cisco intelligent cyber security for the real worldcisco confidential 10 visibility and context...

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1

Cisco Intelligent Cyber Security for the Real WorldDorin Pena.:|:.:|:. Genearal Manager | Cisco Romaniacisco dopena@cisco.com

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

The Security Problem

Changing

Business Models

Dynamic

Threat Landscape

Complexity

and Fragmentation

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

The Industrialization of Hacking

20001990 1995 2005 2010 2015 2020

Viruses1990–2000

Worms2000–2005

Spyware and Rootkits2005–Today

APTs CyberwareToday +

Hacking Becomesan Industry

Sophisticated Attacks, Complex Landscape

Phishing, Low Sophistication

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

Today’s advanced malware is not just a single entity

It is a Community

that hides in plain site

Missed by Point-in-

time Detection

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6

Hacking, 21st Century The attack chain

SurveyEvaluate victim’s

countermeasures

WriteCraft context-aware malware to

penetrate victim’s environment

TestCheck malware works & evades victim’s

countermeasures

ExecuteDeploy malware. Move laterally,

establish secondary access

Accomplish

The mission: Extract data,

destroy, plant evidence,

compromise.

Victim = targeted organization

days,

weeks,

months

6hours

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

Industry Risk and

Web Malware

Encounters, 2013

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

The Silver Bullet Does Not Exist

“Self Defending Network”

“It matches the pattern”

“No false positives,

no false negatives.”

Application

Control

NGFW / VPN

IDS / IPS

UTM

NAC

AV

PKI

“Block or Allow”

“Fix the Firewall”

“No key, no access”

Sandboxing

“Detect the

Unknown”

Cisco focuses on the totality of defending against threats, through architecture

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10

Visibility and Context

Firewall

NGFW

NAC + Identity Services

VPN

UTM

NG IPS

Web Security

Email Security

Advanced Malware Protection

Network Behavior Analysis

Covering the Entire Attack Continuum

BEFOREDiscover

Enforce

Harden

AFTERScope

Contain

Remediate

Attack Continuum

Detect

Block

Defend

DURING

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

Sourcefire Advanced Malware ProtectionRetrospective Security

• ComprehensiveNetwork + Endpoint

• Continuous Analysis

• Integrated Response

• Big Data Analytics

• Control & Remediation

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

Thank You