Cisco CyberSecurity Strategy Ghassan Dreibi

Manager, Business Development

2000  1990   1995   2005   2010   2015   2020  Viruses  1990–2000  

Worms  2000–2005  

Spyware  and  Rootkits  2005–Today  

APTs  Cyberware  Today  +  

Hacking  Becomes  an  Industry  

SophisEcated  AFacks,  Complex  Landscape  

Phishing,  Low  SophisEcaEon    

“Captive Portal”

“It matches the pattern”

“No false positives, no false negatives.”

Application Control

FW/VPN

IDS / IPS UTM

NAC

AV PKI

“Block or Allow”

“Fix the Firewall”

“No key, no access”

Sandboxing “Detect the Unknown”

There  is  no  Silver  bullet    

CyberSecurity  

Personal Files  

Financial Data  

Emails  Photo  

Organiza4ons  are  more  confident  but  increasingly  vulnerable  

90%  of  companies  are    confident  about  their  policies  

 But  54%  admit  to  having  faced  public  scru?ny  following  a  security  breach.  

Countries  with  higher  block  ra4os  have  many  Web  servers  and  compromised  hosts  on  networks  within  their  borders.  

Russia  0.936  

Japan  1.134  China  4.126  Hong  Kong  6.255  

France  4.197  

Germany  1.277  

Poland  1.421  

Canada  0.863  

U.S.  0.760  

Brazil  1.135  

Malware  on  a  Global  Scale  

Malicious  actors  do  not  respect  country  boundaries.     Malware  Traffic  

Expected  Traffic  

Complexity  and  Fragmented  

MOBILIT   CLOUD  

New  surface  for  threats    

THREAT  

Internet  of  Things…and  Everything  Every  company  becomes  a  technology  company,    Every  company  becomes  a  security  company  

APT’s  Advanced  Persistent  Threats    

Game  Console  /  eCommerce  

77M  Accounts  Hacked  

Cloud  Service  

5M  Customer  Email  Records  Stolen  Through  Phishing  

WiFi  

45M  Customer  Records  Stolen  

SCADA  Control  

Water  U4lity  Disrup4on    by  Pump  Shutdown  

Springfield  Water  Light  &  Power  

Social  Engineering  

40M  Secure  Tokens  Stolen  

POS  

110M  Credit  Cards  and  Personal  Info  Stolen  

100% of top 500 companies with

malicious connection detected

60% “collected” in hours

54% of new

Threats Discovered after months

Access  Gain  access  to  the  Network  

How  to  get  access…  

Social  Medias  |  PEN  Drives  |  Social  Engineering      

73%  Suspected  VPN  connec4ons  

Camouflage  |  Distrac4on        

Stuxnet  Industry  Segment  threat  

Stuxnet  Deployed  

Stuxnet  Detected  

BlackEnergy  Launched  

2008   2009   2010   2011   2012   2013   2014   2015  

BlackEnergy  Detected  Havex  Detected*  

Havex  Launched  

Time    Time  to  reach  the  target….  

Time  to  be  detected….  

Time

Everywhere  Security  Strategy  

Network Servers

Operating Systems

Routers and

Switches

Mobile Devices

Printers

VoIP Phones

Virtual Machines

Client Applications

Files

Users

Web Applications

Application Protocols

Services

Malware

Command and Control

Servers

Vulnerabilities

NetFlow

Network Behavior

Processes

See  more  …  

Understand  the  scope  of  aaack  

NETWORK  /  USER    CONTEXT      

How  

What  Who  

Where  When  

EXTERNAL  CONTEXT  INTELLIGENCE  INFO    

CONSISTENT  SECURE  ACCESS  POLICY  ACROSS  WIRED,  WIRELESS  and  VPN  

Automa?on  Beaer  informa4on…Beaer  decision  

Network    as  Sensor  

Network  as  Enforcer  

?

Threat-­‐Focused  

Detect,  Understand,  and  Stop  Threats  

?

Collective Security Intelligence

Threat Identified

Event History

How

What

Who

Where

When

ISE  +  Network,  Appliances  (NGFW/NGIPS)  

Context AMP,  CWS,  Appliances  

Recorded  

Enforcement

Con4nuous  Advanced  Threat  Protec4on  

ISE  +  Network,  Appliances  (NGFW/NGIPS)  

How

What

Who

Where

When

Collective Security

Intelligence

AMP,  CWS,  Appliances  

Enforcement

Event History

AMP,  Threat  Defense  

Continuous Analysis Context

Performance  |  Capacity  |  SLA    

Cloud Connected Network

Mobile Router Firewall

The Distributed Perimeter

Collective Security Intelligence Telemetry Data Threat Research Advanced Analytics

3M+ Cloud Web Security Users

6GB Web Traffic Examined, Protected Every Hour

75M Unique Hits Every Hour

10M Blocks Enforced Every Hour

Shadow  IT  Risk    Assessment  Report  

Business    Readiness  RaEng™  

Audit  Score  

Shadow  Data    Risk  Assessment  

Aher  

StreamIQ™  

ThreatScore™  

ContentIQ™  

Reports  &  Analysis  

Cloud Apps ?   ?

??   ?  ?   ?

IO IOI

IO IOI

Protect IO IOI

IO IOI Cloud  SOC    Policy   IO IOI

IO IOI

?

54  17  

IO IOI

IO IOI

?  ?

IO IOI

Audit

Detect

?

Investigate

Web  Sec   Before  During  

Securelet™ Gateway

Elastica CloudSOC™

Other  Appliances  

Firewall  

In  collabora4on  with:  

Data   Account   User  

Security  OperaEons  Center  

Analyze & Control

Service  Provider  

Endpoint  

Data  Center  

Edge  

Campus  

Opera4onal  Technology  

Branch  WAN  

Ecosystem  

Services  

User  

AnyConnect featuring AMP for

Endpoints

FirePOWER Threat

Defense for ISR ACI

Integration with

TrustSec

Ruggedized Cisco ASA

with FirePOWER

Services

pxGrid Ecosystem expansion

ACI + FirePOWER

Services Integration

Threat-Centric

Security for Service

Providers Cloud Web Security + Intelligent

WAN

Services

User

Cisco Hosted Identity

Services

Start  with  the  hardware  op4on  that  fits  best  

All with built-in Application Visibility and Control (AVC), network firewalling, and VPN capabilities

Desktop 5506-X

Wireless AP 5506W-X

Ruggedized 5506H-X

Rackmount 5508-X/5516-X

Add  FirePOWER  Services*  for  enhanced  protec4on  

*Available as subscriptions

Next-­‐GeneraEon  Intrusion  PrevenEon  System  (NGIPS)  

URL  Filtering  Advanced  Malware  ProtecEon  (AMP)  

Choose  the  appropriate  management  solu4on    

Appliance sold separately

FireSIGHT  Management  Center  

On-box manager comes standard

AdapEve  Security  Device  Manager  (ASDM)    

Cisco ASA with FirePOWER

Identity-Policy Control & VPN

URL Filtering (Subscription)

FireSIGHT Analytics & Automation

Advanced Malware

Protection (Subscription)

Application Visibility &

Control

Network Firewall Routing | Switching

Clustering & High Availability

WWW

Cisco Collective Security Intelligence Enabled

Built-in Network Profiling

Intrusion Prevention

(Subscription)

World’s  most  widely  deployed,  enterprise-­‐class  ASA  stateful  firewall    

Granular  Cisco®  Applica4on    Visibility  and  Control  (AVC)    

Industry-­‐leading  FirePOWER    next-­‐genera4on  IPS  (NGIPS)    

Reputa4on-­‐  and  category-­‐based    URL  filtering  

Advanced  malware  protec4on  

Deployment  OpEons  

Virtual  Appliance  

MulE-­‐device  Support  

Desktop   Tablet  Laptop  Mobile  

Cloud   Managed  Hybrid  Hybrid  

On-­‐Premises   Cloud  

AMP Advanced Malware

Protection

AMP  for  Networks  

AMP  on  Web  and  Email  Security  Appliances  

AMP  on  Cisco®    ASA  Firewall  with  FirePOWER  Services  

AMP  for  Endpoints  

AMP  for    Cloud  Web  Security    and  Hosted  Email  

AMP  Private  Cloud    Virtual  Appliance  

MAC OS

Windows OS Android Mobile

Virtual

CWS  

AMP  Threat  Grid    Malware  Analysis  +  Threat  

Intelligence  Engine    

Appliance  or  Cloud  

*AMP for Endpoints can be launched from AnyConnect

Employee Tag

PCI POS Tag

Partner Tag

Non-Compliant Tag

Voice Tag

Employee Non-Compliant

Campus Core

Data Center

Data VLAN 20 ( PCI Segmenta4on within the same VLAN)

Non-Compliant

Access Layer

Voice Employee PCI POS Partner

SSL  VPN  

ISE  

ASA  

Lancope/Nenlow  (SMC/FC)  

Data  VLAN  20  Quaran4ne  

ClassificaEon  Results:  Device  Type:  Apple  iPAD  User:  Mary  Group:  Employee  Corporate  Asset:  Yes  Malware  Detected  Yes  

Data Center Firewall

PROTECTIONIntegrated Security and Consistent Policy Enforcement (Physical & Virtual)

Active Monitoring & Comprehensive Diagnostics for Threat Mitigation

PROVISIONINGSimplified Service ChainingDynamic Policy ManagementRapid Instantiation

PERFORMANCEOn Demand Scalability

Increased Clustering SizeMulti-Site Clustering