the cyber threat landscape - · pdf fileniall moynihan security product sales specialist the...
TRANSCRIPT
Niall Moynihan
Security Product Sales Specialist
The Cyber Threat Landscape Why you need to think differently…
Cisco Confidential 2 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
All are smart, all had security,
All were seriously compromised.
Today’s Reality…
Cisco Confidential 4 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Reducing complexity and fragmentation
of security solutions
Maintaining security posture with changing business models and
attack vectors
Continuously protecting across a dynamic threat
landscape
Our Customers’ Biggest Security Challenges
Cisco Confidential 5 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Enable the Business
Support New Technology adoption
Secure the Enterprise
Security -- Balancing Priorities (CEO, CIO and CISCO priorities)
Global Expansion
Increase employee
engagement/productivity
M&A
New Business
models/Partnerships
Regulatory Compliance
Business Continuity
Cloud Computing
BYOD
Collaboration
Programmable Networks/SDN
Hyper connectivity IoT / IoE
Disaster Recovery
Policy Enforcement
Advanced Threat Mitigation
Risk Management
Data Protection
Incident Response
Forensics / Security Analysis
Cisco Confidential 6 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Modern networks are like candy; a hard crunchy shell around a soft chewy centre.
Bill Cheswick, 1986
Cisco Confidential 8 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Motivated and Targeted Attackers
Organised crime
Hacktivists
Nation States
“25% of attacks targeted at a specific
individual or company” Verizon Data Breach report 2013
Cisco Confidential 9 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
eBay hacked, requests all users change passwords May 21, 2014
eBay confirms users' passwords were compromised but says there's no evidence any financial information was accessed.
Cisco Confidential 10 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Bypassing defences by… Identifying Individuals to target
- www.companywebsite.com/about/
- Switchboard/Receptionist
- Social Media
Using Social Engineering
Phishing………..
Phishing gets the hacker behind the firewall In the majority of these incidents, the attacks targeted corporate
workstations NOT devices Gives him access of a user Popular with low level scammers This is where the hack starts
Email Spear Phishing is Prime Attack Vector
Cisco Confidential 11 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 12 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Mandiant APT1 Report, Feb 2013
Well Planned, Stealthy Attacks
66% of the breaches in our
2013 report took months or
even years to discover
Verizon Data Breach Investigations Report, 2013
Cisco Annual Security Report, 2014
100% of corporate networks surveyed,
showed signs of malicious traffic
Cisco Confidential 13 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
IoT and Mobile – Massively increasing Attack Surface
Cisco Confidential 14 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
The New Security Model
Cisco Confidential 15 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
The New Security Model
BEFORE Discover
Enforce
Harden
AFTER Scope
Contain
Remediate
A t t a c k C o n t i n u u m
Network Endpoint Mobile Virtual Cloud
Detect
Block
Defend
DURING
Point in Time Continuous
Cisco Confidential 16 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Comprehensive Security Portfolio
IPS & NGIPS
• Cisco IPS 4300 Series
• Cisco ASA 5500-X Series
integrated IPS
• FirePOWER NGIPS
• FirePOWER NGIPS w/
Application Control
• FirePOWER Virtual
NGIPS
Web Security
• Cisco Web Security
Appliance (WSA)
• Cisco Virtual Web Security
Appliance (vWSA)
• Cisco Cloud Web Security
Firewall & NGFW
• Cisco ASA 5500-X Series
• Cisco ASA 5500-X w/
NGFW license
• Cisco ASA 5585-X w/
NGFW blade
• FirePOWER NGFW
Advanced Malware Protection
• FireAMP
• FireAMP Mobile
• FireAMP Virtual
• AMP for FirePOWER
license
• Dedicated AMP
FirePOWER appliance
• Cyber Threat Defense
NAC +
Identity Services
• Cisco Identity Services
Engine (ISE)
• Cisco Access Control
Server (ACS)
Email Security
• Cisco Email Security
Appliance (ESA)
• Cisco Virtual Email Security
Appliance (vESA)
• Cisco Cloud Email Security
• Cisco
• Sourcefire
UTM
• Meraki MX
VPN
• Cisco AnyConnect VPN
Cisco Confidential 17 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Sensor Network
Discover Everywhere
Controller Ready
Dynamic Remediation
Network Segmentation
Defend at Scale
New Generation of Devices Make Security Part of the Network Fabric
Security Group Tag
Embedded in ASICs
Netflow
Wirerate Performance
Cisco ONE Support
API
Cisco Catalyst 4500E
Supervisor 8E
Cisco Catalyst
3850
ISR 4451-AX
Catalyst 6807-XL,
6880-X, 6800ia
ASR1001-AX
• Policy Enforcement
Cisco Confidential 18 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Mobility Is Changing The Future Of Work
ACCESS POLICY IS MORE CRITICAL THAN EVER
How we work Where we work When we work What tools we use Who we work with
Cisco Confidential 19 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Identity Services Engine (ISE)
ISE
Security Policy Attributes Identity Context
Wired
Business-Relevant
Policies
Wireless VPN
Replaces AAA & RADIUS, NAC, guest management & device identity servers
WHA
T
WHERE
HOW
WHO
WHE
N
VM client, IP device, guest, employee,
remote user
Cisco Confidential 20 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Key ISE Use Cases
GUEST ACCESS
It’s easy to provide
guests limited time and resource access
SECURE ACCESS ON
WIRED, WIRELESS & VPN
Control with one policy across wired,
wireless & remote infrastructure
BYOD
Users get safely on the internet fast
and easy
TRUSTSEC NETWORK
POLICY
Rules written in business terms
controls access
Cisco Confidential 21 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
BYOD & ISE
Reduce Burden on IT & Help Desk Staff
Reliable automation reduces user problems to near zero so…
Get Users On-Net in Minutes, Not Hours
Simple self-service portal for any user to get quickly on-net without help or hassle
Automated self-service portal
Immediate Secure Access Rigorous Identity and Access Policy Enforcement
Cisco Confidential 22 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 23 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cyber Threat Defense Solution
Network Components Provide Rich Context
Unites NetFlow data with identity and application ID to provide security context
Device? User? Events?
65.32.7.45
Posture? Vulnerability AV Patch
NetFlow Enables Security Telemetry
NetFlow-enabled Cisco switches and routers become security telemetry sources
Cisco is the undisputed market leader in Hardware-enabled NetFlow devices
Cisco ISE
Cisco Network
Lancope Partnership Provides Behavior-Based Threat Detection
Single pane of glass that unifies threat detection, visibility, forensics analysis, and reporting
Cisco ASR 1000 or
ISR G2 + NBAR
Application?
+ +
+ NetFlow
FlowSensor
FlowCollector StealthWatch Management
Console
Cisco ASA
Cisco NGA
Cisco Confidential 24 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cyber Threat Defense Solution Components
Cisco Network
2
4
StealthWatch FlowCollector
StealthWatch Management
Console
NetFlow
StealthWatch FlowSensor
StealthWatch FlowSensor
VE Users/Devices
Cisco ISE
NetFlow
StealthWatch FlowReplicat
or
Other tools/collectors
https
https
NBAR NSEL
Cisco Confidential 25 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco CTD Solution: Attack Detection without Signatures
High Concern Index indicates a
significant number of suspicious events
that deviate from established baselines
Host Groups Host CI CI% Alarms Alerts
Desktops 10.10.101.118 338,137,280 112,712% High Concern index Ping, Ping_Scan, TCP_Scan
Monitor and baseline activity for a host and within host groups.
Cisco Confidential 26 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
NetFlow Security Use Cases
• Identifying BotNet Command & Control Activity. BotNets are implanted in the enterprise to execute commands from their Bot herders to send SPAM, Denial of Service attacks, or other malicious acts.
• Revealing Data Loss. Code can be hidden in the enterprise to export of sensitive information back to the attacker. This Data Leakage may occur rapidly or over time.
• Detecting Sophisticated and Persistent Threats. Malware that makes it past perimeter security can remain in the enterprise waiting to strike as lurking threats. These may be zero day threats that do not yet have an antivirus signature or be hard to detect for other reasons.
• Finding Internally Spread Malware. Network interior malware proliferation can occur across hosts for the purpose gathering security reconnaissance data, data exfiltration or network backdoors.
• Uncovering Network Reconnaissance. Some attacks will probe the network looking for attack vectors to be utilized by custom-crafted cyber threats.
Cisco Confidential 27 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Defending the entire Attack Continuum
BEFORE Control
Enforce
Harden
DURING AFTER Detect
Block
Defend
Scope
Contain
Remediate
Attack Continuum
Visibility and Context
Firewall
NGFW
NAC + Identity Services
VPN
UTM
NGIPS
Web Security
Email Security
Advanced Malware Protection
Network Behavior Analysis
Cisco Confidential 28 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
The Power of Continuous Security
Point-in-time security sees a
lighter, bullet, cufflink, pen &
cigarette case…
Wouldn’t it be nice to know if
you’re dealing with something
more serious?
Cisco Confidential 29 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco in the news: Latest acquisition…..ThreatGrid
• ThreatGRID, is a company that provides dynamic malware analysis and threat intelligence technology to analyze file behavior, enabling organizations to accurately identify attacks and better defend against advanced cyber attacks. With both private and public cloud-based technology, ThreatGRID combines dynamic malware analysis with analytics and actionable indicators to enable security teams to proactively defend against and quickly respond to cyber attacks and malware outbreaks.
• The combination of Sourcefire and ThreatGRID will allow our customers to aggregate and correlate data to identify cyber threats
Cisco Confidential 30 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Summary
• Cisco provides a broad portfolio of integrated solutions that deliver
unmatched visibility and continuous advanced threat protection across the
entire attack continuum.
• Allowing customers to act smarter and more quickly – before, during, and
after an attack.
• Customers have flexibility and choice - Ciscos’s broad portfolios give
customer the flexibility and choice to purchase and deploy security in a
way that best fits and adapts to their changing business environment.
Cisco Confidential 31 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Protection of Personal Information Act 2013 Current Status
• The Act was signed into law of the 26 November 2013
• Certain sections of the POPI Act became operative with effect the 11th April 2014
• The sections of the Act which became operational from 11 April 2014 relate to the establishment of the Information Regulator, and the drafting of regulations.
• Only once the Regulator is set up will the remaining provisions become operation (by further presidential proclamation(s) in the Gazette) – August 2014
• Organisations will have 12 Months (August 2015) to comply and a extension can be extended to a maximum of three years.
• Non-compliance with the Act could expose the Responsible Party to a penalty of a fine and / or imprisonment of up to 12 months. In certain cases the penalty for non-compliance could be a fine and / or imprisonment of up 10 years. Section 99
Cisco Confidential 32 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Why should I comply with POPI?
POPI compliance involves capturing the minimum required data, ensuring accuracy, and removing data that is no longer required. These measures are likely to improve the overall reliability of the organisation databases. Compliance demands identifying Personal Information and taking reasonable measures to protect the data. This will likely reduce the risk of data breaches and the associated public relations and legal ramifications for the organisation.