this session was recorded via cisco webex! you can watch ...cisco security starts in the network...
TRANSCRIPT
Cisco Security Starts In the Network with Catalyst and Lancope Stealthwatch
Cisco Customer Education
This session was recorded via Cisco WebEx! You can watch the live session recording via the following URL:
https://acecloud.webex.com/acecloud/lsr.php?RCID=dfbfe3e82ef94e93a864977e27cc2982
Presentation Agenda
► Welcome from Cisco
► Why The Network Matters
► Stealthwatch Demonstration
► Introducing Cisco Catalyst
► Reduce Risk with Network as a Sensor
About Your HostBrian AveryTerritory Business Manager Cisco Systems, Inc.
[email protected]► Conclusion
CCE is an educational session for current and prospective Cisco customers
Designed to help you understand the capabilities and business benefits of Cisco technologies
Allow you to interact directly with Cisco subject matter experts and ask questions
Offer assistance if you need/want more information, demonstrations, etc.
What Is the Cisco Customer Education Series?
Who Is Cisco?
Cisco Confidential 5© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Computer scientists, Len Bosack and Sandy Lerner found Cisco Systems
Bosack and Lerner run network cables between two different buildings on the Stanford University campus
A technology has to be invented to deal with disparate local area protocols; the multi-protocol router is born
1984
WellFleet
SynOptics
3Com
ACC
DEC
Proteon
IBM
Bay Networks
Newbridge
Cabletron
Ascend
Fore
Xylan
3ComNortel
Ericsson
Alcatel
JuniperLucent
Siemens
NECFoundry
Redback
Riverstone
Extreme AristaHP
Avaya
Juniper
Huawei
Aruba
Brocade
Checkpoint
Fortinet
ShoreTel
Polycom
Microsoft
F5
Riverbed
Dell
Internet of Everything
1990 – 1995 1996 – 2000 2001 – 2007 2008 – Today
The Landscape is Constantly
Changing
Leading for Nearly 30 Years
2016
Cisco Confidential 7© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Who Is Cisco?
Chuck Robbins,CEO, Cisco
• Dow Jones Industrial AverageFortune 100 Company (AAPL, CSCO, INTC, MSFT)
• $117B Market Capitalization
• $49.6B in Revenue
• $10B in Annual Net Profits
• $34B More Cash than Debt
• $6.3B in Research and Development
http://finance.yahoo.com/q/ks?s=CSCO+Key+Statistics
No. 1Voice
41%
No. 1TelePresence
50%
No. 1Web
Conferencing43%
No. 1Wireless LAN
50%
No. 2x86 Blade Servers
29%
No. 1RoutingEdge/Core/
Access
47%
No. 1Security
31%
No. 1SwitchingModular/Fixed
65%
No. 1Storage Area
Networks47%
Market Leadership Matters
Cisco Confidential 9© 2013-2014 Cisco and/or its affiliates. All rights reserved.
The Big Lie
The Network Is a Commodity!
Cisco Confidential 10© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Typical Multi-Vendor Network
Switching Routing Security Wireless Voice
Cisco
HPDell3ComDlinkNetGearLinksys
Cisco
3ComJuniperHuwaiAdtran
Cisco
WatchguardSonicwallFortinetCheckpointNetGearDlinkPalo Alto
Cisco
3ComHPAerohiveAruba
Cisco
NortelAvayaMitelSiemensShoretelSamsungPanasonicToshibaIntertelComdialNECAlcatel
Cisco Confidential 11© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Results in The Frankenstein Effect!
Switching Routing Security Wireless Voice
Cisco
HPDell3ComDlinkNetGearLinksys
Cisco
3ComJuniperHuwaiAdtran
Cisco
WatchguardSonicwallFortinetCheckpointNetGearDlinkPalo Alto
Cisco
3ComHPAerohiveAruba
Cisco
NortelAvayaMitelSiemensShoretelSamsungPanasonicToshibaIntertelComdialNECAlcatel
Reliability challenges
Inconsistent warranties
Higher maintenance costs
No single point of support
Basic levels of integration
Cisco Confidential 12© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Only Cisco Can Offer a Complete Solution
Switching Routing Security Wireless Voice
Cisco
HPDell3ComDlinkNetGearLinksys
Cisco
3ComJuniperHuwaiAdtran
Cisco
WatchguardSonicwallFortinetCheckpointNetGearDlinkPalo Alto
Cisco
3ComHPAerohiveAruba
Cisco
NortelAvayaMitelSiemensShoretelSamsungPanasonicToshibaIntertelComdialNECAlcatel
Cisco Confidential 13© 2013-2014 Cisco and/or its affiliates. All rights reserved.
The Power of Design
Cisco Confidential 14© 2013-2014 Cisco and/or its affiliates. All rights reserved.
The Power of Design
The Power of Cisco = DesignCore and Datacenter
Wireless and
Mobility
Security
Unified Communications
Collaboration and Video
Cisco is the only vendor to offer a highly integrated, consistent, scalable solution
Unified Access: Cisco Catalyst Switching Portfolio
Cisco Confidential 17© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Borderless Networks Access Portfolio
Catalyst 2960-X
Competitive feature set at compelling prices
Enterprise Value
Switching
Catalyst 4500 and 6500
Catalyst 3750-X 3560-X
Industry-leading fixed switching
Full Borderless Network Services for Enabling New Applications and
Delivering Lower TCO
Industry-leading modular access
Catalyst Compact Switches
Converged Access
3650 3850
Great for secure, manageable ports
‘at the end of the wire’Wired and Wireless
Convergence
Compact Size Without
Compromise
Cisco Confidential 18© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Switching InnovationsTransforming the Enterprise
APPLICATION VISIBILITYBASE SERVICES
SECURITY RESILIENCY
Wired Wireless Integration
Unique Innovation for 802.11ac explosion
IoT Onboarding Carpeted Space
Workplace Transformation
Converged Access Enterprise
IoT
Next GenerationWorkspace
CiscoMultigigabit
Cisco Confidential 19© 2013-2014 Cisco and/or its affiliates. All rights reserved.
With Cisco, You CanHave a Network That Drives Your Business
Making IT More Responsive to the BusinessLess Time on IT Operations, More Time on IT Business Innovation
One Management
One Network
One Policy
Simple
Secure
Lower TCO
Cisco Security Overview
Global Cybercrime Market $450B‒$1T
It’s All About The MoneyIndustrial Hackers Are Making Big Money with Innovative Tactics
1990 1995 2000 2005 2010 2015 2020
Viruses1990–2000
Worms2000–2005
Spyware and Rootkits2005–Today
APTs CyberwareToday +
Phishing, Low Sophistication Hacking Becomes
an Industry Sophisticated Attacks, Complex Landscape
of large companies targeted by malicious traffic95% of organizations interacted
with websites hosting malware100% 1. Cybercrime is lucrative, barrier to entry is low2. Hackers are smarter and have the resources to compromise your organization3. Malware is extremely sophisticated and complex4. Cybercrime is now a formal, for-profit industry
Source: 2014 Cisco Annual Security Report
Defending Against These Advanced Threats Requires Greater Visibility and Control Across the Full Attack Continuum
BeforeDiscover EnforceHarden
DuringDetect Block
Defend
AfterScope
ContainRemediate
FireSIGHT and pxGrid
ASA VPN
OpenDNS Meraki
Advanced Malware Protection
Network as Enforcer
NGIPS
ESA/WSA
CWSSecure Access + Identity Services ThreatGRID
Attack Continuum
Chad Tallent-Security AMAlan Nix- CSEJune, 2016
Reduce Risk with Network As A Sensor
Digital Ready Network
Motivated Threat Actors Behind Breaches:
Insider Threats
With lateral movement of advanced persistent threats,even external attacks eventually become internal threats
95% of all cybercrimeis user-triggered bydisguisedmalicious links
One out of four breaches are caused by malicious insiders
Two out of three breaches exploit weak or stolen passwords
Digital Ready Network Threat Defense
1) Make better decisions about security posture with StealthwatchStealthwatch creates an audit trail for every host connected to the network, allowing the Enterprise to have complete uderstanding of it’s IT security posture.
2) Take Action with Identity Services EngineWith realtime, pervasive & accurate information the Enterprise begins creatng and applying perscriptive IT security policy across its network
3) Enforce policy with TrustSecUser level context & the software defined policy management allows the Enterprise to accurately and confidently invoke policy changes anywhere on the network; giving the Enterprise the agility it needs to meet modern IT security threats
Total Network Visibility
Informed Policy & Access Control
Enforcement viaDigital Network
Ubiquitous visibility via flow telemetry
27
… your infrastructure is the source:
InternetAmador
Delta
Solano
Border
DMZ
Virtual Hosts
PerimeterDatacenter
WAN Hub
WAN
Access
IDFDatacenter
WAN
DMZ
Access
FlowFlow
Flow
Flow
Flow
Flow
Flow
Flow
Flow
Flow
Flow
Flow
Flow
Flow
FlowFlow
27
What is the StealthWatch System?
6/23/2016
28
The StealthWatch System . . .
Collects and analyzes NetFlow, IPFIX and other types of flow data and brings it together with user information, application awareness, and other security context to provide pervasive visibility and security intelligence across the network.
Helps organizations:
• Accelerate incident identification and response.
• Improves forensic investigations.
• Reduces overall enterprise risk.
www.lancope.com/
Realities of Modern Threats
49% of breaches are caused by criminal activity
6.53M – Cost of Average Data Breach (up from 3.5M in 2006)
$217 cost of breach per record (up from $138 in 2006)
With lateral movement of advanced persistent threats, even external attacks
eventually become internal threatsExternal Internal
FW
IDS
IPS Highlights
Source: 2014 Verizon Data Breach Investigations Report and Forrester research.
enterprise network
Attacker
Perimeter(Inbound)
Perimeter(Outbound)
Infiltration and Backdoor establishment
1
C2 Server
Admin Node
Reconnaissance and Network Traversal
2
Exploitation and Privilege Elevation
3
Staging and Persistence (Repeat 2,3,4)
4
Data Exfiltration
5
Anatomy of a Data Breach
Sampled = Partial• Subset of traffic, usually less than
5%, • Gives a snapshot view into network
activity • Similar to reading every 20th word of
a book
Unsampled = All• All traffic is collected• Provides a comprehensive view
into all activity on the network• Equivalent to reading every word
on every page of a book
Cisco/Lancope Value Prop
Complete Visibility is the key and only Cisco/Lancope can provide
Customer Scenarios SummaryOTHER DEPLOYMENT USE CASES
.
Healthcare: Ensure Privacy of Patient Data by Enforcing Roles Based Access and Segmentation Across the Network
Retail: Intra Store Communication for Networked Devices While Ensuring That Only Authorized Users and Devices Have Access to PCI Data
Technology: Allowing Approved Employee-Owned Tablets Access to Internal Portals and Corporate App Store
Manufacturing: Marking Extranet Traffic to Allow PLC Vendor Remote Access to Specific Manufacturing Zone Only, and Offshore Development Partners Access to Development Servers Only
Chad Tallent-Security AMAlan Nix- CSEJune, 2016
Reduce Risk with Network As A Sensor
Demonstration
Conclusion
Defending Against These Advanced Threats Requires Greater Visibility and Control Across the Full Attack Continuum
Attack Continuum
BeforeDiscover EnforceHarden
DuringDetect Block
Defend
AfterScope
ContainRemediate
FireSIGHT and pxGrid
ASA VPN
OpenDNS Meraki
Advanced Malware Protection
Network as Enforcer
NGIPS
ESA/WSA
CWSSecure Access + Identity Services ThreatGRID
Thank You and Next Steps
Brian [email protected]
www.
Learn more about Cisco Stealthwatch:www.cisco.com/go/stealthwatch
Contact Your Cisco Partnerhttps://tools.cisco.com/WWChannels/LOCATR/performBasicSearch.do
• CCE sessions are held weekly on a variety of topics• CCE sessions can help you understand the
capabilities and business benefits of Cisco technologies
• Watch replays of past events and register for upcoming events!
Visit http://cs.co/cisco101 for details
Join us again for a future Cisco Customer Education Event