a rede como um sensor de segurança

Enterprise Networks Security Leverage the Network to Protect Against and Mi;gate Threats

Fernando Lucato / Heitor Silva Business Development – Enterprise Networks LATAM

•  Industry trends and business drivers

•  Enterprise Networks priori;es and focus areas

•  Securing Enterprise Networks

•  Products within the solu;on

•  Use cases

•  Demo

•  Q&A

Agenda

Industry trends and business drivers

852% Revenue Growth 2005 to 2013

Bookstore Taxi Music Newspaper Point-‐of-‐Sale

200 Ci;es

45 Countries

40 Million Subscribers

$30B Forecasted Transac;ons

in 2014

31% of WW Digital Ad Revenue

Digi;za;on disrup;ng well established businesses

The digital businesses are disrup;ng the market

0

2

4

6

8

10

12

14

2014 2015 2016 2017 2018 2019

Gaming (0.03% , 0.05% ) File Sharing (16.0% , 5.2% ) Web/Data (23.2% , 13.2% ) IP VoD (6.0% , 10.3% ) Internet Video (54.8% , 71.2% )

Video traffic growth (La;n America) By 2019, IP Video will represent 82% of traffic

Source: Cisco VNI Global IP Traffic Forecast, 2014–2019

25% CAGR 2014–2019

Exabytes per Month

* Figures (n) refer to 2014, 2019 traffic shares

SD 2 Mbps

HD 7.2 Mbps

UHD 18 Mbps

10 33

77

146

245

371

0

50

100

150

200

250

300

350

400

2014 2015 2016 2017 2018 2019

Connetced 4Ks TVs (M)

Source: Cisco VNI Global IP Traffic Forecast, 2014–2019

Video defini;on increment By2019, more than 31% of the connected TVs will be 4K

And speed is an obsession for networks users…

68% of all broadband access by 2019

Online Video (HD movie download)

22 minutes (UHD movie download)

2 hours

10 Mbps




48 minutes

25 Mbps




12 minutes

100 Mbps

Enterprise Networks priori;es and focus areas

Wireless as a primary

connectivity

Enterprise Networks focus areas

Digitization story Intelligent WAN Cloud and new consumption

models

Security everywhere

Network Security

Unified Access Intelligent WAN

ACI – Policy based Automa;on

Foundational Architectures

IT TransformaTon

Security & Compliance

Customer Experience

Workforce Experience

Driving business outcomes approach

Securing Enterprise Networks

Changing Business Models

Dynamic Threat Landscape

Complexity and Fragmentation

12

New Networks Mean New Security Challenges

Organizations lack visibility into which and how many

devices are on their Network

Services are moving to the Cloud at a faster rate than IT

can keep up

Over 50 billion connected “smart objects” by 2020.

Acquisitions, joint ventures, and partnerships are

increasing in regularity.

ENTERPRISE MOBILITY

ACQUISITIONS AND PARTNERSHIPS CLOUD INTERNET OF

THINGS

It’s Not “IF” You Will Be Breached…It’s “WHEN.”

Expanded Enterprise Acack Surface

Network Threats Are Gedng Smarter

1990 2020 2015 2010 2005 2000 1995

Phishing, Low Sophis;ca;on

Hacking Becomes an Industry

Sophis;cated Acacks, Complex

Landscape

Viruses 1990–2000

Worms 2000–2005

Spyware and Rootkits 2005–Today

APTs Cyberware Today +

Criminals Know More About Your Network Than You Do Custom Malware Remains Dormant for Months to Learn Vulnerabili;es in the Network and then Acack those Vulnerabili;es.

Cisco Confiden;al 14 © 2013-‐2014 Cisco and/or its affiliates. All rights reserved.

You Can’t Defend Against What You Can’t See

010101001011

010101001011

010101001011

010101001011

Solu;on Overview

Cisco’s Threat-‐Centric Approach to Security

BEFORE AFTER DURING

Network as a Sensor Flexible NetFlow u Lancope StealthWatch u ISE

Network as an Enforcer Flexible NetFlow u Lancope StealthWatch u Cisco TrustSec u ISE

Cisco Network as a Sensor (NaaS)

Detect Anomalous Traffic Flows, Malware

IdenTfy User Access Policy ViolaTons

Obtain Broad Visibility into All Network Traffic

Cisco Network as an Enforcer (NaaE)

Implement Access Controls to Secure Resources

Contain the Scope of an Aeack on the Network

QuaranTne Threats, Reduce Time-‐to-‐RemediaTon

Network as a Sensor (NaaS) Ø  Cisco Networking Porlolio Ø  Cisco NetFlow Ø  Lancope StealthWatch Ø  Cisco Iden;ty Services Engine (ISE)

Deeper Visibility and Greater Defense against Network Threats

Network as an Enforcer (NaaE) Ø  Cisco Networking Porlolio Ø  Cisco NetFlow Ø  Lancope StealthWatch Ø  Cisco Iden;ty Services Engine (ISE) Ø  Cisco TrustSec Somware-‐Defined Segmenta;on

NetFlow for Dynamic Network Awareness Understand Network Behavior and Establish a Network’s Normal

Network Flows Highlight Attack Signatures

A Powerful InformaTon Source for Every Network ConversaTon

Each and Every Network Conversa;on over an Extended Period of Time

Source and Des;na;on IP Address, IP Ports, Time, Data Transferred, and More

Stored for Future Analysis

A CriTcal Tool to IdenTfy a Security Breach

Iden;fy Anomalous Ac;vity

Reconstruct the Sequence of Events

Forensic Evidence and Regulatory Compliance

NetFlow for Full Details, NetFlow-‐Lite for 1/n Samples

Lancope StealthWatch System Network Reconnaissance Using Dynamic NetFlow Analysis

Monitor Detect Analyze Respond

Ø  Understand your network normal

Ø  Gain real-‐;me situa;onal awareness of all traffic

Ø  Leverage Network Behavior Anomaly detec;on & analy;cs

Ø  Detect behaviors linked to APTs, insider threats, DDoS, and malware

Ø  Collect & Analyze holis;c network audit trails

Ø  Achieve faster root cause analysis to conduct thorough forensic inves;ga;ons

Ø  Accelerate network troubleshoo;ng & threat mi;ga;on

Ø  Respond quickly to threats by taking ac;on to quaran;ne through Cisco ISE

Cisco Iden;ty Services Engine (ISE) Adding Visibility and Context to NetFlow

INTEGRATED PARTNER CONTEXT

NETWORK / USER CONTEXT

How

What Who

Where When

SEND CONTEXTUAL DATA COLLECTED FROM USERS, DEVICES, AND NETWORKS TO LANCOPE FOR ADVANCED INSIGHTS AND NETFLOW ANALYTICS

What Can Cisco NaaS and NaaE Offer You?

Consistent Control

Complexity ReducTon

Consistent Policies Across the

Network and Data Center

Fits and Adapts to Changing

Business Models

Global Intelligence With the Right

Context

Detects and Stops Advanced Threats

Advanced Threat ProtecTon

Unmatched Visibility

Network as a Sensor/Network as an Enforcer Use Cases

Customer Case Study -‐ Network as a Sensor Industry: Retail Company: Large Known Global Retailer

Exis2ng Environment: •  Large Cisco Switch & Router Footprint •  ASA & ISE Customer Challenges: •  Limited visibility & intelligence across their highly-‐distributed retail footprint •  Lack of ability to correlate numerous data sets Results: •  Amer deploying Cisco Nellow, Lancope Stealth Watch and Cisco ISE •  Gains Retail Point-‐of-‐Presence Visibility •  Deeper Understanding into Network Applica;on Usage

Customer Case Study -‐ Network as an Enforcer Industry: Banking Company: Large Known Global Bank

Exis2ng Environment: •  Large Cisco Switch & Router Footprint Customer Challenges: •  Visibility into the network and rogue devices •  Policy enforcement of user to data center policies •  Mee;ng compliance audits Results: •  Amer deploying Lancope Stealth Watch Cisco ISE and Cisco TrustSec •  Gain Deep Visibility into Network Access and Devices •  Segment Network Access and Assets using Business Role Based Policies •  Accelerated ;me to Compliance Audits

Solu;on descrip;on and demo

Behavioral Analysis •  Leverages knowledge of known bad

behaviour

Anomaly DetecTon •  Iden;fy a change from

“normal”

Behavioral Analysis & Anomaly Detec;on

Solu;on Architecture StealthWatch Management

Console

UDP Director FlowCollector

NetFlow, syslog, SNMP NetFlow enabled

infrastructure

FlowSensor VMware ESX with FlowSensor VE

User and Device Informa;on

StealthWatch IDen;ty Cisco ISE

Feeds of emerging threat informa;on

Unified View: Security and Network

Monitoring

NaaS: Powered by StealthWatch

Denial of Service SYN Half Open; ICMP/UDP/Port Flood

Worm PropagaTon Worm Infected Host Scans and Connects to the Same Port Across MulTple

Subnets, Other Hosts Imitate the Same Above Behavior

FragmentaTon Aeack Host Sending Abnormal # Malformed Fragments.

Botnet DetecTon When Inside Host Talks to Outside C&C Server

for an Extended Period of Time

Host ReputaTon Change Inside Host PotenTally Compromised or

Received Abnormal Scans or Other Malicious Aeacks

Network Scanning TCP, UDP, Port Scanning Across MulTple Hosts

Data ExfiltraTon Large Outbound File Transfer VS. Baseline

Policy Defined Role-‐Based Segmenta;on

Flexible and Scalable Policy Enforcement

Switch Router DC FW DC Switch

Simplified Access Management

Accelerated Security Opera;ons

Consistent Policy Anywhere

Who can talk to whom

Who can access protected assets

How systems can talk to other systems

Desired Policy

NaaE: Segmenta;on via TrustSec

StealthWatch Capabili;es Summary Visibility

• Context-‐aware visibility into network, applica;on and user ac;vity • BYOD • Cloud monitoring • IPv6 • East-‐West Traffic monitoring • Network segmenta;on

Threat DetecTon

• Advanced Persistent Threats • Botnet (CnC) Detec;on • Data Exfiltra;on • Network Reconnaissance • Insider Threat • DDoS • Malware • Network Behavior Anomaly Detec;on • SLIC threat feed

Incident Response

•  In-‐depth, flow-‐based forensic analysis of suspicious incidents

• Scalable repository of security informa;on

• Retrace the step-‐by-‐step ac;ons of a poten;al acacker

• On-‐demand packet capture

Network DiagnosTcs

• Applica;on Awareness

• Capacity Planning • Performance Monitoring

• Troubleshoo;ng

User Monitoring

• Cisco ISE • Monitor privileged access

• Policy enforcement

TradiTonal Security Policy

Cisco TrustSec Somware-‐Defined Segmenta;on Provide Role-‐Based Segmenta;on to Control Access and Contain Threats

TrustSec Security Policy SegmentaTon Policy Enforced Across the Extended Network

Switch Router VPN & Firewall

DC Switch Wireless Controller

Simplifies Firewall Rule, ACL, VLAN Management

Prevents Lateral Movement of Poten;al Threats

Eliminates Costly Network Re-‐architecture

Segmenta;on is Powerful Security Tool

“Network segmentation… is one of the most effective controls an agency can implement to mitigate the second stage of a network intrusion, propagation or lateral movement”

“Good network and role segmentation will do wonders for containing an incident.”

“Effective network segmentation… reduces the extent to which an adversary can move across the network”

“Segregate networks, limit allowed protocols usage and limit users’ excessive privileges.”

2014 DATA BREACH INVESTIVATIONS REPORT

The Untold Story of the Target Attack Step by Step Aortato Labs, August 2014

Bringing It All Together Architec;ng Network as a Sensor and Network as an Enforcer

Network Sensor (Lancope)

NGFW

Campus/DC Switches/WLC

Cisco Routers / 3rd Vendor Devices

Threat

NGIPS API

API (pxGrid)

ISE

Network Sensors Network Enforcers Policy & Context

Sharing

TrustSec Security Group Tag

Cisco Collective Security Intelligence

Confidential Data

a rede como um sensor de segurança

Technology