securing your organization - cisco - global home page · • ngfw • security group tag •...
TRANSCRIPT
Tengku Shahrizam, CCIE#16734
Cyber Security Specialist
Data is Currency – Securing your Data Center
Securing your Organization
Today,
© 2018 Cisco and/or its affiliates. All rights reserved.
DATAis where the money is
© 2018 Cisco and/or its affiliates. All rights reserved.
Source: Ben Walker, Marketing Executive at vouchercloud – April 5, 2015
90%of the world’s data
today has been created
in the last
2 years alone
Every day we create
2,500,000,000,000,000,000(2.5 Quintillion) bytes of data
© 2018 Cisco and/or its affiliates. All rights reserved.
Global
Cybercrime
Market:
$450B-$1T
Motivated Threat Actors Behind Breaches:
Social Security
$1
Medical
Record
>$50
DDOS
as a Service
~$7/hour
Source: RSA/CNBC
Credit
Card Data
$0.25-$60
Bank Account Info
>$1000 depending on account
type and balance
Exploits
$1000-$300K
Account
$1 for an account
with 15 friends
Spam
$50/500K emails
Malware
Development
$2500(commercial malware)
Mobile Malware
$150
DDoS
SSN
© 2018 Cisco and/or its affiliates. All rights reserved.
Firewall
Last 20 years of security:
Got a problem?
Buy a Box
© 2018 Cisco and/or its affiliates. All rights reserved.
Firewall
VPN
Email Security
Web Security
DLP
SIEM
Replacement Box
Failover The
Existingsecurity stack…Persistent Threats
IDS
Firewall 2.0
VPN 2.0
Email Security 2.0
Web Security 2.0
DLP 2.0
SIEM 2.0
Replacement Box 2.0
Failover 2.0
Persistent Threats 2.0
IDS 2.0
© 2018 Cisco and/or its affiliates. All rights reserved.
Complexity Continues to Accelerate
© 2018 Cisco and/or its affiliates. All rights reserved.
Percentage of security team’s time
47%Servers
29%Customer data
23%Endpoints
of the security team’s time is spent on security in the data center76%
© 2018 Cisco and/or its affiliates. All rights reserved.
How is data being stolen?
86%81%
© 2018 Cisco and/or its affiliates. All rights reserved.
Data Center Security… It takes an architecture!
Threat protection“Stop the breach”
Segmentation“Reduce the
attack surface”
Visibility“See everything”
Threat intelligence - Talos
Intent-based
Automation
Analytics
© 2018 Cisco and/or its affiliates. All rights reserved.
Building a true data center security architecture
© 2018 Cisco and/or its affiliates. All rights reserved.
Cisco datacenter security solutions – focus areas
Network and application analytics
• Stealthwatch
• Tetration
VisibilityThreat protection
• NGFW/NGIPS
• Advanced Malware Protection (AMP)
Threat preventionFirewall and access control
• NGFW, ACI, Tetration Policy Orchestration
• FMC, CloudCenter
• APIC, ISE
Segmentation
Integrated
© 2018 Cisco and/or its affiliates. All rights reserved.
ArchitectureIntegrated
PortfolioBest of breed
© 2018 Cisco and/or its affiliates. All rights reserved.
NGFW
NGIPS
Breach Detection
Systems
(Cisco AMP)
NGFW(test average)
NGIPS(test average)
Stopping the most threats in NSS Labs testing year after year
2010 2012 2013 2014 20162011
100
98
96
94
92
90
88
86
84
82
Cisco
Test Average
2017
What best of breed security looks like!
The power of Cisco Talos!
98.9% efficacy = 6.8M missed threats/year
© 2018 Cisco and/or its affiliates. All rights reserved.
Point product approach failsIt takes an integrated architecture
Analytics
(Stealthwatch, Tetration)
Advanced
MalwarePolicy and Access
(ISE, NGFW, Tetration, ACI)
NGFW/
NGIPS
Threat protection
Visibility
Segmentation
Management
(CloudCenter, APIC,
FMC, Tetration)
pxGrid
Security
Group Tag/EP
G
APIsIntel
sharingAutomation
© 2018 Cisco and/or its affiliates. All rights reserved.
Data centers are changingCisco Security grows with you
Application centric
infrastructure
ACI fabric
Virtualization
and cloud
1000v
Traditional
data center
1000v
© 2018 Cisco and/or its affiliates. All rights reserved.
Segmentation
© 2018 Cisco and/or its affiliates. All rights reserved.
I have no idea what my segmentation policy needs to be at any given time!!!!!!!
© 2018 Cisco and/or its affiliates. All rights reserved.
“Effective network segmentation… restricts communication between
networks and reduces the extent to which an adversary can move across
the network.”
© 2018 Cisco and/or its affiliates. All rights reserved.
Cisco Tetration Connection ManagerAutomated security policy recommendation
Step2: Auto-generation of whitelist policies
Whitelist policy recommendation
• Identifies application intent
• Generates 4 tuple policies
Export into Cisco solutions
• Export in JSON, XML and YAML
• Import into ACI, ASA, NGFW
Step1: Behavior analysis
Application conversations Conversation details/
process bindings
© 2018 Cisco and/or its affiliates. All rights reserved.
DB Endpoint Group
• NGFW
• Security Group Tag
• Segment north/south traffic
• Restrict access
• Software Sensor enforcement
• Host-level Segmentation
• NGFW ACI Tetration
• Endpoint Group, uEPG
• Security Group Tag
• Segment east/west traffic
• Restrict access
Web Endpoint
GroupDB Endpoint
Group
© 2018 Cisco and/or its affiliates. All rights reserved.
Industry leading NGFW performance
Cisco:
FP9300-
3xSM44
VENDOR A VENDOR
B
VENDOR C
FW data sheet 234G 120G 630G 400G
FW+AVC+ NGIPS
(NGFW) – NSS Labs133G 42G 100G 70G
Rack units 3 9 8 15
40G actual speed 40G 16G 10G 10G*
•
•
•
Competitive comparisonKey differentiators
© 2018 Cisco and/or its affiliates. All rights reserved.
Data center security working together
CloudCenter
TetrationISE
AMP
Tetration
sensor
EPG
App
AMP
FTDExternal Internal
FMC Manager
f ire
EPG
DB
Tetration
sensor
© 2018 Cisco and/or its affiliates. All rights reserved.
Advanced Threat Protection
© 2018 Cisco and/or its affiliates. All rights reserved.
Applications and servicesMitigating threats, risks and vulnerabilities
Users zone Server zone 1 Server zone 2 Outside world
business partners
Perimeter
firewall
Segment data center architecture
© 2018 Cisco and/or its affiliates. All rights reserved.
Cisco Advanced Threat solutions
Firepower threat defense – Industry Leading Efficacy
• Context rich
• Stop command and control, security intelligence blacklists
• Application control
• Protection against exploitation of app vulnerabilities
• Impact-assessment and IoC
• Auto-tuning of policy
• File based malware protection
• Sandboxing to find zero-day
• Retrospective remediation of malware
• NGFW NGIPS AMP
© 2018 Cisco and/or its affiliates. All rights reserved.
96.8%
100%
90.1%
0.6%
67%
6.5%
2.9%
91.8%
17.1%
6.5%
96.3%
27%
Cisco - the undisputed leader in stopping threats fast
© 2018 Cisco and/or its affiliates. All rights reserved.
Visibility & Analytics
© 2018 Cisco and/or its affiliates. All rights reserved.
• Comprehensive,
contextual network flow
visibility
• Real-time situational
awareness of traffic
Monitor
• Detect anomalous
network behavior
• Detect network
behaviors indicative of
threats: worms, insider
threats, DDoS and
malware
Detect
• Quickly scope an incident
• Network troubleshooting
• One click quarantine
Respond
See and detect more threat in your DCCisco Stealthwatch
Analyze
• Holistic network audit trail
• Threat hunting and
forensic investigations
Switch Router Router Firewall Data Center
Switch
ServerUser
WAN
ServerDevice
End-to-End
Network
Visibility
© 2018 Cisco and/or its affiliates. All rights reserved.
Threat
detection and hunting
Application traffic
modeling &
visibility
Access control
policy and audit
Anomalous
behavior
Integrated with other security solutions 1+1=3
Greater visibility and security togetherCisco Tetration and Stealthwatch
© 2018 Cisco and/or its affiliates. All rights reserved.