intelligent cybersecurity for the real world
TRANSCRIPT
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Intelligent Cybersecurity for the Real World
Marco Testi
GSSO Partner Account manager
[email protected] @testimarco
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
L’evoluzione del cosiddetto «hacker’s underground»
Anti-DDoS, (basic) Application Security
Cyber Intelligence,
Black Ops
Human Factor,
0days
SCADA & Industrial Automation Security
Cybercrime Intelligence, Compliance
Insider’s profiling,
DLP
Dai virus e vermi degli anni 90 al malware degli anni 2000
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Approccio infrastrutturale per una piena visibilità
Network Servers
Operating Systems
Routers and Switches
Mobile Devices
Printers
VoIP Phones
Virtual Machines
Client Applications
Files
Users
Web Applications
Application Protocols
Services
Malware
Command and Control
Servers
Vulnerabilities
NetFlow
NetworkBehavior
Processes
Non esiste il “silver bullet” e ci si può difedere da ciò che si “vede”
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Network Endpoint Mobile Virtual Cloud
Ampiezza
Profondità
Chi Cosa Dove Quando Come
I nuovi confini delle reti e Internet of EverythingOccorre un approccio olistico che tenga conto di tanti fattori diversi
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Contestualizzazione per concentrarsi su reali minacce
High speed inspection of content
123.45.67.89
Johnson-PC
OS: Windows 7
hostname: laptop1
User: jsmith
IP: 12.134.56.78
12.122.13.62
SQL
Today’s Reality:
855 breaches in 2011
98% stemmed from external agents
81% utilized some form of hacking
69% incorporated malware
96% of attacks not highly difficult
2012 Verizon Data Breach Investigation
Report
Eliminare il “rumore di fondo” e i falsi positivi per non venirne accecati
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Actual Disposition = Bad = Blocked
Antivirus
Sandboxing
Initial Disposition = Clean
Point-in-time Detection
Retrospective Detection,Analysis Continues
Initial Disposition = Clean
Continuous
Blind to scope of
compromise
Sleep Techniques
Unknown Protocols
Encryption
Polymorphism
Actual Disposition = Bad = Too Late!!
Turns back time
Visibility and Control are Key
Not 100%
Analysis Stops
Analisi continua contro le moderne minacceLe soluzioni point-in-time non sono più efficaci
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Cisco Global Security Sales OrganizationGSSO
=
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Acquisizioni mirate e integrazione immediataLe soluzioni Sourcefire, ThreatGRID e CO-SE già integrate e disponibili
ASA con Servizi FirePOWER
ESA e WSAcon opzione AMP
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
La forza del mondo “OpenSource”Snort, ClamAV e RazorBACK e i loro milioni di utenti per fornire preziosi contributi
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
NGFW
VPN
NAC + Identity Services
UTM
NGIPS
Web Security *
Email Security *
Advanced Malware Protection *
Network Behavior Analysis
BEFOREDiscover
Enforce
Harden
AFTERScope
Contain
Remediate
Intero arco dell’attacco
Detect
Block
Defend
DURING
Un nuovo approccio alla SicurezzaUna nuova filosofia per combattere gli attacchi durante l’intero arco
Visibilità e Contestualizzazione
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Leadership riconosciuta dal MercatoGartner e NSSLabs solo come due esempi di questi riconoscimenti
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
[email protected] @testimarco
Grazie per l’attenzione, Domande?