New Digital Opportunity.

Are you Ready?

How to secure your Digital Network and your Cloud migration?

(Security-as-a-Service)

The Way We Work Has Changed

Traditional Security

Headquarters Branch offices

Perimeter security used to be effective

By 2018, Gartner estimates:

25% of corporate data traffic will

bypass perimeter security.

HQ BranchRoaming user

Security challenges have evolved

PaaSIaaS

Users Data Apps

SaaS

Malware and

ransomware

The Cyber challenges

Compromised

accounts and

malicious insiders

Gaps in visibility

and coverage

Data breaches

and compliance

DNS holds the key to your

existence on the internet!

Protect users wherever

they access the internet

Malware Phishing

C2 Callbacks

NOTE1: Visual Investigations of Botnet Command and Control Behavior (link)

• malware reached out to 150,000 C2 servers over 100,000 TCP/UDP ports

• malware often used 866 (TCP) & 1018 (UDP) “well known” ports,

whereas legitimate traffic used 166 (TCP) & 19 (UDP) ports

NOTE2: 2016 Cisco Annual Security Report

• 9% had IP connections only and/or legitimate DNS requests

• 91% had IP connections, which were preceded by malicious DNS lookups

• very few had no IP connections

Zbot

ZeroAccess

njRAT

Regin

Gh0st

Storm

Pushdo/Cutwail DarkComet

Bifrose

Lethic

Kelihos

Gameover Zeus

CitadelTinba

Hesperbot

Bouncer (APT1)

Glooxmail (APT1)

Longrun (APT1)

Seasalt (APT1)

Starsypound (APT1)

Biscuit (APT1)PoisonIvy

Tinba

NON-WEB C2 EXAMPLES

DNS

WEBNON-WEB

IP IP

millions of unique malware samples from small office

LANs over 2 years

Lancope Research(now part of Cisco)1

15%of C2 bypasses

Web ports 80 & 443

millions of unique malware samples

submitted to sandbox over 6 months

Cisco AMP Threat Grid Research2

91%of C2 can be blocked

at the DNS layer

Why leverage DNS to Detect and Block Threats?Most attacker C2 is initiated via DNS lookups with some non-Web callbacks

First line of defense against internet threats

Umbrella

SeeVisibility to protect

access everywhere

LearnIntelligence to see attacks

before they launch

BlockStop threats before

connections are made

What Customers Want to Protect?

Users/Accounts Data Applications

● Who is doing what in

my cloud applications?

● How do I detect

account compromises?

● Are malicious insiders

extracting information?

● Do I have toxic & regulated

data in the cloud?

● How do I detect policy

violations?

● How do I automate incident

remediations?

● How can I monitor app

usage and risk?

● Do I have any 3rd

party connected apps?

● How do I revoke risky

apps?

User

33 mins

22 mins

18mins 17mins15mins

10mins

Consider “connected” cloud apps: Pokémon Go

Daily time spent in Pokémon Go by average iOS user

Pokémon Go breaks another record:Higher daily average user time than Facebook, Snapchat, and Instagram

Source: SensorTower

40

30

20

10

0

Pokémon Go Facebook Snapchat Twitter Instagram Slither

Time to reach 100 million users worldwide

An Unusual Start: Pokémon Go breaking all mobile gaming records globally.

1 month (estimated)

4.5 yrs

7 yrs

16 yrs

75 yrs

YEAR OF LAUNCH

1878

1879

1900

2004

2016

It’s more than just Pokémon

5,500 77,650 219,000

2014 2015 2016

Source: Cloudlock CyberLab

There’s a better way

HQ BranchRoaming user

Cloud Access Security Broker (CASB)

PaaSIaaS

Users Data Apps

SaaS

CloudLock: Gain visibility and

control to secure cloud apps

and infrastructure.

To be effective, cloud security must be

Simple Open Automated

Game Time

Can you guess?

New Digital Opportunity.

Are you Ready?

New Digital Opportunity.

Are you Ready?

Investigate: The Most Powerful Way to Uncover Threats

DOMAINS, IPs & ASNs

CONSOLE SIEM, TIP

API

Key Points

Intelligence about domains, IPs, &

malware across the Internet

Live graph of DNS requests and

other contextual data

Correlated against statistical

models

Discover & predict malicious

domains & IPs

Enrich security data with global

intelligence