idc security roadshow may2015 adrian aron
TRANSCRIPT
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
CyberSecurity today
Adrian AronSecurity Sales
Cisco Systems Romania
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Behind the Headlines
Security Breach in Federal Banking Networks Major Retailer Credit Card Server Hacked
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Industrialization of Hacking There is a multi-billion dollar global industry targeting your prized assets
$450 Billionto
$1 TrillionSocial
Security$1
MobileMalware
$150
$Bank
Account Info>$1000 depending
on account type and balance
FacebookAccounts$1 for an
account with 15 friends
Credit CardData
$0.25-$60
MalwareDevelopment
$2500(commercial
malware)
DDoS
DDoS asA Service~$7/hour
Spam$50/500K
emails MedicalRecords
>$50
Exploits$1000-$300K
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
IT Sprawl
$
3.355%
MobileDevices Per Knowledge Worker*
IP Traffic Mobile by 2017**
* Cisco IBSG, ** Cisco 2013 VNI, *** IDC
545
44%
CloudCloud AppsPer Organization*
Annual Cloud Workload Growth***
* Skyhigh Networks Industry Report, ** Cisco Global Cloud Index, *** Cisco VNI Global Mobile Data Traffic Forecast,
Growth in M2M IP Traffic 2013–18**
50B Connected “Smart Objects” by 2020*
36X* Cisco IBSG, ** Cisco VNI: Global Mobile Data Traffic Forecast 2013-2018
IoE
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Strategic Imperatives
Network-Integrated,Broad Sensor Base,
Context and Automation
Continuous Advanced Threat Protection, Cloud-
Based Security Intelligence
Agile and Open Platforms,Built for Scale, Consistent
Control, Management
EndpointNetwork Mobile Virtual Cloud
Visibility-Driven Threat-Focused Platform-Based
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Infrastructure as a sensor, selfdefending, selfhealing architecture
Advanced Malware protection everywhere !
Big Data analytics and forensics with Open SoC
How Cisco is protecting
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
A Company with a Digital OverlayThe security architecture impact
Geo distributedfirewall clusters
Switching
Wired & WiFi
Routing SecureDatacenter
interconnect
DynamicMultipoint
Corelated
Full sample Netflow
MDM enforcedCloud security
Unified Accessfor Unified Security Policy
IPv6 complete security
Hardened 802.1x
MacSEC
REMOTE
BRANCHES
DATACENTER
PARTNERS
REMOTESECURE
SECURE vDC
PARTNERSTRUSTED
Intelligent sensors
VPN
Physical access
BYoD
Cisco architecture for security
Cloud, On-premises,Collective & Collaborative
PxGridREST identity
BRANCHESCONTAINED
TrustSEC with
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Security capable infrastructure
Attack Continuum
DiscoverEnforceHarden
DetectBlock
Defend
ScopeContain
Remediate
Firewall
NGFW
NAC + Identity Services
VPN
UTM
NGIPS
Web Security
Email Security
Advanced Malware Protection
Network Behavior Analysis
Malware Sandboxing
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Advanced Malware protection everywhere !
How Cisco is protecting
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Continuous Protection when advanced malware evades point-in-time detection
Antivirus
SandboxingInitial Disposition = Clean
Point-in-time Detection
Initial Disposition = Clean
AMP
Actual Disposition = Bad = Too Late!!
Not 100%Analysis Stops
Sleep Techniques
Unknown Protocols
Encryption
Polymorphism
Actual Disposition = Bad = Blocked
Retrospective Detection,Analysis Continues
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
AMP, the secret sauce
Collective Security Intelligence
SPEROUses AI methods for real-time
discovery of malware based on environment and behavior. Uses
periodic review of Big Data store to implement retrospection
ONE-TO-ONECatches “well known”
malware through use of primary SHA match.
Equivalent to a signature-based system.
ETHOSCatches families of malware
through use of “fuzzy hashes” embedded in the Feature Print. Counters malware evasion by
“bit-twiddling”.
ADVANCED ANALYTICSIntegrates heuristics from the
malware environment, the Big Data store, ETHOS and SPERO to clarify
the outcome of a marginal conviction
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
AMP Everywhere Strategy Means Protection Across the Extended Network
MAC
AMP for Networks
PC
AMP for Cloud Web Security
& Hosted Email
CWS
Virtual
AMP on Web & Email Security Appliances
Mobile
AMP on ASA Firewall with FirePOWER
Services
AMP for Endpoints
AMP Private Cloud Virtual Appliance
AMP Threat GridDynamic Malware Analysis +
Threat Intelligence Engine
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Big Data analytics and forensics with Open SoC
How Cisco is protecting
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
AMP Everywhere, down to the smallest scale
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Why Cisco ?
1.6 Million sensors globally
100 TB data received every day
150+ Million IP terminals
600 engineers, tehnicians and security researchers
35% world wide emails inspected
6+ Mld $ invested in research and development
TALOS – Global Operation center for CyberSecurity
10 Million files inspected everyday
Email PCsMACs
Web Networks IPS mobile
WWW
Arhitecture
Solutions
IT building blocks
Rezults
Network Data Center Colaboration Security
13 Mld web request inspected
24x7x365 operations
4.3 Mld web attacks blocked / day
40+ programming languages
1.1 Million malware samples analysed / day
Advanced Malware Protection and Snort Community (AMP)
Intelligent infrastructure
Secure infrastructure &Continuous defence
Intelligent cities
Conformity & Security
Business operations
Education and Health
ProductionPublic
Administration