stop threats before they stop youd2zmdbbm9feqrf.cloudfront.net/2016/eur/pdf/psosec-4003.pdf · stop...
TRANSCRIPT
Stop Threats Before They Stop You
Gain visibility and control as you speed time to containment of infected endpoints
Andrew Peters, Sr. Manager, Security Technology Group
• Situation
• System
• Parts
• Action
Agenda
3
Situation
4
Fire is a Threat
5
Sprinklers Sense & Quickly Contain Fire
6
Malware is a Threat
Security teams investigate just
4% of warnings
Sophistication
Office
Current industry average
detection time: 200 days
Stealth
17,000 alerts received on
average per week
Speed
Breach
Average cost per data breach: $3.8 million
7
But Defenses are Separated
Too Many
Point Products
Too Much
EffortToo Much
Information
Too Little
Time
Organizations often have 40 to 60+ unrelated security solutions
8
Many Products, Many processes, Many vendors
Security Threat DefensesFirewall
Data Loss Prevention
Authentication
Encryption/Privacy/Data Protection
Email/Messaging Security
Web Security
Endpoint Protection/Anti-Malware
Access Control/Authorization
Identity Administration/User Provisioning
Intrusion Prevention/Detection
Mobility Security
Secured Wireless
Vulnerability Scanning
VPN
Security Information and Event Management
DDOS Protection
Penetration Testing
Patching and Configuration
Network Forensics
Endpoint Forensics
Processes to Analyze Compromised SystemsFirewall Log
System Log Analysis
Network Flow Analysis
Malware of File Regression Analysis
Registry Analysis
Full Packet Capture Analysis
Correlate Event/Log Analysis
Disk Forensics
IOC Detection
Memory Forensics
External Incident Response Analysis
9
Separation Obstructs Fast Containment
Visibility Control
10
System
11
Security Operations Should Be
AutomatedUncomplicated Scalable FastIntegrated
12
Rapid Threat Containment System Decreases Separation
Visibility Control
AutomatedUncomplicated Scalable FastIntegrated
ISE pxGrid
13
Rapid Threat Containment in Action
Network
Switch Router DC FW DC SwitchWirelessThreat
Visibility
Containment
Ordered
Containment
Requested
Containment
Completed
X~5 Seconds
pxGrid
ISE
Threat
Removed
Visibility ControlRapid Threat Containment
14
Extended Integration for Rapid Threat Containment
Network
Switch Router DC FW DC SwitchWirelessXpxGrid
ISE
SIEM
Firewall
Stealthwatch
FirePower
Custom Detection
15
Parts
16
The Network
Switch Router FW DC SwitchWireless
SensorEnforcer
Controller
Services
Applications
Cisco
Traditional
Hybrid
& Multivendor
Cisco
TrustSec
GuestBYODSecure Access (IoT) Access Policy ManagementTrustSec ManagerSecure Device Administration
Identity ContextProfilingComplianceData Sharing & ControlCertificate Authority
Cisco TraditionalCisco TrustSecMultivendorHybrid
ISE
Cisco Identity Services Engine (ISE)
SDN
Ecosystem
I have identity
& device!
I need geo-
location &
MDM…
I have
application info!
I need location &
device-type
I have location!
I need app &
identity…
ISE
I have sec events!
I need identity &
device…
I have MDM info!
I need location…
ISE pxGridOpen* Integration for Visibility and Control
ISEpxGrid
Any-Any Sharing• Publish• Subscribe
ISE Sharing• Identity Context
ISE Network Control• Adaptive Network
Control
* IETF Participation: Secure Automation & Continuous Monitoring (SACM) & Managed Incident Lightweight Exchange (MILE)
ISE pxGrid EcosystemPartnerships for Visibility and Control
Rapid Threat Containment Partners1. Cisco FireSIGHT Management Center2. Stealthwatch3. Splunk4. Bayshore5. E8*6. Elastica7. Hawk*8. Huntsman Security*9. Infoblox10. Invincea*11. LogRhythm12. NetIQ13. Rapid714. SAINT15. Tenable *Currently in certification process.
pxGrid Integration Categories1. Rapid Threat Containment
2. Vulnerability Management
3. Custom Detection
4. Full Packet Capture
5. Cloud Monitoring
6. Identity & Access Management (IAM)/Single Sign-
On (SSO)
7. Network Performance Management
(NPM)/Application Performance Management
8. Infrastructure and Mobility
9. SIEM/Threat Defense
pxGrid includes 40+ integration partners and growing in each category
ControlNetwork as an Enforcer
Enforcement Options• Expulsion
• Observation
• Restriction
• Quarantine
• Remediation
Network Devices
• Cisco Traditional
• Cisco TrustSec
• Multivendor
• Hybrid
TrustSec Software-Defined Segmentation
Network Embedded
Technology*
Security Group
Classifications
Central Policy
Management
Security Group Tags:
Keys to Access
*40+ Cisco Product Families
Rapid Threat Containment
Improves Threat Visibility
Speeds Containment
Reduces Complexity & Cost
23
Action
24
Stop Bad Things
See CiscoLive Demo Pods
• ISE
• Stealthwatch
• TrustSec
Review Content• Collateralcisco.com/go/rtc
• How-to Guide
• Experience
• dCloud Demo https://communities.cisco.com/docs/DOC-64850
Encourage Vendors to Join Ecosystem
• Visit DevNet
• BRKSEC-2026 Network as a Sensor and Enforcer
• Thurs. 9:00am
25
Rapid Threat Containment is ready. Are you?
Complete Your Online Session Evaluation
• Please complete your online sessionevaluations after each session.Complete 4 session evaluations& the Overall Conference Evaluation(available from Thursday)to receive your Cisco Live T-shirt.
• All surveys can be completed viathe Cisco Live Mobile App or theCommunication Stations
Thank you
28
