securing your organization - cisco - global home page · • ngfw • security group tag •...

Tengku Shahrizam, CCIE#16734

Cyber Security Specialist

Data is Currency – Securing your Data Center

Securing your Organization

Today,

© 2018 Cisco and/or its affiliates. All rights reserved.

DATAis where the money is


Source: Ben Walker, Marketing Executive at vouchercloud – April 5, 2015

90%of the world’s data

today has been created

in the last

2 years alone

Every day we create

2,500,000,000,000,000,000(2.5 Quintillion) bytes of data


Global

Cybercrime

Market:

$450B-$1T

Motivated Threat Actors Behind Breaches:

Social Security

$1

Medical

Record

>$50

DDOS

as a Service

~$7/hour

Source: RSA/CNBC

Credit

Card Data

$0.25-$60

Bank Account Info

>$1000 depending on account

type and balance

Exploits

$1000-$300K

Facebook

Account

$1 for an account

with 15 friends

Spam

$50/500K emails

Malware

Development

$2500(commercial malware)

Mobile Malware

$150

DDoS

SSN


Firewall

Last 20 years of security:

Got a problem?

Buy a Box


Firewall

VPN

Email Security

Web Security

DLP

SIEM

Replacement Box

Failover The

Existingsecurity stack…Persistent Threats

IDS

Firewall 2.0

VPN 2.0

Email Security 2.0

Web Security 2.0

DLP 2.0

SIEM 2.0

Replacement Box 2.0

Failover 2.0

Persistent Threats 2.0

IDS 2.0


Complexity Continues to Accelerate


Percentage of security team’s time

47%Servers

29%Customer data

23%Endpoints

of the security team’s time is spent on security in the data center76%


How is data being stolen?

86%81%


Data Center Security… It takes an architecture!

Threat protection“Stop the breach”

Segmentation“Reduce the

attack surface”

Visibility“See everything”

Threat intelligence - Talos

Intent-based

Automation

Analytics


Building a true data center security architecture


Cisco datacenter security solutions – focus areas

Network and application analytics

• Stealthwatch

• Tetration

VisibilityThreat protection

• NGFW/NGIPS

• Advanced Malware Protection (AMP)

Threat preventionFirewall and access control

• NGFW, ACI, Tetration Policy Orchestration

• FMC, CloudCenter

• APIC, ISE

Segmentation

Integrated


ArchitectureIntegrated

PortfolioBest of breed


NGFW

NGIPS

Breach Detection

Systems

(Cisco AMP)

NGFW(test average)

NGIPS(test average)

Stopping the most threats in NSS Labs testing year after year

2010 2012 2013 2014 20162011

100

98

96

94

92

90

88

86

84

82

Cisco

Test Average

2017

What best of breed security looks like!

The power of Cisco Talos!

98.9% efficacy = 6.8M missed threats/year


Point product approach failsIt takes an integrated architecture

Analytics

(Stealthwatch, Tetration)

Advanced

MalwarePolicy and Access

(ISE, NGFW, Tetration, ACI)

NGFW/

NGIPS

Threat protection

Visibility

Segmentation

Management

(CloudCenter, APIC,

FMC, Tetration)

pxGrid

Security

Group Tag/EP

G

APIsIntel

sharingAutomation


Data centers are changingCisco Security grows with you

Application centric

infrastructure

ACI fabric

Virtualization

and cloud

1000v

Traditional

data center

1000v


Segmentation


I have no idea what my segmentation policy needs to be at any given time!!!!!!!


“Effective network segmentation… restricts communication between

networks and reduces the extent to which an adversary can move across

the network.”


Cisco Tetration Connection ManagerAutomated security policy recommendation

Step2: Auto-generation of whitelist policies

Whitelist policy recommendation

• Identifies application intent

• Generates 4 tuple policies

Export into Cisco solutions

• Export in JSON, XML and YAML

• Import into ACI, ASA, NGFW

Step1: Behavior analysis

Application conversations Conversation details/

process bindings


DB Endpoint Group

• NGFW

• Security Group Tag

• Segment north/south traffic

• Restrict access

• Software Sensor enforcement

• Host-level Segmentation

• NGFW ACI Tetration

• Endpoint Group, uEPG

• Security Group Tag

• Segment east/west traffic

• Restrict access

Web Endpoint

GroupDB Endpoint

Group


Industry leading NGFW performance

Cisco:

FP9300-

3xSM44

VENDOR A VENDOR

B

VENDOR C

FW data sheet 234G 120G 630G 400G

FW+AVC+ NGIPS

(NGFW) – NSS Labs133G 42G 100G 70G

Rack units 3 9 8 15

40G actual speed 40G 16G 10G 10G*

•

•

•

Competitive comparisonKey differentiators


Data center security working together

CloudCenter

TetrationISE

AMP

Tetration

sensor

EPG

App

AMP

FTDExternal Internal

FMC Manager

f ire

EPG

DB

Tetration

sensor


Advanced Threat Protection


Applications and servicesMitigating threats, risks and vulnerabilities

Users zone Server zone 1 Server zone 2 Outside world

business partners

Perimeter

firewall

Segment data center architecture


Cisco Advanced Threat solutions

Firepower threat defense – Industry Leading Efficacy

• Context rich

• Stop command and control, security intelligence blacklists

• Application control

• Protection against exploitation of app vulnerabilities

• Impact-assessment and IoC

• Auto-tuning of policy

• File based malware protection

• Sandboxing to find zero-day

• Retrospective remediation of malware

• NGFW NGIPS AMP


96.8%

100%

90.1%

0.6%

67%

6.5%

2.9%

91.8%

17.1%

6.5%

96.3%

27%

Cisco - the undisputed leader in stopping threats fast


Visibility & Analytics


• Comprehensive,

contextual network flow

visibility

• Real-time situational

awareness of traffic

Monitor

• Detect anomalous

network behavior

• Detect network

behaviors indicative of

threats: worms, insider

threats, DDoS and

malware

Detect

• Quickly scope an incident

• Network troubleshooting

• One click quarantine

Respond

See and detect more threat in your DCCisco Stealthwatch

Analyze

• Holistic network audit trail

• Threat hunting and

forensic investigations

Switch Router Router Firewall Data Center

Switch

ServerUser

WAN

ServerDevice

End-to-End

Network

Visibility


Threat

detection and hunting

Application traffic

modeling &

visibility

Access control

policy and audit

Anomalous

behavior

Integrated with other security solutions 1+1=3

Greater visibility and security togetherCisco Tetration and Stealthwatch

securing your organization - cisco - global home page · • ngfw • security group tag •...

Documents