce Harden
Detect Block
Defend
Scope Contain
Remediate
![Page 11: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is](https://reader034.vdocuments.us/reader034/viewer/2022050110/5f47e4d4b597d8263e4690d4/html5/thumbnails/11.jpg)
THE STATE OF SECURITY
The Security
Effectiveness Gap Incremental Capability
Mountains of Complexity
![Page 12: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is](https://reader034.vdocuments.us/reader034/viewer/2022050110/5f47e4d4b597d8263e4690d4/html5/thumbnails/12.jpg)
The Security Effectiveness Gap Goal for Effective Security
![Page 13: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is](https://reader034.vdocuments.us/reader034/viewer/2022050110/5f47e4d4b597d8263e4690d4/html5/thumbnails/13.jpg)
Integration
Effective Security Requires
Consolidation Automation
![Page 14: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is](https://reader034.vdocuments.us/reader034/viewer/2022050110/5f47e4d4b597d8263e4690d4/html5/thumbnails/14.jpg)
Faster Time to Detection, Faster Time to Remediate
Cisco Confidential
Integrated Threat Defense Architecture
Visibility Control Intelligence Context
![Page 15: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is](https://reader034.vdocuments.us/reader034/viewer/2022050110/5f47e4d4b597d8263e4690d4/html5/thumbnails/15.jpg)
Integrated Threat Defense: Future Direction Visibility, Analytics, and Automation to Simplify and Increase Security Efficacy
Integrated
Management Visibility
Real-time map of the operational environment
API
Config Impact IOC Apps… Apps/Automation
Te
lem
etr
y Inte
llige
nce
Global
Intelligence
Control
Broker access between users, applications, data, devices
Threat
Defeat known Threats
Breach
Scope, Contain, Remediate
Before After During
API
![Page 16: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is](https://reader034.vdocuments.us/reader034/viewer/2022050110/5f47e4d4b597d8263e4690d4/html5/thumbnails/16.jpg)
Simplicity at Scale
![Page 17: Towards Effective Security - AFCEASource: Cisco Annual Security Report, 2016 100 VS. Less than DAYS Industry Cisco Timeliness Counts 1 Day Reduced Time to Detection . No Customer is](https://reader034.vdocuments.us/reader034/viewer/2022050110/5f47e4d4b597d8263e4690d4/html5/thumbnails/17.jpg)