Stephen DaneManaging Director, Security, APJDecember 2016
Cisco Effective Security: Simple, Open and Automated
Play Anatomy of a Hacker Video HERE (shortened version)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Are we secure?
4© 2016 Cisco and/or its affiliates. All rights reserved.
Differentiators
Strategy
Threat Landscape
Agenda
What are we protecting against?
Cisco’s strategy, vision and portfolio
Why Cisco Security?
5© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Digitization Creates Many Opportunities…for Hackers
Attack SophisticationThreat ActorsAttack Surface
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
The Hacker Economy
6© 2016 Cisco and/or its affiliates. All rights reserved.
Asymmetric battles are greater than our ability to respond
Persistent Attacks
Overwhelmed Defenders
Innovative Methods
Fragile Infrastructure
Shifting Tactics
Rising Vulnerabilities
Encryption Dilemma
Global Operations
7© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Dynamic Threat Landscape Customers Biggest Security Challenges
A community that hides in plain sight avoids detection and attacks swiftly
60%of data isstolen inHOURS
54%of breaches remain
undiscovered forMONTHS
85%of point-of-sale intrusions
aren’t discovered for
WEEKS
82%increase of cybercrime
costs reported bycompanies since
2009*
100%of companies connect to
domains that host maliciousfiles or services last
YEAR
ChangingBusiness Models
Dynamic Threat Landscape
Complexityand Fragmentation
* 2015 Cost of Cyber Crime Study, Ponemon Institute
8© 2016 Cisco and/or its affiliates. All rights reserved.
The Costs of Cybersecurity Breaches Are Immense, Going Far Beyond Those of the Initial Breach
Our biggest concern with cybersecurity breaches is not as much the direct financial impact as the indirect. What if customers decide that we're not worthy of their trust and they stay away?
Greg Kleffner, CFO,Stein Mart
“
”
CFO Perspective: 384 finance respondents
Rank the consequences of breaches or incidents your company suffered in the past year.
Survey
Lost business1 Lost
assets2 Lost productivity3
Regulatory fines and litigation4
Remediation costs5
9© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Lack of Cybersecurity Hinders Innovation in the Digital Era
“Cybersecurity risks and threats hinder innovation in my organization.”
Survey
“My organization halted a mission-critical initiativedue to cybersecurity fears.”
Survey
Innovations are moving forward, but probably at 70%-80% of what they otherwise could if there were better tools to deal with the dark cloud of cybersecurity threats.
Robert SimmonsCFO
“
”
71%Agree
39%Agree
1014 respondents
10© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Approach cybersecurityas a strategic business imperative rather than a defensive necessity
Build cybersecurity into the foundation of their digital strategy
Confident in their cybersecurity for Big Data/analytics, cloud, and Internet of Things
Act on a "first-mover" competitive advantage to create new digital business opportunities
Can you see beyond the protection aspect of security?
Reap the rewards of Fast Innovation in a Digital Era
11© 2016 Cisco and/or its affiliates. All rights reserved.
Cisco Security Portfolio ‘’Time to do things differently’’
12© 2016 Cisco and/or its affiliates. All rights reserved.
Integrated Architectural Approach
Best of Breed Portfolio
Cisco’s Security Strategy
Cisco Security Closes the GapThe Security Effectiveness Gap
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
14© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Open
Automated
Simple
Effective Security starts with an architectural approach
An architectural approach leads to Security that is:
Effective Security
15© 2016 Cisco and/or its affiliates. All rights reserved.
Cisco’s Best of Breed and Integrated Portfolio
Threat Intelligence
Secure Internet Gateway
Network Analytics
Policy and Access
NGFW/NGIPS Advanced Malware
Web
WWW
Email UTM
Visibility
Threat Intelligence
Services
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Architecture in Action
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Umbrella blocks requestNGFW blocks connection
Web Security/Email Security blocks file
Stop the DeliveryUmbrella blocks request NGFW blocks connection
Block ActivationAMP for Endpoints
detects & stops malwareStealthwatch and SLN
detect activity
Detect & Respond
Internet
30%+TCO*
Reduction CiscoArchitectural
Approach
Cisco Architectural Approach Helps Customers Save Money
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
* Initial Results
Firewall
VPN
Email Security
Web Security
DLP
SIEM
Replacement Box
Failover
Persistent Threats
IDS
Firewall 2.0
VPN 2.0
Email Security 2.0
Web Security 2.0
DLP 2.0
SIEM 2.0
Replacement Box 2.0
Failover 2.0
Persistent Threats 2.0
IDS 2.0PointProducts Approach
18© 2016 Cisco and/or its affiliates. All rights reserved.
Source: Cisco Midyear Security Report, 2016
~13100 VS.DAYS
IndustryCisco
…And reduces time to detection
Reduced Time to Detection
HOURS
19© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Differentiation
20© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
“65% of CEOs say their risk management approach is falling behind. In a new reality where security breaches come at a daily rate, we must move away from trying to achieve the impossible perfect protection and instead invest in detection and response. Organizations should move their investments from 90 percent prevention and 10 percent detection and response to a 60/40 split.”
Peter SondergaardSenior VP and Global Head of Research
Gartner
C I S C O L E A D S I N B R E A C H D E T E C T I O N
Cisco
Other Products
2016 NSS Labs Breach Detection Systems test
22© 2016 Cisco and/or its affiliates. All rights reserved.
&
Customers
Hundreds of Thousands Daily Threat
Telemetry
100TBThreat
Researchers
250Users
Tens of Millions Threat Analytic
Engines
Hundreds of
GLOBAL
Threats Across the Internet
LOCAL
Threats Inside Your Network
Unmatched visibility, threat research and analytics
23© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Financial Information
Company Network
NetworkAdministrator
Network SecurityFirepower alert on threat sent to ISE
Quarantine
Rapid ContainmentTrustSec quarantines user
Rapid Threat Containment – adding automationMalicious
File Download
24© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Branch
CampusEdge
OperationalTechnology
Data Center
Endpoint
Broadest scope of threat-centric coverage from the network to the data center, cloud, branch and endpoints
Cloud
Security Everywhere
25© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
What Can the Network Do for You?
Detect Anomalous Traffic Flowse.g. Communication with Malicious Hosts, Internal Malware Propagation, Data Exfiltration
Detect User Access Policy Violationse.g. Maintenance Contractor Accessing Financial Data
Detect Rogue Devices, APs and Moree.g. Maintenance Contractor Connecting an Unauthorized AP in Bank Branch to Breach
Network as a SensorSegment the Network to Contain the AttackTrustSec - Secure Group Tagging, VRF, ISE and More
Encrypt the Traffic to Protect the DataMACsec for Wired, DTLS for Wireless, IPSec/SSL for WAN and More
Secure The Branch for Direct Internet AccessIWAN, Cloud Web Security and More
Network as an Enforcer
26© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Ask Your CISO…..
4 Best in Breed
Can your security provide the best protection for all the key attack vectors?
1 Integration
Does your security infrastructure integrate to provide low TCO and increased effectiveness?
3 Retrospection
Can you go back and change your position on a file that was initially deemed safe if it is later determined to be malicious?
2 Automation
Do your security technologies talk to each other? When one product sees a threat, can it tell another to change the user’s access?