new digital opportunity. - cisco · (now part of cisco)1 15% of c2 bypasses web ports 80 & 443...
TRANSCRIPT
New Digital Opportunity.
Are you Ready?
How to secure your Digital Network and your Cloud migration?
(Security-as-a-Service)
The Way We Work Has Changed
Traditional Security
Headquarters Branch offices
Perimeter security used to be effective
By 2018, Gartner estimates:
25% of corporate data traffic will
bypass perimeter security.
HQ BranchRoaming user
Security challenges have evolved
PaaSIaaS
Users Data Apps
SaaS
Malware and
ransomware
The Cyber challenges
Compromised
accounts and
malicious insiders
Gaps in visibility
and coverage
Data breaches
and compliance
DNS holds the key to your
existence on the internet!
Protect users wherever
they access the internet
Malware Phishing
C2 Callbacks
NOTE1: Visual Investigations of Botnet Command and Control Behavior (link)
• malware reached out to 150,000 C2 servers over 100,000 TCP/UDP ports
• malware often used 866 (TCP) & 1018 (UDP) “well known” ports,
whereas legitimate traffic used 166 (TCP) & 19 (UDP) ports
NOTE2: 2016 Cisco Annual Security Report
• 9% had IP connections only and/or legitimate DNS requests
• 91% had IP connections, which were preceded by malicious DNS lookups
• very few had no IP connections
Zbot
ZeroAccess
njRAT
Regin
Gh0st
Storm
Pushdo/Cutwail DarkComet
Bifrose
Lethic
Kelihos
Gameover Zeus
CitadelTinba
Hesperbot
Bouncer (APT1)
Glooxmail (APT1)
Longrun (APT1)
Seasalt (APT1)
Starsypound (APT1)
Biscuit (APT1)PoisonIvy
Tinba
NON-WEB C2 EXAMPLES
DNS
WEBNON-WEB
IP IP
millions of unique malware samples from small office
LANs over 2 years
Lancope Research(now part of Cisco)1
15%of C2 bypasses
Web ports 80 & 443
millions of unique malware samples
submitted to sandbox over 6 months
Cisco AMP Threat Grid Research2
91%of C2 can be blocked
at the DNS layer
Why leverage DNS to Detect and Block Threats?Most attacker C2 is initiated via DNS lookups with some non-Web callbacks
First line of defense against internet threats
Umbrella
SeeVisibility to protect
access everywhere
LearnIntelligence to see attacks
before they launch
BlockStop threats before
connections are made
What Customers Want to Protect?
Users/Accounts Data Applications
● Who is doing what in
my cloud applications?
● How do I detect
account compromises?
● Are malicious insiders
extracting information?
● Do I have toxic & regulated
data in the cloud?
● How do I detect policy
violations?
● How do I automate incident
remediations?
● How can I monitor app
usage and risk?
● Do I have any 3rd
party connected apps?
● How do I revoke risky
apps?
User
33 mins
22 mins
18mins 17mins15mins
10mins
Consider “connected” cloud apps: Pokémon Go
Daily time spent in Pokémon Go by average iOS user
Pokémon Go breaks another record:Higher daily average user time than Facebook, Snapchat, and Instagram
Source: SensorTower
40
30
20
10
0
Pokémon Go Facebook Snapchat Twitter Instagram Slither
Time to reach 100 million users worldwide
An Unusual Start: Pokémon Go breaking all mobile gaming records globally.
1 month (estimated)
4.5 yrs
7 yrs
16 yrs
75 yrs
YEAR OF LAUNCH
1878
1879
1900
2004
2016
It’s more than just Pokémon
5,500 77,650 219,000
2014 2015 2016
Source: Cloudlock CyberLab
There’s a better way
HQ BranchRoaming user
Cloud Access Security Broker (CASB)
PaaSIaaS
Users Data Apps
SaaS
CloudLock: Gain visibility and
control to secure cloud apps
and infrastructure.
To be effective, cloud security must be
Simple Open Automated
Game Time
Can you guess?
New Digital Opportunity.
Are you Ready?
New Digital Opportunity.
Are you Ready?
Investigate: The Most Powerful Way to Uncover Threats
DOMAINS, IPs & ASNs
CONSOLE SIEM, TIP
API
Key Points
Intelligence about domains, IPs, &
malware across the Internet
Live graph of DNS requests and
other contextual data
Correlated against statistical
models
Discover & predict malicious
domains & IPs
Enrich security data with global
intelligence