Cisco Security Starts In the Network with Catalyst and Lancope Stealthwatch

Cisco Customer Education

This session was recorded via Cisco WebEx! You can watch the live session recording via the following URL:

https://acecloud.webex.com/acecloud/lsr.php?RCID=dfbfe3e82ef94e93a864977e27cc2982

Presentation Agenda

► Welcome from Cisco

► Why The Network Matters

► Stealthwatch Demonstration

► Introducing Cisco Catalyst

► Reduce Risk with Network as a Sensor

About Your HostBrian AveryTerritory Business Manager Cisco Systems, Inc.

bravery@cisco.com► Conclusion

CCE is an educational session for current and prospective Cisco customers

Designed to help you understand the capabilities and business benefits of Cisco technologies

Allow you to interact directly with Cisco subject matter experts and ask questions

Offer assistance if you need/want more information, demonstrations, etc.

What Is the Cisco Customer Education Series?

Who Is Cisco?

Cisco Confidential 5© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Computer scientists, Len Bosack and Sandy Lerner found Cisco Systems

Bosack and Lerner run network cables between two different buildings on the Stanford University campus

A technology has to be invented to deal with disparate local area protocols; the multi-protocol router is born

1984

WellFleet

SynOptics

3Com

ACC

DEC

Proteon

IBM

Bay Networks

Newbridge

Cabletron

Ascend

Fore

Xylan

3ComNortel

Ericsson

Alcatel

JuniperLucent

Siemens

NECFoundry

Redback

Riverstone

Extreme AristaHP

Avaya

Juniper

Huawei

Aruba

Brocade

Checkpoint

Fortinet

ShoreTel

Polycom

Microsoft

F5

Riverbed

Dell

Internet of Everything

1990 – 1995 1996 – 2000 2001 – 2007 2008 – Today

The Landscape is Constantly

Changing

Leading for Nearly 30 Years

2016

Cisco Confidential 7© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Who Is Cisco?

Chuck Robbins,CEO, Cisco

• Dow Jones Industrial AverageFortune 100 Company (AAPL, CSCO, INTC, MSFT)

• $117B Market Capitalization

• $49.6B in Revenue

• $10B in Annual Net Profits

• $34B More Cash than Debt

• $6.3B in Research and Development

http://finance.yahoo.com/q/ks?s=CSCO+Key+Statistics

No. 1Voice

41%

No. 1TelePresence

50%

No. 1Web

Conferencing43%

No. 1Wireless LAN

50%

No. 2x86 Blade Servers

29%

No. 1RoutingEdge/Core/

Access

47%

No. 1Security

31%

No. 1SwitchingModular/Fixed

65%

No. 1Storage Area

Networks47%

Market Leadership Matters

Cisco Confidential 9© 2013-2014 Cisco and/or its affiliates. All rights reserved.

The Big Lie

The Network Is a Commodity!

Cisco Confidential 10© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Typical Multi-Vendor Network

Switching Routing Security Wireless Voice

Cisco

HPDell3ComDlinkNetGearLinksys

Cisco

3ComJuniperHuwaiAdtran

Cisco

WatchguardSonicwallFortinetCheckpointNetGearDlinkPalo Alto

Cisco

3ComHPAerohiveAruba

Cisco

NortelAvayaMitelSiemensShoretelSamsungPanasonicToshibaIntertelComdialNECAlcatel

Cisco Confidential 11© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Results in The Frankenstein Effect!

Switching Routing Security Wireless Voice

Cisco

HPDell3ComDlinkNetGearLinksys

Cisco

3ComJuniperHuwaiAdtran

Cisco

WatchguardSonicwallFortinetCheckpointNetGearDlinkPalo Alto

Cisco

3ComHPAerohiveAruba

Cisco

NortelAvayaMitelSiemensShoretelSamsungPanasonicToshibaIntertelComdialNECAlcatel

Reliability challenges

Inconsistent warranties

Higher maintenance costs

No single point of support

Basic levels of integration

Cisco Confidential 12© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Only Cisco Can Offer a Complete Solution

Switching Routing Security Wireless Voice

Cisco

HPDell3ComDlinkNetGearLinksys

Cisco

3ComJuniperHuwaiAdtran

Cisco

WatchguardSonicwallFortinetCheckpointNetGearDlinkPalo Alto

Cisco

3ComHPAerohiveAruba

Cisco

NortelAvayaMitelSiemensShoretelSamsungPanasonicToshibaIntertelComdialNECAlcatel

Cisco Confidential 13© 2013-2014 Cisco and/or its affiliates. All rights reserved.

The Power of Design

Cisco Confidential 14© 2013-2014 Cisco and/or its affiliates. All rights reserved.

The Power of Design

The Power of Cisco = DesignCore and Datacenter

Wireless and

Mobility

Security

Unified Communications

Collaboration and Video

Cisco is the only vendor to offer a highly integrated, consistent, scalable solution

Unified Access: Cisco Catalyst Switching Portfolio

Cisco Confidential 17© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Borderless Networks Access Portfolio

Catalyst 2960-X

Competitive feature set at compelling prices

Enterprise Value

Switching

Catalyst 4500 and 6500

Catalyst 3750-X 3560-X

Industry-leading fixed switching

Full Borderless Network Services for Enabling New Applications and

Delivering Lower TCO

Industry-leading modular access

Catalyst Compact Switches

Converged Access

3650 3850

Great for secure, manageable ports

‘at the end of the wire’Wired and Wireless

Convergence

Compact Size Without

Compromise

Cisco Confidential 18© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Switching InnovationsTransforming the Enterprise

APPLICATION VISIBILITYBASE SERVICES

SECURITY RESILIENCY

Wired Wireless Integration

Unique Innovation for 802.11ac explosion

IoT Onboarding Carpeted Space

Workplace Transformation

Converged Access Enterprise

IoT

Next GenerationWorkspace

CiscoMultigigabit

Cisco Confidential 19© 2013-2014 Cisco and/or its affiliates. All rights reserved.

With Cisco, You CanHave a Network That Drives Your Business

Making IT More Responsive to the BusinessLess Time on IT Operations, More Time on IT Business Innovation

One Management

One Network

One Policy

Simple

Secure

Lower TCO

Cisco Security Overview

Global Cybercrime Market $450B‒$1T

It’s All About The MoneyIndustrial Hackers Are Making Big Money with Innovative Tactics

1990 1995 2000 2005 2010 2015 2020

Viruses1990–2000

Worms2000–2005

Spyware and Rootkits2005–Today

APTs CyberwareToday +

Phishing, Low Sophistication Hacking Becomes

an Industry Sophisticated Attacks, Complex Landscape

of large companies targeted by malicious traffic95% of organizations interacted

with websites hosting malware100% 1. Cybercrime is lucrative, barrier to entry is low2. Hackers are smarter and have the resources to compromise your organization3. Malware is extremely sophisticated and complex4. Cybercrime is now a formal, for-profit industry

Source: 2014 Cisco Annual Security Report

Defending Against These Advanced Threats Requires Greater Visibility and Control Across the Full Attack Continuum

BeforeDiscover EnforceHarden

DuringDetect Block

Defend

AfterScope

ContainRemediate

FireSIGHT and pxGrid

ASA VPN

OpenDNS Meraki

Advanced Malware Protection

Network as Enforcer

NGIPS

ESA/WSA

CWSSecure Access + Identity Services ThreatGRID

Attack Continuum

Chad Tallent-Security AMAlan Nix- CSEJune, 2016

Reduce Risk with Network As A Sensor

Digital Ready Network

Motivated Threat Actors Behind Breaches:

Insider Threats

With lateral movement of advanced persistent threats,even external attacks eventually become internal threats

95% of all cybercrimeis user-triggered bydisguisedmalicious links

One out of four breaches are caused by malicious insiders

Two out of three breaches exploit weak or stolen passwords

Digital Ready Network Threat Defense

1) Make better decisions about security posture with StealthwatchStealthwatch creates an audit trail for every host connected to the network, allowing the Enterprise to have complete uderstanding of it’s IT security posture.

2) Take Action with Identity Services EngineWith realtime, pervasive & accurate information the Enterprise begins creatng and applying perscriptive IT security policy across its network

3) Enforce policy with TrustSecUser level context & the software defined policy management allows the Enterprise to accurately and confidently invoke policy changes anywhere on the network; giving the Enterprise the agility it needs to meet modern IT security threats

Total Network Visibility

Informed Policy & Access Control

Enforcement viaDigital Network

Ubiquitous visibility via flow telemetry

27

… your infrastructure is the source:

InternetAmador

Delta

Solano

Border

DMZ

Virtual Hosts

PerimeterDatacenter

WAN Hub

WAN

Access

IDFDatacenter

WAN

DMZ

Access

FlowFlow

Flow

Flow

Flow

Flow

Flow

Flow

Flow

Flow

Flow

Flow

Flow

Flow

FlowFlow

27

What is the StealthWatch System?

6/23/2016

28

The StealthWatch System . . .

Collects and analyzes NetFlow, IPFIX and other types of flow data and brings it together with user information, application awareness, and other security context to provide pervasive visibility and security intelligence across the network.

Helps organizations:

• Accelerate incident identification and response.

• Improves forensic investigations.

• Reduces overall enterprise risk.

www.lancope.com/

Realities of Modern Threats

49% of breaches are caused by criminal activity

6.53M – Cost of Average Data Breach (up from 3.5M in 2006)

$217 cost of breach per record (up from $138 in 2006)

With lateral movement of advanced persistent threats, even external attacks

eventually become internal threatsExternal Internal

FW

IDS

IPS Highlights

Source: 2014 Verizon Data Breach Investigations Report and Forrester research.

enterprise network

Attacker

Perimeter(Inbound)

Perimeter(Outbound)

Infiltration and Backdoor establishment

1

C2 Server

Admin Node

Reconnaissance and Network Traversal

2

Exploitation and Privilege Elevation

3

Staging and Persistence (Repeat 2,3,4)

4

Data Exfiltration

5

Anatomy of a Data Breach

Sampled = Partial• Subset of traffic, usually less than

5%, • Gives a snapshot view into network

activity • Similar to reading every 20th word of

a book

Unsampled = All• All traffic is collected• Provides a comprehensive view

into all activity on the network• Equivalent to reading every word

on every page of a book

Cisco/Lancope Value Prop

Complete Visibility is the key and only Cisco/Lancope can provide

Customer Scenarios SummaryOTHER DEPLOYMENT USE CASES

.

Healthcare: Ensure Privacy of Patient Data by Enforcing Roles Based Access and Segmentation Across the Network

Retail: Intra Store Communication for Networked Devices While Ensuring That Only Authorized Users and Devices Have Access to PCI Data

Technology: Allowing Approved Employee-Owned Tablets Access to Internal Portals and Corporate App Store

Manufacturing: Marking Extranet Traffic to Allow PLC Vendor Remote Access to Specific Manufacturing Zone Only, and Offshore Development Partners Access to Development Servers Only

Chad Tallent-Security AMAlan Nix- CSEJune, 2016

Reduce Risk with Network As A Sensor

Demonstration

Conclusion

Defending Against These Advanced Threats Requires Greater Visibility and Control Across the Full Attack Continuum

Attack Continuum

BeforeDiscover EnforceHarden

DuringDetect Block

Defend

AfterScope

ContainRemediate

FireSIGHT and pxGrid

ASA VPN

OpenDNS Meraki

Advanced Malware Protection

Network as Enforcer

NGIPS

ESA/WSA

CWSSecure Access + Identity Services ThreatGRID

Thank You and Next Steps

Brian Averybravery@cisco.com

www.

Learn more about Cisco Stealthwatch:www.cisco.com/go/stealthwatch

Contact Your Cisco Partnerhttps://tools.cisco.com/WWChannels/LOCATR/performBasicSearch.do

• CCE sessions are held weekly on a variety of topics• CCE sessions can help you understand the

capabilities and business benefits of Cisco technologies

• Watch replays of past events and register for upcoming events!

Visit http://cs.co/cisco101 for details

Join us again for a future Cisco Customer Education Event